SquidTL

Problema autenticazione

Bug #757599 reported by Davide Lastri
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SquidTL
New
Medium
Michele "O-Zone" Pinassi

Bug Description

Ciao, stiamo tentando di attivare l'autenticazione aggiungendo questi parametri nello squid.conf :

auth_param basic program /usr/bin/php /usr/lib/squid/squidtl_auth
auth_param basic children 5
auth_param basic realm Proxy LOGIN
auth_param basic credentialsttl 1 minute
acl squidtl-auth proxy_auth REQUIRED
http_access allow squidtl-auth

Alla ripartenza di squid riceviamo questi errori :

[25922] 2011-04-11 16:19:27 NOTICE - SquidTL v0.1.2
[25922] 2011-04-11 16:19:27 DEBUG - Load configuration from /etc/squid/squidtl.xml
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultmode -> CHECK
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultaction -> BLOCK
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultredirecturl -> http://localhost/deny.php
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultuseraction -> PASS
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultuserlevel -> 0
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node defaultusergroup -> 1
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node purgetimeout -> 360
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node urllistpath -> /etc/squid/urllists
[25922] 2011-04-11 16:19:27 DEBUG - COMMON Node xmlrpcserver -> http://localhost/xmlrpc.php
[25922] 2011-04-11 16:19:27 DEBUG - MySQL Node host -> localhost
[25922] 2011-04-11 16:19:27 DEBUG - MySQL Node port -> 3306
[25922] 2011-04-11 16:19:27 DEBUG - MySQL Node db -> squidtl
[25922] 2011-04-11 16:19:27 DEBUG - MySQL Node user -> squidtl
[25922] 2011-04-11 16:19:27 DEBUG - MySQL Node password -> secret
[25922] 2011-04-11 16:19:27 NOTICE - MySQL(localhost:squidtl) connection OK
[25924] 2011-04-11 16:19:27 NOTICE - MySQL(localhost:squidtl) connection OK
[25919] 2011-04-11 16:19:28 FATAL - FEOF on STDIN detected: Squid has gone away ?
[25918] 2011-04-11 16:19:28 FATAL - FEOF on STDIN detected: Squid has gone away ?
[25919] 2011-04-11 16:19:28 FATAL - Shutdown NOW !
[25918] 2011-04-11 16:19:28 FATAL - Shutdown NOW !
[25919] 2011-04-11 16:19:28 FATAL - LOG CLOSE
[25918] 2011-04-11 16:19:28 FATAL - LOG CLOSE
[25923] 2011-04-11 16:19:28 FATAL - FEOF on STDIN detected: Squid has gone away ?
[25923] 2011-04-11 16:19:28 FATAL - Shutdown NOW !
[25923] 2011-04-11 16:19:28 FATAL - LOG CLOSE
[25922] 2011-04-11 16:19:28 FATAL - FEOF on STDIN detected: Squid has gone away ?
[25922] 2011-04-11 16:19:28 FATAL - Shutdown NOW !
[25922] 2011-04-11 16:19:28 FATAL - LOG CLOSE
[25924] 2011-04-11 16:19:28 FATAL - FEOF on STDIN detected: Squid has gone away ?
[25924] 2011-04-11 16:19:28 FATAL - Shutdown NOW !
[25924] 2011-04-11 16:19:28 FATAL - LOG CLOSE

e squid non riesce a inizializzarsi, cadendo dopo pochi secondi....

Questa è il s.o utilizzato : CentOS release 5.3 (Final) 2.6.18-128.1.10.el5 EDT 2009 i686 i686 i386 GNU/Linux

Grazie mille!

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

Salve, questo problema sembra derivare da un segmentation fault nel demone squidtl. Avete compilato da sorgente o preso i binari ?

Grazie, Michele

Changed in squidtl:
importance: Undecided → Medium
assignee: nobody → Michele "O-Zone" Pinassi (o-zone)
Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Buongiorno,

squidtl è stato compilato da sorgente. Queste sono le versioni dei prerequisiti installati sulla macchina :

mysql-5.0.45-7.el5
libxml2-2.6.26-2.1.2.7
pcre-6.6-2.el5_1.7
httpd-2.2.3-22.el5
php-5.1.6-23.2.el5_3
squid-2.6.STABLE21-3.el5
automake-1.9

CentOS release 5.3 (Final) 2.6.18-128.1.10.el5 EDT 2009 i686 i686 i386 GNU/Linux

Grazie, Davide

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote : Re: [Bug 757599] Re: Problema autenticazione

Ciao Davide,

ti consiglierei di provare a scaricare la nuova patch che ho rilasciato
stamani, la 0.2.2, direttamente da launchpad: ci sono diverse correzioni
e magari risolviamo anche il tuo problema.

Puoi eventualmente provare a lanciare squidtl direttamente da riga di
comando:

squidtl -c [file di config] -l [file di log] --verbose

e poi fai un bel

cat [file di log]

e vediamo che succede.

Grazie, Michele

On 13/04/2011 09:52, Davide Lastri wrote:
> Buongiorno,
>
> squidtl è stato compilato da sorgente. Queste sono le versioni dei
> prerequisiti installati sulla macchina :
>
> mysql-5.0.45-7.el5
> libxml2-2.6.26-2.1.2.7
> pcre-6.6-2.el5_1.7
> httpd-2.2.3-22.el5
> php-5.1.6-23.2.el5_3
> squid-2.6.STABLE21-3.el5
> automake-1.9
>
> CentOS release 5.3 (Final) 2.6.18-128.1.10.el5 EDT 2009 i686 i686 i386
> GNU/Linux
>
>
> Grazie, Davide
>

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ciao,

ancora non vedo aggiornato il sito con la nuova patch.. Quando sarà pronta la installo e ti comunico l'esito dei test.

Grazie mille

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

On 13/04/2011 10:25, Davide Lastri wrote:
> Ciao,
>
> ancora non vedo aggiornato il sito con la nuova patch.. Quando sarà
> pronta la installo e ti comunico l'esito dei test.
>
> Grazie mille
>
 Ti allego il pacchetto dei sorgenti.

Michele

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ciao, grazie per la patch innanzitutto!!

Ho ricompilato il package ma ora mi da un errore strano.

[7379] 2011-04-13 10:53:46 FATAL - SQL Error: Access denied for user 'squid'@'localhost' (using password: NO)
[7379] 2011-04-13 10:53:46 FATAL - Cannot connect to DB !
[7383] 2011-04-13 10:53:46 FATAL - LOG START (Verbosity: 1)

Sembra che usi l'utente sql "squid " mentre io ho configurato "squidtl"..

Qualche suggerimento?

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

On 13/04/2011 10:58, Davide Lastri wrote:
> Ciao, grazie per la patch innanzitutto!!
>
> Ho ricompilato il package ma ora mi da un errore strano.
>
> [7379] 2011-04-13 10:53:46 FATAL - SQL Error: Access denied for user 'squid'@'localhost' (using password: NO)
> [7379] 2011-04-13 10:53:46 FATAL - Cannot connect to DB !
> [7383] 2011-04-13 10:53:46 FATAL - LOG START (Verbosity: 1)
>
> Sembra che usi l'utente sql "squid " mentre io ho configurato
> "squidtl"..
>
> Qualche suggerimento?

si, è cambiata la sintassi del config.xml e la sezione "mysql" è
diventata "sql" :-)

Michele

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ok, cambiando la configurazione del .xml l'anomalia precedente è stata sistemata ma continuo ad avere i problemi che avevo all'inizio...

[9272] 2011-04-13 11:35:55 NOTICE - SquidTL v0.2.2
[9272] 2011-04-13 11:35:55 DEBUG - Load configuration from /etc/squid/squidtl.xml
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultmode -> CHECK
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultaction -> BLOCK
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultredirecturl -> http://localhost/deny.php
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultuseraction -> PASS
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultuserlevel -> 0
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultusergroup -> 1
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node purgetimeout -> 360
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node urllistpath -> /etc/squid/urllists
[9272] 2011-04-13 11:35:55 DEBUG - COMMON Node xmlrpcserver -> http://localhost/xmlrpc.php
[9272] 2011-04-13 11:35:55 DEBUG - SQL Node host -> localhost
[9272] 2011-04-13 11:35:55 DEBUG - SQL Node port -> 3306
[9272] 2011-04-13 11:35:55 DEBUG - SQL Node db -> squidtl
[9272] 2011-04-13 11:35:55 DEBUG - SQL Node user -> squidtl
[9272] 2011-04-13 11:35:55 DEBUG - SQL Node password -> secret
[9272] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
[9269] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
[9267] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
[9273] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
[9266] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
[9266] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
[9266] 2011-04-13 11:35:55 FATAL - LOG CLOSE
[9267] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
[9267] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
[9267] 2011-04-13 11:35:55 FATAL - LOG CLOSE
[9273] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
[9269] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
[9269] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
[9269] 2011-04-13 11:35:55 FATAL - LOG CLOSE
[9272] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
[9272] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
[9272] 2011-04-13 11:35:55 FATAL - LOG CLOSE
[9273] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
[9273] 2011-04-13 11:35:55 FATAL - LOG CLOSE

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

Dovresti fare una cosa usando GDB e diagnosticando come mai "crasha"
squidtl.

Hai esperienza nell'uso di GDB ?

Michele

On 13/04/2011 11:39, Davide Lastri wrote:
> Ok, cambiando la configurazione del .xml l'anomalia precedente è stata
> sistemata ma continuo ad avere i problemi che avevo all'inizio...
>
> [9272] 2011-04-13 11:35:55 NOTICE - SquidTL v0.2.2
> [9272] 2011-04-13 11:35:55 DEBUG - Load configuration from /etc/squid/squidtl.xml
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultmode -> CHECK
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultaction -> BLOCK
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultredirecturl -> http://localhost/deny.php
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultuseraction -> PASS
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultuserlevel -> 0
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node defaultusergroup -> 1
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node purgetimeout -> 360
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node urllistpath -> /etc/squid/urllists
> [9272] 2011-04-13 11:35:55 DEBUG - COMMON Node xmlrpcserver -> http://localhost/xmlrpc.php
> [9272] 2011-04-13 11:35:55 DEBUG - SQL Node host -> localhost
> [9272] 2011-04-13 11:35:55 DEBUG - SQL Node port -> 3306
> [9272] 2011-04-13 11:35:55 DEBUG - SQL Node db -> squidtl
> [9272] 2011-04-13 11:35:55 DEBUG - SQL Node user -> squidtl
> [9272] 2011-04-13 11:35:55 DEBUG - SQL Node password -> secret
> [9272] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
> [9269] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
> [9267] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
> [9273] 2011-04-13 11:35:55 NOTICE - SQL(localhost:squidtl) connection OK
> [9266] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
> [9266] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
> [9266] 2011-04-13 11:35:55 FATAL - LOG CLOSE
> [9267] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
> [9267] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
> [9267] 2011-04-13 11:35:55 FATAL - LOG CLOSE
> [9273] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
> [9269] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
> [9269] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
> [9269] 2011-04-13 11:35:55 FATAL - LOG CLOSE
> [9272] 2011-04-13 11:35:55 FATAL - FEOF on STDIN detected: Squid has gone away ?
> [9272] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
> [9272] 2011-04-13 11:35:55 FATAL - LOG CLOSE
> [9273] 2011-04-13 11:35:55 FATAL - Shutdown NOW !
> [9273] 2011-04-13 11:35:55 FATAL - LOG CLOSE
>

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Purtroppo non abbastanza da capirlo...

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

On 13/04/2011 15:07, Davide Lastri wrote:
> Purtroppo non abbastanza da capirlo...
>

Guarda se riesci a seguire come ho fatto io:

o-zone@moloch:~/C/squidtl/src$ gdb squidtl

ed al prompt scrivi "run":

(gdb) run

mi fai un copia incolla della risposta e me lo mandi, ok ?

Grazie 1000 ! Michele

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ecco la risposta che ottengo :

NU gdb Fedora (6.8-27.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
(gdb) run
Starting program: /insta/squidtl/src/squidtl
I/O warning : failed to load external entity "/etc/squidtl/config.xml"

Program received signal SIGSEGV, Segmentation fault.
0x001c95c9 in mysql_real_connect () from /usr/lib/mysql/libmysqlclient.so.15
(gdb)

Grazie mille di tutto

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ciao,
tieni presente che il file /etc/squidtl/config.xml non esiste, io ho creato il file squidtl.xml sotto /etc/squid.

Inoltre, il problema nasce quando tento di configurare l'autenticazione tramite :

auth_param basic program /usr/bin/php /usr/lib/squid/squidtl_auth
auth_param basic children 5
auth_param basic realm Proxy LOGIN
auth_param basic credentialsttl 1 minute
acl squidtl-auth proxy_auth REQUIRED
http_access allow squidtl-auth

Senza questi parametri il proxy lavora correttamente (filtering tramite IP e non tramite utente)

Grazie mille

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

On 19/04/2011 13:14, Davide Lastri wrote:
> Ciao,
> tieni presente che il file /etc/squidtl/config.xml non esiste, io ho creato il file squidtl.xml sotto /etc/squid.

Mmmmm..hai cambiato il path anche in squidtl_auth ?

> Inoltre, il problema nasce quando tento di configurare l'autenticazione
> tramite :
>
> auth_param basic program /usr/bin/php /usr/lib/squid/squidtl_auth
> auth_param basic children 5
> auth_param basic realm Proxy LOGIN
> auth_param basic credentialsttl 1 minute
> acl squidtl-auth proxy_auth REQUIRED
> http_access allow squidtl-auth
>
> Senza questi parametri il proxy lavora correttamente (filtering tramite
> IP e non tramite utente)

Appunto, prova a controllare squidtl_auth e cambiare il path del file di
configurazione !

> Grazie mille

Figurati, Michele

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Ciao,
squidtl_auth l'ho messo sotto /usr/lib/squid/squidtl_auth, ma all'interno di questo file non trovo nessun path riferito al config.xml

Ecco il file:
<?php

include_once('/var/www/html/SquidTL/common.inc.php');

if (! defined(STDIN)) {
        define("STDIN", fopen("php://stdin", "r"));
}
while (!feof(STDIN)) {
    $line = trim(fgets(STDIN));
    $fields = explode(' ', $line);
    $username = rawurldecode($fields[0]);
    $password = rawurldecode($fields[1]);

    $db = OpenDB();

    $result = mysql_query("SELECT Username,Context,Type FROM DB_Users WHERE Username='$username' AND Password=PASSWORD('$password');");
    if($result === false) {
 fwrite(STDOUT, "ERR\n");
 exit(1);
    }
    if(mysql_num_rows($result) > 0) {
        $row = mysql_fetch_array($result,MYSQL_ASSOC);
        $Username = stripslashes($row["Username"]);
        $Context = stripslashes($row["Context"]);
 mysql_query("UPDATE DB_Users SET LastLogin=NOW() WHERE Username='$Username';");
 fwrite(STDOUT, "OK\n");
    } else {
 fwrite(STDOUT, "ERR\n");
    }
}

?>

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

Ciao Davide,

l'include_once('/var/www/html/SquidTL/common.inc.php'); punta al path
corretto ?

Grazie, Michele

On 19/04/2011 16:23, Davide Lastri wrote:
> Ciao,
> squidtl_auth l'ho messo sotto /usr/lib/squid/squidtl_auth, ma all'interno di questo file non trovo nessun path riferito al config.xml
>
> Ecco il file:
> <?php
>
> include_once('/var/www/html/SquidTL/common.inc.php');
>
> if (! defined(STDIN)) {
> define("STDIN", fopen("php://stdin", "r"));
> }
> while (!feof(STDIN)) {
> $line = trim(fgets(STDIN));
> $fields = explode(' ', $line);
> $username = rawurldecode($fields[0]);
> $password = rawurldecode($fields[1]);
>
> $db = OpenDB();
>
> $result = mysql_query("SELECT Username,Context,Type FROM DB_Users WHERE Username='$username' AND Password=PASSWORD('$password');");
> if($result === false) {
> fwrite(STDOUT, "ERR\n");
> exit(1);
> }
> if(mysql_num_rows($result) > 0) {
> $row = mysql_fetch_array($result,MYSQL_ASSOC);
> $Username = stripslashes($row["Username"]);
> $Context = stripslashes($row["Context"]);
> mysql_query("UPDATE DB_Users SET LastLogin=NOW() WHERE Username='$Username';");
> fwrite(STDOUT, "OK\n");
> } else {
> fwrite(STDOUT, "ERR\n");
> }
> }
>
> ?>
>

--
O-Zone ! No (C) since 1996
On the road with VFR VTec 2002 "Vuffy", on the net with Linux Slackware.
Home+BLOG @ http://www.zerozone.it - Travels @ http://www.openitaly.net

Revision history for this message
Davide Lastri (ufficio-sistemi-unix) wrote :

Si, il path è corretto e il contenuto della directory /var/www/html/SquidTL/ è quello che si trova nal package sotto www.

L'unica modifica che ho fatto è nel file config.inc.php dove ho messo :
<?php

# MySQL Database configuration
$CFG["dbHost"] = "localhost";
$CFG["dbName"] = "squidtl";
$CFG["dbUser"] = "squidtl";
$CFG["dbPwd"] = "secret";

$CFG["xmlRpcServer"] = "http://localhost/SquidTL/xmlrpc.php";

?>

Revision history for this message
Michele "O-Zone" Pinassi (o-zone) wrote :

Ciao Davide,
non ho più avuto notizie: risolto il problema ?

Michele

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.