[squid-dev] Squid 3.5.11 ntlm helper crashes

Wed Jan 6 10:49:50 UTC 2016

I have used squid 3.3.13 is used as proxy server with ntlm authentication.
For detecting client ip in ntlm messages i have write a patch in squid
source that pass client ip to ntlm helper messages.
Patch is shown below

*** src/auth/ntlm/UserRequest.cc	2014-08-27 19:47:00.000000000 +0530
--- patch-src/auth/ntlm/UserRequest.cc	2014-11-24 12:29:54.000000000 +0530
***************
*** 235,241 ****
          /* we should have received a blob from the client. Hand it off to
           * some helper */
          safe_free(client_blob);
!         client_blob = xstrdup(blob);
          if (request)
              HTTPMSGUNLOCK(request);
          request = aRequest;
--- 235,259 ----
          /* we should have received a blob from the client. Hand it off to
           * some helper */
          safe_free(client_blob);
!                  /*Changes for appending client IP address with NTLM
string to the helper*/
!  	/*New format will be KK [client IP]\NTLM string*/
!  	/*Eg:- KK 192.168.42.131\TlRMTVNTUAADAAAAGAAYAIgAAAA4AD...*/
!  	/*only IPv4 is supported */
!  	if(aRequest->client_addr.IsIPv4()){
!  		/*Client IP in IPv4 will have max 15 chars. eg :- 192.168.142.155*/
!  		char *clientIPAddress=(char *)xmalloc(16*sizeof(char));
!  		/* client IP will have maximum 15 chars and 1 char for '\'*/
!      		size_t new_blob_maxsize=sizeof(char)*(strlen(blob)+17);
!  		char *new_blob=(char *)xmalloc(new_blob_maxsize);
!  	
clientIPAddress=aRequest->client_addr.NtoA(clientIPAddress,16*sizeof(char));		
!  		snprintf(new_blob,new_blob_maxsize,"%s\\%s",clientIPAddress,blob);
!  		client_blob = xstrdup(new_blob);
!  		xfree(new_blob);
!  		xfree(clientIPAddress);
!  	}else{
!  		fatal("Auth::Ntlm::UserRequest::authenticate: Only IPv4 support \n");
!          	break;
!  	}
          if (request)
              HTTPMSGUNLOCK(request);
          request = aRequest;

This patch is successfully running.
Currently i upgraded to squid 3.5.11 with ntlm authentication. In 3.5.11
version an squid directive is used to pass key extras to ntlm helpers such
as client ip, i used shown below

auth_param ntlm program /usr/local/helpers/ntlmauthenticator
auth_param ntlm children 3000 startup=0 idle=0
auth_param ntlm keep_alive on
auth_param ntlm key_extras "%>a"

This configuration directive i used to pass client ip to my ntlm helper, and
also changes made on ntlm helper program for handling ntlm hand shake
messages. But after few houres (nearly 3 hour ) running the squid, the ntlm
helper is crashed or sometimes squid is crashed and restarted when more than
1000 request/second is received (as per squid cache manager)

Connection information for squid:
	Number of clients accessing cache:	6
	Number of HTTP requests received:	22456863
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	57742.5
	Average ICP messages per minute since start:	0.0
	Select loop called: 14727230 times, 3.169 ms avg

Number of squid worker is 2

I apply the previous patch( that used in squid 3.3.13 ) is applied and
compiled in squid 3.5.11 and remove the auth_param ntlm key_extras
configuration in squid.conf 
And after this squid build is running successfully with high traffic load
(nearly 1800 hits per second) with more than 12 houres continously. and
still it is running successfully.

can anyone can tell how to resolve this issue of squid 3.5.11.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-11-ntlm-helper-crashes-tp4675467.html
Sent from the Squid - Development mailing list archive at Nabble.com.