[squid-dev] [PATCH] Kerberos improvements

Amos Jeffries squid3 at treenet.co.nz
Wed Oct 29 04:51:12 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 27/10/2014 1:07 a.m., Markus Moeller wrote:
> Hi
> 
> I have found some minor issues with my patch and here is an
> updated version.
> 
> Regards Markus
> 
> 
> "Markus Moeller"  wrote in message
> news:m14gl4$er3$1 at ger.gmane.org...
> 
> Somehow the message didn't get completely through. Here it is
> again
> 
> I have some further improvements for the Kerberos helpers. This
> includes
> 
> 1) Option -n for kerberos_ldap_group.   This disables the
> automated Kerberos authentication(SASL/GSSAPI) to AD and requires
> username/password (SASL/SIMPLE) instead. 2) Improvements in caching
> Kerberos credentials for setup with low SQUID cache TTL. 3) Output
> group= if negotiate_kerberos_auth can retrieve AD groups from 
> Kerberos ticket for further processing by squid to external helpers
> ( ones the helper code supports transfer of the kv pairs as
> documented here http://wiki.squid-cache.org/Features/AddonHelpers
> )
> 
> 
> Please review.  As always I appreciate feedback.
> 
> Thank you Markus
> 

Sorry its taken so long. Applied to trunk as rev.13667 (auth helper)
and rev.13668 (ACL helper)


There are a few coding techinque things to work on;

 * using pre-increment (++i) is better than post-increment (i++), and

 * sizeof(*mem_cache) instead of re-calculating the string lengths for
snprintf()
  - which relies on them not having changed mysteriously during the
(possibly long and interrupted) time malloc can take.

I am accepting anyway since it is at least consistent with the
existing helper code.

Amos


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUUHI/AAoJELJo5wb/XPRj/gAH/3qdIWTL3dalGYcg6BPxX1qi
WHV1O24CA6qLWx8E5jA5KBYaC6hx8W78Qiy4hPiR1dsfKI3L3GzdRt1qNIcs0bE9
INDbOWTo2yqc2LuZ9aBe02j9cNE4vHZPbghqitZoUMQybs7UvUTWgnwQ/T6l+PPD
B/5yL1jfDVx5anz4+Ko09GTgsR0t7co0yr3tOaP4Ifhg/7pQ0mRalyOESUuf55bh
Zfj10VvwAntHWz/jJQN2zIPop5N0jp9DRIVU5AOtX3OZYajkkBEYfvbwnEBIbS0R
acodz3fLaJuBmwPv/WIBzjjOO0mTHKeJrKNo2TNFSThL7KXPZkQlP6HqsWXbnU0=
=Oauf
-----END PGP SIGNATURE-----


More information about the squid-dev mailing list