This patch file is what happens to squid version 2.5 STABLE 14 after Secure Computing's "Smart Filter" version 4.1.1.01 for Solaris patches it. Secure Computing: http://www.securecomputing.com/ SmartFilter software: ftp://ftp.activations.securecomputing.com/pub/smartfilter/sfv4/solaris/sf411_01_solaris_squid.bin Squid: http://www.squid-cache.org/ ###################################################################### --- ../squid-2.5.STABLE14.orig/configure 2006-05-20 09:43:18.000000000 -0400 +++ configure 2007-01-24 01:02:39.001425000 -0500 @@ -234,6 +234,8 @@ use internal copies of the headers from Samba-2.2.7) " ac_help="$ac_help + --enable-smartfilter Enable SmartFilter web filtering." +ac_help="$ac_help --disable-unlinkd Do not use unlinkd" ac_help="$ac_help --enable-stacktraces Enable automatic call backtrace on fatal errors" @@ -2009,6 +2011,22 @@ echo "With dl" fi +# Check whether --enable-smartfilter or --disable-smartfilter was given. +if test "${enable_smartfilter+set}" = set; then + enableval="$enable_smartfilter" + case $enableval in + yes) + CFLAGS="$CFLAGS -DSMARTFILTER -DUNIX -D_REENTRANT" + SF_SRCS="smartfilter_squid.c smartfilter_userinfo.c smartfilter_thread.c" + SF_LIBS="-lsfplugin -lsflog_client -lsfcontrol -lsmartfilteragent -lpthread " + ;; + no) + ;; + *) + ;; + esac +fi + # Check whether --enable-storeio or --disable-storeio was given. if test "${enable_storeio+set}" = set; then enableval="$enable_storeio" @@ -9170,6 +9188,8 @@ s%@LIBOBJS@%$LIBOBJS%g s%@XTRA_OBJS@%$XTRA_OBJS%g s%@XTRA_LIBS@%$XTRA_LIBS%g +s%@SF_LIBS@%$SF_LIBS%g +s%@SF_SRCS@%$SF_SRCS%g CEOF EOF Common subdirectories: ../squid-2.5.STABLE14.orig/contrib/nextstep and contrib/nextstep Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Azerbaijani and errors/Azerbaijani Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Bulgarian and errors/Bulgarian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Catalan and errors/Catalan Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Czech and errors/Czech Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Danish and errors/Danish Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Dutch and errors/Dutch Common subdirectories: ../squid-2.5.STABLE14.orig/errors/English and errors/English Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Estonian and errors/Estonian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Finnish and errors/Finnish Common subdirectories: ../squid-2.5.STABLE14.orig/errors/French and errors/French Common subdirectories: ../squid-2.5.STABLE14.orig/errors/German and errors/German Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Greek and errors/Greek Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Hebrew and errors/Hebrew Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Hungarian and errors/Hungarian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Italian and errors/Italian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Japanese and errors/Japanese Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Korean and errors/Korean Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Lithuanian and errors/Lithuanian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Polish and errors/Polish Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Portuguese and errors/Portuguese Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Romanian and errors/Romanian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Russian-1251 and errors/Russian-1251 Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Russian-koi8-r and errors/Russian-koi8-r Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Serbian and errors/Serbian Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Simplify_Chinese and errors/Simplify_Chinese Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Slovak and errors/Slovak Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Spanish and errors/Spanish Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Swedish and errors/Swedish Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Traditional_Chinese and errors/Traditional_Chinese Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Turkish and errors/Turkish Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/basic_auth and helpers/basic_auth Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/digest_auth and helpers/digest_auth Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/external_acl and helpers/external_acl Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/ntlm_auth and helpers/ntlm_auth Common subdirectories: ../squid-2.5.STABLE14.orig/include/samba and include/samba diff -uN ../squid-2.5.STABLE14.orig/include/sf_control.h include/sf_control.h --- ../squid-2.5.STABLE14.orig/include/sf_control.h 1969-12-31 19:00:00.000000000 -0500 +++ include/sf_control.h 2006-08-14 12:06:38.000000000 -0400 @@ -0,0 +1,630 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Control List Library + * + * Copyright (c) 2003-2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: sf_control.h,v $ + * $Revision: 1.4.2.5 $ + * $Date: 2006/08/14 16:06:38 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#ifndef SF_CONTROL_H +#define SF_CONTROL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/*--------------------------------------------------------------*\ + * + * GENERAL + * +\*--------------------------------------------------------------*/ +#ifdef WIN32 +# ifdef SFCL_API_BUILD +# define SFCL_API_PUBLIC __declspec(dllexport) +# else /* SFCL_API_BUILD */ +# define SFCL_API_PUBLIC __declspec(dllimport) +# endif /* SFCL_API_BUILD */ +#else +# define SFCL_API_PUBLIC extern +#endif /* WIN32 */ + +#define SFCL_API_INTERNAL extern +#define SFCL_API_PRIVATE static +#define SFCL_API_PROTECTED SFCL_API_PUBLIC + +/* + * Library version information + */ +#define SFCL_API_VERSION_MAJOR 4 +#define SFCL_API_VERSION_MINOR 2 +#define SFCL_API_VERSION_DESC_LEN 80 + +/* + * Return values from functions + */ +#define SFCL_OK 0 +#define SFCL_ERROR 1 + +#define SFCL_NOMEM 10 +#define SFCL_INSUFFICIENT_SPACE 11 + +#define SFCL_INVALID_URL 20 + +#define SFCL_INVALID_LIST 30 +#define SFCL_NO_LIST 31 +#define SFCL_EXPIRED_LIST 32 + +#define SFCL_INVALID_FILE 40 +#define SFCL_DOWNLOAD_FAILED 41 +#define SFCL_MERGE_FAILED 42 + + +SFCL_API_PUBLIC int +SFCL_Init(void); + +/*--------------------------------------------------------------*\ + * + * HANDLE + * +\*--------------------------------------------------------------*/ +typedef struct sfcl_handle *SFCL_Handle; + +SFCL_API_PUBLIC int +SFCL_HandleCreate(SFCL_Handle *sfcl_handle); + +SFCL_API_PUBLIC int +SFCL_HandleDestroy(SFCL_Handle *sfcl_handle); + +typedef enum +{ + SFCL_HANDLE_INFO_FIRST, /* do not use */ + + SFCL_HANDLE_INFO_LIST_EXPIRED, + SFCL_HANDLE_INFO_LIST_EXPIRE_TIME, + SFCL_HANDLE_INFO_LIST_SERIAL_NUM, + SFCL_HANDLE_INFO_API_VERSION_MAJOR, + SFCL_HANDLE_INFO_API_VERSION_MINOR, + SFCL_HANDLE_INFO_API_VERSION_DESC, + + SFCL_HANDLE_INFO_LAST, /* do not use */ +} SFCL_Handle_Info; + +SFCL_API_PUBLIC int +SFCL_HandleInfoGet(SFCL_Handle sfcl_handle, + SFCL_Handle_Info info_type, + void *info); + + +/*--------------------------------------------------------------*\ + * + * CATEGORIES + * +\*--------------------------------------------------------------*/ +typedef struct sfcl_categories *SFCL_Categories; +typedef unsigned int SFCL_Category; + +typedef enum +{ + SFCL_LANGUAGE_FIRST, /* do not use */ + + SFCL_LANGUAGE_ENGLISH, + SFCL_LANGUAGE_ENGLISH_CATEGORY_SHORT, + + SFCL_LANGUAGE_LAST /* do not use */ +} SFCL_Language; + +typedef enum +{ + SFCL_ENCODING_FIRST, /* do not use */ + + SFCL_ENCODING_UTF8, + + SFCL_ENCODING_LAST /* do not use */ +} SFCL_Encoding; + +SFCL_API_PUBLIC int +SFCL_CategoriesCategoryAdd(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + SFCL_Category category); + +SFCL_API_PUBLIC int +SFCL_CategoriesCategoryAddAll(SFCL_Handle sfcl_handle, + SFCL_Categories categories); + +SFCL_API_PUBLIC int +SFCL_CategoriesCategoryIsMember(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + SFCL_Category category, + int *member); + +SFCL_API_PUBLIC int +SFCL_CategoriesCategoryRemove(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + SFCL_Category category); + +SFCL_API_PUBLIC int +SFCL_CategoriesCategoryRemoveAll(SFCL_Handle sfcl_handle, + SFCL_Categories categories); + +SFCL_API_PUBLIC int +SFCL_CategoriesCopy(SFCL_Handle sfcl_handle, + SFCL_Categories src, + SFCL_Categories dst); + +SFCL_API_PUBLIC int +SFCL_CategoriesCount(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + int *count); + +SFCL_API_PUBLIC int +SFCL_CategoriesCreate(SFCL_Handle sfcl_handle, + SFCL_Categories *categories); + +SFCL_API_PUBLIC int +SFCL_CategoriesDestroy(SFCL_Handle sfcl_handle, + SFCL_Categories *categories); + +SFCL_API_PUBLIC int +SFCL_CategoriesEqual(SFCL_Handle sfcl_handle, + SFCL_Categories categories1, + SFCL_Categories categories2, + int *equal); + +SFCL_API_PUBLIC int +SFCL_CategoriesIntersect(SFCL_Handle sfcl_handle, + SFCL_Categories categories1, + SFCL_Categories categories2, + SFCL_Categories result, + int *num_cats); + +SFCL_API_PUBLIC int +SFCL_CategoriesToArray(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + SFCL_Category *cat_array, + int *num_cats); + +SFCL_API_PUBLIC int +SFCL_CategoriesToString(SFCL_Handle sfcl_handle, + SFCL_Categories categories, + SFCL_Language language, + SFCL_Encoding encoding, + char *delimiter, + size_t delimiter_len, + char *cat_string, + size_t *cat_string_len); + +SFCL_API_PUBLIC int +SFCL_CategoriesUnion(SFCL_Handle sfcl_handle, + SFCL_Categories categories1, + SFCL_Categories categories2, + SFCL_Categories result, + int *num_cats); + + +/*--------------------------------------------------------------*\ + * + * URLS + * +\*--------------------------------------------------------------*/ +typedef struct sfcl_url *SFCL_Url; + +#define SFCL_URL_CAT_SKIP_CUSTOM_KEYWORDS 0x00000001 +#define SFCL_URL_CAT_SKIP_CUSTOM_SITES 0x00000002 +#define SFCL_URL_CAT_SKIP_LIST 0x00000004 +#define SFCL_URL_CAT_SKIP_LIST_KEYWORDS 0x00000008 +#define SFCL_URL_CAT_SKIP_PATTERNS 0x00000010 +#define SFCL_URL_CAT_SKIP_MASK 0x0000001F +#define SFCL_URL_CAT_SKIP_ALL (0xFFFFFFFF & SFCL_URL_CAT_SKIP_MASK) + +SFCL_API_PUBLIC int +SFCL_UrlCategorize(SFCL_Handle sfcl_handle, + SFCL_Url url, + SFCL_Categories categories, + int *num_cats, + int skip_methods); + +SFCL_API_PUBLIC int +SFCL_UrlCreate(SFCL_Handle sfcl_handle, + SFCL_Url *url); + +SFCL_API_PUBLIC int +SFCL_UrlDestroy(SFCL_Handle sfcl_handle, + SFCL_Url *url); + +SFCL_API_PUBLIC int +SFCL_UrlDomainRewrite(SFCL_Handle sfcl_handle, + SFCL_Url url, + const char *new_domain); + +typedef enum +{ + SFCL_URL_INFO_FIRST, /* do not use */ + + SFCL_URL_INFO_DOMAIN, + SFCL_URL_INFO_FILE_EXT, + SFCL_URL_INFO_NUM_PATHS, + SFCL_URL_INFO_DOMAIN_IS_IP, + SFCL_URL_INFO_IS_USER_PAGE, + SFCL_URL_INFO_PROTOCOL, + SFCL_URL_INFO_PORT, + SFCL_URL_INFO_PATH, + SFCL_URL_INFO_CGI, + + SFCL_URL_INFO_LAST, /* do not use */ +} SFCL_Url_Info; + +SFCL_API_PUBLIC int +SFCL_UrlInfoGet(SFCL_Handle sfcl_handle, + SFCL_Url url, + SFCL_Url_Info info_type, + void *info); + + +SFCL_API_PUBLIC int +SFCL_UrlParse(SFCL_Handle sfcl_handle, + const char *url, + const char *host_header, + SFCL_Url parsed_url); + + +/*--------------------------------------------------------------*\ + * + * CUSTOM SEARCH KEYWORDS + * +\*--------------------------------------------------------------*/ +SFCL_API_PUBLIC int +SFCL_CustomSearchKeywordsAdd(SFCL_Handle sfcl_handle, + const char *keyword, + SFCL_Categories categories); + +SFCL_API_PUBLIC int +SFCL_CustomSearchKeywordsPost(SFCL_Handle sfcl_handle); + +SFCL_API_PUBLIC int +SFCL_CustomSearchKeywordsRemove(SFCL_Handle sfcl_handle, + const char *keyword); + +typedef enum SFCL_Custom_Search_Keywords_Reset_Type +{ + SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_FIRST, /* Do not use */ + + SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_ACTIVE, + SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_PENDING, + SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_ALL, + + SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_LAST /* Do not use */ +} SFCL_Custom_Search_Keywords_Reset_Type; + +SFCL_API_PUBLIC int +SFCL_CustomSearchKeywordsReset(SFCL_Handle sfcl_handle, + SFCL_Custom_Search_Keywords_Reset_Type type); + + +/*--------------------------------------------------------------*\ + * + * CUSTOM SITES + * +\*--------------------------------------------------------------*/ + +#define SFCL_CUSTOM_SITES_MATCH_PORT 0x00000001 +#define SFCL_CUSTOM_SITES_MATCH_PROTOCOL 0x00000002 + +typedef enum +{ + SFCL_CUSTOM_SITES_TYPE_FIRST, /* Do not use */ + + SFCL_CUSTOM_SITES_TYPE_NONE, + SFCL_CUSTOM_SITES_TYPE_SEARCH_PHRASE, + + SFCL_CUSTOM_SITES_TYPE_LAST, /* Do not use */ +} SFCL_Custom_Sites_Data; + + +typedef enum SFCL_Custom_Sites_State +{ + SFCL_CUSTOM_SITES_STATE_FIRST, /* Do not use */ + + SFCL_CUSTOM_SITES_STATE_INITIAL, + SFCL_CUSTOM_SITES_STATE_FINAL, + + SFCL_CUSTOM_SITES_STATE_LAST /* Do not use */ +} SFCL_Custom_Sites_State; + + +SFCL_API_PUBLIC int +SFCL_CustomSitesAdd(SFCL_Handle sfcl_handle, + SFCL_Url url, + int url_match, + SFCL_Categories categories, + SFCL_Custom_Sites_State state, + SFCL_Custom_Sites_Data data_type, + void *data); + +SFCL_API_PUBLIC int +SFCL_CustomSitesPost(SFCL_Handle sfcl_handle); + +SFCL_API_PUBLIC int +SFCL_CustomSitesRemove(SFCL_Handle sfcl_handle, + SFCL_Url url, + int match); + +typedef enum SFCL_Custom_Sites_Reset_Type +{ + SFCL_CUSTOM_SITES_RESET_FIRST, /* Do not use */ + + SFCL_CUSTOM_SITES_RESET_ACTIVE, + SFCL_CUSTOM_SITES_RESET_PENDING, + SFCL_CUSTOM_SITES_RESET_ALL, + + SFCL_CUSTOM_SITES_RESET_LAST /* Do not use */ +} SFCL_Custom_Sites_Reset_Type; + + + +SFCL_API_PUBLIC int +SFCL_CustomSitesReset(SFCL_Handle sfcl_handle, + SFCL_Custom_Sites_Reset_Type type); + + + + + +/*--------------------------------------------------------------*\ + * + * LOGGING + * +\*--------------------------------------------------------------*/ +typedef enum +{ + SFCL_LOG_LEVEL_FIRST = 0, + + SFCL_LOG_LEVEL_NONE, /* Turns all logging off */ + SFCL_LOG_LEVEL_FATAL, /* Bad error, going away or crashing */ + SFCL_LOG_LEVEL_ERROR, /* Bad error, will try to recover */ + SFCL_LOG_LEVEL_WARNING, /* Shouldn't have happened, but can recover */ + SFCL_LOG_LEVEL_INFO, /* Something interesting (and normal) occurred */ + SFCL_LOG_LEVEL_DEBUG1, /* DEBUG1 through DEBUG9 and also DEBUG */ + SFCL_LOG_LEVEL_DEBUG2, /* represent the different debugging levels */ + SFCL_LOG_LEVEL_DEBUG3, /* that an application may use. Typically, */ + SFCL_LOG_LEVEL_DEBUG4, /* the larger the number, the more logging */ + SFCL_LOG_LEVEL_DEBUG5, /* you will see. */ + SFCL_LOG_LEVEL_DEBUG6, + SFCL_LOG_LEVEL_DEBUG7, + SFCL_LOG_LEVEL_DEBUG8, + SFCL_LOG_LEVEL_DEBUG9, + SFCL_LOG_LEVEL_DEBUG, /* All debugging except for trace logs */ + SFCL_LOG_LEVEL_TRACE, /* All debugging as well as trace logs */ + /* which mark the entrance and exit of */ + /* functions. */ + SFCL_LOG_LEVEL_ALL, /* All log messages */ + + SFCL_LOG_LEVEL_LAST +} SFCL_Log_Level; + + +typedef int SFCL_Log_Area; + +#define SFCL_LOG_AREA_CUSTOM_SITES 0x00000001 +#define SFCL_LOG_AREA_CUSTOM_KEYWORDS 0x00000002 +#define SFCL_LOG_AREA_CUSTOM_PATTERNS 0x00000004 +#define SFCL_LOG_AREA_LIST_DOWNLOAD 0x00000008 +#define SFCL_LOG_AREA_LIST_LOAD 0x00000010 +#define SFCL_LOG_AREA_LIST_SEARCH 0x00000020 +#define SFCL_LOG_AREA_LOG 0x00000040 +#define SFCL_LOG_AREA_URL 0x00000080 +#define SFCL_LOG_AREA_CATEGORIES 0x00000100 +#define SFCL_LOG_AREA_HANDLE 0x00000200 +#define SFCL_LOG_AREA_MASK 0x000003FF +#define SFCL_LOG_AREA_ALL (0xFFFFFFFF & SFCL_LOG_AREA_MASK) + +typedef void (*SFCL_Log_Func)(SFCL_Log_Level level, + SFCL_Log_Area area, + const char *message); + +SFCL_API_PUBLIC int +SFCL_LogFunctionSet(SFCL_Handle sfcl_handle, + SFCL_Log_Func log_func); + +SFCL_API_PUBLIC int +SFCL_LogLevelSet(SFCL_Handle sfcl_handle, + SFCL_Log_Level level, + SFCL_Log_Area areas); + + + + +/*--------------------------------------------------------------*\ + * + * CONTROL LIST + * +\*--------------------------------------------------------------*/ +typedef void *(*SFCL_List_Alloc_Func)(size_t bytes); +typedef void (*SFCL_List_Free_Func)(void *ptr); + + +SFCL_API_PUBLIC int +SFCL_ListAccessFunctionsSet(SFCL_Handle sfcl_handle, + SFCL_List_Alloc_Func list_alloc_func, + SFCL_List_Free_Func list_free_func); + +typedef enum +{ + SFCL_LIST_DOWNLOAD_MODE_FIRST, /* do not use */ + + SFCL_LIST_DOWNLOAD_MODE_FULL, + SFCL_LIST_DOWNLOAD_MODE_INCR, + SFCL_LIST_DOWNLOAD_MODE_INCR_LOW_CPU, + + SFCL_LIST_DOWNLOAD_MODE_LAST, /* do not use */ + +} SFCL_List_Download_Mode; + +#define SFCL_LIST_DOWNLOAD_COMPLETE 1 +#define SFCL_LIST_DOWNLOAD_PARTIAL 2 +#define SFCL_LIST_DOWNLOAD_NOT_NEEDED 3 + +SFCL_API_PUBLIC int +SFCL_ListDownload(SFCL_Handle sfcl_handle, + const char *local_filename, + SFCL_List_Download_Mode download_mode, + int *download_status, + void *data); + +typedef enum SFCL_List_Download_Error +{ + SFCL_LIST_DOWNLOAD_ERROR_FIRST, /* do not use */ + + SFCL_LIST_DOWNLOAD_ERROR_INTERNAL, + SFCL_LIST_DOWNLOAD_ERROR_RESPONSE_INVALID, + SFCL_LIST_DOWNLOAD_ERROR_FILE_PERMISSIONS, + SFCL_LIST_DOWNLOAD_ERROR_CONNECT, + SFCL_LIST_DOWNLOAD_ERROR_HOSTNAME_INVALID, + SFCL_LIST_DOWNLOAD_ERROR_HTTP_STATUS, + + SFCL_LIST_DOWNLOAD_ERROR_LAST /* do not use */ +} SFCL_List_Download_Error; + + +typedef enum SFCL_List_Download_List_Type +{ + SFCL_LIST_DOWNLOAD_LIST_TYPE_FIRST, /* do not use */ + + SFCL_LIST_DOWNLOAD_LIST_TYPE_STANDARD, + + SFCL_LIST_DOWNLOAD_LIST_TYPE_LAST /* do not use */ +} SFCL_List_Download_List_Type; + + +typedef struct SFCL_List_Download_Func_Info +{ + SFCL_Handle sfcl_handle; + char dest_host[80]; + unsigned short dest_port; + char proxy_host[80]; + unsigned short proxy_port; + char proxy_username[80]; + char proxy_password[80]; + char path[1024]; + char serial_number[80]; + char perm_serial_number[80]; + SFCL_List_Download_List_Type list_type; + char product_type[80]; + char product_version[20]; + char os[20]; + char *distributes_to; /* For Secure Computing use only */ + int user_count; + char expiration[80]; + SFCL_List_Download_Error status; + int http_status; + char message[1024]; + SFCL_Log_Level message_level; + int message_code; +} SFCL_List_Download_Func_Info; + + +#define SFCL_FILE_TYPE_SUBSCRIPTION -4 +#define SFCL_FILE_TYPE_INFO -3 +#define SFCL_FILE_TYPE_FULL -2 +#define SFCL_FILE_TYPE_CURRENT -1 + +typedef int (*SFCL_List_Download_Func)(const char *local_file, + int file_type, + void *data); + +SFCL_API_PUBLIC int +SFCL_ListDownloadFunctionSet(SFCL_Handle sfcl_handle, + SFCL_List_Download_Func download_func); + + +SFCL_API_PUBLIC int +SFCL_ListSubscriptionInfoDownload(SFCL_Handle sfcl_handle, + SFCL_List_Download_Func_Info *data); + +typedef enum +{ + SFCL_LIST_ACCESS_FIRST, /* do not use */ + + SFCL_LIST_ACCESS_DISK, + SFCL_LIST_ACCESS_MEMORY, + SFCL_LIST_ACCESS_EXTERNAL, + + SFCL_LIST_ACCESS_LAST /* do not use */ +} SFCL_List_Access; + +SFCL_API_PUBLIC int +SFCL_ListLoad(SFCL_Handle sfcl_handle, + const char *filename, + SFCL_List_Access access); + +SFCL_API_PUBLIC int +SFCL_ListLoadFromHandle(SFCL_Handle sfcl_handle_src, + SFCL_Handle sfcl_handle_dst); + +SFCL_API_PUBLIC int +SFCL_ListReload(SFCL_Handle sfcl_handle, + const char *filename); + +SFCL_API_PUBLIC int +SFCL_ListUnload(SFCL_Handle sfcl_handle); + + + +/*--------------------------------------------------------------*\ + * + * PATTERNS + * +\*--------------------------------------------------------------*/ +typedef enum +{ + SFCL_CATEGORIES_ACTION_FIRST, /* do not use */ + + SFCL_CATEGORIES_ACTION_OVERRIDE, + SFCL_CATEGORIES_ACTION_AUGMENT, + + SFCL_CATEGORIES_ACTION_LAST, /* do not use */ +} SFCL_Patterns_Categories_Action; + + + +SFCL_API_PUBLIC int +SFCL_PatternsAdd(SFCL_Handle sfcl_handle, + SFCL_Categories input_categories, + const char *protocol, + const char *domain_pattern, + const char *path_pattern, + SFCL_Categories output_categories, + SFCL_Patterns_Categories_Action categories_action); + +SFCL_API_PUBLIC int +SFCL_PatternsPost(SFCL_Handle sfcl_handle); + +typedef enum SFCL_Patterns_Reset_Type +{ + SFCL_PATTERNS_RESET_FIRST, /* Do not use */ + + SFCL_PATTERNS_RESET_ACTIVE, + SFCL_PATTERNS_RESET_PENDING, + SFCL_PATTERNS_RESET_ALL, + + SFCL_PATTERNS_RESET_LAST /* Do not use */ +} SFCL_Patterns_Reset_Type; + + + +SFCL_API_PUBLIC int +SFCL_PatternsReset(SFCL_Handle sfcl_handle, + SFCL_Patterns_Reset_Type type); + + +#ifdef __cplusplus +} +#endif/* __cplusplus */ + + +#endif /* SF_CONTROL_H */ diff -uN ../squid-2.5.STABLE14.orig/include/sf_plugin.h include/sf_plugin.h --- ../squid-2.5.STABLE14.orig/include/sf_plugin.h 1969-12-31 19:00:00.000000000 -0500 +++ include/sf_plugin.h 2006-08-17 12:35:18.000000000 -0400 @@ -0,0 +1,1085 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Plugin Library + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: sf_plugin.h,v $ + * $Revision: 1.70.2.12 $ + * $Date: 2006/08/17 16:35:18 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#ifndef SFPL_PLUGIN_H +#define SFPL_PLUGIN_H + +#include "sf_control.h" +#include "sf_util.h" + +#ifdef WIN32 +#include "sfpl_msg.h" +#endif + +#if defined(__cplusplus) +extern "C" { +#endif /* __cplusplus */ + +/*--------------------------------------------------------------*\ + * + * GENERAL + * +\*--------------------------------------------------------------*/ +#ifdef WIN32 +# ifdef SFPL_API_BUILD +# define SFPL_API_PUBLIC __declspec(dllexport) +# else /* SFPL_API_BUILD */ +# define SFPL_API_PUBLIC __declspec(dllimport) +# endif /* SFPL_API_BUILD */ +#else +# define SFPL_API_PUBLIC extern +#endif /* WIN32 */ + +#define SFPL_API_INTERNAL extern +#define SFPL_API_PRIVATE static + +#ifndef SFPL_API_PROTECTED_BUILD +# define SFPL_API_PROTECTED extern +#else /* SFPL_API_PROTECTED_BUILD */ +# define SFPL_API_PROTECTED SFPL_API_PUBLIC +#endif /* SFPL_API_PROTECTED_BUILD */ + +/* + * Library version information + */ +#define SFPL_API_VERSION_MAJOR 4 +#define SFPL_API_VERSION_MINOR 1 +#define SFPL_API_VERSION_UPDATE 1 +#define SFPL_API_VERSION_PATCH "01" +#define SFPL_API_VERSION_DESC_LEN 80 + +/* + * Return values from functions + */ +#define SFPL_OK 0 +#define SFPL_ERROR 1 + +#define SFPL_NOMEM 10 +#define SFPL_INSUFFICIENT_SPACE 11 + +#define SFPL_INVALID_URL 20 + +#define SFPL_INVALID_LIST 30 +#define SFPL_NO_LIST 31 +#define SFPL_EXPIRED_LIST 32 + +#define SFPL_INVALID_FILE 40 +#define SFPL_DOWNLOAD_FAILED 41 +#define SFPL_MERGE_FAILED 42 + +#define SFPL_NULL 50 +#define SFPL_INVALID_HANDLE 51 +#define SFPL_SERVER_FAILED 52 +#define SFPL_NOT_FOUND 53 +#define SFPL_RETRY 54 +#define SFPL_INVALID 55 +#define SFPL_DUPLICATE_GROUP 56 +#define SFPL_EXPIRED_ACTIVATION 57 +#define SFPL_FOUND 58 + +#define SFPL_LOOKUP_REVERSE 70 +#define SFPL_LOOKUP_FORWARD 71 + +#define SFPL_TRANSAUTH_REDIRECT 100 +#define SFPL_TRANSAUTH_CHECK 101 + + + +#define SFPL_DISABLE 1 +#define SFPL_ENABLE 2 + +/*--------------------------------------------------------------*\ + * + * BLOCKED MESSAGES + * +\*--------------------------------------------------------------*/ + +/* Define Action codes */ +typedef unsigned char SFPL_Action_Code; + +/* + * These must be kept in order from most restrictive (smallest + * integer means greatest priority) to least restrictive. Note + * that exempt is a special case and we just decided it has the + * highest priority. + */ +#define SFPL_EXEMPT 0 +#define SFPL_AUTHOVER 1 +#define SFPL_BLOCK 2 +#define SFPL_WARN 3 +#define SFPL_BYPASS 4 +#define SFPL_DELAY 5 +#define SFPL_MONITOR 6 +#define SFPL_ALLOW 7 + +#define SFPL_EXEMPT_STR "EXEMPT" +#define SFPL_AUTHOVER_STR "AUTHOVERRIDE" +#define SFPL_BLOCK_STR "BLOCK" +#define SFPL_WARN_STR "WARN" +#define SFPL_BYPASS_STR "BYPASS" +#define SFPL_DELAY_STR "DELAY" +#define SFPL_MONITOR_STR "MONITOR" +#define SFPL_ALLOW_STR "ALLOW" +#define SFPL_INVALID_ACTION_STR "INVALID_ACTION" + + +/* These are for error messages and logging */ +#define SFPL_MAX_MESSAGE 1024 +#define SFPL_MAX_LOG 1024 + +#define SFPL_MAX_URL 2048 + + +/*--------------------------------------------------------------*\ + * + * HANDLE + * +\*--------------------------------------------------------------*/ +typedef struct sfpl_handle *SFPL_Handle; + +SFPL_API_PUBLIC int +SFPL_HandleCreate(SFPL_Handle *sfpl_handle); + +SFPL_API_PUBLIC int +SFPL_HandleDestroy(SFPL_Handle *sfpl_handle); + +typedef enum +{ + SFPL_HANDLE_INFO_FIRST, /* do not use */ + + SFPL_HANDLE_INFO_API_VERSION_MAJOR, + SFPL_HANDLE_INFO_API_VERSION_MINOR, + SFPL_HANDLE_INFO_API_VERSION_DESC, + SFPL_HANDLE_INFO_CONTROL_HANDLE, + SFPL_HANDLE_INFO_DOWNLOAD_SETTINGS, + SFPL_HANDLE_INFO_REVERSE_LOOKUPS, + SFPL_HANDLE_INFO_SERIAL_NUMBER, + SFPL_HANDLE_INFO_PERM_SERIAL_NUMBER, + SFPL_HANDLE_INFO_CONTROL_PATH, + SFPL_HANDLE_INFO_LOG_OPTION, + SFPL_HANDLE_INFO_LOG_TYPE, + SFPL_HANDLE_INFO_LOG_TEXT_DIR, + SFPL_HANDLE_INFO_ODBC_DSN, + SFPL_HANDLE_INFO_ODBC_TABLE, + SFPL_HANDLE_INFO_SQL_USER, + SFPL_HANDLE_INFO_SQL_PASS, + SFPL_HANDLE_INFO_IP_RATING, + SFPL_HANDLE_INFO_MAIL_SETTINGS, + SFPL_HANDLE_INFO_AUTHSERV_SETTINGS, + + SFPL_HANDLE_INFO_LAST /* do not use */ +} SFPL_Handle_Info; + +SFPL_API_PUBLIC int +SFPL_HandleInfoGet(SFPL_Handle sfpl_handle, + SFPL_Handle_Info info_type, + void *info); + +/*--------------------------------------------------------------*\ + * + * USERS, GROUPS, AND POLICY + * +\*--------------------------------------------------------------*/ + +typedef struct sfpl_policy SFPL_Policy; + +/* Define user/group/policy maximums */ +#define SFPL_MAX_GROUPNAME 32 +#define SFPL_MAX_USERNAME 32 +#define SFPL_MAX_POLICYNAME 65 /* 64 + 1 for the null-terminator */ + +typedef struct sfpl_group_list +{ + struct sfpl_group_list *next; + char group_name[SFPL_MAX_GROUPNAME]; + char policy_name[SFPL_MAX_POLICYNAME]; + SFPL_Policy *policy; +} SFPL_Group_List; + +typedef struct user_grouplist +{ + struct user_grouplist *next; + char group_name[SFPL_MAX_GROUPNAME]; +} SFPL_User_Group_List; + +typedef struct user_data +{ + struct user_data *next; + SFPL_Group_List *group; +} SFPL_User_Data; + +SFPL_API_PUBLIC int /* Needed for Squid. */ +SFPL_GetIPRangeGroups(SFPL_Handle sfpl_handle, + char *ipaddr_char, + SFPL_User_Group_List **grouplist, + int *total); + +SFPL_API_PUBLIC int /* Needed for Squid. */ +SFPL_GetUserGroups(SFPL_Handle sfpl_handle, + char *username, + SFPL_User_Group_List **grouplist, + int *total_groups, + char *err_msg, + int msg_len, + int *log_err_msg); + +#define SFPL_USER_QUERY_USERNAME 0 +#define SFPL_USER_QUERY_IP 1 + +SFPL_API_PUBLIC int +SFPL_IsAuthOverrideUser(SFPL_Handle sfpl_handle, + const char *authover_username); + +SFPL_API_PUBLIC int +SFPL_AuthOverrideUserAdd(SFPL_Handle sfpl_handle, + const char *authover_username, + const char *username, + const char *client_ip, + time_t date, + int duration, + const char *url, + const char *reason, + const char *reasondata); + +SFPL_API_PUBLIC int +SFPL_AuthOverrideUserRemove(SFPL_Handle sfpl_handle, + const char *authover_username, + const char *username, + const char *client_ip); + +SFPL_API_PUBLIC int +SFPL_BypassUserAdd(SFPL_Handle sfpl_handle, + const char *username, + const char *client_ip, + time_t date, + const char *url, + const char *reason, + const char *reasondata); + +SFPL_API_PUBLIC void +SFPL_RedirectionHashCompute(SFPL_Handle sfpl_handle, + unsigned char *hash, + size_t hash_len, + const char *epochseconds, + const char *requestedurl, + const char *categorylist, + const char *useripaddress, + const char *username, + const char *actiontaken, + const char *actionreason, + const char *actionreasondata); + + +SFPL_API_PUBLIC int /* needed for authserver */ +SFPL_ErrorRedirUrlBuild(SFPL_Handle sfpl_handle, + char *redirurl, + size_t redirurl_len, + const char *url, + const char *client_ip, + const char *username); + +SFPL_API_PUBLIC int /* Needed for Squid. */ +SFPL_CheckUserCache(SFPL_Handle sfpl_handle, + char *query, + int type, + SFPL_User_Data **reply); + +SFPL_API_PUBLIC int /* Needed for Squid. */ +SFPL_AddUserCacheEntry(SFPL_Handle sfpl_handle, + char *query, + int query_type, + SFPL_User_Data *grouplist); + +SFPL_API_PUBLIC void /* Needed for Squid. */ +SFPL_FreeGroupList(SFPL_Handle sfpl_handle, + SFPL_User_Group_List *grouplist); + +SFPL_API_PUBLIC void /* Needed for Squid. */ +SFPL_FreeUserData(SFPL_Handle sfpl_handle, + SFPL_User_Data *data); + +/* + * Policy + */ +SFPL_API_PUBLIC int /* Needed for Squid. */ +SFPL_UserLocalPolicyGet(SFPL_Handle sfpl_handle, + char *username, + char *ipaddr, + SFPL_Policy **policy, + SFPL_User_Data **user_data, + char *err_msg, + int msg_len, + int *log_error); + +SFPL_API_PUBLIC int +SFPL_UserPolicyGet(SFPL_Handle sfpl_handle, + char *username, + char *ipaddr, + SFPL_Policy **policy, + SFPL_User_Data **user_data, + char *err_msg, + int msg_len, + int *log_error); + +SFPL_API_PUBLIC int +SFPL_GroupPolicyGet(SFPL_Handle sfpl_handle, + SFPL_User_Group_List *user_grouplist, + SFPL_User_Data **user_data_list); + +SFPL_API_PUBLIC int +SFPL_GroupPolicyMerge(SFPL_Handle sfpl_handle, + SFPL_User_Data *grouplist, + SFPL_Policy **policy, + char *err_msg, + int msg_len, + int *log_error); + +SFPL_API_PUBLIC int +SFPL_PolicyFree(SFPL_Handle sfpl_handle, + SFPL_Policy *policy); + +SFPL_API_PUBLIC char * +SFPL_PolicyNameGet(SFPL_Handle sfpl_handle, + SFPL_Policy *policy); + +SFPL_API_PUBLIC unsigned int +SFPL_PolicyFlagsGet(SFPL_Handle sfpl_handle, + SFPL_Policy *policy); + +SFPL_API_PUBLIC int +SFPL_UrlWithProtocol(SFPL_Handle sfpl_handle, + const char *url, + char *built, + size_t built_len); + +/*--------------------------------------------------------------*\ + * + * LOGGING + * +\*--------------------------------------------------------------*/ + +typedef SFCL_Log_Level SFPL_Log_Level; + +#define SFPL_LOG_LEVEL_FIRST SFCL_LOG_LEVEL_FIRST +#define SFPL_LOG_LEVEL_NONE SFCL_LOG_LEVEL_NONE +#define SFPL_LOG_LEVEL_FATAL SFCL_LOG_LEVEL_FATAL +#define SFPL_LOG_LEVEL_ERROR SFCL_LOG_LEVEL_ERROR +#define SFPL_LOG_LEVEL_WARNING SFCL_LOG_LEVEL_WARNING +#define SFPL_LOG_LEVEL_INFO SFCL_LOG_LEVEL_INFO +#define SFPL_LOG_LEVEL_DEBUG1 SFCL_LOG_LEVEL_DEBUG1 +#define SFPL_LOG_LEVEL_DEBUG2 SFCL_LOG_LEVEL_DEBUG2 +#define SFPL_LOG_LEVEL_DEBUG3 SFCL_LOG_LEVEL_DEBUG3 +#define SFPL_LOG_LEVEL_DEBUG4 SFCL_LOG_LEVEL_DEBUG4 +#define SFPL_LOG_LEVEL_DEBUG5 SFCL_LOG_LEVEL_DEBUG5 +#define SFPL_LOG_LEVEL_DEBUG6 SFCL_LOG_LEVEL_DEBUG6 +#define SFPL_LOG_LEVEL_DEBUG7 SFCL_LOG_LEVEL_DEBUG7 +#define SFPL_LOG_LEVEL_DEBUG8 SFCL_LOG_LEVEL_DEBUG8 +#define SFPL_LOG_LEVEL_DEBUG9 SFCL_LOG_LEVEL_DEBUG9 +#define SFPL_LOG_LEVEL_DEBUG SFCL_LOG_LEVEL_DEBUG +#define SFPL_LOG_LEVEL_TRACE SFCL_LOG_LEVEL_TRACE +#define SFPL_LOG_LEVEL_ALL SFCL_LOG_LEVEL_ALL +#define SFPL_LOG_LEVEL_LAST SFCL_LOG_LEVEL_LAST + +typedef int SFPL_Log_Area; + +#define SFPL_NUM_LOG_AREAS 13 /* Not including MASK or ALL */ + +#define SFPL_LOG_AREA_CONFIG 0x00010000 +#define SFPL_LOG_AREA_USERS 0x00020000 +#define SFPL_LOG_AREA_ACTIVATION 0x00040000 +#define SFPL_LOG_AREA_POLICY 0x00080000 +#define SFPL_LOG_AREA_URL_FILTER 0x00100000 +#define SFPL_LOG_AREA_MAIL_SEND 0x00200000 +#define SFPL_LOG_AREA_LOG 0x00400000 +#define SFPL_LOG_AREA_PLUGIN 0x00800000 +#define SFPL_LOG_AREA_HANDLE 0x01000000 +#define SFPL_LOG_AREA_CATEGORIES 0x02000000 +#define SFPL_LOG_AREA_AUTH_OVER 0x04000000 +#define SFPL_LOG_AREA_BYPASS 0x08000000 +#define SFPL_LOG_AREA_FILTER_SUMMARY 0x10000000 +#define SFPL_LOG_AREA_MASK 0x1FFF0000 +#define SFPL_LOG_AREA_ALL (0xFFFFFFFF & SFPL_LOG_AREA_MASK) + +#define _LOG_AREA_TO_INDEX(area) \ +( \ + ((SFPL_LOG_AREA_CONFIG == (area)) ? 0 : \ + (SFPL_LOG_AREA_USERS == (area)) ? 1 : \ + (SFPL_LOG_AREA_ACTIVATION == (area)) ? 2 : \ + (SFPL_LOG_AREA_POLICY == (area)) ? 3 : \ + (SFPL_LOG_AREA_URL_FILTER == (area)) ? 4 : \ + (SFPL_LOG_AREA_MAIL_SEND == (area)) ? 5 : \ + (SFPL_LOG_AREA_LOG == (area)) ? 6 : \ + (SFPL_LOG_AREA_PLUGIN == (area)) ? 7 : \ + (SFPL_LOG_AREA_HANDLE == (area)) ? 8 : \ + (SFPL_LOG_AREA_CATEGORIES == (area)) ? 9 : \ + (SFPL_LOG_AREA_AUTH_OVER == (area)) ? 10 : \ + (SFPL_LOG_AREA_BYPASS == (area)) ? 11 : \ + (SFPL_LOG_AREA_FILTER_SUMMARY == (area)) ? 12 : 0) \ +) + +#define _LOG_INDEX_TO_AREA(index) \ +( \ + ((0 == (index)) ? SFPL_LOG_AREA_CONFIG : \ + (1 == (index)) ? SFPL_LOG_AREA_USERS : \ + (2 == (index)) ? SFPL_LOG_AREA_ACTIVATION : \ + (3 == (index)) ? SFPL_LOG_AREA_POLICY : \ + (4 == (index)) ? SFPL_LOG_AREA_URL_FILTER : \ + (5 == (index)) ? SFPL_LOG_AREA_MAIL_SEND : \ + (6 == (index)) ? SFPL_LOG_AREA_LOG : \ + (7 == (index)) ? SFPL_LOG_AREA_PLUGIN : \ + (8 == (index)) ? SFPL_LOG_AREA_HANDLE : \ + (9 == (index)) ? SFPL_LOG_AREA_CATEGORIES : \ + (10 == (index)) ? SFPL_LOG_AREA_AUTH_OVER : \ + (11 == (index)) ? SFPL_LOG_AREA_BYPASS : \ + (12 == (index)) ? SFPL_LOG_AREA_FILTER_SUMMARY : 0) \ +) + +typedef void (*SFPL_Log_Func)(SFPL_Log_Level level, + SFPL_Log_Area area, + const char *message); + +SFPL_API_PUBLIC SFUT_Mutex sfpl_log_mutex; + +#define SFPL_LOG_LEVEL_VALID(level) \ +( \ + (SFPL_LOG_LEVEL_FIRST < (level)) && \ + ((SFPL_LOG_LEVEL_LAST) > (level)) \ +) + +#define SFPL_LOG_AREA_VALID(area) \ +( \ + (area) == ((area) & ((int) SFPL_LOG_AREA_ALL)) \ +) + +SFPL_API_PUBLIC char * +sfpl_log_format_msg(const char *fmt, ...); + +SFPL_API_PUBLIC void +sfpl_log_log_msg(SFPL_Handle sfpl_handle, + SFPL_Log_Level level, + SFPL_Log_Area area, + const char *function, + const char *file, + int line, + const char *msg); + +typedef struct sfpl_log_info +{ + SFPL_Log_Level log_areas[SFPL_NUM_LOG_AREAS]; + SFPL_Log_Func log_func; + char *log_file; + char log_name[80]; +} sfpl_log_info; + +#define _SFPL_MSG_LOGGABLE(log_areas, level, area) \ +( \ + SFPL_LOG_LEVEL_VALID((level)) && \ + SFPL_LOG_AREA_VALID((area)) && \ + ((level) <= (log_areas)[(_LOG_AREA_TO_INDEX(area))]) \ +) + +#define _SFPL_MSG_LOG(sfpl_handle, level, area, func, file, line, msg)\ +{ \ + if (NULL != sfpl_handle) \ + { \ + unsigned char *tmp_handle = (unsigned char *)(sfpl_handle); \ + sfpl_log_info *log_info = (sfpl_log_info *) (tmp_handle + 4); \ + if (_SFPL_MSG_LOGGABLE(log_info->log_areas, (level), (area))) \ + { \ + char *p = NULL; \ + if (0 != SFUT_MutexLock(&sfpl_log_mutex)) \ + { \ + char f[200]; \ + const char *fname = NULL; \ + p = sfpl_log_format_msg msg; \ + if (SFPL_LOG_FUNC_ENTER == (void *)(func)) \ + { \ + SFUT_Snprintf(f, sizeof(f), "%s-ENTER", \ + __PRETTY_FUNCTION__); \ + fname = f; \ + } \ + else if (SFPL_LOG_FUNC_EXIT == (void *)(func)) \ + { \ + SFUT_Snprintf(f, sizeof(f), "%s-EXIT", \ + __PRETTY_FUNCTION__); \ + fname = f; \ + } \ + else \ + { \ + fname = (func); \ + } \ + sfpl_log_log_msg((sfpl_handle), (level), (area), \ + fname, (file), (line), p); \ + SFUT_MutexUnlock(&sfpl_log_mutex); \ + } \ + } \ + } \ +} + +#define SFPL_LOG_FUNC_ENTER ((void *) -1) +#define SFPL_LOG_FUNC_EXIT ((void *) -2) +#define SFPL_LOG_FATAL(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_FATAL, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_ERROR(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_ERROR, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_WARNING(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_WARNING, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_INFO(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_INFO, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG1(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG1, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG2(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG2, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG3(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG3, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG4(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG4, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG5(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG5, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG6(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG6, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG7(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG7, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG8(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG8, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG9(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG9, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_DEBUG(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG, area, \ + __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_TRACE_ENTER(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_TRACE, area, \ + SFPL_LOG_FUNC_ENTER, __FILE__, __LINE__, msg) \ +} + +#define SFPL_LOG_TRACE_EXIT(sfpl_handle, area, msg) \ +{ \ + _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_TRACE, area, \ + SFPL_LOG_FUNC_EXIT, __FILE__, __LINE__, msg) \ +} + +SFPL_API_PUBLIC int +SFPL_Startup(void); + +SFPL_API_PUBLIC void +SFPL_Shutdown(void); + +SFPL_API_PUBLIC void * +SFPL_LogHandleGet(SFPL_Handle sfpl_handle); + +SFPL_API_PUBLIC int +SFPL_LogLevelSet(SFPL_Handle sfpl_handle, + SFPL_Log_Level level, + SFPL_Log_Area areas); + +SFPL_API_PUBLIC int +SFPL_LogFunctionSet(SFPL_Handle sfpl_handle, + SFCL_Log_Func log_func); + +SFPL_API_PUBLIC void +SFPL_LogFileClose(); + +SFPL_API_PUBLIC int +SFPL_LogFileOpen(SFPL_Handle sfpl_handle); + +SFPL_API_PUBLIC int +SFPL_LogFilenameSet(SFPL_Handle sfpl_handle, + const char *name); + +SFPL_API_PUBLIC int +SFPL_LogFileOpen(SFPL_Handle sfpl_handle); + +SFPL_API_PUBLIC void +SFPL_PluginLogFunction(SFCL_Log_Level level, + SFCL_Log_Area area, + const char *message); + +SFPL_API_PUBLIC void +SFPL_LogRegister(char *ident); + +#define SFPL_LOG_OPTION_NONE_STRING "\"-\"" + + +/*--------------------------------------------------------------*\ + * + * Log Server Logging + * +\*--------------------------------------------------------------*/ +SFPL_API_PUBLIC void +SFPL_LogServerLog(SFPL_Handle sfpl_handle, + const char *client_hostname, + const char *request_url, + const char *client_username, + const char *zone_name, + const char *categories, + unsigned int bytes_xfer, + SFPL_Action_Code action); + +/*--------------------------------------------------------------*\ + * + * Filter Summary Logging + * +\*--------------------------------------------------------------*/ +SFPL_API_PUBLIC void +SFPL_LogFilterSummary(SFPL_Handle sfpl_handle, + const char *client_ip, + const char *username, + SFPL_User_Data *user_data, + const char *policy_name, + unsigned int policy_flags, + const char *url, + const char *all_cats, + const char *restricted_cats, + const char *redir_url, + int delay_time, + SFPL_Action_Code action); + +/*--------------------------------------------------------------*\ + * + * CATEGORIES + * +\*--------------------------------------------------------------*/ +SFPL_API_PUBLIC void +SFPL_CategoriesStringToCategories(SFPL_Handle sfpl_handle, + const char *str, + SFCL_Categories categories); + +SFPL_API_PUBLIC int +SFPL_CategoriesToSortedArray(SFPL_Handle sfpl_handle, + SFCL_Categories categories, + SFCL_Category *cat_array, + int *num_cats); + +SFPL_API_PUBLIC int +SFPL_CategoryCustomMessageGet(SFPL_Handle sfpl_handle, + SFCL_Category category, + SFPL_Action_Code action, + char *message, + int message_len); + +SFPL_API_PUBLIC const char * +SFPL_CategoryToName(SFPL_Handle sfpl_handle, + SFCL_Category category); + +/*--------------------------------------------------------------*\ + * + * CONFIG OPTIONS + * +\*--------------------------------------------------------------*/ +#define SFPL_LOG_OPTION_NONE 0 +#define SFPL_LOG_OPTION_RESTRICTED 1 +#define SFPL_LOG_OPTION_ALL_CATS 2 +#define SFPL_LOG_OPTION_ALL_URLS 3 + +/* Define NT Log options */ +#define SFPL_LOG_TYPE_TEXT 0 +#define SFPL_LOG_TYPE_MSSQL 2 +#define SFPL_LOG_TYPE_ACCESS 3 + +/*--------------------------------------------------------------*\ + * + * DOWNLOAD + * +\*--------------------------------------------------------------*/ +#define SFPL_MAX_DOWNLOAD_SITE 128 +#define SFPL_MAX_DOWNLOAD_ADDRESS 16 +#define SFPL_MAX_DOWNLOAD_USER 64 +#define SFPL_MAX_DOWNLOAD_PASS 32 +#define SFPL_MAX_DOWNLOAD_PATH 512 +#define SFPL_MAX_DOWNLOAD_FILE 256 +#define SFPL_MAX_DOWNLOAD_MSG 512 + +typedef enum SFPL_Download_Method +{ + SFPL_DOWNLOAD_METHOD_NONE, + SFPL_DOWNLOAD_METHOD_HTTP, + SFPL_DOWNLOAD_METHOD_ADMIN_SERVER_CONTROLLED +} SFPL_Download_Method; + +typedef enum SFPL_Download_Mode +{ + SFPL_DOWNLOAD_MODE_INCREMENTAL, + SFPL_DOWNLOAD_MODE_FULL, +} SFPL_Download_Mode; + +typedef struct SFPL_Http_Info +{ + char site[SFPL_MAX_DOWNLOAD_SITE]; + char address[SFPL_MAX_DOWNLOAD_ADDRESS]; + int port; + char username[SFPL_MAX_DOWNLOAD_USER]; + char password[SFPL_MAX_DOWNLOAD_PASS]; + char path[SFPL_MAX_DOWNLOAD_PATH]; /* Source HTTP Path */ + char proxy[SFPL_MAX_DOWNLOAD_SITE]; + int proxyport; +} SFPL_Http_Info; + +typedef struct SFPL_Download_Info +{ + SFPL_Download_Method method; + SFCL_List_Download_Mode mode; + SFPL_Http_Info http; +} SFPL_Download_Info; + + +/*--------------------------------------------------------------*\ + * + * FILENAMES + * +\*--------------------------------------------------------------*/ +#define SFPL_CONFIG_FILE_NAME "config.txt" +#define SFPL_SITE_FILE_NAME "site.txt" +#define SFPL_PATTERNS_FILE_NAME "patterns.txt" +#define SFPL_KEYWORDS_FILE_NAME "keywords.txt" +#define SFPL_USERS_FILE_NAME "users.txt" +#define SFPL_AGENT_FILE_NAME "sfagent.txt" +#define SFPL_PSERIAL_FILE_NAME "pserial.txt" +#define SFPL_CLIST_FILE_NAME "sfcontrol" + +/*--------------------------------------------------------------*\ + * + * FILTERING + * +\*--------------------------------------------------------------*/ + +SFPL_API_PUBLIC int +SFPL_UrlFilter(SFPL_Handle sfpl_handle, + SFPL_Policy *policy, + const char *url, + SFCL_Url parsed_url, + const char *dest_addr, + const char *username, + const char *client_ip, + SFPL_Action_Code *action, + int *delay_time, + char *redirurl, + int redirurl_len, + char *all_cats, + int all_cats_len, + char *restricted_cats, + int restricted_cats_len, + char **log_string, + char **reporter_string, + int *should_log); + +SFPL_API_PUBLIC SFPL_Action_Code +SFPL_Warn(SFPL_Handle sfpl_handle, + char *url, + char *referer_url, + char *range); + +/*--------------------------------------------------------------*\ + * + * CONFIG FILES + * +\*--------------------------------------------------------------*/ + +typedef enum +{ + SFPL_LOCK_READ = 0, + SFPL_LOCK_WRITE = 1 +} SFPL_Lock_Mode; + + +SFPL_API_PUBLIC int +SFPL_ConfigLock(SFPL_Handle sfpl_handle, + SFPL_Lock_Mode mode); + +SFPL_API_PUBLIC int +SFPL_ConfigUnlock(SFPL_Handle sfpl_handle, + SFPL_Lock_Mode mode); + +SFPL_API_PUBLIC int +SFPL_ProcessConfigFile(SFPL_Handle, + const char *, + char *); + +SFPL_API_PUBLIC int +SFPL_ProcessUserInfo(SFPL_Handle sfpl_handle, + const char *full_path, + char *err_msg, + int msg_len); + +SFPL_API_PUBLIC int +SFPL_ReloadConfigFile(SFPL_Handle, + const char *, + char *); + +SFPL_API_PUBLIC int +SFPL_ReloadControlList(SFPL_Handle, + const char *new_list); + +SFPL_API_PUBLIC int +SFPL_EnableExternalListAccess(SFPL_Handle sfpl_handle, + int value); + +SFPL_API_PUBLIC int +SFPL_GetControlListSerialNumber(SFPL_Handle, + int *); + +/*--------------------------------------------------------------*\ + * + * ACTIVATION + * +\*--------------------------------------------------------------*/ +/* + * Features + */ +#define SFPL_ACT_KEY_FEATURE_MERGE_TOOL 0x1 + +/* Define Activation Key codes */ +#define SFPL_ACT_OK 1 +#define SFPL_ACT_OLD15 15 +#define SFPL_ACT_OLD30 30 +#define SFPL_ACT_OLD60 60 +#define SFPL_ACT_GRACE 100 +#define SFPL_ACT_INVALID (-1) +#define SFPL_ACT_EXPIRED 0 + +typedef struct SFPL_ActivationKey +{ + int version; + char userID[6]; + int userLicenses; + int userLevel; + int level; + int expirationYear; + int expirationMonth; + int expirationDay; + int duration; + int features; +} SFPL_Activation_Key; + +SFPL_API_PUBLIC char * +SFPL_ActKeyCreate(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyDurationGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyExpirationDayGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyExpirationMonthGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyExpirationTimeCheck(SFPL_Handle sfpl_handle, + const time_t exp, + const time_t now); + +SFPL_API_PUBLIC time_t +SFPL_ActKeyExpirationTimeGet(SFPL_Handle sfpl_handle, + char *key_string); + +SFPL_API_PUBLIC int +SFPL_ActKeyExpirationYearGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyFeatureVerify(SFPL_Handle sfpl_handle, + int fbit, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyIsExpired(SFPL_Handle sfpl_handle, + char *key_string, + time_t installationTime); + +SFPL_API_PUBLIC int +SFPL_ActKeyIsValid(SFPL_Handle sfpl_handle, + char *serialNumber, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyMasterIdIsValid(SFPL_Handle sfpl_handle, + char *masterID); + +SFPL_API_PUBLIC int +SFPL_ActKeySmartFilterVersionGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC char * +SFPL_ActKeyUserIdGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +SFPL_API_PUBLIC int +SFPL_ActKeyUserIdIsValid(SFPL_Handle sfpl_handle, + char *userID); + +SFPL_API_PUBLIC int +SFPL_ActKeyUserLevelGet(SFPL_Handle sfpl_handle, + SFPL_Activation_Key *key); + +/*--------------------------------------------------------------*\ + * + * REVERSE DNS + * +\*--------------------------------------------------------------*/ +/* + * Call to set a flag specifying DNS lookups should be performed externally. + */ +SFPL_API_PUBLIC int +SFPL_EnableExternalDNS(SFPL_Handle, + int); + + +/*--------------------------------------------------------------*\ + * + * MAIL + * +\*--------------------------------------------------------------*/ + +typedef struct +{ + char *primary_email; + char *secondary_email; + char *from_email; + char *mail_server; +} SFPL_Mail_Info; + +#define SFPL_MAIL_SUBJ_ADD_HOST 0x00000001 + +SFPL_API_PUBLIC int +SFPL_MailSend(SFPL_Handle sfpl_handle, + const char *subject, + const char *message, + unsigned int flags); + + + + + +/*--------------------------------------------------------------*\ + * + * Authentication Server + * +\*--------------------------------------------------------------*/ + +typedef struct { + int enabled; + char authserver_address[256]; + char authserver_hostname[256]; + int authserver_auth_port; + int authserver_ao_port; + char authserver_password[64]; + int block_on_fail; + SFUT_List exempt_ips; + SFUT_List exempt_urls; +} SFPL_Trans_Auth; + +SFPL_API_PUBLIC int +SFPL_TransauthCheck(SFPL_Handle sfpl_handle, + SFCL_Url processed_url, + const char *url, + const char *ipaddr, + char *username, + size_t username_len); + +SFPL_API_PUBLIC int +SFPL_TransauthUserGet(SFPL_Handle sfpl_handle, + const char *ipaddr, + char *username, + size_t username_len); + +SFPL_API_PUBLIC int +SFPL_TransauthUserIdentify(SFPL_Handle sfpl_handle, + const char *ipaddr, + char *username, + size_t usernamelen, + int *block_on_fail); + +SFPL_API_PUBLIC int +SFPL_TransauthRedirUrlBuild(SFPL_Handle sfpl_handle, + const char *ipaddr, + const char *original_url, + char *redir_url, + size_t redir_url_len); + +SFPL_API_PUBLIC int /* Needed for Squid */ +SFPL_TransauthUserCacheAdd(SFPL_Handle sfpl_handle, + const char *ipaddr, + const char *username, + time_t timeout_hard, + time_t timeout_soft); + +SFPL_API_PUBLIC int +SFPL_TransauthUserTimeoutsGet(SFPL_Handle sfpl_handle, + const char *ipaddr, + time_t *timeout_hard, + time_t *timout_soft); + +#if defined(__cplusplus) +} +#endif /* __cplusplus */ + +#endif /* SFPL_PLUGIN_H */ + diff -uN ../squid-2.5.STABLE14.orig/include/sf_util.h include/sf_util.h --- ../squid-2.5.STABLE14.orig/include/sf_util.h 1969-12-31 19:00:00.000000000 -0500 +++ include/sf_util.h 2006-08-14 12:06:38.000000000 -0400 @@ -0,0 +1,901 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Utility Library + * + * Copyright (c) 2003-2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: sf_util.h,v $ + * $Revision: 1.2.2.5 $ + * $Date: 2006/08/14 16:06:38 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#ifndef _SF_UTIL_H +#define _SF_UTIL_H + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#ifdef WIN32 +# include +# include +# ifdef __FUNCTION__ +# define __PRETTY_FUNCTION__ __FUNCTION__ +# else /* __FUNCTION__ */ +# define __PRETTY_FUNCTION__ "Unknown" +# endif /* __FUNCTION__ */ +#else /* WIN32 */ +# include +# include +#endif /* WIN32 */ + +#ifdef WIN32 +# ifdef SFUT_API_BUILD +# define SFUT_API_PUBLIC __declspec(dllexport) +# else /* SFUT_API_BUILD */ +# define SFUT_API_PUBLIC __declspec(dllimport) +# endif /* SFUT_API_BUILD */ +#else +# define SFUT_API_PUBLIC extern +#endif /* WIN32 */ + +#define SFUT_API_INTERNAL extern +#define SFUT_API_PRIVATE static + +#ifndef SFUT_API_PROTECTED_BUILD +# define SFUT_API_PROTECTED extern +#else /* SFUT_API_PROTECTED_BUILD */ +# define SFUT_API_PROTECTED SFUT_API_PUBLIC +#endif /* SFUT_API_PROTECTED_BUILD */ + + +/* + * General + */ +#ifdef WIN32 + typedef unsigned __int64 SFUT_Int64; +# define SFUT_Getcwd(buf, len) _getcwd(buf, len) +# define SFUT_PATH_SEP_CHAR '\\' +#else /* WIN32 */ +# define SFUT_Getcwd(buf, len) getcwd(buf, len) + typedef unsigned long long SFUT_Int64; +# define SFUT_PATH_SEP_CHAR '/' +#endif /* WIN32 */ + +typedef unsigned char SFUT_Bool; +#define SFUT_FALSE 0 +#define SFUT_TRUE 1 + +/* + * Errors + */ +#ifdef WIN32 + #define SFUT_LastError() GetLastError() +#else /* WIN32 */ + #define SFUT_LastError() errno +#endif /* WIN32 */ +/* + * Base 64 + */ +SFUT_API_PUBLIC int +SFUT_Base64Encode(const unsigned char *in, + int in_size, + char *out, + int out_size); +SFUT_API_PUBLIC int +SFUT_Base64Decode(const char *in, + char *out, + int out_size, + int *decoded_len); + + +/* + * File + */ +#include +#include +#include +#include +#include +#ifndef NAME_MAX +# define NAME_MAX 1024 +#endif /* NAME_MAX */ + + +#ifdef WIN32 +# define O_APPEND _O_APPEND +# define O_CREAT _O_CREAT +# define O_EXCL _O_EXCL +# define O_RDONLY _O_RDONLY +# define O_RDWR _O_RDWR +# define O_TRUNC _O_TRUNC +# define O_WRONLY _O_WRONLY +# define O_TEXT _O_TEXT +# define O_BINARY _O_BINARY + +# define A_HIDDEN _A_HIDDEN +# define A_NORMAL _A_NORMAL +# define A_RDONLY _A_RDONLY +# define A_SUBDIR _A_SUBDIR +# define S_IRWXU (_S_IREAD | _S_IWRITE) +# define S_IRUSR _S_IREAD +# define S_IWUSR _S_IWRITE +# define S_IXUSR (_S_IREAD | _S_IWRITE) +# define S_IRWXG (_S_IREAD | _S_IWRITE) +# define S_IRGRP _S_IREAD +# define S_IWGRP _S_IWRITE +# define S_IXGRP (_S_IREAD | _S_IWRITE) +# define S_IRWXO (_S_IREAD | _S_IWRITE) +# define S_IROTH _S_IREAD +# define S_IWOTH _S_IWRITE +# define S_IXOTH (_S_IREAD | _S_IWRITE) +#else /* WIN32 */ +# define O_BINARY 0 +# define O_TEXT 0 +# define A_SUBDIR 1 +#endif /* WIN32 */ + +#ifdef WIN32 +typedef struct _stat SFUT_File_Stat; +#else /* WIN32 */ +typedef struct stat SFUT_File_Stat; +#endif /* WIN32 */ +typedef int SFUT_File; +SFUT_API_PUBLIC int +SFUT_FileOpen(SFUT_File *f, + const char *name, + int flags, + int mode); + +SFUT_API_PUBLIC int +SFUT_FileClose(SFUT_File *f); + +SFUT_API_PUBLIC int +SFUT_FileWrite(SFUT_File *f, + const void *buffer, + size_t len); + +SFUT_API_PUBLIC int +SFUT_FileRead(SFUT_File *f, + void *buffer, + size_t len, + size_t *bytes_read); + +SFUT_API_PUBLIC int +SFUT_FileSeek(SFUT_File *f, + int offset, + int whence, + long *result_offset); + +SFUT_API_PUBLIC int +SFUT_FileSize(SFUT_File *f, + size_t *size); + +SFUT_API_PUBLIC int +SFUT_FileStat(const char *filename, + SFUT_File_Stat *statbuf); + +SFUT_API_PUBLIC int +SFUT_FileRemove(const char *name); + +SFUT_API_PUBLIC int +SFUT_FileRename(const char *prev_name, const char *new_name); + +/* + * List + */ +typedef struct sfut_list *SFUT_List; +typedef struct sfut_list_entry +{ + struct sfut_list_entry *prev; + struct sfut_list_entry *next; +} SFUT_List_Entry; + +typedef int (*SFUT_List_Iterate_Func)(SFUT_List_Entry *le, void *arg); +typedef void (*SFUT_List_Show_Func)(SFUT_List_Entry *le, void *arg, FILE *fp); + +SFUT_API_PUBLIC int +SFUT_ListCreate(SFUT_List *l); + +SFUT_API_PUBLIC int +SFUT_ListAdd(SFUT_List l, + SFUT_List_Entry *le); + +SFUT_API_PUBLIC SFUT_List_Entry * +SFUT_ListFind(SFUT_List l, + SFUT_List_Entry *le); + +SFUT_API_PUBLIC SFUT_List_Entry * +SFUT_ListGetFirst(SFUT_List l); + +SFUT_API_PUBLIC SFUT_List_Entry * +SFUT_ListGetNext(SFUT_List l, + SFUT_List_Entry *le); + +SFUT_API_PUBLIC int +SFUT_ListRemove(SFUT_List l, + SFUT_List_Entry *le); + +SFUT_API_PUBLIC SFUT_List_Entry * +SFUT_ListRemoveHead(SFUT_List l); + +SFUT_API_PUBLIC SFUT_List_Entry * +SFUT_ListRetrieve(SFUT_List l); + +SFUT_API_PUBLIC int +SFUT_ListCount(SFUT_List l, + int *count); + +SFUT_API_PUBLIC int +SFUT_ListIterate(SFUT_List l, + SFUT_List_Iterate_Func f, + void *arg); + +SFUT_API_PUBLIC void +SFUT_ListShow(SFUT_List l, + SFUT_List_Show_Func f, + void *arg, + FILE *fp); + +SFUT_API_PUBLIC void +SFUT_ListDestroy(SFUT_List l); + + +/* + * OS + */ +SFUT_API_PUBLIC int +SFUT_OSNameGet(char *name, + size_t name_len); + + +/* + * Memory + */ +SFUT_API_PUBLIC int +SFUT_MemInit(void); + +#ifdef SFUTMEMINTERNAL +# define SFUT_MemAlloc(bytes) SFUT_MemAlloc_((bytes), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) + +# define SFUT_MemRealloc(ptr, bytes) SFUT_MemRealloc_((ptr), \ + (bytes), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) + +# define SFUT_MemFree(ptr) SFUT_MemFree_((ptr), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) +#else /* SFUTMEMINTERNAL */ +# define SFUT_MemAlloc(bytes) malloc(bytes) +# define SFUT_MemRealloc(ptr, bytes) realloc(ptr, bytes) +# define SFUT_MemFree(ptr) free(ptr) +#endif /* SFUTMEMINTERNAL */ + +SFUT_API_PUBLIC void * +SFUT_MemAlloc_(size_t bytes, + const char *file, + const char *function, + int line); + +SFUT_API_PUBLIC void * +SFUT_MemRealloc_(void *ptr, + size_t bytes, + const char *file, + const char *function, + int line); + +SFUT_API_PUBLIC void +SFUT_MemFree_(void *ptr, + const char *file, + const char *function, + int line); + +SFUT_API_PUBLIC void +SFUT_MemShow(FILE *fp); + +SFUT_API_PUBLIC int +sfut_mem_check(); + + +/* + * Mapped Memory + */ +SFUT_API_PUBLIC int +SFUT_MemMapInit(void); + +#define SFUT_MemMapAlloc(filename) SFUT_MemMapAlloc_((filename), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) +SFUT_API_PUBLIC void * +SFUT_MemMapAlloc_(const char *filename, + const char *file, + const char *function, + int line); + +#define SFUT_MemMapFree(ptr) SFUT_MemMapFree_((ptr), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) + +SFUT_API_PUBLIC void +SFUT_MemMapFree_(void *ptr, + const char *filename, + const char *file, + int line); + +SFUT_API_PUBLIC void +SFUT_MemMapShow(FILE *fp); + +SFUT_API_PUBLIC int +sfut_memmap_check(); + +/* + * Memory Pool + */ +typedef struct sfut_mem_pool *SFUT_Mem_Pool; + +SFUT_API_PUBLIC int +SFUT_MemPoolCreate(SFUT_Mem_Pool *mp, + size_t entry_size, + size_t num_entries); + +#define SFUT_MemPoolAlloc(mp) SFUT_MemPoolAlloc_((mp), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) + +SFUT_API_PUBLIC void * +SFUT_MemPoolAlloc_(SFUT_Mem_Pool mp, + const char *file, + const char *function, + int line); + +#define SFUT_MemPoolFree(mp, arg) SFUT_MemPoolFree_((mp), \ + (arg), \ + __FILE__, \ + __PRETTY_FUNCTION__, \ + __LINE__) + +SFUT_API_PUBLIC void +SFUT_MemPoolFree_(SFUT_Mem_Pool mp, + void *arg, + const char *file, + const char *function, + int line); + +SFUT_API_PUBLIC void +SFUT_MemPoolDestroy(SFUT_Mem_Pool mp); + +SFUT_API_PUBLIC void +SFUT_MemPoolShow(SFUT_Mem_Pool mp, + FILE *fp); + + + + + +/* + * Queue + */ +typedef struct _sf_queue *SFUT_Queue; + +SFUT_API_PUBLIC int +SFUT_QueueCreate(SFUT_Queue *q); + +SFUT_API_PUBLIC int +SFUT_QueueAdd(SFUT_Queue q, + void *id, + void *data); + +SFUT_API_PUBLIC int +SFUT_QueueRemove(SFUT_Queue q, + void **id, + void **data); + +SFUT_API_PUBLIC int +SFUT_QueueCount(SFUT_Queue q, + int *count); + +SFUT_API_PUBLIC int +SFUT_QueueDestroy(SFUT_Queue q); + + + + +/* + * Socket + */ +#ifdef WIN32 +# include +# include +#else /* WIN32 */ +# ifndef BSD_COMP +# define BSD_COMP +# endif /* BSD_COMP */ +# include +# include +# include +# include +# include +# include +# include +#endif + +#define SFUT_TIME_INFINITE (-1) +typedef struct SFUT_Socket +{ +#ifdef WIN32 + SOCKET socket; +#else /* WIN32 */ + int socket; +#endif /* WIN32 */ +} SFUT_Socket; + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +typedef struct in_addr SFUT_IP_Addr; + +SFUT_API_PUBLIC int +SFUT_SocketInit(void); + +SFUT_API_PUBLIC int +SFUT_SocketCleanup(void); + +SFUT_API_PUBLIC int +SFUT_SocketCreate(SFUT_Socket *s); + +SFUT_API_PUBLIC int +SFUT_SocketCreateUDP(SFUT_Socket *s); + +SFUT_API_PUBLIC int +SFUT_SocketClose(SFUT_Socket *s); + +SFUT_API_PUBLIC int +SFUT_SocketWrite(SFUT_Socket s, + const char *buffer, + size_t len); + +SFUT_API_PUBLIC int +SFUT_SocketWriteTo(SFUT_Socket s, + const char *buffer, + size_t buf_len, + const struct sockaddr *to, + int to_len); + +SFUT_API_PUBLIC int +SFUT_SocketRead(SFUT_Socket s, + char *buffer, + size_t len); + +SFUT_API_PUBLIC int +SFUT_SocketReadFrom(SFUT_Socket s, + char *buffer, + size_t len, + struct sockaddr *from, + int *from_len); + +SFUT_API_PUBLIC int +SFUT_SocketPeek(SFUT_Socket s, + char *buffer, + size_t len); + +SFUT_API_PUBLIC int +SFUT_SocketConnect(SFUT_Socket s, + SFUT_IP_Addr addr, + unsigned short port); + +SFUT_API_PUBLIC int +SFUT_SocketBind(SFUT_Socket s, + SFUT_IP_Addr addr, + unsigned short port); + +SFUT_API_PUBLIC int +SFUT_SocketListen(SFUT_Socket s, + size_t backlog); + +SFUT_API_PUBLIC int +SFUT_SocketAccept(SFUT_Socket s, + SFUT_Socket *ns, + SFUT_IP_Addr *ip); + +SFUT_API_PUBLIC int +SFUT_SocketError(void); + +SFUT_API_PUBLIC int +SFUT_SocketWait(SFUT_Socket s, + int read, + int write, + int milliseconds); + +SFUT_API_PUBLIC int +SF_SocketAvailableReadBytes(SFUT_Socket s); + +SFUT_API_PUBLIC int +SFUT_SocketNameToAddr(const char *name, + SFUT_IP_Addr *ip, + int *error); + +SFUT_API_PUBLIC int +SFUT_SocketAddrToName(const char *ip, + char *name, + size_t name_len); + + + + +/* + * Threads + */ +# ifdef WIN32 +# include +# include +# include +# define THREAD_ENTRYTYPE WINAPI +typedef HANDLE SFUT_Thread; +typedef DWORD SFUT_ThreadId; +typedef CRITICAL_SECTION SFUT_Mutex; +typedef struct SFUT_Cond +{ + CRITICAL_SECTION waiters_lock; + int waiters_count; + HANDLE events[2]; +} SFUT_Cond; +# else /* WIN32 */ +# include +# include +# define THREAD_ENTRYTYPE +typedef pthread_t SFUT_Thread; +typedef pthread_t SFUT_ThreadId; +typedef void *(*SFUT_PTHREAD_START_ROUTINE) (void *arg); +typedef pthread_mutex_t SFUT_Mutex; +typedef pthread_cond_t SFUT_Cond; +#endif /* WIN32 */ + +typedef struct sfut_semaphore +{ + int magic; + + /* lock counters */ + int write_lock; + int read_lock; + + /* mutual exclusion protection for lock counters */ + SFUT_Mutex mutex; + + /* Signals release of write lock */ + SFUT_Cond wtest; + + /* Signals release of final read lock */ + SFUT_Cond rtest; + +} SFUT_Semaphore; + +typedef int (THREAD_ENTRYTYPE *SFUT_Thread_Func)(void *arg); + +#define SFUT_THREAD_STACK_SIZE_DEFAULT 0 + +SFUT_API_PUBLIC int +SFUT_ThreadCreate(SFUT_Thread *t, + size_t stack_size, + SFUT_Thread_Func func, + void *arg); + +SFUT_API_PUBLIC void +SFUT_ThreadSleep(int milliseconds); + +SFUT_API_PUBLIC void +SFUT_ThreadStop(SFUT_Thread *t); + +SFUT_API_PUBLIC void +SFUT_ThreadExit(SFUT_Thread *t, + int exit_value); + +SFUT_API_PUBLIC SFUT_Thread +SFUT_ThreadSelf(void); + +SFUT_API_PUBLIC SFUT_ThreadId +SFUT_ThreadSelfId(void); + + + +/* + * Mutexes + */ +SFUT_API_PUBLIC int +SFUT_MutexCreate(SFUT_Mutex *m); + +SFUT_API_PUBLIC int +SFUT_MutexLock(SFUT_Mutex *m); + +SFUT_API_PUBLIC int +SFUT_MutexUnlock(SFUT_Mutex *m); + +SFUT_API_PUBLIC void +SFUT_MutexDestroy(SFUT_Mutex *m); + + + + +/* + * Conditions + */ +SFUT_API_PUBLIC int +SFUT_CondCreate(SFUT_Cond *c); + +SFUT_API_PUBLIC int +SFUT_CondSignal(SFUT_Cond *c); + +SFUT_API_PUBLIC int +SFUT_CondBroadcast(SFUT_Cond *c); + +SFUT_API_PUBLIC int +SFUT_CondWait(SFUT_Cond *c, + SFUT_Mutex *m); + +SFUT_API_PUBLIC void +SFUT_CondDestroy(SFUT_Cond *c); + + +/* + * Semaphores + */ +SFUT_API_PUBLIC int +SFUT_SemaphoreCreate(SFUT_Semaphore *s); + +SFUT_API_PUBLIC int +SFUT_SemaphoreReadLock(SFUT_Semaphore *s); + +SFUT_API_PUBLIC int +SFUT_SemaphoreReadUnlock(SFUT_Semaphore *s); + +SFUT_API_PUBLIC int +SFUT_SemaphoreWriteUnlock(SFUT_Semaphore *s); + +SFUT_API_PUBLIC int +SFUT_SemaphoreWriteLock(SFUT_Semaphore *s); + +SFUT_API_PUBLIC void +SFUT_SemaphoreDestroy(SFUT_Semaphore *s); + + + + + +/* + * Thread Pool + */ +typedef struct _sfut_thread_pool SFUT_Thread_Pool; + +SFUT_API_PUBLIC int +SFUT_ThreadPoolCreate(SFUT_Thread_Pool **p, + size_t stack_size, + int num_threads); + +SFUT_API_PUBLIC int +SFUT_ThreadPoolAddJob(SFUT_Thread_Pool *p, + void *job_id, + SFUT_Thread_Func func, + void *arg); + +SFUT_API_PUBLIC int +SFUT_ThreadPoolRemoveJob(SFUT_Thread_Pool *p, + void *job_id); + +SFUT_API_PUBLIC int +SFUT_ThreadPoolDestroy(SFUT_Thread_Pool *p); + + +/* + * Network + */ +SFUT_API_PUBLIC int +SFUT_IsIP(const char *str); + +SFUT_API_PUBLIC int +SFUT_InetNtoa(unsigned long addr, + char *str, + size_t str_len); + +SFUT_API_PUBLIC int +SFUT_InetAton(const char *addr_str, + unsigned long *addr); + + +/* + * RFC 1738 + */ +SFUT_API_PUBLIC void +SFUT_RFC1738Escape(char *dest, + const unsigned char *src, + size_t src_len); + +SFUT_API_PUBLIC void +SFUT_RFC1738Unescape(unsigned char *str, + size_t *unescaped_len); + + +/* + * Strings + */ +#include +SFUT_API_PUBLIC int +SFUT_Vsnprintf(char *str, + size_t size, + const char *format, + va_list ap); + +SFUT_API_PUBLIC int +SFUT_Snprintf(char *str, + size_t size, + const char *format, + ...); + +SFUT_API_PUBLIC int +SFUT_Stristr(const char *s, + const char *find, + char **result); + +SFUT_API_PUBLIC int +SFUT_Strncat(char *dest, + const char *src, + size_t n); + +SFUT_API_PUBLIC int +SFUT_Strncpy(char *dest, + const char *src, + size_t n); + +SFUT_API_PUBLIC int +SFUT_Strcasecmp(const char *s1, + const char *s2); + +SFUT_API_PUBLIC int +SFUT_Strncasecmp(const char *s1, + const char *s2, + size_t n); + +/* + * Time + */ +SFUT_API_PUBLIC int +SFUT_TimeLocalGet(const time_t *clock, + struct tm *local); + +SFUT_API_PUBLIC int +SFUT_TimezoneGMTOffsetGet(void); + + +/* + * MD4 functions. + */ +typedef struct { + unsigned long int state[4]; /* state (ABCD) */ + unsigned long int count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +} SFUT_MD4_CTX; + +SFUT_API_PUBLIC void +SFUT_MD4Init(SFUT_MD4_CTX *); + +SFUT_API_PUBLIC void +SFUT_MD4Update(SFUT_MD4_CTX *, + const unsigned char *, + unsigned int); + +SFUT_API_PUBLIC void +SFUT_MD4Final(unsigned char[12], + SFUT_MD4_CTX *); + +/* + * CRC32 functions. + */ + +SFUT_API_PUBLIC unsigned long +SFUT_CRC32Init(); + +SFUT_API_PUBLIC unsigned long +SFUT_CRC32Proc(unsigned char *buf, + size_t len, + unsigned long crc); + +SFUT_API_PUBLIC unsigned long +SFUT_CRC32Term(unsigned long crc); + +SFUT_API_PUBLIC unsigned long +SFUT_UpdateCRC32(unsigned char ch, + unsigned long crc); + +SFUT_API_PUBLIC int +SFUT_CRC32File(char *name, + unsigned long *crc, + long *charcnt); + +SFUT_API_PUBLIC unsigned long +SFUT_CRC32Buf(char *buf, + size_t len); + +/* + * Byte swapping + */ +#ifdef BIGENDIAN +# define SFUT_Swap64(x) ( \ + (((x) & 0x00000000000000ff) << 56) | \ + (((x) & 0x000000000000ff00) << 40) | \ + (((x) & 0x0000000000ff0000) << 24) | \ + (((x) & 0x00000000ff000000) << 8) | \ + (((x) & 0x000000ff00000000) >> 8) | \ + (((x) & 0x0000ff0000000000) >> 24) | \ + (((x) & 0x00ff000000000000) >> 40) | \ + (((x) & 0xff00000000000000) >> 56) \ +) + +# define SFUT_Swap32(x) ( \ + (((x) & 0x000000ff) << 24) | \ + (((x) & 0x0000ff00) << 8) | \ + (((x) & 0x00ff0000) >> 8) | \ + (((x) & 0xff000000) >> 24) \ +) + +# define SFUT_Swap16(x) ( \ + (((x) & 0x00ff) << 8) | \ + (((x) & 0xff00) >> 8) \ +) + +#else /* BIGENDIAN */ +# define SFUT_Swap64(x) x +# define SFUT_Swap32(x) x +# define SFUT_Swap16(x) x +#endif /* BIGENDIAN */ + + +/* + * Search Tree + */ +typedef void (*SFUT_TREE_FREE_FUNC)(void *); +typedef struct sfut_tree *SFUT_Tree; + +SFUT_API_PUBLIC int +SFUT_TreeCreate(SFUT_Tree *t); + +SFUT_API_PUBLIC int +SFUT_TreeInsert(SFUT_Tree t, + void *key, + void *data); + +SFUT_API_PUBLIC void +SFUT_TreeShow(SFUT_Tree t); + +SFUT_API_PUBLIC int +SFUT_TreeCount(SFUT_Tree tree); + +SFUT_API_PUBLIC int +SFUT_TreeLocate(SFUT_Tree t, + void *key, + void **data); + +SFUT_API_PUBLIC int +SFUT_TreeRemove(SFUT_Tree t, + void *key, + void **data); + +SFUT_API_PUBLIC int +SFUT_TreeDestroy(SFUT_Tree t, + SFUT_TREE_FREE_FUNC free_func); + + + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* SF_UTIL_H */ diff -uN ../squid-2.5.STABLE14.orig/include/sfagentipc.h include/sfagentipc.h --- ../squid-2.5.STABLE14.orig/include/sfagentipc.h 1969-12-31 19:00:00.000000000 -0500 +++ include/sfagentipc.h 2005-04-05 12:39:39.000000000 -0400 @@ -0,0 +1,351 @@ + +#ifndef INCLUDE_SFA_COMM_IPC_H +#define INCLUDE_SFA_COMM_IPC_H + +# ifdef __cplusplus +extern "C" { +# endif /* __cplusplus */ + +/*--------------------------------------------------------------*\ + * + * Definitions + * +\*--------------------------------------------------------------*/ +/* + * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg + * block until a message is received or sent respectively. + */ +#define SFA_COMM_TIMEOUT_INFINITE 0xffffffff + +/* + * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg + * wait a relatively long time (30 minutes) until a message + * is received or sent respectively. + */ +#define SFA_COMM_TIMEOUT_LONG (60 * 30) + +/* + * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg + * wait a midrange amount of time (10 minutes) until a message + * is received or sent respectively. + */ +#define SFA_COMM_TIMEOUT_MEDIUM (60 * 10) + +/* + * Lengths of strings + */ +#define SFA_COMM_VERSION_LEN 80 +#define SFA_COMM_PLUGIN_LEN 30 +#define SFA_COMM_PLATFORM_LEN 30 +#define SFA_COMM_FILENAME_LEN 1024 +#define SFA_COMM_USERNAME_LEN 1024 +#define SFA_COMM_URL_LEN SFPL_MAX_URL + + + +/*--------------------------------------------------------------*\ + * + * Types + * +\*--------------------------------------------------------------*/ + +/* + * Values to be returned by functions. SFA_COMM_RETURN_OK + * is the only non-error return. + */ +typedef enum { + SFA_COMM_RETURN_FIRST = 1, /* Must be first */ + + /* + * All platforms + */ + SFA_COMM_RETURN_OK, + SFA_COMM_RETURN_ERROR, + SFA_COMM_RETURN_INVALID_HANDLE, + SFA_COMM_RETURN_INVALID_MSG_TYPE, + SFA_COMM_RETURN_INVALID_PARAMETER, + SFA_COMM_RETURN_MALFORMED_MESSAGE, + SFA_COMM_RETURN_NO_COMM_CHANNEL, + SFA_COMM_RETURN_CONNECT, + SFA_COMM_RETURN_SEND, + SFA_COMM_RETURN_SEND_TIMEOUT, + SFA_COMM_RETURN_RECEIVE, + SFA_COMM_RETURN_RECEIVE_TIMEOUT, + SFA_COMM_RETURN_NO_MEMORY, + SFA_COMM_RETURN_CONNECTION_CLOSED, + +#ifdef WIN32 + /* + * Windows only + */ + SFA_COMM_RETURN_CREATEPIPE, + SFA_COMM_RETURN_WAITNAMEDPIPE, + SFA_COMM_RETURN_OPENPIPE, + SFA_COMM_RETURN_WAITFAILED, + SFA_COMM_RETURN_OVERLAPPEDFAILED, + +#else /* WIN32 */ + + /* + * UNIX only + */ + SFA_COMM_RETURN_MALFORMED_MESSAGE_HEADER, + SFA_COMM_RETURN_SELECT, + SFA_COMM_RETURN_ACCEPT, + SFA_COMM_RETURN_UNLINK, + SFA_COMM_RETURN_SOCKET, + SFA_COMM_RETURN_BIND, + SFA_COMM_RETURN_LISTEN, +#endif /* WIN32 */ + + SFA_COMM_RETURN_LAST, /* Must be last */ +} SFA_Comm_Return_Type; + +/* + * Types of messages that are sent between the client and the server + */ +typedef enum { + SFA_COMM_MSG_FIRST = 1, /* Must be first */ + + /* Request messages (sent by client) */ + SFA_COMM_MSG_PLUGIN_INFO, + SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG, + SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST, + SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER, + SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER, + SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER, + + /* Response messages (sent by server) */ + SFA_COMM_MSG_PLUGIN_INFO_RESP, + SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG_RESP, + SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST_RESP, + SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER_RESP, + SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER_RESP, + SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER_RESP, + + SFA_COMM_MSG_LAST, /* Must be last */ +} SFA_Comm_Msg_Type; + +/* + * Used to hold the results of an SFA_COMM_MSG_PLUGIN_INFO_RESP + * response which is returned in response to an + * SFA_COMM_MSG_PLUGIN_INFO request. + */ +typedef struct { + SFA_Comm_Return_Type remote_status; + char version[SFA_COMM_VERSION_LEN + 1]; + char plugin_name[SFA_COMM_PLUGIN_LEN + 1]; + char platform_name[SFA_COMM_PLATFORM_LEN + 1]; +} SFA_Comm_Plugin_Info; + +/* + * Specifies the information to be sent in an + * SFA_COMM_MSG_RELOAD_CONFIG request. + */ +typedef struct { + SFA_Comm_Return_Type remote_status; + char filename[SFA_COMM_FILENAME_LEN + 1]; +} SFA_Comm_Plugin_Reload_Config; + +/* + * Specifies the information to be sent in an + * SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST request. + */ +typedef struct { + SFA_Comm_Return_Type remote_status; + char filename[SFA_COMM_FILENAME_LEN + 1]; +} SFA_Comm_Plugin_Reload_Control_List; + + +/* + * Specifies the information to be sent in an + * SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER request. + */ +typedef struct { + SFA_Comm_Return_Type remote_status; + char authover_username[SFA_COMM_USERNAME_LEN]; + char username[SFA_COMM_USERNAME_LEN]; + char client_ip[20]; + unsigned int duration; + char url[SFA_COMM_URL_LEN]; + char reason[80]; + char reasondata[80]; + time_t date; +} SFA_Comm_Plugin_Add_AuthOver_User; + +/* + * Specifies the information to be sent in an + * SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER request. + */ +typedef SFA_Comm_Plugin_Add_AuthOver_User SFA_Comm_Plugin_Remove_AuthOver_User; + +/* + * Specifies the information to be sent in an + * SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER request. + */ +typedef struct { + SFA_Comm_Return_Type remote_status; + char username[SFA_COMM_USERNAME_LEN]; + char client_ip[20]; + char url[SFA_COMM_URL_LEN]; + char reason[80]; + char reasondata[80]; + time_t date; +} SFA_Comm_Plugin_Add_Bypass_User; + +/* + * An opaque definition of the SmartFilter Agent Communications Handle + */ +typedef struct SFA_Comm_Handle_s SFA_Comm_Handle; + + + + +/*--------------------------------------------------------------*\ + * + * Prototypes + * +\*--------------------------------------------------------------*/ + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_Client_Init + * + * Purpose: Used by the client to initialize the communications + * layer. + * + * Parameters: out - hdl - Filled in with a handle to the opened + * communications layer. + * + * Notes: Call SFA_Comm_End to close the communications layer. + * +\*--------------------------------------------------------------*/ +SFA_Comm_Return_Type +SFA_Comm_Client_Init(SFA_Comm_Handle **hdl, + SFPL_Handle sfpl_handle); + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_Server_Init + * + * Purpose: Used by the server to initialize the communications + * layer. + * + * Parameters: out - hdl - Filled in with a handle to the opened + * communications layer. + * + * Notes: Call SFA_Comm_End to close the communications layer. + * +\*--------------------------------------------------------------*/ +SFA_Comm_Return_Type +SFA_Comm_Server_Init(SFA_Comm_Handle **hdl, + SFPL_Handle sfpl_handle); + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_Recvmsg + * + * Purpose: Receives a message from the other end of the + * communications channel. + * + * Parameters: in - hdl - must be the handle returned by + * SFA_Comm_[Client|Server]_Init. + * out - type - the type of message that was + * received -- must not be NULL. + * out - info - set to point to allocated memory that + * must be freed by the caller after the + * caller is finished with the received + * message. The allocated memory is a + * message-specific structure that is + * filled in with message-specific data. + * in - timeout - the number of seconds to wait + * to receive a message before + * returning control to the caller. + * Specifying SFA_COMM_TIMEOUT_INFINITE + * results in the call blocking until + * a message is received. + * + * Notes: If a timeout or an error occurs, type and info are + * not updated and should not be accessed. + * + * Must call SFA_Comm_[Client|Server]_Init first. + * +\*--------------------------------------------------------------*/ +SFA_Comm_Return_Type +SFA_Comm_Recvmsg(SFA_Comm_Handle *hdl, + SFA_Comm_Msg_Type *type, + void **info, + unsigned int timeout); + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_Sendmsg + * + * Purpose: Sends a message to the other end of the + * communications channel. + * + * Parameters: in - hdl - must be the handle returned by + * SF_Comm_[Client|Server]_Init. + * in - type - the type of message to be sent. + * in - info - the message-specific informational + * structure used to build the message + * before it is sent. + * in - timeout - the number of seconds to wait + * to send the message before + * returning control to the caller. + * Specifying SFA_COMM_TIMEOUT_INFINITE + * results in the call blocking until + * the message is sent. + * + * Notes: Must call SFA_Comm_[Client|Server]_Init first. + * +\*--------------------------------------------------------------*/ +SFA_Comm_Return_Type +SFA_Comm_Sendmsg(SFA_Comm_Handle *hdl, + SFA_Comm_Msg_Type type, + const void *info, + unsigned int timeout); + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_Strerror + * + * Purpose: Gets an error message string + * + * Parameters: in - ret - The error for which to get the + * message string. + * + * Notes: The returned string must not be freed by the caller + * +\*--------------------------------------------------------------*/ +char * +SFA_Comm_Strerror(SFA_Comm_Return_Type ret); + +/*--------------------------------------------------------------*\ + * + * Name: SFA_Comm_End + * + * Purpose: Closes down the communications channel that was + * opened with SFA_Comm_[Client|Server]_Init. + * + * Parameters: update - hdl - must be the handle returned by + * SFA_Comm_[Client|Server]_Init. + * After this call, hdl is no + * longer valid. + * + * Notes: Call SFA_Comm_[Client|Server]_Init to open the + * communications channel. After this call, no more + * communications can be done unless + * SFA_Comm_[Client|Server]_Init is called again. + * +\*--------------------------------------------------------------*/ +void +SFA_Comm_End(SFA_Comm_Handle **hdl); + + + +# ifdef __cplusplus +} +# endif /* __cplusplus */ + +#endif /*INCLUDE_SFA_COMM_IPC_H */ Binary files ../squid-2.5.STABLE14.orig/lib/libsfcontrol.a and lib/libsfcontrol.a differ Binary files ../squid-2.5.STABLE14.orig/lib/libsflog_client.a and lib/libsflog_client.a differ Binary files ../squid-2.5.STABLE14.orig/lib/libsfplugin.a and lib/libsfplugin.a differ Binary files ../squid-2.5.STABLE14.orig/lib/libsmartfilteragent.a and lib/libsmartfilteragent.a differ --- ../squid-2.5.STABLE14.orig/patchfile 1969-12-31 19:00:00.000000000 -0500 +++ patchfile 2007-01-24 01:08:01.341483000 -0500 @@ -0,0 +1,3066 @@ +--- ../squid-2.5.STABLE14.orig/configure 2006-05-20 09:43:18.000000000 -0400 ++++ configure 2007-01-24 01:02:39.001425000 -0500 +@@ -234,6 +234,8 @@ + use internal copies of the headers from Samba-2.2.7) + " + ac_help="$ac_help ++ --enable-smartfilter Enable SmartFilter web filtering." ++ac_help="$ac_help + --disable-unlinkd Do not use unlinkd" + ac_help="$ac_help + --enable-stacktraces Enable automatic call backtrace on fatal errors" +@@ -2009,6 +2011,22 @@ + echo "With dl" + fi + ++# Check whether --enable-smartfilter or --disable-smartfilter was given. ++if test "${enable_smartfilter+set}" = set; then ++ enableval="$enable_smartfilter" ++ case $enableval in ++ yes) ++ CFLAGS="$CFLAGS -DSMARTFILTER -DUNIX -D_REENTRANT" ++ SF_SRCS="smartfilter_squid.c smartfilter_userinfo.c smartfilter_thread.c" ++ SF_LIBS="-lsfplugin -lsflog_client -lsfcontrol -lsmartfilteragent -lpthread " ++ ;; ++ no) ++ ;; ++ *) ++ ;; ++ esac ++fi ++ + # Check whether --enable-storeio or --disable-storeio was given. + if test "${enable_storeio+set}" = set; then + enableval="$enable_storeio" +@@ -9170,6 +9188,8 @@ + s%@LIBOBJS@%$LIBOBJS%g + s%@XTRA_OBJS@%$XTRA_OBJS%g + s%@XTRA_LIBS@%$XTRA_LIBS%g ++s%@SF_LIBS@%$SF_LIBS%g ++s%@SF_SRCS@%$SF_SRCS%g + + CEOF + EOF +Common subdirectories: ../squid-2.5.STABLE14.orig/contrib/nextstep and contrib/nextstep +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Azerbaijani and errors/Azerbaijani +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Bulgarian and errors/Bulgarian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Catalan and errors/Catalan +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Czech and errors/Czech +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Danish and errors/Danish +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Dutch and errors/Dutch +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/English and errors/English +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Estonian and errors/Estonian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Finnish and errors/Finnish +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/French and errors/French +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/German and errors/German +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Greek and errors/Greek +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Hebrew and errors/Hebrew +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Hungarian and errors/Hungarian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Italian and errors/Italian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Japanese and errors/Japanese +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Korean and errors/Korean +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Lithuanian and errors/Lithuanian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Polish and errors/Polish +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Portuguese and errors/Portuguese +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Romanian and errors/Romanian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Russian-1251 and errors/Russian-1251 +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Russian-koi8-r and errors/Russian-koi8-r +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Serbian and errors/Serbian +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Simplify_Chinese and errors/Simplify_Chinese +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Slovak and errors/Slovak +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Spanish and errors/Spanish +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Swedish and errors/Swedish +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Traditional_Chinese and errors/Traditional_Chinese +Common subdirectories: ../squid-2.5.STABLE14.orig/errors/Turkish and errors/Turkish +Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/basic_auth and helpers/basic_auth +Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/digest_auth and helpers/digest_auth +Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/external_acl and helpers/external_acl +Common subdirectories: ../squid-2.5.STABLE14.orig/helpers/ntlm_auth and helpers/ntlm_auth +Common subdirectories: ../squid-2.5.STABLE14.orig/include/samba and include/samba +diff -uN ../squid-2.5.STABLE14.orig/include/sf_control.h include/sf_control.h +--- ../squid-2.5.STABLE14.orig/include/sf_control.h 1969-12-31 19:00:00.000000000 -0500 ++++ include/sf_control.h 2006-08-14 12:06:38.000000000 -0400 +@@ -0,0 +1,630 @@ ++/*--------------------------------------------------------------------------*\ ++ * ++ * SmartFilter Control List Library ++ * ++ * Copyright (c) 2003-2006, Secure Computing Corporation. All rights reserved. ++ * ++ * $RCSfile: sf_control.h,v $ ++ * $Revision: 1.4.2.5 $ ++ * $Date: 2006/08/14 16:06:38 $ ++ * $State: Exp $ ++\*--------------------------------------------------------------------------*/ ++ ++#ifndef SF_CONTROL_H ++#define SF_CONTROL_H ++ ++#include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * GENERAL ++ * ++\*--------------------------------------------------------------*/ ++#ifdef WIN32 ++# ifdef SFCL_API_BUILD ++# define SFCL_API_PUBLIC __declspec(dllexport) ++# else /* SFCL_API_BUILD */ ++# define SFCL_API_PUBLIC __declspec(dllimport) ++# endif /* SFCL_API_BUILD */ ++#else ++# define SFCL_API_PUBLIC extern ++#endif /* WIN32 */ ++ ++#define SFCL_API_INTERNAL extern ++#define SFCL_API_PRIVATE static ++#define SFCL_API_PROTECTED SFCL_API_PUBLIC ++ ++/* ++ * Library version information ++ */ ++#define SFCL_API_VERSION_MAJOR 4 ++#define SFCL_API_VERSION_MINOR 2 ++#define SFCL_API_VERSION_DESC_LEN 80 ++ ++/* ++ * Return values from functions ++ */ ++#define SFCL_OK 0 ++#define SFCL_ERROR 1 ++ ++#define SFCL_NOMEM 10 ++#define SFCL_INSUFFICIENT_SPACE 11 ++ ++#define SFCL_INVALID_URL 20 ++ ++#define SFCL_INVALID_LIST 30 ++#define SFCL_NO_LIST 31 ++#define SFCL_EXPIRED_LIST 32 ++ ++#define SFCL_INVALID_FILE 40 ++#define SFCL_DOWNLOAD_FAILED 41 ++#define SFCL_MERGE_FAILED 42 ++ ++ ++SFCL_API_PUBLIC int ++SFCL_Init(void); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * HANDLE ++ * ++\*--------------------------------------------------------------*/ ++typedef struct sfcl_handle *SFCL_Handle; ++ ++SFCL_API_PUBLIC int ++SFCL_HandleCreate(SFCL_Handle *sfcl_handle); ++ ++SFCL_API_PUBLIC int ++SFCL_HandleDestroy(SFCL_Handle *sfcl_handle); ++ ++typedef enum ++{ ++ SFCL_HANDLE_INFO_FIRST, /* do not use */ ++ ++ SFCL_HANDLE_INFO_LIST_EXPIRED, ++ SFCL_HANDLE_INFO_LIST_EXPIRE_TIME, ++ SFCL_HANDLE_INFO_LIST_SERIAL_NUM, ++ SFCL_HANDLE_INFO_API_VERSION_MAJOR, ++ SFCL_HANDLE_INFO_API_VERSION_MINOR, ++ SFCL_HANDLE_INFO_API_VERSION_DESC, ++ ++ SFCL_HANDLE_INFO_LAST, /* do not use */ ++} SFCL_Handle_Info; ++ ++SFCL_API_PUBLIC int ++SFCL_HandleInfoGet(SFCL_Handle sfcl_handle, ++ SFCL_Handle_Info info_type, ++ void *info); ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CATEGORIES ++ * ++\*--------------------------------------------------------------*/ ++typedef struct sfcl_categories *SFCL_Categories; ++typedef unsigned int SFCL_Category; ++ ++typedef enum ++{ ++ SFCL_LANGUAGE_FIRST, /* do not use */ ++ ++ SFCL_LANGUAGE_ENGLISH, ++ SFCL_LANGUAGE_ENGLISH_CATEGORY_SHORT, ++ ++ SFCL_LANGUAGE_LAST /* do not use */ ++} SFCL_Language; ++ ++typedef enum ++{ ++ SFCL_ENCODING_FIRST, /* do not use */ ++ ++ SFCL_ENCODING_UTF8, ++ ++ SFCL_ENCODING_LAST /* do not use */ ++} SFCL_Encoding; ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCategoryAdd(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ SFCL_Category category); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCategoryAddAll(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCategoryIsMember(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ SFCL_Category category, ++ int *member); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCategoryRemove(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ SFCL_Category category); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCategoryRemoveAll(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCopy(SFCL_Handle sfcl_handle, ++ SFCL_Categories src, ++ SFCL_Categories dst); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCount(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ int *count); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesCreate(SFCL_Handle sfcl_handle, ++ SFCL_Categories *categories); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesDestroy(SFCL_Handle sfcl_handle, ++ SFCL_Categories *categories); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesEqual(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories1, ++ SFCL_Categories categories2, ++ int *equal); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesIntersect(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories1, ++ SFCL_Categories categories2, ++ SFCL_Categories result, ++ int *num_cats); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesToArray(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ SFCL_Category *cat_array, ++ int *num_cats); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesToString(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories, ++ SFCL_Language language, ++ SFCL_Encoding encoding, ++ char *delimiter, ++ size_t delimiter_len, ++ char *cat_string, ++ size_t *cat_string_len); ++ ++SFCL_API_PUBLIC int ++SFCL_CategoriesUnion(SFCL_Handle sfcl_handle, ++ SFCL_Categories categories1, ++ SFCL_Categories categories2, ++ SFCL_Categories result, ++ int *num_cats); ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * URLS ++ * ++\*--------------------------------------------------------------*/ ++typedef struct sfcl_url *SFCL_Url; ++ ++#define SFCL_URL_CAT_SKIP_CUSTOM_KEYWORDS 0x00000001 ++#define SFCL_URL_CAT_SKIP_CUSTOM_SITES 0x00000002 ++#define SFCL_URL_CAT_SKIP_LIST 0x00000004 ++#define SFCL_URL_CAT_SKIP_LIST_KEYWORDS 0x00000008 ++#define SFCL_URL_CAT_SKIP_PATTERNS 0x00000010 ++#define SFCL_URL_CAT_SKIP_MASK 0x0000001F ++#define SFCL_URL_CAT_SKIP_ALL (0xFFFFFFFF & SFCL_URL_CAT_SKIP_MASK) ++ ++SFCL_API_PUBLIC int ++SFCL_UrlCategorize(SFCL_Handle sfcl_handle, ++ SFCL_Url url, ++ SFCL_Categories categories, ++ int *num_cats, ++ int skip_methods); ++ ++SFCL_API_PUBLIC int ++SFCL_UrlCreate(SFCL_Handle sfcl_handle, ++ SFCL_Url *url); ++ ++SFCL_API_PUBLIC int ++SFCL_UrlDestroy(SFCL_Handle sfcl_handle, ++ SFCL_Url *url); ++ ++SFCL_API_PUBLIC int ++SFCL_UrlDomainRewrite(SFCL_Handle sfcl_handle, ++ SFCL_Url url, ++ const char *new_domain); ++ ++typedef enum ++{ ++ SFCL_URL_INFO_FIRST, /* do not use */ ++ ++ SFCL_URL_INFO_DOMAIN, ++ SFCL_URL_INFO_FILE_EXT, ++ SFCL_URL_INFO_NUM_PATHS, ++ SFCL_URL_INFO_DOMAIN_IS_IP, ++ SFCL_URL_INFO_IS_USER_PAGE, ++ SFCL_URL_INFO_PROTOCOL, ++ SFCL_URL_INFO_PORT, ++ SFCL_URL_INFO_PATH, ++ SFCL_URL_INFO_CGI, ++ ++ SFCL_URL_INFO_LAST, /* do not use */ ++} SFCL_Url_Info; ++ ++SFCL_API_PUBLIC int ++SFCL_UrlInfoGet(SFCL_Handle sfcl_handle, ++ SFCL_Url url, ++ SFCL_Url_Info info_type, ++ void *info); ++ ++ ++SFCL_API_PUBLIC int ++SFCL_UrlParse(SFCL_Handle sfcl_handle, ++ const char *url, ++ const char *host_header, ++ SFCL_Url parsed_url); ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CUSTOM SEARCH KEYWORDS ++ * ++\*--------------------------------------------------------------*/ ++SFCL_API_PUBLIC int ++SFCL_CustomSearchKeywordsAdd(SFCL_Handle sfcl_handle, ++ const char *keyword, ++ SFCL_Categories categories); ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSearchKeywordsPost(SFCL_Handle sfcl_handle); ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSearchKeywordsRemove(SFCL_Handle sfcl_handle, ++ const char *keyword); ++ ++typedef enum SFCL_Custom_Search_Keywords_Reset_Type ++{ ++ SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_FIRST, /* Do not use */ ++ ++ SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_ACTIVE, ++ SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_PENDING, ++ SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_ALL, ++ ++ SFCL_CUSTOM_SEARCH_KEYWORDS_RESET_LAST /* Do not use */ ++} SFCL_Custom_Search_Keywords_Reset_Type; ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSearchKeywordsReset(SFCL_Handle sfcl_handle, ++ SFCL_Custom_Search_Keywords_Reset_Type type); ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CUSTOM SITES ++ * ++\*--------------------------------------------------------------*/ ++ ++#define SFCL_CUSTOM_SITES_MATCH_PORT 0x00000001 ++#define SFCL_CUSTOM_SITES_MATCH_PROTOCOL 0x00000002 ++ ++typedef enum ++{ ++ SFCL_CUSTOM_SITES_TYPE_FIRST, /* Do not use */ ++ ++ SFCL_CUSTOM_SITES_TYPE_NONE, ++ SFCL_CUSTOM_SITES_TYPE_SEARCH_PHRASE, ++ ++ SFCL_CUSTOM_SITES_TYPE_LAST, /* Do not use */ ++} SFCL_Custom_Sites_Data; ++ ++ ++typedef enum SFCL_Custom_Sites_State ++{ ++ SFCL_CUSTOM_SITES_STATE_FIRST, /* Do not use */ ++ ++ SFCL_CUSTOM_SITES_STATE_INITIAL, ++ SFCL_CUSTOM_SITES_STATE_FINAL, ++ ++ SFCL_CUSTOM_SITES_STATE_LAST /* Do not use */ ++} SFCL_Custom_Sites_State; ++ ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSitesAdd(SFCL_Handle sfcl_handle, ++ SFCL_Url url, ++ int url_match, ++ SFCL_Categories categories, ++ SFCL_Custom_Sites_State state, ++ SFCL_Custom_Sites_Data data_type, ++ void *data); ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSitesPost(SFCL_Handle sfcl_handle); ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSitesRemove(SFCL_Handle sfcl_handle, ++ SFCL_Url url, ++ int match); ++ ++typedef enum SFCL_Custom_Sites_Reset_Type ++{ ++ SFCL_CUSTOM_SITES_RESET_FIRST, /* Do not use */ ++ ++ SFCL_CUSTOM_SITES_RESET_ACTIVE, ++ SFCL_CUSTOM_SITES_RESET_PENDING, ++ SFCL_CUSTOM_SITES_RESET_ALL, ++ ++ SFCL_CUSTOM_SITES_RESET_LAST /* Do not use */ ++} SFCL_Custom_Sites_Reset_Type; ++ ++ ++ ++SFCL_API_PUBLIC int ++SFCL_CustomSitesReset(SFCL_Handle sfcl_handle, ++ SFCL_Custom_Sites_Reset_Type type); ++ ++ ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * LOGGING ++ * ++\*--------------------------------------------------------------*/ ++typedef enum ++{ ++ SFCL_LOG_LEVEL_FIRST = 0, ++ ++ SFCL_LOG_LEVEL_NONE, /* Turns all logging off */ ++ SFCL_LOG_LEVEL_FATAL, /* Bad error, going away or crashing */ ++ SFCL_LOG_LEVEL_ERROR, /* Bad error, will try to recover */ ++ SFCL_LOG_LEVEL_WARNING, /* Shouldn't have happened, but can recover */ ++ SFCL_LOG_LEVEL_INFO, /* Something interesting (and normal) occurred */ ++ SFCL_LOG_LEVEL_DEBUG1, /* DEBUG1 through DEBUG9 and also DEBUG */ ++ SFCL_LOG_LEVEL_DEBUG2, /* represent the different debugging levels */ ++ SFCL_LOG_LEVEL_DEBUG3, /* that an application may use. Typically, */ ++ SFCL_LOG_LEVEL_DEBUG4, /* the larger the number, the more logging */ ++ SFCL_LOG_LEVEL_DEBUG5, /* you will see. */ ++ SFCL_LOG_LEVEL_DEBUG6, ++ SFCL_LOG_LEVEL_DEBUG7, ++ SFCL_LOG_LEVEL_DEBUG8, ++ SFCL_LOG_LEVEL_DEBUG9, ++ SFCL_LOG_LEVEL_DEBUG, /* All debugging except for trace logs */ ++ SFCL_LOG_LEVEL_TRACE, /* All debugging as well as trace logs */ ++ /* which mark the entrance and exit of */ ++ /* functions. */ ++ SFCL_LOG_LEVEL_ALL, /* All log messages */ ++ ++ SFCL_LOG_LEVEL_LAST ++} SFCL_Log_Level; ++ ++ ++typedef int SFCL_Log_Area; ++ ++#define SFCL_LOG_AREA_CUSTOM_SITES 0x00000001 ++#define SFCL_LOG_AREA_CUSTOM_KEYWORDS 0x00000002 ++#define SFCL_LOG_AREA_CUSTOM_PATTERNS 0x00000004 ++#define SFCL_LOG_AREA_LIST_DOWNLOAD 0x00000008 ++#define SFCL_LOG_AREA_LIST_LOAD 0x00000010 ++#define SFCL_LOG_AREA_LIST_SEARCH 0x00000020 ++#define SFCL_LOG_AREA_LOG 0x00000040 ++#define SFCL_LOG_AREA_URL 0x00000080 ++#define SFCL_LOG_AREA_CATEGORIES 0x00000100 ++#define SFCL_LOG_AREA_HANDLE 0x00000200 ++#define SFCL_LOG_AREA_MASK 0x000003FF ++#define SFCL_LOG_AREA_ALL (0xFFFFFFFF & SFCL_LOG_AREA_MASK) ++ ++typedef void (*SFCL_Log_Func)(SFCL_Log_Level level, ++ SFCL_Log_Area area, ++ const char *message); ++ ++SFCL_API_PUBLIC int ++SFCL_LogFunctionSet(SFCL_Handle sfcl_handle, ++ SFCL_Log_Func log_func); ++ ++SFCL_API_PUBLIC int ++SFCL_LogLevelSet(SFCL_Handle sfcl_handle, ++ SFCL_Log_Level level, ++ SFCL_Log_Area areas); ++ ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CONTROL LIST ++ * ++\*--------------------------------------------------------------*/ ++typedef void *(*SFCL_List_Alloc_Func)(size_t bytes); ++typedef void (*SFCL_List_Free_Func)(void *ptr); ++ ++ ++SFCL_API_PUBLIC int ++SFCL_ListAccessFunctionsSet(SFCL_Handle sfcl_handle, ++ SFCL_List_Alloc_Func list_alloc_func, ++ SFCL_List_Free_Func list_free_func); ++ ++typedef enum ++{ ++ SFCL_LIST_DOWNLOAD_MODE_FIRST, /* do not use */ ++ ++ SFCL_LIST_DOWNLOAD_MODE_FULL, ++ SFCL_LIST_DOWNLOAD_MODE_INCR, ++ SFCL_LIST_DOWNLOAD_MODE_INCR_LOW_CPU, ++ ++ SFCL_LIST_DOWNLOAD_MODE_LAST, /* do not use */ ++ ++} SFCL_List_Download_Mode; ++ ++#define SFCL_LIST_DOWNLOAD_COMPLETE 1 ++#define SFCL_LIST_DOWNLOAD_PARTIAL 2 ++#define SFCL_LIST_DOWNLOAD_NOT_NEEDED 3 ++ ++SFCL_API_PUBLIC int ++SFCL_ListDownload(SFCL_Handle sfcl_handle, ++ const char *local_filename, ++ SFCL_List_Download_Mode download_mode, ++ int *download_status, ++ void *data); ++ ++typedef enum SFCL_List_Download_Error ++{ ++ SFCL_LIST_DOWNLOAD_ERROR_FIRST, /* do not use */ ++ ++ SFCL_LIST_DOWNLOAD_ERROR_INTERNAL, ++ SFCL_LIST_DOWNLOAD_ERROR_RESPONSE_INVALID, ++ SFCL_LIST_DOWNLOAD_ERROR_FILE_PERMISSIONS, ++ SFCL_LIST_DOWNLOAD_ERROR_CONNECT, ++ SFCL_LIST_DOWNLOAD_ERROR_HOSTNAME_INVALID, ++ SFCL_LIST_DOWNLOAD_ERROR_HTTP_STATUS, ++ ++ SFCL_LIST_DOWNLOAD_ERROR_LAST /* do not use */ ++} SFCL_List_Download_Error; ++ ++ ++typedef enum SFCL_List_Download_List_Type ++{ ++ SFCL_LIST_DOWNLOAD_LIST_TYPE_FIRST, /* do not use */ ++ ++ SFCL_LIST_DOWNLOAD_LIST_TYPE_STANDARD, ++ ++ SFCL_LIST_DOWNLOAD_LIST_TYPE_LAST /* do not use */ ++} SFCL_List_Download_List_Type; ++ ++ ++typedef struct SFCL_List_Download_Func_Info ++{ ++ SFCL_Handle sfcl_handle; ++ char dest_host[80]; ++ unsigned short dest_port; ++ char proxy_host[80]; ++ unsigned short proxy_port; ++ char proxy_username[80]; ++ char proxy_password[80]; ++ char path[1024]; ++ char serial_number[80]; ++ char perm_serial_number[80]; ++ SFCL_List_Download_List_Type list_type; ++ char product_type[80]; ++ char product_version[20]; ++ char os[20]; ++ char *distributes_to; /* For Secure Computing use only */ ++ int user_count; ++ char expiration[80]; ++ SFCL_List_Download_Error status; ++ int http_status; ++ char message[1024]; ++ SFCL_Log_Level message_level; ++ int message_code; ++} SFCL_List_Download_Func_Info; ++ ++ ++#define SFCL_FILE_TYPE_SUBSCRIPTION -4 ++#define SFCL_FILE_TYPE_INFO -3 ++#define SFCL_FILE_TYPE_FULL -2 ++#define SFCL_FILE_TYPE_CURRENT -1 ++ ++typedef int (*SFCL_List_Download_Func)(const char *local_file, ++ int file_type, ++ void *data); ++ ++SFCL_API_PUBLIC int ++SFCL_ListDownloadFunctionSet(SFCL_Handle sfcl_handle, ++ SFCL_List_Download_Func download_func); ++ ++ ++SFCL_API_PUBLIC int ++SFCL_ListSubscriptionInfoDownload(SFCL_Handle sfcl_handle, ++ SFCL_List_Download_Func_Info *data); ++ ++typedef enum ++{ ++ SFCL_LIST_ACCESS_FIRST, /* do not use */ ++ ++ SFCL_LIST_ACCESS_DISK, ++ SFCL_LIST_ACCESS_MEMORY, ++ SFCL_LIST_ACCESS_EXTERNAL, ++ ++ SFCL_LIST_ACCESS_LAST /* do not use */ ++} SFCL_List_Access; ++ ++SFCL_API_PUBLIC int ++SFCL_ListLoad(SFCL_Handle sfcl_handle, ++ const char *filename, ++ SFCL_List_Access access); ++ ++SFCL_API_PUBLIC int ++SFCL_ListLoadFromHandle(SFCL_Handle sfcl_handle_src, ++ SFCL_Handle sfcl_handle_dst); ++ ++SFCL_API_PUBLIC int ++SFCL_ListReload(SFCL_Handle sfcl_handle, ++ const char *filename); ++ ++SFCL_API_PUBLIC int ++SFCL_ListUnload(SFCL_Handle sfcl_handle); ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * PATTERNS ++ * ++\*--------------------------------------------------------------*/ ++typedef enum ++{ ++ SFCL_CATEGORIES_ACTION_FIRST, /* do not use */ ++ ++ SFCL_CATEGORIES_ACTION_OVERRIDE, ++ SFCL_CATEGORIES_ACTION_AUGMENT, ++ ++ SFCL_CATEGORIES_ACTION_LAST, /* do not use */ ++} SFCL_Patterns_Categories_Action; ++ ++ ++ ++SFCL_API_PUBLIC int ++SFCL_PatternsAdd(SFCL_Handle sfcl_handle, ++ SFCL_Categories input_categories, ++ const char *protocol, ++ const char *domain_pattern, ++ const char *path_pattern, ++ SFCL_Categories output_categories, ++ SFCL_Patterns_Categories_Action categories_action); ++ ++SFCL_API_PUBLIC int ++SFCL_PatternsPost(SFCL_Handle sfcl_handle); ++ ++typedef enum SFCL_Patterns_Reset_Type ++{ ++ SFCL_PATTERNS_RESET_FIRST, /* Do not use */ ++ ++ SFCL_PATTERNS_RESET_ACTIVE, ++ SFCL_PATTERNS_RESET_PENDING, ++ SFCL_PATTERNS_RESET_ALL, ++ ++ SFCL_PATTERNS_RESET_LAST /* Do not use */ ++} SFCL_Patterns_Reset_Type; ++ ++ ++ ++SFCL_API_PUBLIC int ++SFCL_PatternsReset(SFCL_Handle sfcl_handle, ++ SFCL_Patterns_Reset_Type type); ++ ++ ++#ifdef __cplusplus ++} ++#endif/* __cplusplus */ ++ ++ ++#endif /* SF_CONTROL_H */ +diff -uN ../squid-2.5.STABLE14.orig/include/sf_plugin.h include/sf_plugin.h +--- ../squid-2.5.STABLE14.orig/include/sf_plugin.h 1969-12-31 19:00:00.000000000 -0500 ++++ include/sf_plugin.h 2006-08-17 12:35:18.000000000 -0400 +@@ -0,0 +1,1085 @@ ++/*--------------------------------------------------------------------------*\ ++ * ++ * SmartFilter Plugin Library ++ * ++ * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. ++ * ++ * $RCSfile: sf_plugin.h,v $ ++ * $Revision: 1.70.2.12 $ ++ * $Date: 2006/08/17 16:35:18 $ ++ * $State: Exp $ ++\*--------------------------------------------------------------------------*/ ++ ++#ifndef SFPL_PLUGIN_H ++#define SFPL_PLUGIN_H ++ ++#include "sf_control.h" ++#include "sf_util.h" ++ ++#ifdef WIN32 ++#include "sfpl_msg.h" ++#endif ++ ++#if defined(__cplusplus) ++extern "C" { ++#endif /* __cplusplus */ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * GENERAL ++ * ++\*--------------------------------------------------------------*/ ++#ifdef WIN32 ++# ifdef SFPL_API_BUILD ++# define SFPL_API_PUBLIC __declspec(dllexport) ++# else /* SFPL_API_BUILD */ ++# define SFPL_API_PUBLIC __declspec(dllimport) ++# endif /* SFPL_API_BUILD */ ++#else ++# define SFPL_API_PUBLIC extern ++#endif /* WIN32 */ ++ ++#define SFPL_API_INTERNAL extern ++#define SFPL_API_PRIVATE static ++ ++#ifndef SFPL_API_PROTECTED_BUILD ++# define SFPL_API_PROTECTED extern ++#else /* SFPL_API_PROTECTED_BUILD */ ++# define SFPL_API_PROTECTED SFPL_API_PUBLIC ++#endif /* SFPL_API_PROTECTED_BUILD */ ++ ++/* ++ * Library version information ++ */ ++#define SFPL_API_VERSION_MAJOR 4 ++#define SFPL_API_VERSION_MINOR 1 ++#define SFPL_API_VERSION_UPDATE 1 ++#define SFPL_API_VERSION_PATCH "01" ++#define SFPL_API_VERSION_DESC_LEN 80 ++ ++/* ++ * Return values from functions ++ */ ++#define SFPL_OK 0 ++#define SFPL_ERROR 1 ++ ++#define SFPL_NOMEM 10 ++#define SFPL_INSUFFICIENT_SPACE 11 ++ ++#define SFPL_INVALID_URL 20 ++ ++#define SFPL_INVALID_LIST 30 ++#define SFPL_NO_LIST 31 ++#define SFPL_EXPIRED_LIST 32 ++ ++#define SFPL_INVALID_FILE 40 ++#define SFPL_DOWNLOAD_FAILED 41 ++#define SFPL_MERGE_FAILED 42 ++ ++#define SFPL_NULL 50 ++#define SFPL_INVALID_HANDLE 51 ++#define SFPL_SERVER_FAILED 52 ++#define SFPL_NOT_FOUND 53 ++#define SFPL_RETRY 54 ++#define SFPL_INVALID 55 ++#define SFPL_DUPLICATE_GROUP 56 ++#define SFPL_EXPIRED_ACTIVATION 57 ++#define SFPL_FOUND 58 ++ ++#define SFPL_LOOKUP_REVERSE 70 ++#define SFPL_LOOKUP_FORWARD 71 ++ ++#define SFPL_TRANSAUTH_REDIRECT 100 ++#define SFPL_TRANSAUTH_CHECK 101 ++ ++ ++ ++#define SFPL_DISABLE 1 ++#define SFPL_ENABLE 2 ++ ++/*--------------------------------------------------------------*\ ++ * ++ * BLOCKED MESSAGES ++ * ++\*--------------------------------------------------------------*/ ++ ++/* Define Action codes */ ++typedef unsigned char SFPL_Action_Code; ++ ++/* ++ * These must be kept in order from most restrictive (smallest ++ * integer means greatest priority) to least restrictive. Note ++ * that exempt is a special case and we just decided it has the ++ * highest priority. ++ */ ++#define SFPL_EXEMPT 0 ++#define SFPL_AUTHOVER 1 ++#define SFPL_BLOCK 2 ++#define SFPL_WARN 3 ++#define SFPL_BYPASS 4 ++#define SFPL_DELAY 5 ++#define SFPL_MONITOR 6 ++#define SFPL_ALLOW 7 ++ ++#define SFPL_EXEMPT_STR "EXEMPT" ++#define SFPL_AUTHOVER_STR "AUTHOVERRIDE" ++#define SFPL_BLOCK_STR "BLOCK" ++#define SFPL_WARN_STR "WARN" ++#define SFPL_BYPASS_STR "BYPASS" ++#define SFPL_DELAY_STR "DELAY" ++#define SFPL_MONITOR_STR "MONITOR" ++#define SFPL_ALLOW_STR "ALLOW" ++#define SFPL_INVALID_ACTION_STR "INVALID_ACTION" ++ ++ ++/* These are for error messages and logging */ ++#define SFPL_MAX_MESSAGE 1024 ++#define SFPL_MAX_LOG 1024 ++ ++#define SFPL_MAX_URL 2048 ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * HANDLE ++ * ++\*--------------------------------------------------------------*/ ++typedef struct sfpl_handle *SFPL_Handle; ++ ++SFPL_API_PUBLIC int ++SFPL_HandleCreate(SFPL_Handle *sfpl_handle); ++ ++SFPL_API_PUBLIC int ++SFPL_HandleDestroy(SFPL_Handle *sfpl_handle); ++ ++typedef enum ++{ ++ SFPL_HANDLE_INFO_FIRST, /* do not use */ ++ ++ SFPL_HANDLE_INFO_API_VERSION_MAJOR, ++ SFPL_HANDLE_INFO_API_VERSION_MINOR, ++ SFPL_HANDLE_INFO_API_VERSION_DESC, ++ SFPL_HANDLE_INFO_CONTROL_HANDLE, ++ SFPL_HANDLE_INFO_DOWNLOAD_SETTINGS, ++ SFPL_HANDLE_INFO_REVERSE_LOOKUPS, ++ SFPL_HANDLE_INFO_SERIAL_NUMBER, ++ SFPL_HANDLE_INFO_PERM_SERIAL_NUMBER, ++ SFPL_HANDLE_INFO_CONTROL_PATH, ++ SFPL_HANDLE_INFO_LOG_OPTION, ++ SFPL_HANDLE_INFO_LOG_TYPE, ++ SFPL_HANDLE_INFO_LOG_TEXT_DIR, ++ SFPL_HANDLE_INFO_ODBC_DSN, ++ SFPL_HANDLE_INFO_ODBC_TABLE, ++ SFPL_HANDLE_INFO_SQL_USER, ++ SFPL_HANDLE_INFO_SQL_PASS, ++ SFPL_HANDLE_INFO_IP_RATING, ++ SFPL_HANDLE_INFO_MAIL_SETTINGS, ++ SFPL_HANDLE_INFO_AUTHSERV_SETTINGS, ++ ++ SFPL_HANDLE_INFO_LAST /* do not use */ ++} SFPL_Handle_Info; ++ ++SFPL_API_PUBLIC int ++SFPL_HandleInfoGet(SFPL_Handle sfpl_handle, ++ SFPL_Handle_Info info_type, ++ void *info); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * USERS, GROUPS, AND POLICY ++ * ++\*--------------------------------------------------------------*/ ++ ++typedef struct sfpl_policy SFPL_Policy; ++ ++/* Define user/group/policy maximums */ ++#define SFPL_MAX_GROUPNAME 32 ++#define SFPL_MAX_USERNAME 32 ++#define SFPL_MAX_POLICYNAME 65 /* 64 + 1 for the null-terminator */ ++ ++typedef struct sfpl_group_list ++{ ++ struct sfpl_group_list *next; ++ char group_name[SFPL_MAX_GROUPNAME]; ++ char policy_name[SFPL_MAX_POLICYNAME]; ++ SFPL_Policy *policy; ++} SFPL_Group_List; ++ ++typedef struct user_grouplist ++{ ++ struct user_grouplist *next; ++ char group_name[SFPL_MAX_GROUPNAME]; ++} SFPL_User_Group_List; ++ ++typedef struct user_data ++{ ++ struct user_data *next; ++ SFPL_Group_List *group; ++} SFPL_User_Data; ++ ++SFPL_API_PUBLIC int /* Needed for Squid. */ ++SFPL_GetIPRangeGroups(SFPL_Handle sfpl_handle, ++ char *ipaddr_char, ++ SFPL_User_Group_List **grouplist, ++ int *total); ++ ++SFPL_API_PUBLIC int /* Needed for Squid. */ ++SFPL_GetUserGroups(SFPL_Handle sfpl_handle, ++ char *username, ++ SFPL_User_Group_List **grouplist, ++ int *total_groups, ++ char *err_msg, ++ int msg_len, ++ int *log_err_msg); ++ ++#define SFPL_USER_QUERY_USERNAME 0 ++#define SFPL_USER_QUERY_IP 1 ++ ++SFPL_API_PUBLIC int ++SFPL_IsAuthOverrideUser(SFPL_Handle sfpl_handle, ++ const char *authover_username); ++ ++SFPL_API_PUBLIC int ++SFPL_AuthOverrideUserAdd(SFPL_Handle sfpl_handle, ++ const char *authover_username, ++ const char *username, ++ const char *client_ip, ++ time_t date, ++ int duration, ++ const char *url, ++ const char *reason, ++ const char *reasondata); ++ ++SFPL_API_PUBLIC int ++SFPL_AuthOverrideUserRemove(SFPL_Handle sfpl_handle, ++ const char *authover_username, ++ const char *username, ++ const char *client_ip); ++ ++SFPL_API_PUBLIC int ++SFPL_BypassUserAdd(SFPL_Handle sfpl_handle, ++ const char *username, ++ const char *client_ip, ++ time_t date, ++ const char *url, ++ const char *reason, ++ const char *reasondata); ++ ++SFPL_API_PUBLIC void ++SFPL_RedirectionHashCompute(SFPL_Handle sfpl_handle, ++ unsigned char *hash, ++ size_t hash_len, ++ const char *epochseconds, ++ const char *requestedurl, ++ const char *categorylist, ++ const char *useripaddress, ++ const char *username, ++ const char *actiontaken, ++ const char *actionreason, ++ const char *actionreasondata); ++ ++ ++SFPL_API_PUBLIC int /* needed for authserver */ ++SFPL_ErrorRedirUrlBuild(SFPL_Handle sfpl_handle, ++ char *redirurl, ++ size_t redirurl_len, ++ const char *url, ++ const char *client_ip, ++ const char *username); ++ ++SFPL_API_PUBLIC int /* Needed for Squid. */ ++SFPL_CheckUserCache(SFPL_Handle sfpl_handle, ++ char *query, ++ int type, ++ SFPL_User_Data **reply); ++ ++SFPL_API_PUBLIC int /* Needed for Squid. */ ++SFPL_AddUserCacheEntry(SFPL_Handle sfpl_handle, ++ char *query, ++ int query_type, ++ SFPL_User_Data *grouplist); ++ ++SFPL_API_PUBLIC void /* Needed for Squid. */ ++SFPL_FreeGroupList(SFPL_Handle sfpl_handle, ++ SFPL_User_Group_List *grouplist); ++ ++SFPL_API_PUBLIC void /* Needed for Squid. */ ++SFPL_FreeUserData(SFPL_Handle sfpl_handle, ++ SFPL_User_Data *data); ++ ++/* ++ * Policy ++ */ ++SFPL_API_PUBLIC int /* Needed for Squid. */ ++SFPL_UserLocalPolicyGet(SFPL_Handle sfpl_handle, ++ char *username, ++ char *ipaddr, ++ SFPL_Policy **policy, ++ SFPL_User_Data **user_data, ++ char *err_msg, ++ int msg_len, ++ int *log_error); ++ ++SFPL_API_PUBLIC int ++SFPL_UserPolicyGet(SFPL_Handle sfpl_handle, ++ char *username, ++ char *ipaddr, ++ SFPL_Policy **policy, ++ SFPL_User_Data **user_data, ++ char *err_msg, ++ int msg_len, ++ int *log_error); ++ ++SFPL_API_PUBLIC int ++SFPL_GroupPolicyGet(SFPL_Handle sfpl_handle, ++ SFPL_User_Group_List *user_grouplist, ++ SFPL_User_Data **user_data_list); ++ ++SFPL_API_PUBLIC int ++SFPL_GroupPolicyMerge(SFPL_Handle sfpl_handle, ++ SFPL_User_Data *grouplist, ++ SFPL_Policy **policy, ++ char *err_msg, ++ int msg_len, ++ int *log_error); ++ ++SFPL_API_PUBLIC int ++SFPL_PolicyFree(SFPL_Handle sfpl_handle, ++ SFPL_Policy *policy); ++ ++SFPL_API_PUBLIC char * ++SFPL_PolicyNameGet(SFPL_Handle sfpl_handle, ++ SFPL_Policy *policy); ++ ++SFPL_API_PUBLIC unsigned int ++SFPL_PolicyFlagsGet(SFPL_Handle sfpl_handle, ++ SFPL_Policy *policy); ++ ++SFPL_API_PUBLIC int ++SFPL_UrlWithProtocol(SFPL_Handle sfpl_handle, ++ const char *url, ++ char *built, ++ size_t built_len); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * LOGGING ++ * ++\*--------------------------------------------------------------*/ ++ ++typedef SFCL_Log_Level SFPL_Log_Level; ++ ++#define SFPL_LOG_LEVEL_FIRST SFCL_LOG_LEVEL_FIRST ++#define SFPL_LOG_LEVEL_NONE SFCL_LOG_LEVEL_NONE ++#define SFPL_LOG_LEVEL_FATAL SFCL_LOG_LEVEL_FATAL ++#define SFPL_LOG_LEVEL_ERROR SFCL_LOG_LEVEL_ERROR ++#define SFPL_LOG_LEVEL_WARNING SFCL_LOG_LEVEL_WARNING ++#define SFPL_LOG_LEVEL_INFO SFCL_LOG_LEVEL_INFO ++#define SFPL_LOG_LEVEL_DEBUG1 SFCL_LOG_LEVEL_DEBUG1 ++#define SFPL_LOG_LEVEL_DEBUG2 SFCL_LOG_LEVEL_DEBUG2 ++#define SFPL_LOG_LEVEL_DEBUG3 SFCL_LOG_LEVEL_DEBUG3 ++#define SFPL_LOG_LEVEL_DEBUG4 SFCL_LOG_LEVEL_DEBUG4 ++#define SFPL_LOG_LEVEL_DEBUG5 SFCL_LOG_LEVEL_DEBUG5 ++#define SFPL_LOG_LEVEL_DEBUG6 SFCL_LOG_LEVEL_DEBUG6 ++#define SFPL_LOG_LEVEL_DEBUG7 SFCL_LOG_LEVEL_DEBUG7 ++#define SFPL_LOG_LEVEL_DEBUG8 SFCL_LOG_LEVEL_DEBUG8 ++#define SFPL_LOG_LEVEL_DEBUG9 SFCL_LOG_LEVEL_DEBUG9 ++#define SFPL_LOG_LEVEL_DEBUG SFCL_LOG_LEVEL_DEBUG ++#define SFPL_LOG_LEVEL_TRACE SFCL_LOG_LEVEL_TRACE ++#define SFPL_LOG_LEVEL_ALL SFCL_LOG_LEVEL_ALL ++#define SFPL_LOG_LEVEL_LAST SFCL_LOG_LEVEL_LAST ++ ++typedef int SFPL_Log_Area; ++ ++#define SFPL_NUM_LOG_AREAS 13 /* Not including MASK or ALL */ ++ ++#define SFPL_LOG_AREA_CONFIG 0x00010000 ++#define SFPL_LOG_AREA_USERS 0x00020000 ++#define SFPL_LOG_AREA_ACTIVATION 0x00040000 ++#define SFPL_LOG_AREA_POLICY 0x00080000 ++#define SFPL_LOG_AREA_URL_FILTER 0x00100000 ++#define SFPL_LOG_AREA_MAIL_SEND 0x00200000 ++#define SFPL_LOG_AREA_LOG 0x00400000 ++#define SFPL_LOG_AREA_PLUGIN 0x00800000 ++#define SFPL_LOG_AREA_HANDLE 0x01000000 ++#define SFPL_LOG_AREA_CATEGORIES 0x02000000 ++#define SFPL_LOG_AREA_AUTH_OVER 0x04000000 ++#define SFPL_LOG_AREA_BYPASS 0x08000000 ++#define SFPL_LOG_AREA_FILTER_SUMMARY 0x10000000 ++#define SFPL_LOG_AREA_MASK 0x1FFF0000 ++#define SFPL_LOG_AREA_ALL (0xFFFFFFFF & SFPL_LOG_AREA_MASK) ++ ++#define _LOG_AREA_TO_INDEX(area) \ ++( \ ++ ((SFPL_LOG_AREA_CONFIG == (area)) ? 0 : \ ++ (SFPL_LOG_AREA_USERS == (area)) ? 1 : \ ++ (SFPL_LOG_AREA_ACTIVATION == (area)) ? 2 : \ ++ (SFPL_LOG_AREA_POLICY == (area)) ? 3 : \ ++ (SFPL_LOG_AREA_URL_FILTER == (area)) ? 4 : \ ++ (SFPL_LOG_AREA_MAIL_SEND == (area)) ? 5 : \ ++ (SFPL_LOG_AREA_LOG == (area)) ? 6 : \ ++ (SFPL_LOG_AREA_PLUGIN == (area)) ? 7 : \ ++ (SFPL_LOG_AREA_HANDLE == (area)) ? 8 : \ ++ (SFPL_LOG_AREA_CATEGORIES == (area)) ? 9 : \ ++ (SFPL_LOG_AREA_AUTH_OVER == (area)) ? 10 : \ ++ (SFPL_LOG_AREA_BYPASS == (area)) ? 11 : \ ++ (SFPL_LOG_AREA_FILTER_SUMMARY == (area)) ? 12 : 0) \ ++) ++ ++#define _LOG_INDEX_TO_AREA(index) \ ++( \ ++ ((0 == (index)) ? SFPL_LOG_AREA_CONFIG : \ ++ (1 == (index)) ? SFPL_LOG_AREA_USERS : \ ++ (2 == (index)) ? SFPL_LOG_AREA_ACTIVATION : \ ++ (3 == (index)) ? SFPL_LOG_AREA_POLICY : \ ++ (4 == (index)) ? SFPL_LOG_AREA_URL_FILTER : \ ++ (5 == (index)) ? SFPL_LOG_AREA_MAIL_SEND : \ ++ (6 == (index)) ? SFPL_LOG_AREA_LOG : \ ++ (7 == (index)) ? SFPL_LOG_AREA_PLUGIN : \ ++ (8 == (index)) ? SFPL_LOG_AREA_HANDLE : \ ++ (9 == (index)) ? SFPL_LOG_AREA_CATEGORIES : \ ++ (10 == (index)) ? SFPL_LOG_AREA_AUTH_OVER : \ ++ (11 == (index)) ? SFPL_LOG_AREA_BYPASS : \ ++ (12 == (index)) ? SFPL_LOG_AREA_FILTER_SUMMARY : 0) \ ++) ++ ++typedef void (*SFPL_Log_Func)(SFPL_Log_Level level, ++ SFPL_Log_Area area, ++ const char *message); ++ ++SFPL_API_PUBLIC SFUT_Mutex sfpl_log_mutex; ++ ++#define SFPL_LOG_LEVEL_VALID(level) \ ++( \ ++ (SFPL_LOG_LEVEL_FIRST < (level)) && \ ++ ((SFPL_LOG_LEVEL_LAST) > (level)) \ ++) ++ ++#define SFPL_LOG_AREA_VALID(area) \ ++( \ ++ (area) == ((area) & ((int) SFPL_LOG_AREA_ALL)) \ ++) ++ ++SFPL_API_PUBLIC char * ++sfpl_log_format_msg(const char *fmt, ...); ++ ++SFPL_API_PUBLIC void ++sfpl_log_log_msg(SFPL_Handle sfpl_handle, ++ SFPL_Log_Level level, ++ SFPL_Log_Area area, ++ const char *function, ++ const char *file, ++ int line, ++ const char *msg); ++ ++typedef struct sfpl_log_info ++{ ++ SFPL_Log_Level log_areas[SFPL_NUM_LOG_AREAS]; ++ SFPL_Log_Func log_func; ++ char *log_file; ++ char log_name[80]; ++} sfpl_log_info; ++ ++#define _SFPL_MSG_LOGGABLE(log_areas, level, area) \ ++( \ ++ SFPL_LOG_LEVEL_VALID((level)) && \ ++ SFPL_LOG_AREA_VALID((area)) && \ ++ ((level) <= (log_areas)[(_LOG_AREA_TO_INDEX(area))]) \ ++) ++ ++#define _SFPL_MSG_LOG(sfpl_handle, level, area, func, file, line, msg)\ ++{ \ ++ if (NULL != sfpl_handle) \ ++ { \ ++ unsigned char *tmp_handle = (unsigned char *)(sfpl_handle); \ ++ sfpl_log_info *log_info = (sfpl_log_info *) (tmp_handle + 4); \ ++ if (_SFPL_MSG_LOGGABLE(log_info->log_areas, (level), (area))) \ ++ { \ ++ char *p = NULL; \ ++ if (0 != SFUT_MutexLock(&sfpl_log_mutex)) \ ++ { \ ++ char f[200]; \ ++ const char *fname = NULL; \ ++ p = sfpl_log_format_msg msg; \ ++ if (SFPL_LOG_FUNC_ENTER == (void *)(func)) \ ++ { \ ++ SFUT_Snprintf(f, sizeof(f), "%s-ENTER", \ ++ __PRETTY_FUNCTION__); \ ++ fname = f; \ ++ } \ ++ else if (SFPL_LOG_FUNC_EXIT == (void *)(func)) \ ++ { \ ++ SFUT_Snprintf(f, sizeof(f), "%s-EXIT", \ ++ __PRETTY_FUNCTION__); \ ++ fname = f; \ ++ } \ ++ else \ ++ { \ ++ fname = (func); \ ++ } \ ++ sfpl_log_log_msg((sfpl_handle), (level), (area), \ ++ fname, (file), (line), p); \ ++ SFUT_MutexUnlock(&sfpl_log_mutex); \ ++ } \ ++ } \ ++ } \ ++} ++ ++#define SFPL_LOG_FUNC_ENTER ((void *) -1) ++#define SFPL_LOG_FUNC_EXIT ((void *) -2) ++#define SFPL_LOG_FATAL(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_FATAL, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_ERROR(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_ERROR, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_WARNING(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_WARNING, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_INFO(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_INFO, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG1(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG1, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG2(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG2, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG3(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG3, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG4(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG4, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG5(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG5, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG6(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG6, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG7(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG7, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG8(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG8, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG9(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG9, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_DEBUG(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_DEBUG, area, \ ++ __PRETTY_FUNCTION__, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_TRACE_ENTER(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_TRACE, area, \ ++ SFPL_LOG_FUNC_ENTER, __FILE__, __LINE__, msg) \ ++} ++ ++#define SFPL_LOG_TRACE_EXIT(sfpl_handle, area, msg) \ ++{ \ ++ _SFPL_MSG_LOG(sfpl_handle, SFPL_LOG_LEVEL_TRACE, area, \ ++ SFPL_LOG_FUNC_EXIT, __FILE__, __LINE__, msg) \ ++} ++ ++SFPL_API_PUBLIC int ++SFPL_Startup(void); ++ ++SFPL_API_PUBLIC void ++SFPL_Shutdown(void); ++ ++SFPL_API_PUBLIC void * ++SFPL_LogHandleGet(SFPL_Handle sfpl_handle); ++ ++SFPL_API_PUBLIC int ++SFPL_LogLevelSet(SFPL_Handle sfpl_handle, ++ SFPL_Log_Level level, ++ SFPL_Log_Area areas); ++ ++SFPL_API_PUBLIC int ++SFPL_LogFunctionSet(SFPL_Handle sfpl_handle, ++ SFCL_Log_Func log_func); ++ ++SFPL_API_PUBLIC void ++SFPL_LogFileClose(); ++ ++SFPL_API_PUBLIC int ++SFPL_LogFileOpen(SFPL_Handle sfpl_handle); ++ ++SFPL_API_PUBLIC int ++SFPL_LogFilenameSet(SFPL_Handle sfpl_handle, ++ const char *name); ++ ++SFPL_API_PUBLIC int ++SFPL_LogFileOpen(SFPL_Handle sfpl_handle); ++ ++SFPL_API_PUBLIC void ++SFPL_PluginLogFunction(SFCL_Log_Level level, ++ SFCL_Log_Area area, ++ const char *message); ++ ++SFPL_API_PUBLIC void ++SFPL_LogRegister(char *ident); ++ ++#define SFPL_LOG_OPTION_NONE_STRING "\"-\"" ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Log Server Logging ++ * ++\*--------------------------------------------------------------*/ ++SFPL_API_PUBLIC void ++SFPL_LogServerLog(SFPL_Handle sfpl_handle, ++ const char *client_hostname, ++ const char *request_url, ++ const char *client_username, ++ const char *zone_name, ++ const char *categories, ++ unsigned int bytes_xfer, ++ SFPL_Action_Code action); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Filter Summary Logging ++ * ++\*--------------------------------------------------------------*/ ++SFPL_API_PUBLIC void ++SFPL_LogFilterSummary(SFPL_Handle sfpl_handle, ++ const char *client_ip, ++ const char *username, ++ SFPL_User_Data *user_data, ++ const char *policy_name, ++ unsigned int policy_flags, ++ const char *url, ++ const char *all_cats, ++ const char *restricted_cats, ++ const char *redir_url, ++ int delay_time, ++ SFPL_Action_Code action); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CATEGORIES ++ * ++\*--------------------------------------------------------------*/ ++SFPL_API_PUBLIC void ++SFPL_CategoriesStringToCategories(SFPL_Handle sfpl_handle, ++ const char *str, ++ SFCL_Categories categories); ++ ++SFPL_API_PUBLIC int ++SFPL_CategoriesToSortedArray(SFPL_Handle sfpl_handle, ++ SFCL_Categories categories, ++ SFCL_Category *cat_array, ++ int *num_cats); ++ ++SFPL_API_PUBLIC int ++SFPL_CategoryCustomMessageGet(SFPL_Handle sfpl_handle, ++ SFCL_Category category, ++ SFPL_Action_Code action, ++ char *message, ++ int message_len); ++ ++SFPL_API_PUBLIC const char * ++SFPL_CategoryToName(SFPL_Handle sfpl_handle, ++ SFCL_Category category); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CONFIG OPTIONS ++ * ++\*--------------------------------------------------------------*/ ++#define SFPL_LOG_OPTION_NONE 0 ++#define SFPL_LOG_OPTION_RESTRICTED 1 ++#define SFPL_LOG_OPTION_ALL_CATS 2 ++#define SFPL_LOG_OPTION_ALL_URLS 3 ++ ++/* Define NT Log options */ ++#define SFPL_LOG_TYPE_TEXT 0 ++#define SFPL_LOG_TYPE_MSSQL 2 ++#define SFPL_LOG_TYPE_ACCESS 3 ++ ++/*--------------------------------------------------------------*\ ++ * ++ * DOWNLOAD ++ * ++\*--------------------------------------------------------------*/ ++#define SFPL_MAX_DOWNLOAD_SITE 128 ++#define SFPL_MAX_DOWNLOAD_ADDRESS 16 ++#define SFPL_MAX_DOWNLOAD_USER 64 ++#define SFPL_MAX_DOWNLOAD_PASS 32 ++#define SFPL_MAX_DOWNLOAD_PATH 512 ++#define SFPL_MAX_DOWNLOAD_FILE 256 ++#define SFPL_MAX_DOWNLOAD_MSG 512 ++ ++typedef enum SFPL_Download_Method ++{ ++ SFPL_DOWNLOAD_METHOD_NONE, ++ SFPL_DOWNLOAD_METHOD_HTTP, ++ SFPL_DOWNLOAD_METHOD_ADMIN_SERVER_CONTROLLED ++} SFPL_Download_Method; ++ ++typedef enum SFPL_Download_Mode ++{ ++ SFPL_DOWNLOAD_MODE_INCREMENTAL, ++ SFPL_DOWNLOAD_MODE_FULL, ++} SFPL_Download_Mode; ++ ++typedef struct SFPL_Http_Info ++{ ++ char site[SFPL_MAX_DOWNLOAD_SITE]; ++ char address[SFPL_MAX_DOWNLOAD_ADDRESS]; ++ int port; ++ char username[SFPL_MAX_DOWNLOAD_USER]; ++ char password[SFPL_MAX_DOWNLOAD_PASS]; ++ char path[SFPL_MAX_DOWNLOAD_PATH]; /* Source HTTP Path */ ++ char proxy[SFPL_MAX_DOWNLOAD_SITE]; ++ int proxyport; ++} SFPL_Http_Info; ++ ++typedef struct SFPL_Download_Info ++{ ++ SFPL_Download_Method method; ++ SFCL_List_Download_Mode mode; ++ SFPL_Http_Info http; ++} SFPL_Download_Info; ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * FILENAMES ++ * ++\*--------------------------------------------------------------*/ ++#define SFPL_CONFIG_FILE_NAME "config.txt" ++#define SFPL_SITE_FILE_NAME "site.txt" ++#define SFPL_PATTERNS_FILE_NAME "patterns.txt" ++#define SFPL_KEYWORDS_FILE_NAME "keywords.txt" ++#define SFPL_USERS_FILE_NAME "users.txt" ++#define SFPL_AGENT_FILE_NAME "sfagent.txt" ++#define SFPL_PSERIAL_FILE_NAME "pserial.txt" ++#define SFPL_CLIST_FILE_NAME "sfcontrol" ++ ++/*--------------------------------------------------------------*\ ++ * ++ * FILTERING ++ * ++\*--------------------------------------------------------------*/ ++ ++SFPL_API_PUBLIC int ++SFPL_UrlFilter(SFPL_Handle sfpl_handle, ++ SFPL_Policy *policy, ++ const char *url, ++ SFCL_Url parsed_url, ++ const char *dest_addr, ++ const char *username, ++ const char *client_ip, ++ SFPL_Action_Code *action, ++ int *delay_time, ++ char *redirurl, ++ int redirurl_len, ++ char *all_cats, ++ int all_cats_len, ++ char *restricted_cats, ++ int restricted_cats_len, ++ char **log_string, ++ char **reporter_string, ++ int *should_log); ++ ++SFPL_API_PUBLIC SFPL_Action_Code ++SFPL_Warn(SFPL_Handle sfpl_handle, ++ char *url, ++ char *referer_url, ++ char *range); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * CONFIG FILES ++ * ++\*--------------------------------------------------------------*/ ++ ++typedef enum ++{ ++ SFPL_LOCK_READ = 0, ++ SFPL_LOCK_WRITE = 1 ++} SFPL_Lock_Mode; ++ ++ ++SFPL_API_PUBLIC int ++SFPL_ConfigLock(SFPL_Handle sfpl_handle, ++ SFPL_Lock_Mode mode); ++ ++SFPL_API_PUBLIC int ++SFPL_ConfigUnlock(SFPL_Handle sfpl_handle, ++ SFPL_Lock_Mode mode); ++ ++SFPL_API_PUBLIC int ++SFPL_ProcessConfigFile(SFPL_Handle, ++ const char *, ++ char *); ++ ++SFPL_API_PUBLIC int ++SFPL_ProcessUserInfo(SFPL_Handle sfpl_handle, ++ const char *full_path, ++ char *err_msg, ++ int msg_len); ++ ++SFPL_API_PUBLIC int ++SFPL_ReloadConfigFile(SFPL_Handle, ++ const char *, ++ char *); ++ ++SFPL_API_PUBLIC int ++SFPL_ReloadControlList(SFPL_Handle, ++ const char *new_list); ++ ++SFPL_API_PUBLIC int ++SFPL_EnableExternalListAccess(SFPL_Handle sfpl_handle, ++ int value); ++ ++SFPL_API_PUBLIC int ++SFPL_GetControlListSerialNumber(SFPL_Handle, ++ int *); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * ACTIVATION ++ * ++\*--------------------------------------------------------------*/ ++/* ++ * Features ++ */ ++#define SFPL_ACT_KEY_FEATURE_MERGE_TOOL 0x1 ++ ++/* Define Activation Key codes */ ++#define SFPL_ACT_OK 1 ++#define SFPL_ACT_OLD15 15 ++#define SFPL_ACT_OLD30 30 ++#define SFPL_ACT_OLD60 60 ++#define SFPL_ACT_GRACE 100 ++#define SFPL_ACT_INVALID (-1) ++#define SFPL_ACT_EXPIRED 0 ++ ++typedef struct SFPL_ActivationKey ++{ ++ int version; ++ char userID[6]; ++ int userLicenses; ++ int userLevel; ++ int level; ++ int expirationYear; ++ int expirationMonth; ++ int expirationDay; ++ int duration; ++ int features; ++} SFPL_Activation_Key; ++ ++SFPL_API_PUBLIC char * ++SFPL_ActKeyCreate(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyDurationGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyExpirationDayGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyExpirationMonthGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyExpirationTimeCheck(SFPL_Handle sfpl_handle, ++ const time_t exp, ++ const time_t now); ++ ++SFPL_API_PUBLIC time_t ++SFPL_ActKeyExpirationTimeGet(SFPL_Handle sfpl_handle, ++ char *key_string); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyExpirationYearGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyFeatureVerify(SFPL_Handle sfpl_handle, ++ int fbit, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyIsExpired(SFPL_Handle sfpl_handle, ++ char *key_string, ++ time_t installationTime); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyIsValid(SFPL_Handle sfpl_handle, ++ char *serialNumber, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyMasterIdIsValid(SFPL_Handle sfpl_handle, ++ char *masterID); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeySmartFilterVersionGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC char * ++SFPL_ActKeyUserIdGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyUserIdIsValid(SFPL_Handle sfpl_handle, ++ char *userID); ++ ++SFPL_API_PUBLIC int ++SFPL_ActKeyUserLevelGet(SFPL_Handle sfpl_handle, ++ SFPL_Activation_Key *key); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * REVERSE DNS ++ * ++\*--------------------------------------------------------------*/ ++/* ++ * Call to set a flag specifying DNS lookups should be performed externally. ++ */ ++SFPL_API_PUBLIC int ++SFPL_EnableExternalDNS(SFPL_Handle, ++ int); ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * MAIL ++ * ++\*--------------------------------------------------------------*/ ++ ++typedef struct ++{ ++ char *primary_email; ++ char *secondary_email; ++ char *from_email; ++ char *mail_server; ++} SFPL_Mail_Info; ++ ++#define SFPL_MAIL_SUBJ_ADD_HOST 0x00000001 ++ ++SFPL_API_PUBLIC int ++SFPL_MailSend(SFPL_Handle sfpl_handle, ++ const char *subject, ++ const char *message, ++ unsigned int flags); ++ ++ ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Authentication Server ++ * ++\*--------------------------------------------------------------*/ ++ ++typedef struct { ++ int enabled; ++ char authserver_address[256]; ++ char authserver_hostname[256]; ++ int authserver_auth_port; ++ int authserver_ao_port; ++ char authserver_password[64]; ++ int block_on_fail; ++ SFUT_List exempt_ips; ++ SFUT_List exempt_urls; ++} SFPL_Trans_Auth; ++ ++SFPL_API_PUBLIC int ++SFPL_TransauthCheck(SFPL_Handle sfpl_handle, ++ SFCL_Url processed_url, ++ const char *url, ++ const char *ipaddr, ++ char *username, ++ size_t username_len); ++ ++SFPL_API_PUBLIC int ++SFPL_TransauthUserGet(SFPL_Handle sfpl_handle, ++ const char *ipaddr, ++ char *username, ++ size_t username_len); ++ ++SFPL_API_PUBLIC int ++SFPL_TransauthUserIdentify(SFPL_Handle sfpl_handle, ++ const char *ipaddr, ++ char *username, ++ size_t usernamelen, ++ int *block_on_fail); ++ ++SFPL_API_PUBLIC int ++SFPL_TransauthRedirUrlBuild(SFPL_Handle sfpl_handle, ++ const char *ipaddr, ++ const char *original_url, ++ char *redir_url, ++ size_t redir_url_len); ++ ++SFPL_API_PUBLIC int /* Needed for Squid */ ++SFPL_TransauthUserCacheAdd(SFPL_Handle sfpl_handle, ++ const char *ipaddr, ++ const char *username, ++ time_t timeout_hard, ++ time_t timeout_soft); ++ ++SFPL_API_PUBLIC int ++SFPL_TransauthUserTimeoutsGet(SFPL_Handle sfpl_handle, ++ const char *ipaddr, ++ time_t *timeout_hard, ++ time_t *timout_soft); ++ ++#if defined(__cplusplus) ++} ++#endif /* __cplusplus */ ++ ++#endif /* SFPL_PLUGIN_H */ ++ +diff -uN ../squid-2.5.STABLE14.orig/include/sf_util.h include/sf_util.h +--- ../squid-2.5.STABLE14.orig/include/sf_util.h 1969-12-31 19:00:00.000000000 -0500 ++++ include/sf_util.h 2006-08-14 12:06:38.000000000 -0400 +@@ -0,0 +1,901 @@ ++/*--------------------------------------------------------------------------*\ ++ * ++ * SmartFilter Utility Library ++ * ++ * Copyright (c) 2003-2006, Secure Computing Corporation. All rights reserved. ++ * ++ * $RCSfile: sf_util.h,v $ ++ * $Revision: 1.2.2.5 $ ++ * $Date: 2006/08/14 16:06:38 $ ++ * $State: Exp $ ++\*--------------------------------------------------------------------------*/ ++ ++#ifndef _SF_UTIL_H ++#define _SF_UTIL_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif /* __cplusplus */ ++ ++#ifdef WIN32 ++# include ++# include ++# ifdef __FUNCTION__ ++# define __PRETTY_FUNCTION__ __FUNCTION__ ++# else /* __FUNCTION__ */ ++# define __PRETTY_FUNCTION__ "Unknown" ++# endif /* __FUNCTION__ */ ++#else /* WIN32 */ ++# include ++# include ++#endif /* WIN32 */ ++ ++#ifdef WIN32 ++# ifdef SFUT_API_BUILD ++# define SFUT_API_PUBLIC __declspec(dllexport) ++# else /* SFUT_API_BUILD */ ++# define SFUT_API_PUBLIC __declspec(dllimport) ++# endif /* SFUT_API_BUILD */ ++#else ++# define SFUT_API_PUBLIC extern ++#endif /* WIN32 */ ++ ++#define SFUT_API_INTERNAL extern ++#define SFUT_API_PRIVATE static ++ ++#ifndef SFUT_API_PROTECTED_BUILD ++# define SFUT_API_PROTECTED extern ++#else /* SFUT_API_PROTECTED_BUILD */ ++# define SFUT_API_PROTECTED SFUT_API_PUBLIC ++#endif /* SFUT_API_PROTECTED_BUILD */ ++ ++ ++/* ++ * General ++ */ ++#ifdef WIN32 ++ typedef unsigned __int64 SFUT_Int64; ++# define SFUT_Getcwd(buf, len) _getcwd(buf, len) ++# define SFUT_PATH_SEP_CHAR '\\' ++#else /* WIN32 */ ++# define SFUT_Getcwd(buf, len) getcwd(buf, len) ++ typedef unsigned long long SFUT_Int64; ++# define SFUT_PATH_SEP_CHAR '/' ++#endif /* WIN32 */ ++ ++typedef unsigned char SFUT_Bool; ++#define SFUT_FALSE 0 ++#define SFUT_TRUE 1 ++ ++/* ++ * Errors ++ */ ++#ifdef WIN32 ++ #define SFUT_LastError() GetLastError() ++#else /* WIN32 */ ++ #define SFUT_LastError() errno ++#endif /* WIN32 */ ++/* ++ * Base 64 ++ */ ++SFUT_API_PUBLIC int ++SFUT_Base64Encode(const unsigned char *in, ++ int in_size, ++ char *out, ++ int out_size); ++SFUT_API_PUBLIC int ++SFUT_Base64Decode(const char *in, ++ char *out, ++ int out_size, ++ int *decoded_len); ++ ++ ++/* ++ * File ++ */ ++#include ++#include ++#include ++#include ++#include ++#ifndef NAME_MAX ++# define NAME_MAX 1024 ++#endif /* NAME_MAX */ ++ ++ ++#ifdef WIN32 ++# define O_APPEND _O_APPEND ++# define O_CREAT _O_CREAT ++# define O_EXCL _O_EXCL ++# define O_RDONLY _O_RDONLY ++# define O_RDWR _O_RDWR ++# define O_TRUNC _O_TRUNC ++# define O_WRONLY _O_WRONLY ++# define O_TEXT _O_TEXT ++# define O_BINARY _O_BINARY ++ ++# define A_HIDDEN _A_HIDDEN ++# define A_NORMAL _A_NORMAL ++# define A_RDONLY _A_RDONLY ++# define A_SUBDIR _A_SUBDIR ++# define S_IRWXU (_S_IREAD | _S_IWRITE) ++# define S_IRUSR _S_IREAD ++# define S_IWUSR _S_IWRITE ++# define S_IXUSR (_S_IREAD | _S_IWRITE) ++# define S_IRWXG (_S_IREAD | _S_IWRITE) ++# define S_IRGRP _S_IREAD ++# define S_IWGRP _S_IWRITE ++# define S_IXGRP (_S_IREAD | _S_IWRITE) ++# define S_IRWXO (_S_IREAD | _S_IWRITE) ++# define S_IROTH _S_IREAD ++# define S_IWOTH _S_IWRITE ++# define S_IXOTH (_S_IREAD | _S_IWRITE) ++#else /* WIN32 */ ++# define O_BINARY 0 ++# define O_TEXT 0 ++# define A_SUBDIR 1 ++#endif /* WIN32 */ ++ ++#ifdef WIN32 ++typedef struct _stat SFUT_File_Stat; ++#else /* WIN32 */ ++typedef struct stat SFUT_File_Stat; ++#endif /* WIN32 */ ++typedef int SFUT_File; ++SFUT_API_PUBLIC int ++SFUT_FileOpen(SFUT_File *f, ++ const char *name, ++ int flags, ++ int mode); ++ ++SFUT_API_PUBLIC int ++SFUT_FileClose(SFUT_File *f); ++ ++SFUT_API_PUBLIC int ++SFUT_FileWrite(SFUT_File *f, ++ const void *buffer, ++ size_t len); ++ ++SFUT_API_PUBLIC int ++SFUT_FileRead(SFUT_File *f, ++ void *buffer, ++ size_t len, ++ size_t *bytes_read); ++ ++SFUT_API_PUBLIC int ++SFUT_FileSeek(SFUT_File *f, ++ int offset, ++ int whence, ++ long *result_offset); ++ ++SFUT_API_PUBLIC int ++SFUT_FileSize(SFUT_File *f, ++ size_t *size); ++ ++SFUT_API_PUBLIC int ++SFUT_FileStat(const char *filename, ++ SFUT_File_Stat *statbuf); ++ ++SFUT_API_PUBLIC int ++SFUT_FileRemove(const char *name); ++ ++SFUT_API_PUBLIC int ++SFUT_FileRename(const char *prev_name, const char *new_name); ++ ++/* ++ * List ++ */ ++typedef struct sfut_list *SFUT_List; ++typedef struct sfut_list_entry ++{ ++ struct sfut_list_entry *prev; ++ struct sfut_list_entry *next; ++} SFUT_List_Entry; ++ ++typedef int (*SFUT_List_Iterate_Func)(SFUT_List_Entry *le, void *arg); ++typedef void (*SFUT_List_Show_Func)(SFUT_List_Entry *le, void *arg, FILE *fp); ++ ++SFUT_API_PUBLIC int ++SFUT_ListCreate(SFUT_List *l); ++ ++SFUT_API_PUBLIC int ++SFUT_ListAdd(SFUT_List l, ++ SFUT_List_Entry *le); ++ ++SFUT_API_PUBLIC SFUT_List_Entry * ++SFUT_ListFind(SFUT_List l, ++ SFUT_List_Entry *le); ++ ++SFUT_API_PUBLIC SFUT_List_Entry * ++SFUT_ListGetFirst(SFUT_List l); ++ ++SFUT_API_PUBLIC SFUT_List_Entry * ++SFUT_ListGetNext(SFUT_List l, ++ SFUT_List_Entry *le); ++ ++SFUT_API_PUBLIC int ++SFUT_ListRemove(SFUT_List l, ++ SFUT_List_Entry *le); ++ ++SFUT_API_PUBLIC SFUT_List_Entry * ++SFUT_ListRemoveHead(SFUT_List l); ++ ++SFUT_API_PUBLIC SFUT_List_Entry * ++SFUT_ListRetrieve(SFUT_List l); ++ ++SFUT_API_PUBLIC int ++SFUT_ListCount(SFUT_List l, ++ int *count); ++ ++SFUT_API_PUBLIC int ++SFUT_ListIterate(SFUT_List l, ++ SFUT_List_Iterate_Func f, ++ void *arg); ++ ++SFUT_API_PUBLIC void ++SFUT_ListShow(SFUT_List l, ++ SFUT_List_Show_Func f, ++ void *arg, ++ FILE *fp); ++ ++SFUT_API_PUBLIC void ++SFUT_ListDestroy(SFUT_List l); ++ ++ ++/* ++ * OS ++ */ ++SFUT_API_PUBLIC int ++SFUT_OSNameGet(char *name, ++ size_t name_len); ++ ++ ++/* ++ * Memory ++ */ ++SFUT_API_PUBLIC int ++SFUT_MemInit(void); ++ ++#ifdef SFUTMEMINTERNAL ++# define SFUT_MemAlloc(bytes) SFUT_MemAlloc_((bytes), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++ ++# define SFUT_MemRealloc(ptr, bytes) SFUT_MemRealloc_((ptr), \ ++ (bytes), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++ ++# define SFUT_MemFree(ptr) SFUT_MemFree_((ptr), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++#else /* SFUTMEMINTERNAL */ ++# define SFUT_MemAlloc(bytes) malloc(bytes) ++# define SFUT_MemRealloc(ptr, bytes) realloc(ptr, bytes) ++# define SFUT_MemFree(ptr) free(ptr) ++#endif /* SFUTMEMINTERNAL */ ++ ++SFUT_API_PUBLIC void * ++SFUT_MemAlloc_(size_t bytes, ++ const char *file, ++ const char *function, ++ int line); ++ ++SFUT_API_PUBLIC void * ++SFUT_MemRealloc_(void *ptr, ++ size_t bytes, ++ const char *file, ++ const char *function, ++ int line); ++ ++SFUT_API_PUBLIC void ++SFUT_MemFree_(void *ptr, ++ const char *file, ++ const char *function, ++ int line); ++ ++SFUT_API_PUBLIC void ++SFUT_MemShow(FILE *fp); ++ ++SFUT_API_PUBLIC int ++sfut_mem_check(); ++ ++ ++/* ++ * Mapped Memory ++ */ ++SFUT_API_PUBLIC int ++SFUT_MemMapInit(void); ++ ++#define SFUT_MemMapAlloc(filename) SFUT_MemMapAlloc_((filename), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++SFUT_API_PUBLIC void * ++SFUT_MemMapAlloc_(const char *filename, ++ const char *file, ++ const char *function, ++ int line); ++ ++#define SFUT_MemMapFree(ptr) SFUT_MemMapFree_((ptr), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++ ++SFUT_API_PUBLIC void ++SFUT_MemMapFree_(void *ptr, ++ const char *filename, ++ const char *file, ++ int line); ++ ++SFUT_API_PUBLIC void ++SFUT_MemMapShow(FILE *fp); ++ ++SFUT_API_PUBLIC int ++sfut_memmap_check(); ++ ++/* ++ * Memory Pool ++ */ ++typedef struct sfut_mem_pool *SFUT_Mem_Pool; ++ ++SFUT_API_PUBLIC int ++SFUT_MemPoolCreate(SFUT_Mem_Pool *mp, ++ size_t entry_size, ++ size_t num_entries); ++ ++#define SFUT_MemPoolAlloc(mp) SFUT_MemPoolAlloc_((mp), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++ ++SFUT_API_PUBLIC void * ++SFUT_MemPoolAlloc_(SFUT_Mem_Pool mp, ++ const char *file, ++ const char *function, ++ int line); ++ ++#define SFUT_MemPoolFree(mp, arg) SFUT_MemPoolFree_((mp), \ ++ (arg), \ ++ __FILE__, \ ++ __PRETTY_FUNCTION__, \ ++ __LINE__) ++ ++SFUT_API_PUBLIC void ++SFUT_MemPoolFree_(SFUT_Mem_Pool mp, ++ void *arg, ++ const char *file, ++ const char *function, ++ int line); ++ ++SFUT_API_PUBLIC void ++SFUT_MemPoolDestroy(SFUT_Mem_Pool mp); ++ ++SFUT_API_PUBLIC void ++SFUT_MemPoolShow(SFUT_Mem_Pool mp, ++ FILE *fp); ++ ++ ++ ++ ++ ++/* ++ * Queue ++ */ ++typedef struct _sf_queue *SFUT_Queue; ++ ++SFUT_API_PUBLIC int ++SFUT_QueueCreate(SFUT_Queue *q); ++ ++SFUT_API_PUBLIC int ++SFUT_QueueAdd(SFUT_Queue q, ++ void *id, ++ void *data); ++ ++SFUT_API_PUBLIC int ++SFUT_QueueRemove(SFUT_Queue q, ++ void **id, ++ void **data); ++ ++SFUT_API_PUBLIC int ++SFUT_QueueCount(SFUT_Queue q, ++ int *count); ++ ++SFUT_API_PUBLIC int ++SFUT_QueueDestroy(SFUT_Queue q); ++ ++ ++ ++ ++/* ++ * Socket ++ */ ++#ifdef WIN32 ++# include ++# include ++#else /* WIN32 */ ++# ifndef BSD_COMP ++# define BSD_COMP ++# endif /* BSD_COMP */ ++# include ++# include ++# include ++# include ++# include ++# include ++# include ++#endif ++ ++#define SFUT_TIME_INFINITE (-1) ++typedef struct SFUT_Socket ++{ ++#ifdef WIN32 ++ SOCKET socket; ++#else /* WIN32 */ ++ int socket; ++#endif /* WIN32 */ ++} SFUT_Socket; ++ ++#ifndef INADDR_NONE ++#define INADDR_NONE 0xffffffff ++#endif ++ ++typedef struct in_addr SFUT_IP_Addr; ++ ++SFUT_API_PUBLIC int ++SFUT_SocketInit(void); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketCleanup(void); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketCreate(SFUT_Socket *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketCreateUDP(SFUT_Socket *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketClose(SFUT_Socket *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketWrite(SFUT_Socket s, ++ const char *buffer, ++ size_t len); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketWriteTo(SFUT_Socket s, ++ const char *buffer, ++ size_t buf_len, ++ const struct sockaddr *to, ++ int to_len); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketRead(SFUT_Socket s, ++ char *buffer, ++ size_t len); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketReadFrom(SFUT_Socket s, ++ char *buffer, ++ size_t len, ++ struct sockaddr *from, ++ int *from_len); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketPeek(SFUT_Socket s, ++ char *buffer, ++ size_t len); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketConnect(SFUT_Socket s, ++ SFUT_IP_Addr addr, ++ unsigned short port); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketBind(SFUT_Socket s, ++ SFUT_IP_Addr addr, ++ unsigned short port); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketListen(SFUT_Socket s, ++ size_t backlog); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketAccept(SFUT_Socket s, ++ SFUT_Socket *ns, ++ SFUT_IP_Addr *ip); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketError(void); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketWait(SFUT_Socket s, ++ int read, ++ int write, ++ int milliseconds); ++ ++SFUT_API_PUBLIC int ++SF_SocketAvailableReadBytes(SFUT_Socket s); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketNameToAddr(const char *name, ++ SFUT_IP_Addr *ip, ++ int *error); ++ ++SFUT_API_PUBLIC int ++SFUT_SocketAddrToName(const char *ip, ++ char *name, ++ size_t name_len); ++ ++ ++ ++ ++/* ++ * Threads ++ */ ++# ifdef WIN32 ++# include ++# include ++# include ++# define THREAD_ENTRYTYPE WINAPI ++typedef HANDLE SFUT_Thread; ++typedef DWORD SFUT_ThreadId; ++typedef CRITICAL_SECTION SFUT_Mutex; ++typedef struct SFUT_Cond ++{ ++ CRITICAL_SECTION waiters_lock; ++ int waiters_count; ++ HANDLE events[2]; ++} SFUT_Cond; ++# else /* WIN32 */ ++# include ++# include ++# define THREAD_ENTRYTYPE ++typedef pthread_t SFUT_Thread; ++typedef pthread_t SFUT_ThreadId; ++typedef void *(*SFUT_PTHREAD_START_ROUTINE) (void *arg); ++typedef pthread_mutex_t SFUT_Mutex; ++typedef pthread_cond_t SFUT_Cond; ++#endif /* WIN32 */ ++ ++typedef struct sfut_semaphore ++{ ++ int magic; ++ ++ /* lock counters */ ++ int write_lock; ++ int read_lock; ++ ++ /* mutual exclusion protection for lock counters */ ++ SFUT_Mutex mutex; ++ ++ /* Signals release of write lock */ ++ SFUT_Cond wtest; ++ ++ /* Signals release of final read lock */ ++ SFUT_Cond rtest; ++ ++} SFUT_Semaphore; ++ ++typedef int (THREAD_ENTRYTYPE *SFUT_Thread_Func)(void *arg); ++ ++#define SFUT_THREAD_STACK_SIZE_DEFAULT 0 ++ ++SFUT_API_PUBLIC int ++SFUT_ThreadCreate(SFUT_Thread *t, ++ size_t stack_size, ++ SFUT_Thread_Func func, ++ void *arg); ++ ++SFUT_API_PUBLIC void ++SFUT_ThreadSleep(int milliseconds); ++ ++SFUT_API_PUBLIC void ++SFUT_ThreadStop(SFUT_Thread *t); ++ ++SFUT_API_PUBLIC void ++SFUT_ThreadExit(SFUT_Thread *t, ++ int exit_value); ++ ++SFUT_API_PUBLIC SFUT_Thread ++SFUT_ThreadSelf(void); ++ ++SFUT_API_PUBLIC SFUT_ThreadId ++SFUT_ThreadSelfId(void); ++ ++ ++ ++/* ++ * Mutexes ++ */ ++SFUT_API_PUBLIC int ++SFUT_MutexCreate(SFUT_Mutex *m); ++ ++SFUT_API_PUBLIC int ++SFUT_MutexLock(SFUT_Mutex *m); ++ ++SFUT_API_PUBLIC int ++SFUT_MutexUnlock(SFUT_Mutex *m); ++ ++SFUT_API_PUBLIC void ++SFUT_MutexDestroy(SFUT_Mutex *m); ++ ++ ++ ++ ++/* ++ * Conditions ++ */ ++SFUT_API_PUBLIC int ++SFUT_CondCreate(SFUT_Cond *c); ++ ++SFUT_API_PUBLIC int ++SFUT_CondSignal(SFUT_Cond *c); ++ ++SFUT_API_PUBLIC int ++SFUT_CondBroadcast(SFUT_Cond *c); ++ ++SFUT_API_PUBLIC int ++SFUT_CondWait(SFUT_Cond *c, ++ SFUT_Mutex *m); ++ ++SFUT_API_PUBLIC void ++SFUT_CondDestroy(SFUT_Cond *c); ++ ++ ++/* ++ * Semaphores ++ */ ++SFUT_API_PUBLIC int ++SFUT_SemaphoreCreate(SFUT_Semaphore *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SemaphoreReadLock(SFUT_Semaphore *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SemaphoreReadUnlock(SFUT_Semaphore *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SemaphoreWriteUnlock(SFUT_Semaphore *s); ++ ++SFUT_API_PUBLIC int ++SFUT_SemaphoreWriteLock(SFUT_Semaphore *s); ++ ++SFUT_API_PUBLIC void ++SFUT_SemaphoreDestroy(SFUT_Semaphore *s); ++ ++ ++ ++ ++ ++/* ++ * Thread Pool ++ */ ++typedef struct _sfut_thread_pool SFUT_Thread_Pool; ++ ++SFUT_API_PUBLIC int ++SFUT_ThreadPoolCreate(SFUT_Thread_Pool **p, ++ size_t stack_size, ++ int num_threads); ++ ++SFUT_API_PUBLIC int ++SFUT_ThreadPoolAddJob(SFUT_Thread_Pool *p, ++ void *job_id, ++ SFUT_Thread_Func func, ++ void *arg); ++ ++SFUT_API_PUBLIC int ++SFUT_ThreadPoolRemoveJob(SFUT_Thread_Pool *p, ++ void *job_id); ++ ++SFUT_API_PUBLIC int ++SFUT_ThreadPoolDestroy(SFUT_Thread_Pool *p); ++ ++ ++/* ++ * Network ++ */ ++SFUT_API_PUBLIC int ++SFUT_IsIP(const char *str); ++ ++SFUT_API_PUBLIC int ++SFUT_InetNtoa(unsigned long addr, ++ char *str, ++ size_t str_len); ++ ++SFUT_API_PUBLIC int ++SFUT_InetAton(const char *addr_str, ++ unsigned long *addr); ++ ++ ++/* ++ * RFC 1738 ++ */ ++SFUT_API_PUBLIC void ++SFUT_RFC1738Escape(char *dest, ++ const unsigned char *src, ++ size_t src_len); ++ ++SFUT_API_PUBLIC void ++SFUT_RFC1738Unescape(unsigned char *str, ++ size_t *unescaped_len); ++ ++ ++/* ++ * Strings ++ */ ++#include ++SFUT_API_PUBLIC int ++SFUT_Vsnprintf(char *str, ++ size_t size, ++ const char *format, ++ va_list ap); ++ ++SFUT_API_PUBLIC int ++SFUT_Snprintf(char *str, ++ size_t size, ++ const char *format, ++ ...); ++ ++SFUT_API_PUBLIC int ++SFUT_Stristr(const char *s, ++ const char *find, ++ char **result); ++ ++SFUT_API_PUBLIC int ++SFUT_Strncat(char *dest, ++ const char *src, ++ size_t n); ++ ++SFUT_API_PUBLIC int ++SFUT_Strncpy(char *dest, ++ const char *src, ++ size_t n); ++ ++SFUT_API_PUBLIC int ++SFUT_Strcasecmp(const char *s1, ++ const char *s2); ++ ++SFUT_API_PUBLIC int ++SFUT_Strncasecmp(const char *s1, ++ const char *s2, ++ size_t n); ++ ++/* ++ * Time ++ */ ++SFUT_API_PUBLIC int ++SFUT_TimeLocalGet(const time_t *clock, ++ struct tm *local); ++ ++SFUT_API_PUBLIC int ++SFUT_TimezoneGMTOffsetGet(void); ++ ++ ++/* ++ * MD4 functions. ++ */ ++typedef struct { ++ unsigned long int state[4]; /* state (ABCD) */ ++ unsigned long int count[2]; /* number of bits, modulo 2^64 (lsb first) */ ++ unsigned char buffer[64]; /* input buffer */ ++} SFUT_MD4_CTX; ++ ++SFUT_API_PUBLIC void ++SFUT_MD4Init(SFUT_MD4_CTX *); ++ ++SFUT_API_PUBLIC void ++SFUT_MD4Update(SFUT_MD4_CTX *, ++ const unsigned char *, ++ unsigned int); ++ ++SFUT_API_PUBLIC void ++SFUT_MD4Final(unsigned char[12], ++ SFUT_MD4_CTX *); ++ ++/* ++ * CRC32 functions. ++ */ ++ ++SFUT_API_PUBLIC unsigned long ++SFUT_CRC32Init(); ++ ++SFUT_API_PUBLIC unsigned long ++SFUT_CRC32Proc(unsigned char *buf, ++ size_t len, ++ unsigned long crc); ++ ++SFUT_API_PUBLIC unsigned long ++SFUT_CRC32Term(unsigned long crc); ++ ++SFUT_API_PUBLIC unsigned long ++SFUT_UpdateCRC32(unsigned char ch, ++ unsigned long crc); ++ ++SFUT_API_PUBLIC int ++SFUT_CRC32File(char *name, ++ unsigned long *crc, ++ long *charcnt); ++ ++SFUT_API_PUBLIC unsigned long ++SFUT_CRC32Buf(char *buf, ++ size_t len); ++ ++/* ++ * Byte swapping ++ */ ++#ifdef BIGENDIAN ++# define SFUT_Swap64(x) ( \ ++ (((x) & 0x00000000000000ff) << 56) | \ ++ (((x) & 0x000000000000ff00) << 40) | \ ++ (((x) & 0x0000000000ff0000) << 24) | \ ++ (((x) & 0x00000000ff000000) << 8) | \ ++ (((x) & 0x000000ff00000000) >> 8) | \ ++ (((x) & 0x0000ff0000000000) >> 24) | \ ++ (((x) & 0x00ff000000000000) >> 40) | \ ++ (((x) & 0xff00000000000000) >> 56) \ ++) ++ ++# define SFUT_Swap32(x) ( \ ++ (((x) & 0x000000ff) << 24) | \ ++ (((x) & 0x0000ff00) << 8) | \ ++ (((x) & 0x00ff0000) >> 8) | \ ++ (((x) & 0xff000000) >> 24) \ ++) ++ ++# define SFUT_Swap16(x) ( \ ++ (((x) & 0x00ff) << 8) | \ ++ (((x) & 0xff00) >> 8) \ ++) ++ ++#else /* BIGENDIAN */ ++# define SFUT_Swap64(x) x ++# define SFUT_Swap32(x) x ++# define SFUT_Swap16(x) x ++#endif /* BIGENDIAN */ ++ ++ ++/* ++ * Search Tree ++ */ ++typedef void (*SFUT_TREE_FREE_FUNC)(void *); ++typedef struct sfut_tree *SFUT_Tree; ++ ++SFUT_API_PUBLIC int ++SFUT_TreeCreate(SFUT_Tree *t); ++ ++SFUT_API_PUBLIC int ++SFUT_TreeInsert(SFUT_Tree t, ++ void *key, ++ void *data); ++ ++SFUT_API_PUBLIC void ++SFUT_TreeShow(SFUT_Tree t); ++ ++SFUT_API_PUBLIC int ++SFUT_TreeCount(SFUT_Tree tree); ++ ++SFUT_API_PUBLIC int ++SFUT_TreeLocate(SFUT_Tree t, ++ void *key, ++ void **data); ++ ++SFUT_API_PUBLIC int ++SFUT_TreeRemove(SFUT_Tree t, ++ void *key, ++ void **data); ++ ++SFUT_API_PUBLIC int ++SFUT_TreeDestroy(SFUT_Tree t, ++ SFUT_TREE_FREE_FUNC free_func); ++ ++ ++ ++#ifdef __cplusplus ++} ++#endif /* __cplusplus */ ++ ++#endif /* SF_UTIL_H */ +diff -uN ../squid-2.5.STABLE14.orig/include/sfagentipc.h include/sfagentipc.h +--- ../squid-2.5.STABLE14.orig/include/sfagentipc.h 1969-12-31 19:00:00.000000000 -0500 ++++ include/sfagentipc.h 2005-04-05 12:39:39.000000000 -0400 +@@ -0,0 +1,351 @@ ++ ++#ifndef INCLUDE_SFA_COMM_IPC_H ++#define INCLUDE_SFA_COMM_IPC_H ++ ++# ifdef __cplusplus ++extern "C" { ++# endif /* __cplusplus */ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Definitions ++ * ++\*--------------------------------------------------------------*/ ++/* ++ * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg ++ * block until a message is received or sent respectively. ++ */ ++#define SFA_COMM_TIMEOUT_INFINITE 0xffffffff ++ ++/* ++ * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg ++ * wait a relatively long time (30 minutes) until a message ++ * is received or sent respectively. ++ */ ++#define SFA_COMM_TIMEOUT_LONG (60 * 30) ++ ++/* ++ * Makes calls to SFA_Comm_Recvmsg and SFA_Comm_Sendmsg ++ * wait a midrange amount of time (10 minutes) until a message ++ * is received or sent respectively. ++ */ ++#define SFA_COMM_TIMEOUT_MEDIUM (60 * 10) ++ ++/* ++ * Lengths of strings ++ */ ++#define SFA_COMM_VERSION_LEN 80 ++#define SFA_COMM_PLUGIN_LEN 30 ++#define SFA_COMM_PLATFORM_LEN 30 ++#define SFA_COMM_FILENAME_LEN 1024 ++#define SFA_COMM_USERNAME_LEN 1024 ++#define SFA_COMM_URL_LEN SFPL_MAX_URL ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Types ++ * ++\*--------------------------------------------------------------*/ ++ ++/* ++ * Values to be returned by functions. SFA_COMM_RETURN_OK ++ * is the only non-error return. ++ */ ++typedef enum { ++ SFA_COMM_RETURN_FIRST = 1, /* Must be first */ ++ ++ /* ++ * All platforms ++ */ ++ SFA_COMM_RETURN_OK, ++ SFA_COMM_RETURN_ERROR, ++ SFA_COMM_RETURN_INVALID_HANDLE, ++ SFA_COMM_RETURN_INVALID_MSG_TYPE, ++ SFA_COMM_RETURN_INVALID_PARAMETER, ++ SFA_COMM_RETURN_MALFORMED_MESSAGE, ++ SFA_COMM_RETURN_NO_COMM_CHANNEL, ++ SFA_COMM_RETURN_CONNECT, ++ SFA_COMM_RETURN_SEND, ++ SFA_COMM_RETURN_SEND_TIMEOUT, ++ SFA_COMM_RETURN_RECEIVE, ++ SFA_COMM_RETURN_RECEIVE_TIMEOUT, ++ SFA_COMM_RETURN_NO_MEMORY, ++ SFA_COMM_RETURN_CONNECTION_CLOSED, ++ ++#ifdef WIN32 ++ /* ++ * Windows only ++ */ ++ SFA_COMM_RETURN_CREATEPIPE, ++ SFA_COMM_RETURN_WAITNAMEDPIPE, ++ SFA_COMM_RETURN_OPENPIPE, ++ SFA_COMM_RETURN_WAITFAILED, ++ SFA_COMM_RETURN_OVERLAPPEDFAILED, ++ ++#else /* WIN32 */ ++ ++ /* ++ * UNIX only ++ */ ++ SFA_COMM_RETURN_MALFORMED_MESSAGE_HEADER, ++ SFA_COMM_RETURN_SELECT, ++ SFA_COMM_RETURN_ACCEPT, ++ SFA_COMM_RETURN_UNLINK, ++ SFA_COMM_RETURN_SOCKET, ++ SFA_COMM_RETURN_BIND, ++ SFA_COMM_RETURN_LISTEN, ++#endif /* WIN32 */ ++ ++ SFA_COMM_RETURN_LAST, /* Must be last */ ++} SFA_Comm_Return_Type; ++ ++/* ++ * Types of messages that are sent between the client and the server ++ */ ++typedef enum { ++ SFA_COMM_MSG_FIRST = 1, /* Must be first */ ++ ++ /* Request messages (sent by client) */ ++ SFA_COMM_MSG_PLUGIN_INFO, ++ SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG, ++ SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST, ++ SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER, ++ SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER, ++ SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER, ++ ++ /* Response messages (sent by server) */ ++ SFA_COMM_MSG_PLUGIN_INFO_RESP, ++ SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG_RESP, ++ SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST_RESP, ++ SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER_RESP, ++ SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER_RESP, ++ SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER_RESP, ++ ++ SFA_COMM_MSG_LAST, /* Must be last */ ++} SFA_Comm_Msg_Type; ++ ++/* ++ * Used to hold the results of an SFA_COMM_MSG_PLUGIN_INFO_RESP ++ * response which is returned in response to an ++ * SFA_COMM_MSG_PLUGIN_INFO request. ++ */ ++typedef struct { ++ SFA_Comm_Return_Type remote_status; ++ char version[SFA_COMM_VERSION_LEN + 1]; ++ char plugin_name[SFA_COMM_PLUGIN_LEN + 1]; ++ char platform_name[SFA_COMM_PLATFORM_LEN + 1]; ++} SFA_Comm_Plugin_Info; ++ ++/* ++ * Specifies the information to be sent in an ++ * SFA_COMM_MSG_RELOAD_CONFIG request. ++ */ ++typedef struct { ++ SFA_Comm_Return_Type remote_status; ++ char filename[SFA_COMM_FILENAME_LEN + 1]; ++} SFA_Comm_Plugin_Reload_Config; ++ ++/* ++ * Specifies the information to be sent in an ++ * SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST request. ++ */ ++typedef struct { ++ SFA_Comm_Return_Type remote_status; ++ char filename[SFA_COMM_FILENAME_LEN + 1]; ++} SFA_Comm_Plugin_Reload_Control_List; ++ ++ ++/* ++ * Specifies the information to be sent in an ++ * SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER request. ++ */ ++typedef struct { ++ SFA_Comm_Return_Type remote_status; ++ char authover_username[SFA_COMM_USERNAME_LEN]; ++ char username[SFA_COMM_USERNAME_LEN]; ++ char client_ip[20]; ++ unsigned int duration; ++ char url[SFA_COMM_URL_LEN]; ++ char reason[80]; ++ char reasondata[80]; ++ time_t date; ++} SFA_Comm_Plugin_Add_AuthOver_User; ++ ++/* ++ * Specifies the information to be sent in an ++ * SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER request. ++ */ ++typedef SFA_Comm_Plugin_Add_AuthOver_User SFA_Comm_Plugin_Remove_AuthOver_User; ++ ++/* ++ * Specifies the information to be sent in an ++ * SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER request. ++ */ ++typedef struct { ++ SFA_Comm_Return_Type remote_status; ++ char username[SFA_COMM_USERNAME_LEN]; ++ char client_ip[20]; ++ char url[SFA_COMM_URL_LEN]; ++ char reason[80]; ++ char reasondata[80]; ++ time_t date; ++} SFA_Comm_Plugin_Add_Bypass_User; ++ ++/* ++ * An opaque definition of the SmartFilter Agent Communications Handle ++ */ ++typedef struct SFA_Comm_Handle_s SFA_Comm_Handle; ++ ++ ++ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Prototypes ++ * ++\*--------------------------------------------------------------*/ ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_Client_Init ++ * ++ * Purpose: Used by the client to initialize the communications ++ * layer. ++ * ++ * Parameters: out - hdl - Filled in with a handle to the opened ++ * communications layer. ++ * ++ * Notes: Call SFA_Comm_End to close the communications layer. ++ * ++\*--------------------------------------------------------------*/ ++SFA_Comm_Return_Type ++SFA_Comm_Client_Init(SFA_Comm_Handle **hdl, ++ SFPL_Handle sfpl_handle); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_Server_Init ++ * ++ * Purpose: Used by the server to initialize the communications ++ * layer. ++ * ++ * Parameters: out - hdl - Filled in with a handle to the opened ++ * communications layer. ++ * ++ * Notes: Call SFA_Comm_End to close the communications layer. ++ * ++\*--------------------------------------------------------------*/ ++SFA_Comm_Return_Type ++SFA_Comm_Server_Init(SFA_Comm_Handle **hdl, ++ SFPL_Handle sfpl_handle); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_Recvmsg ++ * ++ * Purpose: Receives a message from the other end of the ++ * communications channel. ++ * ++ * Parameters: in - hdl - must be the handle returned by ++ * SFA_Comm_[Client|Server]_Init. ++ * out - type - the type of message that was ++ * received -- must not be NULL. ++ * out - info - set to point to allocated memory that ++ * must be freed by the caller after the ++ * caller is finished with the received ++ * message. The allocated memory is a ++ * message-specific structure that is ++ * filled in with message-specific data. ++ * in - timeout - the number of seconds to wait ++ * to receive a message before ++ * returning control to the caller. ++ * Specifying SFA_COMM_TIMEOUT_INFINITE ++ * results in the call blocking until ++ * a message is received. ++ * ++ * Notes: If a timeout or an error occurs, type and info are ++ * not updated and should not be accessed. ++ * ++ * Must call SFA_Comm_[Client|Server]_Init first. ++ * ++\*--------------------------------------------------------------*/ ++SFA_Comm_Return_Type ++SFA_Comm_Recvmsg(SFA_Comm_Handle *hdl, ++ SFA_Comm_Msg_Type *type, ++ void **info, ++ unsigned int timeout); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_Sendmsg ++ * ++ * Purpose: Sends a message to the other end of the ++ * communications channel. ++ * ++ * Parameters: in - hdl - must be the handle returned by ++ * SF_Comm_[Client|Server]_Init. ++ * in - type - the type of message to be sent. ++ * in - info - the message-specific informational ++ * structure used to build the message ++ * before it is sent. ++ * in - timeout - the number of seconds to wait ++ * to send the message before ++ * returning control to the caller. ++ * Specifying SFA_COMM_TIMEOUT_INFINITE ++ * results in the call blocking until ++ * the message is sent. ++ * ++ * Notes: Must call SFA_Comm_[Client|Server]_Init first. ++ * ++\*--------------------------------------------------------------*/ ++SFA_Comm_Return_Type ++SFA_Comm_Sendmsg(SFA_Comm_Handle *hdl, ++ SFA_Comm_Msg_Type type, ++ const void *info, ++ unsigned int timeout); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_Strerror ++ * ++ * Purpose: Gets an error message string ++ * ++ * Parameters: in - ret - The error for which to get the ++ * message string. ++ * ++ * Notes: The returned string must not be freed by the caller ++ * ++\*--------------------------------------------------------------*/ ++char * ++SFA_Comm_Strerror(SFA_Comm_Return_Type ret); ++ ++/*--------------------------------------------------------------*\ ++ * ++ * Name: SFA_Comm_End ++ * ++ * Purpose: Closes down the communications channel that was ++ * opened with SFA_Comm_[Client|Server]_Init. ++ * ++ * Parameters: update - hdl - must be the handle returned by ++ * SFA_Comm_[Client|Server]_Init. ++ * After this call, hdl is no ++ * longer valid. ++ * ++ * Notes: Call SFA_Comm_[Client|Server]_Init to open the ++ * communications channel. After this call, no more ++ * communications can be done unless ++ * SFA_Comm_[Client|Server]_Init is called again. ++ * ++\*--------------------------------------------------------------*/ ++void ++SFA_Comm_End(SFA_Comm_Handle **hdl); ++ ++ ++ ++# ifdef __cplusplus ++} ++# endif /* __cplusplus */ ++ ++#endif /*INCLUDE_SFA_COMM_IPC_H */ +Binary files ../squid-2.5.STABLE14.orig/lib/libsfcontrol.a and lib/libsfcontrol.a differ +Binary files ../squid-2.5.STABLE14.orig/lib/libsflog_client.a and lib/libsflog_client.a differ +Binary files ../squid-2.5.STABLE14.orig/lib/libsfplugin.a and lib/libsfplugin.a differ +Binary files ../squid-2.5.STABLE14.orig/lib/libsmartfilteragent.a and lib/libsmartfilteragent.a differ diff -uN ../squid-2.5.STABLE14.orig/src/Makefile.in src/Makefile.in --- ../squid-2.5.STABLE14.orig/src/Makefile.in 2005-09-28 16:57:21.000000000 -0400 +++ src/Makefile.in 2007-01-24 01:02:39.311424000 -0500 @@ -120,6 +120,9 @@ VERSION = @VERSION@ XTRA_LIBS = @XTRA_LIBS@ XTRA_OBJS = @XTRA_OBJS@ +SF_LIBS = @SF_LIBS@ +SF_SRCS = @SF_SRCS@ +SF_OBJS = $(SF_SRCS:%.c=%.$(OBJEXT)) am__include = @am__include@ am__quote = @am__quote@ install_sh = @install_sh@ @@ -304,6 +307,7 @@ wais.c \ wccp.c \ whois.c \ + $(SF_SRCS) \ $(WIN32SOURCE) @@ -328,7 +332,8 @@ @LIB_MALLOC@ \ @SSLLIB@ \ -lmiscutil \ - @XTRA_LIBS@ + @XTRA_LIBS@ \ + @SF_LIBS@ unlinkd_SOURCES = @@ -515,7 +520,8 @@ store_swapmeta.$(OBJEXT) store_swapout.$(OBJEXT) \ tools.$(OBJEXT) $(am__objects_9) url.$(OBJEXT) urn.$(OBJEXT) \ useragent.$(OBJEXT) wais.$(OBJEXT) wccp.$(OBJEXT) \ - whois.$(OBJEXT) $(am__objects_10) + whois.$(OBJEXT) $(am__objects_10) \ + $(SF_OBJS) nodist_squid_OBJECTS = repl_modules.$(OBJEXT) auth_modules.$(OBJEXT) \ store_modules.$(OBJEXT) globals.$(OBJEXT) \ string_arrays.$(OBJEXT) diff -uN ../squid-2.5.STABLE14.orig/src/access_log.c src/access_log.c --- ../squid-2.5.STABLE14.orig/src/access_log.c 2005-03-29 18:13:11.000000000 -0500 +++ src/access_log.c 2007-01-24 01:02:39.001446000 -0500 @@ -239,13 +239,21 @@ { const char *client = NULL; char *user = NULL; +#ifdef SMARTFILTER + if (!al->sf_should_log_request) + return; +#endif /* SMARTFILTER */ if (Config.onoff.log_fqdn) client = fqdncache_gethostbyaddr(al->cache.caddr, FQDN_LOOKUP_IF_MISS); if (client == NULL) client = inet_ntoa(al->cache.caddr); user = accessLogFormatName(al->cache.authuser ? al->cache.authuser : al->cache.rfc931); - logfilePrintf(logfile, "%9ld.%03d %6d %s %s/%03d %" PRINTF_OFF_T " %s %s %s %s%s/%s %s", + logfilePrintf(logfile, "%9ld.%03d %6d %s %s/%03d %" PRINTF_OFF_T " %s %s %s %s%s/%s " +#ifdef SMARTFILTER + "%s %s " +#endif + "%s", (long int) current_time.tv_sec, (int) current_time.tv_usec / 1000, al->cache.msec, @@ -259,7 +267,13 @@ al->hier.ping.timedout ? "TIMEOUT_" : "", hier_strings[al->hier.code], al->hier.host, +#ifdef SMARTFILTER + al->http.content_type, + al->sf_action, + al->sf_categories ? al->sf_categories : SFPL_LOG_OPTION_NONE_STRING); +#else al->http.content_type); +#endif safe_free(user); } @@ -268,13 +282,21 @@ { const char *client = NULL; char *user1 = NULL, *user2 = NULL; +#ifdef SMARTFILTER + if (!al->sf_should_log_request) + return; +#endif /* SMARTFILTER */ if (Config.onoff.log_fqdn) client = fqdncache_gethostbyaddr(al->cache.caddr, 0); if (client == NULL) client = inet_ntoa(al->cache.caddr); user1 = accessLogFormatName(al->cache.authuser); user2 = accessLogFormatName(al->cache.rfc931); - logfilePrintf(logfile, "%s %s %s [%s] \"%s %s HTTP/%d.%d\" %d %" PRINTF_OFF_T " %s:%s", + logfilePrintf(logfile, "%s %s %s [%s] \"%s %s HTTP/%d.%d\" %d %" PRINTF_OFF_T " %s:" +#ifdef SMARTFILTER + "%s %s " +#endif + "%s", client, user2 ? user2 : dash_str, user1 ? user1 : dash_str, @@ -285,7 +307,13 @@ al->http.code, al->cache.size, log_tags[al->cache.code], - hier_strings[al->hier.code]); +#ifdef SMARTFILTER + hier_strings[al->hier.code], + al->sf_action, + al->sf_categories ? al->sf_categories : SFPL_LOG_OPTION_NONE_STRING); +#else + hier_strings[al->hier.code]); +#endif safe_free(user1); safe_free(user2); } @@ -293,6 +321,57 @@ void accessLogLog(AccessLogEntry * al) { +#ifdef SMARTFILTER + const char *client = NULL; + char *user = NULL; + if (!al->sf_should_log_request) + return; + if (Config.onoff.log_fqdn) + client = fqdncache_gethostbyaddr(al->cache.caddr, FQDN_LOOKUP_IF_MISS); + if (client == NULL) + client = inet_ntoa(al->cache.caddr); + user = accessLogFormatName(al->cache.authuser ? al->cache.authuser + : al->cache.rfc931); + + SFPL_LogFilterSummary(sfpl_handle, + client, + al->cache.authuser ? al->cache.authuser : + al->cache.rfc931, + al->sf_user_data, + al->sf_policy_name, + al->sf_policy_flags, + al->url, + al->sf_all_cats, + al->sf_restricted_cats, + al->sf_redir_url, + al->sf_delay_time, + al->sf_retcode); + + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("Logging transactions data." + "ip: %s url: %s user: %s cats: %s, retcode: %s %d", + NULL == client ? dash_str : client, + NULL == al->url ? dash_str : al->url, + user && *user ? user : dash_str, + al->sf_categories ? al->sf_categories : "NULL", + al->sf_action, + al->sf_retcode)); + + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + SFPL_LogServerLog(sfpl_handle, + client, + al->url, + al->cache.authuser ? al->cache.authuser : + al->cache.rfc931, + NULL, + al->sf_reporter_categories ? al->sf_reporter_categories : SFPL_LOG_OPTION_NONE_STRING, + 0, + al->sf_retcode); + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + safe_free(user); +#endif /* SMARTFILTER */ + if (LogfileStatus != LOG_ENABLE) return; if (al->url == NULL) Common subdirectories: ../squid-2.5.STABLE14.orig/src/auth and src/auth diff -uN ../squid-2.5.STABLE14.orig/src/cache_cf.c src/cache_cf.c --- ../squid-2.5.STABLE14.orig/src/cache_cf.c 2005-10-26 16:25:42.000000000 -0400 +++ src/cache_cf.c 2007-01-24 01:02:39.011429000 -0500 @@ -342,6 +342,14 @@ wordlistDestroy(&Config.Program.redirect); } } +#ifdef SMARTFILTER + if (Config.Program.sf_userInfo) { + if (Config.sf_userInfoChildren < 1) { + Config.sf_userInfoChildren = 0; + wordlistDestroy(&Config.Program.sf_userInfo); + } + } +#endif if (Config.Accel.host) { snprintf(buf, BUFSIZ, "http://%s:%d", Config.Accel.host, Config.Accel.port); Config2.Accel.prefix = xstrdup(buf); @@ -395,6 +403,11 @@ #endif if (Config.Program.redirect) requirePathnameExists("redirect_program", Config.Program.redirect->key); +#ifdef SMARTFILTER + if (Config.Program.sf_userInfo) + requirePathnameExists("smartfilter_userinfo_program", Config.Program.sf_userInfo->key); +#endif + requirePathnameExists("Icon Directory", Config.icons.directory); requirePathnameExists("Error Directory", Config.errorDirectory); #if HTTP_VIOLATIONS diff -uN ../squid-2.5.STABLE14.orig/src/cf.data.pre src/cf.data.pre --- ../squid-2.5.STABLE14.orig/src/cf.data.pre 2006-02-25 18:01:45.000000000 -0500 +++ src/cf.data.pre 2007-01-24 01:02:39.021443000 -0500 @@ -1030,6 +1030,56 @@ ----------------------------------------------------------------------------- COMMENT_END +NAME: smartfilter_state +IFDEF: SMARTFILTER +COMMENT: on|off +TYPE: onoff +DEFAULT: off +LOC: Config.SmartFilterState +DOC_START + To enable SmartFilter URL filtering, enable this option. + +smartfilter_state off +DOC_END + +NAME: smartfilter_config +IFDEF: SMARTFILTER +TYPE: string +DEFAULT: @DEFAULT_PREFIX@/etc/config.txt +LOC: Config.SmartFilterConf +DOC_START + Location of SmartFilter configuration file. + +smartfilter_config @DEFAULT_PREFIX@/etc/config.txt +DOC_END + +NAME: smartfilter_userinfo_program +IFDEF: SMARTFILTER +TYPE: wordlist +LOC: Config.Program.sf_userInfo +DEFAULT: none +DOC_START + Specify the location of the executable for the SmartFilter User + Information program. This is used by SmartFilter for looking up + a user's groups in an LDAP server. + By default, the SmartFilter User Information program is not used. + Example: + + smartfilter_userinfo_program @DEFAULT_PREFIX@/libexec/sf_userinfo -f @DEFAULT_PREFIX@/etc/config.txt +DOC_END + +NAME: smartfilter_userinfo_children +IFDEF: SMARTFILTER +TYPE: int +DEFAULT: 5 +LOC: Config.sf_userInfoChildren +DOC_START + The number of SmartFilter User Information processes to spawn. If you + start too few Squid will have to wait for them to process a backlog of + URLs, slowing it down. If you start too many they will use RAM + and other system resources. +DOC_END + NAME: ftp_user TYPE: string DEFAULT: Squid@ diff -uN ../squid-2.5.STABLE14.orig/src/client_side.c src/client_side.c --- ../squid-2.5.STABLE14.orig/src/client_side.c 2006-03-10 17:58:35.000000000 -0500 +++ src/client_side.c 2007-01-24 01:02:39.041416000 -0500 @@ -95,6 +95,15 @@ #include #endif +#ifdef SMARTFILTER +CBDATA_TYPE(SFDelayData); +typedef struct SFDelayData_t +{ + void *data; + char *buf; + ssize_t size; +} SFDelayData; +#endif #if LINGERING_CLOSE #define comm_close comm_lingering_close @@ -151,6 +160,157 @@ static BODY_HANDLER clientReadBody; static void clientAbortBody(request_t * req); +#ifdef SMARTFILTER +void smartfilterUserInfoDone(void *data, char *result) +{ + clientHttpRequest *http = data; + + http->redirect_state = REDIRECT_PENDING; + if (result) { + char *p = NULL; + char *type = NULL; + char *sfdata = NULL; + SFUserInfoData *udata = NULL; + + /* + * Format of a result is: TYPE DATA + */ + p = strchr(result, '\n'); + if (NULL != p) + { + *p = '\0'; + } + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Lookup result: '%s'", + result)); + p = strchr(result, ' '); + if (NULL != p) + { + + *p = '\0'; + type = result; + sfdata = p + 1; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Lookup type: '%s', data: '%s'", + type, + sfdata)); + + udata = http->sfinfo.sf_userinfo_data; + /* + * Both parameters are present, process them + */ + if (0 == strcmp(GROUPS_LOOKUP_STR, type)) + { + xstrncpy(udata->u.group.grouplist, + sfdata, + sizeof(udata->u.group.grouplist)); + } + else if (0 == strcmp(USERNAME_LOOKUP_STR, type)) + { + char *username = NULL; + char *hard = NULL; + char *soft = NULL; + + username = sfdata; + hard = strchr(username + 1, ':'); + if (NULL != hard) + { + *hard = '\0'; + hard++; + soft = strchr(hard, ':'); + if (NULL != soft) + { + *soft = '\0'; + soft++; + } + } + + udata->u.username.transauth_failed = 0; + udata->u.username.transauth_fail_action = SFPL_ALLOW; + udata->u.username.username[0] = '\0'; + if (0 == strcmp(TRANSAUTH_FAIL_FILTER, username)) + { + udata->u.username.transauth_failed = 1; + } + else if (0 == strcmp(TRANSAUTH_FAIL_BLOCK, username)) + { + udata->u.username.transauth_failed = 1; + udata->u.username.transauth_fail_action = + SFPL_BLOCK; + } + else + { + xstrncpy(udata->u.username.username, + username, + sizeof(udata->u.username.username)); + udata->u.username.timeout_hard = 0; + udata->u.username.timeout_soft = 0; + if (NULL != hard) + { + udata->u.username.timeout_hard = atoi(hard); + } + if (NULL != soft) + { + udata->u.username.timeout_soft = atoi(soft); + } + } + } + } + } + clientRedirectDone(data, NULL); +} + +void smartfilterReverseLookupDone(const char *host, void *data) +{ + clientHttpRequest *http = data; + + http->redirect_state = REDIRECT_PENDING; + if (host) { + http->sfinfo.sf_lookup_result = xstrdup(host); + } + clientRedirectDone(data, NULL); +} + +void smartfilterForwardLookupDone(const ipcache_addrs *addrs, void *data) +{ + clientHttpRequest *http = data; + + http->redirect_state = REDIRECT_PENDING; + if (addrs) { + http->sfinfo.sf_lookup_result = xstrdup(inet_ntoa(addrs->in_addrs[0])); + } + clientRedirectDone(data, NULL); +} + +void clientSmartfilterDelay(void *data) +{ + SFDelayData *delay_data = data; + if (delay_data->data) + { + clientSendMoreData(delay_data->data, + delay_data->buf, + delay_data->size); + } + + cbdataFree(data); +} + +static void +smartfilterClientWriteComplete(int fd, + char *bufnotused, + size_t size, + int errflag, + void *data) +{ + comm_close(fd); + return; +} + +#endif + static int checkAccelOnly(clientHttpRequest * http) { @@ -392,6 +552,136 @@ http->request = requestLink(new_request); } clientInterpretRequestHeaders(http); +#ifdef SMARTFILTER + if (Config.SmartFilterState) + { + int retcode = smartfilter_check_url(http->conn->fd, http); + + if ((retcode == SFPL_LOOKUP_FORWARD) || + (retcode == SFPL_LOOKUP_REVERSE)) + { + /* a look-up has been started; wait for it. */ + return; + } + else if (retcode != SFPL_OK) + { + /* + * An error occurred, default to allowing + */ + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("SmartFilter encountered an error, " + "allowing access to the URL")); + http->al.sf_retcode = SFPL_ALLOW; + http->request->sfdelay_time = 0; + } + + if ((http->al.sf_retcode == SFPL_ALLOW) && + (0 != http->request->sfdelay_time)) + { + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("SmartFilter delayed the url for %d seconds", + http->request->sfdelay_time - squid_curtime)); + } + else if ((http->al.sf_retcode == SFPL_BLOCK) || + (http->al.sf_retcode == SFPL_WARN)) + { + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("SmartFilter blocked or warned the url")); + /* + * Action requires a redirect or a meta-refresh + * (meta-refresh to the authserver or redirect + * to the appropriate action page). + */ + + /* Handle meta_refresh redirects. */ + if (SF_META_REFRESH == http->sfinfo.sf_response_type) + { + HttpReply *rep = NULL; + http_version_t version; + MemBuf content; + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Client will be redirected via " + "meta-refresh to the url: '%s'", + http->al.sf_redir_url)); + + rep = httpReplyCreate(); + + http->log_type = LOG_TCP_DENIED; + http->al.http.code = HTTP_OK; + + httpBuildVersion(&version, 1, 1); + + memBufDefInit(&content); + + memBufPrintf(&content, + "" + "" + "" + "" + "", + http->al.sf_redir_url); + + httpReplySetHeaders(rep, + version, + HTTP_OK, + NULL, + "text/html", + content.size, + 0, + squid_curtime); + + httpBodySet(&rep->body, &content); + + comm_write_mbuf(http->conn->fd, + httpReplyPack(rep), + smartfilterClientWriteComplete, + NULL); + + httpReplyDestroy(rep); + + } + /* Handle HTTP redirects. */ + else /* (SF_REDIRECT_URL == http->sfinfo.sf_response_type) */ + { + http->redirect.status = HTTP_MOVED_TEMPORARILY; + http->redirect.location = xstrdup(http->al.sf_redir_url); + http->log_type = LOG_TCP_DENIED; + http->al.http.code = HTTP_MOVED_TEMPORARILY; + http->entry = NULL; + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("Client will be redirected via " + "HTTP %d redirect url: '%s'", + http->redirect.status, + http->redirect.location)); + + clientProcessMiss(http); + } + + return; + + } + else + { + /* + * All other actions are treated as allows. + */ + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("SmartFilter allowed the url")); + } + } + else + { + debug(61, 5)("clientRedirectDone: SmartFilter disabled\n"); + } +#endif #if HEADERS_LOG headersLog(0, 1, request->method, request); #endif @@ -912,6 +1202,20 @@ http->sc = NULL; storeUnlockObject(e); } +#ifdef SMARTFILTER + if (NULL != http->al.sf_user_data) + { + SFPL_FreeUserData(sfpl_handle, http->al.sf_user_data); + http->al.sf_user_data = NULL; + } + safe_free(http->al.sf_policy_name); + if (http->sfinfo.sf_delay_data) { + SFDelayData *sf_data = (SFDelayData *) http->sfinfo.sf_delay_data; + sf_data->data = NULL; + } + safe_free(http->sfinfo.sf_url); + safe_free(http->sfinfo.sf_lookup_result); +#endif /* old_entry might still be set if we didn't yet get the reply * code in clientHandleIMSReply() */ if ((e = http->old_entry)) { @@ -1430,6 +1734,8 @@ httpHeaderPutInt(hdr, HDR_AGE, squid_curtime - http->entry->timestamp); } + +#ifndef SMARTFILTER /* Filter unproxyable authentication types */ if (http->log_type != LOG_TCP_DENIED && (httpHeaderHas(hdr, HDR_WWW_AUTHENTICATE) || httpHeaderHas(hdr, HDR_PROXY_AUTHENTICATE))) { @@ -1447,6 +1753,8 @@ } } } +#endif + /* Handle authentication headers */ if (request->auth_user_request) authenticateFixHeader(rep, request->auth_user_request, request, http->flags.accel, 0); @@ -1982,6 +2290,26 @@ dlinkAdd(http, &http->active, &ClientActiveRequests); debug(33, 5) ("clientSendMoreData: FD %d '%s', out.offset=%ld \n", fd, storeUrl(entry), (long int) http->out.offset); +#ifdef SMARTFILTER + http->sfinfo.sf_delay_data = NULL; + if (http->request->sfdelay_time > squid_curtime) { + /* Smartfilter is asking for a delay, so defer this... */ + SFDelayData *delay_data = NULL; + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("Defering '%s' due to delay action", + storeUrl(entry))); + CBDATA_INIT_TYPE(SFDelayData); + delay_data = cbdataAlloc(SFDelayData); + delay_data->data = data; + delay_data->buf = buf; + delay_data->size = size; + eventAdd("SmartFilter delay", clientSmartfilterDelay, delay_data, + (double)(http->request->sfdelay_time - squid_curtime), 1); + http->sfinfo.sf_delay_data = (void *)delay_data; + return; + } +#endif if (conn->chr != http) { /* there is another object in progress, defer this one */ debug(33, 2) ("clientSendMoreData: Deferring %s\n", storeUrl(entry)); Common subdirectories: ../squid-2.5.STABLE14.orig/src/fs and src/fs diff -uN ../squid-2.5.STABLE14.orig/src/http.c src/http.c --- ../squid-2.5.STABLE14.orig/src/http.c 2005-10-18 11:09:56.000000000 -0400 +++ src/http.c 2007-01-24 01:02:39.041435000 -0500 @@ -776,6 +776,18 @@ } } +#ifdef SMARTFILTER +int httpSmartfilterCheckDeferRead(int fd, void * data) +{ + HttpStateData *httpState = data; + + if (httpState->request->sfdelay_time > squid_curtime) { + return 1; + } + return fwdCheckDeferRead(fd, httpState->entry); +} +#endif + /* This will be called when request write is complete. Schedule read of * reply. */ static void @@ -812,7 +824,16 @@ * request bodies. */ commSetTimeout(fd, Config.Timeout.read, httpTimeout, httpState); - commSetDefer(fd, fwdCheckDeferRead, entry); +#ifdef SMARTFILTER + /* check for smartfilter delay */ + if (httpState->request->sfdelay_time > squid_curtime) { + commSetDefer(fd, httpSmartfilterCheckDeferRead, httpState); + } else { + commSetDefer(fd, fwdCheckDeferRead, entry); + } +#else + commSetDefer(fd, fwdCheckDeferRead, entry); +#endif } httpState->flags.request_sent = 1; } diff -uN ../squid-2.5.STABLE14.orig/src/main.c src/main.c --- ../squid-2.5.STABLE14.orig/src/main.c 2005-06-27 17:24:28.000000000 -0400 +++ src/main.c 2007-01-24 01:02:39.041455000 -0500 @@ -332,6 +332,9 @@ mainReconfigure(void) { debug(1, 1) ("Reconfiguring Squid Cache (version %s)...\n", version_string); +#ifdef SMARTFILTER + smartfilter_free(); +#endif reconfiguring = 1; /* Already called serverConnectionsClose and ipcacheShutdownServers() */ serverConnectionsClose(); @@ -352,6 +355,9 @@ #endif redirectShutdown(); authenticateShutdown(); +#ifdef SMARTFILTER + sf_userInfoShutdown(); +#endif externalAclShutdown(); storeDirCloseSwapLogs(); storeLogClose(); @@ -379,6 +385,10 @@ #endif redirectInit(); authenticateInit(&Config.authConfig); +#ifdef SMARTFILTER + sf_userInfoInit(); + smartfilter_init(); +#endif externalAclInit(); #if USE_WCCP wccpInit(); @@ -407,6 +417,9 @@ #endif redirectShutdown(); authenticateShutdown(); +#ifdef SMARTFILTER + sf_userInfoShutdown(); +#endif externalAclShutdown(); _db_rotate_log(); /* cache.log */ storeDirWriteCleanLogs(1); @@ -423,6 +436,9 @@ #endif redirectInit(); authenticateInit(&Config.authConfig); +#ifdef SMARTFILTER + sf_userInfoInit(); +#endif externalAclInit(); } @@ -508,6 +524,9 @@ #endif redirectInit(); authenticateInit(&Config.authConfig); +#ifdef SMARTFILTER + sf_userInfoInit(); +#endif externalAclInit(); useragentOpenLog(); refererOpenLog(); @@ -544,6 +563,9 @@ #endif fwdInit(); } +#ifdef SMARTFILTER + smartfilter_init(); +#endif #if USE_WCCP wccpInit(); #endif @@ -964,6 +986,9 @@ idnsShutdown(); #endif redirectShutdown(); +#ifdef SMARTFILTER + sf_userInfoShutdown(); +#endif externalAclShutdown(); icpConnectionClose(); #if USE_HTCP diff -uN ../squid-2.5.STABLE14.orig/src/protos.h src/protos.h --- ../squid-2.5.STABLE14.orig/src/protos.h 2006-02-25 18:07:50.000000000 -0500 +++ src/protos.h 2007-01-24 01:02:39.311442000 -0500 @@ -730,6 +730,13 @@ /* auth_modules.c */ extern void authSchemeSetup(void); +#ifdef SMARTFILTER +/* SmartFilter smartfilter_userinfo.c */ +extern void sf_userInfoStart(SFUserInfoData *, RH *, void *); +extern void sf_userInfoInit(void); +extern void sf_userInfoShutdown(void); +#endif + /* authenticate.c */ extern void authenticateAuthUserMerge(auth_user_t *, auth_user_t *); extern auth_user_t *authenticateAuthUserNew(const char *); Common subdirectories: ../squid-2.5.STABLE14.orig/src/repl and src/repl diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_squid.c src/smartfilter_squid.c --- ../squid-2.5.STABLE14.orig/src/smartfilter_squid.c 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_squid.c 2006-08-15 14:00:34.000000000 -0400 @@ -0,0 +1,1745 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Squid Plugin + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_squid.c,v $ + * $Revision: 1.25.2.6 $ + * $Date: 2006/08/15 18:00:34 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ +#include "squid.h" +#include "globals.h" +#include "sf_control.h" +#include "sf_plugin.h" +#include "smartfilter_userinfo.h" +#include "smartfilter_thread.h" +#include + +SFPL_Handle sfpl_handle = NULL; + +static SFCL_Handle sfcl_handle = NULL; +static pthread_t agent_comm_thread; +int trans_log_option = SFPL_LOG_OPTION_NONE; + + +#define DNS_LOOKUP 0x00000001 +#define GROUP_LOOKUP 0x00000002 +#define USERNAME_LOOKUP 0x00000004 +#define SQUID_AUTHED 0x00001000 +#define SF_AUTHED 0x00002000 +#define AUTH_REDIRECT 0x00004000 +#define AUTH_FINISHED 0x00008000 + +#define TRANSACTION_LOGGING_ON() (SFPL_LOG_OPTION_NONE != trans_log_option) + +void +smartfilterReverseLookupDone(const char *host, void *data); + +void smartfilterForwardLookupDone(const ipcache_addrs *addrs, void *data); + +void +smartfilterUserInfoDone(void *data, char *result); + +void +_plugin_log_func(SFPL_Log_Level level, + SFPL_Log_Area area, + const char *message); + +static void +_clean_up(void); + +static int +_get_policy(clientHttpRequest *cli_http, + void *data, + SFPL_Policy **policy, + SFPL_User_Data **user_data); + +static int +_init_sfinfo(clientHttpRequest *cli_http, + void *data, + SFInfo *sfinfo); + +static int +_handle_transauth(clientHttpRequest *cli_http, + void *data, + SFInfo *sfinfo, + int *lookup_started, + int *redirect_needed); + +/*--------------------------------------------------------------------------*\ + * + * Name: smartfilter_init + * + * Purpose: initialize SmartFilter and load settings from configuration file. + * + * Parameters: none. + * + * Return values: TRUE (0) or FALSE (1) if problems occur. +\*--------------------------------------------------------------------------*/ +int +smartfilter_init() +{ + char err_msg[SFPL_MAX_MESSAGE]; + int retcode; + char version_string[SFPL_API_VERSION_DESC_LEN]; + + if (Config.SmartFilterState) + { + debug(61, 0) ("Smartfilter: Initializing SmartFilter\n"); + } + else + { + debug(61, 0) ("SmartFilter: SmartFilter is disabled\n"); + return FALSE; + } + + /* + * Initalize SmartFilter API + */ + if (SFPL_OK != SFPL_Startup()) + { + debug(61, 0) ("SmartFilter: Startup failed\n"); + return FALSE; + } + + if (SFPL_OK != SFPL_HandleCreate(&sfpl_handle)) + { + debug(61, 0) ("SmartFilter: Initialization failed\n"); + SFPL_Shutdown(); + return FALSE; + } + + /* + * Register the log function. + */ + if (SFPL_OK != SFPL_LogFunctionSet(sfpl_handle, + _plugin_log_func)) + { + debug(61, 0) ("SmartFilter: Logging setup failed\n"); + } + + /* + * Get SmartFilter Version + */ + if (SFPL_OK != SFPL_HandleInfoGet(sfpl_handle, + SFPL_HANDLE_INFO_API_VERSION_DESC, + version_string)) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to retrieve SmartFilter version info")); + } + else + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("%s", version_string)); + } + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Config file is %s", + Config.SmartFilterConf)); + + sfcl_handle = NULL; + if (SFPL_OK != SFPL_HandleInfoGet(sfpl_handle, + SFPL_HANDLE_INFO_CONTROL_HANDLE, + &sfcl_handle)) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to retrieve control handle")); + smartfilter_free(); + return FALSE; + } + + /* + * Check usage. + */ + + if(!Config.SmartFilterConf) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Missing config file parameter")); + smartfilter_free(); + return FALSE; + } + + /* + * Read SmartFilter config file. + */ + + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_WRITE); + retcode = SFPL_ProcessConfigFile(sfpl_handle, + Config.SmartFilterConf, + err_msg); + + if ( SFPL_OK != retcode ) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Process config file failed (%d) '%s'", + retcode, err_msg)); + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_WRITE); + return FALSE; + } + + if (SFPL_OK != SFPL_HandleInfoGet(sfpl_handle, + SFPL_HANDLE_INFO_LOG_OPTION, + &trans_log_option)) + { + SFPL_LOG_WARNING(sfpl_handle, + MY_LOG_AREA, + ("Failed to get transaction logging " + "option on config load, defaulting to none")); + trans_log_option = SFPL_LOG_OPTION_NONE; + } + + /* + * Disable internal DNS in SmartFilter API since it is + * a blocking function. + */ + SFPL_EnableExternalDNS(sfpl_handle, SFPL_ENABLE); + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_WRITE); + + /* + * Start the communication thread that talks to sfagent. + */ + if (SFA_PluginThreadInit(sfpl_handle, &agent_comm_thread)) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to create communication thread '%d'", + errno)); + return FALSE; + } + /* + * Be sure to clean up after ourselves when we exit. + */ + atexit(_clean_up); + + + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Created communication thread")); + + /* + * Log err_msg even if SmartFilter loaded okay. The control list + * could be expired. + */ + + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("%s", err_msg)); + return TRUE; +} + +/*--------------------------------------------------------------------------*\ + * Name: sf_free_grouplist + * + * Purpose: Free a grouplist. + * + * Parameters: grouplist - linked list of SFPL_User_Group_List structs. + * + * Return Value: None. +\*--------------------------------------------------------------------------*/ +void +sf_free_grouplist(SFPL_User_Group_List *grouplist) +{ + SFPL_User_Group_List *group = NULL; + + while (grouplist) + { + group = grouplist->next; + grouplist->next = NULL; + safe_free(grouplist); + grouplist = group; + } +} + +/*--------------------------------------------------------------------------*\ + * Name: sf_string_to_list + * + * Purpose: Convert a string of groupnames into a linked list of + * SFPL_User_Group_List. + * + * Parameters: group_string - string of group names. + * group_list - group linked list + * + * Return Value: SFPL_OK - success. + * SFPL_NOMEM - memory allocation failure. +\*--------------------------------------------------------------------------*/ +int +sf_string_to_list(char *grouplist_string, + SFPL_User_Group_List **grouplist) +{ + char *tokenPtr = NULL; + SFPL_User_Group_List *new_group = NULL; + + *grouplist = NULL; + if (strchr(grouplist_string, ',') != NULL) + { + tokenPtr = strtok(grouplist_string, ","); + while (tokenPtr) + { + new_group = (SFPL_User_Group_List *)xcalloc(1, + sizeof(SFPL_User_Group_List)); + if (NULL == new_group) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to allocate memory for groups")); + return SFPL_NOMEM; + } + + xstrncpy(new_group->group_name, tokenPtr, SFPL_MAX_GROUPNAME); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("group name '%s'", + new_group->group_name)); + new_group->next = *grouplist; + *grouplist = new_group; + tokenPtr = strtok(NULL, ","); + } + } + return SFPL_OK; +} + +/*--------------------------------------------------------------------------*\ + * Name: sf_get_ip_policy + * + * Purpose: Check if the IP Address belongs to a range. If it does + * retrieve the Policy it belongs to. + * + * Parameters: sfpl_handle - the SmartFilter handle. + * ipaddr - the client ip. + * policy - the new policy. + * + * Return Value: SFPL_OK - success. + * SFPL_NOMEM - memory allocation failure. +\*--------------------------------------------------------------------------*/ +int +sf_get_ip_policy(char *ipaddr, + SFPL_Policy **policy, + SFPL_User_Data **user_data) +{ + int retcode = SFPL_OK; + SFPL_User_Group_List *grouplist = NULL; + int total_groups = 0; + char err_msg[SFPL_MAX_MESSAGE]; + int log_error = 0; + + SFPL_LOG_TRACE_ENTER(sfpl_handle, + MY_LOG_AREA, + ("args(%s, %p, %p)", + (NULL == ipaddr) ? "NULL" : ipaddr, + policy, + user_data)); + retcode = SFPL_CheckUserCache(sfpl_handle, + ipaddr, + SFPL_USER_QUERY_IP, + user_data); + if (SFPL_FOUND == retcode) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("ipaddr '%s' found in cache", + ipaddr)); + } + else if (SFPL_NOT_FOUND == retcode) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("ipaddr '%s' not found in cache", + ipaddr)); + SFPL_GetIPRangeGroups(sfpl_handle, + ipaddr, + &grouplist, + &total_groups); + /* + * Retrieve the policies for the given groups. If there + * are no groups then the default policy is retrieved + */ + retcode = SFPL_GroupPolicyGet(sfpl_handle, + grouplist, + user_data); + + if (NULL != grouplist) + { + SFPL_FreeGroupList(sfpl_handle, grouplist); + grouplist = NULL; + } + + /* + * Cache the user data, but only if group policy did not + * return an error. This way we will only cache valid user data, + * not accidentally cache NULL on an error from group policy + * get. + * + * Note: SFPL_OK is returned from SFPL_GroupPolicyGet when SFPL_FOUND + * should be returned. + */ + if ((SFPL_FOUND == retcode) || + (SFPL_NOT_FOUND == retcode) || + (SFPL_OK == retcode)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Caching ipaddress '%s'", + ipaddr)); + SFPL_AddUserCacheEntry(sfpl_handle, + ipaddr, + SFPL_USER_QUERY_IP, + *user_data); + } + } + + /* + * This will merge all the policies into one. If no policies were + * found, this will retrieve the Default policy. + */ + retcode = SFPL_GroupPolicyMerge(sfpl_handle, + *user_data, + policy, + err_msg, + SFPL_MAX_MESSAGE, + &log_error); + + SFPL_LOG_TRACE_EXIT(sfpl_handle, + MY_LOG_AREA, + ("Returning %d (policy %p)", + retcode, + *policy)); + return retcode; +} + + +/*************************************************************************** + * Name: smartfilter_check_url + * + * Purpose: Check if a url should be allowed, blocked, warned, or delayed + * based on user, ipaddress, or default policy. + * (Puts the action value in cli_http->al.sf_retcode) + * + * Parameters: int fd + * void *data + * + * Return Value: SFPL_OK - success. + * SFPL_ERROR - An error occurred. + * SFPL_NOMEM - memory allocation failure. + * SFPL_EXPIRED_LIST - list expired. + * SFPL_INVALID_HANDLE - invalid plugin handle. + * SFPL_LOOKUP_FORWARD - a forward lookup was started + * SFPL_LOOKUP_REVERSE - a reverse lookup was started + * + * Note: if the action is SFPL_DELAY, a delay time is set, which is checked + * inside "ClientReadDefer". It will defer the fd from being handled + * until the SmartFilter delay time has passed. + ***************************************************************************/ +int +smartfilter_check_url(int fd, + void *data) +{ + clientHttpRequest *cli_http = (clientHttpRequest *)data; + int retcode = SFPL_ERROR; + SFPL_Policy *policy = NULL; + char *sf_action = SFPL_INVALID_ACTION_STR; + int filter_it = 1; + char *dest_addr = NULL; + SFInfo *sfinfo = NULL; + int lookup_started = FALSE; + int redirect_needed = FALSE; + int r = 0; + + if (!sfpl_handle) + { + /* + * Smartfilter init not done, let it go. + */ + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Plugin handle not intialized")); + return SFPL_INVALID_HANDLE; + } + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("url is '%s'", + cli_http->uri)); + + sfinfo = &cli_http->sfinfo; + + /* + * Check if we've already parsed the url or not. + * If we've already parsed the URL it means we have already + * been in this function before and had to do some sort + * of blocking call and we got called again when that + * call finished. + */ + if (NULL == sfinfo->sf_parsed_url) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("First time through for url '%s'", + cli_http->uri)); + if (SFPL_OK != _init_sfinfo(cli_http, data, sfinfo)) + { + return SFPL_ERROR; + } + } + else + { + /* + * If this url has already been delayed, don't filter + * this url again and skip down to the logging portion + * of this function + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Not the first time through for url '%s'", + sfinfo->sf_url)); + if (0 != cli_http->request->sfdelay_time) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Url has finished delay")); + goto logit; + } + } + + + /* + * Default to filtering this URL + */ + filter_it = 1; + + /* + * First check if a dns lookup was performed and use the results + * of the lookup, if available + */ + if (DNS_LOOKUP & sfinfo->sf_flags) + { + if ((NULL == sfinfo->sf_lookup_result) || + ('\0' == sfinfo->sf_lookup_result[0])) + { + /* + * The DNS lookup failed + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Failed to look up '%s', using previous " + "filtering results", + sfinfo->sf_lookup_query)); + filter_it = 0; + retcode = SFPL_OK; + } + else + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Looked '%s' up to '%s'", + sfinfo->sf_lookup_query, + sfinfo->sf_lookup_result)); + if (SFUT_IsIP(sfinfo->sf_lookup_result)) + { + /* + * A forward lookup was performed, use this as the destination + * address in the call to url filter + */ + dest_addr = sfinfo->sf_lookup_result; + } + else + { + /* + * A reverse lookup was performed, rewrite the domain with the + * lookup result + */ + if (SFCL_OK != SFCL_UrlDomainRewrite(sfcl_handle, + sfinfo->sf_parsed_url, + sfinfo->sf_lookup_result)) + { + SFPL_LOG_WARNING(sfpl_handle, + MY_LOG_AREA, + ("Failed to rewrite domain name with " + "'%s'", + sfinfo->sf_lookup_result)); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Using previous filtering results")); + filter_it = 0; + retcode = SFPL_OK; + } + } + } + } + + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + r = _handle_transauth(cli_http, + data, + sfinfo, + &lookup_started, + &redirect_needed); + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + if (0 == r) + { + /* + * An error from handle_transauth means we are no + * longer able to filter. Just return an error + * back to the caller. + */ + return SFPL_ERROR; + } + + if (lookup_started) + { + /* + * SFPL_LOOKUP_FORWARD isn't technically correct since + * we are doing a username lookup, but it makes our caller + * do the right thing. + */ + return SFPL_LOOKUP_FORWARD; + } + + if (redirect_needed) + { + /* + * Setting the action code to SFPL_BLOCK results + * in the caller redirecting the user to the + * redirect URL that was set up in _handle_transauth. + */ + cli_http->al.sf_retcode = SFPL_BLOCK; + + /* + * In order for IE browsers to trust the SmartFilter + * Authentication Server, the browsers are now redirected + * to the Auth Server via meta-refresh pages. + */ + cli_http->sfinfo.sf_response_type = SF_META_REFRESH; + + /* + * Just return SFPL_OK here as we don't want to log + * requests that are redirected to the auth server. + */ + return SFPL_OK; + } + + /* + * if filtering this url, locate the policy and filter it + */ + if (filter_it) + { + if (NULL != cli_http->al.sf_user_data) + { + SFPL_FreeUserData(sfpl_handle, cli_http->al.sf_user_data); + cli_http->al.sf_user_data = NULL; + } + + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + + if (!_get_policy(cli_http, + data, + &policy, + &cli_http->al.sf_user_data)) + { + /* + * The only thing we can do here is set policy to NULL + * and continue on filtering. This will result in + * a block. + */ + policy = NULL; + } + + /* + * If a lookup job was started, get out so the lookup job + * can finish. When the lookup job finishes, we will + * be called again. + */ + if (GROUP_LOOKUP & sfinfo->sf_flags) + { + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + /* + * SFPL_LOOKUP_FORWARD isn't technically correct since + * we are doing a group lookup, but it makes our caller + * do the right thing. + */ + return SFPL_LOOKUP_FORWARD; + } + + retcode = SFPL_UrlFilter(sfpl_handle, + policy, + sfinfo->sf_url, + sfinfo->sf_parsed_url, + dest_addr, + sfinfo->sf_username, + sfinfo->sf_clientip, + &cli_http->al.sf_retcode, + &cli_http->al.sf_delay_time, + cli_http->al.sf_redir_url, + sizeof(cli_http->al.sf_redir_url), + cli_http->al.sf_all_cats, + sizeof(cli_http->al.sf_all_cats), + cli_http->al.sf_restricted_cats, + sizeof(cli_http->al.sf_restricted_cats), + &cli_http->al.sf_categories, + &cli_http->al.sf_reporter_categories, + &cli_http->al.sf_should_log_request); + + if (NULL != policy) + { + /* + * Retrieve information for filter summary log. + */ + safe_free(cli_http->al.sf_policy_name); + cli_http->al.sf_policy_name = + SFPL_PolicyNameGet(sfpl_handle, policy); + cli_http->al.sf_policy_flags = + SFPL_PolicyFlagsGet(sfpl_handle, policy); + + /* + * Free the policy. + */ + SFPL_PolicyFree(sfpl_handle, policy); + policy = NULL; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + + if ((SFPL_LOOKUP_REVERSE == retcode) || + (SFPL_LOOKUP_FORWARD == retcode)) + { + if ((NULL != sfinfo->sf_lookup_result) && + ('\0' != sfinfo->sf_lookup_result[0])) + { + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("SFPL_LOOKUP_REVERSE or SFPL_LOOKUP_FORWARD " + "returned, but already did a lookup, " + "returning received results")); + } + else + { + /* + * The domain of this URL needs to have a lookup done + * on it and then be re-queried in the list if the + * lookup succeeds. + */ + struct in_addr ip; + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Perform a dns lookup.")); + sfinfo->sf_flags |= DNS_LOOKUP; + xstrncpy(sfinfo->sf_lookup_query, + cli_http->request->host, + sizeof(sfinfo->sf_lookup_query)); + if (inet_aton(sfinfo->sf_lookup_query, &ip)) + { + /* + * The request was for an IP address + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Performing reverse lookup on '%s'", + sfinfo->sf_lookup_query)); + fqdncache_nbgethostbyaddr(ip, + smartfilterReverseLookupDone, + data); + return SFPL_LOOKUP_REVERSE; + } + else + { + /* + * The request was for a domain name, look it up + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Performing dns lookup on '%s'", + sfinfo->sf_lookup_query)); + ipcache_nbgethostbyname(sfinfo->sf_lookup_query, + smartfilterForwardLookupDone, + data); + return SFPL_LOOKUP_FORWARD; + } + } + } + } + + logit: + + /* + * Print various debugging messages + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("action '%#x' delay '%d' redir url '%s' log '%s' " + "reporter log '%s'", + cli_http->al.sf_retcode, + cli_http->al.sf_delay_time, + cli_http->al.sf_redir_url, + cli_http->al.sf_categories ? + cli_http->al.sf_categories : "NULL", + cli_http->al.sf_reporter_categories ? + cli_http->al.sf_reporter_categories : "NULL")); + + /* + * sf_retcode is used to log the action. + */ + if (cli_http->al.sf_retcode == SFPL_ALLOW) + { + sf_action = SFPL_ALLOW_STR; + } + else if (cli_http->al.sf_retcode == SFPL_AUTHOVER) + { + sf_action = SFPL_AUTHOVER_STR; + } + else if (cli_http->al.sf_retcode == SFPL_MONITOR) + { + sf_action = SFPL_MONITOR_STR; + } + else if (cli_http->al.sf_retcode == SFPL_BLOCK) + { + sf_action = SFPL_BLOCK_STR; + } + else if (cli_http->al.sf_retcode == SFPL_DELAY) + { + /* + * Set up so our caller will delay this request. + * The log will be sent to the log server after + * the delay has finished. + */ + cli_http->request->sfdelay_time = squid_curtime + + cli_http->al.sf_delay_time; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("current time '%d' delay time '%d'", + squid_curtime, + cli_http->request->sfdelay_time)); + sf_action = SFPL_DELAY_STR; + } + else if (cli_http->al.sf_retcode == SFPL_WARN) + { + sf_action = SFPL_WARN_STR; + } + else if (cli_http->al.sf_retcode == SFPL_BYPASS) + { + sf_action = SFPL_BYPASS_STR; + } + + /* + * Add smartfilter categories to log message if the categorization + * matches the log level the plugin is configured at. Otherwise + * just set the fields to empty strings. + */ + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + if (cli_http->al.sf_should_log_request && + TRANSACTION_LOGGING_ON()) + { + xstrncpy(cli_http->al.sf_action, + sf_action, + sizeof(cli_http->al.sf_action)); + } + else + { + cli_http->al.sf_action[0] = '\0'; + cli_http->al.sf_categories = ""; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + + /* + * Free the parsed url since no one does it for + * us when cli_http goes away. + */ + SFCL_UrlDestroy(sfcl_handle, + (SFCL_Url *) &sfinfo->sf_parsed_url); + + return retcode; +} + +/*--------------------------------------------------------------------------*\ + * Name: smartfilter_free + * + * Purpose: Used to free static array on restart. + * + * Parameters: none. + * + * Return values: none. +\*--------------------------------------------------------------------------*/ +void +smartfilter_free() +{ + void *ret_val = NULL; + + if (Config.SmartFilterState == 0) + { + return; + } + + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Disabling SmartFilter, freeing resources")); + /* + * Stop the agent communications thread. + */ + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Canceling communications thread")); + if (0 == pthread_cancel(agent_comm_thread)) + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Waiting for communications thread to exit")); + if (0 == pthread_join(agent_comm_thread, &ret_val)) + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Communications thread exited")); + } + else + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Failed to wait for communications thread " + "to exit")); + } + } + else + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Failed to cancel communications thread")); + } + Config.SmartFilterState = 0; + SFPL_HandleDestroy(&sfpl_handle); + sfpl_handle = NULL; + SFPL_Shutdown(); +} + +/* + * Local logging function. + */ +void +_plugin_log_func(SFPL_Log_Level level, + SFPL_Log_Area area, + const char *message) +{ + if (SFPL_LOG_LEVEL_INFO >= level) + { + debug(61, 0) ("SmartFilter: %s\n", message); + } + else + { + debug(61, 5) ("SmartFilter: %s\n", message); + } + + /* + * Log to debug. + */ + SFPL_PluginLogFunction(level, + area, + (const char *)message); +} + + +static void +_clean_up(void) +{ + SFA_PluginThreadCleanUp(); +} + + +static int +_get_policy(clientHttpRequest *cli_http, + void *data, + SFPL_Policy **policy, + SFPL_User_Data **user_data) +{ + SFInfo *sfinfo = NULL; + int error_flag = 0; + SFPL_User_Group_List *grouplist = NULL; + char err_msg[SFPL_MAX_MESSAGE]; + int cached_user = FALSE; + int retcode = SFPL_OK; + int r = 1; + unsigned int orig_flags = 0; + + SFPL_LOG_TRACE_ENTER(sfpl_handle, + MY_LOG_AREA, + ("args(%p, %p, %p, %p)", + cli_http, + data, + policy)); + if ((NULL == cli_http) || + (NULL == policy) || + (NULL == user_data)) + { + r = 0; + goto out; + } + + sfinfo = &cli_http->sfinfo; + + /* + * Clear the group lookup flag so the caller knows if + * a group lookup is started or not. + */ + orig_flags = sfinfo->sf_flags; + sfinfo->sf_flags &= ~GROUP_LOOKUP; + + /* + * Check user policies. If there is no username policy + * found, then we look for an IP address policy. + * (It's ok if the username is empty.) + */ + retcode = SFPL_CheckUserCache(sfpl_handle, + sfinfo->sf_username, + SFPL_USER_QUERY_USERNAME, + user_data); + if ((SFPL_NOT_FOUND != retcode) && + (SFPL_FOUND != retcode)) + { + r = 0; + goto out; + } + + if (SFPL_FOUND == retcode) + { + /* + * The user info is cached, use it + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("User '%s' found in cache", + sfinfo->sf_username)); + cached_user = TRUE; + } + else + { + /* + * The user information is not cached, look it up + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("User '%s' not found in cache", + sfinfo->sf_username)); + cached_user = FALSE; + if (NULL == Config.Program.sf_userInfo) + { + /* + * No user helpers are enabled, look for internal users + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Not using helper processes, looking up " + "user and group information internally")); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("User '%s', Client ip '%s'", + sfinfo->sf_username, + sfinfo->sf_clientip)); + + /* + * Retrieve the policy from internal users + */ + SFPL_UserLocalPolicyGet(sfpl_handle, + sfinfo->sf_username, + sfinfo->sf_clientip, + policy, + user_data, + err_msg, + sizeof(err_msg), + &error_flag); + if (error_flag) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("%s", + err_msg)); + } + } + else + { + /* + * user helpers are enabled + */ + + /* + * We can't lookup groups if we don't have a username + */ + if ('\0' != sfinfo->sf_username[0]) + { + if (0 == (GROUP_LOOKUP & orig_flags)) + { + /* + * This is the first time through, set + * the query information up. + */ + if (NULL == sfinfo->sf_userinfo_data) + { + /* + * Allocate some memory for the user data + * to be stored in and start the user query. + */ + sfinfo->sf_userinfo_data = + xcalloc(1, sizeof(*sfinfo->sf_userinfo_data)); + + if (NULL == sfinfo->sf_userinfo_data) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to allocate memory for " + "user data")); + r = 0; + goto out; + } + } + + /* + * Initialize the fields + */ + sfinfo->sf_userinfo_data->type = SF_USER_LOOKUP_GROUPS; + sfinfo->sf_userinfo_data->u.group.grouplist[0] = '\0'; + + xstrncpy(sfinfo->sf_userinfo_data->u.group.username, + sfinfo->sf_username, + sizeof(sfinfo->sf_userinfo_data->u.group.username)); + + /* + * Call the helper process to retrieve the data + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Calling helper process for " + "groups lookup")); + sf_userInfoStart(sfinfo->sf_userinfo_data, + smartfilterUserInfoDone, + data); + r = 1; + /* + * Set the group lookup flag so the caller knows + * a group lookup has been started + */ + sfinfo->sf_flags |= GROUP_LOOKUP; + goto out; + } + else + { + /* + * This is the second time through, use the results + * of the helper process lookup (a grouplist string). + * This involves converting the grouplist string + * to a linked list and then getting user_data. + */ + retcode = sf_string_to_list(sfinfo->sf_userinfo_data->u.group.grouplist, + &grouplist); + if (SFPL_OK != retcode) + { + r = 0; + goto out; + } + + /* + * Check if groups exist in SmartFilter + */ + retcode = SFPL_GroupPolicyGet(sfpl_handle, + grouplist, + user_data); + if ((SFPL_OK != retcode) && + (SFPL_FOUND != retcode) && + (SFPL_NOT_FOUND != retcode)) + { + r = 0; + goto out; + } + } + } + } + } + + /* + * If we haven't found a policy then get the policy from + * the user data that has been located or from the IP address + * if no user data has been found + */ + if (NULL == *policy) + { + /* + * If the user is not already cached, cache it, even if + * the user_data is NULL. This will prevent further lookups + * in later requests. + */ + if (!cached_user) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Adding user '%s' to cache", + sfinfo->sf_username)); + SFPL_AddUserCacheEntry(sfpl_handle, + sfinfo->sf_username, + SFPL_USER_QUERY_USERNAME, + *user_data); + /* + * Ignore any cache add errors as an error there only + * causes us to fail the cache add and do another lookup + * the next time. + */ + } + + if (NULL != *user_data) + { + /* + * We found some user data, now get a policy from it. + * The default policy will be returned if no other + * policy is found. + */ + retcode = SFPL_GroupPolicyMerge(sfpl_handle, + *user_data, + policy, + err_msg, + sizeof(err_msg), + &error_flag); + } + else + { + /* + * Retrieve a policy from the IP address. The default + * policy will be returned from sf_get_ip_policy if + * no other policy is found. + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("No user policy located for user '%s', " + "finding IP policy for IP '%s'", + sfinfo->sf_username, + sfinfo->sf_clientip)) + retcode = sf_get_ip_policy(sfinfo->sf_clientip, + policy, + user_data); + if (SFPL_OK != retcode) + { + r = 0; + goto out; + } + } + } + + out: + SFPL_LOG_TRACE_EXIT(sfpl_handle, + MY_LOG_AREA, + ("Returning %d (policy %p)", + r, + *policy)); + return r; +} + + +static int +_init_sfinfo(clientHttpRequest *cli_http, + void *data, + SFInfo *sfinfo) +{ + int status = SFPL_OK; + SFCL_Url parsed_url; + size_t build_len = 0; + char *https_string = "https://"; + char *p = NULL; + + cli_http->request->sfdelay_time = 0; + sfinfo->sf_lookup_result = NULL; + SFUT_Stristr(cli_http->uri, "://", &p); + if (NULL == p) + { + build_len = strlen(https_string) + strlen(cli_http->uri) + 1; + sfinfo->sf_url = (char *) xmalloc(build_len); + if (SFPL_OK != SFPL_UrlWithProtocol(sfpl_handle, + cli_http->uri, + sfinfo->sf_url, + build_len)) + { + safe_free(sfinfo->sf_url); + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to build url with protocol: '%s'", + cli_http->uri)); + status = SFPL_ERROR; + goto out; + } + } + else + { + sfinfo->sf_url = xstrdup(cli_http->uri); + } + + + /* + * Set default values in sfinfo + */ + sfinfo->sf_username[0] = '\0'; + sfinfo->sf_clientip[0] = '\0'; + sfinfo->sf_userinfo_data = NULL; + sfinfo->sf_delay_data = NULL; + sfinfo->sf_lookup_query[0] = '\0'; + sfinfo->sf_flags = 0; + sfinfo->sf_response_type = SF_REDIRECT_URL; + + /* + * Copy the client ip into sfinfo + */ + xstrncpy(sfinfo->sf_clientip, + inet_ntoa(cli_http->request->client_addr), + sizeof(sfinfo->sf_clientip)); + + + /* + * Save the username, if one is available. + */ + if (cli_http->request->auth_user_request) + { + auth_user_request_t *auth_user = NULL; + char *user = NULL; + + auth_user = cli_http->request->auth_user_request; + if (NULL != auth_user) + { + user = authenticateUserRequestUsername(auth_user); + if (NULL != user) + { + xstrncpy(sfinfo->sf_username, + user, + sizeof(sfinfo->sf_username)); + sfinfo->sf_flags |= (SQUID_AUTHED | AUTH_FINISHED); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Squid gave us username: '%s'", + sfinfo->sf_username)); + } + } + } + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("username is '%s'", + sfinfo->sf_username)); + + + /* + * Create a URL object and parse the url. + */ + if (SFCL_OK != SFCL_UrlCreate(sfcl_handle, + &parsed_url)) + { + safe_free(sfinfo->sf_url); + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to allocate memory for parsed url")); + status = SFPL_ERROR; + goto out; + } + + if (SFCL_OK != SFCL_UrlParse(sfcl_handle, + sfinfo->sf_url, + NULL, + parsed_url)) + { + safe_free(sfinfo->sf_url); + SFCL_UrlDestroy(sfcl_handle, &parsed_url); + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to parse url")); + status = SFPL_ERROR; + goto out; + } + sfinfo->sf_parsed_url = parsed_url; + parsed_url = NULL; + + + out: + return status; +} + + +static int +_handle_transauth(clientHttpRequest *cli_http, + void *data, + SFInfo *sfinfo, + int *lookup_started, + int *redirect_needed) +{ + int status = 1; + int transauth_block_on_fail = 0; + + *lookup_started = FALSE; + *redirect_needed = FALSE; + + if (0 != (AUTH_FINISHED & sfinfo->sf_flags)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Request has already been authenticated by %s, " + "username: '%s'", + (SQUID_AUTHED & sfinfo->sf_flags) ? "Squid" : + "SmartFilter", + sfinfo->sf_username)); + } + else if ('\0' != sfinfo->sf_username[0]) + { + /* + * Should never get in here since AUTH_FINISHED should + * always be set when a username is retrieved. + */ + sfinfo->sf_flags |= AUTH_FINISHED; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Already have username: '%s'", + sfinfo->sf_username)); + } + else + { + /* + * If we haven't started a transauth lookup + * yet, then see if we have to start one. + * Otherwise, handle the result of the lookup. + */ + if (0 == (USERNAME_LOOKUP & sfinfo->sf_flags)) + { + int r = SFPL_OK; + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Have not looked up the username yet")); + r = SFPL_TransauthCheck(sfpl_handle, + sfinfo->sf_parsed_url, + sfinfo->sf_url, + sfinfo->sf_clientip, + sfinfo->sf_username, + sizeof(sfinfo->sf_username)); + if (SFPL_OK == r) + { + /* + * We are to continue on filtering either using the + * name that was found in the cache or ignoring the + * name since transauth is not turned on. + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Username (%s) either found in cache or " + "transauth disabled", + sfinfo->sf_username)); + sfinfo->sf_flags |= AUTH_FINISHED; + } + else if (SFPL_TRANSAUTH_REDIRECT == r) + { + /* + * The username was in the cache, but has expired. + * Redirect to the auth server to reauthenticate. + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("User on ip '%s' is unknown. Redirecting " + "to auth server", + sfinfo->sf_clientip)); + + if (SFPL_TransauthRedirUrlBuild(sfpl_handle, + sfinfo->sf_clientip, + sfinfo->sf_url, + cli_http->al.sf_redir_url, + sizeof(cli_http->al.sf_redir_url))) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Redirecting to '%s'", + cli_http->al.sf_redir_url)); + sfinfo->sf_flags |= AUTH_REDIRECT; + *redirect_needed = TRUE; + } + else + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to build transauth " + "redirection URL")); + status = 0; + } + } + else if (SFPL_TRANSAUTH_CHECK == r) + { + /* + * The clientip is not in our cache, so we need to + * ask the auth server if it knows about this clientip. + * This is a blocking job, so we have to send this off + * to our helper program, if it is configured. If it + * is not configured, then we have to continue filtering + * or block, as the user has configured. + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Username not cached, contacting auth " + "server to determine username")); + if (NULL == Config.Program.sf_userInfo) + { + SFPL_Trans_Auth auth_serv; + + sfinfo->sf_flags |= AUTH_FINISHED; + + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("SmartFilter transparent " + "authentication is enabled, but the " + "SmartFilter user helper is not " + "enabled. To allow transparent " + "authentication to work, you must " + "add a 'smartfilter_userinfo_program " + "' line to your Squid " + "configuration file.")); + /* + * Get the configured transauth_fail_action + */ + r = SFPL_HandleInfoGet(sfpl_handle, + SFPL_HANDLE_INFO_AUTHSERV_SETTINGS, + &auth_serv); + if (SFPL_OK != r) + { + transauth_block_on_fail = 0; + } + else + { + transauth_block_on_fail = auth_serv.block_on_fail; + } + } + else + { + /* + * Build and send the lookup to the helper program. + */ + sfinfo->sf_userinfo_data = + xcalloc(1, sizeof(*sfinfo->sf_userinfo_data)); + if (NULL == sfinfo->sf_userinfo_data) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to allocate memory for " + "user data for looking up username")); + status = 0; + } + else + { + /* + * Initialize the lookup + */ + sfinfo->sf_userinfo_data->type = + SF_USER_LOOKUP_USERNAME; + SFUT_Strncpy(sfinfo->sf_userinfo_data->u.username.clientip, + sfinfo->sf_clientip, + sizeof(sfinfo->sf_userinfo_data->u.username.clientip)); + sfinfo->sf_userinfo_data->u.username.username[0] = + '\0'; + sfinfo->sf_userinfo_data->u.username.timeout_hard = 0; + sfinfo->sf_userinfo_data->u.username.timeout_soft = 0; + + /* + * Call the helper process to retrieve the data + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Calling helper process for " + "username lookup")); + + sf_userInfoStart(sfinfo->sf_userinfo_data, + smartfilterUserInfoDone, + data); + /* + * Set the username lookup flag so the caller knows + * a username lookup has been started. + */ + sfinfo->sf_flags |= USERNAME_LOOKUP; + *lookup_started = TRUE; + } + } + } + else + { + /* + * An error from SFPL_TransauthCheck + */ + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("SFPL_TransauthCheck returned error: %d", + r)); + status = 0; + } + } + else + { + /* + * We are getting the result of a transauth lookup. + */ + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Processing results of username lookup job")); + sfinfo->sf_flags |= AUTH_FINISHED; + + if (NULL == sfinfo->sf_userinfo_data) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("NULL sf_userinfo_data pointer when " + "copying result of transauth lookup")); + status = 0; + } + else + { + Username_Lookup *ul = NULL; + ul = &sfinfo->sf_userinfo_data->u.username; + if (ul->transauth_failed) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("transauth encountered an error")); + sfinfo->sf_username[0] = '\0'; + if (SFPL_BLOCK == ul->transauth_fail_action) + { + /* + * Transauth failed and we are to block. + */ + status = 0; + transauth_block_on_fail = 1; + } + else + { + /* + * Transauth had an error, but we are to filter + * by ip address only. + */ + transauth_block_on_fail = 0; + } + } + else + { + /* + * Transauth did not fail. Copy the username + * that was returned. + */ + SFUT_Strncpy(sfinfo->sf_username, + ul->username, + sizeof(sfinfo->sf_username)); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Received username '%s' from " + "transauth", + sfinfo->sf_username)); + if ('\0' != sfinfo->sf_username[0]) + { + /* + * Add this username to the transauth cache. + * Because the user helper actually does + * the lookup, the user information is cached + * in the user helper, not in the plugin. + * Because of this, we must explicitly add this + * user to the transauth cache + */ + if (SFPL_OK != + SFPL_TransauthUserCacheAdd(sfpl_handle, + sfinfo->sf_clientip, + sfinfo->sf_username, + ul->timeout_hard, + ul->timeout_soft)) + { + SFPL_LOG_WARNING(sfpl_handle, + MY_LOG_AREA, + ("Failed to add username '%s' " + "on ipaddr '%s' to transauth " + "cache", + sfinfo->sf_username, + sfinfo->sf_clientip)); + } + } + else + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("No user on ipaddr '%s', redirecting " + "to auth server", + sfinfo->sf_clientip)); + if (SFPL_TransauthRedirUrlBuild(sfpl_handle, + sfinfo->sf_clientip, + sfinfo->sf_url, + cli_http->al.sf_redir_url, + sizeof(cli_http->al.sf_redir_url))) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Redirecting to '%s'", + cli_http->al.sf_redir_url)); + sfinfo->sf_flags |= AUTH_REDIRECT; + *redirect_needed = TRUE; + } + else + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to build transauth " + "redirection URL")); + status = 0; + } + } + } + } + } + } + + /* + * If we authenticated the user and there + * isn't already a username in squid's access + * log (al) structure, then copy our authenticated + * username to squid's access log structure. + * This results in the username showing up in access.log. + */ + if (('\0' != sfinfo->sf_username[0]) && + (NULL == cli_http->al.cache.authuser)) + + { + cli_http->al.cache.authuser = xstrdup(sfinfo->sf_username); + } + + if (0 == status) + { + status = 1; + if (!transauth_block_on_fail) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Trans auth failed. Continuing " + "to filter with only an IP address")); + } + else + { + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + if (SFPL_ErrorRedirUrlBuild(sfpl_handle, + cli_http->al.sf_redir_url, + sizeof(cli_http->al.sf_redir_url), + sfinfo->sf_url, + sfinfo->sf_clientip, + "")) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Redirecting to error page '%s'", + cli_http->al.sf_redir_url)); + sfinfo->sf_flags |= AUTH_REDIRECT; + *redirect_needed = TRUE; + } + else + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Failed to build error " + "redir URL")); + status = 0; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + } + } + + return status; +} diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_squid.h src/smartfilter_squid.h --- ../squid-2.5.STABLE14.orig/src/smartfilter_squid.h 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_squid.h 2006-07-31 17:05:49.000000000 -0400 @@ -0,0 +1,47 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Plugin for Squid + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_squid.h,v $ + * $Revision: 1.7.2.4 $ + * $Date: 2006/07/31 21:05:49 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ +#ifndef _SMARTFILTER_SQUID_H +#define _SMARTFILTER_SQUID_H + + + +#include "sf_control.h" +#include "sf_plugin.h" + +/* define global plugin handle. */ +extern SFPL_Handle sfpl_handle; + +/* The current transaction logging state */ +extern int trans_log_option; + +/* define SmartFilter-Squid Version number */ +#define SFVERSION "4.1.1.01" + +/* define error and log message max */ +#define MSG_SZ 2048 /* Define SF message size to be 2K */ +#define LOG_SZ 2048 /* Define SF log message size to be 2K */ +#define ACTION_SZ 20 /* Define the size of the action string */ + +#define MY_LOG_AREA SFPL_LOG_AREA_PLUGIN + + +extern void +smartfilter_free(void); + +extern int +smartfilter_init(void); + +extern int +smartfilter_check_url(int fd, + void *data); + +#endif /* _SMARTFILTER_SQUID_H */ diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_thread.c src/smartfilter_thread.c --- ../squid-2.5.STABLE14.orig/src/smartfilter_thread.c 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_thread.c 2006-01-20 11:12:32.000000000 -0500 @@ -0,0 +1,407 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Squid Plugin + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_thread.c,v $ + * $Revision: 1.10.2.2 $ + * $Date: 2006/01/20 17:12:32 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#include "squid.h" +#include "sf_control.h" +#include "sf_plugin.h" +#include "sfagentipc.h" +#include "smartfilter_thread.h" +#include "smartfilter_squid.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * The plugin name + */ +#define SF_PLUGIN_NAME "Squid" + +static pthread_mutex_t comm_thread_mutex = PTHREAD_MUTEX_INITIALIZER; +static pthread_cond_t comm_thread_cond = PTHREAD_COND_INITIALIZER; +static SFA_Comm_Handle *hdl = NULL; + +void *SFA_PluginThreadStart(void *arg) +{ + SFA_Comm_Return_Type ret; + SFA_Comm_Msg_Type type; + void *info = NULL; + /* SFPL_Handle sfpl_handle = arg; */ + char err[SFPL_MAX_MESSAGE]; + + /* + * We notify any interested parties when we have finished initializing + * agent communications. + */ + pthread_mutex_lock(&comm_thread_mutex); + ret = SFA_Comm_Server_Init(&hdl, sfpl_handle); + pthread_cond_broadcast(&comm_thread_cond); + pthread_mutex_unlock(&comm_thread_mutex); + if (SFA_COMM_RETURN_OK != ret) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to initialize communications: %s", + SFA_Comm_Strerror(ret))); + exit(1); + } + + while (1) { + + pthread_setcanceltype(PTHREAD_CANCEL_ASYNCHRONOUS, NULL); + pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL); + ret = SFA_Comm_Recvmsg(hdl, &type, &info, SFA_COMM_TIMEOUT_INFINITE); + pthread_setcanceltype(PTHREAD_CANCEL_DEFERRED, NULL); + pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL); + if (SFA_COMM_RETURN_OK == ret) { + + switch (type) { + case SFA_COMM_MSG_PLUGIN_INFO: + { + SFA_Comm_Plugin_Info *i = (SFA_Comm_Plugin_Info *) info; + SFPL_LOG_DEBUG(sfpl_handle, + SFPL_LOG_AREA_PLUGIN, + ("Plugin info request received")); + SFUT_Strncpy(i->version, + SFVERSION, + sizeof(i->version)); + SFUT_Strncpy(i->plugin_name, + SF_PLUGIN_NAME, + sizeof(i->plugin_name)); + if (!SFUT_OSNameGet(i->platform_name, + sizeof(i->platform_name))) + { + SFUT_Strncpy(i->platform_name, + "Unknown", + sizeof(i->platform_name)); + } + ((SFA_Comm_Plugin_Info *)info)->remote_status = + SFA_COMM_RETURN_OK; + type = SFA_COMM_MSG_PLUGIN_INFO_RESP; + break; + } + + case SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG: + { + SFA_Comm_Plugin_Reload_Config *reload_info = NULL; + reload_info = (SFA_Comm_Plugin_Reload_Config *)info; + + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Plugin reload config received")); + type = SFA_COMM_MSG_PLUGIN_RELOAD_CONFIG_RESP; + + /* Reload configuration. */ + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_WRITE); + if (SFPL_OK != SFPL_ReloadConfigFile(sfpl_handle, + reload_info->filename, + err)) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to reload the configuration: %s", + err)); + reload_info->remote_status = SFA_COMM_RETURN_ERROR; + } + else + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Reloaded the configuration")); + reload_info->remote_status = SFA_COMM_RETURN_OK; + } + if (SFPL_OK != SFPL_HandleInfoGet(sfpl_handle, + SFPL_HANDLE_INFO_LOG_OPTION, + &trans_log_option)) + { + SFPL_LOG_WARNING(sfpl_handle, + MY_LOG_AREA, + ("Failed to get transaction logging " + "option on config reload")); + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_WRITE); + + /* + * Stop and Restart the helper programs so they have the + * new configuration. + */ + + sf_userInfoShutdown(); + sf_userInfoInit(); + + break; + } + + case SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST: + { + char *f = NULL; + f = ((SFA_Comm_Plugin_Reload_Control_List *)info)->filename; + type = SFA_COMM_MSG_PLUGIN_RELOAD_CONTROL_LIST_RESP; + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Reload Control List (%s) received", + f)); + + /* Load new control list. */ + if (SFPL_OK != SFPL_ReloadControlList(sfpl_handle, f)) + { + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Unable to install new control list")); + ((SFA_Comm_Plugin_Reload_Control_List *)info)->remote_status = + SFA_COMM_RETURN_ERROR; + } + else + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Installed new control list")); + ((SFA_Comm_Plugin_Reload_Control_List *)info)->remote_status = + SFA_COMM_RETURN_OK; + } + + break; + } + + case SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER: + { + SFA_Comm_Plugin_Add_AuthOver_User *i = NULL; + + i = (SFA_Comm_Plugin_Add_AuthOver_User *) info; + type = SFA_COMM_MSG_PLUGIN_ADD_AUTHOVER_USER_RESP; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Add Auth Override User received --> " + "Auth User: '%s', username: '%s', " + "client_ip: '%s', duration: %d, " + "url: '%s', reason: %s, reasondata: %s, " + "date: %d", + i->authover_username, + i->username, + i->client_ip, + i->duration, + i->url, + i->reason, + i->reasondata, + i->date)); + + /* + * Add the user to authorized override mode + */ + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + if (SFPL_OK != SFPL_AuthOverrideUserAdd(sfpl_handle, + i->authover_username, + i->username, + i->client_ip, + i->date, + i->duration, + i->url, + i->reason, + i->reasondata)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Failed to add override session for " + "override user '%s'", + i->authover_username)); + i->remote_status = SFA_COMM_RETURN_ERROR; + } + else + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Added override session for override " + "user '%s'", + i->authover_username)); + + i->remote_status = SFA_COMM_RETURN_OK; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + + break; + } + + + case SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER: + { + SFA_Comm_Plugin_Remove_AuthOver_User *i = NULL; + + i = (SFA_Comm_Plugin_Remove_AuthOver_User *) info; + type = SFA_COMM_MSG_PLUGIN_REMOVE_AUTHOVER_USER_RESP; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Remove Auth Override User received --> " + "Auth User: '%s', username: '%s', " + "client_ip: '%s'", + i->authover_username, + i->username, + i->client_ip)); + + /* + * Add the user to authorized override mode + */ + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + if (SFPL_OK != + SFPL_AuthOverrideUserRemove(sfpl_handle, + i->authover_username, + i->username, + i->client_ip)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Failed to remove override session for " + "override user '%s'", + i->authover_username)); + i->remote_status = SFA_COMM_RETURN_ERROR; + } + else + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Removed override session for override " + "user '%s'", + i->authover_username)); + + i->remote_status = SFA_COMM_RETURN_OK; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + + break; + } + + + case SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER: + { + SFA_Comm_Plugin_Add_Bypass_User *i = NULL; + + i = (SFA_Comm_Plugin_Add_Bypass_User *) info; + type = SFA_COMM_MSG_PLUGIN_ADD_BYPASS_USER_RESP; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Add Bypass User received --> " + "username: '%s', client_ip: '%s', " + "url: '%s', reason: %s, reasondata: %s, " + "date: %d", + i->username, + i->client_ip, + i->url, + i->reason, + i->reasondata, + i->date)); + + /* + * Add the user to bypass mode + */ + SFPL_ConfigLock(sfpl_handle, SFPL_LOCK_READ); + if (SFPL_OK != SFPL_BypassUserAdd(sfpl_handle, + i->username, + i->client_ip, + i->date, + i->url, + i->reason, + i->reasondata)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Failed to add bypass session for " + "user '%s'/%s", + i->username, + i->client_ip)); + i->remote_status = SFA_COMM_RETURN_ERROR; + } + else + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Added bypass session for " + "user '%s'/%s", + i->username, + i->client_ip)); + + i->remote_status = SFA_COMM_RETURN_OK; + } + SFPL_ConfigUnlock(sfpl_handle, SFPL_LOCK_READ); + + break; + } + + + default: + SFPL_LOG_ERROR(sfpl_handle, + MY_LOG_AREA, + ("Invalid message type (%#x) received", + type)); + break; + } + + ret = SFA_Comm_Sendmsg(hdl, type, info, SFA_COMM_TIMEOUT_INFINITE); + safe_free(info); + info = NULL; + } + + } + + return 0; +} + +int +SFA_PluginThreadInit(SFPL_Handle sfpl_handle, pthread_t *thread) { + int retcode; + + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Trying to start plugin thread")); + /* + * We make this a "blocking" call by waiting for a condition variable + * to be set by the thread saying it is up and has initialized the + * agent communications. If we don't make this blocking and wait for + * the communications to be initialized, then the socket that is created + * COULD be created as an incorrect userid because squid changes UID + * back and forth between root and the cache_effective_user users. + * By making this function block we guarantee that the UID of squid + * when this function is called is also the UID of the owner of the + * communications socket. + */ + pthread_mutex_lock(&comm_thread_mutex); + retcode = pthread_create(thread, NULL, SFA_PluginThreadStart, sfpl_handle); + if (retcode) + { + SFPL_LOG_INFO(sfpl_handle, + MY_LOG_AREA, + ("Unable to create plugin thread: %d", + retcode)); + } + else + { + pthread_cond_wait(&comm_thread_cond, &comm_thread_mutex); + } + pthread_mutex_unlock(&comm_thread_mutex); + + return retcode; +} + +void +SFA_PluginThreadCleanUp(void) +{ + if (NULL != hdl) + { + SFA_Comm_End(&hdl); + hdl = NULL; + } +} diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_thread.h src/smartfilter_thread.h --- ../squid-2.5.STABLE14.orig/src/smartfilter_thread.h 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_thread.h 2006-01-20 11:12:32.000000000 -0500 @@ -0,0 +1,30 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Squid Plugin + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_thread.h,v $ + * $Revision: 1.2.6.1 $ + * $Date: 2006/01/20 17:12:32 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#ifndef _SQUID_THREAD_H +#define _SQUID_THREAD_H + +#if defined(__cplusplus) +extern "C" { +#endif + +int +SFA_PluginThreadInit(SFPL_Handle sfpl_handle, pthread_t *thread); + +void +SFA_PluginThreadCleanUp(void); + +#if defined(__cplusplus) +} +#endif + +#endif /* SQUID_THREAD_H */ diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_userinfo.c src/smartfilter_userinfo.c --- ../squid-2.5.STABLE14.orig/src/smartfilter_userinfo.c 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_userinfo.c 2006-01-20 11:12:32.000000000 -0500 @@ -0,0 +1,196 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Squid Plugin + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_userinfo.c,v $ + * $Revision: 1.3.2.1 $ + * $Date: 2006/01/20 17:12:32 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ + +#include "squid.h" +#include "smartfilter_userinfo.h" +#include "smartfilter_squid.h" + +CBDATA_TYPE(sfUserInfoStateData); + +typedef struct +{ + void *data; + SF_User_Lookup_Type type; + char *lookup; + RH *handler; +} sfUserInfoStateData; + +static HLPCB sf_userInfoHandleReply; +static void sf_userInfoStateFree(sfUserInfoStateData * r); +static helper *sf_userInfo = NULL; + +static void +sf_userInfoHandleReply(void *data, + char *reply) +{ + sfUserInfoStateData *r = data; + int valid = 0; + char *t = NULL; + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("sf_userInfoHandleReply: reply --> '%s'", + reply ? reply : "")); + if (NULL != reply) + { + if ((t = strchr(reply, '\n'))) + { + *t = '\0'; + } + + if (*reply == '\0') + { + reply = NULL; + } + } + valid = cbdataValid(r->data); + cbdataUnlock(r->data); + if (valid) + { + r->handler(r->data, reply); + } + sf_userInfoStateFree(r); +} + +static void +sf_userInfoStateFree(sfUserInfoStateData * r) +{ + cbdataFree(r); +} + +static void +sf_userInfoStats(StoreEntry *sentry) +{ + storeAppendPrintf(sentry, "UserInfo Statistics:\n"); + helperStats(sentry, sf_userInfo); +} + +/**** PUBLIC FUNCTIONS ****/ + +void +sf_userInfoStart(SFUserInfoData *userinfo, + RH *handler, + void *data) +{ + sfUserInfoStateData *r = NULL; + char buf[8192]; + char *type = NULL; + char *lookup = NULL; + + assert(userinfo); + assert(handler); + + switch (userinfo->type) + { + default: + type = UNKNOWN_LOOKUP_STR; + lookup = "N/A"; + break; + + case SF_USER_LOOKUP_GROUPS: + type = GROUPS_LOOKUP_STR; + lookup = userinfo->u.group.username; + break; + + case SF_USER_LOOKUP_USERNAME: + type = USERNAME_LOOKUP_STR; + lookup = userinfo->u.username.clientip; + userinfo->u.username.timeout_hard = 0; + userinfo->u.username.timeout_soft = 0; + userinfo->u.username.transauth_failed = 0; + userinfo->u.username.transauth_fail_action = 0; + break; + } + + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("sf_userInfoStart: Type: '%s', Lookup: '%s'", + type, + lookup)); + + if (NULL == Config.Program.sf_userInfo) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Config.Program.sf_userInfo == NULL!")); + handler(data, NULL); + return; + } + + if (0 == strcmp(UNKNOWN_LOOKUP_STR, type)) + { + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Invalid user info type: %d", + userinfo->type)); + handler(data, NULL); + return; + } + + + r = cbdataAlloc(sfUserInfoStateData); + r->handler = handler; + cbdataLock(data); + r->data = data; + r->lookup = lookup; + r->type = userinfo->type; + snprintf(buf, sizeof(buf), "%s %s\n", type, lookup); + SFPL_LOG_DEBUG(sfpl_handle, + MY_LOG_AREA, + ("Sending lookup request to helper: '%s'", + buf)); + helperSubmit(sf_userInfo, buf, sf_userInfoHandleReply, r); +} + +void +sf_userInfoInit(void) +{ + static int init = 0; + if (!Config.Program.sf_userInfo) + return; + if (NULL == sf_userInfo) + { + sf_userInfo = helperCreate("sf_userInfo"); + } + sf_userInfo->cmdline = Config.Program.sf_userInfo; + sf_userInfo->n_to_start = Config.sf_userInfoChildren; + sf_userInfo->ipc_type = IPC_TCP_SOCKET; + helperOpenServers(sf_userInfo); + if (!init) + { + CBDATA_INIT_TYPE(sfUserInfoStateData); + cachemgrRegister("sf_userInfo", + "UserInfo Stats", + sf_userInfoStats, + 0, + 1); + init++; + } +} + +void +sf_userInfoShutdown(void) +{ + if (!sf_userInfo) + { + return; + } + + helperShutdown(sf_userInfo); + + if (!shutting_down) + { + return; + } + + helperFree(sf_userInfo); + sf_userInfo = NULL; +} diff -uN ../squid-2.5.STABLE14.orig/src/smartfilter_userinfo.h src/smartfilter_userinfo.h --- ../squid-2.5.STABLE14.orig/src/smartfilter_userinfo.h 1969-12-31 19:00:00.000000000 -0500 +++ src/smartfilter_userinfo.h 2006-08-22 16:51:17.000000000 -0400 @@ -0,0 +1,60 @@ +/*--------------------------------------------------------------------------*\ + * + * SmartFilter Plugin for Squid + * + * Copyright (c) 2006, Secure Computing Corporation. All rights reserved. + * + * $RCSfile: smartfilter_userinfo.h,v $ + * $Revision: 1.1.2.2 $ + * $Date: 2006/08/22 20:51:17 $ + * $State: Exp $ +\*--------------------------------------------------------------------------*/ +#ifndef _SMARTFILTER_USERINFO_H +#define _SMARTFILTER_USERINFO_H + + +#define MAX_IP 16 /* Max size of client ip address. */ +#define MAX_GROUPLIST 2048 /* Max size of the grouplist string. */ + +#define GROUPS_LOOKUP_STR "GROUPS" +#define USERNAME_LOOKUP_STR "USERNAME" +#define UNKNOWN_LOOKUP_STR "UNKNOWN" + +#define TRANSAUTH_FAIL_FILTER "**!!TRANSAUTHFAILFILTER**!!" +#define TRANSAUTH_FAIL_BLOCK "**!!TRANSAUTHFAILBLOCK**!!" + +typedef enum +{ + SF_USER_LOOKUP_GROUPS = 0, + SF_USER_LOOKUP_USERNAME + +} SF_User_Lookup_Type; + +typedef struct +{ + char username[SFPL_MAX_USERNAME]; + char clientip[MAX_IP]; + time_t timeout_hard; + time_t timeout_soft; + int transauth_failed; + int transauth_fail_action; +} Username_Lookup; + +typedef struct +{ + char grouplist[MAX_GROUPLIST]; + char username[SFPL_MAX_USERNAME]; +} Group_Lookup; + + +typedef struct _SFUserInfoData +{ + SF_User_Lookup_Type type; + union + { + Username_Lookup username; + Group_Lookup group; + } u; +} SFUserInfoData; + +#endif /* _SMARTFILTER_USERINFO_H */ diff -uN ../squid-2.5.STABLE14.orig/src/structs.h src/structs.h --- ../squid-2.5.STABLE14.orig/src/structs.h 2006-03-10 17:54:38.000000000 -0500 +++ src/structs.h 2007-01-24 01:02:39.321439000 -0500 @@ -36,6 +36,9 @@ #include "config.h" #include "splay.h" +#ifdef SMARTFILTER +#include "smartfilter_squid.h" +#endif struct _dlink_node { void *data; @@ -489,6 +492,9 @@ char *dnsserver; #endif wordlist *redirect; +#ifdef SMARTFILTER + wordlist *sf_userInfo; +#endif #if USE_ICMP char *pinger; #endif @@ -504,6 +510,9 @@ time_t authenticateGCInterval; time_t authenticateTTL; time_t authenticateIpTTL; +#ifdef SMARTFILTER + int sf_userInfoChildren; +#endif struct { int single_host; char *host; @@ -712,6 +721,10 @@ int high_pf; squid_off_t high_memory; } warnings; +#ifdef SMARTFILTER + int SmartFilterState; + char *SmartFilterConf; +#endif char *store_dir_select_algorithm; int sleep_after_fork; /* microseconds */ external_acl *externalAclHelperList; @@ -1060,9 +1073,46 @@ struct { const char *method_str; } private; +#ifdef SMARTFILTER + int sf_should_log_request; /* For Smartfilter logging */ + SFPL_User_Data *sf_user_data; /* The groups found for the user/ip */ + char *sf_policy_name; /* Name of the policy used. */ + unsigned int sf_policy_flags; /* The policy flags used to filter the URL.*/ + char sf_all_cats[MSG_SZ]; /* Smartfilter URL categories */ + char sf_restricted_cats[MSG_SZ]; /* Smartfilter restricted URL cats */ + char *sf_categories; /* For Smartfilter Plugin logging */ + char *sf_reporter_categories; /* For SmartReporter logging */ + char sf_action[ACTION_SZ]; /* For Smartfilter action: block,warn,etc. */ + SFPL_Action_Code sf_retcode; + int sf_delay_time; /* Smartfilter URL delay time */ + char sf_redir_url[MSG_SZ]; /* Smartfilter Redirect URL */ +#endif HierarchyLogEntry hier; }; +#ifdef SMARTFILTER +#include "smartfilter_userinfo.h" + +typedef enum +{ + SF_REDIRECT_URL, + SF_META_REFRESH +} SF_Response_Type; + +typedef struct _SFInfo { + char *sf_lookup_result; /* result of dns lookup */ + void *sf_parsed_url; /* smartfilter parsed URI */ + char *sf_url; /* the URL to filter. */ + char sf_username[SFPL_MAX_USERNAME]; /* For authenticated connections */ + char sf_clientip[MAX_IP]; + SFUserInfoData *sf_userinfo_data; /* used to store user data. */ + void *sf_delay_data; + char sf_lookup_query[256]; + int sf_flags; + SF_Response_Type sf_response_type; /* Redirect or Meta-refresh */ +} SFInfo; +#endif + struct _clientHttpRequest { ConnStateData *conn; request_t *request; /* Parsed URL ... */ @@ -1107,6 +1157,9 @@ } redirect; dlink_node active; squid_off_t maxBodySize; +#ifdef SMARTFILTER + SFInfo sfinfo; +#endif }; struct _ConnStateData { @@ -1663,6 +1716,9 @@ char login[MAX_LOGIN_SZ]; char host[SQUIDHOSTNAMELEN + 1]; auth_user_request_t *auth_user_request; +#ifdef SMARTFILTER + time_t sfdelay_time; /* used for SmartFilter Delay */ +#endif u_short port; String urlpath; char *canonical;