Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-13 Thread Martin Basti 



On 13.06.2016 15:54, thierry bordaz wrote:


The fix is good for me. ACK

thanks
thierry
On 06/13/2016 10:04 AM, Ludwig Krispenz wrote:

revised patch (v2) attached:
changed log level
fixed order of statements in freeing host list

On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty 
hostname.
You fix looks valid but I would prefer a log in FATAL rather in 
PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a 
slapi_ch_free on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the 
caller tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the 
end of the first iteration.

yes, line 852 and 853 should be switched


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not 
null but empty, so we may create an empty hostname.

|


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there 
is no reproducer yet. I do not really like this fix as it hides 
a probable corrupted data structure and would prefer to find the 
root cause.


But please review it, so we can commit it if there is no 
progress on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander







Pushed to master: 0b11b36bf215a351050280ab0b329ceda7a9dccf

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-13 Thread thierry bordaz 


The fix is good for me. ACK

thanks
thierry
On 06/13/2016 10:04 AM, Ludwig Krispenz wrote:

revised patch (v2) attached:
changed log level
fixed order of statements in freeing host list

On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty 
hostname.
You fix looks valid but I would prefer a log in FATAL rather in 
PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a 
slapi_ch_free on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the 
caller tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end 
of the first iteration.

yes, line 852 and 853 should be switched


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not 
null but empty, so we may create an empty hostname.

|


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is 
no reproducer yet. I do not really like this fix as it hides a 
probable corrupted data structure and would prefer to find the 
root cause.


But please review it, so we can commit it if there is no progress 
on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-13 Thread Ludwig Krispenz 

revised patch (v2) attached:
changed log level
fixed order of statements in freeing host list

On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a 
slapi_ch_free on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the 
caller tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end 
of the first iteration.

yes, line 852 and 853 should be switched


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not 
null but empty, so we may create an empty hostname.

|


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is 
no reproducer yet. I do not really like this fix as it hides a 
probable corrupted data structure and would prefer to find the 
root cause.


But please review it, so we can commit it if there is no progress 
on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

>From ec4a8967fa978c7b13a46e6e762a9354319400be Mon Sep 17 00:00:00 2001
From: Ludwig Krispenz 
Date: Mon, 13 Jun 2016 09:51:17 +0200
Subject: [PATCH] v2 - avoid crash in topology plugin when host list contains
 host with no hostname

ticket #5928

prevent a crash when dereferncing a NULL hostnam, log an error to help debugging
fix an incorrect order of statement when freeing a host list
---
 daemons/ipa-slapi-plugins/topology/topology_cfg.c | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/topology/topology_cfg.c b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
index 3ca61a8ea7c463c45f3dbf2e13a9790c5079e2d7..23b8eddfb5f6ef2d3167d7f10ebd6e5509b72a9c 100644
--- a/daemons/ipa-slapi-plugins/topology/topology_cfg.c
+++ b/daemons/ipa-slapi-plugins/topology/topology_cfg.c
@@ -452,6 +452,15 @@ ipa_topo_cfg_host_find(TopoReplica *tconf, char *findhost, int lock)
 
 if (lock) slapi_lock_mutex(tconf->repl_lock);
 for (host=tconf->hosts;host;host=host->next) {
+if (host->hostname == NULL) {
+/* this check is done to avoid a crash,
+ * for which the root cause is not yet known.
+ * Avoid the crash and log an error
+ */
+slapi_log_error(SLAPI_LOG_FATAL, IPA_TOPO_PLUGIN_SUBSYSTEM,
+"ipa_topo_cfg_host_find: found a NULL hostname in host list\n");
+continue;
+}
 if (!strcasecmp(host->hostname,findhost)) {
break;
 }
@@ -849,8 +858,8 @@ ipa_topo_cfg_replica_free(TopoReplica *tconf)
 while (host) {
 host_next = host->next;
 slapi_ch_free_string(&host->hostname);
-host = host_next;
 slapi_ch_free((void **)&host);
+host = host_next;
 }
 slapi_ch_free((void **)&tconf);
 }
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread thierry bordaz 



On 06/10/2016 05:56 PM, Ludwig Krispenz wrote:


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a 
slapi_ch_free on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the 
caller tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end 
of the first iteration.

yes, line 852 and 853 should be switched


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not 
null but empty, so we may create an empty hostname.

|


|You are definitely right there is no path that can lead to NULL 
hostname :-(


If we are unable to get a reproducible test case,
A crazy idea would be to do some internal rotating logging in a buffer 
on each events (add/del host, add/del segments...),
when the incoherency is detected, then dump the buffer into the error 
logs so that we would have more data to find the RC.



|

||


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is 
no reproducer yet. I do not really like this fix as it hides a 
probable corrupted data structure and would prefer to find the 
root cause.


But please review it, so we can commit it if there is no progress 
on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz 


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a slapi_ch_free 
on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the caller 
tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end 
of the first iteration.

yes, line 852 and 853 should be switched


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null 
but empty, so we may create an empty hostname.

|


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is 
no reproducer yet. I do not really like this fix as it hides a 
probable corrupted data structure and would prefer to find the root 
cause.


But please review it, so we can commit it if there is no progress 
on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz 


On 06/10/2016 05:41 PM, thierry bordaz wrote:



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a slapi_ch_free 
on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the caller 
tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end 
of the first iteration.


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null 
but empty, so we may create an empty hostname.

|


|newhost=  slapi_entry_attr_get_charptr(hostentry,"cn");
if  (newhost==  NULL)  return;

if there is no cn, it will not be added, if the cn is an empty value, the 
pointer is not NULL and it will not crash when dereferncing
|




||


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is 
no reproducer yet. I do not really like this fix as it hides a 
probable corrupted data structure and would prefer to find the root 
cause.


But please review it, so we can commit it if there is no progress 
on the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander




--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread thierry bordaz 



On 06/10/2016 05:23 PM, Ludwig Krispenz wrote:


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a slapi_ch_free 
on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the caller 
tconf is set to null, so should never be used again.


Yes you are right, it can not conduct to empty hostname into tconf.
However I think it can leak because host will be set to 0 at the end of 
the first iteration.


An other possibility is that in
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_util.c#n1449|
ipa_topo_util_init_hosts, 'cn' has an empty value. newhost is not null 
but empty, so we may create an empty hostname.

|


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is no 
reproducer yet. I do not really like this fix as it hides a probable 
corrupted data structure and would prefer to find the root cause.


But please review it, so we can commit it if there is no progress on 
the root cause.


Ludwig







--
Red Hat GmbH,http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread Ludwig Krispenz 


On 06/10/2016 04:44 PM, thierry bordaz wrote:

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

yes, of course that was my intention, copy paste :-)


Also I wonder if a reason of empty hostname could be a slapi_ch_free 
on it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.
but this frees the complete replica structure tconf and in the caller 
tconf is set to null, so should never be used again.


thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is no 
reproducer yet. I do not really like this fix as it hides a probable 
corrupted data structure and would prefer to find the root cause.


But please review it, so we can commit it if there is no progress on 
the root cause.


Ludwig







--
Red Hat GmbH, http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael Cunningham, Michael O'Neill, Eric 
Shander

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH 0023] topology plugins sigsev when adding a managed host

2016-06-10 Thread thierry bordaz 

Hi Ludwig,

I agree with you there is no path to add a host with an empty hostname.
You fix looks valid but I would prefer a log in FATAL rather in PLUGIN.

Also I wonder if a reason of empty hostname could be a slapi_ch_free on 
it but with the host remaining in the list.
Looking at 
https://git.fedorahosted.org/cgit/freeipa.git/tree/daemons/ipa-slapi-plugins/topology/topology_cfg.c#n852,

I wonder if the two lines 852 and 853 could lead to this situation.

thanks
thierry


On 06/10/2016 12:36 PM, Ludwig Krispenz wrote:

Hi,
the attached patch will prevent the crash reported in ticket #5928.

So far I do not understand how this situation can occur, there is no 
reproducer yet. I do not really like this fix as it hides a probable 
corrupted data structure and would prefer to find the root cause.


But please review it, so we can commit it if there is no progress on 
the root cause.


Ludwig





-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code