Bug#692936: "No remote address supplied" after a while
On Sat, Nov 17, 2012 at 06:26:13PM -0500, Antoine Beaupré wrote: > Package: openvpn-auth-ldap > Version: 2.0.3-4 > Followup-For: Bug #692936 > > Hum. It seems that this packaging is failing to build on kfreebsd, and for > good reasons: > > https://buildd.debian.org/status/fetch.php?pkg=openvpn-auth-ldap&arch=kfreebsd-amd64&ver=2.0.3-4&stamp=1352718255 > > auth-ldap.m:538:4: error: 'ret' undeclared (first use in this function) > > I don't know how I missed this, or why this is building here, but it > shouldn't build. > > Here's a new patch that fixes that compile error. > > A. Thanks! Just uploaded. -- Alberto Gonzalez Iniesta| Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred| http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#692936: "No remote address supplied" after a while
Package: openvpn-auth-ldap
Version: 2.0.3-4
Followup-For: Bug #692936
Hum. It seems that this packaging is failing to build on kfreebsd, and for good
reasons:
https://buildd.debian.org/status/fetch.php?pkg=openvpn-auth-ldap&arch=kfreebsd-amd64&ver=2.0.3-4&stamp=1352718255
auth-ldap.m:538:4: error: 'ret' undeclared (first use in this function)
I don't know how I missed this, or why this is building here, but it shouldn't
build.
Here's a new patch that fixes that compile error.
A.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_CA.UTF-8)
Shell: /bin/sh linked to /bin/dash
Description: move address checks further down to avoid certain failures
this tries to avoid certain failures with the LDAP plugin where it
doesn't get passed the remoteAddress in certain cases. since we do
may not care about this address, we fail only when really necessary.
Author: Antoine Beaupr?
Origin: vendor
Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4
Bug-Debian: http://bugs.debian.org/692936
Forwarded: yes
Last-Update: 2012-11-10
--- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m
+++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m
@@ -533,7 +533,10 @@ static int handle_client_connect_disconn
}
if (tableName)
- if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
+ if (!remoteAddress) {
+ [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
+ return OPENVPN_PLUGIN_FUNC_ERROR;
+ } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
return OPENVPN_PLUGIN_FUNC_ERROR;
#endif /* HAVE_PF */
@@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
break;
/* New connection established */
case OPENVPN_PLUGIN_CLIENT_CONNECT:
- if (!remoteAddress) {
-[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
-ret = OPENVPN_PLUGIN_FUNC_ERROR;
- } else {
-ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
- }
+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
break;
case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- if (!remoteAddress) {
-[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."];
-ret = OPENVPN_PLUGIN_FUNC_ERROR;
- } else {
-ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
- }
+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
break;
default:
[TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type];
Bug#692936: "No remote address supplied" after a while
tags 692936 + patch
thanks
Here's the patch I have submitted upstream.
Description: move address checks further down to avoid certain failures
this tries to avoid certain failures with the LDAP plugin where it
doesn't get passed the remoteAddress in certain cases. since we do
may not care about this address, we fail only when really necessary.
Author: Antoine Beaupré
Origin: vendor
Bug: https://code.google.com/p/openvpn-auth-ldap/issues/detail?id=4
Bug-Debian: http://bugs.debian.org/692936
Forwarded: yes
Last-Update: 2012-11-10
--- openvpn-auth-ldap-2.0.3.orig/src/auth-ldap.m
+++ openvpn-auth-ldap-2.0.3/src/auth-ldap.m
@@ -533,7 +533,10 @@ static int handle_client_connect_disconn
}
if (tableName)
- if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
+ if (!remoteAddress) {
+ [TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
+ ret = OPENVPN_PLUGIN_FUNC_ERROR;
+ } else if (!pf_client_connect_disconnect(ctx, tableName, remoteAddress, connecting))
return OPENVPN_PLUGIN_FUNC_ERROR;
#endif /* HAVE_PF */
@@ -587,20 +590,10 @@ openvpn_plugin_func_v1(openvpn_plugin_ha
break;
/* New connection established */
case OPENVPN_PLUGIN_CLIENT_CONNECT:
- if (!remoteAddress) {
-[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT)."];
-ret = OPENVPN_PLUGIN_FUNC_ERROR;
- } else {
-ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
- }
+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, YES);
break;
case OPENVPN_PLUGIN_CLIENT_DISCONNECT:
- if (!remoteAddress) {
-[TRLog debug: "No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_DISCONNECT)."];
-ret = OPENVPN_PLUGIN_FUNC_ERROR;
- } else {
-ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
- }
+ ret = handle_client_connect_disconnect(ctx, ldap, ldapUser, remoteAddress, NO);
break;
default:
[TRLog debug: "Unhandled plugin type in OpenVPN LDAP Plugin (type=%d)", type];
We are running this in production now. I'd be happy to NMU this if there are no
objections.
A.
--
Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208
pgpR48eI03LAX.pgp
Description: PGP signature
Bug#692936: "No remote address supplied" after a while
Package: openvpn-auth-ldap Version: 2.0.3-1 Severity: grave After using this plugin for a while and seeing a few connexions (from less than 10 clients at a time!), I get this: Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: No remote address supplied to OpenVPN LDAP Plugin (OPENVPN_PLUGIN_CLIENT_CONNECT). Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: anarcat/72.0.72.144:62578 PLUGIN_CALL: plugin function PLUGIN_CLIENT_CONNECT failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so Nov 10 21:40:25 vpn0 ovpn-public-auth[10087]: anarcat/72.0.72.144:62578 WARNING: client-connect plugin call failed I am working on a patch. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_CA.UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
