[squid-dev] [PATCH] avoid flooding cache.log with "uninitialized value" messages from ext_wbinfo_group_acl helper script

Thu Jun 23 08:01:50 UTC 2016

>> On 22/06/2016 7:22 p.m., Vieri wrote:
>> Hi,
>>
>> With default debug_options too many "uninitialized value" messages in /var/log/squid/cache.log;
>> Use of uninitialized value $ans in concatenation (.) or string at /usr/libexec/squid/ext_wbinfo_group_acl line 204, <STDIN> >> line 44.
>> Use of uninitialized value $ans in concatenation (.) or string at /usr/libexec/squid/ext_wbinfo_group_acl line 205, <STDIN> >> line 44.
>>
>> Minor issue fixed with this patch.>
> Thank you.
>

> I was just double-checking this before applying and it looks to me like $ans should never be unset in a properly configured 

> group helper.>
> What does your squid.conf contain for this helper? (both the external_acl_type and the "acl ... external" lines using it

> please)>
> And what does the debug output the helper injects into the log along with those perl warnings look like?
> (should be something like "Sending ... to Squid".)
>

> I'm asking because an empty line "\n" is not a valid response from an external ACL helper. What the $ans needs to be 

> initialized to depends on whether it is a misconfiguration or something else resulting in the perl warning.
>
> PS. sorry for not noticing this earlier when you wrote to squid-users.

Hi Amos,

I suspect it could be a misconfiguration too.

# grep external /etc/squid/squid.custom.rules
external_acl_type nt_group ttl=0 children-max=10 %LOGIN /usr/libexec/squid/ext_wbinfo_group_acl
acl allowed_groups external nt_group "/SAMBA/proxy-settings/allowed.groups"
acl restricted_groups external nt_group "/SAMBA/proxy-settings/restricted.groups"

Both files are currently empty (/SAMBA/proxy-settings/*).

I'm getting "Sending to squid" messages in the log.

After populating these files I get these messages:

Sending ERR to squid
Sending OK to squid

My log file is no longer flooded with those "uninitialized variable" perl messages anymore.
Could this be it?
If so, shouldn't it be allowed to have empty files (empty acls)?
If $group (@groups array) is empty then the wbinfo call in the check() function will fail. In fact, if the acl files are empty then the "foreach $group (@groups)" loop is never entered, the check() function is never called and $ans is never set. I know that Squid warns the user at startup if an ACL is empty (it only warns about the firt empty ACL declared in squid.conf, not all of them).

So it's really my fault if I use empty ACLs that Squid warned me about. However, does it hurt to patch the helper script so that $ans is 'ERR' by default, even when using empty ACLs?

PS: No problem at all. I appreciate the hard work the squid team has done during all these years.

Vieri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ext_wbinfo_group_acl.pl.in.diff
Type: application/octet-stream
Size: 332 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160623/1abb220c/attachment.obj>