-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP authentication causes panic on the server #14350
Comments
After update to 1.9.3 I have a new error
|
On the Vault server, a tcpdump capture show no LDAP(S) traffic at all with trying to authenticate
|
Hi, thanks for calling this out. Can you tell me more about the difference between 1.9.1 and 1.9.3 behavior? I checked the 1.9.2 and 1.9.3 changelogs and don't see a bug fix called out for this, so I want to differentiate between "panic is gone, new issue arose" and "new issue arose that prevents us from getting to where the panic occurs". Thanks! |
It looks like the token_bound_cidrs was configured incorrectly (using the web interface). The CIDRs where quoted After the 1.9.1->1.9.3 upgrade the ldap auth where no longer present and had to be re-created (using a root token from the unseal key). |
Here is a poc
The result
|
Thanks! This was very helpful. I've tracked down what's causing the issue and put up a PR (which is subject to review) |
Are you sure ? This issue is not about unix socket. |
the poc that you gave winds up in a panic due to unix socket not implementing the interface (on my machine) edit: I'm not saying that's the entirety of the issue, just that this is a panic that was generated along the way |
So |
on my machine (macOS 12) running vault 1.9.3 it is the panics that you included in this issue are also on a |
It does not crash anymore but the result is still wrong |
so is the next part of the issue that the address shouldn't be quoted? |
It should be validated more properly. It should be refused when you configure auth/ldap with this kind of data. |
thanks for pointing it out! for now we'll fix the crash, and we'll take some time to discuss and figure out the best course of action |
It looks like it has been fixed. |
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
After a restart/unseal it no longer crash but I have this error instead
Environment:
vault status
): 1.9.1vault version
): 1.9.1Vault server configuration file(s):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: