Index: ChangeLog
===================================================================
RCS file: /surf1/CVS/squid/ChangeLog,v
retrieving revision 1.221.2.10
diff -w -u -r1.221.2.10 ChangeLog
--- ChangeLog	1997/03/03 22:20:22	1.221.2.10
+++ ChangeLog	1997/03/13 17:38:37
@@ -1,3 +1,15 @@
+Changes to this patch:
+
+        - Fixed FTP to use the Authorization header only when the
+          usernames match.
+        - Fixed situation where all requests would be handled by
+          "single parent" and other peers would never be queried
+          again.
+        - Removed storeCheckExpired() from storeGetSwapSpace() as
+          likely cause of slowing down cache when exceeding the high
+          water mark.
+        - Deny access to dangerous TCP ports (7, 19).
+
 Changes to squid-1.1.8 (March 3, 1997):
 
 	- Fixed neighborsUdpAck() coredump bug for source-ping and
Index: src/disk.c
===================================================================
RCS file: /surf1/CVS/squid/src/disk.c,v
retrieving revision 1.56
diff -w -u -r1.56 disk.c
--- disk.c	1997/02/24 04:25:13	1.56
+++ disk.c	1997/03/13 17:22:36
@@ -337,6 +337,7 @@
 	(PF) diskHandleWrite,
 	(void *) &file_table[fd],
 	0);
+    file_table[fd].write_daemon = PRESENT;
     return DISK_OK;
 }
 
Index: src/ftp.c
===================================================================
RCS file: /surf1/CVS/squid/src/ftp.c,v
retrieving revision 1.94.2.2
diff -w -u -r1.94.2.2 ftp.c
--- ftp.c	1997/03/03 17:09:19	1.94.2.2
+++ ftp.c	1997/03/13 17:41:59
@@ -159,25 +159,20 @@
 }
 
 static void
-ftp_login_parser(const char *login, FtpStateData * data)
+ftp_login_parser(const char *login, FtpStateData * ftpState)
 {
-    char *user = data->user;
-    char *password = data->password;
     char *s = NULL;
-
-    strcpy(user, login);
-    s = strchr(user, ':');
-    if (s) {
+    xstrncpy(ftpState->user, login, MAX_URL);
+    if ((s = strchr(ftpState->user, ':'))) {
 	*s = 0;
-	strcpy(password, s + 1);
+	xstrncpy(ftpState->password, s + 1, MAX_URL);
     } else {
-	strcpy(password, null_string);
-    }
-
-    if (!*user && !*password) {
-	strcpy(user, "anonymous");
-	strcpy(password, Config.ftpUser);
+	xstrncpy(ftpState->password, null_string, MAX_URL);
     }
+    if (ftpState->user[0] || ftpState->password[0])
+	return;
+    xstrncpy(ftpState->user, "anonymous", MAX_URL);
+    xstrncpy(ftpState->password, Config.ftpUser, MAX_URL);
 }
 
 /* This will be called when socket lifetime is expired. */
@@ -540,6 +535,41 @@
 }
 
 
+
+/*
+ * ftpCheckAuth
+ *
+ * Return 1 if we have everything needed to complete this request.
+ * Return 0 if something is missing.
+ */
+static int
+ftpCheckAuth(FtpStateData * ftpState, char *req_hdr)
+{
+    char *orig_user;
+    char *auth;
+    ftp_login_parser(ftpState->request->login, ftpState);
+    if (ftpState->user[0] && ftpState->password[0])
+	return 1;		/* name and passwd both in URL */
+    if (!ftpState->user[0] && !ftpState->password[0])
+	return 1;		/* no name or passwd */
+    if (ftpState->password[0])
+	return 1;		/* passwd with no name? */
+    /* URL has name, but no passwd */
+    if ((auth = ftpGetBasicAuth(req_hdr)) == NULL)
+	return 0;		/* need auth header */
+    orig_user = xstrdup(ftpState->user);
+    ftp_login_parser(auth, ftpState);
+    if (!strcmp(orig_user, ftpState->user)) {
+	xfree(orig_user);
+	return 1;		/* same username */
+    }
+    strcpy(ftpState->user, orig_user);
+    xfree(orig_user);
+    return 0;			/* different username */
+}
+
+
+
 int
 ftpStart(int unusedfd, const char *url, request_t * request, StoreEntry * entry)
 {
@@ -547,7 +577,6 @@
     FtpStateData *ftpData = NULL;
     char *req_hdr = entry->mem_obj->mime_hdr;
     char *response;
-    char *auth;
 
     debug(9, 3, "FtpStart: FD %d '%s'\n", unusedfd, url);
 
@@ -559,13 +588,7 @@
     storeLockObject(ftpData->entry = entry, NULL, NULL);
     ftpData->request = requestLink(request);
 
-    /* Parse login info. */
-    if ((auth = ftpGetBasicAuth(req_hdr))) {
-	ftp_login_parser(auth, ftpData);
-	ftpData->authenticated = 1;
-    } else {
-	ftp_login_parser(request->login, ftpData);
-	if (*ftpData->user && !*ftpData->password) {
+    if (!ftpCheckAuth(ftpData, req_hdr)) {
 	    /* This request is not fully authenticated */
 	    if (request->port == 21) {
 		sprintf(realm, "ftp %s", ftpData->user);
@@ -580,8 +603,6 @@
 	    ftpStateFree(-1, ftpData);
 	    return COMM_OK;
 	}
-    }
-
     debug(9, 5, "FtpStart: FD %d, host=%s, path=%s, user=%s, passwd=%s\n",
 	unusedfd, ftpData->request->host, ftpData->request->urlpath,
 	ftpData->user, ftpData->password);
Index: src/proto.c
===================================================================
RCS file: /surf1/CVS/squid/src/proto.c,v
retrieving revision 1.96.2.1
diff -w -u -r1.96.2.1 proto.c
--- proto.c	1997/02/27 17:50:25	1.96.2.1
+++ proto.c	1997/03/13 17:35:24
@@ -221,8 +221,9 @@
 	    }
 	}
     }
-    if ((e = protoData->single_parent) &&
-	(Config.singleParentBypass || protoData->direct_fetch == DIRECT_NO)) {
+    if ((e = protoData->single_parent) && Config.singleParentBypass) {
+	/* Don't execute this block simply because direct == NO, we
+	 * might have some DOWN peers and still need to ping them */
 	/* Only one parent for this host, and okay to skip pinging stuff */
 	hierarchyNote(req, HIER_SINGLE_PARENT, 0, e->host);
 	protoStart(protoData->fd, entry, e, req);
Index: src/squid.conf.pre.in
===================================================================
RCS file: /surf1/CVS/squid/src/squid.conf.pre.in,v
retrieving revision 1.93.2.2
diff -w -u -r1.93.2.2 squid.conf.pre.in
--- squid.conf.pre.in	1997/03/03 17:26:48	1.93.2.2
+++ squid.conf.pre.in	1997/03/13 17:37:02
@@ -759,6 +759,7 @@
 acl all src 0.0.0.0/0.0.0.0
 
 acl SSL_ports port 443 563
+acl Dangerous_ports port 7 19
 acl CONNECT method CONNECT
 
 # Allowing or Denying access based on defined access lists
@@ -772,6 +773,7 @@
 # Only allow access to the cache manager functions from the local host.
 http_access deny manager !localhost
 http_access deny CONNECT !SSL_ports
+http_access deny Dangerous_ports
 
 # Allow everything else
 http_access allow  all
Index: src/store.c
===================================================================
RCS file: /surf1/CVS/squid/src/store.c,v
retrieving revision 1.212.2.1
diff -w -u -r1.212.2.1 store.c
--- store.c	1997/03/03 17:09:30	1.212.2.1
+++ store.c	1997/03/13 17:22:12
@@ -1936,10 +1936,7 @@
 	    scanned++;
 	    next = link_ptr->next;
 	    e = (StoreEntry *) link_ptr;
-	    if (storeCheckExpired(e)) {
-		debug(20, 3, "storeGetSwapSpace: Expired '%s'\n", e->url);
-		expired_in_one_bucket += storeRelease(e);
-	    } else if (!storeEntryLocked(e)) {
+	    if (!storeEntryLocked(e)) {
 		*(LRU_list + list_count) = e;
 		list_count++;
 		scan_count++;