[squid-users] Re: Re: squid_ldap_group against nested groups/Ous

Hi,

 I will try to repeat it on a freebsd system ( although only 32bit).

Markus

"Eugene M. Zheganin" <eugene_at_zhegan.in> wrote in message
news:4CC662AF.7070707_at_zhegan.in...
> Hi.
>
> On 07.12.2008 18:09, Markus Moeller wrote:
>> I did implement recursive group search in squid_kerb_ldap at
>> http://sourceforge.net/project/showfiles.php?group_id=196348.
>>
>
> Actually this is a very interesting helper, and I would like ti use it on
> my production squids, 'cause my engineers are tired of managing hundreds
> of users instead of a dozen of groups.
>
> I downloaded it, but I had a bunch of problems with it.
>
> If this isn't the appropriate maillist to discuss this helper, then just
> stop at this point, and I'm sorry for this post.
>
>
> My target system is FreeBSD 8.0-RELASE-p2/amd64. It has heimdal 1.0.1
> Kerberos V in the base system.
>
> a) First of all, 1.2.1a fails to build:
>
> ===Code===
> cc1: warnings being treated as errors
> support_krb5.c: In function 'krb5_create_cache':
> support_krb5.c:117: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> support_krb5.c:122: error: incompatible type for argument 2 of
> 'strcasecmp'
> support_krb5.c:251: error: incompatible type for argument 1 of 'strlen'
> support_krb5.c:252: error: incompatible type for argument 1 of 'strlen'
> support_krb5.c:252: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> support_krb5.c:252: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> ===Cut===
>
> This can be fixed, as all of these errors are caused by the fact that
> entry.principal->realm is a structure, and the code expect it to be char
> *, so it's pretty obvious that char * has to be here, and krb5_data.data
> is the only thing that appears to be char; so I changed
> entry.principal->realm to entry.principal->realm.data. I had one more
> problem with -Werror switch:
>
> ===Cut===
> cc1: warnings being treated as errors
> In file included from support_sasl.c:30:
> /usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a
> prototype
> ===Cut===
>
> Since my C skills are considerably low, I simply remowed -Werror switch
> and uild succeeded.
>
> b) then it fails to run, crashing at keytab parsing. So may be things
> aren't that obvious and I failed to do the proper fixing:
>
> ===Cut===
> %./squid_kerb_ldap -b cn=Users,dc=norma,dc=com -g "Internal Users -
> Crystal@" -u dca -p sabbracadabra -N SOFTLAB_at_NORMA.COM -d -i
> 2010/10/26 10:50:05| squid_kerb_ldap: Starting version 1.2.1a
> 2010/10/26 10:50:05| squid_kerb_ldap: Group list Internal Users - Crystal@
> 2010/10/26 10:50:05| squid_kerb_ldap: Group Internal Users - Crystal
> Domain
> 2010/10/26 10:50:05| squid_kerb_ldap: Netbios list SOFTLAB_at_NORMA.COM
> 2010/10/26 10:50:05| squid_kerb_ldap: Netbios name SOFTLAB Domain
> NORMA.COM
> emz_at_NORMA.COM
> 2010/10/26 10:50:10| squid_kerb_ldap: Got User: emz Domain: NORMA.COM
> 2010/10/26 10:50:10| squid_kerb_ldap: User domain loop: group_at_domain
> Internal Users - Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Default domain loop: group_at_domain
> Internal Users - Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Found group_at_domain Internal Users -
> Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Setup Kerberos credential cache
> 2010/10/26 10:50:10| squid_kerb_ldap: Get default keytab file name
> 2010/10/26 10:50:10| squid_kerb_ldap: Got default keytab file name
> /usr/local/etc/squid/squid.keytab
> 2010/10/26 10:50:10| squid_kerb_ldap: Get principal name from keytab
> /usr/local/etc/squid/squid.keytab
> Ошибка адресации на шине(core dumped)
> ===Cut===
>
> Stacktrace:
>
> ===Cut===
> # gdb squid_kerb_ldap squid_kerb_ldap.core
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "amd64-marcel-freebsd"...
> Core was generated by `squid_kerb_ldap'.
> Program terminated with signal 10, Bus error.
> Reading symbols from /usr/lib/libgssapi.so.10...done.
> Loaded symbols for /usr/lib/libgssapi.so.10
> Reading symbols from /usr/lib/libheimntlm.so.10...done.
> Loaded symbols for /usr/lib/libheimntlm.so.10
> Reading symbols from /usr/lib/libkrb5.so.10...done.
> Loaded symbols for /usr/lib/libkrb5.so.10
> Reading symbols from /usr/lib/libhx509.so.10...done.
> Loaded symbols for /usr/lib/libhx509.so.10
> Reading symbols from /usr/lib/libcom_err.so.5...done.
> Loaded symbols for /usr/lib/libcom_err.so.5
> Reading symbols from /lib/libcrypto.so.6...done.
> Loaded symbols for /lib/libcrypto.so.6
> Reading symbols from /usr/lib/libasn1.so.10...done.
> Loaded symbols for /usr/lib/libasn1.so.10
> Reading symbols from /usr/lib/libroken.so.10...done.
> Loaded symbols for /usr/lib/libroken.so.10
> Reading symbols from /lib/libcrypt.so.5...done.
> Loaded symbols for /lib/libcrypt.so.5
> Reading symbols from /usr/local/lib/libldap-2.4.so.7...done.
> Loaded symbols for /usr/local/lib/libldap-2.4.so.7
> Reading symbols from /usr/local/lib/liblber-2.4.so.7...done.
> Loaded symbols for /usr/local/lib/liblber-2.4.so.7
> Reading symbols from /lib/libc.so.7...done.
> Loaded symbols for /lib/libc.so.7
> Reading symbols from /usr/lib/libssl.so.6...done.
> Loaded symbols for /usr/lib/libssl.so.6
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0 0x00000008008a4b14 in krb5_kt_next_entry () from
> /usr/lib/libkrb5.so.10
> (gdb) bt
> #0 0x00000008008a4b14 in krb5_kt_next_entry () from
> /usr/lib/libkrb5.so.10
> #1 0x0000000000000000 in ?? ()
> #2 0x0000000000000001 in ?? ()
> #3 0x0000000000000000 in ?? ()
> #4 0x0000000000000000 in ?? ()
> #5 0x0000000000000000 in ?? ()
> #6 0x0000000000000000 in ?? ()
> #7 0x000000080190f130 in ?? ()
> #8 0x0000000000000000 in ?? ()
> #9 0x0000000000000000 in ?? ()
> #10 0x0000000000000000 in ?? ()
> #11 0x636f6c2f7273752f in ?? ()
> #12 0x732f6374652f6c61 in ?? ()
> #13 0x7571732f64697571 in ?? ()
> #14 0x617479656b2e6469 in ?? ()
> #15 0x0000000000000062 in ?? ()
> #16 0x0000000000000000 in ?? ()
> #17 0x0000000000000000 in ?? ()
> #18 0x0000000000000000 in ?? ()
> #19 0x000000000050c97f in buf.7098 ()
> #20 0x4d9b4030ed3e2720 in ?? ()
> #21 0x0000000000000000 in ?? ()
> #22 0x00000008016a2880 in __stderrp () from /lib/libc.so.7
> #23 0x00007fffffffc760 in ?? ()
> #24 0x000000000040acd0 in ?? ()
> #25 0x000000000050c5a0 in ?? ()
> #26 0x00007fffffffc901 in ?? ()
> #27 0x00007fffffffc990 in ?? ()
> #28 0x000000080158210c in vfprintf () from /lib/libc.so.7
> #29 0x0000000801571b48 in fprintf () from /lib/libc.so.7
> #30 0x0000000000406aa6 in get_memberof (margs=0x7fffffffe290,
> user=0x7fffffffc990 "emz",
> domain=0x7fffffffc994 "NORMA.COM", group=0x8019020a0 "Internal Users -
> Crystal") at support_ldap.c:845
> #31 0x0000000000404614 in check_memberof (margs=0x7fffffffe290,
> user=0x7fffffffc990 "emz",
> domain=0x7fffffffc994 "NORMA.COM") at support_member.c:81
> #32 0x0000000000403051 in main (argc=Variable "argc" is not available.
> ) at squid_kerb_ldap.c:352
> (gdb)
> ===Cut===
>
> I should say that the keytab is a working one from production squid, and
> it works with ntlm_auth helper from samba suite with spnego ptotocol.
>
> Any help would be greatly appreciated, especially from Markus. :)
>
> Thanks, Eugene.
>
Received on Tue Oct 26 2010 - 05:26:50 MDT