Bug#692936: "No remote address supplied" after a while
On Sat, Nov 17, 2012 at 06:26:13PM -0500, Antoine Beaupré wrote: > Package: openvpn-auth-ldap > Version: 2.0.3-4 > Followup-For: Bug #692936 > > Hum. It seems that this packaging is failing to build on kfreebsd, and for > good reasons: > > https://buildd.debian.org/status/fetch.php?pkg=openvpn-auth-ldap&arch=kfreebsd-amd64&ver=2.0.3-4&stamp=1352718255 > > auth-ldap.m:538:4: error: 'ret' undeclared (first use in this function) > > I don't know how I missed this, or why this is building here, but it > shouldn't build. > > Here's a new patch that fixes that compile error. > > A. Thanks! Just uploaded. -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692936: "No remote address supplied" after a while
Package: openvpn-auth-ldap Version: 2.0.3-4 Followup-For: Bug #692936 Hum. It seems that this packaging is failing to build on kfreebsd, and for good reasons: https://buildd.debian.org/status/fetch.php?pkg=openvpn-auth-ldap&arch=kfreebsd-amd64&ver=2.0.3-4&stamp=1352718255 auth-ldap.m:538:4: error: 'ret' undeclared (first use in this function) I don't know how I missed this, or why this is building here, but it shouldn't build. Here's a new patch that fixes that compile error. A. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8) Shell: /bin/sh linked to /bin/dash Description: move address checks further down to avoid certain failures this tries to avoid certain failures with the LDAP plugin where it doesn't get passed the remoteAddress in certain cases. since we do may not care about this address, we fail only when really necessary. Author: Antoine Beaupr? Origin: vendor Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4 Bug-Debian: http://bugs.debian.org/692936 Forwarded: yes Last-Update: 2012-11-10 --- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m +++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m @@ -533,7 +533,10 @@ static int handle_client_connect_disconn } if (tableName) - if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) + if (!remoteAddress) { + [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; + return OPENVPN_PLUGIN_FUNC_ERROR; + } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) return OPENVPN_PLUGIN_FUNC_ERROR; #endif /* HAVE_PF */ @@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha break; /* New connection established */ case OPENVPN_PLUGIN_CLIENT_CONNECT: - if (!remoteAddress) { -[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; -ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { -ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); break; case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - if (!remoteAddress) { -[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."]; -ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { -ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); break; default: [TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type];
Bug#692936: "No remote address supplied" after a while
tags 692936 + patch thanks Here's the patch I have submitted upstream. Description: move address checks further down to avoid certain failures this tries to avoid certain failures with the LDAP plugin where it doesn't get passed the remoteAddress in certain cases. since we do may not care about this address, we fail only when really necessary. Author: Antoine Beaupré Origin: vendor Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4 Bug-Debian: http://bugs.debian.org/692936 Forwarded: yes Last-Update: 2012-11-10 --- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m +++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m @@ -533,7 +533,10 @@ static int handle_client_connect_disconn } if (tableName) - if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) + if (!remoteAddress) { + [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; + ret = OPENVPN_PLUGIN_FUNC_ERROR; + } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting)) return OPENVPN_PLUGIN_FUNC_ERROR; #endif /* HAVE_PF */ @@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha break; /* New connection established */ case OPENVPN_PLUGIN_CLIENT_CONNECT: - if (!remoteAddress) { -[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."]; -ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { -ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES); break; case OPENVPN_PLUGIN_CLIENT_DISCONNECT: - if (!remoteAddress) { -[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."]; -ret = OPENVPN_PLUGIN_FUNC_ERROR; - } else { -ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); - } + ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO); break; default: [TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type]; We are running this in production now. I'd be happy to NMU this if there are no objections. A. -- Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208 pgpR48eI03LAX.pgp Description: PGP signature
Bug#692936: "No remote address supplied" after a while
Package: openvpn-auth-ldap Version: 2.0.3-1 Severity: grave After using this plugin for a while and seeing a few connexions (from less than 10 clients at a time!), I get this: Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT). Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: anarcat/72.0.72.144:62578 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: anarcat/72.0.72.144:62578 WARNING: client-connect plugin call failed I am working on a patch. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org