Language:
switch to room list switch to menu My folders
Go to page: 1 2 [3] 4 5 6 7 ... Last
[#] Thu Jan 06 2022 03:27:19 EST from zcw159357

Subject: Re: server crashes after upgrade to 942

[Reply] [ReplyQuoted] [Headers] [Print]

I see the new commit on serv_crypto.c file, and I think it still can cause server crash on some condition. When the key or cert file did change, meanwhile multiple pop3s connection come in, all these threads may call the SSL_CTX_use_certificate_chain_file function in the same time and causing to server crash. There may need a lock to prevent multiple threads cert&key reload operations.



[#] Thu Jan 06 2022 13:20:15 EST from IGnatius T Foobar

Subject: Re: server crashes after upgrade to 942

[Reply] [ReplyQuoted] [Headers] [Print]


Good thinking, and we'll definitely have to look at the threadsafeness of that call. Is your restored 941 image working properly now? If so, that does suggest that the updated certificate management code has something to do with it. Thanks for actively participating in the search for a fix -- very much appreciated!

The updated code that you're looking at hasn't been released yet, but if we have to wrap it in a mutex then that's fine. It should only get called once, and even then only when it sees a new key or certificate. The bug you discovered caused it to get called over and over again when the key is newer than the certificate -- something that theoretically should never happen, since the certificate is generated *from* the key.

I'll see if we can get it to crash by making that code get called *every* time whether it needs to or not, and then slamming it with connections.

[#] Thu Jan 06 2022 13:34:02 EST from zcw159357

Subject: Re: server crashes after upgrade to 942

[Reply] [ReplyQuoted] [Headers] [Print]

After downgrade to 941 the server works fine. And I use the 943 version's code comment out the update_key_and_cert_if_needed() line in serv_crypto.c, build a new docker image, this image works too, never crashed.

Base on alphabet citadel.cer is in front of citadel.key, my files are copied from another server, so the cert file's modified time is before the key file's.



[#] Fri Jan 07 2022 11:43:21 EST from IGnatius T Foobar

Subject: Re: server crashes after upgrade to 942

[Reply] [ReplyQuoted] [Headers] [Print]

I've done some testing and you are absolutely correct. It appears that the server crashes when an individual connection attempts to bind to TLS *while* the key or certificate is being changed.

The patch you applied will reduce the crashes to almost nil since it's only vulnerable at the split second the certificate is *actually* changed, but I'm going to go in and fix it right.

Thanks again for such an intelligently investigated bug report. You made it easy :)

[#] Sat Jan 08 2022 03:41:05 EST from zcw159357

Subject: Re: server crashes after upgrade to 942

[Reply] [ReplyQuoted] [Headers] [Print]

Happy to help~

Thank you for your work on citadel!



[#] Mon Jan 10 2022 01:10:51 EST from zcw159357

Subject: Another server crash

[Reply] [ReplyQuoted] [Headers] [Print]

Hi,

  I'm using my own built 943 image without the update_key_and_cert_if_needed, and encountered another server crash. Here's the log.

Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: caught signal 15
Jan 10 00:27:01 ubuntunas citserver[7]: context: terminate_all_sessions() is murdering (not logged in) CC[75]
Jan 10 00:27:01 ubuntunas citserver[7]: context: flushed 1 stuck sessions
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [XMPP] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [LMTP-UnF] Closed UNIX domain socket lmtp-unfiltered.socket
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [LMTP] Closed UNIX domain socket lmtp.socket
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [SMTP-MSA] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [SMTPs-MTA] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [SMTP-MTA] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [POP3S] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [POP3] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [NNTPS] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [NNTP] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [IMAPS] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [IMAP] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [citadel-TCP] closing service
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [citadel-UDS] Closed UNIX domain socket citadel-admin.socket
Jan 10 00:27:01 ubuntunas citserver[7]: extensions: [citadel-UDS] Closed UNIX domain socket citadel.socket
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 5222
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on 'lmtp-unfiltered.socket'
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on 'lmtp.socket'
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 587
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 465
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 25
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 995
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 110
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 563
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 119
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 993
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 143
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on port 504
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on 'citadel-admin.socket'
Jan 10 00:27:01 ubuntunas citserver[7]: sysdep: not closing again -1 listener on 'citadel.socket'
Jan 10 00:27:01 ubuntunas citserver[7]: context: context_cleanup() purging session 75
Jan 10 00:27:01 ubuntunas citserver[7]: context: RemoveContext(SMTPs-MTA) session 75
Jan 10 00:27:01 ubuntunas citserver[7]: user_ops: CtdlUserLogout() logging out <(not logged in)> from session 75
Jan 10 00:27:01 ubuntunas citserver[7]: xmpp: xmpp_queue_event(1, )
Jan 10 00:27:01 ubuntunas citserver[7]: Performing SMTP cleanup hook

 

 



[#] Mon Jan 10 2022 11:41:39 EST from IGnatius T Foobar

Subject: Re: Another server crash

[Reply] [ReplyQuoted] [Headers] [Print]

Hmm ... thanks for sharing that, but a crash report isn't quite as useful without a stack trace. But it looks like you were already shutting the server down when it crashed? Lately we've been removing quite a lot of shutdown code, with the goal of making it cleanly close the databases as quickly as possible and then let the operating system handle everything else.

In the past we went through this elaborate process of cleanly closing everything we opened - file handles, sockets, library functions, allocated memory -- so that we could run Valgrind and see if there were any memory leaks. This turned out to be quite a liability, because in production it would often take too long and the server process was killed either by the operator or by the system before it could get to the part where it closed the database. Once we decided to just go straight for the database we had a lot less people reporting that their databases got corrupted.

Newer code (particularly webcit-ng) simply reports the size of the heap from time to time so that we can observe if we have a memory leak. So far it's been a good strategy.

[#] Mon Jan 10 2022 21:33:33 EST from zcw159357

Subject: Re: Another server crash

[Reply] [ReplyQuoted] [Headers] [Print]

Yes I was shutting down the server, and it seems like doing double free in smtp_cleanup_function and server crashed there....If it happens again I'll try to get more information, I did forget to collect the ctdlvisor outputs this time(but not sure if this kind of server crash would have any..).



[#] Tue Jan 11 2022 00:42:00 EST from mpbowling831

Subject: admin dashboard missing after install

[Reply] [ReplyQuoted] [Headers] [Print]

I just finished installing my server using the easyinstaller method and it installed successfully and is running.  But when I logged in and entered my admin credentials, I don't see the main dashboard, I just see this message: didn't find Template [roombanner] 10 10.  Not sure where to go from here....



[#] Tue Jan 11 2022 00:45:27 EST from mpbowling831

Subject: admin dashboard missing

[Reply] [ReplyQuoted] [Headers] [Print]

I just finished installing my server on raspberrypi 3 using the easy installer method, and it installed successfully and is running, but when I login as admin, I don't see the dashboard, I just see this message: didn't find Template [roombanner] 10 10.  Any idea as to what I have that's not setup right?



[#] Tue Jan 11 2022 11:26:54 EST from tonyg

Subject: easy-install of citidel on CentOS7 errors

[Reply] [ReplyQuoted] [Headers] [Print]

hi, i am new to citidel...i am trying to use the easy-install on a CentOS7 server.  at some point in the process, i get this:

 

crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
 Citadel Easy Install is aborting.
 The last few lines above this message may indicate what went wrong.
 Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)

 

can some one give me a hand with this, not sure where to go from here..

 

 

thanks in advance...  here is a longer log paste

 

Compiler: gcc -I/usr/local/ctdlsupport/include -g -Wall -DHAVE_CONFIG_H -D_REENTRANT -c -o buildinfo
Linker: gcc -L/usr/local/ctdlsupport/lib -Wl,--rpath -Wl,/usr/local/ctdlsupport/lib -lssl -lcrypto -lexpat -lcitadel -lical -lz -lpthread

CC webserver.c
CC context_loop.c
CC ical_dezonify.c
CC cookie_conversion.c
CC locate_host.c
CC summary.c
CC webcit.c
CC auth.c
CC sockets.c
CC mainmenu.c
CC serv_func.c
CC who.c
CC marchlist.c
CC roomops.c
CC roomlist.c
CC roomtokens.c
CC roomviews.c
CC blogview_renderer.c
CC msg_renderers.c
CC jsonview_renderer.c
CC mailview_renderer.c
CC bbsview_renderer.c
CC messages.c
CC paging.c
CC sysmsgs.c
CC useredit.c
CC vcard_edit.c
vcard_edit.c: In function 'parse_vcard':
vcard_edit.c:424:6: warning: variable 'is_b64' set but not used [-Wunused-but-set-variable]
  int is_b64 = 0;
      ^
CC preferences.c
CC html2html.c
CC listsub.c
CC roomchat.c
CC graphics.c
CC netconf.c
CC siteconfig.c
CC subst.c
CC calendar.c
CC calendar_tools.c
calendar_tools.c: In function 'partstat_as_string':
calendar_tools.c:195:2: warning: enumeration value 'ICAL_PARTSTAT_FAILED' not handled in switch [-Wswitch]
  switch(partstat) {
  ^
CC calendar_view.c
CC tasks.c
CC event.c
CC smtpqueue.c
CC availability.c
CC iconbar.c
CC icontheme.c
CC crypto.c
crypto.c: In function 'bind_to_key_and_certificate':
crypto.c:39:2: warning: implicit declaration of function 'TLS_server_method' [-Wimplicit-function-declaration]
  if (!(new_ctx = SSL_CTX_new(TLS_server_method()))) {
  ^
crypto.c:39:2: warning: passing argument 1 of 'SSL_CTX_new' makes pointer from integer without a cast [enabled by default]
In file included from webcit.h:95:0,
                 from crypto.c:14:
/usr/include/openssl/ssl.h:2087:10: note: expected 'const struct SSL_METHOD *' but argument is of type 'int'
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
          ^
CC inetconf.c
CC notes.c
CC wiki.c
CC dav_main.c
CC dav_get.c
CC dav_propfind.c
CC dav_report.c
CC fmt_date.c
CC dav_options.c
CC autocompletion.c
CC gettext.c
CC tabs.c
CC sieve.c
CC sitemap.c
CC dav_delete.c
CC dav_put.c
CC http_datestring.c
CC downloads.c
CC addressbook_popup.c
CC pushemail.c
CC sysdep.c
CC openid.c
CC decode.c
CC modules_init.c
CC paramhandling.c
CC utils.c
Running scripts/get_ical_data.sh
CC ical_maps.c
CC ical_subst.c
CC static.c
CC feed_generator.c
LD: webcit
crypto.o: In function `bind_to_key_and_certificate':
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to `TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1
 Citadel Easy Install is aborting.
 The last few lines above this message may indicate what went wrong.
 Linux RedHat 7.9.2009(Core 3.10.0-1160.49.1.el7.x86_64 x86_64)
[root@ffc-p-mail-1 ~]#



[#] Tue Jan 11 2022 23:56:32 EST from mpbowling831

Subject: changing server storage location

[Reply] [ReplyQuoted] [Headers] [Print]

So I just got my server installed with the easyinstaller, and I want to know if its possible to change the server storage location or do I have to reinstall the whole process.  If I run the setup command with the -hHome option will it just move the data storage location or will it do a new install and map to that location?



[#] Wed Jan 12 2022 14:31:55 EST from IGnatius T Foobar

Subject: Re: easy-install of citidel on CentOS7 errors

[Reply] [ReplyQuoted] [Headers] [Print]

/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to
`TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1

Geez. Ok, I've just pushed an update to Easy Install to fix this, so you should be able to try again.

TLS_server_method() is supposed to be the replacement for SSLv23_server_method() but apparently CentOS 7 still has the old name and not the new one. They both do the same thing. Try it now.

[#] Wed Jan 12 2022 14:33:45 EST from IGnatius T Foobar

Subject: Re: changing server storage location

[Reply] [ReplyQuoted] [Headers] [Print]

So I just got my server installed with the easyinstaller, and I want
to know if its possible to change the server storage location or do I
have to reinstall the whole process.  If I run the setup command
with the -hHome option will it just move the data storage location or
will it do a new install and map to that location?

The build you get with Easy Install really wants to use /usr/local/citadel, but if you specify another location it should work... just keep in mind that you'll need to move your data files there manually if you want to keep them.

Honestly though, you're probably better off symlinking /usr/local/citadel/data to the place where you want your data.

[#] Wed Jan 12 2022 18:16:51 EST from tonyg

Subject: Re: easy-install of citidel on CentOS7 errors

[Reply] [ReplyQuoted] [Headers] [Print]

 

Wed Jan 12 2022 14:31:55 EST from IGnatius T Foobar Subject: Re: easy-install of citidel on CentOS7 errors
/tmp/citadel-build.8827/webcit/crypto.c:39: undefined reference to
`TLS_server_method'
collect2: error: ld returned 1 exit status
gmake: *** [webcit] Error 1

Geez. Ok, I've just pushed an update to Easy Install to fix this, so you should be able to try again.

TLS_server_method() is supposed to be the replacement for SSLv23_server_method() but apparently CentOS 7 still has the old name and not the new one. They both do the same thing. Try it now.

hey, that did it....i was able to install and get into the gui...i did see some warnings in the install like this:

vcard_edit.c: In function 'parse_vcard':
vcard_edit.c:424:6: warning: variable 'is_b64' set but not used [-Wunused-but-set-variable]
  int is_b64 = 0;
      ^

but since the install was successful...i guess i can ignore?

 

thanks again!



[#] Wed Jan 12 2022 18:28:02 EST from tonyg

Subject: how do i upgrade Citadel?

[Reply] [ReplyQuoted] [Headers] [Print]

sorry for such a noob question, but i have looked at the faq and documentation...i don't see any mention of upgrades...so how do i do it?

 

thanks



[#] Thu Jan 13 2022 18:05:31 EST from IGnatius T Foobar

Subject: Re: how do i upgrade Citadel?

[Reply] [ReplyQuoted] [Headers] [Print]

sorry for such a noob question, but i have looked at the faq and
documentation...i don't see any mention of upgrades...so how do i do
it?

Depends on how you initially installed it.

If you originally used Easy Install, just run Easy Install again and it will do the right thing.

If you have the Docker image, just erase it and install the new image, and point it at your existing data directory.

Or if you used the Debian packages ... you've got some work to do because they're no longer maintained.

[#] Mon Jan 17 2022 14:37:39 EST from Nurb432

Subject: Proxies

[Reply] [ReplyQuoted] [Headers] [Print]

Ok so starting back up on trying to get a reverse proxy running here so i can everything on port 80 ( and 443 ), and just use DNS names to redirect internally.

For the most part its all setup again and was going down the list of apps to change over to 80. Got to citadel and i did a easy install/upgrade ( needed it anyway ) and switched it native from 8080 to 80.   Works fine locally, or if change my router to not use the proxy and just redirect 8080 to 80. But if i hit it from the via proxy i get the below mess instead.  ( and this worked last time i tried, but script kiddies were pounding my ports and killing the proxy )

Something obvious i'm missing before i waste a lot of time beating my head against the desk?

 

ya, i know, url is in the image, i dont care now, its public. . and no, not tackled ssl yet. I wanted to get everything running "regular" first.  

 

 

 

 



[#] Tue Jan 18 2022 11:12:05 EST from IGnatius T Foobar

Subject: Re: Proxies

[Reply] [ReplyQuoted] [Headers] [Print]

That looks like your browser failed to load the stylesheet. How are you proxying the traffic?

[#] Tue Jan 18 2022 18:09:14 EST from Nurb432

Subject: Re: Proxies

[Reply] [ReplyQuoted] [Headers] [Print]

Tinyproxy, configured to be a reverse proxy only.  Stock config other than disabling forward proxy, adding the redirects, and adding a few extra threads. My other 3 apps, plus a extra 'test' one that was just listing the calling URL, are working at this point.

It worked last time i tried this, other than script kiddies flooding my port 80 and causing the proxy to die after about 10 minutes so i gave up at the time.   But it was a good year or 2 ago, so an older version of citadel. 



Go to page: 1 2 [3] 4 5 6 7 ... Last