Hi,
I'm trying to upgrade from 3.3.8 to 3.4.5 (3.4.x in general), compile squid with the same options (that are still valid in 3.4.x) and use negotiate authentication, but every time negotiate_kerberos_auth crashes with the following:
2014/06/18 23:06:20| negotiate_wrapper: Error reading Kerberos helper response
2014/06/18 23:06:20 kid1| WARNING: negotiateauthenticator #Hlpr0 exited
2014/06/18 23:06:21| negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument
*** glibc detected *** /usr/libexec/negotiate_kerberos_auth: double free or corruption (fasttop): 0x000000000159af00 ***
======= Backtrace: =========
/lib/libc.so.6(+0x71e16)[0x7f6bf3b3ae16]
/lib/libc.so.6(cfree+0x6c)[0x7f6bf3b3fb8c]
/usr/lib/libkrb5.so.3(krb5_free_data+0x12)[0x7f6bf54a3472]
/usr/libexec/negotiate_kerberos_auth[0x4044e9]
/usr/libexec/negotiate_kerberos_auth[0x40319c]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f6bf3ae7c8d]
/usr/libexec/negotiate_kerberos_auth[0x4018b9]
======= Memory map: ========
00400000-00407000 r-xp 00000000 08:12 523186 /usr/libexec/negotiate_kerberos_auth (deleted)
00607000-00608000 rw-p 00007000 08:12 523186 /usr/libexec/negotiate_kerberos_auth (deleted)
00608000-0060c000 rw-p 00000000 00:00 0
01594000-015b5000 rw-p 00000000 00:00 0 [heap]
7f6bec000000-7f6bec021000 rw-p 00000000 00:00 0
7f6bec021000-7f6bf0000000 ---p 00000000 00:00 0
7f6bf3090000-7f6bf309c000 r-xp 00000000 08:12 130570 /lib/libnss_files-2.11.3.so
7f6bf309c000-7f6bf329b000 ---p 0000c000 08:12 130570 /lib/libnss_files-2.11.3.so
7f6bf329b000-7f6bf329c000 r--p 0000b000 08:12 130570 /lib/libnss_files-2.11.3.so
7f6bf329c000-7f6bf329d000 rw-p 0000c000 08:12 130570 /lib/libnss_files-2.11.3.so
7f6bf329d000-7f6bf32a3000 r-xp 00000000 08:12 501154 /usr/lib/libnfnetlink.so.0.2.0
7f6bf32a3000-7f6bf34a2000 ---p 00006000 08:12 501154 /usr/lib/libnfnetlink.so.0.2.0
7f6bf34a2000-7f6bf34a3000 rw-p 00005000 08:12 501154 /usr/lib/libnfnetlink.so.0.2.0
7f6bf34a3000-7f6bf34ba000 r-xp 00000000 08:12 130795 /lib/libpthread-2.11.3.so
7f6bf34ba000-7f6bf36b9000 ---p 00017000 08:12 130795 /lib/libpthread-2.11.3.so
7f6bf36b9000-7f6bf36ba000 r--p 00016000 08:12 130795 /lib/libpthread-2.11.3.so
7f6bf36ba000-7f6bf36bb000 rw-p 00017000 08:12 130795 /lib/libpthread-2.11.3.so
7f6bf36bb000-7f6bf36bf000 rw-p 00000000 00:00 0
7f6bf36bf000-7f6bf36c1000 r-xp 00000000 08:12 130572 /lib/libkeyutils.so.1.3
7f6bf36c1000-7f6bf38c0000 ---p 00002000 08:12 130572 /lib/libkeyutils.so.1.3
7f6bf38c0000-7f6bf38c1000 rw-p 00001000 08:12 130572 /lib/libkeyutils.so.1.3
7f6bf38c1000-7f6bf38c8000 r-xp 00000000 08:12 497948 /usr/lib/libkrb5support.so.0.1
7f6bf38c8000-7f6bf3ac8000 ---p 00007000 08:12 497948 /usr/lib/libkrb5support.so.0.1
7f6bf3ac8000-7f6bf3ac9000 rw-p 00007000 08:12 497948 /usr/lib/libkrb5support.so.0.1
7f6bf3ac9000-7f6bf3c22000 r-xp 00000000 08:12 130805 /lib/libc-2.11.3.so
7f6bf3c22000-7f6bf3e21000 ---p 00159000 08:12 130805 /lib/libc-2.11.3.so
7f6bf3e21000-7f6bf3e25000 r--p 00158000 08:12 130805 /lib/libc-2.11.3.so
7f6bf3e25000-7f6bf3e26000 rw-p 0015c000 08:12 130805 /lib/libc-2.11.3.so
7f6bf3e26000-7f6bf3e2b000 rw-p 00000000 00:00 0
7f6bf3e2b000-7f6bf3e41000 r-xp 00000000 08:12 130565 /lib/libgcc_s.so.1
7f6bf3e41000-7f6bf4040000 ---p 00016000 08:12 130565 /lib/libgcc_s.so.1
7f6bf4040000-7f6bf4041000 rw-p 00015000 08:12 130565 /lib/libgcc_s.so.1
7f6bf4041000-7f6bf40c1000 r-xp 00000000 08:12 130829 /lib/libm-2.11.3.so
7f6bf40c1000-7f6bf42c1000 ---p 00080000 08:12 130829 /lib/libm-2.11.3.so
7f6bf42c1000-7f6bf42c2000 r--p 00080000 08:12 130829 /lib/libm-2.11.3.so
7f6bf42c2000-7f6bf42c3000 rw-p 00081000 08:12 130829 /lib/libm-2.11.3.so
7f6bf42c3000-7f6bf43b9000 r-xp 00000000 08:12 504357 /usr/lib/libstdc++.so.6.0.13
7f6bf43b9000-7f6bf45b9000 ---p 000f6000 08:12 504357 /usr/lib/libstdc++.so.6.0.13
7f6bf45b9000-7f6bf45c0000 r--p 000f6000 08:12 504357 /usr/lib/libstdc++.so.6.0.13
7f6bf45c0000-7f6bf45c2000 rw-p 000fd000 08:12 504357 /usr/lib/libstdc++.so.6.0.13
7f6bf45c2000-7f6bf45d7000 rw-p 00000000 00:00 0
7f6bf45d7000-7f6bf45d9000 r-xp 00000000 08:12 130828 /lib/libdl-2.11.3.so
7f6bf45d9000-7f6bf47d9000 ---p 00002000 08:12 130828 /lib/libdl-2.11.3.so
7f6bf47d9000-7f6bf47da000 r--p 00002000 08:12 130828 /lib/libdl-2.11.3.so
7f6bf47da000-7f6bf47db000 rw-p 00003000 08:12 130828 /lib/libdl-2.11.3.so
7f6bf47db000-7f6bf47e2000 r-xp 00000000 08:12 130799 /lib/librt-2.11.3.so
7f6bf47e2000-7f6bf49e1000 ---p 00007000 08:12 130799 /lib/librt-2.11.3.so
7f6bf49e1000-7f6bf49e2000 r--p 00006000 08:12 130799 /lib/librt-2.11.3.so
7f6bf49e2000-7f6bf49e3000 rw-p 00007000 08:12 130799 /lib/librt-2.11.3.so
7f6bf49e3000-7f6bf49f4000 r-xp 00000000 08:12 498554 /usr/lib/libnetfilter_conntrack.so.3.0.0
7f6bf49f4000-7f6bf4bf3000 ---p 00011000 08:12 498554 /usr/lib/libnetfilter_conntrack.so.3.0.0
7f6bf4bf3000-7f6bf4bf5000 rw-p 00010000 08:12 498554 /usr/lib/libnetfilter_conntrack.so.3.0.0
7f6bf4bf5000-7f6bf4c08000 r-xp 00000000 08:12 130780 /lib/libresolv-2.11.3.so
7f6bf4c08000-7f6bf4e07000 ---p 00013000 08:12 130780 /lib/libresolv-2.11.3.so
7f6bf4e07000-7f6bf4e08000 r--p 00012000 08:12 130780 /lib/libresolv-2.11.3.so
7f6bf4e08000-7f6bf4e09000 rw-p 00013000 08:12 130780 /lib/libresolv-2.11.3.so
7f6bf4e09000-7f6bf4e0b000 rw-p 00000000 00:00 0
7f6bf4e0b000-7f6bf4e20000 r-xp 00000000 08:12 130813 /lib/libnsl-2.11.3.so
7f6bf4e20000-7f6bf501f000 ---p 00015000 08:12 130813 /lib/libnsl-2.11.3.so
7f6bf501f000-7f6bf5020000 r--p 00014000 08:12 130813 /lib/libnsl-2.11.3.so
7f6bf5020000-7f6bf5021000 rw-p 00015000 08:12 130813 /lib/libnsl-2.11.3.so
7f6bf5021000-7f6bf5023000 rw-p 00000000 00:00 0
7f6bf5023000-7f6bf5026000 r-xp 00000000 08:12 130566 /lib/libcom_err.so.2.1
7f6bf5026000-7f6bf5225000 ---p 00003000 08:12 130566 /lib/libcom_err.so.2.1
7f6bf5225000-7f6bf5226000 rw-p 00002000 08:12 130566 /lib/libcom_err.so.2.1
7f6bf5226000-7f6bf524b000 r-xp 00000000 08:12 498628 /usr/lib/libk5crypto.so.3.1
7f6bf524b000-7f6bf544a000 ---p 00025000 08:12 498628 /usr/lib/libk5crypto.so.3.1
7f6bf544a000-7f6bf544c000 rw-p 00024000 08:12 498628 /usr/lib/libk5crypto.so.3.1
7f6bf544c000-7f6bf550a000 r-xp 00000000 08:12 497972 /usr/lib/libkrb5.so.3.3
7f6bf550a000-7f6bf5709000 ---p 000be000 08:12 497972 /usr/lib/libkrb5.so.3.3
7f6bf5709000-7f6bf5714000 rw-p 000bd000 08:12 497972 /usr/lib/libkrb5.so.3.3
7f6bf5714000-7f6bf5747000 r-xp 00000000 08:12 497968 /usr/lib/libgssapi_krb5.so.2.2
7f6bf5747000-7f6bf5947000 ---p 00033000 08:12 497968 /usr/lib/libgssapi_krb5.so.2.2
7f6bf5947000-7f6bf5949000 rw-p 00033000 08:12 497968 /usr/lib/libgssapi_krb5.so.2.2
7f6bf5949000-7f6bf5967000 r-xp 00000000 08:12 130797 /lib/ld-2.11.3.so
7f6bf5b54000-7f6bf5b5d000 rw-p 00000000 00:00 0
7f6bf5b64000-7f6bf5b66000 rw-p 00000000 00:00 0
7f6bf5b66000-7f6bf5b67000 r--p 0001d000 08:12 130797 /lib/ld-2.11.3.so
7f6bf5b67000-7f6bf5b68000 rw-p 0001e000 08:12 130797 /lib/ld-2.11.3.so
7f6bf5b68000-7f6bf5b69000 rw-p 00000000 00:00 0
7fff87760000-7fff8777b000 rw-p 00000000 00:00 0 [stack]
7fff877ff000-7fff87800000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
This is on up to date Debian 6.0.9 .
The relevant squid.conf part doesn't change:
auth_param negotiate program /usr/libexec/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/libexec/negotiate_kerberos_auth -r -s GSS_C_NO_NAME
auth_param negotiate children 200 startup=50 idle=10
auth_param negotiate keep_alive off
nor does krb5.conf
Compile string:
./configure --prefix=/usr --datadir=/usr/share/squid3 --sysconfdir=/etc/squid3 --mandir=/usr/share/man --with-cppunit-basedir=/usr --enable-inline --enable-async-io=8 --enable-storeio=ufs,aufs,diskd --enable-removal-policies=lru,heap --enable-delay-pools --enable-cache-digests --enable-underscores --enable-icap-client --enable-follow-x-forwarded-for --enable-auth --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM --enable-ntlm-auth-helpers=smb_lm --enable-digest-auth-helpers=ldap,password --enable-external-acl-helpers=file_userip,LDAP_group,unix_group,wbinfo_group --with-filedescriptors=65536 --with-default-user=proxy --enable-negotiate-auth-helpers=squid_kerb_auth,kerberos,wrapper,SSPI --with-large-files --enable-wccp --enable-linux-netfilter --enable-http-violations --disable-ipv6
I'm not sure how to debug this more or if something changed between 3.3.x and 3.4.x that break this and I missed it.
Received on Thu Jun 19 2014 - 06:40:45 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 19 2014 - 12:00:05 MDT