Squid3 helper ext_kerberos_ldap_group_acl crashed

Started by urfin73, January 11, 2019, 03:31:36 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 11, 2019, 03:31:36 PM
Hello, Friends!
I use os-web-proxy-useracl and os-web-proxy-sso plugins to create access lists linked on groups of the Windows AD.
At the moment there is a problem. Helper ext_kerberos_ldap_group_acl from the Opnsense repository at work is dumped into the kernel.
...
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -a -m 20 -g Test -D mydomain.ru
...
support_ldap.cc(1128): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Entry 2 "Test" matches group name "Test"
support_ldap.cc(1390): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Unbind ldap server
Segmentation fault (core dumped)
...
(gdb) backtrace
#0  0x000004dc1b2bd68b in ?? () from /lib/libthr.so.3
#1  0x000004dc1b2bc949 in pthread_mutex_lock () from /lib/libthr.so.3
#2  0x000004dc1a69ab42 in k5_cc_mutex_lock ()
   from /usr/local/lib/libkrb5.so.3.3
#3  0x000004dc1a6a5308 in ?? () from /usr/local/lib/libkrb5.so.3.3
#4  0x00000123ba3ee641 in krb5_cleanup() ()
#5  0x00000123ba3f2f89 in get_memberof(main_args*, char*, char*, char*) ()
#6  0x00000123ba3ee35b in check_memberof(main_args*, char*, char*) ()
#7  0x00000123ba3eb73b in main ()
(gdb)
...
In order to identify the problem, i installed clear freeBSD 11.1 and make helper from source codes of squid3 version 3.5.28.
Helper worked without problems.
In this regard, the question:
Whether it is possible to ask to update the helper in a repository on assembled from the latest source code?
Sorry for my English, Andrey.
January 11, 2019, 03:37:59 PM #1
Squid4 works without this error.
January 11, 2019, 06:09:12 PM #2
We'll switch to version 4 shortly after 19.1 is out...


Cheers,
Franco
January 14, 2019, 07:02:49 AM #3
Ok, Thanks, we'll wait.
January 14, 2019, 12:09:58 PM #4
Hi guys!
Tell me one more question:
Plugin os-web-proxy-sso ignores System -> Servers -> LDAP settings, such as Auth Container and Extendet Query &(memberOf...).
That is, the access tester does not authorize users who are not suitable for Auth Container and Extendet Query filters, and os-web-proxy-sso plugin authorizes all domain users. Is this normal behavior?
Print
Go Up Pages1
User actions