[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems with netgroups and ldap.
From: |
Mark Keller |
Subject: |
Re: Problems with netgroups and ldap. |
Date: |
Fri, 8 Apr 2005 10:12:21 -0700 |
User-agent: |
KMail/1.8 |
>> Mark, this sounds odd. Nothing has changed here in the cfengine code for
> many years. I don't think the innetgr function is portable. It looks
> solarissy. Have you tried doing an strace (truss) to see exactly what it
> gets stuck on?
>
The innetgr function seems to be on Solaris, Redhat EL3, Fedora, HPUX 11,
FreeBSD, and Mac OS X in netdb.h (just doing a quick google search anyhow). I
suppose it might not be on all OS's though. Am-utils uses it exclusively for
netgroup calls for all OS's it supports and so does pam_access, which are
working for me.
So I added a couple of debug statements to the original code:
case netgroup: setnetgrent(ebuff);
Debug1("set netgroup to %s\n",ebuff);
while (getnetgrent(&machine,&user,&domain))
{
Debug1("getnetgrent m = %s, u = %s, d = %s in netgroup
%s\n",machine,user,domain,ebuff);
if (strcmp(machine,VDEFAULTBINSERVER.name) == 0)
{
Debug1("Matched %s in netgroup %s\n",machine,ebuff);
AddClassToHeap(GROUPBUFF);
break;
}
...truncated...
}
endnetgrent();
break;
Running "cfagent -Bvq -d1", I get the following:
....truncated.....
==============================BEGIN NEW ACTION Groups:=============
Resetting CLASS to ANY
LVALUE betahosts
HandleLVALUE(betahosts) in action Groups:
EQUALS =
LEFTBRACK
RVAL-VAROBJ address@hidden
HandleGroupRvalue(address@hidden)
Netgroup rval, lookup NIS group (ops-beta-sos5)
ExpandVarstring(ops-beta-sos5)
HandleGroupRVal(ops-beta-sos5) group (betahosts), type=1
set netgroup to ops-beta-sos5
cfengine:: Time out
It takes a couple of minutes before I get the "Time out" error and then
cfagent just sits there for an extremely long time.
Now Running "truss -f cfagent -Bvq -d1", I get the following:
....truncated.......
8328: write(5, "160301\08610\0\082\0809F".., 182) = 182
8328: read(5, "140301\001", 5) = 5
8328: read(5, "01", 1) = 1
8328: read(5, "160301\0 ", 5) = 5
8328: read(5, " O 09D12 G1EF981 kF59D b".., 32) = 32
8328: time() = 1112978413
8328: write(5, "170301\01ED8 ]BE 3 =B0 ]".., 35) = 35
8328: time() = 1112978413
8328: poll(0xFFBF9708, 1, 30000) = 1
8328: read(5, "170301\01E", 5) = 5
8328: read(5, "C8C5A8C1EB N $1A19 g H05".., 30) = 30
8328: time() = 1112978413
8328: setsockopt(5, SOL_SOCKET, SO_KEEPALIVE, 0xFFBFB8D0, 4, 1) = 0
8328: fcntl(5, F_SETFD, 0x00000001) = 0
8328: getsockname(5, 0xFEFF00C0, 0xFFBFB8CC, 1) = 0
8328: getpeername(5, 0xFEFF00D0, 0xFFBFB8C8, 1) = 0
8328: time() = 1112978413
8328: getpid() = 8328 [8327]
8328: getuid() = 0 [0]
8328: time() = 1112978413
8328: write(5, "170301\095D58BA9\r FAE S".., 154) = 154
8328: poll(0xFFBF96B0, 1, -1) = 1
8328: read(5, "17030101 .", 5) = 5
8328: read(5, "\tF20215D380\0B3A41BDD83".., 302) = 302
8328: poll(0xFFBF96B0, 1, -1) = 1
8328: read(5, "170301\01E", 5) = 5
8328: read(5, "9CBC\b G02 [0691B2\nFBF0".., 30) = 30
8328: time() = 1112978413
8328: time() = 1112978413
8328: sigaction(SIGPIPE, 0xFFBFC0C0, 0x00000000) = 0
set netgroup to ops-beta-sos5
8328: write(1, " s e t n e t g r o u p".., 30) = 30
8328: sigaction(SIGPIPE, 0xFFBFC118, 0xFEFF10E0) = 0
8328: mmap(0x00000000, 110592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON,
-1, 0) = 0xFEDA0000
8328: lwp_park(0x00000000, 0) (sleeping...)
8328: Received signal #14, SIGALRM, in lwp_park() [caught]
8328: lwp_park(0x00000000, 0) Err#4 EINTR
8328: sigprocmask(SIG_SETMASK, 0xFFBFBC54, 0x00000000) = 0
8328: alarm(0) = 0
cfengine:: Time out
8328: write(1, " c f e n g i n e : : T".., 20) = 20
8328: sigprocmask(SIG_SETMASK, 0xFF07A074, 0xFFBFBA08) = 0
8328: lwp_unpark(1, 1) = 0
8328: setcontext(0xFFBFBA18)
8328: lwp_park(0x00000000, 0) = 0
8328: lwp_park(0x00000000, 0) (sleeping...)
Here is takes a couple of minutes between the first lwp_park and the "Time
out" error, then stays on the last lwp_park for an extremely long time. Might
be infinite, but it is at least hours. If you need more trussing please let
me know.
So to me seems like something is going wrong around the getnetgrent function.
I can't tell what might be the problem as my C coding/debugging is rusty. My
small test code using getnetgrent seems to work just fine.
Thanks,
Mark Keller