| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
67234
|
Tue Apr 10 15:35:07 2012 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.9.1-2444 | Re: segfault on empty, non-writable passwd file |
| Achim Dreyer wrote: |
|
Segfault when password file is empty and not writable a segmentation fault is generated when a new user tries to register:
root# > passwd
root# chown root.root passwd
root# chmod 644 passwd
root# grep -i usr elogd.cfg
root#
kernel: [515323.672377] elogd[31048]: segfault at 78 ip 00000000004ba780 sp 00007fff03cd2078 error 4 in elogd[400000+dc000]
I cannot reproduce this error when running within gdb.
|
Thanks for reporting that bug. I fixed it in SVN revision 2448. |
|
69350
|
Fri Apr 23 15:46:39 2021 |
| Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Hi Mr. Holman,
The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.
I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.
I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.
I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.
Best wishes,
Sebastian
| gary holman wrote: |
|
Elog version: ELOG V3.1.4-611489ba
I am running openldap on the localhost. For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file. For example:
1. I delete user passord file defined in elogd.cfg
2. Bind/Authenticate to LDAP successfully
3. Segfaults in auth.c ldap_adduser_file()
Makefile:
...
ELOGDIR = /opt/elog
DESTDIR = $(ROOT)$(PREFIX)/bin
SDESTDIR = $(ROOT)$(PREFIX)/sbin
RCDIR = $(ROOT)/etc/rc.d/init.d
SRVDIR = $(ROOT)/usr/lib/systemd/system
# flag for SSL support
USE_SSL = 1
# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5 = 0
# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM = 0
...
For authentication, I am using openldap in the localhost:
----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
gdb output
----------
(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...
Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350 if (rc != LDAP_SUCCESS) {
(gdb) n
337 rc = ldap_search_ext_s(
(gdb) n
350 if (rc != LDAP_SUCCESS) {
(gdb) n
358 for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371 if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361 for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365 if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366 for(i=0; values[i] != NULL; i++) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366 for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
|
|
|
69351
|
Fri Apr 23 16:21:05 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Well, if you find a solution with works for everybody, I'm happy to commit it to the main repository. But unfortunately I cannot test it because I don't have LDAP here, so I'm flying blind.
Stefan |
|
69354
|
Sun Apr 25 15:17:27 2021 |
| Laurent Jean-Rigaud | lollspam@free.fr | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Hi,
Maybe it could be useful to add new parameters in elogd.cfg to define the attribute name to use to retrieve the given name, login name and email from LDAP server.
By example :
LDAP email attribute = mail
LDAP surname attribute = id
LDAP givename attribute = gn
So users can define them according to their exotic LDAP schema ;-)
Laurent |
|
69358
|
Wed Apr 28 04:01:49 2021 |
| gary holman | holman@uw.edu | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Dear Mr Ritt, Mr Schenk,
Thank you for the responses. This was indeed my issue and direction to fix the crash.
Thank you,
Gary
| Sebastian Schenk wrote: |
|
Hi Mr. Holman,
The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.
I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.
I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.
I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.
Best wishes,
Sebastian
| gary holman wrote: |
|
Elog version: ELOG V3.1.4-611489ba
I am running openldap on the localhost. For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file. For example:
1. I delete user passord file defined in elogd.cfg
2. Bind/Authenticate to LDAP successfully
3. Segfaults in auth.c ldap_adduser_file()
Makefile:
...
ELOGDIR = /opt/elog
DESTDIR = $(ROOT)$(PREFIX)/bin
SDESTDIR = $(ROOT)$(PREFIX)/sbin
RCDIR = $(ROOT)/etc/rc.d/init.d
SRVDIR = $(ROOT)/usr/lib/systemd/system
# flag for SSL support
USE_SSL = 1
# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5 = 0
# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM = 0
...
For authentication, I am using openldap in the localhost:
----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
gdb output
----------
(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...
Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350 if (rc != LDAP_SUCCESS) {
(gdb) n
337 rc = ldap_search_ext_s(
(gdb) n
350 if (rc != LDAP_SUCCESS) {
(gdb) n
358 for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371 if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361 for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365 if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366 for(i=0; values[i] != NULL; i++) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366 for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
|
|
|
|
186
|
Tue Jan 7 09:39:29 2003 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | | | Re: security in find option as a guest | > if you are guest in the find option
>
> select 'all logbook'
>
> it will display all 'attributes' from other logbook
> with no option 'guest command ...'
> but having the same 'attribute' name
>
> Solution :
> **********
> I use the copy to command to make a copy to other logbook
> with option 'guest command' enabled
>
> in this section I remove some field so the guest user can't no see all field
>
> I suggest to give acces to 'guest' on a second run of elog to another
> port or other computer ?
I see your problem. I could either disable the "Search all logbooks" switch
for certain logbooks (like the guest one), or restrict the search to logbooks
which have a "guest command" option. What would you prefer?
- Stefan |
|
187
|
Tue Jan 7 16:04:14 2003 |
| Etienne Van Caillie | etienne.vancaillie@mba.be | Bug report | | | Re: security in find option as a guest | > > if you are guest in the find option
> >
> > select 'all logbook'
> >
> > it will display all 'attributes' from other logbook
> > with no option 'guest command ...'
> > but having the same 'attribute' name
> >
> > Solution :
> > **********
> > I use the copy to command to make a copy to other logbook
> > with option 'guest command' enabled
> >
> > in this section I remove some field so the guest user can't no see all
field
> >
> > I suggest to give acces to 'guest' on a second run of elog to another
> > port or other computer ?
>
> I see your problem. I could either disable the "Search all logbooks" switch
> for certain logbooks (like the guest one), or restrict the search to
logbooks
> which have a "guest command" option. What would you prefer?
>
> - Stefan
may be add a parameter
Restrict Search all logboog = 1 or 0
if 1 the switch will not appear |
|
188
|
Tue Jan 7 17:30:50 2003 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | | | Re: security in find option as a guest | > may be add a parameter
>
> Restrict Search all logboog = 1 or 0
> if 1 the switch will not appear
The flag "Search all logbooks" is already there! (I forgot about it!). So
just set it to "0" and you should be fine.
- Stefan |
|