Re: conserver exit on failed NSS lookup

On Tue, Jun 23, 2009 at 12:11:18AM +0200, Bryan Stansell wrote:

> Anyway, maybe that helps clear things up...but if conserver is really
> exiting, I hope there's some way to tell the PAM bits to not do that.
> Running in debug mode (-D) might help see things too.  Do you get any
> "CheckPass():" entries in the log file?  PAM issues should be logged

Okay, I got it reproduced. It looks like one thread/process dies; 
the assert() error message actually comes from nss_ldap, and assert()
calls abort() which seems to always exit no matter what. Thus, there's
precious little conserver can do, other than restarting the process in
question somehow (or kill the rest of them with it).

FTR, client side:

raas@pcitadc01:~$ console -l ahorvath -M lxc1rg27 -p 7782 lxb7726
Enter ahorvath@lxc1rg27.cern.ch's password: 
lxc1rg27: invalid password
Enter ahorvath@lxc1rg27.cern.ch's password: 
console: FileRead(): SSL error on fd 4
console: lost connection
raas@pcitadc01:~$ console -l ahorvath -M lxc1rg27 -p 7782 lxb7726
console: connect(): 7782@lxc1rg27: Connection refused
raas@pcitadc01:~$ 

also on the server, logging in locally, connection is refused even
though some threads are still running:

[root@lxc1rg27 ~]# console -x
console: connect(): 7782@localhost: Connection refused
[root@lxc1rg27 ~]# ps axuw | grep cons
uucp      2952  0.0  0.1  50188  1540 ?        S    Jun23   0:06 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log
uucp      2981  0.0  0.1  50188  1540 ?        S    Jun23   0:00 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log
uucp      3002  0.0  0.1  50188  1560 ?        S    Jun23   0:00 /usr/sbin/conserver -d -D -D -L /var/log/console/__server.log
root      9856  0.0  0.0  61148   704 pts/0    R+   14:57   0:00 grep cons
[root@lxc1rg27 ~]# 

Server side logs, running with -D, featuring the PAM error message as well
(changed password in the log below - but I had to supply the real password for
the failure to happen)

[Wed Jul  1 14:55:23 2009] conserver (2906): DEBUG: [cutil.c:1206] FileWrite(): sending `passwd? lxc1rg27.cern.ch^M^J' to fd 4
[Wed Jul  1 14:55:23 2009] conserver (2906): DEBUG: [cutil.c:1368] FileWrite(): wrote 26 bytes to fd 4
[Wed Jul  1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:1134] FileRead(): read 14 bytes from fd 4
[Wed Jul  1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:1147] FileRead(): read `mypasswd^M^J' from fd 4
[Wed Jul  1 14:55:27 2009] conserver (2906): DEBUG: [cutil.c:491] ReadLine(): returning <*any*:*passwd*>
[Wed Jul  1 14:55:27 2009] conserver (2906): DEBUG: [group.c:771] CheckPass(): pam_start(conserver,ahorvath,...)
[Wed Jul  1 14:55:27 2009] conserver (2906): DEBUG: [group.c:776] CheckPass(): pam_authenticate(ahorvath)
conserver: ldap-nss.c:1319: do_init: Assertion `cfg->ldc_uris[__session.ls_current_uri] != ((void *)0)' failed.
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1134] FileRead(): read 28 bytes from fd 13 
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1147] FileRead(): read `^[PHB:lxb7728.cern.ch:68234^[\' from fd 13
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [group.c:2540] DoConsoleRead(): read 28 bytes from fd 13
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1206] FileWrite(): sending `^[PHB:lxb7728.cern.ch:68234^[\' to fd 12
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [cutil.c:1368] FileWrite(): wrote 28 bytes to fd 12
[Wed Jul  1 14:55:28 2009] conserver (2981): DEBUG: [group.c:4482] Kiddie(): select timeout of 33 seconds
[Wed Jul  1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1134] FileRead(): read 28 bytes from fd 7
[Wed Jul  1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1147] FileRead(): read `^[PHB:lxb7731.cern.ch:60776^[\' from fd 7
[Wed Jul  1 14:55:29 2009] conserver (2981): DEBUG: [group.c:2540] DoConsoleRead(): read 28 bytes from fd 7
[Wed Jul  1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1206] FileWrite(): sending `^[PHB:lxb7731.cern.ch:60776^[\' to fd 6
[Wed Jul  1 14:55:29 2009] conserver (2981): DEBUG: [cutil.c:1368] FileWrite(): wrote 28 bytes to fd 6

Andras