Hi,
I have now a 64bit freebsd box and can not replicate the error. Also the
compile error I got where only a symbol problem dup in support_group and the
sasl prototype error.
$ uname -a
FreeBSD freebsd-81-64.freebsd.home 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon
Jul 19 02:36:49 UTC 2010
root_at_mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
$ echo $KRB5_KTNAME
/usr/home/markus/squid_kerb_ldap-1.2.1a/squid.keytab
$ krb5-config --version
FreeBSD heimdal 1.1.0
$Id: krb5-config.in 20528 2007-04-22 13:22:16Z lha $
$ ktutil list
/usr/home/markus/squid_kerb_ldap-1.2.1a/squid.keytab:
Vno Type Principal
3 arcfour-hmac-md5 HTTP/opensuse11.suse.home_at_SUSE.HOME
3 des3-cbc-sha1 HTTP/opensuse11.suse.home_at_SUSE.HOME
3 des-cbc-crc HTTP/opensuse11.suse.home_at_SUSE.HOME
$ ./squid_kerb_ldap -d -g SOCKS_ALLOW_at_SUSE.HOME
2010/10/29 18:41:27| squid_kerb_ldap: Starting version 1.2.1a
2010/10/29 18:41:27| squid_kerb_ldap: Group list SOCKS_ALLOW_at_SUSE.HOME
2010/10/29 18:41:27| squid_kerb_ldap: Group SOCKS_ALLOW Domain SUSE.HOME
2010/10/29 18:41:27| squid_kerb_ldap: Netbios list NULL
2010/10/29 18:41:27| squid_kerb_ldap: No netbios names defined.
markus_at_SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Got User: markus Domain: SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: User domain loop: group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Found group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Setup Kerberos credential cache
2010/10/29 18:41:33| squid_kerb_ldap: Get default keytab file name
2010/10/29 18:41:33| squid_kerb_ldap: Got default keytab file name
/usr/home/markus/squid_kerb_ldap-1.2.1a/squid.keytab
2010/10/29 18:41:33| squid_kerb_ldap: Get principal name from keytab
/usr/home/markus/squid_kerb_ldap-1.2.1a/squid.keytab
2010/10/29 18:41:33| squid_kerb_ldap: Keytab entry has realm name: SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Found principal name:
HTTP/opensuse11.suse.home_at_SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Set credential cache to
MEMORY:squid_ldap_10239
2010/10/29 18:41:33| squid_kerb_ldap: Got principal name
HTTP/opensuse11.suse.home_at_SUSE.HOME
2010/10/29 18:41:33| squid_kerb_ldap: Stored credentials
2010/10/29 18:41:43| squid_kerb_ldap: Initialise ldap connection
2010/10/29 18:41:43| squid_kerb_ldap: Canonicalise ldap server name for
domain SUSE.HOME
2010/10/29 18:41:48| squid_kerb_ldap: Resolved SRV _ldap._tcp.SUSE.HOME
record to opensuse11.suse.home
2010/10/29 18:41:48| squid_kerb_ldap: Resolved address 1 of SUSE.HOME to
opensuse11.suse.home
2010/10/29 18:41:48| squid_kerb_ldap: Resolved address 2 of SUSE.HOME to
opensuse11.suse.home
2010/10/29 18:41:48| squid_kerb_ldap: Resolved address 3 of SUSE.HOME to
opensuse11.suse.home
2010/10/29 18:41:48| squid_kerb_ldap: Sorted ldap server names for domain
SUSE.HOME:
2010/10/29 18:41:48| squid_kerb_ldap: Host: opensuse11.suse.home Port: 389
Priority: 0 Weight: 0
2010/10/29 18:41:48| squid_kerb_ldap: Setting up connection to ldap server
opensuse11.suse.home:389
2010/10/29 18:41:48| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/10/29 18:41:48| squid_kerb_ldap: Successfully initialised connection to
ldap server opensuse11.suse.home:389
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap server with bind path ""
and filter: (objectclass=*)
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap entries for attribute :
schemaNamingContext
2010/10/29 18:41:48| squid_kerb_ldap: 0 ldap entries found with attribute :
schemaNamingContext
2010/10/29 18:41:48| squid_kerb_ldap: Did not find ldap entry for
subschemasubentry
2010/10/29 18:41:48| squid_kerb_ldap: Determined ldap server not as an
Active Directory server
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter : (memberuid=markus)
2010/10/29 18:41:48| squid_kerb_ldap: Found 0 ldap entries
2010/10/29 18:41:48| squid_kerb_ldap: Search for primary group membership:
"SOCKS_ALLOW"
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter: (uid=markus)
2010/10/29 18:41:48| squid_kerb_ldap: Found 1 ldap entry
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap entries for attribute :
gidNumber
2010/10/29 18:41:48| squid_kerb_ldap: 1 ldap entry found with attribute :
gidNumber
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter: (&(gidNumber=1000)(objectclass=posixgroup))
2010/10/29 18:41:48| squid_kerb_ldap: Search ldap entries for attribute : cn
2010/10/29 18:41:48| squid_kerb_ldap: 1 ldap entry found with attribute : cn
2010/10/29 18:41:48| squid_kerb_ldap: "SOCKS_ALLOW" matches group name
"SOCKS_ALLOW"
2010/10/29 18:41:48| squid_kerb_ldap: Users primary group matches
SOCKS_ALLOW
2010/10/29 18:41:48| squid_kerb_ldap: Unbind ldap server
2010/10/29 18:41:48| squid_kerb_ldap: User markus is member of group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
OK
"Eugene M. Zheganin" <eugene_at_zhegan.in> wrote in message
news:4CC662AF.7070707_at_zhegan.in...
> Hi.
>
> On 07.12.2008 18:09, Markus Moeller wrote:
>> I did implement recursive group search in squid_kerb_ldap at
>> http://sourceforge.net/project/showfiles.php?group_id=196348.
>>
>
> Actually this is a very interesting helper, and I would like ti use it on
> my production squids, 'cause my engineers are tired of managing hundreds
> of users instead of a dozen of groups.
>
> I downloaded it, but I had a bunch of problems with it.
>
> If this isn't the appropriate maillist to discuss this helper, then just
> stop at this point, and I'm sorry for this post.
>
>
> My target system is FreeBSD 8.0-RELASE-p2/amd64. It has heimdal 1.0.1
> Kerberos V in the base system.
>
> a) First of all, 1.2.1a fails to build:
>
> ===Code===
> cc1: warnings being treated as errors
> support_krb5.c: In function 'krb5_create_cache':
> support_krb5.c:117: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> support_krb5.c:122: error: incompatible type for argument 2 of
> 'strcasecmp'
> support_krb5.c:251: error: incompatible type for argument 1 of 'strlen'
> support_krb5.c:252: error: incompatible type for argument 1 of 'strlen'
> support_krb5.c:252: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> support_krb5.c:252: warning: format '%s' expects type 'char *', but
> argument 5 has type 'krb5_data'
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> *** Error code 1
>
> Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
> ===Cut===
>
> This can be fixed, as all of these errors are caused by the fact that
> entry.principal->realm is a structure, and the code expect it to be char
> *, so it's pretty obvious that char * has to be here, and krb5_data.data
> is the only thing that appears to be char; so I changed
> entry.principal->realm to entry.principal->realm.data. I had one more
> problem with -Werror switch:
>
> ===Cut===
> cc1: warnings being treated as errors
> In file included from support_sasl.c:30:
> /usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a
> prototype
> ===Cut===
>
> Since my C skills are considerably low, I simply remowed -Werror switch
> and uild succeeded.
>
> b) then it fails to run, crashing at keytab parsing. So may be things
> aren't that obvious and I failed to do the proper fixing:
>
> ===Cut===
> %./squid_kerb_ldap -b cn=Users,dc=norma,dc=com -g "Internal Users -
> Crystal@" -u dca -p sabbracadabra -N SOFTLAB_at_NORMA.COM -d -i
> 2010/10/26 10:50:05| squid_kerb_ldap: Starting version 1.2.1a
> 2010/10/26 10:50:05| squid_kerb_ldap: Group list Internal Users - Crystal@
> 2010/10/26 10:50:05| squid_kerb_ldap: Group Internal Users - Crystal
> Domain
> 2010/10/26 10:50:05| squid_kerb_ldap: Netbios list SOFTLAB_at_NORMA.COM
> 2010/10/26 10:50:05| squid_kerb_ldap: Netbios name SOFTLAB Domain
> NORMA.COM
> emz_at_NORMA.COM
> 2010/10/26 10:50:10| squid_kerb_ldap: Got User: emz Domain: NORMA.COM
> 2010/10/26 10:50:10| squid_kerb_ldap: User domain loop: group_at_domain
> Internal Users - Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Default domain loop: group_at_domain
> Internal Users - Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Found group_at_domain Internal Users -
> Crystal@
> 2010/10/26 10:50:10| squid_kerb_ldap: Setup Kerberos credential cache
> 2010/10/26 10:50:10| squid_kerb_ldap: Get default keytab file name
> 2010/10/26 10:50:10| squid_kerb_ldap: Got default keytab file name
> /usr/local/etc/squid/squid.keytab
> 2010/10/26 10:50:10| squid_kerb_ldap: Get principal name from keytab
> /usr/local/etc/squid/squid.keytab
> Ошибка адресации на шине(core dumped)
> ===Cut===
>
> Stacktrace:
>
> ===Cut===
> # gdb squid_kerb_ldap squid_kerb_ldap.core
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "amd64-marcel-freebsd"...
> Core was generated by `squid_kerb_ldap'.
> Program terminated with signal 10, Bus error.
> Reading symbols from /usr/lib/libgssapi.so.10...done.
> Loaded symbols for /usr/lib/libgssapi.so.10
> Reading symbols from /usr/lib/libheimntlm.so.10...done.
> Loaded symbols for /usr/lib/libheimntlm.so.10
> Reading symbols from /usr/lib/libkrb5.so.10...done.
> Loaded symbols for /usr/lib/libkrb5.so.10
> Reading symbols from /usr/lib/libhx509.so.10...done.
> Loaded symbols for /usr/lib/libhx509.so.10
> Reading symbols from /usr/lib/libcom_err.so.5...done.
> Loaded symbols for /usr/lib/libcom_err.so.5
> Reading symbols from /lib/libcrypto.so.6...done.
> Loaded symbols for /lib/libcrypto.so.6
> Reading symbols from /usr/lib/libasn1.so.10...done.
> Loaded symbols for /usr/lib/libasn1.so.10
> Reading symbols from /usr/lib/libroken.so.10...done.
> Loaded symbols for /usr/lib/libroken.so.10
> Reading symbols from /lib/libcrypt.so.5...done.
> Loaded symbols for /lib/libcrypt.so.5
> Reading symbols from /usr/local/lib/libldap-2.4.so.7...done.
> Loaded symbols for /usr/local/lib/libldap-2.4.so.7
> Reading symbols from /usr/local/lib/liblber-2.4.so.7...done.
> Loaded symbols for /usr/local/lib/liblber-2.4.so.7
> Reading symbols from /lib/libc.so.7...done.
> Loaded symbols for /lib/libc.so.7
> Reading symbols from /usr/lib/libssl.so.6...done.
> Loaded symbols for /usr/lib/libssl.so.6
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0 0x00000008008a4b14 in krb5_kt_next_entry () from
> /usr/lib/libkrb5.so.10
> (gdb) bt
> #0 0x00000008008a4b14 in krb5_kt_next_entry () from
> /usr/lib/libkrb5.so.10
> #1 0x0000000000000000 in ?? ()
> #2 0x0000000000000001 in ?? ()
> #3 0x0000000000000000 in ?? ()
> #4 0x0000000000000000 in ?? ()
> #5 0x0000000000000000 in ?? ()
> #6 0x0000000000000000 in ?? ()
> #7 0x000000080190f130 in ?? ()
> #8 0x0000000000000000 in ?? ()
> #9 0x0000000000000000 in ?? ()
> #10 0x0000000000000000 in ?? ()
> #11 0x636f6c2f7273752f in ?? ()
> #12 0x732f6374652f6c61 in ?? ()
> #13 0x7571732f64697571 in ?? ()
> #14 0x617479656b2e6469 in ?? ()
> #15 0x0000000000000062 in ?? ()
> #16 0x0000000000000000 in ?? ()
> #17 0x0000000000000000 in ?? ()
> #18 0x0000000000000000 in ?? ()
> #19 0x000000000050c97f in buf.7098 ()
> #20 0x4d9b4030ed3e2720 in ?? ()
> #21 0x0000000000000000 in ?? ()
> #22 0x00000008016a2880 in __stderrp () from /lib/libc.so.7
> #23 0x00007fffffffc760 in ?? ()
> #24 0x000000000040acd0 in ?? ()
> #25 0x000000000050c5a0 in ?? ()
> #26 0x00007fffffffc901 in ?? ()
> #27 0x00007fffffffc990 in ?? ()
> #28 0x000000080158210c in vfprintf () from /lib/libc.so.7
> #29 0x0000000801571b48 in fprintf () from /lib/libc.so.7
> #30 0x0000000000406aa6 in get_memberof (margs=0x7fffffffe290,
> user=0x7fffffffc990 "emz",
> domain=0x7fffffffc994 "NORMA.COM", group=0x8019020a0 "Internal Users -
> Crystal") at support_ldap.c:845
> #31 0x0000000000404614 in check_memberof (margs=0x7fffffffe290,
> user=0x7fffffffc990 "emz",
> domain=0x7fffffffc994 "NORMA.COM") at support_member.c:81
> #32 0x0000000000403051 in main (argc=Variable "argc" is not available.
> ) at squid_kerb_ldap.c:352
> (gdb)
> ===Cut===
>
> I should say that the keytab is a working one from production squid, and
> it works with ntlm_auth helper from samba suite with spnego ptotocol.
>
> Any help would be greatly appreciated, especially from Markus. :)
>
> Thanks, Eugene.
>
Received on Fri Oct 29 2010 - 18:14:46 MDT
This archive was generated by hypermail 2.2.0 : Sun Oct 31 2010 - 12:00:04 MDT