Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deleting user does not delete PAM tally data #4

Open
joseph-reynolds opened this issue Feb 18, 2020 · 2 comments
Open

Deleting user does not delete PAM tally data #4

joseph-reynolds opened this issue Feb 18, 2020 · 2 comments

Comments

@joseph-reynolds
Copy link

joseph-reynolds commented Feb 18, 2020
edited
Loading

Deleting a user does not delete its associated Linux-PAM pam_tally2 data.

To reproduce this:

  1. Activate PAM tally2 with something like: PATCH /redfish/v1/AccountService/ -d { AccountLockoutThreshold : 3, AccountLockoutDuration: 300}
  2. Create a user.
  3. Perform 5 failed authentication attempts on the user. Observe the account is locked out.
  4. Delete the user.
  5. Re-create a user with the same user name.
  6. Attempt to authenticate to the user with the correct username and password.
    Observe the account lockout for that account is still in place.

The suggested fix is for phosphor-user-manager to perform a command like pam_tally2 -u USERNAME --reset when deleting the user.
@joseph-reynolds
Copy link
Author

In images which have applied https://gerrit.openbmc-project.xyz/c/openbmc/openbmc/+/41357, use faillock --user USER --reset instead. (Read the commit message for details).

dkodihal pushed a commit to NVIDIA/phosphor-user-manager that referenced this issue May 7, 2024
Add support for event loop to over come memory leak errors by CI
ef4c4d6 
```
Changes Added : Added event loop support in test code

problem : After adding support for sending events from phosphor-user-manager it is obsderved that it is calling sendEvent which internally calls async_send_handler and allocates memeory for context
since the event loop is not present in test code, callback is never called and
the CI was throwing memory leak error

Direct leak of 1 byte(s) in 1 object(s) allocated from:
    #0 0x7ffa787b91e7 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cpp:99
    openbmc#1 0x7ffa77ad6383 in operator() /usr/local/include/sdbusplus/asio/detail/async_send_handler.hpp:40
    openbmc#2 0x7ffa77ad6383 in async_send<sdbusplus::asio::connection::async_method_call_timed<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > >
    (phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>&&, const string&, const string&, const string&, const string&, uint64_t, const std::__cxx11::basic_string<char>&, const std::__cxx11::basic_string<char>&, const std::map<std::__cxx11::basic_string<char>, std::__cxx11::basic_string<char> >&)::<lambda(boost::system::error_code, sdbusplus::message_t&)> > /usr/local/include/sdbusplus/asio/connection.hpp:98
    openbmc#3 0x7ffa77ad6383 in async_method_call_timed<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > > /usr/local/include/sdbusplus/asio/connection.hpp:192
    openbmc#4 0x7ffa77ad6383 in async_method_call<phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, const std::vector<std::__cxx11::basic_string<char> >&, const string&)::<lambda(boost::system::error_code)>, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::map<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::pair<const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > > > /usr/local/include/sdbusplus/asio/connection.hpp:221
    openbmc#5 0x7ffa77ad6383 in phosphor::logging::sendEvent(phosphor::logging::MESSAGE_TYPE, sdbusplus::xyz::openbmc_project::Logging::server::Entry::Level, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../lib/redfish_event_log.cpp:112
    openbmc#6 0x55dfba9084a3 in phosphor::certs::Manager::replaceCertificate(phosphor::certs::Certificate*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) ../certs_manager.cpp:493
    openbmc#7 0x55dfba8ab09d in phosphor::certs::Certificate::replace(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) ../certificate.cpp:315
    openbmc#8 0x55dfba7981e0 in TestBody ../test/certs_manager_test.cpp:677
    openbmc#9 0x7ffa786e3f2e in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /googletest-662fe38e44900c007eccb65a5d2ea19df7bd520e/googletest/src/gtest.cc:2607
    openbmc#10 0x7ffa786e3f2e in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /googletest-662fe38e44900c007eccb65a5d2ea19df7bd520e/googletest/src/gtest.cc:2643

```

Solution : The memory leak error was thrown because the
memory allocated by "async_send_handler" in sdbusplus was not getting de-allocated
because the callback is never getting called called since there was no event loop
present in test code.

Added event loop support in test code

Fixes jira https://jirasw.nvidia.com/browse/DGXOPENBMC-8881
@matthewfischer
Copy link

Since tally2 was removed can we close this defect?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthewfischer @joseph-reynolds