Merge b7f2254ee6 into ea8837e4b9

Добавлен вызов pam_acct_mgmt() после pam_authenticate() для проверки
прав доступа на уровне PAM (HBAC, истечение пароля, блокировка учётки)
Исправлена передача реального username в pam_start() вместо '3proxy@'

---

Added pam_acct_mgmt() call after pam_authenticate() to enable PAM
account checks (HBAC, password expiration, account lockout).
Fixed pam_start() to pass actual username instead of hardcoded '3proxy@'
Tested with FreeIPA 4.12 + SSSD Rocky Linux 9

.github/workflows/c-cpp.yml

@@ -25,7 +25,7 @@ jobs:
 #      run: ./configure
     - name: Linux libraries
       if: ${{ startsWith(matrix.target, 'ubuntu') }}
-      run: sudo apt install libssl-dev libpam-dev libpcre3 libpcre3-dev
+      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
     - name: make Ubuntu
       if: ${{ startsWith(matrix.target, 'ubuntu') }}
       run: make -f Makefile.Linux
@@ -40,7 +40,7 @@ jobs:
       run: make -f Makefile.Linux clean
     - name: Mac libraries
       if: ${{ startsWith(matrix.target, 'macos') }}
-      run: brew install pcre
+      run: brew install pcre2
     - name: make MacOS
       if: ${{ startsWith(matrix.target, 'macos') }}
       run: make -f Makefile.FreeBSD
@@ -59,15 +59,21 @@ jobs:
     - name: make clean Windows
       if: ${{ startsWith(matrix.target, 'windows') }}
       run: make -f Makefile.win clean
-#    - name: make Windows MSVC
-#      if: ${{ startsWith(matrix.target, 'windows') }}
-#      shell: cmd
-#      run: |
-#       call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
-#       nmake /F Makefile.msvc64'
-#      env:
-#       LIBS: '-L "c:/program files/openssl/lib/VC/x64/MT"'
-#       CFLAGS: '-I "c:/program files/openssl/include"'
-#    - name: make clean Windows
-#      if: ${{ startsWith(matrix.target, 'windows') }}
-#      run: nmake /F Makefile.msvc64 clean
+    - name: Add msbuild to PATH
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      uses: microsoft/setup-msbuild@v3
+    - name: make Windows MSVC
+      if: ${{ startsWith(matrix.target, 'windows') }}
+      shell: cmd
+      run: |
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+       D:
+       cd "D:/a/3proxy/3proxy"
+       vcpkg install pcre2:x64-windows
+       mkdir bin64
+       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
+       nmake /F Makefile.msvc64
+       nmake /F Makefile.msvc64 clean
+      env:
+       CFLAGS: '-I "c:/program files/openssl/include" -I "c:/vcpkg/installed/x64-windows/include"'
+

.gitignore

@@ -259,3 +259,4 @@ pip-log.txt
 
 #Mr Developer
 .mr.developer.cfg
+CLAUDE.md

Dockerfile.full

@@ -1,4 +1,4 @@
-# 3proxy.full is fully functional 3proxy build based on busibox:glibc
+# 3proxy.full is fully functional 3proxy build based on busybox:glibc
 #
 #to  build:
 # docker build -f Dockerfile.full -t 3proxy.full .
@@ -13,8 +13,11 @@
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
 #
 # /path/to/local/config/directory in this example must conrain 3proxy.cfg
-# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
+# if you need 3proxy to be executed without chroot with root permissions
+# replace /etc/3proxy/3proxy.cfg by e.g. mounting config
 # dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
+# some plugins like SSLPLugin / pamauth also conflict with chroot and must
+# be started prior to chroot.
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
 #
 # use "log" without pathname in config to log to stdout.
@@ -24,9 +27,7 @@
 FROM gcc AS buildenv
 COPY . 3proxy
 RUN cd 3proxy &&\
- echo "">> Makefile.Linux &&\
- echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
- echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
+ apt update && apt install libssl-dev libpam-dev libpcre2-dev &&\
  make -f Makefile.Linux &&\
  strip bin/3proxy &&\
  strip bin/StringsPlugin.ld.so &&\

Makefile.FreeBSD

@@ -15,8 +15,8 @@ LDFLAGS += -pthread -fno-strict-aliasing
 # -ldl or -lld may be required for some platforms
 DCFLAGS ?= -fPIC
 DLFLAGS ?= -shared
-DLSUFFICS = .so
 LIBS ?=
+DLSUFFICS = .so
 LIBSPREFIX = -l
 LIBSSUFFIX = 
 LNOUT = -o 
@@ -30,16 +30,15 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.FreeBSD
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-PCRE_CHECK = $(shell echo "\#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif

Makefile.Linux

@@ -36,16 +36,15 @@ MAKEFILE = Makefile.Linux
 LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif

Makefile.msvc

@@ -14,8 +14,7 @@ LN = link
 LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib  libcrypto.lib libssl.lib
-LIBSOLD = libeay32MT.lib ssleay32MT.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib 
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib                                                                                               

Makefile.msvc64

@@ -10,14 +10,13 @@ MAKEFILE = Makefile.msvc64
 
 BUILDDIR = ../bin64/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) $(CFLAGS)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
-LIBSOLD = libeay32.lib ssleay32.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(LIBS)
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib

Makefile.msvcARM64

@@ -14,7 +14,7 @@ LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto.lib libssl.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib
 LIBSOLD =
 LIBSPREFIX = 
 LIBSSUFFIX = .lib

Makefile.openwrt-mips

@@ -31,21 +31,18 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.openwrt-mips
 # PamAuth requires libpam, you may require pam-devel package to be installed
-# SSLPlugin requires  -lcrypto -lssl
-#LIBS = -lcrypto -lssl -ldl 
 LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif

Makefile.unix

@@ -34,16 +34,15 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.unix
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-PCRE_CHECK = $(shell echo "\#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif

Makefile.win

@@ -35,20 +35,20 @@ VERSIONDEP := 3proxyres.o $(VERSIONDEP)
 BUILDDATE := $(BUILDDATE)
 AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+ifndef OPENSSL_CHECK
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
-ifeq ($(PCRE_CHECK), true)
-    PLUGINS += PCREPlugin
-endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n#include <pcre2.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    PLUGINS += PCREPlugin
+endif
+endif
 
 include Makefile.inc
 

README

@@ -141,7 +141,7 @@ make
 	+ All access control entries now support weekday and time limitations
 	+ Hostnames and * templates are supported instead of IP address
   5. Extensions
-	+ Regular expression filtering (with PCRE) via PCREPlugin
+	+ Regular expression filtering (with PCRE2) via PCREPlugin
 	+ Authentication with Windows username/password (cleartext only)
 	+ SSL/TLS decryptions with certificate spoofing
 	+ Transparent redirection support for Linux and *BSD

cfg/3proxy.cfg.sample

@@ -2,7 +2,7 @@
 # Yes, 3proxy.cfg can be executable, in this case you should place
 # something like
 #config /usr/local/3proxy/3proxy.cfg
-# to show which configuration 3proxy should re-read on realod.
+# to show which configuration 3proxy should re-read on reload.
 
 #system "echo Hello world!"
 # you may use system to execute some external command if proxy starts
@@ -14,17 +14,16 @@ nserver 10.2.2.2
 nscache 65536
 
 #nsrecord porno.security.nnov.ru 0.0.0.0
-# nobody will be able to access porno.security.nnov.ru by the name.
+# nobody will be able to access porno.security.nnov.ru by name.
 #nsrecord wpad.security.nnov.ru www.security.nnov.ru
 # wpad.security.nnov.ru will resolve to www.security.nnov.ru for
 # clients
 
-
 timeouts 1 5 30 60 180 1800 15 60
 # Here we can change timeout values
 
 users 3APA3A:CL:3apa3a "test:CR:$1$qwer$CHFTUFGqkjue9HyhcMHEe1"
-# note that "" required, overvise $... is treated as include file name.
+# note that "" required, otherwise $... is treated as include file name.
 # $1$qwer$CHFTUFGqkjue9HyhcMHEe1 is 'test' in MD5 crypt format.
 #users $/usr/local/etc/3proxy/passwd
 # this example shows you how to include passwd file. For included files
@@ -60,7 +59,7 @@ log c:\3proxy\logs\3proxy.log D
 #
 #Compatible with ISA 2000/2004 firewall FWSEXTD.log (fields are TAB-delimited):
 #
-#"-	+ L%C	%U	unnknown:0:0.0	N	%Y-%m-%d	%H:%M:%S	fwsrv	3PROXY	-	%n	%R	%r	%D	%O	%I	%r	TCP	Connect	-	-	-	%E	-	-	-	-	-"
+#"-	+ L%C	%U	Unknown:0:0.0	N	%Y-%m-%d	%H:%M:%S	fwsrv	3PROXY	-	%n	%R	%r	%D	%O	%I	%r	TCP	Connect	-	-	-	%E	-	-	-	-	-"
 #
 #Compatible with HTTPD standard log (Apache and others)
 #
@@ -71,13 +70,12 @@ log c:\3proxy\logs\3proxy.log D
 # in log file we want to have underscores instead of spaces
 logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"
 
-
 #archiver gz /bin/gzip %F
 #archiver zip zip -m -qq %A %F
 #archiver zip pkzipc -add -silent -move %A %F
 archiver rar rar a -df -inul %A %F
-# if archiver specified log file will be compressed after closing.
-# you should specify extension, path to archiver and command line, %A will be
+# if archiver is specified, log file will be compressed after closing.
+# you should specify the extension, path to archiver, and command line, %A will be
 # substituted with archive file name, %f - with original file name.
 # Original file will not be removed, so archiver should care about it.
 
@@ -90,19 +88,18 @@ auth iponly
 # auth specifies type of user authentication. If you specify none proxy
 # will not do anything to check name of the user. If you specify
 # nbname proxy will send NetBIOS name request packet to UDP/137 of
-# client and parse request for NetBIOS name of messanger service.
+# client and parse request for NetBIOS name of messenger service.
 # Strong means that proxy will check password. For strong authentication
 # unknown user will not be allowed to use proxy regardless of ACL.
 # If you do not want username to be checked but wanna ACL to work you should
 # specify auth iponly.
 
-
 #allow ADMINISTRATOR,root
 #allow * 127.0.0.1,192.168.1.1 * *
 #parent 1000 http 192.168.1.2 80 * * * 80
 #allow * 192.168.1.0/24 * 25,53,110,20-21,1024-65535
 # we will allow everything if username matches ADMINISTRATOR or root or
-# client ip is 127.0.0.1 or 192.168.1.1. Overwise we will redirect any request
+# client ip is 127.0.0.1 or 192.168.1.1. Otherwise we will redirect any request
 # to port 80 to our Web-server 192.168.0.2.
 # We will allow any outgoing connections from network 192.168.1.0/24 to
 # SMTP, POP3, FTP, DNS and unprivileged ports.
@@ -119,34 +116,33 @@ external 10.1.1.1
 internal 192.168.1.1
 # internal is address of interface proxy will listen for incoming requests
 # 127.0.0.1 means only localhost will be able to use this proxy. This is
-# address you should specify for clients as proxy IP.
+# the address you should specify for clients as proxy IP.
 # You MAY use 0.0.0.0 but you shouldn't, because it's a chance for you to
 # have open proxy in your network in this case.
 
 auth none
-# no authentication is requires
+# no authentication is required
 
 dnspr
 
 # dnsproxy listens on UDP/53 to answer client's DNS requests. It requires
 # nserver/nscache configuration.
 
-
 #external $./external.ip
 #internal $./internal.ip
-# this is just an alternative form fo giving external and internal address
-# allows you to read this addresses from files
+# this is just an alternative form of giving the external and internal address
+# allows you to read these addresses from files
 
 auth strong
 # We want to protect internal interface
 deny * * 127.0.0.1,192.168.1.1
-# and llow HTTP and HTTPS traffic.
+# and allow HTTP and HTTPS traffic.
 allow * * * 80-88,8080-8088 HTTP
 allow * * * 443,8443 HTTPS
 proxy -n
 
 auth none
-# pop3p will be used without any authentication. It's bad choice
+# pop3p will be used without any authentication. It's a bad choice
 # because it's possible to use pop3p to access any port
 pop3p
 
@@ -157,7 +153,7 @@ tcppm 25 mail.my.provider 25
 # Now we can use our proxy as SMTP and DNS server.
 # -s switch for UDP means "single packet" service - instead of setting
 # association for period of time association will only be set for 1 packet.
-# It's very userfull for services like DNS but not for some massive services
+# It's very useful for services like DNS but not for some massive services
 # like multimedia streams or online games.
 
 auth strong
@@ -169,14 +165,13 @@ socks
 # we flush previously configured ACL list and create new one to allow users
 # test and 3APA3A to connect from any location
 
-
 auth strong
 flush
 internal 127.0.0.1
 allow 3APA3A 127.0.0.1
 maxconn 3
 admin
-#only allow acces to admin interface for user 3APA3A from 127.0.0.1 address
+#only allow access to admin interface for user 3APA3A from 127.0.0.1 address
 #via 127.0.0.1 address.
 
 # map external 80 and 443 ports to internal Web server
@@ -192,10 +187,7 @@ admin
 #tcppm 80 websrv 80
 #tcppm 443 websrv 443
 
-
 #chroot /usr/local/jail
 #setgid 65535
 #setuid 65535
 # now we needn't any root rights. We can chroot and setgid/setuid.
-
-

src/3proxy.c

@@ -13,9 +13,6 @@
 #include <dlfcn.h>
 #endif
 #else
-#ifdef WITH_SSL
-#include <openssl/applink.c>
-#endif
 
 #endif
 

src/common.c

@@ -92,49 +92,85 @@ char *rotations[] = {
 };
 
 
+int timeouts[12] = {
+	1,    /* SINGLEBYTE_S */
+	5,    /* SINGLEBYTE_L */
+	30,   /* STRING_S */
+	60,   /* STRING_L */
+	180,  /* CONNECTION_S */
+	1800, /* CONNECTION_L */
+	15,   /* DNS_TO */
+	60,   /* CHAIN_TO */
+	15,   /* CONNECT_TO */
+	5,    /* CONNBACK_TO */
+	0,
+	0
+};
+
 struct extparam conf = {
-	{0, 0}, /* threadinit */
-	{1, 5, 30, 60, 180, 1800, 15, 60, 15, 5, 0, 0}, /* timeouts */
-	NULL, /* struct ace * acl; */
-	NULL, /* char * conffile; */
-	NULL, NULL, /* struct bandlim * bandlimiter,  *bandlimiterout; */
-	NULL, /* struct connlim * connlimiter; */
-	NULL, /* struct trafcount * trafcounter; */
-	NULL, /* struct srvparam *services; */
-	0, /* int stacksize, */
-	-1, 0, 0, 0, 0, /* counterd, haveerror, rotate, paused, archiverc, */
-	0, 500, 0, 0, 0, 0, 0, 0, 2, /* demon, maxchild, backlog, needreload, timetoexit, version, noforce, bandlimver, parentretries; */
-	6, 600, /* int authcachetype, authcachetime; */
-	1048576, /* int filtermaxsize; */
-	0, 0, 0, /* int gracetraf, gracenum, gracedelay */
-	0, /* int maxseg */
-	NULL, NULL, /* unsigned char *logname, **archiver; */
-	NONE, NONE, /* ROTATION logtype, countertype; */
-	NULL, /* char * counterfile; */
+	.threadinit = {0, 0},
+	.timeouts = timeouts,
+	.acl = NULL,
+	.conffile = NULL,
+	.bandlimiter = NULL,
+	.bandlimiterout = NULL,
+	.connlimiter = NULL,
+	.trafcounter = NULL,
+	.services = NULL,
+	.stacksize = 0,
+	.counterd = -1,
+	.haveerror = 0,
+	.rotate = 0,
+	.paused = 0,
+	.archiverc = 0,
+	.demon = 0,
+	.maxchild = 500,
+	.backlog = 0,
+	.needreload = 0,
+	.timetoexit = 0,
+	.version = 0,
+	.noforce = 0,
+	.bandlimver = 0,
+	.parentretries = 2,
+	.authcachetype = 6,
+	.authcachetime = 600,
+	.filtermaxsize = 1048576,
+	.gracetraf = 0,
+	.gracenum = 0,
+	.gracedelay = 0,
+	.maxseg = 0,
+	.logname = NULL,
+	.archiver = NULL,
+	.logtype = NONE,
+	.countertype = NONE,
+	.counterfile = NULL,
 #ifndef NOIPV6
-	{AF_INET},
-	{AF_INET6},
-	{AF_INET}, 
+	.intsa = {AF_INET},
+	.extsa6 = {AF_INET6},
+	.extsa = {AF_INET},
 #else
-	{AF_INET},
-	{AF_INET}, 
+	.intsa = {AF_INET},
+	.extsa = {AF_INET},
 #endif
-	NULL,
-	NULL,
-	doconnect,
-	lognone,
-	NULL,
-	NULL,
-	NULL, NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	(time_t)0, (time_t)0,
-	0,0,
-	'@',
+	.pwl = NULL,
+	.authenticate = NULL,
+	.authfunc = doconnect,
+	.logfunc = lognone,
+	.bandlimfunc = NULL,
+	.trafcountfunc = NULL,
+	.logtarget = NULL,
+	.logformat = NULL,
+	.fmon = NULL,
+	.filters = NULL,
+	.authfuncs = NULL,
+	.stdlog = NULL,
+	.demanddialprog = NULL,
+	.stringtable = NULL,
+	.logtime = (time_t)0,
+	.time = (time_t)0,
+	.logdumpsrv = 0,
+	.logdumpcli = 0,
+	.delimchar = '@',
 };
 
 int numservers=0;

src/plugins/PCREPlugin/Makefile.inc

@@ -1,4 +1,8 @@
 all: $(BUILDDIR)PCREPlugin$(DLSUFFICS)
 
+pcre_plugin$(OBJSUFFICS): pcre_plugin.c
+	$(CC) $(DCFLAGS) $(CFLAGS) pcre_plugin.c
+
 $(BUILDDIR)PCREPlugin$(DLSUFFICS): pcre_plugin$(OBJSUFFICS)
-	$(LN) $(LNOUT)../../$(BUILDDIR)PCREPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) pcre_plugin$(OBJSUFFICS) $(LIBSPREFIX)pcre$(LIBSSUFFIX)
+	$(LN) $(LNOUT)../../$(BUILDDIR)PCREPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) pcre_plugin$(OBJSUFFICS) $(LIBSPREFIX)pcre2-8$(LIBSSUFFIX)
+

src/plugins/PCREPlugin/pcre_plugin.c

@@ -7,7 +7,8 @@
 
 #include "../../structures.h"
 #include <string.h>
-#include <pcre.h>
+#define PCRE2_CODE_UNIT_WIDTH 8
+#include <pcre2.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -34,46 +35,76 @@ static struct filter pcre_first_filter = {
 
 static struct filter *pcre_last_filter;
 static int pcre_loaded = 0;
-static int pcre_options = 0;
+static uint32_t pcre_options = 0;
 
 static struct pcreopt {
 	char * name;
-	int value;	
+	uint32_t value;
 } pcreopts[]= {
 
- {"PCRE_CASELESS",           PCRE_CASELESS},
- {"PCRE_MULTILINE",          PCRE_MULTILINE},
- {"PCRE_DOTALL",             PCRE_DOTALL},
- {"PCRE_EXTENDED",           PCRE_EXTENDED},
- {"PCRE_ANCHORED",           PCRE_ANCHORED},
- {"PCRE_DOLLAR_ENDONLY",     PCRE_DOLLAR_ENDONLY},
- {"PCRE_EXTRA",              PCRE_EXTRA},
- {"PCRE_NOTBOL",             PCRE_NOTBOL},
- {"PCRE_NOTEOL",             PCRE_NOTEOL},
- {"PCRE_UNGREEDY",           PCRE_UNGREEDY},
- {"PCRE_NOTEMPTY",           PCRE_NOTEMPTY},
- {"PCRE_UTF8",               PCRE_UTF8},
- {"PCRE_NO_AUTO_CAPTURE",    PCRE_NO_AUTO_CAPTURE},
- {"PCRE_NO_UTF8_CHECK",      PCRE_NO_UTF8_CHECK},
- {"PCRE_AUTO_CALLOUT",       PCRE_AUTO_CALLOUT},
- {"PCRE_PARTIAL",            PCRE_PARTIAL},
- {"PCRE_DFA_SHORTEST",       PCRE_DFA_SHORTEST},
- {"PCRE_DFA_RESTART",        PCRE_DFA_RESTART},
- {"PCRE_FIRSTLINE",          PCRE_FIRSTLINE},
- {"PCRE_DUPNAMES",           PCRE_DUPNAMES},
- {"PCRE_NEWLINE_CR",         PCRE_NEWLINE_CR},
- {"PCRE_NEWLINE_LF",         PCRE_NEWLINE_LF},
- {"PCRE_NEWLINE_CRLF",       PCRE_NEWLINE_CRLF},
- {"PCRE_NEWLINE_ANY",        PCRE_NEWLINE_ANY},
- {"PCRE_NEWLINE_ANYCRLF",    PCRE_NEWLINE_ANYCRLF},
- {"PCRE_BSR_ANYCRLF",        PCRE_BSR_ANYCRLF},
- {"PCRE_BSR_UNICODE",        PCRE_BSR_UNICODE},
+ {"PCRE2_ALLOW_EMPTY_CLASS", PCRE2_ALLOW_EMPTY_CLASS},
+ {"PCRE2_ALT_BSUX", PCRE2_ALT_BSUX},
+ {"PCRE2_AUTO_CALLOUT", PCRE2_AUTO_CALLOUT},
+ {"PCRE2_CASELESS", PCRE2_CASELESS},
+ {"PCRE2_DOLLAR_ENDONLY", PCRE2_DOLLAR_ENDONLY},
+ {"PCRE2_DOTALL", PCRE2_DOTALL},
+ {"PCRE2_DUPNAMES", PCRE2_DUPNAMES},
+ {"PCRE2_EXTENDED", PCRE2_EXTENDED},
+ {"PCRE2_FIRSTLINE", PCRE2_FIRSTLINE},
+ {"PCRE2_MATCH_UNSET_BACKREF", PCRE2_MATCH_UNSET_BACKREF},
+ {"PCRE2_MULTILINE", PCRE2_MULTILINE},
+ {"PCRE2_NEVER_UCP", PCRE2_NEVER_UCP},
+ {"PCRE2_NEVER_UTF", PCRE2_NEVER_UTF},
+ {"PCRE2_NO_AUTO_CAPTURE", PCRE2_NO_AUTO_CAPTURE},
+ {"PCRE2_NO_AUTO_POSSESS", PCRE2_NO_AUTO_POSSESS},
+ {"PCRE2_NO_DOTSTAR_ANCHOR", PCRE2_NO_DOTSTAR_ANCHOR},
+ {"PCRE2_NO_START_OPTIMIZE", PCRE2_NO_START_OPTIMIZE},
+ {"PCRE2_UCP", PCRE2_UCP},
+ {"PCRE2_UNGREEDY", PCRE2_UNGREEDY},
+ {"PCRE2_UTF", PCRE2_UTF},
+ {"PCRE2_NEVER_BACKSLASH_C", PCRE2_NEVER_BACKSLASH_C},
+ {"PCRE2_ALT_CIRCUMFLEX", PCRE2_ALT_CIRCUMFLEX},
+ {"PCRE2_ALT_VERBNAMES", PCRE2_ALT_VERBNAMES},
+ {"PCRE2_USE_OFFSET_LIMIT", PCRE2_USE_OFFSET_LIMIT},
+ {"PCRE2_EXTENDED_MORE", PCRE2_EXTENDED_MORE},
+ {"PCRE2_LITERAL", PCRE2_LITERAL},
+ {"PCRE2_MATCH_INVALID_UTF", PCRE2_MATCH_INVALID_UTF},
+
+ {"PCRE_CASELESS",           PCRE2_CASELESS},
+ {"PCRE_MULTILINE",          PCRE2_MULTILINE},
+ {"PCRE_DOTALL",             PCRE2_DOTALL},
+ {"PCRE_EXTENDED",           PCRE2_EXTENDED},
+ {"PCRE_ANCHORED",           PCRE2_ANCHORED},
+ {"PCRE_DOLLAR_ENDONLY",     PCRE2_DOLLAR_ENDONLY},
+ {"PCRE_EXTRA",              PCRE2_EXTENDED_MORE},
+ {"PCRE_NOTBOL",             PCRE2_NOTBOL},
+ {"PCRE_NOTEOL",             PCRE2_NOTEOL},
+ {"PCRE_UNGREEDY",           PCRE2_UNGREEDY},
+ {"PCRE_NOTEMPTY",           PCRE2_NOTEMPTY},
+ {"PCRE_UTF8",               PCRE2_UTF},
+ {"PCRE_NO_AUTO_CAPTURE",    PCRE2_NO_AUTO_CAPTURE},
+ {"PCRE_NO_UTF8_CHECK",      PCRE2_MATCH_INVALID_UTF},
+ {"PCRE_AUTO_CALLOUT",       PCRE2_AUTO_CALLOUT},
+ {"PCRE_PARTIAL",            PCRE2_PARTIAL_SOFT},
+ {"PCRE_DFA_SHORTEST",       PCRE2_DFA_SHORTEST},
+ {"PCRE_DFA_RESTART",        PCRE2_DFA_RESTART},
+ {"PCRE_FIRSTLINE",          PCRE2_FIRSTLINE},
+ {"PCRE_DUPNAMES",           PCRE2_DUPNAMES},
+ {"PCRE_NEWLINE_CR",         PCRE2_NEWLINE_CR},
+ {"PCRE_NEWLINE_LF",         PCRE2_NEWLINE_LF},
+ {"PCRE_NEWLINE_CRLF",       PCRE2_NEWLINE_CRLF},
+ {"PCRE_NEWLINE_ANY",        PCRE2_NEWLINE_ANY},
+ {"PCRE_NEWLINE_ANYCRLF",    PCRE2_NEWLINE_ANYCRLF},
+ {"PCRE_BSR_ANYCRLF",        PCRE2_BSR_ANYCRLF},
+ {"PCRE_BSR_UNICODE",        PCRE2_BSR_UNICODE},
+
  {NULL, 0}
 };
 
 struct pcre_filter_data {
 	int users;
-	pcre * re;
+	pcre2_code * re;
+	pcre2_match_data * match_data;
 	int action;
 	char * replace;
 	struct ace *acl;
@@ -83,7 +114,8 @@ static void pcre_data_free(struct pcre_filter_data *pcrefd){
 	pthread_mutex_lock(&pcre_mutex);
 	pcrefd->users--;
 	if(!pcrefd->users){
-		if(pcrefd->re) pl->freefunc(pcrefd->re);
+		if(pcrefd->match_data) pcre2_match_data_free(pcrefd->match_data);
+		if(pcrefd->re) pcre2_code_free(pcrefd->re);
 		if(pcrefd->acl) pl->freeacl(pcrefd->acl);
 		if(pcrefd->replace) pl->freefunc(pcrefd->replace);
 		pl->freefunc(pcrefd);
@@ -123,7 +155,7 @@ static FILTER_ACTION pcre_filter_client(void *fo, struct clientparam * param, vo
 }
 
 static FILTER_ACTION pcre_filter_buffer(void *fc, struct clientparam *param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
-	int ovector[48];
+	PCRE2_SIZE *ovector;
 	int count = 0;
 	struct ace *acl;
 	int match = 0;
@@ -143,8 +175,9 @@ static FILTER_ACTION pcre_filter_buffer(void *fc, struct clientparam *param, uns
 	if(!pcrefd->re) return pcrefd->action;
 	for(; offset < *length_p; nreplaces++){
 
-		count = pcre_exec(pcrefd->re, NULL, (char *)*buf_p, *length_p, offset, 0, ovector, 48);
+		count = pcre2_match(pcrefd->re, (PCRE2_SPTR)*buf_p, *length_p, offset, 0, pcrefd->match_data, NULL);
 		if(count <= 0) break;
+		ovector = pcre2_get_ovector_pointer(pcrefd->match_data);
 		if(!(replace = pcrefd->replace) || param->nooverwritefilter) return pcrefd->action;
 
 		replen = *length_p - ovector[1];
@@ -220,10 +253,11 @@ static void pcre_filter_close(void *fo){
 
 static int h_pcre(int argc, unsigned char **argv){
 	int action = 0;
-	pcre *re = NULL;
+	pcre2_code *re = NULL;
+	pcre2_match_data *match_data = NULL;
 	struct ace *acl;
-	int offset = 4;
-	const char * errptr;
+	int errcode;
+	PCRE2_SIZE erroffset;
 	struct pcre_filter_data *flt;
 	struct filter *newf;
 	char *replace = NULL;
@@ -235,7 +269,6 @@ static int h_pcre(int argc, unsigned char **argv){
 	else return 1;
 	if(!strncmp((char *)argv[0], "pcre_rewrite", 12)) {
 		int i,j;
-		offset = 5;
 		replace = pl->strdupfunc((char *)argv[4]);
 		if(!replace) return 9;
 		for(i=0, j=0; replace[i]; i++, j++){
@@ -264,22 +297,30 @@ static int h_pcre(int argc, unsigned char **argv){
 		}
 		replace[j] = 0;
 	}
-	if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2;
+	if(!(acl = pl->make_ace(argc - 4, argv + 4))) return 2;
 	acl->nolog = (strstr((char *)argv[2],"log") == 0);
 	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
-		re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL);
+		re = pcre2_compile((PCRE2_SPTR)argv[3], PCRE2_ZERO_TERMINATED, pcre_options, &errcode, &erroffset, NULL);
 		if(!re) {
 			pl->freefunc(acl);
 			if(replace) pl->freefunc(replace);
 			return 3;
 		}
+		match_data = pcre2_match_data_create_from_pattern(re, NULL);
+		if(!match_data) {
+			pcre2_code_free(re);
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 4;
+		}
 	}
 	flt = pl->mallocfunc(sizeof(struct pcre_filter_data));
 	newf = pl->mallocfunc(sizeof(struct filter));
 
 	if(!flt || !newf) {
+		if(match_data) pcre2_match_data_free(match_data);
+		if(re) pcre2_code_free(re);
 		pl->freefunc(acl);
-		pl->freefunc(re);
 		if(replace) pl->freefunc(replace);
 		if(flt) pl->freefunc(flt);
 		return 4;
@@ -288,6 +329,114 @@ static int h_pcre(int argc, unsigned char **argv){
 	memset(newf, 0, sizeof(struct filter));
 	flt->action = action;
 	flt->re = re;
+	flt->match_data = match_data;
+	flt->acl = acl;
+	flt->replace = replace;
+	flt->users = 1;
+	newf->instance = "pcre";
+	newf->data = flt;
+	newf->filter_open = pcre_filter_open;
+	newf->filter_client = pcre_filter_client;
+	if(strstr((char *)argv[1], "request"))newf->filter_request = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "cliheader"))newf->filter_header_cli = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "clidata"))newf->filter_data_cli = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "srvheader"))newf->filter_header_srv = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "srvdata"))newf->filter_data_srv = pcre_filter_buffer;
+	newf->filter_clear = pcre_filter_clear;
+	newf->filter_close = pcre_filter_close;
+
+	if(!pcre_last_filter){
+		newf->next = pcre_first_filter.next;
+		pcre_first_filter.next=newf;
+	}
+	else {
+		newf->next = pcre_last_filter->next;
+		pcre_last_filter->next = newf;
+	}
+	pcre_last_filter=newf;
+
+	return 0;
+}
+
+static int h_pcre_rewrite(int argc, unsigned char **argv){
+	int action = 0;
+	pcre2_code *re = NULL;
+	pcre2_match_data *match_data = NULL;
+	struct ace *acl;
+	int errcode;
+	PCRE2_SIZE erroffset;
+	struct pcre_filter_data *flt;
+	struct filter *newf;
+	char *replace = NULL;
+
+	if(!strncmp((char *)argv[2], "allow",5)) action = PASS;
+	else if(!strncmp((char *)argv[2], "deny",4)) action = REJECT;
+	else if(!strncmp((char *)argv[2], "remove",6)) action = REMOVE;
+	else if(!strncmp((char *)argv[2], "dunno",5)) action = CONTINUE;
+	else return 1;
+	{
+		int i,j;
+		replace = pl->strdupfunc((char *)argv[4]);
+		if(!replace) return 9;
+		for(i=0, j=0; replace[i]; i++, j++){
+			if(replace[i] == '\\'){
+				switch(replace[i+1]){
+				case 'r':
+					i++;
+					replace[j] = '\r';
+					break;
+				case 'n':
+					i++;
+					replace[j] = '\n';
+					break;
+				case '0':
+					i++;
+					replace[j] = 0;
+					break;
+				case '\\':
+					i++;
+				default:
+					replace[j] = '\\';
+					break;
+				}
+			}
+			else replace[j] = replace[i];
+		}
+		replace[j] = 0;
+	}
+	if(!(acl = pl->make_ace(argc - 5, argv + 5))) return 2;
+	acl->nolog = (strstr((char *)argv[2],"log") == 0);
+	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
+		re = pcre2_compile((PCRE2_SPTR)argv[3], PCRE2_ZERO_TERMINATED, pcre_options, &errcode, &erroffset, NULL);
+		if(!re) {
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 3;
+		}
+		match_data = pcre2_match_data_create_from_pattern(re, NULL);
+		if(!match_data) {
+			pcre2_code_free(re);
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 4;
+		}
+	}
+	flt = pl->mallocfunc(sizeof(struct pcre_filter_data));
+	newf = pl->mallocfunc(sizeof(struct filter));
+
+	if(!flt || !newf) {
+		if(match_data) pcre2_match_data_free(match_data);
+		if(re) pcre2_code_free(re);
+		pl->freefunc(acl);
+		if(replace) pl->freefunc(replace);
+		if(flt) pl->freefunc(flt);
+		return 4;
+	}
+	memset(flt, 0, sizeof(struct pcre_filter_data));
+	memset(newf, 0, sizeof(struct filter));
+	flt->action = action;
+	flt->re = re;
+	flt->match_data = match_data;
 	flt->acl = acl;
 	flt->replace = replace;
 	flt->users = 1;
@@ -342,14 +491,14 @@ static int h_pcre_options(int argc, unsigned char **argv){
 
 static struct commands pcre_commandhandlers[] = {
 	{pcre_commandhandlers+1, "pcre", h_pcre, 4, 0},
-	{pcre_commandhandlers+2, "pcre_rewrite", h_pcre, 5, 0},
+	{pcre_commandhandlers+2, "pcre_rewrite", h_pcre_rewrite, 5, 0},
 	{pcre_commandhandlers+3, "pcre_extend", h_pcre_extend, 2, 0},
 	{NULL, "pcre_options", h_pcre_options, 2, 0}
 };
 
 static struct symbol regexp_symbols[] = {
-	{regexp_symbols+1, "pcre_compile", (void*) pcre_compile},
-	{regexp_symbols+2, "pcre_exec", (void*) pcre_exec},
+	{regexp_symbols+1, "pcre2_compile", (void*) pcre2_compile},
+	{regexp_symbols+2, "pcre2_match", (void*) pcre2_match},
 	{NULL, "pcre_options", (void *)&pcre_options},
 };
 
@@ -366,8 +515,6 @@ PLUGINAPI int PLUGINCALL pcre_plugin (struct pluginlink * pluginlink,
 	pl = pluginlink;
 	pcre_options = 0;
 	if(!pcre_loaded){
-		pcre_malloc = pl->mallocfunc;
-		pcre_free = pl->freefunc;
 		pcre_loaded = 1;
 		pthread_mutex_init(&pcre_mutex, NULL);
 		regexp_symbols[2].next = pl->symbols.next;

src/plugins/PamAuth/Makefile.inc

@@ -5,3 +5,4 @@ pamauth$(OBJSUFFICS): pamauth.c
 
 $(BUILDDIR)pamauth$(DLSUFFICS): pamauth$(OBJSUFFICS)
 	$(LN) $(LNOUT)../../$(BUILDDIR)pamauth$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) $(LIBSPREFIX)pam$(LIBSSUFFIX) pamauth$(OBJSUFFICS)
+

src/plugins/PamAuth/pamauth.c

@@ -92,7 +92,7 @@ static int pamfunc(struct clientparam *param)
   pthread_mutex_lock(&pam_mutex);
   if (!pamh)
     {
-	retval = pam_start ((char *)service, "3proxy@" , &conv, &pamh);
+	retval = pam_start ((char *)service, (char *)param->username, &conv, &pamh);
     }
    if (retval == PAM_SUCCESS)
        retval = pam_set_item (pamh, PAM_USER, param->username); 
@@ -102,6 +102,8 @@ static int pamfunc(struct clientparam *param)
 /*fprintf(stderr,"pam_set_item2 rc=%d\n",retval); */       
    if (retval == PAM_SUCCESS)
          retval = pam_authenticate (pamh, 0);  
+   if (retval == PAM_SUCCESS)
+       retval = pam_acct_mgmt (pamh, 0);
 /*fprintf(stderr,"pam_authenticate rc=%d\n",retval);*/
    
    if (retval == PAM_SUCCESS) {  /*auth OK*/  rc=0;   }

src/plugins/SSLPlugin/Makefile.inc

@@ -10,5 +10,5 @@ my_ssl$(OBJSUFFICS): my_ssl.c
 
 
 $(BUILDDIR)SSLPlugin$(DLSUFFICS): ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS)
-	$(LN) $(LNOUT)../../$(BUILDDIR)SSLPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS) $(LIBS) 
+	$(LN) $(LNOUT)../../$(BUILDDIR)SSLPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS) $(LIBSPREFIX)crypto$(LIBSSUFFIX) $(LIBSPREFIX)ssl$(LIBSSUFFIX) 
 	

src/proxy.h

@@ -154,6 +154,8 @@ extern int timetoexit;
 
 extern struct extparam conf;
 
+extern int timeouts[12];
+
 int sockmap(struct clientparam * param, int timeo, int usesplice);
 int socksend(struct clientparam *param, SOCKET sock, unsigned char * buf, int bufsize, int to);
 int socksendto(struct clientparam *param, SOCKET sock, struct sockaddr * sin, unsigned char * buf, int bufsize, int to);

src/structures.h

@@ -643,7 +643,7 @@ struct extparam {
 #else
 	int threadinit[2];
 #endif
-	int timeouts[12];
+	int *timeouts;
 	struct ace * acl;
 	char * conffile;
 	struct bandlim * bandlimiter,  *bandlimiterout;