lists.arthurdejong.org
RSS feed

Re: Possible bug in cross platform code

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Possible bug in cross platform code



Just realized this is not an endian bug, but a signed int problem, the value 2580790735 is larger then the s32 max of 0x7fffffff, this is not causing a problem on the amd64 machine because the native int length is 64bits. The field where this value is stored should clearly be an unsigned int.

-Geoff

On 11/06/15 19:51, Geoffrey McRae wrote:
Hi All,

I have spent the better part of a day trying to get nscd to work on a Raspberri pi2, and I believe I have found the cause is due to a bug in the code that passes the objectSid to LDAP. Here is my config which is working perfectly fine on my x86_64 machine.

# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.

# The user and group nslcd should run as.
uid nslcd
gid nslcd

# The location at which the LDAP server(s) should be reachable.
uri ldap://192.168.50.200/

# The search base that will be used for all queries.
base dc=home,dc=local

# The LDAP protocol version to use.
#ldap_version 3

# The DN to bind with for normal lookups.
binddn REMOVED
bindpw REMOVED
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret

# The DN used for password modifications by root.
#rootpwmoddn cn=admin,dc=example,dc=com

# SSL options
#ssl off
#tls_reqcert never

# The search scope.
#scope sub

referrals            no
nss_min_uid            1000
pam_authz_search (!(userAccountControl:1.2.840.113556.1.4.803:=2))

#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))(memberOf=CN=Domain Admins,CN=Users,DC=home,DC=local)(!(sAMAccountName=Administrator))) filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
map passwd uid            sAMAccountName
map passwd uidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637
map passwd gidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637
map passwd homeDirectory "${unixHomeDirectory:-/home/$sAMAccountName}"
map passwd loginShell        "${loginShell:-/bin/bash}"
map passwd gecos        displayName

#filter shadow (&(objectClass=user)(objectClass=person)(!(objectClass=computer))(memberOf=CN=Domain Admins,CN=Users,DC=home,DC=home,DC=local)(!(sAMAccountName=Administrator))) filter shadow (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
map shadow uid            sAMAccountName
map shadow shadowLastChange    pwdLastSet

filter group (|(objectClass=group)(objectClass=person))
#filter group (|(objectClass=group)(&(objectClass=person)(memberOf=CN=Domain Admins,CN=Users,DC=home,DC=local)(!(sAMAccountName=Administrator))))
map group cn            sAMAccountName
map group gidNumber objectSid:S-1-5-21-1601041238-2580790735-1343166637

When I run nscd with -dd and compare the output between the two machines I see one major difference, on the desktop put_simple_filter for the objectSid is:

put_simple_filter: "objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\56\f3\6d\5f\cf\bd\d3\99\ad\18\0f\50\53\04\00\00"

On the RPi it is:

put_simple_filter: "objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\56\f3\6d\5f\ff\ff\ff\7f\ad\18\0f\50\53\04\00\00"

Note the four bytes that are wrong, this looks like an endian bug because 7fffffff is max int32. Any help would be much appreciated.


--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/