OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: urfin73 on January 11, 2019, 03:31:36 pm

Title: Squid3 helper ext_kerberos_ldap_group_acl crashed
Post by: urfin73 on January 11, 2019, 03:31:36 pm

Hello, Friends!
I use os-web-proxy-useracl and os-web-proxy-sso plugins to create access lists linked on groups of the Windows AD.
At the moment there is a problem. Helper ext_kerberos_ldap_group_acl from the Opnsense repository at work is dumped into the kernel.
...
/usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -a -m 20 -g Test -D mydomain.ru
...
support_ldap.cc(1128): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Entry 2 "Test" matches group name "Test"
support_ldap.cc(1390): pid=4848 :2019/01/11 17:00:33| kerberos_ldap_group: DEBUG: Unbind ldap server
Segmentation fault (core dumped)
...
(gdb) backtrace
#0  0x000004dc1b2bd68b in ?? () from /lib/libthr.so.3
#1  0x000004dc1b2bc949 in pthread_mutex_lock () from /lib/libthr.so.3
#2  0x000004dc1a69ab42 in k5_cc_mutex_lock ()
   from /usr/local/lib/libkrb5.so.3.3
#3  0x000004dc1a6a5308 in ?? () from /usr/local/lib/libkrb5.so.3.3
#4  0x00000123ba3ee641 in krb5_cleanup() ()
#5  0x00000123ba3f2f89 in get_memberof(main_args*, char*, char*, char*) ()
#6  0x00000123ba3ee35b in check_memberof(main_args*, char*, char*) ()
#7  0x00000123ba3eb73b in main ()
(gdb)
...
In order to identify the problem, i installed clear freeBSD 11.1 and make helper from source codes of squid3 version 3.5.28.
Helper worked without problems.
In this regard, the question:
Whether it is possible to ask to update the helper in a repository on assembled from the latest source code?
Sorry for my English, Andrey.

Title: Re: Squid3 helper ext_kerberos_ldap_group_acl crashed
Post by: Kekek on January 11, 2019, 03:37:59 pm

Squid4 works without this error.

Title: Re: Squid3 helper ext_kerberos_ldap_group_acl crashed
Post by: franco on January 11, 2019, 06:09:12 pm

We'll switch to version 4 shortly after 19.1 is out...


Cheers,
Franco

Title: Re: Squid3 helper ext_kerberos_ldap_group_acl crashed
Post by: urfin73 on January 14, 2019, 07:02:49 am

Ok, Thanks, we'll wait.

Title: Re: Squid3 helper ext_kerberos_ldap_group_acl crashed
Post by: urfin73 on January 14, 2019, 12:09:58 pm

Hi guys!
Tell me one more question:
Plugin os-web-proxy-sso ignores System -> Servers -> LDAP settings, such as Auth Container and Extendet Query &(memberOf...).
That is, the access tester does not authorize users who are not suitable for Auth Container and Extendet Query filters, and os-web-proxy-sso plugin authorizes all domain users. Is this normal behavior?