Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Errormessages in nslcd are stripped at 200 characters #26

Closed
knumskull opened this issue Jun 25, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@knumskull
Copy link

commented Jun 25, 2018

Using nslcd for debugging LDAP authentication, errormessages are stripped at 200 characters

Actual results:
nslcd: [8b4567] <passwd="user"> ldap_start_tls_s() failed (uri=ldaps://server1.example.com:636/): Server is unavailable: The TLS connection security provider cannot be enabled on this client connection because it is already usi...
nslcd: [8b4567] <passwd="user"> failed to bind to LDAP server ldaps://server1.example.com:636/: Server is unavailable: The TLS connection security provider cannot be enabled on this client connection because it is already using...

Expected results:
The error message should be printed completely

Additional info:
Checking the Source, it seems it's hardcoded value.

https://github.com/arthurdejong/nss-pam-ldapd/blob/master/nslcd/log.c

/* log the given message using the configured logging method */
void log_log(int pri, const char *format, ...)
{
  int res;
  struct log_cfg *lst;
  char buffer[200];                                  ----> this limits to 200 char
  va_list ap;
#ifndef TLS
  char *sessionid, *requestid;
  pthread_once(&tls_init_once, tls_init_keys);
  sessionid = pthread_getspecific(sessionid_key);
  requestid = pthread_getspecific(requestid_key);
#endif /* no TLS */
  /* make the message */
  va_start(ap, format);
res = vsnprintf(buffer, sizeof(buffer), format, ap);             ---> here it truncates to 200
@arthurdejong

This comment has been minimized.

Copy link
Owner

commented Jul 21, 2018

The reason there is a fixed length for almost all buffers in nss-pam-ldapd is to have a simpler mechanism for memory allocation and avoid passing accidentally ridiculous blocks of memory around. This means that sometimes buffers need to be increased like in this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.