[squid-users] Re: TPROXY surf as client
Eliezer Croitoru-2 wrote On 06/21/2014 06:12 PM, Amos Jeffries wrote: TCP does not permit that. The SYN-ACK will fail. Amos Unless it will come from the proxy server but still it's not recommended and in many cases is even illegal and can be considered as a real series crime and abusive use of IP address. Eliezer Thanks . Please more description . I want to run the script on proxy server . it may use same iptables rules which squid uses for tproxy job . Please guide me . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666446.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 22/06/2014 6:26 p.m., Omid Kosari wrote: Eliezer Croitoru-2 wrote On 06/21/2014 06:12 PM, Amos Jeffries wrote: TCP does not permit that. The SYN-ACK will fail. Amos Unless it will come from the proxy server but still it's not recommended and in many cases is even illegal and can be considered as a real series crime and abusive use of IP address. Eliezer Thanks . Please more description . I want to run the script on proxy server . it may use same iptables rules which squid uses for tproxy job . Please guide me . Omid, What do you hope to achieve with this? Amos
[squid-users] Re: TPROXY surf as client
I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666448.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 22/06/2014 6:55 p.m., Omid Kosari wrote: I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is the wrong tool to be using here. You want to look at hacking and attack tools - that is what you will be doing, and why it is illegal in most cases. Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . Squid is only opening outbound socket, marking it with setsockopt(IP_TRANSPARENT), then using bind() to set the outgoing IP. Everything else is limited by normal TCP/IP and routing operations within the network. Note that Squid specifying the outgoing IP on any particular request is a non-standard use of HTTP. Normal HTTP combines the client requests into persistent connections. Causing a few long-lived TCP connections to servers with a large number of pipelined transactions on each. For testing server capacity against TPROXY input it is suficient to make the server listen on localhost interface and setup a tool like Polygraph to use 127.0.*.* IPs for opening connections (or the fc00::* range in IPv6). Amos
[squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
Hi George,
There might be another reason for the crash. Could you first try to
replace on line 358 of negotiate_kerberos_pac.cc
ad_data = (krb5_data *)xmalloc(sizeof(krb5_data));
with
ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data));
Regards
Markus
Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org...
Hi George,
I see now the cause. The Kerberos function krb5_free_data does not
check for NULL pointer before freeing. Here is a work around replace
krb5_free_data with:
if (ad_data) {
if (ad_data-data)
free(ad_data-data);
free(ad_data);
}
/*krb5_free_data(context, ad_data);*/
Regards
Markus
George Billios wrote in message
news:e1wyea5-gq...@rmm6prod02.runbox.com...
Here is the output:
(gdb) where
#0 0x75f911b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x75f93fc0 in *__GI_abort () at abort.c:92
#2 0x75fc75bb in __libc_message (do_abort=value optimized out,
fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748
double free or corruption (fasttop), ptr=value optimized out)
at malloc.c:6267
#4 0x75fd5b8c in *__GI___libc_free (mem=value optimized out) at
malloc.c:3739
#5 0x77939472 in krb5_free_data (context=value optimized out,
val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253
#6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 ,
context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464
#7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at
negotiate_kerberos_auth.cc:419
BR,
George
On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller
hua...@moeller.plus.com wrote:
Can you type where at the gdb prompt after the crash. It should list the
function and location
Markus
George Billios wrote in message
news:e1wxwko-h9...@rmm6prod02.runbox.com...
So I tried to compile with -g and follow your instructions, here is what I
get:
YR
YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iFB
5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI
E9yLFAjfr2NbgeHMFLNPVTCMqZsT7mtsCO1wCROwiQdozKb+XULZIA3exv1ua9H8914AVdLFpHYK9yMbxO/pNI6W+cJ03mgu/7vIzbq9QDd6hI9bjh7cuzqhr8CLW2XfI9lueqRWv3BjwCbCwB4hUHid5OcamPjXZbrgVyt+msRlwHlBq9Enj8Cc5+7rd/P6ZPmsNzUpzaO2d/3ELPcTepcTQt48EP05khy+wlDzEfcf/Uyau92ojBSOTsXUxW4ecfEKl8uSYUM/s9vmeqG/3ehbkhwDiFmCQcmo2/u4ZMUsSATHDcU4wXwFazButTIBwKAZyKa9tEIgFCZW+M49C0Glpd7SnzGX/9DSk/y+lLYuBmcXBfZidFOiAqlCRcxja3oj+D7vWuXwus4LA5c4/UnOzDS6rEA4L2THms8Ys9Mzzy22/ANuf21klxJpCpY3gk7C+MmheqM4BZ4lDGPuwqBF1N4mvKCnEWl5NJ7pt6XFMWBoIueL1D0gHtOSDM044ca+bUjUTAcfdsbWIne19vrTMDRzTZOISkuAithlwZH/X1UZ6P0hygDeae4hNbB/H2KLyYuatb/XYssWHJwUvls9ixRjq+8KJZevcY6iBpiuISHRTVKO0VJhrwhjp+C8odGb0jdTrx5of5nEh4nQUh6OkjuK9cTnVb0uuBdxemv4JcQZtYXuiH9k9bwGAH4iq0BNo7qibi+WjkbSg4D3Mio0iPlJ8r6h49ChrbEtzJyx4xLZ5lV5AtMhQcKPcEdDpE9tjMQhvnWq6rJLyo8+uZFxr6G+/A
Re: [squid-users] Re: TPROXY surf as client
On 06/22/2014 09:55 AM, Omid Kosari wrote: I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . Squid is not the place for this reasearch. You can look at examples for tproxy codes in tproxy lists or examples from individual users on the internet. Regards, Eliezer
Re: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
That did the work Markus, thanks.
Now it doesn't crash but I still get lots of in the log files
negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument
It seems to happen if the token is old. Any ideas where this comes from ?
Original Message
Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes
negotiate_kerberos_auth
From: Markus Moeller hua...@moeller.plus.com
To: squid-users@squid-cache.org
Date: 22/06/14 13:35
Hi George,
There might be another reason for the crash. Could you first try to
replace on line 358 of negotiate_kerberos_pac.cc
ad_data = (krb5_data *)xmalloc(sizeof(krb5_data));
with
ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data));
Regards
Markus
Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org...
Hi George,
I see now the cause. The Kerberos function krb5_free_data does not
check for NULL pointer before freeing. Here is a work around replace
krb5_free_data with:
if (ad_data) {
if (ad_data-data)
free(ad_data-data);
free(ad_data);
}
/*krb5_free_data(context, ad_data);*/
Regards
Markus
George Billios wrote in message
news:e1wyea5-gq...@rmm6prod02.runbox.com...
Here is the output:
(gdb) where
#0 0x75f911b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x75f93fc0 in *__GI_abort () at abort.c:92
#2 0x75fc75bb in __libc_message (do_abort=value optimized out,
fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748
double free or corruption (fasttop), ptr=value optimized out)
at malloc.c:6267
#4 0x75fd5b8c in *__GI___libc_free (mem=value optimized
out) at
malloc.c:3739
#5 0x77939472 in krb5_free_data (context=value optimized out,
val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253
#6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 ,
context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464
#7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at
negotiate_kerberos_auth.cc:419
BR,
George
On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller
hua...@moeller.plus.com wrote:
Can you type where at the gdb prompt after the crash. It should list the
function and location
Markus
George Billios wrote in message
news:e1wxwko-h9...@rmm6prod02.runbox.com...
So I tried to compile with -g and follow your instructions, here is
what I
get:
YR
YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iFB
5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI
E9yLFAjfr2NbgeHMFLNPVTCMqZsT7mtsCO1wCROwiQdozKb+XULZIA3exv1ua9H8914AVdLFpHYK9yMbxO/pNI6W+cJ03mgu/7vIzbq9QDd6hI9bjh7cuzqhr8CLW2XfI9lueqRWv3BjwCbCwB4hUHid5OcamPjXZbrgVyt+msRlwHlBq9Enj8Cc5+7rd/P6ZPmsNzUpzaO2d/3ELPcTepcTQt48EP05khy+wlDzEfcf/Uyau92ojBSOTsXUxW4ecfEKl8uSYUM/s9vmeqG/3ehbkhwDiFmCQcmo2/u4ZMUsSATHDcU4wXwFazButTIBwKAZyKa9tEIgFCZW+M49C0Glpd7SnzGX/9DSk/y+lLYuBmcXBfZidFOiAqlCRcxja3oj+D7vWuXwus4LA5c4/UnOzDS6rEA4L2THms8Ys9Mzzy22/ANuf21klxJpCpY3gk7C+MmheqM4BZ4lDGPuwqBF1N4mvKCnEWl5NJ7pt6XFMWBoIueL1D0gHtOSDM044ca+bUjUTAcfdsbWIne19vrTMDRzTZOISkuAithlwZH/X1UZ6P0hygDeae4hNbB/H2KLyYuatb/XYssWHJwUvls9ixRjq+8KJZevcY6iBpiuISHRTVKO0VJhrwhjp+C8odGb0jdTrx5of5nEh4nQUh6OkjuK9cTnVb0uuBdxemv4JcQZtYXuiH9k9bwGAH4iq0BNo7qibi+WjkbSg4D3Mio0iPlJ8r6h49ChrbEtzJyx4xLZ5lV5AtMhQcKPcEdDpE9tjMQhvnWq6rJLyo8+uZFxr6G+/A
[squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
Hi George,
You can ignore this. I try to get the group information from the
Kerberos token. And if the token is old as you say the Kerberos libraries
just return the error you see. I might have to change it as a Warning
instead of an ERROR message.
Thank you
Markus
George Billios wrote in message news:53a7286d.3060...@runbox.com...
That did the work Markus, thanks.
Now it doesn't crash but I still get lots of in the log files
negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument
It seems to happen if the token is old. Any ideas where this comes from ?
Original Message
Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes
negotiate_kerberos_auth
From: Markus Moeller hua...@moeller.plus.com
To: squid-users@squid-cache.org
Date: 22/06/14 13:35
Hi George,
There might be another reason for the crash. Could you first try to
replace on line 358 of negotiate_kerberos_pac.cc
ad_data = (krb5_data *)xmalloc(sizeof(krb5_data));
with
ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data));
Regards
Markus
Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org...
Hi George,
I see now the cause. The Kerberos function krb5_free_data does not
check for NULL pointer before freeing. Here is a work around replace
krb5_free_data with:
if (ad_data) {
if (ad_data-data)
free(ad_data-data);
free(ad_data);
}
/*krb5_free_data(context, ad_data);*/
Regards
Markus
George Billios wrote in message
news:e1wyea5-gq...@rmm6prod02.runbox.com...
Here is the output:
(gdb) where
#0 0x75f911b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x75f93fc0 in *__GI_abort () at abort.c:92
#2 0x75fc75bb in __libc_message (do_abort=value optimized out,
fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748
double free or corruption (fasttop), ptr=value optimized out)
at malloc.c:6267
#4 0x75fd5b8c in *__GI___libc_free (mem=value optimized
out) at
malloc.c:3739
#5 0x77939472 in krb5_free_data (context=value optimized out,
val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253
#6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 ,
context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464
#7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at
negotiate_kerberos_auth.cc:419
BR,
George
On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller
hua...@moeller.plus.com wrote:
Can you type where at the gdb prompt after the crash. It should list the
function and location
Markus
George Billios wrote in message
news:e1wxwko-h9...@rmm6prod02.runbox.com...
So I tried to compile with -g and follow your instructions, here is
what I
get:
YR
YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iF
B
5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI
Re: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
OK then.
Thanks for the help on this issue, really appreciate it.
BR,
George
On Sun, 22 Jun 2014 21:44:18 +0100, Markus Moeller hua...@moeller.plus.com
wrote:
Hi George,
You can ignore this. I try to get the group information from the
Kerberos token. And if the token is old as you say the Kerberos libraries
just return the error you see. I might have to change it as a Warning
instead of an ERROR message.
Thank you
Markus
George Billios wrote in message news:53a7286d.3060...@runbox.com...
That did the work Markus, thanks.
Now it doesn't crash but I still get lots of in the log files
negotiate_kerberos_auth: ERROR: krb5_pac_get_buffer: Invalid argument
It seems to happen if the token is old. Any ideas where this comes from ?
Original Message
Subject: [squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes
negotiate_kerberos_auth
From: Markus Moeller hua...@moeller.plus.com
To: squid-users@squid-cache.org
Date: 22/06/14 13:35
Hi George,
There might be another reason for the crash. Could you first try to
replace on line 358 of negotiate_kerberos_pac.cc
ad_data = (krb5_data *)xmalloc(sizeof(krb5_data));
with
ad_data = (krb5_data *)xcalloc(1,sizeof(krb5_data));
Regards
Markus
Markus Moeller wrote in message news:lo4dqj$22m$1...@ger.gmane.org...
Hi George,
I see now the cause. The Kerberos function krb5_free_data does not
check for NULL pointer before freeing. Here is a work around replace
krb5_free_data with:
if (ad_data) {
if (ad_data-data)
free(ad_data-data);
free(ad_data);
}
/*krb5_free_data(context, ad_data);*/
Regards
Markus
George Billios wrote in message
news:e1wyea5-gq...@rmm6prod02.runbox.com...
Here is the output:
(gdb) where
#0 0x75f911b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x75f93fc0 in *__GI_abort () at abort.c:92
#2 0x75fc75bb in __libc_message (do_abort=value optimized out,
fmt=value optimized out) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748
double free or corruption (fasttop), ptr=value optimized out)
at malloc.c:6267
#4 0x75fd5b8c in *__GI___libc_free (mem=value optimized
out) at
malloc.c:3739
#5 0x77939472 in krb5_free_data (context=value optimized out,
val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253
#6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 ,
context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464
#7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at
negotiate_kerberos_auth.cc:419
BR,
George
On Fri, 20 Jun 2014 19:11:27 +0100, Markus Moeller
hua...@moeller.plus.com wrote:
Can you type where at the gdb prompt after the crash. It should list the
function and location
Markus
George Billios wrote in message
news:e1wxwko-h9...@rmm6prod02.runbox.com...
So I tried to compile with -g and follow your instructions, here is
what I
get:
YR
YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iF
B
5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0LzoZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPI
