[squid-users] Configure error with enable-ecap
I've been trying to build squid 3.2.0.14 on CentOS with eCAP enabled. I've built and installed libecap, and verified that the libraries are installed, but I get this error when configuring squid: snip checking for EXT_LIBECAP... no configure: error: Package requirements (libecap 0.2 libecap 0.3) were not met: No package 'libecap' found No package 'libecap' found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables EXT_LIBECAP_CFLAGS and EXT_LIBECAP_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. /snip I've actually put the libraries in both /usr/lib and /usr/local/lib, to no avail. I've also tried 3.2.0.12 and I get the same error. Any thoughts as to why I get this? Thanks, Matt
Re: [squid-users] Building on Mac OSX
I tracked the auth linker error to the usage of the CBDATA_CLASS2 macro in src/auth/State.h. The usage seems the same as in other places, but when this is disabled the code links correctly. It looks like the basic auth might work without it, so for my limited development purposes maybe its OK. I don't know why the eui parts won't link still, there doesn't seem to be the same macro in use there. I filed a bug report on the CMSG_SPACE problem, and I'm happy to file others... but I'm not sure about the problem behind having to add the config.h includes and the linker error, maybe it is something specific to my environment. Matt From: Matt Cochran matt.coch...@yahoo.com To: Squid squid-users@squid-cache.org Sent: Sunday, October 9, 2011 7:59 AM Subject: Re: [squid-users] Building on Mac OSX I got it to build on Mac OS - but I would get compile errors from a straight, no options ./configure. I can get past the compile errors with some simple changes, but I also get some linking errors unless I use --disable-eui --disable-auth. Unfortunately I need the auth option! Can someone help me out with resolving the problems with TypedMsgHeader.h and the linker errors below? Address.h - added #includesys/types.h fatal.h, splay.h, util.h and SquidNew.h (although I'm not sure why it helped this last one) - added #includeconfig.h so that SQUIDCEXTERN was available In TypedMsgHeader.h, I get an array bound is not an integer constant for the struct definition here. To get past it I just set the array size to an arbitrary value, as I'm not sure why it doesn't work. Obviously that is not a fix... structCtrlBuffer{ charraw[CMSG_SPACE(sizeof(int))]; /// control buffer space for one fd } I also noticed that in adaptation/ecap/XactionRep.cc there is a conflict if you use --enable-ecap and --disable-auth, the class is using a property on the HttpRequest object that is not defined if auth is disabled, which is probably a rare case anyway. It would need to have something like: const libecap::Area Adaptation::Ecap::XactionRep::usernameValue() const { const HttpRequest *request = dynamic_castconst HttpRequest*(theCauseRep ? theCauseRep-raw().header : theVirginRep.raw().header); Must(request); #if USE_AUTH if (request-auth_user_request != NULL) { if (char const *name = request-auth_user_request-username()) return libecap::Area::FromTempBuffer(name, strlen(name)); } #endif return libecap::Area(); } So if I leave eui and auth enabled, I get the following linker error. I can live without eui, but I really need the auth part to work, and it's just that last entry for (Auth::StateData::CBDATA_StateData): Undefined symbols for architecture x86_64: Eui::Eui48::lookup(Ip::Address const), referenced from: connStateCreate(RefCountComm::Connection const, http_port_list*) in client_side.o ACLARP::match(ACLChecklist*) in libacls.a(Arp.o) Eui::Eui64::lookup(Ip::Address const), referenced from: connStateCreate(RefCountComm::Connection const, http_port_list*) in client_side.o ACLEui64::match(ACLChecklist*) in libacls.a(Eui64.o) Eui::Eui48::encode(char*, int), referenced from: makeExternalAclKey(ACLFilledChecklist*, _external_acl_data*) in external_acl.o aclDumpArpListWalkee(Eui::Eui48* const, void*)in libacls.a(Arp.o) Format::Format::assemble(MemBuf, AccessLogEntry*, int) constin libformat.a(Format.o) Eui::Eui64::encode(char*, int), referenced from: makeExternalAclKey(ACLFilledChecklist*, _external_acl_data*) in external_acl.o aclDumpEuiListWalkee(Eui::Eui64* const, void*)in libacls.a(Eui64.o) libtool: link: rm -f .libs/squidS.o Format::Format::assemble(MemBuf, AccessLogEntry*, int) constin libformat.a(Format.o) Eui::Eui48::decode(char const*), referenced from: aclParseArpData(char const*)in libacls.a(Arp.o) Eui::Eui64::decode(char const*), referenced from: aclParseEuiData(char const*)in libacls.a(Eui64.o) Auth::StateData::CBDATA_StateData, referenced from: AuthBasicUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt3-UserRequest.o) AuthNTLMUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt6-UserRequest.o) AuthNegotiateUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt9-UserRequest.o) AuthDigestUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt12-UserRequest.o) ld: symbol(s) not found for architecture x86_64 Any suggestions? I'm not sure how the linker isn't finding a 64bit library for these things, since I'm just building with the defaults. Matt From: Matt Cochran matt.coch...@yahoo.com To: Squid squid-users@squid-cache.org Sent: Thursday, October 6, 2011 6:10 AM Subject: Re: [squid-users] Building on Mac OSX Unfortunately, I'm trying
Re: [squid-users] Building on Mac OSX
I got it to build on Mac OS - but I would get compile errors from a straight, no options ./configure. I can get past the compile errors with some simple changes, but I also get some linking errors unless I use --disable-eui --disable-auth. Unfortunately I need the auth option! Can someone help me out with resolving the problems with TypedMsgHeader.h and the linker errors below? Address.h - added #includesys/types.h fatal.h, splay.h, util.h and SquidNew.h (although I'm not sure why it helped this last one) - added #includeconfig.h so that SQUIDCEXTERN was available In TypedMsgHeader.h, I get an array bound is not an integer constant for the struct definition here. To get past it I just set the array size to an arbitrary value, as I'm not sure why it doesn't work. Obviously that is not a fix... structCtrlBuffer{ charraw[CMSG_SPACE(sizeof(int))]; /// control buffer space for one fd } I also noticed that in adaptation/ecap/XactionRep.cc there is a conflict if you use --enable-ecap and --disable-auth, the class is using a property on the HttpRequest object that is not defined if auth is disabled, which is probably a rare case anyway. It would need to have something like: const libecap::Area Adaptation::Ecap::XactionRep::usernameValue() const { const HttpRequest *request = dynamic_castconst HttpRequest*(theCauseRep ? theCauseRep-raw().header : theVirginRep.raw().header); Must(request); #if USE_AUTH if (request-auth_user_request != NULL) { if (char const *name = request-auth_user_request-username()) return libecap::Area::FromTempBuffer(name, strlen(name)); } #endif return libecap::Area(); } So if I leave eui and auth enabled, I get the following linker error. I can live without eui, but I really need the auth part to work, and it's just that last entry for (Auth::StateData::CBDATA_StateData): Undefined symbols for architecture x86_64: Eui::Eui48::lookup(Ip::Address const), referenced from: connStateCreate(RefCountComm::Connection const, http_port_list*) in client_side.o ACLARP::match(ACLChecklist*) in libacls.a(Arp.o) Eui::Eui64::lookup(Ip::Address const), referenced from: connStateCreate(RefCountComm::Connection const, http_port_list*) in client_side.o ACLEui64::match(ACLChecklist*) in libacls.a(Eui64.o) Eui::Eui48::encode(char*, int), referenced from: makeExternalAclKey(ACLFilledChecklist*, _external_acl_data*) in external_acl.o aclDumpArpListWalkee(Eui::Eui48* const, void*)in libacls.a(Arp.o) Format::Format::assemble(MemBuf, AccessLogEntry*, int) constin libformat.a(Format.o) Eui::Eui64::encode(char*, int), referenced from: makeExternalAclKey(ACLFilledChecklist*, _external_acl_data*) in external_acl.o aclDumpEuiListWalkee(Eui::Eui64* const, void*)in libacls.a(Eui64.o) libtool: link: rm -f .libs/squidS.o Format::Format::assemble(MemBuf, AccessLogEntry*, int) constin libformat.a(Format.o) Eui::Eui48::decode(char const*), referenced from: aclParseArpData(char const*)in libacls.a(Arp.o) Eui::Eui64::decode(char const*), referenced from: aclParseEuiData(char const*)in libacls.a(Eui64.o) Auth::StateData::CBDATA_StateData, referenced from: AuthBasicUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt3-UserRequest.o) AuthNTLMUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt6-UserRequest.o) AuthNegotiateUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt9-UserRequest.o) AuthDigestUserRequest::module_start(void (*)(void*, char*), void*)in libauth.a(lt12-UserRequest.o) ld: symbol(s) not found for architecture x86_64 Any suggestions? I'm not sure how the linker isn't finding a 64bit library for these things, since I'm just building with the defaults. Matt From: Matt Cochran matt.coch...@yahoo.com To: Squid squid-users@squid-cache.org Sent: Thursday, October 6, 2011 6:10 AM Subject: Re: [squid-users] Building on Mac OSX Unfortunately, I'm trying to work with libecap, and need the 3.2 version to build on the Mac. It seems like the configure step is not identifying the correct headers in a few cases, where is a good place to start troubleshooting this? It looks like the config pieces changed dramatically between 3.1 and 3.2. Matt From: jeffrey j donovan dono...@beth.k12.pa.us To: Matt Cochran matt.coch...@yahoo.com Cc: Squid squid-users@squid-cache.org Sent: Sunday, September 25, 2011 5:02 PM Subject: Re: [squid-users] Building on Mac OSX I had the same problem, Im still running 3.1.x it compiles just fine. -j On Sep 24, 2011, at 4:51 PM, Matt Cochran wrote: I've been trying to build squid 3.2 on OSX, and I'm getting a lot of errors, does anyone know of a guide for this? I'm seeing things like: libtool: compile: g
Re: [squid-users] Building on Mac OSX
Unfortunately, I'm trying to work with libecap, and need the 3.2 version to build on the Mac. It seems like the configure step is not identifying the correct headers in a few cases, where is a good place to start troubleshooting this? It looks like the config pieces changed dramatically between 3.1 and 3.2. Matt From: jeffrey j donovan dono...@beth.k12.pa.us To: Matt Cochran matt.coch...@yahoo.com Cc: Squid squid-users@squid-cache.org Sent: Sunday, September 25, 2011 5:02 PM Subject: Re: [squid-users] Building on Mac OSX I had the same problem, Im still running 3.1.x it compiles just fine. -j On Sep 24, 2011, at 4:51 PM, Matt Cochran wrote: I've been trying to build squid 3.2 on OSX, and I'm getting a lot of errors, does anyone know of a guide for this? I'm seeing things like: libtool: compile: g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Config.lo -MD -MP -MF .deps/Config.Tpo -c Config.cc -fno-common -DPIC -o .libs/Config.o In file included from ../../src/protos.h:35, from Config.cc:3: ../../src/Packer.h:46: error: 'va_list' has not been declared If I add an include for cstdarg, and remove the SQUIDCEXTERN macro in Packer.h, I get a bit farther, but things like Address.h start to break because it doesn't seem to set the defines for HAVE_NETINET_IN_H. If I force that to 1 I get a bit farther, but there's more problems past that. Anyone have an idea? Matt
[squid-users] Building on Mac OSX
I've been trying to build squid 3.2 on OSX, and I'm getting a lot of errors, does anyone know of a guide for this? I'm seeing things like: libtool: compile: g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include -I../../libltdl -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT -g -O2 -MT Config.lo -MD -MP -MF .deps/Config.Tpo -c Config.cc -fno-common -DPIC -o .libs/Config.o In file included from ../../src/protos.h:35, from Config.cc:3: ../../src/Packer.h:46: error: 'va_list' has not been declared If I add an include for cstdarg, and remove the SQUIDCEXTERN macro in Packer.h, I get a bit farther, but things like Address.h start to break because it doesn't seem to set the defines for HAVE_NETINET_IN_H. If I force that to 1 I get a bit farther, but there's more problems past that. Anyone have an idea? Matt
Re: [squid-users] Session Tracking
Thanks, Amos. I'm trying to apply different rules to different users coming from behind a firewall, i.e. so that the kids can go to only their sites and the adults to anywhere. I'd like to make it such that authentication can be handled by my own UI, and that authenticating one user doesn't change the permissions for another. I was looking at the session auth handler example in 3.2 and noted that it appeared to be using IP addresses to track users. I'm just thinking through scenarios right now, so if I'm making a problem out of nothing please feel free to set me straight. Matt - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Thursday, September 15, 2011 6:06 AM Subject: Re: [squid-users] Session Tracking On 15/09/11 15:33, Matt Cochran wrote: I'd like to be able to 'lightly' authenticate my users with an external login process/web application, I say lightly because security isn't as important as distinguishing between users coming from the same NAT'd IP address. Is there either a way to set a session ID that can be read from the Squid process, or is there a better way to distinguish between users like this? With great difficulty. You can write (find?) an external ACL helper to accept the Cookie header and process it for a session ID and present that back to Squid as a user= or tag= key value. Why does the NAT'd IP address matter that much? relying on cookies will still fail if the user does not want you to get any cookies from them, or if they are fetching cached content from Squid. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11
[squid-users] Session Tracking
I'd like to be able to 'lightly' authenticate my users with an external login process/web application, I say lightly because security isn't as important as distinguishing between users coming from the same NAT'd IP address. Is there either a way to set a session ID that can be read from the Squid process, or is there a better way to distinguish between users like this? Thanks, Matt
[squid-users] Authentication Prompts
I've been trying to model two different kinds of users in ACLs, where the kids are authenticated by one account, and the adults another. The kids are allowed to go only to a whitelist of websites, but I'd like the adults to be able to override this behavior for a while if they enter their credentials. I was also trying to wire this into a db-auth environment so I can alter the accounts from my desktop. Following the guide at http://wiki.squid-cache.org/Features/Authentication#How_do_I_ask_for_authentication_of_an_already_authenticated_user.3F, I can keep the kids restricted to a site but the parents get stuck in an authentication loop or just denied access. Here's my config - can anyone help me figure this out? auth_param basic program /usr/lib64/squid/squid_db_auth --user squid --password squidward --plaintext --persist auth_param basic children 5 auth_param basic realm Web-Proxy auth_param basic credentialsttl 20 minute auth_param basic casesensitive off acl kids_sites dstdomain /etc/squid/kids_sites.txt acl parents proxy_auth sigmondMom acl db-auth proxy_auth REQUIRED http_access allow db-auth kids_sites http_access deny !parents all http_access allow db-auth # And finally deny all other access to this proxy http_access deny all