[squid-users] Squid for Windows: negotiate_kerberos_auth helper seems to leak(?) handles

Klaus Westkamp klaus at westkamp.net
Wed Dec 16 12:46:15 UTC 2020 

Hi,

i digged a little further (but i'm no exert in WinDBG):

Attachimng to the process with the most handles (currently 323 shown by 
Windows Process Manager, as newly started)

!handles gives me:

277 Handles (weired, shows less than process manager)
Type               Count
None               4
Event              199
Section            7
File               18
Directory          3
SymbolicLink       1
Mutant             9
Semaphore          5
Key                8
Token              2
Thread             5
IoCompletion       2
TpWorkerFactory    2
ALPC Port          5
WaitCompletionPacket    7

Asking for Handle Details:

0:003> !handle 5e8 f
Handle 5e8
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

0:003> !handle 5e0 f
Handle 5e0
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

0:003> !handle 374 f
Handle 374
   Type             Event
   Attributes       0
   GrantedAccess    0x1f0003:
          Delete,ReadControl,WriteDac,WriteOwner,Synch
          QueryState,ModifyState
   HandleCount      2
   PointerCount     32769
   Name             <none>
   Object Specific Information
     Event Type Auto Reset
     Event is Waiting

These events seem to increase, but only one process gets to the limit of 
3x00 handles and then the other processes seem to hang ...


On 15/12/2020 12:18, Klaus Westkamp wrote:
> Hi,
>
>
> yes this is Dildale's last available package. Output of squid -v is as 
> follows:
>
> squid -v
>
> Squid Cache: Version 3.5.28
> Service Name: squid
>
> This binary uses OpenSSL 1.0.2j  26 Sep 2016. For legal restrictions 
> on distribution see https://www.openssl.org/source/license.html
>
> configure options:  '--bindir=/bin/squid' '--sbindir=/usr/sbin/squid' 
> '--sysconfdir=/etc/squid' '--datadir=/usr/share/squid' 
> '--libexecdir=/usr/lib/squid'
> '--disable-strict-error-checking' '--with-logdir=/var/log/squid' 
> '--with-swapdir=/var/cache/squid' '--with-pidfile=/var/run/squid.pid' 
> '--enable-ssl'
> '--enable-delay-pools' '--enable-ssl-crtd' '--enable-icap-client' 
> '--disable-eui' '--localstatedir=/var/run/squid' 
> '--sharedstatedir=/var/run/squid'
> '--datarootdir=/usr/share/squid' 
> '--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped' 
> '--enable-auth-basic=DB,LDAP,NCSA,POP3,RADIUS,SASL,SMB,fake,getpwnam'
> '--enable-auth-ntlm=fake' '--enable-auth-negotiate=kerberos,wrapper' 
> '--enable-external-acl-helpers=LDAP_group,SQL_session,eDirectory_userip,file_userip,kerberos_ldap_group,session,time_quota,unix_group,wbinfo_group' 
>
> '--with-openssl' '--with-filedescriptors=65536' 
> '--enable-removal-policies=lru,heap'
>
> The helper negotiate_kerberos_auth.exe doesn't produce a Version output.
>
>
> Best regards,
>
> Klaus Westkamp
>
>
> On 15/12/2020 09:10, Amos Jeffries wrote:
>> On 15/12/20 4:03 am, Klaus Westkamp wrote:
>>> Hi,
>>>
>>> i'm uncertain, wether this mailing list is the correct one to ask, 
>>> but i have the disputable honor to make a squid running on a Windows 
>>> Server (if possible). Whilst squid.exe seems to run fine, i 
>>> constantly run into an unresponsive system, when i enable Kerberos 
>>> authentication via auth_param and the negotiate_kerberos_auth.exe 
>>> helper.
>>>
>>> For a while authentication works fine, but all at the sudden the 
>>> system hangs at 100% CPU usage. My Observation is that one of the 
>>> negotiate_kerberos_auth.exe processes has a constantly increasing 
>>> number of handles (Files and events). If i understand the 
>>> Sysinternals handle tool correctly, most handles are event corrolated.
>>>
>>> The setting:
>>>
>>> Windows 2012 R2 AD Controllers with Windows 2008R2 Domain Level. A 
>>> Windows Server 2016 running Squid 3.5 for Windows.
>>
>> Is Squid the package built by Diladele or a custom build?
>>
>> Which exact version number is it? (output of "squid -v" please)
>>
>>
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list