Permalink
Switch branches/tags
Nothing to show
Commits on Aug 7, 2012
  1. Merge pull request #1 from ccesario/master

    Fix check DB and FreeBSD compatibility
    committed Aug 7, 2012
Commits on Aug 6, 2012
  1. FreeBSD Compatible

    Fix this
    gcc -Wall -Werror -g -O2 -I/usr/local/include/db4 -I/usr/include  -DDEFAULT_CONFIGFILE="\"/usr/local/etc/squid/squidGuard.conf\""  -DEFAULT_LOGDIR="\"/var/log\""  -DDEFAULT_DBHOME="\"/var/db/squidGuard\""  -Wall -c sgRequest.c
    sgRequest.c: In function 'parseUrl':
    sgRequest.c:162: error: 'AF_INET' undeclared (first use in this function)
    sgRequest.c:162: error: (Each undeclared identifier is reported only once
    sgRequest.c:162: error: for each function it appears in.)
    sgRequest.c:180: error: invalid application of 'sizeof' to incomplete type 'struct in6_addr' 
    sgRequest.c:185: error: 'AF_INET6' undeclared (first use in this function)
    *** Error code 1
    ccesario committed Aug 6, 2012
  2. Fix check DB version

    Prevents this error in compile process
    
    gcc -Wall -Werror -g -O2 -I/usr/local/include/db4 -I/usr/include  -DDEFAULT_CONFIGFILE="\"/usr/local/etc/squid/squidGuard.conf\""  -DEFAULT_LOGDIR="\"/var/log\""  -DDEFAULT_DBHOME="\"/var/db/squidGuard\""  -Wall -c sgDb.c
    sgDb.c: In function 'sgDbInit':
    sgDb.c:192: error: incompatible type for argument 4 of 'Db->dbp->open'
    sgDb.c:192: error: too many arguments to function 'Db->dbp->open'
    sgDb.c:197: error: incompatible type for argument 4 of 'Db->dbp->open'
    sgDb.c:197: error: too many arguments to function 'Db->dbp->open'
    *** Error code 1
    ccesario committed Aug 6, 2012
Commits on Jun 2, 2012
  1. Fix authentication match.

    Sense of the match was reverted. Need better tests.
    committed Jun 2, 2012
  2. Fix double free.

    This happened when a regex list could not be read from the source file. Since
    the list had already been linked into the match structure, freeRegexList() is
    called by freeDestMatch().
    committed Jun 2, 2012
Commits on Jun 1, 2012
  1. Add new match for authenticated users.

    It is now possible to specify "user any" in a source block to match any user
    authenticated by Squid, meaning that if Squid passes an identity other then "-"
    will match the particular source block.
    
    Note that "any" is a keyword, you must not quote it.
    committed Jun 1, 2012
Commits on May 30, 2012
  1. Fix for libdb 5.x

    The signature for db_open has not changed in db 5.x and hopefully will not in
    the future. So, be optimistic and assume a different signature for db_open in
    versions < 4.
    
    Pointed out by Rob G. Healey, thanks.
    committed May 29, 2012
Commits on May 29, 2012
  1. Allow quoted strings as object names.

    All object names (time/source/destination) can now be quoted.  In particular,
    this allows you to say 'destination "allow" {...}' in the configuration.
    
    However, if you use spaces or other "bad" characters (/,&,+/...), rewrite
    substitution and logging gets seriously screwed up - this needs some more work.
    committed May 29, 2012
Commits on May 25, 2012
  1. Fixes for newer gcc/glibc

    committed May 25, 2012
  2. Always set the default syslog facility.

    Syslog is no longer optional and a missing "--with-syslog" caused an
    compile error.
    committed May 25, 2012
  3. Update README for GitHub.

    committed May 25, 2012
  4. Update copyright notes.

    This rewrite is heavily based on the older SG code, I kept the Shalla
    note in new files too.
    committed May 25, 2012
  5. Do not allocate request structure on the stack.

    Making the the "SquidInfo" struct a "static" variable should convince the
    compiler not to allocate it on the stack but rather in the data segment.
    committed May 24, 2012
  6. Fix *printf format screwup.

    Grumpf, must go to the chalkboard and write a hundred times: "I must not pass
    program input as format to *printf".
    committed May 24, 2012
Commits on May 24, 2012
  1. Fix error message.

    committed May 24, 2012
  2. Register LDAP settings.

    This is to get rid of some warnings, works without though.
    committed May 24, 2012
  3. Avoid source cache lookups, fix multiple live lookups.

    In case there are no static users and no user live lookups, we can skip
    checking the cache altogether. Same for the IP cache.
    
    Live source lookups were incorrectly linked into the list and only the
    first one actully worked (should have implemented some macros for this).
    This bug did not show u in the test cases, which only use static user/ips.
    committed May 24, 2012
  4. Shortcut for multiple destination matches.

    Beause of the new ACL semantics, it is rather likely that the same request is
    matched against against the same destination list multiple times, which can
    be rather expensive with live checks. But since the request URL won't change,
    the match result won't either, so we can simply shortcut the match.
    
    The bypass is done by checking the (new) request serial number against the last
    request seen by the destination list.
    committed May 24, 2012
  5. Fix botched "allow" semantics.

    "allow" needs to do more then just set the ACLs terminal flag. Instead
    a non-match of the source list has to be handled as a match.
    committed May 24, 2012
Commits on May 23, 2012
  1. Make "make distclean" cleanup more generated files.

    A few things were not removed on "make distclean" in several directories.
    "sg.h" is no longer generated, thus must not be removed.
    committed May 23, 2012
  2. Remove now obsolete file.

    committed May 23, 2012
  3. Fix search for the last key.

    In case we are looking a substring match with the last key in the database, the
    first search will fail. In this case we must look at the last key for a
    substring match.
    
    Did not realize that before removing these bits.
    committed May 23, 2012
Commits on May 22, 2012
  1. Actually call the setting call-back when a setting is set.

    Ouch. "setSetting()" did not actually call the setting call-back.
    committed May 22, 2012
  2. Remove two more duplicate "ERROR" prefixes.

    sgLogX() already logs the right prefix when writing to stderr or a file.
    committed May 22, 2012
  3. Unified ident handling in parse*Line, realm stripping.

    It is now possible to strip the authentication realm (everything after
    the last '@') from the users identity: When the "strip-realm" setting is set,
    any realm gets stripped, when the "realm" setting is specified, the realm
    is stripped when it matches the specified string.
    
    This is useful in cases where group/netgroup/LDAP authorization is used in
    conjunction with Kerberos or Samba integration.
    
    One could also keep the stripped realm in the request structure and write a
    source match to check for specific realms. Left that as an exerciser for
    someone else :-)
    
    Identity handling in parseLine() and parseAuthzLine() now uses a common
    function instead of duplicated code.
    
    Note that parseLine() now always un-escapes the identity field too, the old
    code did that only when compiled with LDAP support - for whatever reason.
    committed May 22, 2012
  4. Handle sgStrdup(NULL).

    Just return NULL when sgStrdup() is called with a NULL argument.
    committed May 22, 2012
  5. Allow NULL default settings.

    Occasionally a setting should have no default but registering a NULL default
    caused a Segfault.
    
    With this change, the default can be set to NULL with registerSetting(), in
    which case the setting-callback won't be called either.
    committed May 22, 2012
  6. Implement error redirect.

    It is now possible to specify an error redirect URL,  that is used when SG is
    in emergency mode or when the request from squid cannot be parsed.
    
    The redirect can be specified in the configuration or as command-line parameter.
    Because errors parsing the configuration also cause SG to go into emergency mode,
    the command-line method should be preferred.
    
    The message will be appended to the URL as query parameter.
    
    When no pass-through is set and no error redirect is specified, "Error" is
    printed on stdout, what should make squid complain instead.
    committed May 22, 2012
  7. Config reload back again.

    Now that SIGHUP works again, we can actually use it to reload the config file.
    committed May 22, 2012
  8. Signal handling back again.

    Reading lines with C standard I/O and Unix signal/alarm/select apparently do
    not mix well. Moreover, there is no easy and portable way to deal with signals
    happening during system calls. (This probably explains some the ugly stunts in
    the old code.)
    
    So I implemented a reader similar to getline()  that uses the Unix low-level
    constructs and safely handles the interesting signals (SIGTERM, SIGINT,
    SIGHUP), meaning signals are only accepted while waiting for input.
    committed May 22, 2012
Commits on May 21, 2012
  1. Fix semantics of "none"

    "none" actually means "!any", hence the match called "none" needs special
    treatment when added to an ACL but is otherwise just the same as "any".
    
    Also added "all" as a synonym for "any".
    committed May 21, 2012