Bug#742788: npcdmod problem with largs perfdata (8192)
Package: pnp4nagios-bin
Version: 0.6.16-2
Severity: normal
Tags: patch
Hello,
i use debian stable (7.4) as my nagios server and have some checks with large
perfdata.
I use the npcdmod.o to write this perfdata to file (broker_module).
If the perfdata is to long, the string will not terminted by newline and the
next line append to this line.
See Attached file: perfdata.dump.gz
zgrep .DATATYPE perfdata.dump.gz #will help to find the line/problem
this is one line
DATATYPE::SERVICEPERFDATA TIMET::1395924718
HOSTNAME::xx2.rz.uni-jena.deSERVICEDESC::multi_nrpe_stat-fc3
SERVICEPERFDATA::check_multi::check_multi::plugins=19
time=1.530292 stat_dev_sdi::stat_dev::sdi_readB=1578376192c;
sdbx_readB=189207294976c; sdbx_writeB=11083DATATYPE::SERVICEPERFDATA
TIMET::1395924718 HOSTNAME::mailout1.rz.uni-jena.de
SERVICEDESC::multi_nrpe_stat
SERVICEPERFDATA::check_multi::check_multi::plugins=4 time=0.125382
stat_net::stat_net::eth0_in=895375029c; eth0_out=470741808c; eth0_in_err=0c;
eth0_in_drop=0c;
eth0_out_err=0c; eth0_out_drop=0c; lo_in=14205c; lo_out=14205c; lo_in_err=0c;
lo_in_drop=0c; lo_out_err=0c; lo_out_drop=0c;
stat_dev::stat_dev::sda_readB=567335936c;
sda_writeB=5723353088c; sda_read_time=62052c; sda_write_time=899829c;
sda_read=23177c; sda_write=412738c; sda_read_merged=4104c;
sda_write_merged=1000449c; sda_io_wait=0;
sda_io_time=340722c; sda_io_weighted=961474c;
SERVICECHECKCOMMAND::my_check_multi!nrpe_stat.cmd!-t 35 -T 60 SERVICESTATE::0
SERVICESTATETYPE::1
So this perfdata will be assigned to an other host/service ...
I converted this code (npcdmod.c) from snprintf with fput to fprintf only,
see patch attached. So the length of perfdata is not relevant.
In my environment i tested this patch successfully.
best regards
Thomas Sesselmann
--
Thomas Sesselmann, Dipl.-Inf.
Friedrich-Schiller-Universität Jena
Rechenzentrum
Am Johannisfriedhof 2
D-07743 Jena
Tel.: 03641/9-40530
Fax.: 03641/9-40630
perfdata.dump.gz
Description: application/gzip
--- pnp4nagios-0.6.16/src/npcdmod.c-orig 2014-03-27 14:23:11.560204139 +0100
+++ pnp4nagios-0.6.16/src/npcdmod.c 2014-03-27 14:39:52.508100371 +0100
@@ -187,7 +187,7 @@
service *service=NULL;
// char temp_buffer[1024];
- char perfdatafile_template[9216];
+// char perfdatafile_template[9216];
/* what type of event/data do we have? */
switch (event_type) {
@@ -213,8 +213,9 @@
if (hostchkdata-type == NEBTYPE_HOSTCHECK_PROCESSED
hostchkdata-perf_data != NULL) {
-snprintf(perfdatafile_template, sizeof(perfdatafile_template)
- - 1, DATATYPE::HOSTPERFDATA\t
+//snprintf(perfdatafile_template, sizeof(perfdatafile_template) - 1,
+fprintf(fp,
+DATATYPE::HOSTPERFDATA\t
TIMET::%d\t
HOSTNAME::%s\t
HOSTPERFDATA::%s\t
@@ -224,9 +225,9 @@
hostchkdata-host_name, hostchkdata-perf_data,
hostchkdata-command_name, hostchkdata-command_args,
hostchkdata-state, hostchkdata-state_type);
-perfdatafile_template[sizeof(perfdatafile_template) - 1]
- = '\x0';
-fputs(perfdatafile_template, fp);
+//perfdatafile_template[sizeof(perfdatafile_template) - 1]
+// = '\x0';
+//fputs(perfdatafile_template, fp);
}
}
break;
@@ -254,8 +255,9 @@
write_to_all_logs(temp_buffer, NSLOG_INFO_MESSAGE);
*/
-snprintf(perfdatafile_template, sizeof(perfdatafile_template)
- - 1, DATATYPE::SERVICEPERFDATA\t
+//snprintf(perfdatafile_template, sizeof(perfdatafile_template) - 1,
+fprintf(fp,
+ DATATYPE::SERVICEPERFDATA\t
TIMET::%d\t
HOSTNAME::%s\t
SERVICEDESC::%s\t
@@ -266,9 +268,9 @@
srvchkdata-host_name, srvchkdata-service_description,
srvchkdata-perf_data, service-service_check_command,
srvchkdata-state, srvchkdata-state_type);
-perfdatafile_template[sizeof(perfdatafile_template) - 1]
- = '\x0';
-fputs(perfdatafile_template, fp);
+//perfdatafile_template[sizeof(perfdatafile_template) - 1]
+// = '\x0';
+//fputs(perfdatafile_template, fp);
}
}
break;
smime.p7s
Description: S/MIME Cryptographic Signature
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan, Am 18.10.2013 07:54, schrieb Ryan Tandy: ... Quanah is correct that several fixes are needed to 2.4.31 in order to have working MMR (and probably several more depending on the overlays you use), and I agree that the fastest way to a working server is probably to build your own from recent upstream code. We prefer to use packages for our servers. Also we see the need of a newer upstream release version. To build a package with some local changes applied, the basic workflow looks like: .. See http://debian-handbook.info/browse/stable/debian-packaging.html for more guidance. thanks for this help Your other option would be to wait until a newer upstream version is introduced into unstable and then install that, possibly rebuilding it for wheezy if the library dependencies changed. This would be the best option for us. Did you know when a new upstream version in unstable or experimental would be released? Until this we have to try to build our own package at 2.4.36 (the first trial is failed). best regards Thomas -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 smime.p7s Description: S/MIME Kryptografische Unterschrift
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan, Am 11.10.2013 00:44, schrieb Ryan Tandy: Hi Thomas, Sorry it took me so long to get back to you. I think the problem is that your slapd.conf uses LDAP Sync replication and not delta-syncrepl. I missed that at first because you have an accesslog database configured, so I assumed you were using delta-syncrepl, but your syncrepl consumers are actually not configured for it. we try to configure Delta-syncrepl and run in next issue :( The slapd on the slaves crashes immediately after modifying a group on memberof overlay. I can try to start in debug mode an the slave crashes after the next entry: ldap-slave# slapd -u openldap -g openldap -F /etc/ldap/slapd.d -d -1 525d3d02 = access_allowed: search access to cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de objectClass requested 525d3d02 = root access granted 525d3d02 = access_allowed: search access granted by manage(=mwrscxd) 525d3d02 = test_filter 6 525d3d02 send_ldap_result: conn=-1 op=0 p=3 525d3d02 send_ldap_result: err=0 matched= text= 525d3d02 == unique_modify cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 unique_modify: administrative bypass, skipping 525d3d02 = bdb_entry_get: ndn: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 = bdb_entry_get: oc: (null), at: (null) 525d3d02 bdb_dn2entry(cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de) 525d3d02 = bdb_entry_get: found entry: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 bdb_entry_get: rc=0 525d3d02 hdb_modify: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 bdb_dn2entry(cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de) 525d3d02 bdb_modify_internal: 0x0056: cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 = acl_access_allowed: granted to database root 525d3d02 bdb_modify_internal: softdel member 525d3d02 dnMatch 1 cn=ldapadmin,ou=local,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49qeq,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49haf,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49lan,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49ded,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 1536 uid=ku49bel,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 dnMatch 0 uid=ko35rot,ou=users,dc=uni-jena,dc=de uid=ko35rot,ou=users,dc=uni-jena,dc=de 525d3d02 bdb_modify_internal: replace entryCSN 525d3d02 bdb_modify_internal: replace modifiersName 525d3d02 bdb_modify_internal: replace modifyTimestamp 525d3d02 = key_change(DELETE,56) 525d3d02 bdb_idl_delete_key: 56 525d3d02 = key_change 0 525d3d02 = key_change(ADD,56) 525d3d02 bdb_idl_insert_key: 56 525d3d02 = key_change 0 525d3d02 = entry_encode(0x0056): 525d3d02 = entry_encode(0x0056): 525d3d02 hdb_modify: updated id=0056 dn=cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de 525d3d02 send_ldap_result: conn=-1 op=0 p=3 525d3d02 send_ldap_result: err=0 matched= text= slapd: ../../../../../servers/slapd/overlays/memberof.c:1465: memberof_res_modify: Assertion `0' failed. Abgebrochen Sounds like ITS#7487 (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7487;page=6) best regards Thomas -- Thomas Sesselmann, Dipl.-Inf. Friedrich-Schiller-Universität Jena Rechenzentrum Am Johannisfriedhof 2 D-07743 Jena Tel.: 03641/9-40530 Fax.: 03641/9-40630 smime.p7s Description: S/MIME Kryptografische Unterschrift
Bug#725091: [Pkg-openldap-devel] Bug#725091: slapd with memory leak in active sync
Hi Ryan,
On 02.10.2013 00:52, wrote Ryan Tandy:
Hi Thomas,
On Tue, Oct 1, 2013 at 4:10 AM, Thomas Sesselmann
thomas.sesselm...@uni-jena.de wrote:
We installed a multimaster replication setup.
Now if we modifies some attributes and groups-memberships and the memory
use of the slapd on the 'master' increase extremely (10G) until out of
memory.
I think you might be experiencing ITS#7292. What do you think? If you
bring up a new server with the same configuration and an empty
database and allow it to start replicating, like in the ITS, do you
observe the same memory usage?
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7292
I don't know, on initial update/sync there are no problems.
The problem exists only if the two master servers are in sync
with the persist connection (syncrepl type=refreshAndPersist).
It was fixed upstream in 2.4.32 by a series of commits:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=shortlog;h=dc912776;hp=65c0cd19
If it's easy for you to rebuild a package and deploy it in a testing
environment, you might try doing so with those changes integrated.
We now build an independent test-environment. So we can install there
test packages ...
Rebuild a source packages with some diffs is not impossible, but will
spend some time, because we have to learn it first ;)
We use the online config. In attachment is the corresponding slapd.conf.
I tried to reproduce your report but wasn't successful yet. Is it
possible for you to reduce the testcase any further? For example, can
you still trigger it if you omit some of the overlays?
We delete all overlays (except syncprov) and the problem still exists.
The modules are loaded but not used in the configuration,
if this should change something?
We modifies the member of some groups (delete/add). There are much users
in the groups (2), perhaps the result is so worse.
Here are the Skript we used:
---modify.pl
#!/usr/bin/perl
use strict;
use warnings;
use Net::LDAPS;
use Net::LDAP::Util qw(ldap_error_text);
my $hostname= ['ldaptest2.rz.uni-jena.de'];
my $binddn = 'ou=local,dc=uni-jena, dc=de';
my $auth= 'uid=xxxy';
my $passwd = '';
my $basedn = ou=users,dc=uni-jena,dc=de;
my $ldap = Net::LDAP-new($hostname) or die Unable to connect to LDAP server
$hostname: $@\n;
my $mesg = $ldap- start_tls() or die Unable to StartTLS: $@\n;
$ldap-bind( $auth,$binddn, password = $passwd, version = 3 ) or die
Binding to the LDAP-Server;
##searching on LDAP
my $searchresult = $ldap-search(base =$basedn, filter =
((uid=*)(mail=*)(|(mailHost=mail1.rz.uni-jena.de))), attrs = ['*',
'memberOf']) or die Searching the
LDAP-Server;
print STDOUT (.$searchresult-count.)\n;
sub in_array {
my ($arr,$search_for) = @_;
return grep {$search_for eq $_} @$arr;
}
### For all LDAP-USERS ###
foreach my $entry ($searchresult-entries) {
my @AddArray= [];
my @ReplaceArray= [];
my @DeleteArray = [];
print STDOUT $entry-dn, \n;
my $memberOfs = $entry-get_value('memberOf', asref = 1);
### DELETE IN GROUP SMTP ###
if(in_array($memberOfs,'cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de')){
$ldap-modify('cn=smtp,ou=local,ou=groups,dc=uni-jena,dc=de', delete =
{member = [$entry-dn]}) or die Delete group SMTP;
}
### DELETE IN GROUP SMTP-AUTH ###
if(in_array($memberOfs,'cn=smtp-auth,ou=local,ou=groups,dc=uni-jena,dc=de')){
$ldap-modify('cn=smtp-auth,ou=local,ou=groups,dc=uni-jena,dc=de',
delete = {member = [$entry-dn]}) or die Delete group SMTP-AUTH;
}
### DELETE IN GROUP IMAP ###
if(in_array($memberOfs,'cn=imap,ou=local,ou=groups,dc=uni-jena,dc=de')){
$ldap-modify('cn=imap,ou=local,ou=groups,dc=uni-jena,dc=de', delete =
{member = [$entry-dn]}) or die Delete group IMAP;
}
### WRITE USER MODIFICATIONS TO LDAP ###
push @{$ReplaceArray[0]}, mailhost = mail1-deleted;
$ldap-modify( $entry-dn, changes = [add = @AddArray, replace =
@ReplaceArray, delete = @DeleteArray]) or die Modify User on LDAP;
}
$ldap-unbind();
---
best regards
Thomas
--
Thomas Sesselmann, Dipl.-Inf.
Friedrich-Schiller-Universität Jena
Rechenzentrum
Am Johannisfriedhof 2
D-07743 Jena
Tel.: 03641/9-40530
Fax.: 03641/9-40630
smime.p7s
Description: S/MIME Kryptografische Unterschrift
Bug#725091: slapd with memory leak in active sync
Package: slapd
Version: 2.4.31-1+nmu2
Severity: serious
Hello,
we are using Debian 7.1 on amd64.
We installed a multimaster replication setup.
Now if we modifies some attributes and groups-memberships and the memory
use of the slapd on the 'master' increase extremely (10G) until out of memory.
This occurs only if the two servers in sync.
If we disable the connection (i.e. iptables) between the servers,
the memory usages isn't growing.
We use the online config. In attachment is the corresponding slapd.conf.
best regards
Thomas Sesselmann
--
Thomas Sesselmann, Dipl.-Inf.
Friedrich-Schiller-Universität Jena
Rechenzentrum
Am Johannisfriedhof 2
D-07743 Jena
Tel.: 03641/9-40530
Fax.: 03641/9-40630
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/dyngroup.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/sendmail.schema
include /etc/ldap/schema/kerberos.schema
include /etc/ldap/schema/fsu.schema
include /etc/ldap/schema/eduperson.schema
pidfile/var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/ldap
moduleload accesslog.la
moduleload constraint.la
moduleload dds.la
moduleload dynlist.la
moduleload memberof.la
moduleload ppolicy.la
moduleload refint.la
moduleload syncprov.la
moduleload unique.la
moduleload back_hdb
moduleload back_monitor
backend hdb
backend monitor
TLSCACertificateFile /etc/ldap/certs/chain.pem
TLSCACertificatePath /etc/ldap/certs
TLSCertificateFile/etc/ldap/certs/ldap.pem
TLSCertificateKeyFile /etc/ldap/certs/ldap.key
TLSVerifyClient allow
## server-ids/urls fuer mmr ###
ServerID1 ldap://ldap1.rz.uni-jena.de;
ServerID2 ldap://ldap2.rz.uni-jena.de;
## Match replicator
authz-regexp
CN=ldap\.uni-jena\.de,O=Universitaet Jena,L=Jena,ST=Thueringen,C=DE
uid=replicator,ou=local,dc=uni-jena,dc=de
## generele Abfragen (Basisdn) ?
access to dn.base=
by * read
## Schema abfragen ?
access to dn.base=cn=Subschema
by * read
###
# enable on-the-fly configuration (cn=config)
database config
### syncrepl- direktiven fuer mmr der olc ###
syncreplrid=003
provider=ldap://ldap1.rz.uni-jena.de;
searchbase=cn=config
type=refreshAndPersist
retry=5 +
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
filter=(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))
syncreplrid=004
provider=ldap://ldap2.rz.uni-jena.de;
searchbase=cn=config
type=refreshAndPersist
retry=5 +
bindmethod=sasl
saslmech=EXTERNAL
starttls=yes
filter=(|(!(olcDatabase={0}config))(!(olcReadOnly=TRUE)))
overlay syncprov
MirrorMode On
access to *
by dn.exact=uid=replicator,ou=local,dc=uni-jena,dc=de read
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
manage
by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de manage
by * none
###
# enable server status monitoring (cn=monitor)
database monitor
access to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
read
by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de read
by * none
###
# enable server access logging (cn=logs)
databasehdb
suffix cn=logs
checkpoint 1024 15
rootdn cn=ldapadmin,ou=local,dc=uni-jena,dc=de
directory /var/lib/ldap/logs
index reqStart,reqEnd,reqMod,reqResult eq
index entryUUIDeq
access to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
read
by dn.exact=cn=ldapadmin,ou=local,dc=uni-jena,dc=de read
by * none
###
# database definitions
###
databasehdb
suffix dc=uni-jena,dc=de
checkpoint 1024 15
rootdn cn=ldapadmin,ou=local,dc=uni-jena,dc=de
rootpw{SSHA}xxx
directory /var/lib/ldap/data
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShelleq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntryeq,pres,sub
index entryUUID eq
## Accesslog
overlay accesslog
Bug#466856: rrd-files with wrong RRA-Values for step 60
Package: nagiosgrapher
Version: 1.6.1rc3-2
Tags: patch
Hello,
when collect2.pl generates a new rrd-file the default-values are optimized for
step 300.
I think the use of $heartbeat is wrong on this place.
My patch will calculate the steps of the RRA instead of the number of entries
in an RRA.
If the generally step is not 60 instead of 300, it will create 4 RRAs.
best regards
Thomas Sesselmann
--
Thomas Sesselmann, Dipl.-Inf.
Zentrale Datenverarbeitung
Deutsches Krebsforschungszentrum
Im Neuenheimer Feld 280
69120 Heidelberg
Tel.: +49-6221/42-2357
E-Mail: [EMAIL PROTECTED]
gpg-key: http://pgpkeys.pca.dfn.de/pks/lookup?op=getsearch=0x9392E54B
427,437c427,433
# Get Steps for RRA Value, for yearly, monthly, weekly, dayly, hourly graph
my @rrasteps=();
foreach ( 86400, 7200, 3600, 300, 10 ) {
my $aktstep = int( $_ / $step );
$aktstep++ if ( $_ % $step );
push @rrasteps, $aktstep if ( not grep( { $_ == $aktstep } @rrasteps ) );
}
foreach ( @rrasteps ) {
push @system, RRA:AVERAGE:0.5:$_:600;
push @system, RRA:MAX:0.5:$_:600;
push @system, RRA:MIN:0.5:$_:600;
---
# Adding some default average frames
# OLD: 5, 30, 120, 1440;
for (1, 6, 24, 288) {
push @system, RRA:AVERAGE:0.5:$_:$heartbeat;
push @system, RRA:MAX:0.5:$_:$heartbeat;
push @system, RRA:MIN:0.5:$_:$heartbeat;
Bug#466854: nagiosgrapher don't ignore comments in main config-file (/etc/nagiosgrapher/ngraph.ncfg)
Package: nagiosgrapher Version: 1.6.1rc3-2 Hello, nagiosgrapher respectivlely the Perl-Module /usr/share/perl5/NagiosGrapher.pm don't ignores comments. i.e. #notes_url /wiki/index.php/$HOSTNAME$#$SERVICEDESC$ matches also the regex 'm/(\w*[_]*\w*)\s+(.*)$/' like notes_url /wiki/index.php/$HOSTNAME$#$SERVICEDESC$ Mainly there should be something like this: s/#.*$//; See File /usr/share/perl5/NagiosGrapher.pm in lines 560-602. For the other definition files the comments will be ignored: (sub read_ngrapher_def line 667, 678 ...) best regards Thomas Sesselmann -- Thomas Sesselmann, Dipl.-Inf. Zentrale Datenverarbeitung Deutsches Krebsforschungszentrum Im Neuenheimer Feld 280 69120 Heidelberg Tel.: +49-6221/42-2357 E-Mail: [EMAIL PROTECTED] gpg-key: http://pgpkeys.pca.dfn.de/pks/lookup?op=getsearch=0x9392E54B -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#440632: CVE-2007-5707 remote denial of service with malformed objectClasses attribute
Hello, how is the status of this _grave_ bug for stable (etch) and oldstable (sarge)? It will be very nice if this will be fixed, since the fixed version is in testing (security) since 2007-11-18. thanks and best regards Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut fuer Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
Bug#440632: marked as done (ldapadd with 'objectClasses' instead of 'objectClass' brings slapd down)
Hello, because of this Bug can easily cause as Denial of Service of the stable LDAP-Server, i will be happy if you can backport the fix/patch to the stable (etch) release of slapd. many thanks Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut für Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature
Bug#440632: ldapadd with 'objectClasses' instead of 'objectClass' brings slapd down
Package: slapd Version: 2.3.30-5 Severity: grave Hello, i am used debian etch. I am wrongly used the misspelling Attribute 'objectClasses' instead of 'objectClass' in ldapadd and then the slapd dies ... I have verified this with a new (debian default) installation with no special things and anonymous ldapadd! [EMAIL PROTECTED]:~$ ldapadd -x dn: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de objectClasses: top adding new entry uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de ldap_add: Invalid syntax (21) additional info: objectClasses: value #0 normalization failed = now there are no slapd-processes left ... (the slapd process is dead) [EMAIL PROTECTED]:~$ ldapsearch -h ldap uid=test4 ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) [EMAIL PROTECTED]:~# ps -ef |grep slap root 21036 14161 0 10:30 pts/000:00:00 grep slap The Log '/var/log/syslog' for the crash (loglevel 4095): Sep 3 10:32:50 ldap slapd[21091]: daemon: read activity on 12 Sep 3 10:32:50 ldap slapd[21091]: connection_get(12) Sep 3 10:32:50 ldap slapd[21091]: connection_get(12): got connid=3 Sep 3 10:32:50 ldap slapd[21091]: connection_read(12): checking for input on id=3 Sep 3 10:32:50 ldap slapd[21091]: ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable) Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=6 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=7 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: daemon: select: listen=8 active_threads=0 tvp=NULL Sep 3 10:32:50 ldap slapd[21091]: do_add Sep 3 10:32:50 ldap slapd[21091]: dnPrettyNormal: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: dnPrettyNormal: uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de, uid=test5,ou=sonst,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: do_add: dn (uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de) Sep 3 10:32:50 ldap slapd[21091]: conn=3 op=4 ADD dn=uid=test5,ou=SONST,ou=people,dc=kip.uni-heidelberg,dc=de Sep 3 10:32:50 ldap slapd[21091]: = str2entry NULL (ssyn_normalize 21) Sep 3 10:32:50 ldap slapd[21091]: send_ldap_result: conn=3 op=4 p=3 Sep 3 10:32:50 ldap slapd[21091]: send_ldap_result: err=21 matched= text=objectClasses: value #0 normalization failed Sep 3 10:32:50 ldap slapd[21091]: send_ldap_response: msgid=5 tag=105 err=21 Sep 3 10:32:50 ldap slapd[21091]: conn=3 op=4 RESULT tag=105 err=21 text=objectClasses: value #0 normalization failed best regards Thomas Sesselmann -- Dipl.-Inf. Thomas Sesselmann __O Kirchhoff-Institut für Physik _\-, Universitaet Heidelberg _(_)/(_)_ INF227 / D-69120 Heidelberg Tel.: +49/6221/54-9132 E-Mail: [EMAIL PROTECTED] gpg-key: 0x9392E54B or finger -l [EMAIL PROTECTED]
Bug#409357: Improvment of the openafs-fileserver init-skript with additional start-options
Package: openafs-fileserver
Version: 1.4.2-5
Severity: minor
Tags: patch
Hello,
I want to start the bos-server with the '-syslog' option to get the logs to
syslog.
So I change the init-skript '/etc/init.d/openafs-fileserver' for adding
DAEMON_ARGS
and read the /etc/default/openafs-fileserver' file.
I attach the changed '/etc/init.d/openafs-fileserver',
the new file '/etc/default/openafs-fileserver' and
a patch 'change-init-skript-openafs-fileserver.patch'.
Sorry for the two attachments with same name, but i think you can differ they
by content.
Best Regards
Thomas Sesselmann
--
Dipl.-Inf. Thomas Sesselmann
Kirchhoff-Institut für Physik
Universität Heidelberg
INF227 / D-69120 Heidelberg
Tel.: +49/6221/54-9132
E-Mail: [EMAIL PROTECTED]
/\
\ /ASCII Ribbon Campaign
X against HTML email vCards
/ \
26a27
DAEMON_ARGS=
36a38,41
# Read configuration variable file if it is present
[ -r /etc/default/openafs-fileserver ] . /etc/default/openafs-fileserver
42c47
--exec $DAEMON
---
--exec $DAEMON -- $DAEMON_ARGS
75c80
--exec $DAEMON
---
--exec $DAEMON -- $DAEMON_ARGS
#! /bin/sh
### BEGIN INIT INFO
# Provides: openafs-fileserver
# Required-Start: $local_fs $remote_fs $network $time
# Required-Stop:$local_fs $remote_fs $network
# Default-Start:2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description:OpenAFS file and database server manager
# Description: Starts, stops, or restarts the OpenAFS bosserver,
# which is the process that starts and manages the
# OpenAFS file server or database servers depending on
# its configuration.
### END INIT INFO
#
# skeleton example file to build /etc/init.d/ scripts.
# This file should be used to construct scripts for /etc/init.d.
#
# Written by Miquel van Smoorenburg [EMAIL PROTECTED].
# Modified for Debian GNU/Linux
# by Ian Murdock [EMAIL PROTECTED].
#
# Version: @(#)skeleton 1.8 03-Mar-1998 [EMAIL PROTECTED]
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/bosserver
DAEMON_ARGS=
NAME=bosserver
DESC=AFS Server
exec 3/dev/null
exec /dev/null
test -f $DAEMON || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/openafs-fileserver ] . /etc/default/openafs-fileserver
case $1 in
start)
echo -n Starting $DESC:
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
--exec $DAEMON -- $DAEMON_ARGS
echo $NAME.
;;
stop)
echo -n Stopping $DESC:
bos shutdown localhost -wait -localauth
start-stop-daemon --stop --quiet \
--user root --name bosserver
echo $NAME.
;;
#reload)
#
# If the daemon can reload its config files on the fly
# for example by sending it SIGHUP, do it here.
#
# If the daemon responds to changes in its config file
# directly anyway, make this a do-nothing entry.
#
# echo Reloading $DESC configuration files.
# start-stop-daemon --stop --signal 1 --quiet --pidfile \
# /var/run/$NAME.pid --exec $DAEMON
#;;
restart|force-reload)
#
# If the reload option is implemented, move the force-reload
# option to the reload entry above. If not, force-reload is
# just the same as restart.
#
echo -n Restarting $DESC:
if pidof $DAEMON /dev/null ; then
bos restart localhost -localauth -bos
else
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
--exec $DAEMON -- $DAEMON_ARGS
fi
sleep 1
echo $NAME.
;;
*)
N=/etc/init.d/$NAME
# echo Usage: $N {start|stop|restart|reload|force-reload} 2
echo Usage: $N {start|stop|restart|force-reload} 2
exit 1
;;
esac
exit 0
# Default settings for the openafs bosserver
# This file is sourced by /etc/init.d/openafs-fileserver
# Uncomment this to get the bosserver log to syslog
# Try 'bosserver -help' to get all available options.
#DAEMON_ARGS='-syslog'
Bug#382458: libldap2 expect ldapi-socket on wrong place
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Package: libldap2 Version: 2.1.30-13+b1 I try this in the actual testing version of debian (etch). I think on sarge the problem don't exists. Heimdal-kdc can use ldap-backend over local socket (ldapi:///). Heimdal uses the libldap2, where the socket is expectet in /var/run/ldapi. But the actual version of slapd in etch (2.3.24-2) places the socket in /var/run/slapd/ldapi. This is why the place is changed in this version of slapd and the both packages where build from different version of the openldap source: $ apt-src install slapd Hole:1 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (dsc) [1193B] Hole:2 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (tar) [3756kB] Hole:3 http://ftp.de.debian.org etch/main openldap2.3 2.3.24-2 (diff) [132kB] $ apt-src install libldap2 Hole:1 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (dsc) [972B] Hole:2 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (tar) [2045kB] Hole:3 http://ftp.de.debian.org etch/main openldap2 2.1.30-13 (diff) [456kB] Best regards Thomas Sesselmann - -- Dipl.-Inf. Thomas Sesselmann Kirchhoff-Institut fuer Physik Universitaet Heidelberg INF227 / D-69120 Heidelberg E-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3C6FEQVslJOS5UsRAs5ZAJ4mFQcAdaVV4Hw8E2eZwONEzhHV0QCgt/z4 WJzkn2dGi1N3c0QC3Pd6IK8= =mU6B -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
