Re: [squid-users] Question about authenticateNegotiateHandleReply

From: Markus Moeller <huaraz@dont-contact.us>
Date: Wed, 9 May 2007 00:29:12 +0100

I forgot to say I use version 2.6.STABLE6 on OpenSuse 10.2.

/usr/sbin/squid -v
Squid Cache: Version 2.6.STABLE6
configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var'
'--libexecdir=/usr/sbin' '--datadir=/usr/share/squid'
'--mandir=/usr/share/man' '--with-dl' '--with-maxfd=4096'
'--with-valgrind-debug' '--enable-snmp' '--enable-carp' '--enable-auth=basic
digest negotiate ntlm' '--enable-basic-auth-helpers=LDAP MSNT NCSA PAM SMB
YP getpwnam multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB fakeauth
no_check' '--enable-digest-auth-helpers=ldap password'
'--enable-external-acl-helpers=ip_user ldap_group session unix_group
wbinfo_group' '--enable-ntlm-fail-open' '--enable-arp-acl' '--enable-htcp'
'--enable-underscores' '--enable-stacktraces' '--enable-delay-pools'
'--enable-useragent-log' '--enable-referer-log' '--enable-forward-log'
'--enable-multicast-miss' '--enable-ssl' '--enable-cache-digests'
'--enable-auth-on-acceleration' '--enable-storeio=aufs,coss,diskd,null,ufs'
'--enable-linux-netfilter' '--enable-removal-policies=heap,lru'
'--enable-icmp' '--with-samba-sources=/usr/include/samba'
'--enable-large-cache-files' '--enable-x-accelerator-vary'
'--enable-follow-x-forwarded-for'
'CFLAGS=-O2 -march=i586 -mtune=i686 -fmessage-length=0 -Wall -D_FORTIFY_SOURCE=2
 -g -fPIE -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS=-pie'

Markus

"Markus Moeller" <huaraz@moeller.plus.com> wrote in message
news:f1r04q$bn1$1@sea.gmane.org...
>I have written a helper program for the negotiate protocol (only the
>Kerberos part of it). I can get it to determine the correct userid but
> somehow the reply doesn't get back to squid. I don't get any debug from
> authenticateNegotiateHandleReply. What triggers
> authenticateNegotiateHandleReply to read the output of the helper program
> ?
>
> I set the following debug options in squid.conf
>
> debug_options 29,9
> debug_options 84,9
>
> Which gives me the following output in the cache log:
>
> 2007/05/08 23:24:38| helperStatefulOpenServers: Starting 1
> 'squid_kerb_auth'
> processes
> 2007/05/08 23:24:38| StatefulGetFirstAvailable: Running servers 1.
> 2007/05/08 23:26:59| helperStatefulGetServer: Running servers 1.
> 2007/05/08 23:26:59| StatefulGetFirstAvailable: Running servers 1.
> 2007/05/08 23:26:59| helperStatefulGetServer: Returning 0x80287210
> 2007/05/08 23:26:59| helperStatefulSubmit: server 0x80287210, buf 'YR
> YIIFfQYGKwYBBQUCoIIFcTCCBW2gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBUMEggU/YIIFOwYJKoZIhvcSAQICAQBuggUqMIIFJqADAgEFoQMCAQ6iBwMFACAAAACjggRLYYIERzCCBEOgAwIBBaESGxBXSU5ET1dTMjAwMy5IT01FoiUwI6ADAgECoRwwGhsESFRUUBsSb3BlbnN1c2Uuc3VzZS5ob21lo4ID/zCCA/ugAwIBF6EDAgECooID7QSCA+k6DuAjia9z5prTrLBCV4ToNumCnHMw2aqwJo9TM65q5aQPy+UtaqxhUO+VF9PKC4Qzq1ZHPVaUTT2DuZoS1iCUtCXXEDTGIrp8BIh1DJDNFFigmcoeETWjP2vUbQivBLUUZZFJnOJcVofa8p6HbjLAwgOONKMOMnrCyCSBfAcPE2WRVPYP9lwdS/tdVjFVMnEzL1n77o1uLs+eQm0t/S/4EmXTUUlcNRy3WykqCvu6Z74WdDhWL1flh8R3IRgx1CpJ9efb2m7xTtUwX9mR5fPf98sWfCEeMIZLGsWhyIPe5BiBqw13GULFQ5cW1hIJPMBjF/1ubRf2J9J7oSmW5oLTvLF3YKsuaO9fmu+Xfltp6FSWS9eFHOoaDfKWyQqI0BSbSCXTZ1XfwvP+JidN+yv3kFuqNEhd1XALip0z/NbwGtXBIea1LFk6zctgl4BjaSMFiwMNh1Y2MXY36uQtZan+eLf0WQoDooVObRGO5JlzDQDudKRNZwgRS1FtTV53sJpBa6cZ8D+ZxjgdntWVH6N0iYgNIXZKiGLT5ccnUCdR4Z6fNPvFRmqzIfLUO3+R6dd3Lg2W8dTenJ87uid/cy2I/tyBOZANJHVwvt3p4FSu
> RxptiArkbQfNeL3o7RYOJzSbe/cLO9NcgoB/poEv8kZzTlb4jJFvR7umwEmmvC9JQJnTMXkxDzdGgAmOylqzfjlSW7LRVcEky0DSYUgLzjBLwwWo1nErakhvGPXfmmm+ZaSeXf1LRiDe+F9phPqiZMlZBLZU8yX8QZxETL887xf4Tv++S5MMvVKTp0cn1Y6lOUlwuRyYNbOjRsoEJrndCoRNGSSp4CwlxdUY08QKs0rDekRsHE3HoMoFUhTZuuwr6iorewwKscp1sk6fIa8kMAEg5IxKGXEswfVq8skRr2WsTg0FXf/pWvfabHJHhsfBAXPNVL/0tb3Pz7wcC2o52kRk9IyzrOdia4TdPsPYELLYBMBNQRl979c03Hy0WTM/iP6kV9Y2D6yORvY4nNv3wh6WenxK7LXPCJaP+da3pzFqOzGYKNovk2sKgfAhTdeIf2iKhDnO1WBvIWTM/zO8IG0WVg3/XnKsD3DqsiIzva4yi38zqhdD1GIfzPCoqWc7srIBna7GoxwGrGuQU+FM/katXU9OPTXt5MBRg6L2q9Fhe3kLveXGJGCLzdTXhdZB1gQ9+D9nDHZ8Qfu8ij3C/eG5inpEUMoMAePisY+PACqeiacgfHt3WV3CsnU9peoIxAOyD/RKYyh4GUsxZfesWxJvw5atmS5cdn2eXy1ES+OhAu7dzZMPZaZuqRJRrU2g8tYFWWbRUTwQ7KSBwTCBvqADAgEXooG2BIGzdPcb2pDNpScc/1hy4NRJb1osg1hwKz/kPOvjuLF7AggQYKt3cAKWQS/7eeAiQqHu1pLO6PQ50BGIgip4gGFMOBRW3ZM9/lKKo2/3zHCm9SiHsr7aOd5J7iMZI7fhtVqrKpgznCbpMoMc6c5+lt/KbqCZAT3vWz
> h46cAtdrl+lDwu5Hq5RDuKpBo1soM+1WQ0++yHuVxqFUeGm09WIWRjyKDM3nfTiSe24wxMo9iThkAfOAE=
> '.
> 2007/05/08 23:26:59| helperStatefulDispatch busying helper
> negotiateauthenticator #1
> 2007/05/08 23:26:59| helperStatefulDispatch: Request sent to
> negotiateauthenticator #1, 1884 bytes
>
> HERE I WOULD EXPECT SOME DEBUG OUTPUT FROM
> authenticateNegotiateHandleReply
> BUT NOTHING COMES.
>
> and in syslog:
>
> May 8 23:26:59 OpenSuse (squid_kerb_auth): Got 'YR
> YIIFfQYGKwYBBQUCoIIFcTCCBW2gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBUMEggU/YIIFOwYJKoZIhvcSAQICAQBuggUqMIIFJqADAgEFoQMCAQ6iBwMFACAAAACjggRLYYIERzCCBEOgAwIBBaESGxBXSU5ET1dTMjAwMy5IT01FoiUwI6ADAgECoRwwGhsESFRUUBsSb3BlbnN1c2Uuc3VzZS5ob21lo4ID/zCCA/ugAwIBF6EDAgECooID7QSCA+k6DuAjia9z5prTrLBCV4ToNumCnHMw2aqwJo9TM65q5aQPy+UtaqxhUO+VF9PKC4Qzq1ZHPVaUTT2DuZoS1iCUtCXXEDTGIrp8BIh1DJDNFFigmcoeETWjP2vUbQivBLUUZZFJnOJcVofa8p6HbjLAwgOONKMOMnrCyCSBfAcPE2WRVPYP9lwdS/tdVjFVMnEzL1n77o1uLs+eQm0t/S/4EmXTUUlcNRy3WykqCvu6Z74WdDhWL1flh8R3IRgx1CpJ9efb2m7xTtUwX9mR5fPf98sWfCEeMIZLGsWhyIPe5BiBqw13GULFQ5cW1hIJPMBjF/1ubRf2J9J7oSmW5oLTvLF3YKsuaO9fmu+Xfltp6FSWS9eFHOoaDfKWyQqI0BSbSCXTZ1XfwvP+JidN+yv3kFuqNEhd1XALip0z/NbwGtXBIea1LFk6zctgl4BjaSMFiwMNh1Y2MXY36uQtZan+eLf0WQoDooVObRGO5JlzDQDudKRNZwgRS1FtTV53sJpBa6cZ8D+ZxjgdntWVH6N0iYgNIXZKiGLT5ccnUCdR4Z6fNPvFRmqzIfLUO3+R6dd3Lg2W8dTenJ87uid/cy2I/tyBOZANJHVwvt3p4FSu
> RxptiArkbQfNeL3o7RYOJzSbe/cLO9NcgoB/poEv8kZzTlb4jJFvR7umwEmmvC9JQJnTMXkxDzdGgAmOylqzfjlSW7LRVcEky0DSYUgLzjBLwwWo1nErakhvGPXfmmm+ZaSeXf1LRiDe+F9phPqiZMlZBLZU8yX8QZxETL887xf4Tv++S5MMvVKTp0cn1Y6lOUlwuRyYNbOjRsoEJrndCoRNGSSp4CwlxdUY08QKs0rDekRsHE3HoMoFUhTZuuwr6iorewwKscp1sk6fIa8kMAEg5IxKGXEswfVq8skRr2WsTg0FXf/pWvfabHJHhsfBAXPNVL/0tb3Pz7wcC2o52kRk9IyzrOdia4TdPsPYELLYBMBNQRl979c03Hy0WTM/iP6kV9Y2D6yORvY4nNv3wh6WenxK7LXPCJaP+da3pzFqOzGYKNovk2sKgfAhTdeIf2iKhDnO1WBvIWTM/zO8IG0WVg3/XnKsD3DqsiIzva4yi38zqhdD1GIfzPCoqWc7srIBna7GoxwGrGuQU+FM/katXU9OPTXt5MBRg6L2q9Fhe3kLveXGJGCLzdTXhdZB1gQ9+D9nDHZ8Qfu8ij3C/eG5inpEUMoMAePisY+PACqeiacgfHt3WV3CsnU9peoIxAOyD/RKYyh4GUsxZfesWxJvw5atmS5cdn2eXy1ES+OhAu7dzZMPZaZuqRJRrU2g8tYFWWbRUTwQ7KSBwTCBvqADAgEXooG2BIGzdPcb2pDNpScc/1hy4NRJb1osg1hwKz/kPOvjuLF7AggQYKt3cAKWQS/7eeAiQqHu1pLO6PQ50BGIgip4gGFMOBRW3ZM9/lKKo2/3zHCm9SiHsr7aOd5J7iMZI7fhtVqrKpgznCbpMoMc6c5+lt/KbqCZAT3vWz
> h46cAtdrl+lDwu5Hq5RDuKpBo1soM+1WQ0++yHuVxqFUeGm09WIWRjyKDM3nfTiSe24wxMo9iThkAfOAE='
> from squid (length: 1883).
> May 8 23:26:59 OpenSuse (squid_kerb_auth): AF
> dYqAAIrqgAAAAAB1AAAAAAQABAAAAAAA1YpAAIqKAIoEAAAABAAEAAAAAAAAAAAAAACAAAAAAHUAAAAA1QAAAIAAAAAA1QAAAAAAAAAA6gCABAAABLcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsAAAAAIsAAAAAAAAIgAAAAAC3AAAAsAAAQAAAAAAABgC3AAAAAAAAAAAAAAAAAAAA3A==
> markus-a@WINDOWS2003.HOME
>
>
> Also a second request will be queued ( I run only 1 helper child)
>
> Has anybody an idea how to debug this ?
>
> Thank you.
>
>
> "Henrik Nordstrom" <henrik@henriknordstrom.net> wrote in message
> news:1178576725.17724.6.camel@henriknordstrom.net...
>
>
>
Received on Tue May 08 2007 - 17:30:23 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:08 MDT