[squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

Markus Moeller huaraz at moeller.plus.com
Tue Feb 2 20:02:50 UTC 2021 

Hi Klaus,

   The negotiate_kerberos_auth helper is not intended to run on Windows. 
How did you compile it ?

Markus



"Klaus Westkamp"  wrote in message 
news:8251c91f-1b08-82f2-f6ec-46ef92fe9573 at westkamp.net...

Hi,

i digged a little further (but i'm no exert in WinDBG):

Attachimng to the process with the most handles (currently 323 shown by
Windows Process Manager, as newly started)

!handles gives me:

277 Handles (weired, shows less than process manager)
Type               Count
None               4
Event              199
Section            7
File               18
Directory          3
SymbolicLink       1
Mutant             9
Semaphore          5
Key                8
Token              2
Thread             5
IoCompletion       2
TpWorkerFactory    2
ALPC Port          5
WaitCompletionPacket    7

Asking for Handle Details:

0:003> !handle 5e8 f
Handle 5e8
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

0:003> !handle 5e0 f
Handle 5e0
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

0:003> !handle 374 f
Handle 374
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

These events seem to increase, but only one process gets to the limit of
3x00 handles and then the other processes seem to hang ...


On 15/12/2020 12:18, Klaus Westkamp wrote:
> Hi,
>
>
> yes this is Dildale's last available package. Output of squid -v is as 
> follows:
>
> squid -v
>
> Squid Cache: Version 3.5.28
> Service Name: squid
>
> This binary uses OpenSSL 1.0.2j  26 Sep 2016. For legal restrictions on 
> distribution see https://www.openssl.org/source/license.html
>
> configure options:  '--bindir=/bin/squid' '--sbindir=/usr/sbin/squid' 
> '--sysconfdir=/etc/squid' '--datadir=/usr/share/squid' 
> '--libexecdir=/usr/lib/squid'
> '--disable-strict-error-checking' '--with-logdir=/var/log/squid' 
> '--with-swapdir=/var/cache/squid' '--with-pidfile=/var/run/squid.pid' 
> '--enable-ssl'
> '--enable-delay-pools' '--enable-ssl-crtd' '--enable-icap-client' 
> '--disable-eui' '--localstatedir=/var/run/squid' 
> '--sharedstatedir=/var/run/squid'
> '--datarootdir=/usr/share/squid' 
> '--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped' 
> '--enable-auth-basic=DB,LDAP,NCSA,POP3,RADIUS,SASL,SMB,fake,getpwnam'
> '--enable-auth-ntlm=fake' '--enable-auth-negotiate=kerberos,wrapper' 
> '--enable-external-acl-helpers=LDAP_group,SQL_session,eDirectory_userip,file_userip,kerberos_ldap_group,session,time_quota,unix_group,wbinfo_group'
> '--with-openssl' '--with-filedescriptors=65536' 
> '--enable-removal-policies=lru,heap'
>
> The helper negotiate_kerberos_auth.exe doesn't produce a Version output.
>
>
> Best regards,
>
> Klaus Westkamp
>
>
> On 15/12/2020 09:10, Amos Jeffries wrote:
>> On 15/12/20 4:03 am, Klaus Westkamp wrote:
>>> Hi,
>>>
>>> i'm uncertain, wether this mailing list is the correct one to ask, but i 
>>> have the disputable honor to make a squid running on a Windows Server 
>>> (if possible). Whilst squid.exe seems to run fine, i constantly run into 
>>> an unresponsive system, when i enable Kerberos authentication via 
>>> auth_param and the negotiate_kerberos_auth.exe helper.
>>>
>>> For a while authentication works fine, but all at the sudden the system 
>>> hangs at 100% CPU usage. My Observation is that one of the 
>>> negotiate_kerberos_auth.exe processes has a constantly increasing number 
>>> of handles (Files and events). If i understand the Sysinternals handle 
>>> tool correctly, most handles are event corrolated.
>>>
>>> The setting:
>>>
>>> Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
>>> Windows Server 2016 running Squid 3.5 for Windows.
>>
>> Is Squid the package built by Diladele or a custom build?
>>
>> Which exact version number is it? (output of "squid -v" please)
>>
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list