[squid-users] Re: Re: Re: squid_ldap_group against nested groups/Ous from Markus Moeller on 2010-11-05 (squid-users)

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Fri, 5 Nov 2010 13:58:00 -0000

Hi,

I tested on a 7.0 (32bit) box without issuse. I will try next a 8.0 64bit.

$ uname -a
FreeBSD freebsd.freebsd.home 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24
19:59:52 UTC 2008
root_at_logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386

$ make clean; make
Making clean in .
test -z "squid_kerb_ldap" || rm -f squid_kerb_ldap
rm -f *.o
make all-recursive
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT squid_kerb_ldap.o -MD -MP -MF
.deps/squid_kerb_ldap.Tpo -c -o squid_kerb_ldap.o squid_kerb_ldap.c
mv -f .deps/squid_kerb_ldap.Tpo .deps/squid_kerb_ldap.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_group.o -MD -MP -MF
.deps/support_group.Tpo -c -o support_group.o support_group.c
mv -f .deps/support_group.Tpo .deps/support_group.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_netbios.o -MD -MP -MF
.deps/support_netbios.Tpo -c -o support_netbios.o support_netbios.c
mv -f .deps/support_netbios.Tpo .deps/support_netbios.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_member.o -MD -MP -MF
.deps/support_member.Tpo -c -o support_member.o support_member.c
mv -f .deps/support_member.Tpo .deps/support_member.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_krb5.o -MD -MP -MF
.deps/support_krb5.Tpo -c -o support_krb5.o support_krb5.c
mv -f .deps/support_krb5.Tpo .deps/support_krb5.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_ldap.o -MD -MP -MF
.deps/support_ldap.Tpo -c -o support_ldap.o support_ldap.c
mv -f .deps/support_ldap.Tpo .deps/support_ldap.Po
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_sasl.o -MD -MP -MF
.deps/support_sasl.Tpo -c -o support_sasl.o support_sasl.c
cc1: warnings being treated as errors
In file included from support_sasl.c:30:
/usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a
prototype
*** Error code 1

Stop in /usr/home/markus/squid_kerb_ldap-1.2.1a.
*** Error code 1

Stop in /usr/home/markus/squid_kerb_ldap-1.2.1a.
$
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings
-Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement
-Wshadow -MT support_sasl.o -MD -MP -MF .deps/support_sasl.Tpo -c -o
support_sasl.o support_sasl.c
In file included from support_sasl.c:30:
/usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a
prototype
$ make
make all-recursive
gcc -DHAVE_CONFIG_H -I. -I/usr/include -I/usr/local/include -g -O2 -Wall
-Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align
-Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -MT support_resolv.o -MD -MP -MF
.deps/support_resolv.Tpo -c -o support_resolv.o support_resolv.c
mv -f .deps/support_resolv.Tpo .deps/support_resolv.Po
gcc -g -O2 -Wall -Wno-unknown-pragmas -Wextra -Werror -Wcomment -Wpointer-arith
-Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations
-Wdeclaration-after-statement -Wshadow -Wl,-R/usr/lib -L/usr/lib -lgssapi
-lkrb5 -lasn1 -lcrypto -lroken -lcrypt -lcom_err -L/usr/local/lib -Wl,-R/usr/local/lib
-o squid_kerb_ldap squid_kerb_ldap.o support_group.o support_netbios.o
support_member.o support_krb5.o support_ldap.o support_sasl.o
support_resolv.o -lldap -llber

$ ldd squid_kerb_ldap
squid_kerb_ldap:
        libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x28088000)
        libkrb5.so.9 => /usr/lib/libkrb5.so.9 (0x2808f000)
        libasn1.so.9 => /usr/lib/libasn1.so.9 (0x280c9000)
        libcrypto.so.5 => /lib/libcrypto.so.5 (0x280f2000)
        libroken.so.9 => /usr/lib/libroken.so.9 (0x2824b000)
        libcrypt.so.4 => /lib/libcrypt.so.4 (0x28258000)
        libcom_err.so.4 => /usr/lib/libcom_err.so.4 (0x28271000)
        libldap-2.4.so.2 => /usr/local/lib/libldap-2.4.so.2 (0x28273000)
        liblber-2.4.so.2 => /usr/local/lib/liblber-2.4.so.2 (0x282ae000)
        libc.so.7 => /lib/libc.so.7 (0x282bb000)
        libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x283b7000)
        libssl.so.5 => /usr/lib/libssl.so.5 (0x283ce000)

$ ktutil list --keys
squid.keytab:

Vno Type Principal Key
  3 arcfour-hmac-md5 HTTP/opensuse11.suse.home_at_SUSE.HOME
124b2a7a83c3ef21852a2571d64a8eee
  3 des3-cbc-sha1 HTTP/opensuse11.suse.home_at_SUSE.HOME
fb91f7f140622562617f5e3ead9b802a6eb5cd2025869432
  3 des-cbc-crc HTTP/opensuse11.suse.home_at_SUSE.HOME
8f64e67504b6f464

$ ./squid_kerb_ldap -d -g SOCKS_ALLOW_at_SUSE.HOME
2010/11/05 13:55:53| squid_kerb_ldap: Starting version 1.2.1a
2010/11/05 13:55:53| squid_kerb_ldap: Group list SOCKS_ALLOW_at_SUSE.HOME
2010/11/05 13:55:53| squid_kerb_ldap: Group SOCKS_ALLOW Domain SUSE.HOME
2010/11/05 13:55:53| squid_kerb_ldap: Netbios list NULL
2010/11/05 13:55:53| squid_kerb_ldap: No netbios names defined.
markus_at_SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Got User: markus Domain: SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: User domain loop: group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Found group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Setup Kerberos credential cache
2010/11/05 13:55:59| squid_kerb_ldap: Get default keytab file name
2010/11/05 13:55:59| squid_kerb_ldap: Got default keytab file name
squid.keytab
2010/11/05 13:55:59| squid_kerb_ldap: Get principal name from keytab
squid.keytab
2010/11/05 13:55:59| squid_kerb_ldap: Keytab entry has realm name: SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Found principal name:
HTTP/opensuse11.suse.home_at_SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Set credential cache to
MEMORY:squid_ldap_21691
2010/11/05 13:55:59| squid_kerb_ldap: Got principal name
HTTP/opensuse11.suse.home_at_SUSE.HOME
2010/11/05 13:55:59| squid_kerb_ldap: Stored credentials
2010/11/05 13:55:59| squid_kerb_ldap: Initialise ldap connection
2010/11/05 13:55:59| squid_kerb_ldap: Canonicalise ldap server name for
domain SUSE.HOME
2010/11/05 13:56:04| squid_kerb_ldap: Resolved SRV _ldap._tcp.SUSE.HOME
record to opensuse11.suse.home
2010/11/05 13:56:04| squid_kerb_ldap: Resolved address 1 of SUSE.HOME to
opensuse11.suse.home
2010/11/05 13:56:04| squid_kerb_ldap: Resolved address 2 of SUSE.HOME to
opensuse11.suse.home
2010/11/05 13:56:04| squid_kerb_ldap: Adding host SUSE.HOME to list
2010/11/05 13:56:04| squid_kerb_ldap: Sorted ldap server names for domain
SUSE.HOME:
2010/11/05 13:56:04| squid_kerb_ldap: Host: opensuse11.suse.home Port: 389
Priority: 0 Weight: 0
2010/11/05 13:56:04| squid_kerb_ldap: Host: SUSE.HOME Port: -1 Priority: -2
Weight: -2
2010/11/05 13:56:04| squid_kerb_ldap: Setting up connection to ldap server
opensuse11.suse.home:389
2010/11/05 13:56:04| squid_kerb_ldap: Bind to ldap server with SASL/GSSAPI
2010/11/05 13:56:04| squid_kerb_ldap: Successfully initialised connection to
ldap server opensuse11.suse.home:389
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path ""
and filter: (objectclass=*)
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute :
schemaNamingContext
2010/11/05 13:56:04| squid_kerb_ldap: 0 ldap entries found with attribute :
schemaNamingContext
2010/11/05 13:56:04| squid_kerb_ldap: Did not find ldap entry for
subschemasubentry
2010/11/05 13:56:04| squid_kerb_ldap: Determined ldap server not as an
Active Directory server
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter : (memberuid=markus)
2010/11/05 13:56:04| squid_kerb_ldap: Found 0 ldap entries
2010/11/05 13:56:04| squid_kerb_ldap: Search for primary group membership:
"SOCKS_ALLOW"
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter: (uid=markus)
2010/11/05 13:56:04| squid_kerb_ldap: Found 1 ldap entry
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute :
gidNumber
2010/11/05 13:56:04| squid_kerb_ldap: 1 ldap entry found with attribute :
gidNumber
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap server with bind path
dc=SUSE,dc=HOME and filter: (&(gidNumber=1000)(objectclass=posixgroup))
2010/11/05 13:56:04| squid_kerb_ldap: Search ldap entries for attribute : cn
2010/11/05 13:56:04| squid_kerb_ldap: 1 ldap entry found with attribute : cn
2010/11/05 13:56:04| squid_kerb_ldap: "SOCKS_ALLOW" matches group name
"SOCKS_ALLOW"
2010/11/05 13:56:04| squid_kerb_ldap: Users primary group matches
SOCKS_ALLOW
2010/11/05 13:56:04| squid_kerb_ldap: Unbind ldap server
2010/11/05 13:56:04| squid_kerb_ldap: User markus is member of group_at_domain
SOCKS_ALLOW_at_SUSE.HOME
OK
2010/11/05 13:56:04| squid_kerb_ldap: OK

Markus
"Markus Moeller" <huaraz_at_moeller.plus.com> wrote in message
news:ian1vr$bia$1_at_dough.gmane.org...
> Let me see if I can get a 8.0/7.x build. Does it compile AND work on 8.1
> or do you still see the crash when reading the keytab ?
>
> Markus
>
> "Eugene M. Zheganin" <eugene_at_zhegan.in> wrote in message
> news:4CCD5F0E.9080708_at_zhegan.in...
>> Hi.
>>
>> On 30.10.2010 00:14, Markus Moeller wrote:
>>> Hi,
>>>
>>> I have now a 64bit freebsd box and can not replicate the error. Also
>>> the compile error I got where only a symbol problem dup in support_group
>>> and the sasl prototype error.
>>>
>> Yeah, I agree, on fresh 8.1 installation it does compile (with -Werror
>> commented out).
>> On non-fresh 8.0/7.x it doesn't.
>>
>> 8.0 has heimdal 1.1.0 and 7.x has 0.6.3; however the symptoms are the
>> same.
>>
>> Is there something I can do to narrow the scope or the supposed decision
>> is upgrade everywhere to 8.1 ?
>>
>> Thanks.
>> Eugene.
>>
>>
>
>
>
Received on Fri Nov 05 2010 - 13:58:33 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 05 2010 - 12:00:02 MDT