Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP groups can be made from Linux groups #7

Open
lpanayioto opened this issue Aug 4, 2020 · 2 comments
Open

LDAP groups can be made from Linux groups #7

lpanayioto opened this issue Aug 4, 2020 · 2 comments

Comments

@lpanayioto
Copy link

lpanayioto commented Aug 4, 2020
edited
Loading

LDAP Groups can be made from the linux groups in /etc/group

Unexpected behavior you saw
a linux group like bmcweb::1002 can be used to create a webui LDAP group if the LDAP user has the same group id 1002

Expected behavior
Only LDAP server groups can be used for webui LDAP groups

To Reproduce

  1. login to bmc webui
  2. navigate to Access->LDAP
  3. connect to the LDAP server
  4. test the login with an LDAP user; should be noAccess
  5. add the webui LDAP group bmcweb
  6. change the LDAP user's group id number to the same as the linux group bmcweb (can be found at /etc/group on the bmc)
  7. test the login with the LDAP user
@kingzmm
Copy link

kingzmm commented Jan 14, 2021

@lpanayioto How to set up ldap service so that users in ldap can log in successfully

@trevor-cockrell
Copy link

This is a result of the nsswitch.conf file being configured by default to lookup local groups prior to LDAP groups. You can avoid this by making sure that your LDAP gidNumbers don't match up with any of the groups in /etc/group.

Another option if you really want to use values that are already claimed by local groups is to edit the /etc/nsswitch.conf and modify the line

group:          files ldap

to instead look like

group:          ldap files

and then rebooting for the new configuration to take effect. This will then lookup groups externally before checking internally.

dkodihal pushed a commit to NVIDIA/phosphor-user-manager that referenced this issue May 7, 2024
Add support for event loop to over come memory leak errors by CI
ef4c4d6 
```
Changes Added : Added event loop support in test code

problem : After adding support for sending events from phosphor-user-manager it is obsderved that it is calling sendEvent which internally calls async_send_handler and allocates memeory for context
since the event loop is not present in test code, callback is never called and
the CI was throwing memory leak error

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7ffa787b91e7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    openbmc#1 0x7ffa77ad6383 in operator() /usr/local/include/sdbusplus/asio/detail/async_send_handler.hpp:40
    openbmc#2 0x7ffa77ad6383 in async_send<sdbusplus::asio::connection::async_method_call_timed<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >
    (phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>&&, const string&, const string&, const string&, const string&, uint64_t, const std::__cxx11::basic_string<char>&, const std::__cxx11::basic_string<char>&, const std::map<std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> >&)::<lambda(boost::system::error_code, sdbusplus::message_t&)> > /usr/local/include/sdbusplus/asio/connection.hpp:98
    openbmc#3 0x7ffa77ad6383 in async_method_call_timed<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > > /usr/local/include/sdbusplus/asio/connection.hpp:192
    openbmc#4 0x7ffa77ad6383 in async_method_call<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > > /usr/local/include/sdbusplus/asio/connection.hpp:221
    openbmc#5 0x7ffa77ad6383 in phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/redfish_event_log.cpp:112
    openbmc#6 0x55dfba9084a3 in phosphor::certs::Manager::replaceCertificate(phosphor::certs::Certificate*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../certs_manager.cpp:493
    openbmc#7 0x55dfba8ab09d in phosphor::certs::Certificate::replace(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../certificate.cpp:315
    openbmc#8 0x55dfba7981e0 in TestBody ../test/certs_manager_test.cpp:677
    openbmc#9 0x7ffa786e3f2e in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /googletest-662fe38e44900c007eccb65a5d2ea19df7bd520e/googletest/src/gtest.cc:2607
    openbmc#10 0x7ffa786e3f2e in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /googletest-662fe38e44900c007eccb65a5d2ea19df7bd520e/googletest/src/gtest.cc:2643

```

Solution : The memory leak error was thrown because the
memory allocated by "async_send_handler" in sdbusplus was not getting de-allocated
because the callback is never getting called called since there was no event loop
present in test code.

Added event loop support in test code

Fixes jira https://jirasw.nvidia.com/browse/DGXOPENBMC-8881
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lpanayioto @trevor-cockrell @kingzmm