Search squid archive

Re: Re: squid_ldap_group against nested groups/Ous

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 Hi.

On 07.12.2008 18:09, Markus Moeller wrote:
I did implement recursive group search in squid_kerb_ldap at http://sourceforge.net/project/showfiles.php?group_id=196348.
Actually this is a very interesting helper, and I would like ti use it on my production squids, 'cause my engineers are tired of managing hundreds of users instead of a dozen of groups. 

I downloaded it, but I had a bunch of problems with it.
If this isn't the appropriate maillist to discuss this helper, then just stop at this point, and I'm sorry for this post.
My target system is FreeBSD 8.0-RELASE-p2/amd64. It has heimdal 1.0.1 Kerberos V in the base system. 

a) First of all,  1.2.1a fails to build:

===Code===
cc1: warnings being treated as errors
support_krb5.c: In function 'krb5_create_cache':
support_krb5.c:117: warning: format '%s' expects type 'char *', but argument 5 has type 'krb5_data' 
support_krb5.c:122: error: incompatible type for argument 2 of 'strcasecmp'
support_krb5.c:251: error: incompatible type for argument 1 of 'strlen'
support_krb5.c:252: error: incompatible type for argument 1 of 'strlen'
support_krb5.c:252: warning: format '%s' expects type 'char *', but argument 5 has type 'krb5_data' support_krb5.c:252: warning: format '%s' expects type 'char *', but argument 5 has type 'krb5_data' 
*** Error code 1

Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
*** Error code 1

Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
*** Error code 1

Stop in /usr/home/emz/squid_kerb_ldap/1/squid_kerb_ldap-1.2.1a.
===Cut===
This can be fixed, as all of these errors are caused by the fact that entry.principal->realm is a structure, and the code expect it to be char *, so it's pretty obvious that char * has to be here, and krb5_data.data is the only thing that appears to be char; so I changed entry.principal->realm to entry.principal->realm.data. I had one more problem with -Werror switch: 

===Cut===
cc1: warnings being treated as errors
In file included from support_sasl.c:30:
/usr/local/include/sasl/sasl.h:349: warning: function declaration isn't a prototype 
===Cut===
Since my C skills are considerably low, I simply remowed -Werror switch and uild succeeded.
b) then it fails to run, crashing at keytab parsing. So may be things aren't that obvious and I failed to do the proper fixing: 

===Cut===
%./squid_kerb_ldap -b cn=Users,dc=norma,dc=com -g "Internal Users - Crystal@" -u dca -p sabbracadabra -N SOFTLAB@xxxxxxxxx -d -i 
2010/10/26 10:50:05| squid_kerb_ldap: Starting version 1.2.1a
2010/10/26 10:50:05| squid_kerb_ldap: Group list Internal Users - Crystal@
2010/10/26 10:50:05| squid_kerb_ldap: Group Internal Users - Crystal Domain 
2010/10/26 10:50:05| squid_kerb_ldap: Netbios list SOFTLAB@xxxxxxxxx
2010/10/26 10:50:05| squid_kerb_ldap: Netbios name SOFTLAB  Domain NORMA.COM
emz@xxxxxxxxx
2010/10/26 10:50:10| squid_kerb_ldap: Got User: emz Domain: NORMA.COM
2010/10/26 10:50:10| squid_kerb_ldap: User domain loop: group@domain Internal Users - Crystal@ 2010/10/26 10:50:10| squid_kerb_ldap: Default domain loop: group@domain Internal Users - Crystal@ 2010/10/26 10:50:10| squid_kerb_ldap: Found group@domain Internal Users - Crystal@ 
2010/10/26 10:50:10| squid_kerb_ldap: Setup Kerberos credential cache
2010/10/26 10:50:10| squid_kerb_ldap: Get default keytab file name
2010/10/26 10:50:10| squid_kerb_ldap: Got default keytab file name /usr/local/etc/squid/squid.keytab 2010/10/26 10:50:10| squid_kerb_ldap: Get principal name from keytab /usr/local/etc/squid/squid.keytab 
ÐÑÐÐÐÐ ÐÐÑÐÑÐÑÐÐ ÐÐ ÑÐÐÐ(core dumped)
===Cut===

Stacktrace:

===Cut===
# gdb squid_kerb_ldap squid_kerb_ldap.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions. 
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `squid_kerb_ldap'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/lib/libgssapi.so.10...done.
Loaded symbols for /usr/lib/libgssapi.so.10
Reading symbols from /usr/lib/libheimntlm.so.10...done.
Loaded symbols for /usr/lib/libheimntlm.so.10
Reading symbols from /usr/lib/libkrb5.so.10...done.
Loaded symbols for /usr/lib/libkrb5.so.10
Reading symbols from /usr/lib/libhx509.so.10...done.
Loaded symbols for /usr/lib/libhx509.so.10
Reading symbols from /usr/lib/libcom_err.so.5...done.
Loaded symbols for /usr/lib/libcom_err.so.5
Reading symbols from /lib/libcrypto.so.6...done.
Loaded symbols for /lib/libcrypto.so.6
Reading symbols from /usr/lib/libasn1.so.10...done.
Loaded symbols for /usr/lib/libasn1.so.10
Reading symbols from /usr/lib/libroken.so.10...done.
Loaded symbols for /usr/lib/libroken.so.10
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/libldap-2.4.so.7...done.
Loaded symbols for /usr/local/lib/libldap-2.4.so.7
Reading symbols from /usr/local/lib/liblber-2.4.so.7...done.
Loaded symbols for /usr/local/lib/liblber-2.4.so.7
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/lib/libssl.so.6...done.
Loaded symbols for /usr/lib/libssl.so.6
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x00000008008a4b14 in krb5_kt_next_entry () from /usr/lib/libkrb5.so.10
(gdb) bt
#0  0x00000008008a4b14 in krb5_kt_next_entry () from /usr/lib/libkrb5.so.10
#1  0x0000000000000000 in ?? ()
#2  0x0000000000000001 in ?? ()
#3  0x0000000000000000 in ?? ()
#4  0x0000000000000000 in ?? ()
#5  0x0000000000000000 in ?? ()
#6  0x0000000000000000 in ?? ()
#7  0x000000080190f130 in ?? ()
#8  0x0000000000000000 in ?? ()
#9  0x0000000000000000 in ?? ()
#10 0x0000000000000000 in ?? ()
#11 0x636f6c2f7273752f in ?? ()
#12 0x732f6374652f6c61 in ?? ()
#13 0x7571732f64697571 in ?? ()
#14 0x617479656b2e6469 in ?? ()
#15 0x0000000000000062 in ?? ()
#16 0x0000000000000000 in ?? ()
#17 0x0000000000000000 in ?? ()
#18 0x0000000000000000 in ?? ()
#19 0x000000000050c97f in buf.7098 ()
#20 0x4d9b4030ed3e2720 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x00000008016a2880 in __stderrp () from /lib/libc.so.7
#23 0x00007fffffffc760 in ?? ()
#24 0x000000000040acd0 in ?? ()
#25 0x000000000050c5a0 in ?? ()
#26 0x00007fffffffc901 in ?? ()
#27 0x00007fffffffc990 in ?? ()
#28 0x000000080158210c in vfprintf () from /lib/libc.so.7
#29 0x0000000801571b48 in fprintf () from /lib/libc.so.7
#30 0x0000000000406aa6 in get_memberof (margs=0x7fffffffe290, user=0x7fffffffc990 "emz", domain=0x7fffffffc994 "NORMA.COM", group=0x8019020a0 "Internal Users - Crystal") at support_ldap.c:845 #31 0x0000000000404614 in check_memberof (margs=0x7fffffffe290, user=0x7fffffffc990 "emz", 
    domain=0x7fffffffc994 "NORMA.COM") at support_member.c:81
#32 0x0000000000403051 in main (argc=Variable "argc" is not available.
) at squid_kerb_ldap.c:352
(gdb)
===Cut===
I should say that the keytab is a working one from production squid, and it works with ntlm_auth helper from samba suite with spnego ptotocol. 

Any help would be greatly appreciated, especially from Markus. :)

Thanks, Eugene.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux