[squid-users] Re: TPROXY surf as client
Eliezer Croitoru-2 wrote On 06/21/2014 06:12 PM, Amos Jeffries wrote: TCP does not permit that. The SYN-ACK will fail. Amos Unless it will come from the proxy server but still it's not recommended and in many cases is even illegal and can be considered as a real series crime and abusive use of IP address. Eliezer Thanks . Please more description . I want to run the script on proxy server . it may use same iptables rules which squid uses for tproxy job . Please guide me . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666446.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 22/06/2014 6:26 p.m., Omid Kosari wrote: Eliezer Croitoru-2 wrote On 06/21/2014 06:12 PM, Amos Jeffries wrote: TCP does not permit that. The SYN-ACK will fail. Amos Unless it will come from the proxy server but still it's not recommended and in many cases is even illegal and can be considered as a real series crime and abusive use of IP address. Eliezer Thanks . Please more description . I want to run the script on proxy server . it may use same iptables rules which squid uses for tproxy job . Please guide me . Omid, What do you hope to achieve with this? Amos
[squid-users] Re: TPROXY surf as client
I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666448.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 22/06/2014 6:55 p.m., Omid Kosari wrote: I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is the wrong tool to be using here. You want to look at hacking and attack tools - that is what you will be doing, and why it is illegal in most cases. Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . Squid is only opening outbound socket, marking it with setsockopt(IP_TRANSPARENT), then using bind() to set the outgoing IP. Everything else is limited by normal TCP/IP and routing operations within the network. Note that Squid specifying the outgoing IP on any particular request is a non-standard use of HTTP. Normal HTTP combines the client requests into persistent connections. Causing a few long-lived TCP connections to servers with a large number of pipelined transactions on each. For testing server capacity against TPROXY input it is suficient to make the server listen on localhost interface and setup a tool like Polygraph to use 127.0.*.* IPs for opening connections (or the fc00::* range in IPv6). Amos
[squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
Hi George, There might be another reason for the crash. Could you first try to replace on line 358 of negotiate_kerberos_pac.cc ad_data = (krb5_data *)xmalloc(sizeof(krb5_data)); with ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data)); Regards Markus Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org... Hi George, I see now the cause. The Kerberos function krb5_free_data does not check for NULL pointer before freeing. Here is a work around replace krb5_free_data with: if (ad_data) { if (ad_data-data) free(ad_data-data); free(ad_data); } /*krb5_free_data(context, ad_data);*/ Regards Markus George Billios wrote in message news:e1wyea5-gq...@rmm6prod02.runbox.com... Here is the output: (gdb) where #0 0x75f911b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x75f93fc0 in *__GI_abort () at abort.c:92 #2 0x75fc75bb in __libc_message (do_abort=value optimized out, fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748 double free or corruption (fasttop), ptr=value optimized out) at malloc.c:6267 #4 0x75fd5b8c in *__GI___libc_free (mem=value optimized out) at malloc.c:3739 #5 0x77939472 in krb5_free_data (context=value optimized out, val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253 #6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 , context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464 #7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at negotiate_kerberos_auth.cc:419 BR, George On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller hua...@moeller.plus.com wrote: Can you type where at the gdb prompt after the crash. It should list the function and location Markus George Billios wrote in message news:e1wxwko-h9...@rmm6prod02.runbox.com... So I tried to compile with -g and follow your instructions, here is what I get: YR YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iFB 5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI E9yLFAjfr2NbgeHMFLNPVTCMqZsT7mtsCO1wCROwiQdozKb+XULZIA3exv1ua9H8914AVdLFpHYK9yMbxO/pNI6W+cJ03mgu/7vIzbq9QDd6hI9bjh7cuzqhr8CLW2XfI9lueqRWv3BjwCbCwB4hUHid5OcamPjXZbrgVyt+msRlwHlBq9Enj8Cc5+7rd/P6ZPmsNzUpzaO2d/3ELPcTepcTQt48EP05khy+wlDzEfcf/Uyau92ojBSOTsXUxW4ecfEKl8uSYUM/s9vmeqG/3ehbkhwDiFmCQcmo2/u4ZMUsSATHDcU4wXwFazButTIBwKAZyKa9tEIgFCZW+M49C0Glpd7SnzGX/9DSk/y+lLYuBmcXBfZidFOiAqlCRcxja3oj+D7vWuXwus4LA5c4/UnOzDS6rEA4L2THms8Ys9Mzzy22/ANuf21klxJpCpY3gk7C+MmheqM4BZ4lDGPuwqBF1N4mvKCnEWl5NJ7pt6XFMWBoIueL1D0gHtOSDM044ca+bUjUTAcfdsbWIne19vrTMDRzTZOISkuAithlwZH/X1UZ6P0hygDeae4hNbB/H2KLyYuatb/XYssWHJwUvls9ixRjq+8KJZevcY6iBpiuISHRTVKO0VJhrwhjp+C8odGb0jdTrx5of5nEh4nQUh6OkjuK9cTnVb0uuBdxemv4JcQZtYXuiH9k9bwGAH4iq0BNo7qibi+WjkbSg4D3Mio0iPlJ8r6h49ChrbEtzJyx4xLZ5lV5AtMhQcKPcEdDpE9tjMQhvnWq6rJLyo8+uZFxr6G+/A
Re: [squid-users] Re: TPROXY surf as client
On 06/22/2014 09:55 AM, Omid Kosari wrote: I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . Squid is not the place for this reasearch. You can look at examples for tproxy codes in tproxy lists or examples from individual users on the internet. Regards, Eliezer
Re: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
That did the work Markus, thanks. Now it doesn't crash but I still get lots of in the log files negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument It seems to happen if the token is old. Any ideas where this comes from ? Original Message Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth From: Markus Moeller hua...@moeller.plus.com To: squid-users@squid-cache.org Date: 22/06/14 13:35 Hi George, There might be another reason for the crash. Could you first try to replace on line 358 of negotiate_kerberos_pac.cc ad_data = (krb5_data *)xmalloc(sizeof(krb5_data)); with ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data)); Regards Markus Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org... Hi George, I see now the cause. The Kerberos function krb5_free_data does not check for NULL pointer before freeing. Here is a work around replace krb5_free_data with: if (ad_data) { if (ad_data-data) free(ad_data-data); free(ad_data); } /*krb5_free_data(context, ad_data);*/ Regards Markus George Billios wrote in message news:e1wyea5-gq...@rmm6prod02.runbox.com... Here is the output: (gdb) where #0 0x75f911b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x75f93fc0 in *__GI_abort () at abort.c:92 #2 0x75fc75bb in __libc_message (do_abort=value optimized out, fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748 double free or corruption (fasttop), ptr=value optimized out) at malloc.c:6267 #4 0x75fd5b8c in *__GI___libc_free (mem=value optimized out) at malloc.c:3739 #5 0x77939472 in krb5_free_data (context=value optimized out, val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253 #6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 , context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464 #7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at negotiate_kerberos_auth.cc:419 BR, George On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller hua...@moeller.plus.com wrote: Can you type where at the gdb prompt after the crash. It should list the function and location Markus George Billios wrote in message news:e1wxwko-h9...@rmm6prod02.runbox.com... So I tried to compile with -g and follow your instructions, here is what I get: YR YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iFB 5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI E9yLFAjfr2NbgeHMFLNPVTCMqZsT7mtsCO1wCROwiQdozKb+XULZIA3exv1ua9H8914AVdLFpHYK9yMbxO/pNI6W+cJ03mgu/7vIzbq9QDd6hI9bjh7cuzqhr8CLW2XfI9lueqRWv3BjwCbCwB4hUHid5OcamPjXZbrgVyt+msRlwHlBq9Enj8Cc5+7rd/P6ZPmsNzUpzaO2d/3ELPcTepcTQt48EP05khy+wlDzEfcf/Uyau92ojBSOTsXUxW4ecfEKl8uSYUM/s9vmeqG/3ehbkhwDiFmCQcmo2/u4ZMUsSATHDcU4wXwFazButTIBwKAZyKa9tEIgFCZW+M49C0Glpd7SnzGX/9DSk/y+lLYuBmcXBfZidFOiAqlCRcxja3oj+D7vWuXwus4LA5c4/UnOzDS6rEA4L2THms8Ys9Mzzy22/ANuf21klxJpCpY3gk7C+MmheqM4BZ4lDGPuwqBF1N4mvKCnEWl5NJ7pt6XFMWBoIueL1D0gHtOSDM044ca+bUjUTAcfdsbWIne19vrTMDRzTZOISkuAithlwZH/X1UZ6P0hygDeae4hNbB/H2KLyYuatb/XYssWHJwUvls9ixRjq+8KJZevcY6iBpiuISHRTVKO0VJhrwhjp+C8odGb0jdTrx5of5nEh4nQUh6OkjuK9cTnVb0uuBdxemv4JcQZtYXuiH9k9bwGAH4iq0BNo7qibi+WjkbSg4D3Mio0iPlJ8r6h49ChrbEtzJyx4xLZ5lV5AtMhQcKPcEdDpE9tjMQhvnWq6rJLyo8+uZFxr6G+/A
[squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
Hi George, You can ignore this. I try to get the group information from the Kerberos token. And if the token is old as you say the Kerberos libraries just return the error you see. I might have to change it as a Warning instead of an ERROR message. Thank you Markus George Billios wrote in message news:53a7286d.3060...@runbox.com... That did the work Markus, thanks. Now it doesn't crash but I still get lots of in the log files negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument It seems to happen if the token is old. Any ideas where this comes from ? Original Message Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth From: Markus Moeller hua...@moeller.plus.com To: squid-users@squid-cache.org Date: 22/06/14 13:35 Hi George, There might be another reason for the crash. Could you first try to replace on line 358 of negotiate_kerberos_pac.cc ad_data = (krb5_data *)xmalloc(sizeof(krb5_data)); with ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data)); Regards Markus Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org... Hi George, I see now the cause. The Kerberos function krb5_free_data does not check for NULL pointer before freeing. Here is a work around replace krb5_free_data with: if (ad_data) { if (ad_data-data) free(ad_data-data); free(ad_data); } /*krb5_free_data(context, ad_data);*/ Regards Markus George Billios wrote in message news:e1wyea5-gq...@rmm6prod02.runbox.com... Here is the output: (gdb) where #0 0x75f911b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x75f93fc0 in *__GI_abort () at abort.c:92 #2 0x75fc75bb in __libc_message (do_abort=value optimized out, fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748 double free or corruption (fasttop), ptr=value optimized out) at malloc.c:6267 #4 0x75fd5b8c in *__GI___libc_free (mem=value optimized out) at malloc.c:3739 #5 0x77939472 in krb5_free_data (context=value optimized out, val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253 #6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 , context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464 #7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at negotiate_kerberos_auth.cc:419 BR, George On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller hua...@moeller.plus.com wrote: Can you type where at the gdb prompt after the crash. It should list the function and location Markus George Billios wrote in message news:e1wxwko-h9...@rmm6prod02.runbox.com... So I tried to compile with -g and follow your instructions, here is what I get: YR YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iF B 5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI
Re: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
OK then. Thanks for the help on this issue, really appreciate it. BR, George On Sun, 22 Jun 2014 21:44:18 +0100, Markus Moeller hua...@moeller.plus.com wrote: Hi George, You can ignore this. I try to get the group information from the Kerberos token. And if the token is old as you say the Kerberos libraries just return the error you see. I might have to change it as a Warning instead of an ERROR message. Thank you Markus George Billios wrote in message news:53a7286d.3060...@runbox.com... That did the work Markus, thanks. Now it doesn't crash but I still get lots of in the log files negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument It seems to happen if the token is old. Any ideas where this comes from ? Original Message Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth From: Markus Moeller hua...@moeller.plus.com To: squid-users@squid-cache.org Date: 22/06/14 13:35 Hi George, There might be another reason for the crash. Could you first try to replace on line 358 of negotiate_kerberos_pac.cc ad_data = (krb5_data *)xmalloc(sizeof(krb5_data)); with ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data)); Regards Markus Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org... Hi George, I see now the cause. The Kerberos function krb5_free_data does not check for NULL pointer before freeing. Here is a work around replace krb5_free_data with: if (ad_data) { if (ad_data-data) free(ad_data-data); free(ad_data); } /*krb5_free_data(context, ad_data);*/ Regards Markus George Billios wrote in message news:e1wyea5-gq...@rmm6prod02.runbox.com... Here is the output: (gdb) where #0 0x75f911b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x75f93fc0 in *__GI_abort () at abort.c:92 #2 0x75fc75bb in __libc_message (do_abort=value optimized out, fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748 double free or corruption (fasttop), ptr=value optimized out) at malloc.c:6267 #4 0x75fd5b8c in *__GI___libc_free (mem=value optimized out) at malloc.c:3739 #5 0x77939472 in krb5_free_data (context=value optimized out, val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253 #6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 , context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464 #7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at negotiate_kerberos_auth.cc:419 BR, George On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller hua...@moeller.plus.com wrote: Can you type where at the gdb prompt after the crash. It should list the function and location Markus George Billios wrote in message news:e1wxwko-h9...@rmm6prod02.runbox.com... So I tried to compile with -g and follow your instructions, here is what I get: YR YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iF B 5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI