[Fedora-directory-devel] Trouble with downloading ds
by Dmitriy Muzalevskiy
Good day!
I would like to try Fedora Directory Server product, but I have strange
problem with downloading it.
After downloading of a few percents of file (by any downloader),
connection terminated and can't be resume. As result, I must to starting
downloading from begin again and again and again... Without success.
Some information: I living in Kazakhstan, CIS, working in software
development company. We use just Linux OS'es in our client - server
applications. Our development process based on Fedora Core OS family. As
system engeneer, I very interesting in trying Fedora Directory Server
(for FC - 3/RHELAS - 4 OS versions).
Can you help me by some hint?
Sorry for my poor english.
With best regards: Dmitriy Muzalevskiy, VAN Company, Ltd.
18 years, 2 months
[Fedora-directory-devel] Resend: Please review: make PAM passthru plugin thread safe
by Rich Megginson
Since PAM is not thread safe, only 1 thread at a time may access the PAM
API. This fix adds a mutex around the critical section where we call
all of the PAM functions. I've also added another init function which
is used to create the mutex. This has been tested on RHEL4 under a
moderate load and seems to work fine.
Index: pam_passthru.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_passthru.h,v
retrieving revision 1.4
diff -u -8 -r1.4 pam_passthru.h
--- pam_passthru.h 19 Apr 2005 22:07:30 -0000 1.4
+++ pam_passthru.h 6 Jul 2005 22:20:33 -0000
@@ -126,11 +126,12 @@
*/
int pam_passthru_config( Slapi_Entry *config_e );
Pam_PassthruConfig *pam_passthru_get_config( void );
int pam_passthru_check_suffix(Pam_PassthruConfig *cfg, char *binddn);
/*
* pam_ptimpl.c
*/
+int pam_passthru_pam_init( void );
int pam_passthru_do_pam_auth(Slapi_PBlock *pb, Pam_PassthruConfig *cfg);
#endif /* _PAM_PASSTHRU_H_ */
Index: pam_ptimpl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c,v
retrieving revision 1.7
diff -u -8 -r1.7 pam_ptimpl.c
--- pam_ptimpl.c 19 Apr 2005 22:07:30 -0000 1.7
+++ pam_ptimpl.c 6 Jul 2005 22:20:33 -0000
@@ -34,16 +34,21 @@
* Copyright (C) 2005 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include <security/pam_appl.h>
#include "pam_passthru.h"
+/*
+ * PAM is not thread safe. We have to execute any PAM API calls in
+ * a critical section. This is the lock that protects that code.
+ */
+static Slapi_Mutex *PAMLock;
/* Utility struct to wrap strings to avoid mallocs if possible - use
stack allocated string space */
#define MY_STATIC_BUF_SIZE 256
typedef struct my_str_buf {
char fixbuf[MY_STATIC_BUF_SIZE];
char *str;
} MyStrBuf;
@@ -266,16 +271,18 @@
} else {
init_my_str_buf(&pam_id, binddn);
}
/* do the pam stuff */
my_data.pb = pb;
my_data.pam_identity = pam_id.str;
my_pam_conv.appdata_ptr = &my_data;
+ slapi_lock_mutex(PAMLock);
+ /* from this point on we are in the critical section */
rc = pam_start(pam_service, pam_id.str, &my_pam_conv, &pam_handle);
report_pam_error("during pam_start", rc, pam_handle);
if (rc == PAM_SUCCESS) {
/* use PAM_SILENT - there is no user interaction at this point */
rc = pam_authenticate(pam_handle, 0);
report_pam_error("during pam_authenticate", rc, pam_handle);
/* check different types of errors here */
@@ -346,16 +353,18 @@
errmsg = PR_smprintf("Unknown PAM error [%s] for user id [%s], bind DN [%s]",
pam_strerror(pam_handle, rc), pam_id.str, escape_string(binddn, buf));
retcode = LDAP_OPERATIONS_ERROR; /* unknown */
}
}
rc = pam_end(pam_handle, rc);
report_pam_error("during pam_end", rc, pam_handle);
+ slapi_unlock_mutex(PAMLock);
+ /* not in critical section any more */
delete_my_str_buf(&pam_id);
if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {
errmsg = PR_smprintf("Unknown PAM error [%d] for user id [%d], bind DN [%s]",
rc, pam_id.str, escape_string(binddn, buf));
retcode = LDAP_OPERATIONS_ERROR;
}
@@ -371,16 +380,30 @@
if (errmsg) {
PR_smprintf_free(errmsg);
}
return retcode;
}
/*
+ * Perform any PAM subsystem initialization that must be done at startup time.
+ * For now, this means only the PAM mutex since PAM is not thread safe.
+ */
+int
+pam_passthru_pam_init( void )
+{
+ if (!(PAMLock = slapi_new_mutex())) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return 0;
+}
+
+/*
* Entry point into the PAM auth code. Shields the rest of the app
* from PAM API code. Get our config params, then call the actual
* code that does the PAM auth. Can call that code up to 3 times,
* depending on what methods are set in the config.
*/
int
pam_passthru_do_pam_auth(Slapi_PBlock *pb, Pam_PassthruConfig *cfg)
{
Index: pam_ptpreop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptpreop.c,v
retrieving revision 1.4
diff -u -8 -r1.4 pam_ptpreop.c
--- pam_ptpreop.c 19 Apr 2005 22:07:30 -0000 1.4
+++ pam_ptpreop.c 6 Jul 2005 22:20:33 -0000
@@ -123,16 +123,22 @@
}
if (( rc = pam_passthru_config( config_e )) != LDAP_SUCCESS ) {
slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"configuration failed (%s)\n", ldap_err2string( rc ));
return( -1 );
}
+ if (( rc = pam_passthru_pam_init()) != LDAP_SUCCESS ) {
+ slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
+ "could not initialize PAM subsystem (%d)\n", rc);
+ return( -1 );
+ }
+
return( 0 );
}
/*
* Called right before the Directory Server shuts down.
*/
static int
18 years, 2 months
Re: [Fedora-directory-devel] Re: [Fedora-directory-users] Problems building on HP-UX 11i
by Marko Asplund
Ulf wrote:
> Hello Marko. I have updated the HP-UX required compilers list.
>
> For the seg fault in ccom, I'm not sure. There have been many such
> bugs
> fixed but it looks like you're using the latest patches. I will look
> around to see if I can get B.11.11.12.
>
> One thing I notice is that my build complains about and ignores the
> mix
> of -g and -O:
> cc -Ae -o ldapsearch.o -c +ESlit +DA2.0W +DS2.0 -O -g +Z
> -DDEBUG_ulf -DDEBUG=1 <...>
> cc: warning 483: The DOC (Debug of Optimized Code) option is
> unavailable with the PA64 compiler; ignored.
> Your build seems to be successfully compiling with DOC until the
> crash.
> Can you try disabling that by making distclean and rerunning configure
> adding "--disable-debug"?
Ulf,
thanks for updating the compilers list. it might be good to also
mention compiler version numbers for reference.
our server is inaccessible right now so it'll take a while until i'll
be able to test your suggestion above.
i was rebuilding the kernel on the system and the rebuild failed for
some reason, and it doesn't boot at the moment. there were some
symptoms which might have been caused by a hardware memory problem,
so the ccom seg fault might have been related to that as well. i'll
look into this later on but it'll take a few weeks ('till i get back
to the office).
br. aspa
18 years, 2 months
[Fedora-directory-devel] Re: [Fedora-directory-users] Problems building on HP-UX 11i
by Marko Asplund
ulf wrote:
> Hello Marko. It wants both aC++ and the ANSI C compiler as you
> suspected. It compiles successfully with these versions on 11i v1:
> B3901BA B.11.11.01 HP C/ANSI C Developer's Bundle for HP-UX 11.00
> (S800)
> B3913DB C.03.26 HP aC++ Compiler (S800)
>
> Is there anything revealing in config.log about why your aCC isn't
> working? I don't remember any C++ code in NSS or NSPR but aCC will be
> required to build other components like libICU, so it will need to be
> functional at some point anyway.
>
> BTW, lets move to the fedora-directory-devel list...
i didn't have the HP aC++ Compiler installed when i first tried the
build. after installing it i'm able to successfully compile NSS.
here's a description of my compiler setup:
- HP C/ANSI C compiler B.11.11.12
- HP aC++ Compiler C.03.63
- ANSI C Compiler patches PHSS_32509 and PHSS_32510
could you modify the build page compiler section (http://
directory.fedora.redhat.com/wiki/Building) so that it says both of
the above compilers are required in order to build the server on HP-UX.
it might be good to remove the aCC dependency from the Mozilla
components at some point if it's not really needed.
now, i've managed to compile nss and svrcore but the c-sdk build
fails with the following error message:
cc: error 1405: "/opt/ansic/lbin/ccom" terminated abnormally with
signal 11.
gmake[2]: *** [ldapsearch.o] Error 9
i'm attaching a full typescript to this email. i'm using the Mozilla
components from http://directory.fedora.redhat.com/sources/mozilla-
components.tar.gz.
any ideas on what's going wrong?
br. aspa
18 years, 2 months
[Fedora-directory-devel] Please review: make PAM passthru plugin thread safe
by Rich Megginson
Since PAM is not thread safe, only 1 thread at a time may access the PAM
API. This fix adds a mutex around the critical section where we call
all of the PAM functions. I've also added another init function which
is used to create the mutex. This has been tested on RHEL4 under a
moderate load and seems to work fine.
Index: pam_passthru.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_passthru.h,v
retrieving revision 1.4
diff -u -8 -r1.4 pam_passthru.h
--- pam_passthru.h 19 Apr 2005 22:07:30 -0000 1.4
+++ pam_passthru.h 6 Jul 2005 22:20:33 -0000
@@ -126,11 +126,12 @@
*/
int pam_passthru_config( Slapi_Entry *config_e );
Pam_PassthruConfig *pam_passthru_get_config( void );
int pam_passthru_check_suffix(Pam_PassthruConfig *cfg, char *binddn);
/*
* pam_ptimpl.c
*/
+int pam_passthru_pam_init( void );
int pam_passthru_do_pam_auth(Slapi_PBlock *pb, Pam_PassthruConfig *cfg);
#endif /* _PAM_PASSTHRU_H_ */
Index: pam_ptimpl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptimpl.c,v
retrieving revision 1.7
diff -u -8 -r1.7 pam_ptimpl.c
--- pam_ptimpl.c 19 Apr 2005 22:07:30 -0000 1.7
+++ pam_ptimpl.c 6 Jul 2005 22:20:33 -0000
@@ -34,16 +34,21 @@
* Copyright (C) 2005 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
#include <security/pam_appl.h>
#include "pam_passthru.h"
+/*
+ * PAM is not thread safe. We have to execute any PAM API calls in
+ * a critical section. This is the lock that protects that code.
+ */
+static Slapi_Mutex *PAMLock;
/* Utility struct to wrap strings to avoid mallocs if possible - use
stack allocated string space */
#define MY_STATIC_BUF_SIZE 256
typedef struct my_str_buf {
char fixbuf[MY_STATIC_BUF_SIZE];
char *str;
} MyStrBuf;
@@ -266,16 +271,18 @@
} else {
init_my_str_buf(&pam_id, binddn);
}
/* do the pam stuff */
my_data.pb = pb;
my_data.pam_identity = pam_id.str;
my_pam_conv.appdata_ptr = &my_data;
+ slapi_lock_mutex(PAMLock);
+ /* from this point on we are in the critical section */
rc = pam_start(pam_service, pam_id.str, &my_pam_conv, &pam_handle);
report_pam_error("during pam_start", rc, pam_handle);
if (rc == PAM_SUCCESS) {
/* use PAM_SILENT - there is no user interaction at this point */
rc = pam_authenticate(pam_handle, 0);
report_pam_error("during pam_authenticate", rc, pam_handle);
/* check different types of errors here */
@@ -346,16 +353,18 @@
errmsg = PR_smprintf("Unknown PAM error [%s] for user id [%s], bind DN [%s]",
pam_strerror(pam_handle, rc), pam_id.str, escape_string(binddn, buf));
retcode = LDAP_OPERATIONS_ERROR; /* unknown */
}
}
rc = pam_end(pam_handle, rc);
report_pam_error("during pam_end", rc, pam_handle);
+ slapi_unlock_mutex(PAMLock);
+ /* not in critical section any more */
delete_my_str_buf(&pam_id);
if ((retcode == LDAP_SUCCESS) && (rc != PAM_SUCCESS)) {
errmsg = PR_smprintf("Unknown PAM error [%d] for user id [%d], bind DN [%s]",
rc, pam_id.str, escape_string(binddn, buf));
retcode = LDAP_OPERATIONS_ERROR;
}
@@ -371,16 +380,30 @@
if (errmsg) {
PR_smprintf_free(errmsg);
}
return retcode;
}
/*
+ * Perform any PAM subsystem initialization that must be done at startup time.
+ * For now, this means only the PAM mutex since PAM is not thread safe.
+ */
+int
+pam_passthru_pam_init( void )
+{
+ if (!(PAMLock = slapi_new_mutex())) {
+ return LDAP_LOCAL_ERROR;
+ }
+
+ return 0;
+}
+
+/*
* Entry point into the PAM auth code. Shields the rest of the app
* from PAM API code. Get our config params, then call the actual
* code that does the PAM auth. Can call that code up to 3 times,
* depending on what methods are set in the config.
*/
int
pam_passthru_do_pam_auth(Slapi_PBlock *pb, Pam_PassthruConfig *cfg)
{
Index: pam_ptpreop.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/pam_passthru/pam_ptpreop.c,v
retrieving revision 1.4
diff -u -8 -r1.4 pam_ptpreop.c
--- pam_ptpreop.c 19 Apr 2005 22:07:30 -0000 1.4
+++ pam_ptpreop.c 6 Jul 2005 22:20:33 -0000
@@ -123,16 +123,22 @@
}
if (( rc = pam_passthru_config( config_e )) != LDAP_SUCCESS ) {
slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
"configuration failed (%s)\n", ldap_err2string( rc ));
return( -1 );
}
+ if (( rc = pam_passthru_pam_init()) != LDAP_SUCCESS ) {
+ slapi_log_error( SLAPI_LOG_FATAL, PAM_PASSTHRU_PLUGIN_SUBSYSTEM,
+ "could not initialize PAM subsystem (%d)\n", rc);
+ return( -1 );
+ }
+
return( 0 );
}
/*
* Called right before the Directory Server shuts down.
*/
static int
18 years, 2 months
