diff -u -r -N squid-3.5.0.2/bootstrap.sh squid-3.5.0.3/bootstrap.sh --- squid-3.5.0.2/bootstrap.sh 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/bootstrap.sh 2014-12-09 06:10:01.000000000 -0800 @@ -164,7 +164,9 @@ done # Make a copy of SPONSORS we can package -sed -e 's/@Squid-[0-9\.]*://' SPONSORS || (rm -f SPONSORS && exit 1) +if test -f SPONSORS.list; then + sed -e 's/@Squid-[0-9\.]*://' SPONSORS || (rm -f SPONSORS && exit 1) +fi # Fixup autoconf recursion using --silent/--quiet option # autoconf should inherit this option whe recursing into subdirectories diff -u -r -N squid-3.5.0.2/ChangeLog squid-3.5.0.3/ChangeLog --- squid-3.5.0.2/ChangeLog 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/ChangeLog 2014-12-09 06:10:01.000000000 -0800 @@ -1,3 +1,13 @@ +Changes to squid-3.5.0.3 (09 Dec 2014): + + - Bug 4146: workaround SSL Bump crash on Linux + - Bug 4135: Support \-escaped characters in regex patterns + - Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize + - Fix delay_parameters parsing + - HTTP/2: handle 'PRI' method found in HTTP/1.x traffic + - ... and all changes from squid 3.4.10 + - ... and a lot of documentation updates + Changes to squid-3.5.0.2 (31 Oct 2014): - Fix FTP socket opening during reconfigure @@ -71,6 +81,17 @@ - ... and many error page translation updates - ... and much code cleanup and polishing +Changes to squid-3.4.10 (09 Dec 2014): + + - Bug 4148: external_acl_type header format does not accept the new libformat syntax + - Bug 4145: squid_endian.h compile errors with OpenBSD 5.6 + - Bug 4033: Rebuild corrupted ssl_db/size file + - Bug 3902: Docs: external_acl_type cache hash key + - Fix segmentation fault in ACL urlpath_regex + - Fix bootstrap.sh dependency on SPONSORS.list + - Alternate-Protocol is a hop-by-hop header + - HTTP/2: Support 421 (Misdirected Request) status code + Changes to squid-3.4.9 (31 Oct 2014): - Regression fix: ext_kerberos_ldap_group_acl typo in 3.4.7 update diff -u -r -N squid-3.5.0.2/compat/compat.h squid-3.5.0.3/compat/compat.h --- squid-3.5.0.2/compat/compat.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/compat/compat.h 2014-12-09 06:10:01.000000000 -0800 @@ -105,9 +105,6 @@ /* Valgrind API macros changed between two versions squid supports */ #include "compat/valgrind.h" -/* Endian functions are usualy handled by the OS but not always. */ -#include "squid_endian.h" - /** * A Regular Expression library is bundled with Squid. * Default is to use a system provided one, but the bundle diff -u -r -N squid-3.5.0.2/compat/Makefile.in squid-3.5.0.3/compat/Makefile.in --- squid-3.5.0.2/compat/Makefile.in 2014-10-31 03:57:50.000000000 -0700 +++ squid-3.5.0.3/compat/Makefile.in 2014-12-09 06:10:45.000000000 -0800 @@ -83,9 +83,9 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(top_srcdir)/src/Common.am $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am drand48.c getnameinfo.c strerror.c \ - strtoll.c inet_ntop.c tempnam.c initgroups.c psignal.c \ - inet_pton.c getaddrinfo.c $(top_srcdir)/cfgaux/depcomp \ + $(srcdir)/Makefile.am psignal.c inet_pton.c initgroups.c \ + inet_ntop.c drand48.c getnameinfo.c strerror.c getaddrinfo.c \ + strtoll.c tempnam.c $(top_srcdir)/cfgaux/depcomp \ $(top_srcdir)/cfgaux/test-driver check_PROGRAMS = testPreCompiler$(EXEEXT) TESTS = testPreCompiler$(EXEEXT) testHeaders diff -u -r -N squid-3.5.0.2/compat/os/mswindows.h squid-3.5.0.3/compat/os/mswindows.h --- squid-3.5.0.2/compat/os/mswindows.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/compat/os/mswindows.h 2014-12-09 06:10:01.000000000 -0800 @@ -414,7 +414,9 @@ #define _pioinfo(i) ( __pioinfo[(i) >> IOINFO_L2E] + ((i) & (IOINFO_ARRAY_ELTS - 1)) ) #define _osfile(i) ( _pioinfo(i)->osfile ) #define _osfhnd(i) ( _pioinfo(i)->osfhnd ) +#if !defined(FOPEN) #define FOPEN 0x01 /* file handle open */ +#endif #if defined(_MSC_VER) SQUIDCEXTERN _CRTIMP ioinfo * __pioinfo[]; diff -u -r -N squid-3.5.0.2/configure squid-3.5.0.3/configure --- squid-3.5.0.2/configure 2014-10-31 03:58:44.000000000 -0700 +++ squid-3.5.0.3/configure 2014-12-09 06:11:37.000000000 -0800 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.0.2. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.0.3. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.0.2' -PACKAGE_STRING='Squid Web Proxy 3.5.0.2' +PACKAGE_VERSION='3.5.0.3' +PACKAGE_STRING='Squid Web Proxy 3.5.0.3' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1617,7 +1617,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.0.2 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.0.3 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1687,7 +1687,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.0.2:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.0.3:";; esac cat <<\_ACEOF @@ -2094,7 +2094,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.0.2 +Squid Web Proxy configure 3.5.0.3 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3198,7 +3198,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.0.2, which was +It was created by Squid Web Proxy $as_me 3.5.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4065,7 +4065,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.0.2' + VERSION='3.5.0.3' cat >>confdefs.h <<_ACEOF @@ -31565,7 +31565,9 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -BUILD_HELPER="MSNT-multi-domain" +if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then + BUILD_HELPER="MSNT-multi-domain" +fi elif test "x$helper" = "xMSNT" ; then @@ -31797,7 +31799,9 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -BUILD_HELPER="POP3" +if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then + BUILD_HELPER="POP3" +fi elif test "x$helper" = "xRADIUS" ; then @@ -32614,6 +32618,41 @@ +## NTLM requires some special Little-Endian conversion hacks +if test "x$enable_auth_ntlm" != "xno"; then + for ac_header in machine/byte_swap.h sys/bswap.h endian.h sys/endian.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + for ac_func in bswap_16 bswap16 \ + bswap_32 bswap32 \ + htole16 __htole16 \ + htole32 __htole32 \ + le16toh __le16toh \ + le32toh __le32toh \ + +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +fi + AUTH_LIBS_TO_BUILD= for module in $AUTH_MODULES; do @@ -34049,7 +34088,6 @@ limits.h \ linux/posix_types.h \ linux/types.h \ - machine/byte_swap.h \ malloc.h \ math.h \ memory.h \ @@ -34074,8 +34112,6 @@ string.h \ strings.h \ sys/bitypes.h \ - sys/bswap.h \ - sys/endian.h \ sys/file.h \ sys/ioctl.h \ sys/ipc.cc \ @@ -37505,10 +37541,6 @@ for ac_func in \ backtrace_symbols_fd \ bcopy \ - bswap_16 \ - bswap_32 \ - bswap16 \ - bswap32 \ eui64_aton \ fchmod \ getdtablesize \ @@ -37519,8 +37551,6 @@ getspnam \ gettimeofday \ glob \ - htobe16 \ - htole16 \ lrand48 \ mallocblksize \ mallopt \ @@ -40264,7 +40294,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.0.2, which was +This file was extended by Squid Web Proxy $as_me 3.5.0.3, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -40330,7 +40360,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.0.2 +Squid Web Proxy config.status 3.5.0.3 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.0.2/configure.ac squid-3.5.0.3/configure.ac --- squid-3.5.0.2/configure.ac 2014-10-31 03:58:44.000000000 -0700 +++ squid-3.5.0.3/configure.ac 2014-12-09 06:11:36.000000000 -0800 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.0.2],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.0.3],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) @@ -2764,7 +2764,6 @@ limits.h \ linux/posix_types.h \ linux/types.h \ - machine/byte_swap.h \ malloc.h \ math.h \ memory.h \ @@ -2789,8 +2788,6 @@ string.h \ strings.h \ sys/bitypes.h \ - sys/bswap.h \ - sys/endian.h \ sys/file.h \ sys/ioctl.h \ sys/ipc.cc \ @@ -3303,10 +3300,6 @@ AC_CHECK_FUNCS(\ backtrace_symbols_fd \ bcopy \ - bswap_16 \ - bswap_32 \ - bswap16 \ - bswap32 \ eui64_aton \ fchmod \ getdtablesize \ @@ -3317,8 +3310,6 @@ getspnam \ gettimeofday \ glob \ - htobe16 \ - htole16 \ lrand48 \ mallocblksize \ mallopt \ diff -u -r -N squid-3.5.0.2/contrib/rredir.c squid-3.5.0.3/contrib/rredir.c --- squid-3.5.0.2/contrib/rredir.c 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/contrib/rredir.c 2014-12-09 06:10:01.000000000 -0800 @@ -1,3 +1,12 @@ +/* + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + * + */ + #include "squid.h" /* diff -u -r -N squid-3.5.0.2/contrib/rredir.pl squid-3.5.0.3/contrib/rredir.pl --- squid-3.5.0.2/contrib/rredir.pl 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/contrib/rredir.pl 2014-12-09 06:10:01.000000000 -0800 @@ -1,5 +1,13 @@ #!/usr/bin/perl -T -w # +## Copyright (C) 1996-2014 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +# # rredir.pl # # Author: Peter Eisenhauer diff -u -r -N squid-3.5.0.2/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.0.3/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.0.2/helpers/basic_auth/DB/basic_db_auth.8 2014-10-31 04:42:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/DB/basic_db_auth.8 2014-12-09 07:07:01.000000000 -0800 @@ -133,57 +133,73 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -basic_db_auth \- Database auth helper for Squid +.Vb 1 +\& basic_db_auth \- Database auth helper for Squid +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -basic_db_auth [options] +.Vb 1 +\& basic_db_auth [options] +.Ve .SH "DESCRIPTOIN" .IX Header "DESCRIPTOIN" This program verifies username & password to a database -.IP "\fB\-\-dsn\fR" 8 +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-\-debug\fR" 12 +.IX Item "--debug" +Write debug info to stderr. +.IP "\fB\-\-dsn\fR" 12 .IX Item "--dsn" Database \s-1DSN.\s0 Default \*(L"DBI:mysql:database=squid\*(R" -.IP "\fB\-\-user\fR" 8 +.IP "\fB\-\-user\fR" 12 .IX Item "--user" Database User -.IP "\fB\-\-password\fR" 8 +.IP "\fB\-\-password\fR" 12 .IX Item "--password" Database password -.IP "\fB\-\-table\fR" 8 +.IP "\fB\-\-table\fR" 12 .IX Item "--table" Database table. Default \*(L"passwd\*(R". -.IP "\fB\-\-usercol\fR" 8 +.IP "\fB\-\-usercol\fR" 12 .IX Item "--usercol" Username column. Default \*(L"user\*(R". -.IP "\fB\-\-passwdcol\fR" 8 +.IP "\fB\-\-passwdcol\fR" 12 .IX Item "--passwdcol" Password column. Default \*(L"password\*(R". -.IP "\fB\-\-cond\fR" 8 +.IP "\fB\-\-cond\fR" 12 .IX Item "--cond" Condition, defaults to enabled=1. Specify 1 or "" for no condition If you use \-\-joomla flag, this condition will be changed to block=0 -.IP "\fB\-\-plaintext\fR" 8 +.IP "\fB\-\-plaintext\fR" 12 .IX Item "--plaintext" Database contains plain-text passwords -.IP "\fB\-\-md5\fR" 8 +.IP "\fB\-\-md5\fR" 12 .IX Item "--md5" Database contains unsalted md5 passwords -.IP "\fB\-\-salt\fR" 8 +.IP "\fB\-\-salt\fR" 12 .IX Item "--salt" Selects the correct salt to evaluate passwords -.IP "\fB\-\-persist\fR" 8 +.IP "\fB\-\-persist\fR" 12 .IX Item "--persist" Keep a persistent database connection open between queries. -.IP "\fB\-\-joomla\fR" 8 +.IP "\fB\-\-joomla\fR" 12 .IX Item "--joomla" Tells helper that user database is Joomla \s-1DB. \s0 So their unusual salt hashing is understood. +.SH "AUTHOR" +.IX Header "AUTHOR" +This program was written by +\&\fIHenrik Nordstrom and +\&\fILuis Daniel Lucio Quiroz +.PP +This manual was written by \fIHenrik Nordstrom .SH "COPYRIGHT" .IX Header "COPYRIGHT" .Vb 5 @@ -199,3 +215,23 @@ This program is free software. You may redistribute copies of it under the terms of the \s-1GNU\s0 General Public License version 2, or (at youropinion) any later version. +.SH "QUESTIONS" +.IX Header "QUESTIONS" +Questions on the usage of this program can be sent to the \fISquid Users mailing list +.SH "REPORTING BUGS" +.IX Header "REPORTING BUGS" +Bug reports need to be made in English. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list +.SH "SEE ALSO" +.IX Header "SEE ALSO" +squid (8), \s-1GPL \\fIs0\fR\|(7), +.PP +The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq +.PP +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/basic_auth/DB/basic_db_auth.pl.in squid-3.5.0.3/helpers/basic_auth/DB/basic_db_auth.pl.in --- squid-3.5.0.2/helpers/basic_auth/DB/basic_db_auth.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/DB/basic_db_auth.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,99 +1,147 @@ #!@PERL@ + use strict; -use DBI; -use Getopt::Long; use Pod::Usage; -use Digest::MD5 qw(md5 md5_hex md5_base64); -$|=1; +use Getopt::Long; =pod =head1 NAME -basic_db_auth - Database auth helper for Squid - -=cut - -my $dsn = "DBI:mysql:database=squid"; -my $db_user = undef; -my $db_passwd = undef; -my $db_table = "passwd"; -my $db_usercol = "user"; -my $db_passwdcol = "password"; -my $db_cond = "enabled = 1"; -my $plaintext = 0; -my $md5 = 0; -my $persist = 0; -my $isjoomla = 0; -my $debug = 0; -my $hashsalt = undef; - -=pod + basic_db_auth - Database auth helper for Squid =head1 SYNOPSIS -basic_db_auth [options] + basic_db_auth [options] =head1 DESCRIPTOIN This program verifies username & password to a database -=over 8 +=head1 OPTIONS + +=over 12 + +=item B<--debug> -=item B<--dsn> +Write debug info to stderr. + +=item B<--dsn> Database DSN. Default "DBI:mysql:database=squid" -=item B<--user> +=item B<--user> Database User -=item B<--password> +=item B<--password> Database password -=item B<--table> +=item B<--table> Database table. Default "passwd". -=item B<--usercol> +=item B<--usercol> Username column. Default "user". -=item B<--passwdcol> +=item B<--passwdcol> Password column. Default "password". -=item B<--cond> +=item B<--cond> Condition, defaults to enabled=1. Specify 1 or "" for no condition If you use --joomla flag, this condition will be changed to block=0 -=item B<--plaintext> +=item B<--plaintext> Database contains plain-text passwords -=item B<--md5> +=item B<--md5> Database contains unsalted md5 passwords -=item B<--salt> +=item B<--salt> Selects the correct salt to evaluate passwords -=item B<--persist> +=item B<--persist> Keep a persistent database connection open between queries. -=item B<--joomla> +=item B<--joomla> Tells helper that user database is Joomla DB. So their unusual salt hashing is understood. =back +=head1 AUTHOR + +This program was written by +I> and +I> + +This manual was written by I> + +=head1 COPYRIGHT + + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + +Copyright (C) 2007 Henrik Nordstrom +Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla support) +This program is free software. You may redistribute copies of it under the +terms of the GNU General Public License version 2, or (at youropinion) any +later version. + +=head1 QUESTIONS + +Questions on the usage of this program can be sent to the I> + +=head1 REPORTING BUGS + +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + +Report bugs or bug fixes using http://bugs.squid-cache.org/ + +Report serious security bugs to I> + +Report ideas for new improvements to the I> + +=head1 SEE ALSO + +squid (8), GPL (7), + +The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ + =cut +use DBI; +use Digest::MD5 qw(md5 md5_hex md5_base64); + +my $dsn = "DBI:mysql:database=squid"; +my $db_user = undef; +my $db_passwd = undef; +my $db_table = "passwd"; +my $db_usercol = "user"; +my $db_passwdcol = "password"; +my $db_cond = "enabled = 1"; +my $plaintext = 0; +my $md5 = 0; +my $persist = 0; +my $isjoomla = 0; +my $debug = 0; +my $hashsalt = undef; + GetOptions( 'dsn=s' => \$dsn, 'user=s' => \$db_user, @@ -173,6 +221,7 @@ } my $status; +$|=1; while (<>) { my ($user, $password) = split; $status = "ERR"; @@ -190,21 +239,3 @@ close_db() if (!$persist); print $status . "\n"; } - -=pod - -=head1 COPYRIGHT - - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - -Copyright (C) 2007 Henrik Nordstrom -Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla support) -This program is free software. You may redistribute copies of it under the -terms of the GNU General Public License version 2, or (at youropinion) any -later version. - -=cut diff -u -r -N squid-3.5.0.2/helpers/basic_auth/DB/Makefile.am squid-3.5.0.3/helpers/basic_auth/DB/Makefile.am --- squid-3.5.0.2/helpers/basic_auth/DB/Makefile.am 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/DB/Makefile.am 2014-12-09 06:10:01.000000000 -0800 @@ -7,7 +7,6 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = basic_db_auth -CLEANFILES += basic_db_auth basic_db_auth.8 man_MANS = basic_db_auth.8 EXTRA_DIST= \ basic_db_auth.8 \ @@ -20,3 +19,5 @@ basic_db_auth: basic_db_auth.pl.in $(subst_perlshell) + +CLEANFILES += basic_db_auth basic_db_auth.8 diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2014-12-09 07:07:05.000000000 -0800 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& basic_msnt_multi_domain_auth +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& basic_msnt_multi_domain_auth [options] +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBbasic_msnt_multi_domain_auth\fR is a Squid authenticator to check +user credentials against multiple \s-1NT\s0 domains using \fBnmblookup\fR. +.PP +The user is expected to enter his/her credentials as domain\eusername +or domain/username (in analogy to what MS-Proxy does). +.PP +Requires Authen::SMB from \s-1CPAN\s0 and Samba if you need to perform \s-1NETBIOS\s0 +queries. +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-\-debug\fR" 12 +.IX Item "--debug" +Write debug info to stderr. +.IP "\fB\-\-wins\-server\fR" 12 +.IX Item "--wins-server" +Use the named \s-1WINS\s0 server. +.Sp +.Vb 1 +\& Default: broadcast will be attempted. +.Ve +.IP "\fB\-\-no\-fqdn\fR" 12 +.IX Item "--no-fqdn" +Some servers don't like to be called by their fully qualified name. +Define this if you wish to call them \s-1ONLY\s0 by their hostname. +.IP "\fB\-\-no\-rdns\fR" 12 +.IX Item "--no-rdns" +Some servers really really want to be called by address. +.SH "AUTHOR" +.IX Header "AUTHOR" +This program was written by \fIFrancesco Chemolli +.PP +This manual was written by \fIAmos Jeffries +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +.Vb 5 +\& * Copyright (C) 1996\-2014 The Squid Software Foundation and contributors +\& * +\& * Squid software is distributed under GPLv2+ license and includes +\& * contributions from numerous individuals and organizations. +\& * Please see the COPYING and CONTRIBUTORS files for details. +.Ve +.SH "QUESTIONS" +.IX Header "QUESTIONS" +Questions on the usage of this program can be sent to the \fISquid Users mailing list +.SH "REPORTING BUGS" +.IX Header "REPORTING BUGS" +Bug reports need to be made in English. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list +.SH "SEE ALSO" +.IX Header "SEE ALSO" +squid (8), \s-1GPL \\fIs0\fR\|(7), +.PP +The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq +.PP +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,14 +1,93 @@ #!@PERL@ -## -## Copyright (C) 1996-2014 The Squid Software Foundation and contributors -## -## Squid software is distributed under GPLv2+ license and includes -## contributions from numerous individuals and organizations. -## Please see the COPYING and CONTRIBUTORS files for details. -## -#if you define this, debugging output will be printed to STDERR. -#$debug=1; +use strict; +use Pod::Usage; +use Getopt::Long; + +=pod + +=head1 NAME + + basic_msnt_multi_domain_auth + +=head1 SYNOPSIS + + basic_msnt_multi_domain_auth [options] + +=head1 DESCRIPTION + +B is a Squid authenticator to check +user credentials against multiple NT domains using B. + +The user is expected to enter his/her credentials as domain\username +or domain/username (in analogy to what MS-Proxy does). + +Requires Authen::SMB from CPAN and Samba if you need to perform NETBIOS +queries. + +=head1 OPTIONS + +=over 12 + +=item B<--debug> + +Write debug info to stderr. + +=item B<--wins-server> + +Use the named WINS server. + + Default: broadcast will be attempted. + +=item B<--no-fqdn> + +Some servers don't like to be called by their fully qualified name. +Define this if you wish to call them ONLY by their hostname. + +=item B<--no-rdns> + +Some servers really really want to be called by address. + +=back + +=head1 AUTHOR + +This program was written by I> + +This manual was written by I> + +=head1 COPYRIGHT + + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + +=head1 QUESTIONS + +Questions on the usage of this program can be sent to the I> + +=head1 REPORTING BUGS + +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + +Report bugs or bug fixes using http://bugs.squid-cache.org/ + +Report serious security bugs to I> + +Report ideas for new improvements to the I> + +=head1 SEE ALSO + +squid (8), GPL (7), + +The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ + +=cut #to force using some DC for some domains, fill in this hash. #the key is a regexp matched against the domain name @@ -19,28 +98,24 @@ #%controllers = ( ".*" => ["pdcname","bdcname"]); -#define this if you wish to use a WINS server. If undefined, broadcast -# will be attempted. -#$wins_server="winsservername"; - -# Some servers (at least mine) really really want to be called by address. -# If this variable is defined, we'll ask nmblookup to do a reverse DNS on the -# DC addresses. It might fail though, for instance because you have a crappy -# DNS with no reverse zones or records. If it doesn't work, you'll have to -# fall back to the %controllers hack. -$try_reverse_dns=1; - -# Some servers (at least mine) don't like to be called by their fully -# qualified name. define this if you wish to call them ONLY by their -# hostname. -$dont_use_fqdn=1; - #no more user-serviceable parts + use Authen::Smb; #variables: # %pdc used to cache the domain -> pdc_ip values. IT NEVER EXPIRES! +my $debug = undef; +my $wins_server = undef; +my $no_rdns = undef; +my $no_fqdn = undef; + +GetOptions( + 'debug' => \$debug, + 'wins-server=s' => $wins_server, + 'no-fqdn' => $no_fqdn, + 'no-rdns' => $no_rdns + ); $|=1; while (<>) { @@ -103,7 +178,7 @@ } $lookupstring="nmblookup"; $lookupstring.=" -R -U $wins_server" if (defined($wins_server)); - $lookupstring.=" -T" if (defined($try_reverse_dns)); + $lookupstring.=" -T" unless (defined($no_rdns)); $lookupstring.=" '$domain#1c'"; print STDERR "Discovering PDC: $lookupstring\n" if (defined($debug)); @@ -114,7 +189,7 @@ if (m|(.*), (\d+\.\d+\.\d+\.\d+)|) { $datum=$1; print STDERR "matched $datum\n" if (defined($debug)); - if (defined($dont_use_fqdn) && $datum =~ /^([^.]+)\..*/) { + if (defined($no_fqdn) && $datum =~ /^([^.]+)\..*/) { $datum=$1; print STDERR "stripped domain name: $datum\n" if (defined($debug)); } diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/Makefile.am squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/Makefile.am --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/Makefile.am 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/Makefile.am 2014-12-09 06:10:01.000000000 -0800 @@ -8,8 +8,16 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = basic_msnt_multi_domain_auth -EXTRA_DIST = basic_msnt_multi_domain_auth.pl.in README.txt required.m4 -CLEANFILES += basic_msnt_multi_domain_auth +man_MANS= basic_msnt_multi_domain_auth.8 +EXTRA_DIST= \ + basic_msnt_multi_domain_auth.8 \ + basic_msnt_multi_domain_auth.pl.in \ + required.m4 basic_msnt_multi_domain_auth: basic_msnt_multi_domain_auth.pl.in $(subst_perlshell) + +basic_msnt_multi_domain_auth.8: basic_msnt_multi_domain_auth + pod2man basic_msnt_multi_domain_auth basic_msnt_multi_domain_auth.8 + +CLEANFILES += basic_msnt_multi_domain_auth basic_msnt_multi_domain_auth.8 diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/Makefile.in squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/Makefile.in --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/Makefile.in 2014-10-31 03:57:51.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/Makefile.in 2014-12-09 06:10:47.000000000 -0800 @@ -176,7 +176,7 @@ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(libexecdir)" +am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)" SCRIPTS = $(libexec_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -197,6 +197,9 @@ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__tty_colors_dummy = \ mgn= red= grn= lgn= blu= brg= std=; \ @@ -601,7 +604,8 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = $(SQUID_CFLAGS) AM_CXXFLAGS = $(SQUID_CXXFLAGS) -CLEANFILES = basic_msnt_multi_domain_auth +CLEANFILES = basic_msnt_multi_domain_auth \ + basic_msnt_multi_domain_auth.8 AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/include \ -I$(top_srcdir)/lib -I$(top_srcdir)/src \ -I$(top_builddir)/include $(SQUID_CPPUNIT_INC) $(KRB5INCS) \ @@ -611,7 +615,12 @@ COMPAT_LIB = $(top_builddir)/compat/libcompat-squid.la $(LIBPROFILER) subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1) libexec_SCRIPTS = basic_msnt_multi_domain_auth -EXTRA_DIST = basic_msnt_multi_domain_auth.pl.in README.txt required.m4 +man_MANS = basic_msnt_multi_domain_auth.8 +EXTRA_DIST = \ + basic_msnt_multi_domain_auth.8 \ + basic_msnt_multi_domain_auth.pl.in \ + required.m4 + all: all-am .SUFFIXES: @@ -697,6 +706,49 @@ clean-libtool: -rm -rf .libs _libs +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: @@ -894,9 +946,9 @@ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am -all-am: Makefile $(SCRIPTS) +all-am: Makefile $(SCRIPTS) $(MANS) installdirs: - for dir in "$(DESTDIR)$(libexecdir)"; do \ + for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -954,7 +1006,7 @@ info-am: -install-data-am: +install-data-am: install-man install-dvi: install-dvi-am @@ -970,7 +1022,7 @@ install-info-am: -install-man: +install-man: install-man8 install-pdf: install-pdf-am @@ -998,7 +1050,9 @@ ps-am: -uninstall-am: uninstall-libexecSCRIPTS +uninstall-am: uninstall-libexecSCRIPTS uninstall-man + +uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip @@ -1009,12 +1063,12 @@ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-libexecSCRIPTS \ - install-man install-pdf install-pdf-am install-ps \ + install-man install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am recheck tags-am uninstall uninstall-am \ - uninstall-libexecSCRIPTS + uninstall-libexecSCRIPTS uninstall-man uninstall-man8 $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h @@ -1022,6 +1076,9 @@ basic_msnt_multi_domain_auth: basic_msnt_multi_domain_auth.pl.in $(subst_perlshell) +basic_msnt_multi_domain_auth.8: basic_msnt_multi_domain_auth + pod2man basic_msnt_multi_domain_auth basic_msnt_multi_domain_auth.8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/README.txt squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/README.txt --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/README.txt 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/README.txt 1969-12-31 16:00:00.000000000 -0800 @@ -1,17 +0,0 @@ - -From: "Francesco Chemolli" -Subject: Multiple NT domains authenticator -Date: Fri, 7 Jul 2000 15:37:32 +0200 - -This is the multi-domain NTLM authenticator, blissfully undocumented -(but there's a few strategic comments, so that at least the user -is not left alone). - -The user is expected to enter his/her credentials as domain\username -or domain/username (in analogy to what M$-Proxy does). - -Requires Authen::SMB from CPAN and Samba if you need to perform netbios -queries. - - Francesco 'Kinkie' Chemolli - diff -u -r -N squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/required.m4 squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/required.m4 --- squid-3.5.0.2/helpers/basic_auth/MSNT-multi-domain/required.m4 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/MSNT-multi-domain/required.m4 2014-12-09 06:10:01.000000000 -0800 @@ -5,4 +5,6 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -BUILD_HELPER="MSNT-multi-domain" +if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then + BUILD_HELPER="MSNT-multi-domain" +fi diff -u -r -N squid-3.5.0.2/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.0.3/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.0.2/helpers/basic_auth/POP3/basic_pop3_auth.8 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.0.3/helpers/basic_auth/POP3/basic_pop3_auth.8 2014-12-09 07:07:10.000000000 -0800 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +. ds C` +. ds C' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.\" +.\" Avoid warning from groff about undefined register 'F'. +.de IX +.. +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{ +. if \nF \{ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. if !\nF==2 \{ +. nr % 0 +. nr F 2 +. \} +. \} +.\} +.rr rF +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "BASIC_POP3_AUTH 1" +.TH BASIC_POP3_AUTH 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +.Vb 1 +\& basic_pop3_auth \- POP3 authenticator for Squid +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& basic_pop3_auth server +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBbasic_pop3_auth\fR authenticates user credentials against a \s-1POP3\s0 server. +.SH "OPTIONS" +.IX Header "OPTIONS" +The only option this helper takes is the name of the \s-1POP3\s0 server to validate against. +.SH "AUTHOR" +.IX Header "AUTHOR" +This program was written by \fIHenrik Nordstrom +.PP +This manual was written by \fIAmos Jeffries +.SH "COPYRIGHT" +.IX Header "COPYRIGHT" +.Vb 5 +\& * Copyright (C) 1996\-2014 The Squid Software Foundation and contributors +\& * +\& * Squid software is distributed under GPLv2+ license and includes +\& * contributions from numerous individuals and organizations. +\& * Please see the COPYING and CONTRIBUTORS files for details. +\& +\& # Copyright (C) 2006 Henrik Nordstrom +\& # +\& # This program is free software; you can redistribute it and/or modify +\& # it under the terms of the GNU General Public License as published by +\& # the Free Software Foundation; either version 2 of the License, or +\& # (at your option) any later version. +\& # +\& # This program is distributed in the hope that it will be useful, +\& # but WITHOUT ANY WARRANTY; without even the implied warranty of +\& # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +\& # GNU General Public License for more details. +\& # +\& # You should have received a copy of the GNU General Public License +\& # along with this program; if not, write to the Free Software +\& # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. +\& # +\& # Change log: +\& # 2006\-12\-10 henrik Initial revision +\& # +.Ve +.SH "QUESTIONS" +.IX Header "QUESTIONS" +Questions on the usage of this program can be sent to the \fISquid Users mailing list +.SH "REPORTING BUGS" +.IX Header "REPORTING BUGS" +Bug reports need to be made in English. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list +.SH "SEE ALSO" +.IX Header "SEE ALSO" +squid (8), \s-1GPL \\fIs0\fR\|(7), +.PP +The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq +.PP +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/basic_auth/POP3/basic_pop3_auth.pl.in squid-3.5.0.3/helpers/basic_auth/POP3/basic_pop3_auth.pl.in --- squid-3.5.0.2/helpers/basic_auth/POP3/basic_pop3_auth.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/POP3/basic_pop3_auth.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,32 +1,85 @@ #!@PERL@ -## -## Copyright (C) 1996-2014 The Squid Software Foundation and contributors -## -## Squid software is distributed under GPLv2+ license and includes -## contributions from numerous individuals and organizations. -## Please see the COPYING and CONTRIBUTORS files for details. -## - -# POP3 authenticator for Squid -# Copyright (C) 2006 Henrik Nordstrom -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. -# -# Change log: -# 2006-12-10 henrik Initial revision -# + +use strict; +use Pod::Usage; +use Getopt::Long; + +=pod + +=head1 NAME + + basic_pop3_auth - POP3 authenticator for Squid + +=head1 SYNOPSIS + + basic_pop3_auth server + +=head1 DESCRIPTION + +B authenticates user credentials against a POP3 server. + +=head1 OPTIONS + +The only option this helper takes is the name of the POP3 server to validate against. + +=head1 AUTHOR + +This program was written by I> + +This manual was written by I> + +=head1 COPYRIGHT + + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + + # Copyright (C) 2006 Henrik Nordstrom + # + # This program is free software; you can redistribute it and/or modify + # it under the terms of the GNU General Public License as published by + # the Free Software Foundation; either version 2 of the License, or + # (at your option) any later version. + # + # This program is distributed in the hope that it will be useful, + # but WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + # GNU General Public License for more details. + # + # You should have received a copy of the GNU General Public License + # along with this program; if not, write to the Free Software + # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + # + # Change log: + # 2006-12-10 henrik Initial revision + # + +=head1 QUESTIONS + +Questions on the usage of this program can be sent to the I> + +=head1 REPORTING BUGS + +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + +Report bugs or bug fixes using http://bugs.squid-cache.org/ + +Report serious security bugs to I> + +Report ideas for new improvements to the I> + +=head1 SEE ALSO + +squid (8), GPL (7), + +The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ + +=cut use Net::POP3; $|=1; diff -u -r -N squid-3.5.0.2/helpers/basic_auth/POP3/Makefile.am squid-3.5.0.3/helpers/basic_auth/POP3/Makefile.am --- squid-3.5.0.2/helpers/basic_auth/POP3/Makefile.am 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/POP3/Makefile.am 2014-12-09 06:10:01.000000000 -0800 @@ -8,8 +8,16 @@ include $(top_srcdir)/src/Common.am libexec_SCRIPTS = basic_pop3_auth -EXTRA_DIST = basic_pop3_auth.pl.in required.m4 -CLEANFILES += basic_pop3_auth +man_MANS= basic_pop3_auth.8 +EXTRA_DIST= \ + basic_pop3_auth.8 \ + basic_pop3_auth.pl.in \ + required.m4 basic_pop3_auth: basic_pop3_auth.pl.in $(subst_perlshell) + +basic_pop3_auth.8: basic_pop3_auth + pod2man basic_pop3_auth basic_pop3_auth.8 + +CLEANFILES += basic_pop3_auth basic_pop3_auth.8 diff -u -r -N squid-3.5.0.2/helpers/basic_auth/POP3/Makefile.in squid-3.5.0.3/helpers/basic_auth/POP3/Makefile.in --- squid-3.5.0.2/helpers/basic_auth/POP3/Makefile.in 2014-10-31 03:57:54.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/POP3/Makefile.in 2014-12-09 06:10:49.000000000 -0800 @@ -176,7 +176,7 @@ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } -am__installdirs = "$(DESTDIR)$(libexecdir)" +am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)" SCRIPTS = $(libexec_SCRIPTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -197,6 +197,9 @@ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +man8dir = $(mandir)/man8 +NROFF = nroff +MANS = $(man_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__tty_colors_dummy = \ mgn= red= grn= lgn= blu= brg= std=; \ @@ -601,7 +604,7 @@ top_srcdir = @top_srcdir@ AM_CFLAGS = $(SQUID_CFLAGS) AM_CXXFLAGS = $(SQUID_CXXFLAGS) -CLEANFILES = basic_pop3_auth +CLEANFILES = basic_pop3_auth basic_pop3_auth.8 AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/include \ -I$(top_srcdir)/lib -I$(top_srcdir)/src \ -I$(top_builddir)/include $(SQUID_CPPUNIT_INC) $(KRB5INCS) \ @@ -611,7 +614,12 @@ COMPAT_LIB = $(top_builddir)/compat/libcompat-squid.la $(LIBPROFILER) subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1) libexec_SCRIPTS = basic_pop3_auth -EXTRA_DIST = basic_pop3_auth.pl.in required.m4 +man_MANS = basic_pop3_auth.8 +EXTRA_DIST = \ + basic_pop3_auth.8 \ + basic_pop3_auth.pl.in \ + required.m4 + all: all-am .SUFFIXES: @@ -697,6 +705,49 @@ clean-libtool: -rm -rf .libs _libs +install-man8: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man8dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.8[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ + done; } + +uninstall-man8: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man8dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: @@ -894,9 +945,9 @@ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am -all-am: Makefile $(SCRIPTS) +all-am: Makefile $(SCRIPTS) $(MANS) installdirs: - for dir in "$(DESTDIR)$(libexecdir)"; do \ + for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -954,7 +1005,7 @@ info-am: -install-data-am: +install-data-am: install-man install-dvi: install-dvi-am @@ -970,7 +1021,7 @@ install-info-am: -install-man: +install-man: install-man8 install-pdf: install-pdf-am @@ -998,7 +1049,9 @@ ps-am: -uninstall-am: uninstall-libexecSCRIPTS +uninstall-am: uninstall-libexecSCRIPTS uninstall-man + +uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip @@ -1009,12 +1062,12 @@ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-libexecSCRIPTS \ - install-man install-pdf install-pdf-am install-ps \ + install-man install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am recheck tags-am uninstall uninstall-am \ - uninstall-libexecSCRIPTS + uninstall-libexecSCRIPTS uninstall-man uninstall-man8 $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h @@ -1022,6 +1075,9 @@ basic_pop3_auth: basic_pop3_auth.pl.in $(subst_perlshell) +basic_pop3_auth.8: basic_pop3_auth + pod2man basic_pop3_auth basic_pop3_auth.8 + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -u -r -N squid-3.5.0.2/helpers/basic_auth/POP3/required.m4 squid-3.5.0.3/helpers/basic_auth/POP3/required.m4 --- squid-3.5.0.2/helpers/basic_auth/POP3/required.m4 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/basic_auth/POP3/required.m4 2014-12-09 06:10:01.000000000 -0800 @@ -5,4 +5,6 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -BUILD_HELPER="POP3" +if test "x$PERL" != "x" -a "x$POD2MAN" != "x"; then + BUILD_HELPER="POP3" +fi diff -u -r -N squid-3.5.0.2/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.0.3/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.0.2/helpers/external_acl/delayer/ext_delayer_acl.8 2014-10-31 04:42:42.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/delayer/ext_delayer_acl.8 2014-12-09 07:07:22.000000000 -0800 @@ -133,39 +133,43 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 1" -.TH EXT_DELAYER_ACL 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -delayer \- Squid external acl helper adding artificial delay to requests +.Vb 1 +\& delayer \- Squid external ACL helper adding artificial delay to requests +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -delayer [\-\-help] [\-\-debug] [\-\-log file] [\-\-wait msec] +.Vb 1 +\& delayer [\-\-help] [\-\-debug] [\-\-log file] [\-\-wait msec] +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Squid external acl helper; causes squid to delay responding to \s-1HTTP\s0 requests. +.PP +By carefully crafting the ACLs of a Squid setup it is possible to +selectively delay requests received by a proxy. After the configured amount +of time, it will always return \*(L"true\*(R". .SH "OPTIONS" .IX Header "OPTIONS" -.IP "\fB\-\-help\fR or \fB\-h\fR" 8 +.IP "\fB\-\-help\fR or \fB\-h\fR" 12 .IX Item "--help or -h" Print help message to stdout -.IP "\fB\-\-debug\fR or \fB\-d\fR" 8 +.IP "\fB\-\-debug\fR or \fB\-d\fR" 12 .IX Item "--debug or -d" Emit debugging output to \s-1STDERR\s0 and ultimately cache.log -.IP "\fB\-\-log /path/to/file\fR or \fB\-l /path/to/file\fR" 8 +.IP "\fB\-\-log /path/to/file\fR or \fB\-l /path/to/file\fR" 12 .IX Item "--log /path/to/file or -l /path/to/file" Emit debugging output to specified file instead of \s-1STDERR.\s0 Also turns on debugging -.IP "\fB\-\-wait msec\fR or \fB\-w msec\fR" 8 +.IP "\fB\-\-wait msec\fR or \fB\-w msec\fR" 12 .IX Item "--wait msec or -w msec" Delay each request by the specified amount of msec. Unless this option is specified, by default each submitted request will be delayed by half a second (500 msec). -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -Squid external acl helper; causes squid to delay responding to \s-1HTTP\s0 requests. -.PP -By carefully crafting the ACLs of a Squid setup it is possible to -selectively delay requests received by a proxy. After the configured amount -of time, it will always return \*(L"true\*(R". .SH "CONFIGURATION" .IX Header "CONFIGURATION" To engage it, this snippet of configuration template can be used in squid.conf: @@ -199,24 +203,30 @@ \& * Squid software is distributed under GPLv2+ license and includes \& * contributions from numerous individuals and organizations. \& * Please see the COPYING and CONTRIBUTORS files for details. +\& +\& (C) 2014 Francesco Chemolli +\& +\& This program is free software. You may redistribute copies of it under the +\& terms of the GNU General Public License version 2, or (at your opinion) any +\& later version. .Ve -.PP -(C) 2014 Francesco Chemolli -.PP -This program is free software. You may redistribute copies of it under the -terms of the \s-1GNU\s0 General Public License version 2, or (at your opinion) any -later version. .SH "QUESTIONS" .IX Header "QUESTIONS" -Questions on this code are best addressed on the Squid-users mailing list - +Questions on the usage of this program can be sent to the \fISquid Users mailing list .SH "REPORTING BUGS" .IX Header "REPORTING BUGS" Bug reports need to be made in English. -See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you -need to include with your bug report. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fBsquid\fR(8), \fB\s-1GPL\s0\fR(7), \fBSquid Wiki\fR http://wiki.squid\-cache.org/ , -\&\fBSquid Configuration Manual\fR http://www.squid\-cache.org/Doc/config/ +squid (8), \s-1GPL \\fIs0\fR\|(7), +.PP +The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq +.PP +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/external_acl/delayer/ext_delayer_acl.pl.in squid-3.5.0.3/helpers/external_acl/delayer/ext_delayer_acl.pl.in --- squid-3.5.0.2/helpers/external_acl/delayer/ext_delayer_acl.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/delayer/ext_delayer_acl.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,17 +1,31 @@ #!@PERL@ + +use strict; +use warnings; +use Getopt::Long qw(:config auto_version auto_help); +use Pod::Usage; + =pod =head1 NAME -delayer - Squid external acl helper adding artificial delay to requests + delayer - Squid external ACL helper adding artificial delay to requests =head1 SYNOPSIS -delayer [--help] [--debug] [--log file] [--wait msec] + delayer [--help] [--debug] [--log file] [--wait msec] + +=head1 DESCRIPTION + +Squid external acl helper; causes squid to delay responding to HTTP requests. + +By carefully crafting the ACLs of a Squid setup it is possible to +selectively delay requests received by a proxy. After the configured amount +of time, it will always return "true". =head1 OPTIONS -=over 8 +=over 12 =item B<--help> or B<-h> @@ -33,14 +47,6 @@ =back -=head1 DESCRIPTION - -Squid external acl helper; causes squid to delay responding to HTTP requests. - -By carefully crafting the ACLs of a Squid setup it is possible to -selectively delay requests received by a proxy. After the configured amount -of time, it will always return "true". - =head1 CONFIGURATION To engage it, this snippet of configuration template can be used in squid.conf: @@ -74,34 +80,37 @@ * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. -(C) 2014 Francesco Chemolli + (C) 2014 Francesco Chemolli -This program is free software. You may redistribute copies of it under the -terms of the GNU General Public License version 2, or (at your opinion) any -later version. + This program is free software. You may redistribute copies of it under the + terms of the GNU General Public License version 2, or (at your opinion) any + later version. =head1 QUESTIONS -Questions on this code are best addressed on the Squid-users mailing list - +Questions on the usage of this program can be sent to the I> =head1 REPORTING BUGS Bug reports need to be made in English. -See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you -need to include with your bug report. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + Report bugs or bug fixes using http://bugs.squid-cache.org/ +Report serious security bugs to I> + +Report ideas for new improvements to the I> + =head1 SEE ALSO -B(8), B(7), B http://wiki.squid-cache.org/ , -B http://www.squid-cache.org/Doc/config/ +squid (8), GPL (7), + +The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ =cut -use strict; -use warnings; -use Getopt::Long qw(:config auto_version auto_help); use Data::Dumper; use Time::HiRes qw(gettimeofday tv_interval); diff -u -r -N squid-3.5.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-10-31 04:42:58.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2014-12-09 07:07:36.000000000 -0800 @@ -133,16 +133,20 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ext_sql_session_acl.pl \- SQL Database session lookup helper for Squid +.Vb 1 +\& ext_sql_session_acl \- SQL Database session lookup helper for Squid +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -ext_sql_session_acl [options] +.Vb 1 +\& ext_sql_session_acl [options] +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" Validates an \s-1HTTP\s0 requests access authorization with a session database. @@ -153,36 +157,44 @@ Common forms of identifiers are \s-1IP\s0 address, \s-1EUI \s0(\s-1MAC\s0) address, passwords, or \s-1UUID\s0 tokens. .PP This program uses Squid concurrency support. -.IP "\fB\-\-dsn\fR" 8 +.SH "OPTIONS" +.IX Header "OPTIONS" +.IP "\fB\-\-dsn\fR" 12 .IX Item "--dsn" Database \s-1DSN.\s0 Default \*(L"DBI:mysql:database=squid\*(R" -.IP "\fB\-\-user\fR" 8 +.IP "\fB\-\-user\fR" 12 .IX Item "--user" Database User -.IP "\fB\-\-password\fR" 8 +.IP "\fB\-\-password\fR" 12 .IX Item "--password" Database password -.IP "\fB\-\-table\fR" 8 +.IP "\fB\-\-table\fR" 12 .IX Item "--table" Database table. Default \*(L"passwd\*(R". -.IP "\fB\-\-uidcol\fR" 8 +.IP "\fB\-\-uidcol\fR" 12 .IX Item "--uidcol" Unique Session Identifier column. Default \*(L"id\*(R". -.IP "\fB\-\-usercol\fR" 8 +.IP "\fB\-\-usercol\fR" 12 .IX Item "--usercol" External \s-1ACL\s0 user= result column. -.IP "\fB\-\-tagcol\fR" 8 +.IP "\fB\-\-tagcol\fR" 12 .IX Item "--tagcol" External \s-1ACL\s0 tag= result column. -.IP "\fB\-\-cond\fR" 8 +.IP "\fB\-\-cond\fR" 12 .IX Item "--cond" Condition, defaults to enabled=1. Specify 1 or "" for no condition -.IP "\fB\-\-persist\fR" 8 +.IP "\fB\-\-persist\fR" 12 .IX Item "--persist" Keep a persistent database connection open between queries. -.IP "\fB\-\-debug\fR" 8 +.IP "\fB\-\-debug\fR" 12 .IX Item "--debug" -Print Debug output traces to stderr. +Write debug info to stderr. +.SH "AUTHOR" +.IX Header "AUTHOR" +This program and documentation was written by \fIAmos Jeffries +.PP +Based on original work in DB_auth by Henrik Nordstrom +With assistance of Nishant Sharma .SH "COPYRIGHT" .IX Header "COPYRIGHT" .Vb 5 @@ -191,11 +203,30 @@ \& * Squid software is distributed under GPLv2+ license and includes \& * contributions from numerous individuals and organizations. \& * Please see the COPYING and CONTRIBUTORS files for details. +\& +\& Copyright (C) 2012 Amos Jeffries +\& +\& This program is free software. You may redistribute copies of it under the +\& terms of the GNU General Public License version 2, or (at your opinion) any +\& later version. .Ve +.SH "QUESTIONS" +.IX Header "QUESTIONS" +Questions on the usage of this program can be sent to the \fISquid Users mailing list +.SH "REPORTING BUGS" +.IX Header "REPORTING BUGS" +Bug reports need to be made in English. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. .PP -Copyright (C) 2012 Amos Jeffries -Based on original work in DB_auth by Henrik Nordstrom -With assistance of Nishant Sharma -This program is free software. You may redistribute copies of it under the -terms of the \s-1GNU\s0 General Public License version 2, or (at your opinion) any -later version. +Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list +.SH "SEE ALSO" +.IX Header "SEE ALSO" +squid (8), \s-1GPL \\fIs0\fR\|(7), +.PP +The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq +.PP +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in squid-3.5.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in --- squid-3.5.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,34 +1,18 @@ #!@PERL@ + use strict; -use DBI; use Getopt::Long; use Pod::Usage; -$|=1; =pod =head1 NAME -ext_sql_session_acl.pl - SQL Database session lookup helper for Squid - -=cut - -my $dsn = "DBI:mysql:database=squid"; -my $db_user = undef; -my $db_passwd = undef; -my $db_table = "passwd"; -my $db_uidcol = "id"; -my $db_usercol = "''"; -my $db_tagcol = "''"; -my $db_cond = "enabled = 1"; -my $persist = 0; -my $debug = 0; - -=pod + ext_sql_session_acl - SQL Database session lookup helper for Squid =head1 SYNOPSIS -ext_sql_session_acl [options] + ext_sql_session_acl [options] =head1 DESCRIPTION @@ -41,52 +25,111 @@ This program uses Squid concurrency support. -=over 8 +=head1 OPTIONS + +=over 12 -=item B<--dsn> +=item B<--dsn> Database DSN. Default "DBI:mysql:database=squid" -=item B<--user> +=item B<--user> Database User -=item B<--password> +=item B<--password> Database password -=item B<--table> +=item B<--table> Database table. Default "passwd". -=item B<--uidcol> +=item B<--uidcol> Unique Session Identifier column. Default "id". -=item B<--usercol> +=item B<--usercol> External ACL user= result column. -=item B<--tagcol> +=item B<--tagcol> External ACL tag= result column. -=item B<--cond> +=item B<--cond> Condition, defaults to enabled=1. Specify 1 or "" for no condition -=item B<--persist> +=item B<--persist> Keep a persistent database connection open between queries. -=item B<--debug> +=item B<--debug> -Print Debug output traces to stderr. +Write debug info to stderr. =back +=head1 AUTHOR + +This program and documentation was written by I> + +Based on original work in DB_auth by Henrik Nordstrom +With assistance of Nishant Sharma + +=head1 COPYRIGHT + + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + + Copyright (C) 2012 Amos Jeffries + + This program is free software. You may redistribute copies of it under the + terms of the GNU General Public License version 2, or (at your opinion) any + later version. + +=head1 QUESTIONS + +Questions on the usage of this program can be sent to the I> + +=head1 REPORTING BUGS + +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + +Report bugs or bug fixes using http://bugs.squid-cache.org/ + +Report serious security bugs to I> + +Report ideas for new improvements to the I> + +=head1 SEE ALSO + +squid (8), GPL (7), + +The Squid FAQ wiki http://wiki.squid-cache.org/SquidFaq + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ + =cut +use DBI; + +my $dsn = "DBI:mysql:database=squid"; +my $db_user = undef; +my $db_passwd = undef; +my $db_table = "passwd"; +my $db_uidcol = "id"; +my $db_usercol = "''"; +my $db_tagcol = "''"; +my $db_cond = "enabled = 1"; +my $persist = 0; +my $debug = 0; + GetOptions( 'dsn=s' => \$dsn, 'user=s' => \$db_user, @@ -140,6 +183,7 @@ } my $status; +$|=1; while (<>) { my $string = $_; $string =~ m/^(\d+)\s(.*)$/; @@ -162,22 +206,3 @@ close_db() if (!$persist); print $status . "\n"; } - -=pod - -=head1 COPYRIGHT - - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - -Copyright (C) 2012 Amos Jeffries -Based on original work in DB_auth by Henrik Nordstrom -With assistance of Nishant Sharma -This program is free software. You may redistribute copies of it under the -terms of the GNU General Public License version 2, or (at your opinion) any -later version. - -=cut diff -u -r -N squid-3.5.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-10-31 04:43:04.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2014-12-09 07:07:41.000000000 -0800 @@ -132,21 +132,25 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1" -.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.IX Title "EXT_WBINFO_GROUP_ACL 1" +.TH EXT_WBINFO_GROUP_ACL 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -ext_wbinfo_group_acl \- external ACL helper for Squid to verify NT Domain group membership using wbinfo. +.Vb 1 +\& ext_wbinfo_group_acl \- external ACL helper for Squid to verify NT Domain group membership using wbinfo. +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -ext_wbinfo_group_acl [\-dh] +.Vb 1 +\& ext_wbinfo_group_acl [\-dhK] +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -ext_wbinfo_group_acl is an installed executable script. -It uses wbinfo from Samba to lookup group membership of logged in users. +\&\fBext_wbinfo_group_acl\fR is an installed executable script. +It uses \fBwbinfo\fR from Samba to lookup group membership of logged in users. .PP This helper must be used in with an authentication scheme (typically Basic or \s-1NTLM\s0) based on Windows \s-1NT/2000\s0 domain users. @@ -156,23 +160,27 @@ username. .SH "OPTIONS" .IX Header "OPTIONS" -.Vb 3 -\& \-d Write debug info to stderr. -\& \-h Print the help. -\& \-K downgrade Kerberos credentials to NTLM. -.Ve +.IP "\fB\-d\fR" 12 +.IX Item "-d" +Write debug info to stderr. +.IP "\fB\-h\fR" 12 +.IX Item "-h" +Print the help. +.IP "\fB\-K\fR" 12 +.IX Item "-K" +Downgrade Kerberos credentials to \s-1NTLM.\s0 .SH "CONFIGURATION" .IX Header "CONFIGURATION" .Vb 3 -\& external_acl_type wbinfo_check %LOGIN /path/to/ext_wbinfo_group_acl -\& acl allowed_group external wbinfo_check Group1 Group2 -\& http_access allow allowed_group +\& external_acl_type wbinfo_check %LOGIN /path/to/ext_wbinfo_group_acl +\& acl allowed_group external wbinfo_check Group1 Group2 +\& http_access allow allowed_group .Ve .PP If the local perl interpreter is in a unusual location it may need to be added: .PP .Vb 1 -\& external_acl_type wbinfo_check %LOGIN /path/to/perl /path/to/ext_wbinfo_group_acl +\& external_acl_type wbinfo_check %LOGIN /path/to/perl /path/to/ext_wbinfo_group_acl .Ve .SH "AUTHOR" .IX Header "AUTHOR" @@ -181,14 +189,21 @@ This manual was written by Amos Jeffries .SH "COPYRIGHT" .IX Header "COPYRIGHT" -This program is put in the public domain by Jerry Murdock -. It is distributed in the hope that it will -be useful, but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty -of \s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE.\s0 +.Vb 5 +\& * Copyright (C) 1996\-2014 The Squid Software Foundation and contributors +\& * +\& * Squid software is distributed under GPLv2+ license and includes +\& * contributions from numerous individuals and organizations. +\& * Please see the COPYING and CONTRIBUTORS files for details. +\& +\& This program is put in the public domain by Jerry Murdock +\& . It is distributed in the hope that it will +\& be useful, but WITHOUT ANY WARRANTY; without even the implied warranty +\& of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.Ve .SH "QUESTIONS" .IX Header "QUESTIONS" -Questions on the usage of this program can be sent to the -Squid Users mailing list +Questions on the usage of this program can be sent to the \fISquid Users mailing list .SH "REPORTING BUGS" .IX Header "REPORTING BUGS" Bug reports need to be made in English. @@ -196,10 +211,9 @@ .PP Report bugs or bug fixes using http://bugs.squid\-cache.org/ .PP -Report serious security bugs to Squid Bugs +Report serious security bugs to \fISquid Bugs .PP -Report ideas for new improvements to the -Squid Developers mailing list +Report ideas for new improvements to the \fISquid Developers mailing list .SH "SEE ALSO" .IX Header "SEE ALSO" The Squid \s-1FAQ\s0 wiki http://wiki.squid\-cache.org/SquidFaq diff -u -r -N squid-3.5.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in squid-3.5.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in --- squid-3.5.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,55 +1,23 @@ #!@PERL@ -w -# -## Copyright (C) 1996-2014 The Squid Software Foundation and contributors -## -## Squid software is distributed under GPLv2+ license and includes -## contributions from numerous individuals and organizations. -## Please see the COPYING and CONTRIBUTORS files for details. -## -# -# external_acl helper to Squid to verify NT Domain group -# membership using wbinfo -# -# This program is put in the public domain by Jerry Murdock -# . It is distributed in the hope that it will -# be useful, but WITHOUT ANY WARRANTY; without even the implied warranty -# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -# -# Author: -# Jerry Murdock -# -# Version history: -# 2010-08-27 Hank Hampel -# Add Kerberos to NTLM conversion of credentials (-K) -# -# 2005-12-26 Guido Serassio -# Add '-d' command line debugging option -# -# 2005-12-24 Guido Serassio -# Fix for wbinfo from Samba 3.0.21 -# -# 2004-08-15 Henrik Nordstrom -# Helper protocol changed to URL escaped in Squid-3.0 -# -# 2005-06-28 Arno Streuli -# Add multi group check -# -# 2002-07-05 Jerry Murdock -# Initial release + +use strict; +use Pod::Usage; +use Getopt::Long; + =pod =head1 NAME -ext_wbinfo_group_acl - external ACL helper for Squid to verify NT Domain group membership using wbinfo. + ext_wbinfo_group_acl - external ACL helper for Squid to verify NT Domain group membership using wbinfo. =head1 SYNOPSIS -ext_wbinfo_group_acl [-dh] + ext_wbinfo_group_acl [-dhK] =head1 DESCRIPTION -ext_wbinfo_group_acl is an installed executable script. -It uses wbinfo from Samba to lookup group membership of logged in users. +B is an installed executable script. +It uses B from Samba to lookup group membership of logged in users. This helper must be used in with an authentication scheme (typically Basic or NTLM) based on Windows NT/2000 domain users. @@ -60,19 +28,31 @@ =head1 OPTIONS - -d Write debug info to stderr. - -h Print the help. - -K downgrade Kerberos credentials to NTLM. +=over 12 + +=item B<-d> + +Write debug info to stderr. + +=item B<-h> + +Print the help. + +=item B<-K> + +Downgrade Kerberos credentials to NTLM. + +=back =head1 CONFIGURATION - external_acl_type wbinfo_check %LOGIN /path/to/ext_wbinfo_group_acl - acl allowed_group external wbinfo_check Group1 Group2 - http_access allow allowed_group + external_acl_type wbinfo_check %LOGIN /path/to/ext_wbinfo_group_acl + acl allowed_group external wbinfo_check Group1 Group2 + http_access allow allowed_group If the local perl interpreter is in a unusual location it may need to be added: - external_acl_type wbinfo_check %LOGIN /path/to/perl /path/to/ext_wbinfo_group_acl + external_acl_type wbinfo_check %LOGIN /path/to/perl /path/to/ext_wbinfo_group_acl =head1 AUTHOR @@ -82,15 +62,20 @@ =head1 COPYRIGHT -This program is put in the public domain by Jerry Murdock -. It is distributed in the hope that it will -be useful, but WITHOUT ANY WARRANTY; without even the implied warranty -of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + + This program is put in the public domain by Jerry Murdock + . It is distributed in the hope that it will + be useful, but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. =head1 QUESTIONS -Questions on the usage of this program can be sent to the -Squid Users mailing list +Questions on the usage of this program can be sent to the I> =head1 REPORTING BUGS @@ -99,10 +84,9 @@ Report bugs or bug fixes using http://bugs.squid-cache.org/ -Report serious security bugs to Squid Bugs +Report serious security bugs to I> -Report ideas for new improvements to the -Squid Developers mailing list +Report ideas for new improvements to the I> =head1 SEE ALSO @@ -113,6 +97,26 @@ =cut # +# Version history: +# 2010-08-27 Hank Hampel +# Add Kerberos to NTLM conversion of credentials (-K) +# +# 2005-12-26 Guido Serassio +# Add '-d' command line debugging option +# +# 2005-12-24 Guido Serassio +# Fix for wbinfo from Samba 3.0.21 +# +# 2004-08-15 Henrik Nordstrom +# Helper protocol changed to URL escaped in Squid-3.0 +# +# 2005-06-28 Arno Streuli +# Add multi group check +# +# 2002-07-05 Jerry Murdock +# Initial release + +# # Globals # use vars qw/ %opt /; diff -u -r -N squid-3.5.0.2/helpers/external_acl/wbinfo_group/Makefile.am squid-3.5.0.3/helpers/external_acl/wbinfo_group/Makefile.am --- squid-3.5.0.2/helpers/external_acl/wbinfo_group/Makefile.am 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/wbinfo_group/Makefile.am 2014-12-09 06:10:01.000000000 -0800 @@ -7,16 +7,17 @@ include $(top_srcdir)/src/Common.am -libexec_SCRIPTS = ext_wbinfo_group_acl -EXTRA_DIST = ext_wbinfo_group_acl.pl.in required.m4 +libexec_SCRIPTS= ext_wbinfo_group_acl +man_MANS= ext_wbinfo_group_acl.8 +EXTRA_DIST= \ + ext_wbinfo_group_acl.8 \ + ext_wbinfo_group_acl.pl.in \ + required.m4 ext_wbinfo_group_acl: ext_wbinfo_group_acl.pl.in $(subst_perlshell) -EXTRA_DIST += ext_wbinfo_group_acl.8 -man_MANS = ext_wbinfo_group_acl.8 - -ext_wbinfo_group_acl.8: ext_wbinfo_group_acl.pl.in - pod2man $(srcdir)/ext_wbinfo_group_acl.pl.in ext_wbinfo_group_acl.8 +ext_wbinfo_group_acl.8: ext_wbinfo_group_acl + pod2man ext_wbinfo_group_acl ext_wbinfo_group_acl.8 CLEANFILES += ext_wbinfo_group_acl.8 ext_wbinfo_group_acl diff -u -r -N squid-3.5.0.2/helpers/external_acl/wbinfo_group/Makefile.in squid-3.5.0.3/helpers/external_acl/wbinfo_group/Makefile.in --- squid-3.5.0.2/helpers/external_acl/wbinfo_group/Makefile.in 2014-10-31 03:58:03.000000000 -0700 +++ squid-3.5.0.3/helpers/external_acl/wbinfo_group/Makefile.in 2014-12-09 06:10:57.000000000 -0800 @@ -614,9 +614,12 @@ COMPAT_LIB = $(top_builddir)/compat/libcompat-squid.la $(LIBPROFILER) subst_perlshell = sed -e 's,[@]PERL[@],$(PERL),g' <$(srcdir)/$@.pl.in >$@ || ($(RM) -f $@ ; exit 1) libexec_SCRIPTS = ext_wbinfo_group_acl -EXTRA_DIST = ext_wbinfo_group_acl.pl.in required.m4 \ - ext_wbinfo_group_acl.8 man_MANS = ext_wbinfo_group_acl.8 +EXTRA_DIST = \ + ext_wbinfo_group_acl.8 \ + ext_wbinfo_group_acl.pl.in \ + required.m4 + all: all-am .SUFFIXES: @@ -1072,8 +1075,8 @@ ext_wbinfo_group_acl: ext_wbinfo_group_acl.pl.in $(subst_perlshell) -ext_wbinfo_group_acl.8: ext_wbinfo_group_acl.pl.in - pod2man $(srcdir)/ext_wbinfo_group_acl.pl.in ext_wbinfo_group_acl.8 +ext_wbinfo_group_acl.8: ext_wbinfo_group_acl + pod2man ext_wbinfo_group_acl ext_wbinfo_group_acl.8 # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -u -r -N squid-3.5.0.2/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.0.3/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.0.2/helpers/log_daemon/DB/log_db_daemon.8 2014-10-31 04:43:08.000000000 -0700 +++ squid-3.5.0.3/helpers/log_daemon/DB/log_db_daemon.8 2014-12-09 07:07:44.000000000 -0800 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.0.2/helpers/ntlm_auth/modules.m4 squid-3.5.0.3/helpers/ntlm_auth/modules.m4 --- squid-3.5.0.2/helpers/ntlm_auth/modules.m4 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/ntlm_auth/modules.m4 2014-12-09 06:10:01.000000000 -0800 @@ -66,3 +66,16 @@ AC_MSG_NOTICE([NTLM auth helpers to be built: $NTLM_AUTH_HELPERS]) AM_CONDITIONAL(ENABLE_AUTH_NTLM, test "x$enable_auth_ntlm" != "xno") AC_SUBST(NTLM_AUTH_HELPERS) + +## NTLM requires some special Little-Endian conversion hacks +if test "x$enable_auth_ntlm" != "xno"; then + AC_CHECK_HEADERS(machine/byte_swap.h sys/bswap.h endian.h sys/endian.h) + AC_CHECK_FUNCS( + bswap_16 bswap16 \ + bswap_32 bswap32 \ + htole16 __htole16 \ + htole32 __htole32 \ + le16toh __le16toh \ + le32toh __le32toh \ + ) +fi diff -u -r -N squid-3.5.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-10-31 04:43:32.000000000 -0700 +++ squid-3.5.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2014-12-09 07:08:07.000000000 -0800 @@ -133,16 +133,20 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2014-10-31" "perl v5.20.1" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2014-12-09" "perl v5.20.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -storeid_file_rewrite \- File based Store\-ID helper for Squid +.Vb 1 +\& storeid_file_rewrite \- File based Store\-ID helper for Squid +.Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" -storeid_file_rewrite filepath +.Vb 1 +\& storeid_file_rewrite filepath +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This program acts as a store_id helper program, rewriting URLs passed @@ -160,8 +164,14 @@ .PP This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. It may be used with any value 0 or above for the store_id_children concurrency= parameter. +.SH "OPTIONS" +.IX Header "OPTIONS" +The only command line parameter this helper takes is the regex rules file name. +.SH "AUTHOR" +.IX Header "AUTHOR" +This program and documentation was written by \fIAlan Mizrahi .PP -For more information please see http://wiki.squid\-cache.org/Features/StoreID +Based on prior work by \fIEliezer Croitoru .SH "COPYRIGHT" .IX Header "COPYRIGHT" .Vb 5 @@ -170,21 +180,41 @@ \& * Squid software is distributed under GPLv2+ license and includes \& * contributions from numerous individuals and organizations. \& * Please see the COPYING and CONTRIBUTORS files for details. +\& +\& Copyright (C) 2013 Alan Mizrahi +\& Based on code from Eliezer Croitoru +\& +\& This program is free software; you can redistribute it and/or modify +\& it under the terms of the GNU General Public License as published by +\& the Free Software Foundation; either version 2 of the License, or +\& (at your option) any later version. +\& +\& This program is distributed in the hope that it will be useful, +\& but WITHOUT ANY WARRANTY; without even the implied warranty of +\& MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +\& GNU General Public License for more details. +\& +\& You should have received a copy of the GNU General Public License +\& along with this program; if not, write to the Free Software +\& Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111\-1307, USA. .Ve +.SH "QUESTIONS" +.IX Header "QUESTIONS" +Questions on the usage of this program can be sent to the \fISquid Users mailing list +.SH "REPORTING BUGS" +.IX Header "REPORTING BUGS" +Bug reports need to be made in English. +See http://wiki.squid\-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. +.PP +Report bugs or bug fixes using http://bugs.squid\-cache.org/ +.PP +Report serious security bugs to \fISquid Bugs +.PP +Report ideas for new improvements to the \fISquid Developers mailing list +.SH "SEE ALSO" +.IX Header "SEE ALSO" +squid (8), \s-1GPL \\fIs0\fR\|(7), .PP -Copyright (C) 2013 Alan Mizrahi -Based on code from Eliezer Croitoru +The Squid wiki http://wiki.squid\-cache.org/Features/StoreID .PP -This program is free software; you can redistribute it and/or modify -it under the terms of the \s-1GNU\s0 General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. -.PP -This program is distributed in the hope that it will be useful, -but \s-1WITHOUT ANY WARRANTY\s0; without even the implied warranty of -\&\s-1MERCHANTABILITY\s0 or \s-1FITNESS FOR A PARTICULAR PURPOSE. \s0 See the -\&\s-1GNU\s0 General Public License for more details. -.PP -You should have received a copy of the \s-1GNU\s0 General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, \s-1MA 02111\-1307, USA.\s0 +The Squid Configuration Manual http://www.squid\-cache.org/Doc/config/ diff -u -r -N squid-3.5.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in squid-3.5.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in --- squid-3.5.0.2/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2014-12-09 06:10:01.000000000 -0800 @@ -1,17 +1,18 @@ #!@PERL@ + use strict; use warnings; -$|=1; +use Pod::Usage; =pod =head1 NAME -storeid_file_rewrite - File based Store-ID helper for Squid + storeid_file_rewrite - File based Store-ID helper for Squid =head1 SYNOPSIS -storeid_file_rewrite filepath + storeid_file_rewrite filepath =head1 DESCRIPTION @@ -31,7 +32,63 @@ This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. It may be used with any value 0 or above for the store_id_children concurrency= parameter. -For more information please see http://wiki.squid-cache.org/Features/StoreID +=head1 OPTIONS + +The only command line parameter this helper takes is the regex rules file name. + +=head1 AUTHOR + +This program and documentation was written by I> + +Based on prior work by I> + +=head1 COPYRIGHT + + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + + Copyright (C) 2013 Alan Mizrahi + Based on code from Eliezer Croitoru + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. + +=head1 QUESTIONS + +Questions on the usage of this program can be sent to the I> + +=head1 REPORTING BUGS + +Bug reports need to be made in English. +See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report. + +Report bugs or bug fixes using http://bugs.squid-cache.org/ + +Report serious security bugs to I> + +Report ideas for new improvements to the I> + +=head1 SEE ALSO + +squid (8), GPL (7), + +The Squid wiki http://wiki.squid-cache.org/Features/StoreID + +The Squid Configuration Manual http://www.squid-cache.org/Doc/config/ =cut @@ -52,6 +109,7 @@ } close RULES; +$|=1; # read urls from squid and do the replacement URL: while () { chomp; @@ -75,32 +133,3 @@ } print $channel, "ERR\n"; } - -=pod - -=head1 COPYRIGHT - - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - -Copyright (C) 2013 Alan Mizrahi -Based on code from Eliezer Croitoru - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. - -=cut diff -u -r -N squid-3.5.0.2/include/autoconf.h.in squid-3.5.0.3/include/autoconf.h.in --- squid-3.5.0.2/include/autoconf.h.in 2014-10-31 03:57:26.000000000 -0700 +++ squid-3.5.0.3/include/autoconf.h.in 2014-12-09 06:10:24.000000000 -0800 @@ -194,6 +194,9 @@ /* Define if you have the _dyld_func_lookup function. */ #undef HAVE_DYLD +/* Define to 1 if you have the header file. */ +#undef HAVE_ENDIAN_H + /* Define to 1 if you have the header file. */ #undef HAVE_ERRNO_H @@ -327,12 +330,12 @@ /* Define to 1 if you have the `gss_map_name_to_any' function. */ #undef HAVE_GSS_MAP_NAME_TO_ANY -/* Define to 1 if you have the `htobe16' function. */ -#undef HAVE_HTOBE16 - /* Define to 1 if you have the `htole16' function. */ #undef HAVE_HTOLE16 +/* Define to 1 if you have the `htole32' function. */ +#undef HAVE_HTOLE32 + /* Define to 1 if you have the `inet_ntop' function. */ #undef HAVE_INET_NTOP @@ -453,6 +456,12 @@ /* Define to 1 if you have ldap_url_parse */ #undef HAVE_LDAP_URL_PARSE +/* Define to 1 if you have the `le16toh' function. */ +#undef HAVE_LE16TOH + +/* Define to 1 if you have the `le32toh' function. */ +#undef HAVE_LE32TOH + /* Define to 1 if you have the `cap' library (-lcap). */ #undef HAVE_LIBCAP @@ -1105,6 +1114,18 @@ /* Define to 1 if you have the header file. */ #undef HAVE_WS2TCPIP_H +/* Define to 1 if you have the `__htole16' function. */ +#undef HAVE___HTOLE16 + +/* Define to 1 if you have the `__htole32' function. */ +#undef HAVE___HTOLE32 + +/* Define to 1 if you have the `__le16toh' function. */ +#undef HAVE___LE16TOH + +/* Define to 1 if you have the `__le32toh' function. */ +#undef HAVE___LE32TOH + /* Define to 1 if you have the `__res_init' function. */ #undef HAVE___RES_INIT diff -u -r -N squid-3.5.0.2/include/squid_endian.h squid-3.5.0.3/include/squid_endian.h --- squid-3.5.0.2/include/squid_endian.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/include/squid_endian.h 1969-12-31 16:00:00.000000000 -0800 @@ -1,133 +0,0 @@ -/* - * Copyright (C) 1996-2014 The Squid Software Foundation and contributors - * - * Squid software is distributed under GPLv2+ license and includes - * contributions from numerous individuals and organizations. - * Please see the COPYING and CONTRIBUTORS files for details. - */ - -/* - * AUTHOR: Alan Barrett - */ - -#ifndef SQUID_ENDIAN_H -#define SQUID_ENDIAN_H - -/* - * Macros to deal with byte swapping. These macros provide - * the following interface: - * - * // Byte-swap - * uint16_t bswap16(uint16_t); - * uint32_t bswap32(uint32_t); - * - * // Convert from host byte order to big-endian, and vice versa. - * uint16_t htobe16(uint16_t); // equivalent to htons() - * uint32_t htobe32(uint32_t); // equivalent to htonl() - * uint16_t be16toh(uint16_t); // equivalent to ntohs() - * uint32_t be32toh(uint32_t); // equivalent to ntohs() - * - * // Convert from host byte order to little-endian, and vice versa. - * uint16_t htole16(uint16_t); - * uint32_t htole32(uint32_t); - * uint16_t le16toh(uint16_t); - * uint32_t le32toh(uint32_t); - */ - -/* - * Some systems define bswap_16() and bswap_32() in - * - * Some systems define bswap16() and bswap32() in . - * - * Some systems define htobe16()/be16toh() and friends in . - */ -#if HAVE_BYTESWAP_H -# include -#endif /* HAVE_BYTESWAP_H */ -#if HAVE_MACHINE_BYTE_SWAP_H -# include -#endif /* HAVE_MACHINE_BYTE_SWAP_H */ -#if HAVE_SYS_BSWAP_H -# include -#endif /* HAVE_SYS_BSWAP_H */ -#if HAVE_SYS_ENDIAN_H -# include -#endif /* HAVE_SYS_ENDIAN_H */ - -/* - * Define bswap16() and bswap32() in terms of bswap_16() and bswap_32(), - * or the hard way. - */ -#if ! HAVE_BSWAP16 && ! defined(bswap16) -# if defined(bswap_16) -# define bswap16(x) bswap_16(x) -# else -# define bswap16(x) \ - (((((uint16_t)(x)) >> 8) & 0xff) | ((((uint16_t)(x)) & 0xff) << 8)) -# endif -#endif /* ! HAVE_BSWAP16 && ! defined(bswap16) */ -#if ! HAVE_BSWAP32 && ! defined(bswap32) -# if defined(bswap_32) -# define bswap32(x) bswap_32(x) -# else -# define bswap32(x) \ - (((((uint32_t)(x)) & 0xff000000) >> 24) | \ - ((((uint32_t)(x)) & 0x00ff0000) >> 8) | \ - ((((uint32_t)(x)) & 0x0000ff00) << 8) | \ - ((((uint32_t)(x)) & 0x000000ff) << 24)) -# endif -#endif /* ! HAVE_BSWAP32 && ! defined(bswap32) */ - -/* - * Define htobe*()/be*toh() in terms of hton*()/ntoh*(). - * - * XXX: If htobe16() is missing, we assume that the other *be*() functions - * are also missing. - */ -#if ! HAVE_HTOBE16 && ! defined(htobe16) -# ifdef WORDS_BIGENDIAN -# define htobe16(x) (x) -# define htobe32(x) (x) -# define be16toh(x) (x) -# define be32toh(x) (x) -# else /* ! WORDS_BIGENDIAN */ -# define htobe16(x) htons(x) -# define htobe32(x) htonl(x) -# define be16toh(x) ntohs(x) -# define be32toh(x) ntohl(x) -# endif /* ! WORDS_BIGENDIAN */ -#endif /* ! HAVE_HTOBE16 && ! defined(htobe16) */ - -/* - * Define htole*()/le*toh() in terms of bswap*(). - * - * XXX: If htole16() is missing, we assume that the other *le*() functions - * are also missing. - * - * Except OpenBSD - htole16 & 32 exist, but not le16toh etc - */ -#if _SQUID_OPENBSD_ -# define le16toh(x) htole16(x) -# define le32toh(x) htole32(x) -#endif - -#if ! HAVE_HTOLE16 && ! defined(htole16) -# ifdef WORDS_BIGENDIAN -# define htole16(x) bswap16(x) -# define htole32(x) bswap32(x) -# define le16toh(x) bswap16(x) -# define le32toh(x) bswap32(x) -# else /* ! WORDS_BIGENDIAN */ -/* -* XXX: What about unusual byte orders like 3412 or 2143 ? -* Nothing else in squid seems to care about them, -* so we don't worry about them here either. -*/ -# define htole16(x) (x) -# define htole32(x) (x) -# define le16toh(x) (x) -# define le32toh(x) (x) -# endif /* ! WORDS_BIGENDIAN */ -#endif /* ! HAVE_HTOLE16 && ! defined(htole16) */ - -#endif /* SQUID_ENDIAN_H */ diff -u -r -N squid-3.5.0.2/include/version.h squid-3.5.0.3/include/version.h --- squid-3.5.0.2/include/version.h 2014-10-31 03:58:44.000000000 -0700 +++ squid-3.5.0.3/include/version.h 2014-12-09 06:11:37.000000000 -0800 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1414753015 +#define SQUID_RELEASE_TIME 1418134194 #endif /* diff -u -r -N squid-3.5.0.2/lib/ntlmauth/Makefile.am squid-3.5.0.3/lib/ntlmauth/Makefile.am --- squid-3.5.0.2/lib/ntlmauth/Makefile.am 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/lib/ntlmauth/Makefile.am 2014-12-09 06:10:01.000000000 -0800 @@ -15,4 +15,5 @@ libntlmauth_la_SOURCES = \ ntlmauth.cc \ ntlmauth.h \ - support_bits.cci + support_bits.cci \ + support_endian.h diff -u -r -N squid-3.5.0.2/lib/ntlmauth/Makefile.in squid-3.5.0.3/lib/ntlmauth/Makefile.in --- squid-3.5.0.2/lib/ntlmauth/Makefile.in 2014-10-31 03:58:11.000000000 -0700 +++ squid-3.5.0.3/lib/ntlmauth/Makefile.in 2014-12-09 06:11:05.000000000 -0800 @@ -682,7 +682,8 @@ libntlmauth_la_SOURCES = \ ntlmauth.cc \ ntlmauth.h \ - support_bits.cci + support_bits.cci \ + support_endian.h all: all-am diff -u -r -N squid-3.5.0.2/lib/ntlmauth/ntlmauth.h squid-3.5.0.3/lib/ntlmauth/ntlmauth.h --- squid-3.5.0.2/lib/ntlmauth/ntlmauth.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/lib/ntlmauth/ntlmauth.h 2014-12-09 06:10:01.000000000 -0800 @@ -10,6 +10,8 @@ #define SQUID_NTLMAUTH_H /* NP: All of this cruft is little endian */ +/* Endian functions are usualy handled by the OS but not always. */ +#include "ntlmauth/support_endian.h" #ifdef __cplusplus extern "C" { diff -u -r -N squid-3.5.0.2/lib/ntlmauth/support_endian.h squid-3.5.0.3/lib/ntlmauth/support_endian.h --- squid-3.5.0.2/lib/ntlmauth/support_endian.h 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.0.3/lib/ntlmauth/support_endian.h 2014-12-09 06:10:01.000000000 -0800 @@ -0,0 +1,95 @@ +/* + * Copyright (C) 1996-2014 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see the COPYING and CONTRIBUTORS files for details. + */ + +#ifndef SQUID_LIB_NTLMAUTH_SUPPORT_ENDIAN_H +#define SQUID_LIB_NTLMAUTH_SUPPORT_ENDIAN_H + +#if HAVE_BYTESWAP_H +#include +#endif +#if HAVE_MACHINE_BYTE_SWAP_H +#include +#endif +#if HAVE_SYS_BSWAP_H +#include +#endif +#if HAVE_ENDIAN_H +#include +#endif +#if HAVE_SYS_ENDIAN_H +#include +#endif + +/* + * Macros to deal with byte swapping. These macros provide + * the following interface: + * + * // Byte-swap + * uint16_t bswap16(uint16_t); + * uint32_t bswap32(uint32_t); + * + * // Convert from host byte order to little-endian, and vice versa. + * uint16_t htole16(uint16_t); + * uint32_t htole32(uint32_t); + * uint16_t le16toh(uint16_t); + * uint32_t le32toh(uint32_t); + * + * XXX: What about unusual byte orders like 3412 or 2143 ? + * Never had any problems reported, so we dont worry about them. + */ + +#if !HAVE_HTOLE16 && !defined(htole16) +/* Define bswap16() in terms of bswap_16() or the hard way. */ +#if !HAVE_BSWAP16 && !defined(bswap16) +# if HAVE_BSWAP_16 || defined(bswap_16) +# define bswap16(x) bswap_16(x) +# else // 'hard way' +# define bswap16(x) \ + (((((uint16_t)(x)) >> 8) & 0xff) | ((((uint16_t)(x)) & 0xff) << 8)) +# endif +#endif + +/* Define htole16() in terms of bswap16(). */ +# if defined(WORDS_BIGENDIAN) +# define htole16(x) bswap16(x) +# else +# define htole16(x) (x) +# endif +#endif + +#if !HAVE_HTOLE32 && !defined(htole32) +#if ! HAVE_BSWAP32 && ! defined(bswap32) +/* Define bswap32() in terms of bswap_32() or the hard way. */ +# if HAVE_BSWAP_32 || defined(bswap_32) +# define bswap32(x) bswap_32(x) +# else // 'hard way' +# define bswap32(x) \ + (((((uint32_t)(x)) & 0xff000000) >> 24) | \ + ((((uint32_t)(x)) & 0x00ff0000) >> 8) | \ + ((((uint32_t)(x)) & 0x0000ff00) << 8) | \ + ((((uint32_t)(x)) & 0x000000ff) << 24)) +# endif + +/* Define htole32() in terms of bswap32(). */ +#endif +# if defined(WORDS_BIGENDIAN) +# define htole32(x) bswap32(x) +# else +# define htole32(x) (x) +# endif +#endif + +/* Define letoh*() in terms of htole*(). The swap is symmetrical. */ +#if !HAVE_LE16TOH && !defined(le16toh) +#define le16toh(x) htole16(x) +#endif +#if !HAVE_LE32TOH && !defined(le32toh) +#define le32toh(x) htole32(x) +#endif + +#endif /* SQUID_LIB_NTLMAUTH_SUPPORT_ENDIAN_H */ diff -u -r -N squid-3.5.0.2/src/acl/UrlPath.cc squid-3.5.0.3/src/acl/UrlPath.cc --- squid-3.5.0.2/src/acl/UrlPath.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/acl/UrlPath.cc 2014-12-09 06:10:01.000000000 -0800 @@ -18,6 +18,9 @@ int ACLUrlPathStrategy::match (ACLData * &data, ACLFilledChecklist *checklist, ACLFlags &) { + if (!checklist->request->urlpath.size()) + return -1; + char *esc_buf = xstrdup(checklist->request->urlpath.termedBuf()); rfc1738_unescape(esc_buf); int result = data->match(esc_buf); diff -u -r -N squid-3.5.0.2/src/cf.data.pre squid-3.5.0.3/src/cf.data.pre --- squid-3.5.0.2/src/cf.data.pre 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/cf.data.pre 2014-12-09 06:10:01.000000000 -0800 @@ -629,31 +629,44 @@ ttl=n TTL in seconds for cached results (defaults to 3600 for 1 hour) + negative_ttl=n TTL for cached negative lookups (default same as ttl) + + grace=n Percentage remaining of TTL where a refresh of a + cached entry should be initiated without needing to + wait for a new reply. (default is for no grace period) + + cache=n Limit the result cache size, default is 262144. + The expanded FORMAT value is used as the cache key, so + if the details in FORMAT are highly variable a larger + cache may be needed to produce reduction in helper load. + children-max=n Maximum number of acl helper processes spawned to service external acl lookups of this type. (default 20) + children-startup=n Minimum number of acl helper processes to spawn during startup and reconfigure to service external acl lookups of this type. (default 0) + children-idle=n Number of acl helper processes to keep ahead of traffic loads. Squid will spawn this many at once whenever load rises above the capabilities of existing processes. Up to the value of children-max. (default 1) + concurrency=n concurrency level per process. Only used with helpers capable of processing more than one query at a time. - cache=n limit the result cache size, default is 262144. - grace=n Percentage remaining of TTL where a refresh of a - cached entry should be initiated without needing to - wait for a new reply. (default is for no grace period) - protocol=2.5 Compatibility mode for Squid-2.5 external acl helpers + + protocol=2.5 Compatibility mode for Squid-2.5 external acl helpers. + ipv4 / ipv6 IP protocol used to communicate with this helper. The default is to auto-detect IPv6 and use it when available. + FORMAT specifications %LOGIN Authenticated user login name @@ -775,8 +788,8 @@ %ea in logformat specifications. clt_conn_tag= Associates a TAG with the client TCP connection. - Please see url_rewrite_program related documentation for - this kv-pair. + Please see url_rewrite_program related documentation + for this kv-pair. Any keywords may be sent on any response whether OK, ERR or BH. @@ -6476,23 +6489,23 @@ description of delay_class. For a class 1 delay pool, the syntax is: - delay_pools pool 1 + delay_class pool 1 delay_parameters pool aggregate For a class 2 delay pool: - delay_pools pool 2 + delay_class pool 2 delay_parameters pool aggregate individual For a class 3 delay pool: - delay_pools pool 3 + delay_class pool 3 delay_parameters pool aggregate network individual For a class 4 delay pool: - delay_pools pool 4 + delay_class pool 4 delay_parameters pool aggregate network individual user For a class 5 delay pool: - delay_pools pool 5 + delay_class pool 5 delay_parameters pool tagrate The option variables are: @@ -6528,11 +6541,11 @@ above example, and is being used to strictly limit each host to 64Kbit/sec (plus overheads), with no overall limit, the line is: - delay_parameters 1 -1/-1 8000/8000 + delay_parameters 1 none 8000/8000 Note that 8 x 8000 KByte/sec -> 64Kbit/sec. - Note that the figure -1 is used to represent "unlimited". + Note that the word 'none' is used to represent no limit. And, if delay pool number 2 is a class 3 delay pool as in the above diff -u -r -N squid-3.5.0.2/src/client_side.cc squid-3.5.0.3/src/client_side.cc --- squid-3.5.0.2/src/client_side.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/client_side.cc 2014-12-09 06:10:01.000000000 -0800 @@ -2209,6 +2209,17 @@ return csd->abortRequestParsing("error:method-not-allowed"); } + /* draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI as HTTP/2 specific + * Deny "PRI" method if used in HTTP/1.x or 0.9 versions. + * If seen it signals a broken client or proxy has corrupted the traffic. + */ + if (*method_p == Http::METHOD_PRI && *http_ver < Http::ProtocolVersion(2,0)) { + debugs(33, DBG_IMPORTANT, "WARNING: PRI method received on " << csd->port->transport.protocol << "port " << csd->port->s.port()); + debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf); + hp->request_parse_status = Http::scMethodNotAllowed; + return csd->abortRequestParsing("error:method-not-allowed"); + } + if (*method_p == Http::METHOD_NONE) { /* XXX need a way to say "this many character length string" */ debugs(33, DBG_IMPORTANT, "clientParseRequestMethod: Unsupported method in request '" << hp->buf << "'"); diff -u -r -N squid-3.5.0.2/src/comm.cc squid-3.5.0.3/src/comm.cc --- squid-3.5.0.2/src/comm.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/comm.cc 2014-12-09 06:10:01.000000000 -0800 @@ -102,9 +102,14 @@ comm_empty_os_read_buffers(int fd) { #if _SQUID_LINUX_ +#if USE_OPENSSL + // Bug 4146: SSL-Bump BIO does not release sockets on close. + if (fd_table[fd].ssl) + return; +#endif + /* prevent those nasty RST packets */ char buf[SQUID_TCP_SO_RCVBUF]; - if (fd_table[fd].flags.nonblocking) { while (FD_READ_METHOD(fd, buf, SQUID_TCP_SO_RCVBUF) > 0) {}; } diff -u -r -N squid-3.5.0.2/src/ConfigParser.cc squid-3.5.0.3/src/ConfigParser.cc --- squid-3.5.0.2/src/ConfigParser.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/ConfigParser.cc 2014-12-09 06:10:01.000000000 -0800 @@ -23,6 +23,7 @@ std::queue ConfigParser::Undo_; bool ConfigParser::AllowMacros_ = false; bool ConfigParser::ParseQuotedOrToEol_ = false; +bool ConfigParser::RecognizeQuotedPair_ = false; bool ConfigParser::PreviewMode_ = false; static const char *SQUID_ERROR_TOKEN = "[invalid token]"; @@ -108,7 +109,7 @@ *t = '\0'; if ((wordFile = fopen(fn, "r")) == NULL) { - debugs(3, DBG_CRITICAL, "Can not open file " << t << " for reading"); + debugs(3, DBG_CRITICAL, "ERROR: Can not open file " << fn << " for reading"); return NULL; } @@ -217,7 +218,7 @@ if (PreviewMode_) strncpy(UnQuoted, SQUID_ERROR_TOKEN, sizeof(UnQuoted)); else { - debugs(3, DBG_CRITICAL, errorStr << ": " << errorPos); + debugs(3, DBG_CRITICAL, "FATAL: " << errorStr << ": " << errorPos); self_destruct(); } } @@ -261,12 +262,25 @@ const char *sep; if (ConfigParser::ParseQuotedOrToEol_) sep = "\n"; + else if (ConfigParser::RecognizeQuotedPair_) + sep = w_space "\\"; else if (!ConfigParser::RecognizeQuotedValues || *nextToken == '(') sep = w_space; else sep = w_space "("; nextToken += strcspn(nextToken, sep); + while (ConfigParser::RecognizeQuotedPair_ && *nextToken == '\\') { + // NP: do not permit \0 terminator to be escaped. + if (*(nextToken+1) && *(nextToken+1) != '\r' && *(nextToken+1) != '\n') { + nextToken += 2; // skip the quoted-pair (\-escaped) character + nextToken += strcspn(nextToken, sep); + } else { + debugs(3, DBG_CRITICAL, "FATAL: Unescaped '\' character in regex pattern: " << tokenStart); + self_destruct(); + } + } + if (ConfigParser::RecognizeQuotedValues && *nextToken == '(') { if (strncmp(tokenStart, "parameters", nextToken - tokenStart) == 0) type = ConfigParser::FunctionParameters; @@ -276,7 +290,7 @@ CfgLineTokens_.push(err); return err; } else { - debugs(3, DBG_CRITICAL, "Unknown cfg function: " << tokenStart); + debugs(3, DBG_CRITICAL, "FATAL: Unknown cfg function: " << tokenStart); self_destruct(); } } @@ -300,7 +314,7 @@ CfgLineTokens_.push(err); return err; } else { - debugs(3, DBG_CRITICAL, "Not alphanumeric character '"<< *s << "' in unquoted token " << tokenStart); + debugs(3, DBG_CRITICAL, "FATAL: Not alphanumeric character '"<< *s << "' in unquoted token " << tokenStart); self_destruct(); } } @@ -363,7 +377,7 @@ char *path = NextToken(); if (LastTokenType != ConfigParser::QuotedToken) { - debugs(3, DBG_CRITICAL, "Quoted filename missing: " << token); + debugs(3, DBG_CRITICAL, "FATAL: Quoted filename missing: " << token); self_destruct(); return NULL; } @@ -372,20 +386,20 @@ char *end = NextToken(); ConfigParser::PreviewMode_ = savePreview; if (LastTokenType != ConfigParser::SimpleToken || strcmp(end, ")") != 0) { - debugs(3, DBG_CRITICAL, "missing ')' after " << token << "(\"" << path << "\""); + debugs(3, DBG_CRITICAL, "FATAL: missing ')' after " << token << "(\"" << path << "\""); self_destruct(); return NULL; } if (CfgFiles.size() > 16) { - debugs(3, DBG_CRITICAL, "WARNING: can't open %s for reading parameters: includes are nested too deeply (>16)!\n" << path); + debugs(3, DBG_CRITICAL, "FATAL: can't open %s for reading parameters: includes are nested too deeply (>16)!\n" << path); self_destruct(); return NULL; } ConfigParser::CfgFile *wordfile = new ConfigParser::CfgFile(); if (!path || !wordfile->startParse(path)) { - debugs(3, DBG_CRITICAL, "Error opening config file: " << token); + debugs(3, DBG_CRITICAL, "FATAL: Error opening config file: " << token); delete wordfile; self_destruct(); return NULL; @@ -429,10 +443,12 @@ ConfigParser::RegexStrtokFile() { if (ConfigParser::RecognizeQuotedValues) { - debugs(3, DBG_CRITICAL, "Can not read regex expresion while configuration_includes_quoted_values is enabled"); + debugs(3, DBG_CRITICAL, "FATAL: Can not read regex expression while configuration_includes_quoted_values is enabled"); self_destruct(); } + ConfigParser::RecognizeQuotedPair_ = true; char * token = strtokFile(); + ConfigParser::RecognizeQuotedPair_ = false; return token; } @@ -440,11 +456,12 @@ ConfigParser::RegexPattern() { if (ConfigParser::RecognizeQuotedValues) { - debugs(3, DBG_CRITICAL, "Can not read regex expresion while configuration_includes_quoted_values is enabled"); + debugs(3, DBG_CRITICAL, "FATAL: Can not read regex expression while configuration_includes_quoted_values is enabled"); self_destruct(); } - + ConfigParser::RecognizeQuotedPair_ = true; char * token = NextToken(); + ConfigParser::RecognizeQuotedPair_ = false; return token; } @@ -488,7 +505,7 @@ assert(wordFile == NULL); debugs(3, 3, "Parsing from " << path); if ((wordFile = fopen(path, "r")) == NULL) { - debugs(3, DBG_CRITICAL, "file :" << path << " not found"); + debugs(3, DBG_CRITICAL, "WARNING: file :" << path << " not found"); return false; } diff -u -r -N squid-3.5.0.2/src/ConfigParser.h squid-3.5.0.3/src/ConfigParser.h --- squid-3.5.0.2/src/ConfigParser.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/ConfigParser.h 2014-12-09 06:10:01.000000000 -0800 @@ -201,6 +201,7 @@ static std::queue Undo_; ///< The list with TokenPutBack() queued elements static bool AllowMacros_; static bool ParseQuotedOrToEol_; ///< The next tokens will be handled as quoted or to_eol token + static bool RecognizeQuotedPair_; ///< The next tokens may contain quoted-pair (\-escaped) characters static bool PreviewMode_; ///< The next token will not poped from cfg files, will just previewd. }; diff -u -r -N squid-3.5.0.2/src/DelaySpec.cc squid-3.5.0.3/src/DelaySpec.cc --- squid-3.5.0.2/src/DelaySpec.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/DelaySpec.cc 2014-12-09 06:10:01.000000000 -0800 @@ -41,19 +41,31 @@ void DelaySpec::parse() { - int r; - char *token; - token = strtok(NULL, "/"); - + // get the token. + char *token = ConfigParser::NextToken(); if (token == NULL) self_destruct(); - if (sscanf(token, "%d", &r) != 1) - self_destruct(); + // no-limit value + if (strcmp(token, "none") == 0 || token[0] == '-') { + restore_bps = -1; + max_bytes = -1; + return; + } - restore_bps = r; + // parse the first digits into restore_bps + const char *p = NULL; + if (!StringToInt(token, restore_bps, &p, 10) && *p != '/') { + debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << "'. Expecting restore/max or 'none'."); + self_destruct(); + } + p++; // increment past the '/' - max_bytes = GetInteger64(); + // parse the rest into max_bytes + if (!StringToInt64(p, max_bytes, NULL, 10)) { + debugs(77, DBG_CRITICAL, "ERROR: restore rate in '" << token << "' is not a number."); + self_destruct(); + } } #endif diff -u -r -N squid-3.5.0.2/src/external_acl.cc squid-3.5.0.3/src/external_acl.cc --- squid-3.5.0.2/src/external_acl.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/external_acl.cc 2014-12-09 06:10:01.000000000 -0800 @@ -335,12 +335,12 @@ debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %>{...} is being replaced by %>ha{...} for : " << token); parse_header_token(format, (token+3), Format::LFT_ADAPTED_REQUEST_HEADER); } else if (strncmp(token, "%>ha{", 5) == 0) { - parse_header_token(format, (token+3), Format::LFT_ADAPTED_REQUEST_HEADER); + parse_header_token(format, (token+5), Format::LFT_ADAPTED_REQUEST_HEADER); } else if (strncmp(token, "%<{", 3) == 0) { debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type format %<{...} is being replaced by %type = Format::LFT_USER_LOGIN; diff -u -r -N squid-3.5.0.2/src/http/MethodType.cc squid-3.5.0.3/src/http/MethodType.cc --- squid-3.5.0.2/src/http/MethodType.cc 2014-10-31 04:45:03.000000000 -0700 +++ squid-3.5.0.3/src/http/MethodType.cc 2014-12-09 07:09:18.000000000 -0800 @@ -53,6 +53,7 @@ SBuf("REBIND"), SBuf("UNBIND"), #endif + SBuf("PRI"), SBuf("PURGE"), SBuf("OTHER"), SBuf("ENUM_END") diff -u -r -N squid-3.5.0.2/src/http/MethodType.h squid-3.5.0.3/src/http/MethodType.h --- squid-3.5.0.2/src/http/MethodType.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/http/MethodType.h 2014-12-09 06:10:01.000000000 -0800 @@ -87,6 +87,9 @@ METHOD_UNBIND, #endif + // draft-ietf-httpbis-http2-16 section 11.6 + METHOD_PRI, + // Squid extension methods METHOD_PURGE, METHOD_OTHER, diff -u -r -N squid-3.5.0.2/src/http/StatusCode.cc squid-3.5.0.3/src/http/StatusCode.cc --- squid-3.5.0.2/src/http/StatusCode.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/http/StatusCode.cc 2014-12-09 06:10:01.000000000 -0800 @@ -180,6 +180,10 @@ return "Expectation Failed"; break; + case Http::scMisdirectedRequest: + return "Misdirected Request"; + break; + case Http::scUnprocessableEntity: return "Unprocessable Entity"; break; diff -u -r -N squid-3.5.0.2/src/http/StatusCode.h squid-3.5.0.3/src/http/StatusCode.h --- squid-3.5.0.2/src/http/StatusCode.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/http/StatusCode.h 2014-12-09 06:10:01.000000000 -0800 @@ -58,6 +58,7 @@ scUnsupportedMediaType = 415, scRequestedRangeNotSatisfied = 416, scExpectationFailed = 417, + scMisdirectedRequest = 421, /**< draft-ietf-httpbis-http2-16 section 9.1.2 */ scUnprocessableEntity = 422, /**< RFC2518 section 10.3 / RFC4918 */ scLocked = 423, /**< RFC2518 section 10.4 / RFC4918 */ scFailedDependency = 424, /**< RFC2518 section 10.5 / RFC4918 */ diff -u -r -N squid-3.5.0.2/src/http.cc squid-3.5.0.3/src/http.cc --- squid-3.5.0.2/src/http.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/http.cc 2014-12-09 06:10:01.000000000 -0800 @@ -516,6 +516,8 @@ case Http::scServiceUnavailable: case Http::scGatewayTimeout: + case Http::scMisdirectedRequest: + debugs(22, 3, "MAYBE because HTTP status " << rep->sline.status()); return -1; diff -u -r -N squid-3.5.0.2/src/HttpHeader.cc squid-3.5.0.3/src/HttpHeader.cc --- squid-3.5.0.2/src/HttpHeader.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/HttpHeader.cc 2014-12-09 06:10:01.000000000 -0800 @@ -72,6 +72,7 @@ {"Accept-Ranges", HDR_ACCEPT_RANGES, ftStr}, {"Age", HDR_AGE, ftInt}, {"Allow", HDR_ALLOW, ftStr}, + {"Alternate-Protocol", HDR_ALTERNATE_PROTOCOL, ftStr}, {"Authorization", HDR_AUTHORIZATION, ftStr}, /* for now */ {"Cache-Control", HDR_CACHE_CONTROL, ftPCc}, {"Connection", HDR_CONNECTION, ftStr}, @@ -306,6 +307,7 @@ /* hop-by-hop headers */ static HttpHeaderMask HopByHopHeadersMask; static http_hdr_type HopByHopHeadersArr[] = { + HDR_ALTERNATE_PROTOCOL, HDR_CONNECTION, HDR_HTTP2_SETTINGS, HDR_KEEP_ALIVE, diff -u -r -N squid-3.5.0.2/src/HttpHeader.h squid-3.5.0.3/src/HttpHeader.h --- squid-3.5.0.2/src/HttpHeader.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/HttpHeader.h 2014-12-09 06:10:01.000000000 -0800 @@ -39,6 +39,7 @@ HDR_ACCEPT_RANGES, /**< RFC 7233 */ HDR_AGE, /**< RFC 7234 */ HDR_ALLOW, /**< RFC 7231 */ + HDR_ALTERNATE_PROTOCOL, /**< GFE custom header we may have to erase */ HDR_AUTHENTICATION_INFO, /**< RFC 2617 */ HDR_AUTHORIZATION, /**< RFC 7235, 4559 */ HDR_CACHE_CONTROL, /**< RFC 7234 */ diff -u -r -N squid-3.5.0.2/src/servers/FtpServer.cc squid-3.5.0.3/src/servers/FtpServer.cc --- squid-3.5.0.2/src/servers/FtpServer.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/servers/FtpServer.cc 2014-12-09 06:10:01.000000000 -0800 @@ -800,66 +800,64 @@ return; } - HttpReply *filteredReply = reply->clone(); - HttpHeader &filteredHeader = filteredReply->header; + HttpReply::Pointer featReply = Ftp::HttpReplyWrapper(211, "End", Http::scNoContent, 0); + HttpHeader const &serverReplyHeader = reply->header; - // Remove all unsupported commands from the response wrapper. - int deletedCount = 0; HttpHeaderPos pos = HttpHeaderInitPos; bool hasEPRT = false; bool hasEPSV = false; int prependSpaces = 1; - while (const HttpHeaderEntry *e = filteredHeader.getEntry(&pos)) { - if (e->id == HDR_FTP_PRE) { - // assume RFC 2389 FEAT response format, quoted by Squid: - // <"> SP NAME [SP PARAMS] <"> - // but accommodate MS servers sending four SPs before NAME - - // command name ends with (SP parameter) or quote - static const CharacterSet AfterFeatNameChars("AfterFeatName", " \""); - static const CharacterSet FeatNameChars = AfterFeatNameChars.complement("FeatName"); - - Parser::Tokenizer tok(SBuf(e->value.termedBuf())); - if (!tok.skip('"') && !tok.skip(' ')) - continue; - - // optional spaces; remember their number to accomodate MS servers - prependSpaces = 1 + tok.skipAll(CharacterSet::SP); - - SBuf cmd; - if (!tok.prefix(cmd, FeatNameChars)) - continue; - cmd.toUpper(); - - if (!Ftp::SupportedCommand(cmd)) - filteredHeader.delAt(pos, deletedCount); - - if (cmd == cmdEprt()) - hasEPRT = true; - else if (cmd == cmdEpsv()) - hasEPSV = true; + + featReply->header.putStr(HDR_FTP_PRE, "\"211-Features:\""); + const int scode = serverReplyHeader.getInt(HDR_FTP_STATUS); + if (scode == 211) { + while (const HttpHeaderEntry *e = serverReplyHeader.getEntry(&pos)) { + if (e->id == HDR_FTP_PRE) { + // assume RFC 2389 FEAT response format, quoted by Squid: + // <"> SP NAME [SP PARAMS] <"> + // but accommodate MS servers sending four SPs before NAME + + // command name ends with (SP parameter) or quote + static const CharacterSet AfterFeatNameChars("AfterFeatName", " \""); + static const CharacterSet FeatNameChars = AfterFeatNameChars.complement("FeatName"); + + Parser::Tokenizer tok(SBuf(e->value.termedBuf())); + if (!tok.skip('"') || !tok.skip(' ')) + continue; + + // optional spaces; remember their number to accomodate MS servers + prependSpaces = 1 + tok.skipAll(CharacterSet::SP); + + SBuf cmd; + if (!tok.prefix(cmd, FeatNameChars)) + continue; + cmd.toUpper(); + + if (Ftp::SupportedCommand(cmd)) { + featReply->header.addEntry(e->clone()); + } + + if (cmd == cmdEprt()) + hasEPRT = true; + else if (cmd == cmdEpsv()) + hasEPSV = true; + } } - } + } // else we got a FEAT error and will only report Squid-supported features char buf[256]; - int insertedCount = 0; if (!hasEPRT) { snprintf(buf, sizeof(buf), "\"%*s\"", prependSpaces + 4, "EPRT"); - filteredHeader.putStr(HDR_FTP_PRE, buf); - ++insertedCount; + featReply->header.putStr(HDR_FTP_PRE, buf); } if (!hasEPSV) { snprintf(buf, sizeof(buf), "\"%*s\"", prependSpaces + 4, "EPSV"); - filteredHeader.putStr(HDR_FTP_PRE, buf); - ++insertedCount; + featReply->header.putStr(HDR_FTP_PRE, buf); } - if (deletedCount || insertedCount) { - filteredHeader.refreshMask(); - debugs(33, 5, "deleted " << deletedCount << " inserted " << insertedCount); - } + featReply->header.refreshMask(); - writeForwardedReply(filteredReply); + writeForwardedReply(featReply.getRaw()); } void diff -u -r -N squid-3.5.0.2/src/ssl/certificate_db.cc squid-3.5.0.3/src/ssl/certificate_db.cc --- squid-3.5.0.2/src/ssl/certificate_db.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/ssl/certificate_db.cc 2014-12-09 06:10:01.000000000 -0800 @@ -248,7 +248,7 @@ size_full(aDb_path + "/" + size_file), db(NULL), max_db_size(aMax_db_size), - fs_block_size(aFs_block_size), + fs_block_size((aFs_block_size ? aFs_block_size : 2048)), dbLock(db_full), enabled_disk_store(true) { if (db_path.empty() && !max_db_size) @@ -384,9 +384,34 @@ throw std::runtime_error("Cannot open " + db_full + " to open"); } -void Ssl::CertificateDb::check(std::string const & db_path, size_t max_db_size) { - CertificateDb db(db_path, max_db_size, 0); +void Ssl::CertificateDb::check(std::string const & db_path, size_t max_db_size, size_t fs_block_size) { + CertificateDb db(db_path, max_db_size, fs_block_size); db.load(); + + // Call readSize to force rebuild size file in the case it is corrupted + (void)db.readSize(); +} + +size_t Ssl::CertificateDb::rebuildSize() +{ + size_t dbSize = 0; +#if SQUID_SSLTXTDB_PSTRINGDATA + for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) { +#if SQUID_STACKOF_PSTRINGDATA_HACK + const char ** current_row = ((const char **)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, db.get()->data), i)); +#else + const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i)); +#endif +#else + for (int i = 0; i < sk_num(db.get()->data); ++i) { + const char ** current_row = ((const char **)sk_value(db.get()->data, i)); +#endif + const std::string filename(cert_full + "/" + current_row[cnlSerial] + ".pem"); + const size_t fSize = getFileSize(filename); + dbSize += fSize; + } + writeSize(dbSize); + return dbSize; } bool Ssl::CertificateDb::pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey) { @@ -411,37 +436,43 @@ return true; } -size_t Ssl::CertificateDb::size() const { +size_t Ssl::CertificateDb::size() { return readSize(); } void Ssl::CertificateDb::addSize(std::string const & filename) { - writeSize(readSize() + getFileSize(filename)); + // readSize will rebuild 'size' file if missing or it is corrupted + size_t dbSize = readSize(); + dbSize += getFileSize(filename); + writeSize(dbSize); } void Ssl::CertificateDb::subSize(std::string const & filename) { - writeSize(readSize() - getFileSize(filename)); + // readSize will rebuild 'size' file if missing or it is corrupted + size_t dbSize = readSize(); + dbSize -= getFileSize(filename); + writeSize(dbSize); } -size_t Ssl::CertificateDb::readSize() const { +size_t Ssl::CertificateDb::readSize() { std::ifstream ifstr(size_full.c_str()); - if (!ifstr && enabled_disk_store) - throw std::runtime_error("cannot open for reading: " + size_full); size_t db_size = 0; - if (!(ifstr >> db_size)) - throw std::runtime_error("error while reading " + size_full); + if (!ifstr || !(ifstr >> db_size)) + return rebuildSize(); return db_size; } void Ssl::CertificateDb::writeSize(size_t db_size) { std::ofstream ofstr(size_full.c_str()); - if (!ofstr && enabled_disk_store) + if (!ofstr) throw std::runtime_error("cannot write \"" + size_full + "\" file"); ofstr << db_size; } size_t Ssl::CertificateDb::getFileSize(std::string const & filename) { std::ifstream file(filename.c_str(), std::ios::binary); + if (!file) + return 0; file.seekg(0, std::ios_base::end); size_t file_size = file.tellg(); return ((file_size + fs_block_size - 1) / fs_block_size) * fs_block_size; diff -u -r -N squid-3.5.0.2/src/ssl/certificate_db.h squid-3.5.0.3/src/ssl/certificate_db.h --- squid-3.5.0.2/src/ssl/certificate_db.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/ssl/certificate_db.h 2014-12-09 06:10:01.000000000 -0800 @@ -106,19 +106,20 @@ /// Create and initialize a database under the db_path static void create(std::string const & db_path); /// Check the database stored under the db_path. - static void check(std::string const & db_path, size_t max_db_size); + static void check(std::string const & db_path, size_t max_db_size, size_t fs_block_size); bool IsEnabledDiskStore() const; ///< Check enabled of dist store. private: void load(); ///< Load db from disk. void save(); ///< Save db to disk. - size_t size() const; ///< Get db size on disk in bytes. + size_t size(); ///< Get db size on disk in bytes. /// Increase db size by the given file size and update size_file void addSize(std::string const & filename); /// Decrease db size by the given file size and update size_file void subSize(std::string const & filename); - size_t readSize() const; ///< Read size from file size_file + size_t readSize(); ///< Read size from file size_file void writeSize(size_t db_size); ///< Write size to file size_file. size_t getFileSize(std::string const & filename); ///< get file size on disk. + size_t rebuildSize(); ///< Rebuild size_file /// Only find certificate in current db and return it. bool pure_find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey); diff -u -r -N squid-3.5.0.2/src/ssl/ssl_crtd.cc squid-3.5.0.3/src/ssl/ssl_crtd.cc --- squid-3.5.0.2/src/ssl/ssl_crtd.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/ssl/ssl_crtd.cc 2014-12-09 06:10:01.000000000 -0800 @@ -293,7 +293,7 @@ } { - Ssl::CertificateDb::check(db_path, max_db_size); + Ssl::CertificateDb::check(db_path, max_db_size, fs_block_size); } // Initialize SSL subsystem SSL_load_error_strings(); diff -u -r -N squid-3.5.0.2/src/store.cc squid-3.5.0.3/src/store.cc --- squid-3.5.0.2/src/store.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/store.cc 2014-12-09 06:10:01.000000000 -0800 @@ -892,6 +892,7 @@ int private_key; int too_many_open_files; int too_many_open_fds; + int missing_parts; } no; struct { @@ -927,6 +928,18 @@ return 0; } +bool +StoreEntry::checkTooBig() const +{ + if (mem_obj->endOffset() > store_maxobjsize) + return true; + + if (getReply()->content_length < 0) + return false; + + return (getReply()->content_length > store_maxobjsize); +} + // TODO: move "too many open..." checks outside -- we are called too early/late bool StoreEntry::checkCachable() @@ -958,9 +971,12 @@ debugs(20, 3, "StoreEntry::checkCachable: NO: negative cached"); ++store_check_cachable_hist.no.negative_cached; return 0; /* avoid release call below */ - } else if ((getReply()->content_length > 0 && - getReply()->content_length > store_maxobjsize) || - mem_obj->endOffset() > store_maxobjsize) { + } else if (!mem_obj || !getReply()) { + // XXX: In bug 4131, we forgetHit() without mem_obj, so we need + // this segfault protection, but how can we get such a HIT? + debugs(20, 2, "StoreEntry::checkCachable: NO: missing parts: " << *this); + ++store_check_cachable_hist.no.missing_parts; + } else if (checkTooBig()) { debugs(20, 2, "StoreEntry::checkCachable: NO: too big"); ++store_check_cachable_hist.no.too_big; } else if (checkTooSmall()) { @@ -1008,6 +1024,8 @@ store_check_cachable_hist.no.wrong_content_length); storeAppendPrintf(sentry, "no.negative_cached\t%d\n", store_check_cachable_hist.no.negative_cached); + storeAppendPrintf(sentry, "no.missing_parts\t%d\n", + store_check_cachable_hist.no.missing_parts); storeAppendPrintf(sentry, "no.too_big\t%d\n", store_check_cachable_hist.no.too_big); storeAppendPrintf(sentry, "no.too_small\t%d\n", diff -u -r -N squid-3.5.0.2/src/Store.h squid-3.5.0.3/src/Store.h --- squid-3.5.0.2/src/Store.h 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/Store.h 2014-12-09 06:10:01.000000000 -0800 @@ -225,6 +225,8 @@ void transientsAbandonmentCheck(); private: + bool checkTooBig() const; + static MemAllocator *pool; unsigned short lock_count; /* Assume < 65536! */ diff -u -r -N squid-3.5.0.2/src/wccp2.cc squid-3.5.0.3/src/wccp2.cc --- squid-3.5.0.2/src/wccp2.cc 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/src/wccp2.cc 2014-12-09 06:10:01.000000000 -0800 @@ -1050,13 +1050,18 @@ return; } + /* TODO A shutting-down cache should generate a removal query, informing the router + * (and therefore the caches in the group) that this cache is going + * away and no new traffic should be forwarded to it. + */ + if (theWccp2Connection > -1) { debugs(80, DBG_IMPORTANT, "FD " << theWccp2Connection << " Closing WCCPv2 socket"); comm_close(theWccp2Connection); theWccp2Connection = -1; } - /* for each router on each service send a packet */ + /* free all stored router state */ service_list_ptr = wccp2_service_list_head; while (service_list_ptr != NULL) { diff -u -r -N squid-3.5.0.2/test-suite/squidconf/empty squid-3.5.0.3/test-suite/squidconf/empty --- squid-3.5.0.2/test-suite/squidconf/empty 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/test-suite/squidconf/empty 2014-12-09 06:10:01.000000000 -0800 @@ -0,0 +1,7 @@ +## Copyright (C) 1996-2014 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + diff -u -r -N squid-3.5.0.2/test-suite/squidconf/regressions-3.5.0.2 squid-3.5.0.3/test-suite/squidconf/regressions-3.5.0.2 --- squid-3.5.0.2/test-suite/squidconf/regressions-3.5.0.2 1969-12-31 16:00:00.000000000 -0800 +++ squid-3.5.0.3/test-suite/squidconf/regressions-3.5.0.2 2014-12-09 06:10:01.000000000 -0800 @@ -0,0 +1,17 @@ +## Copyright (C) 1996-2014 The Squid Software Foundation and contributors +## +## Squid software is distributed under GPLv2+ license and includes +## contributions from numerous individuals and organizations. +## Please see the COPYING and CONTRIBUTORS files for details. +## + +# +# This file contains the list of reported regression cases in 3.5.0.2 parser +# it covers: +# delay_parameters +# + +delay_pools 1 +delay_class 1 1 +delay_parameters 1 none +delay_parameters 1 64000/64000 diff -u -r -N squid-3.5.0.2/tools/squidclient/squidclient.1 squid-3.5.0.3/tools/squidclient/squidclient.1 --- squid-3.5.0.2/tools/squidclient/squidclient.1 2014-10-31 03:57:03.000000000 -0700 +++ squid-3.5.0.3/tools/squidclient/squidclient.1 2014-12-09 06:10:01.000000000 -0800 @@ -42,12 +42,14 @@ .if !'po4a'hide' .B "] " url . +.PP .if !'po4a'hide' .B "Ping options: [ \-g" count .if !'po4a'hide' .B "] [ \-I" interval .if !'po4a'hide' .B "] " . +.PP .if !'po4a'hide' .B "TLS options: [ \-\-anonymous\-tls ] [ \-\-trusted\-ca" CA certificates file .if !'po4a'hide' .B "...] [ \-\-cert" @@ -116,7 +118,7 @@ .B squid.conf similar to .I manager - access. Here is an example: +access. Here is an example: .if !'po4a'hide' .nf .if !'po4a'hide' acl purge method PURGE .if !'po4a'hide' http_access deny purge !localhost @@ -133,6 +135,7 @@ WWW Negotiate(Kerberos) authentication. .if !'po4a'hide' .nf Use kinit username@DOMAIN first to get initial TGS. +.if !'po4a'hide' .fi . .if !'po4a'hide' .TP .if !'po4a'hide' .B "\-p port" @@ -209,14 +212,14 @@ .if !'po4a'hide' .I "GnuTLS: http://gnutls.org/manual/html_node/Priority\-Strings.html" If repeated only the last value will have effect. . -.if !'po4a'hide' .TP 10 +.if !'po4a'hide' .TP .if !'po4a'hide' .B "\-\-ping [options]" Enable ping mode. Optional \-g and \-I parameters must follow immediately if used. Repeated use resets to default ping settings. . -.if !'po4a'hide' .TP 12 +.if !'po4a'hide' .TP .if !'po4a'hide' .B "\-g count" -Ping mode, perform +Ping mode, perform\ .I count iterations (default is to loop until interrupted). .