libnss-mysql-bg Bug (no IPv6 Support) #420

Closed
Cellebyte opened this Issue Apr 5, 2017 · 15 comments

Comments

Projects
None yet
4 participants
@Cellebyte

For Recreation.

  • libnss-mysql-bg on one Server
  • Mysql Server on another Server
  • assign ipv6 addresses to both Servers
  • edit the libnss-mysql.config host string
    to the dns name or ipv6 address of the Mysql Server
    libnss-mysql: _nss_mysql_is_same_sockaddr: Unhandled sin_family <<<- Error

Solution:

  • Add an alternative in the Switch Case from line 70 to 88
    Their is no option for IPv6 so default case screws whole program.
    Link to source code found on Sourceforge
@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Apr 6, 2017

Member

Well, we are not libnss-mysql and cannot fix bugs in their code

Member

d00p commented Apr 6, 2017

Well, we are not libnss-mysql and cannot fix bugs in their code

@d00p d00p closed this Apr 6, 2017

@Cellebyte

This comment has been minimized.

Show comment
Hide comment
@Cellebyte

Cellebyte Apr 10, 2017

libnss-mysql-bg-1.5-4

IPv6 support for libnss-mysql-bg

  • Addet IPv6 support
  • Fix seg faulting on wrong query
  • Fix a bug mentionend on Launchpad

Fixed .deb file

Fixed .deb-src

Original Repo

Sourceforge libnss-mysql-bg

Edited 11.04.17 02:27 added src package

Cellebyte commented Apr 10, 2017

libnss-mysql-bg-1.5-4

IPv6 support for libnss-mysql-bg

  • Addet IPv6 support
  • Fix seg faulting on wrong query
  • Fix a bug mentionend on Launchpad

Fixed .deb file

Fixed .deb-src

Original Repo

Sourceforge libnss-mysql-bg

Edited 11.04.17 02:27 added src package

@Dessa

This comment has been minimized.

Show comment
Hide comment
@Dessa

Dessa Apr 10, 2017

Contributor

i'll need the src deb for that so it can be properly integrated in the repo (need to rebuild for jessie+1 and possibly finally build it for the missing arches as well)

Contributor

Dessa commented Apr 10, 2017

i'll need the src deb for that so it can be properly integrated in the repo (need to rebuild for jessie+1 and possibly finally build it for the missing arches as well)

@Cellebyte

This comment has been minimized.

Show comment
Hide comment
@Cellebyte

Cellebyte Apr 11, 2017

src

  • it is on my account
  • i will integrate it with travis
  • you can clone everything

src

  • it is on my account
  • i will integrate it with travis
  • you can clone everything
@Cellebyte

This comment has been minimized.

Show comment
Hide comment
@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Apr 11, 2017

Member

No need to highlight, there are people sleeping at night you know...

Member

d00p commented Apr 11, 2017

No need to highlight, there are people sleeping at night you know...

@d00p d00p reopened this Apr 11, 2017

@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Apr 11, 2017

Member

Are you going to maintain that for longer?

Member

d00p commented Apr 11, 2017

Are you going to maintain that for longer?

@Cellebyte

This comment has been minimized.

Show comment
Hide comment
@Cellebyte

Cellebyte Apr 11, 2017

Don't know for now. You'll ship it with froxlor, so I'll think you distribute it.
I can fix bugs when I have time for this, but I will not maintain this package.

Cellebyte commented Apr 11, 2017

Don't know for now. You'll ship it with froxlor, so I'll think you distribute it.
I can fix bugs when I have time for this, but I will not maintain this package.

@Happy86

This comment has been minimized.

Show comment
Hide comment
@Happy86

Happy86 May 15, 2017

  • Just out of curiosity: Will the Froxlor (apt/...) repository[1] ship the patched version of libnss-mysql-bg?
  • And if so: How long will it take?

Also I am not sure if the definition of "maintain" is clear:

  • Package maintenance should be done by those who can change the files on the mirror server (aka who can connect via ssh to the repository server[1] ;-).
  • Code maintenance: Since the project seems to be abandoned[2] I think every patch that fixes bugs (plural) should be welcome.

As far as I see it the currently distributed[1] version segfaults and it does not support IPv6 which should be mandatory since 1998[3]. I currently test the patched version on 3 Debian Servers (1x Wheezy, 2xJessie) and it works fine.

[1] http://debian.froxlor.org/
[2] http://libnss-mysql.sourceforge.net/
[3] https://www.ietf.org/rfc/rfc2460.txt

Happy86 commented May 15, 2017

  • Just out of curiosity: Will the Froxlor (apt/...) repository[1] ship the patched version of libnss-mysql-bg?
  • And if so: How long will it take?

Also I am not sure if the definition of "maintain" is clear:

  • Package maintenance should be done by those who can change the files on the mirror server (aka who can connect via ssh to the repository server[1] ;-).
  • Code maintenance: Since the project seems to be abandoned[2] I think every patch that fixes bugs (plural) should be welcome.

As far as I see it the currently distributed[1] version segfaults and it does not support IPv6 which should be mandatory since 1998[3]. I currently test the patched version on 3 Debian Servers (1x Wheezy, 2xJessie) and it works fine.

[1] http://debian.froxlor.org/
[2] http://libnss-mysql.sourceforge.net/
[3] https://www.ietf.org/rfc/rfc2460.txt

@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p May 15, 2017

Member

Don't know if you knew but WE are not the libnss-mysql maintainers and do not intend to be. Next version will come with the alternative libnss-extrausers. If we provide a patched libnss-mysql ist unclear at the moment, reasons see first sentence.

Member

d00p commented May 15, 2017

Don't know if you knew but WE are not the libnss-mysql maintainers and do not intend to be. Next version will come with the alternative libnss-extrausers. If we provide a patched libnss-mysql ist unclear at the moment, reasons see first sentence.

@Happy86

This comment has been minimized.

Show comment
Hide comment
@Happy86

Happy86 May 15, 2017

I knew that you are not the maintainers of the source code.

But you provide a repository. And for me the definition of a package maintainer is someone that provides a package on a package repository.

Obviously this is all volunteer work and there is no guarantee of code maintenance or updated packages.

It would just be nice if you could take the work @Cellebyte and put it on your repository improving the lives of all Froxlor users in the meantime.

So until it is clear if Froxlor does the switch to libnss-extrausers you could just upload the patched package (which does not segfault) to your apt repository. :-)

Happy86 commented May 15, 2017

I knew that you are not the maintainers of the source code.

But you provide a repository. And for me the definition of a package maintainer is someone that provides a package on a package repository.

Obviously this is all volunteer work and there is no guarantee of code maintenance or updated packages.

It would just be nice if you could take the work @Cellebyte and put it on your repository improving the lives of all Froxlor users in the meantime.

So until it is clear if Froxlor does the switch to libnss-extrausers you could just upload the patched package (which does not segfault) to your apt repository. :-)

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jun 18, 2017

I strongly recommend the deprecation of libnss-mysql* usage with the upcoming froxlor versions. Since libnss-mysql-bg is unmaintained since 2005 (see sourceforge), potential security issues could arise very quickly. Also I discourage the approach of maintaining a Froxlor-version of the package.

Until someone comes up with a better solution, Froxlor could for example utilize libnss-ldapd and slapd with MySQL/MariaDB as a backend. Those packages are available and actively maintained in Debian 9 Stretch. But even this is no "clean" solution, as it requires messing with odbc drivers for openldap in order to query users and groups from mysql/mariadb.
https://packages.debian.org/de/stretch/libnss-ldapd
https://packages.debian.org/de/stretch/slapd

Switching to a different user management approach, would probably be the best solution. As far as I'm aware of, Froxlor currently requires libnss-mysql* only for chown'ing the www-roots, but all other services like proftpd, dovecot/postfix, etc. do not really need it, as they have built-in or alternate interfaces to mysql already. With this change, even secure ssh/scp could be easier integrated in Froxlor by using libpam-mysql , a chroot jail and a limited shell.

Kind Regards

ghost commented Jun 18, 2017

I strongly recommend the deprecation of libnss-mysql* usage with the upcoming froxlor versions. Since libnss-mysql-bg is unmaintained since 2005 (see sourceforge), potential security issues could arise very quickly. Also I discourage the approach of maintaining a Froxlor-version of the package.

Until someone comes up with a better solution, Froxlor could for example utilize libnss-ldapd and slapd with MySQL/MariaDB as a backend. Those packages are available and actively maintained in Debian 9 Stretch. But even this is no "clean" solution, as it requires messing with odbc drivers for openldap in order to query users and groups from mysql/mariadb.
https://packages.debian.org/de/stretch/libnss-ldapd
https://packages.debian.org/de/stretch/slapd

Switching to a different user management approach, would probably be the best solution. As far as I'm aware of, Froxlor currently requires libnss-mysql* only for chown'ing the www-roots, but all other services like proftpd, dovecot/postfix, etc. do not really need it, as they have built-in or alternate interfaces to mysql already. With this change, even secure ssh/scp could be easier integrated in Froxlor by using libpam-mysql , a chroot jail and a limited shell.

Kind Regards

@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Jun 19, 2017

Member

You do read announcements​ through right?

Member

d00p commented Jun 19, 2017

You do read announcements​ through right?

@d00p

This comment has been minimized.

Show comment
Hide comment
@d00p

d00p Jun 19, 2017

Member

Also, the Webserver and php-fpm/fcgid requires it... froxlor does not, WE are using the guid

Member

d00p commented Jun 19, 2017

Also, the Webserver and php-fpm/fcgid requires it... froxlor does not, WE are using the guid

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jun 19, 2017

You do read announcements​ through right?

Did miss that one out sorry.

Also, the Webserver and php-fpm/fcgid requires it... froxlor does not, WE are using the guid

Sorry, forgot about that. Thanks.

ghost commented Jun 19, 2017

You do read announcements​ through right?

Did miss that one out sorry.

Also, the Webserver and php-fpm/fcgid requires it... froxlor does not, WE are using the guid

Sorry, forgot about that. Thanks.

@d00p d00p closed this Aug 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment