SleePy | February 16, 2011
No comments

Mac OS X deleting users

I had a issue with my laptops video card dieing. None the less thanks to a class action lawsuit and some work by Apple, I have been able to get my video card replaced for free (See: http://support.apple.com/kb/TS2377). The nicest thing is that this is costing me $0 dollars to fix and ship back to me. Which is awesome and I am glad that Apple took the initiative to investigate the issue and help their customers.

Well while I wait for that to happen, I was smart enough to use Screen Sharing which still worked to pull the logs off my system. Upon trying this I found my user accounts missing. I had the root user enabled so I was able to still get in one way. So after recreating my user for now (I could recreate from a full backup I did just days before this), I put my logs on a thumb drive so I could look at them.

This is a snippet from the logs:

2/12/11 10:12:19 PM com.apple.loginwindow[59] 2011-02-12 22:12:19.113 ManagedClient[120:903] -xaDiskDisappeared: removing external account “_amavisd” with home “/var/virusmails” from DSLocal because disk disappeared.
2/12/11 10:12:19 PM com.apple.loginwindow[59] 2011-02-12 22:12:19.116 ManagedClient[120:903] MCXCDeleteAccount(): Trying to delete user id = 83

It wasn’t able to delete the system accounts, thankfully. However it did delete my account and a postgresql user account I created. Which I should of setup as a system account in the first place. No damage was done, just the user account deleted. All my data was still there and backed up.

Managed Client is apart of the OS X and is used to manage users in a server setting. That said my system was never setup in a server setting. But if I had to guess from the error log, it appears that when it losses connection to the server with the user account data, it is auto deleting users as a security precaution. Again I don’t have server setup or use this, which means it acted on the local users when it couldn’t load the data. Not a very smart idea of Apple to allow this for the local users though.

User data for the system is kept in /var/db/dslocal, which explains this. I also had a notice about anacron not being able to find its data in /var. So I am suspecting that my /var directory went corrupted during one of the restarts I did trying to diagnose the system.

2/12/11 10:12:09 PM com.18james.anacron[78] anacron: Can’t chdir to /var/spool/anacron: No such file or directory

Luckily I can restore everything lost in there off a backup and didn’t keep anything important in var. So it isn’t a major lose and I am glad I keep backups.  Unfortunately I wasn’t able to find very much information in searching around.  I didn’t feel like reading Apples 294 page PDF about user management to try and see if I could find anything about it.  A search of the document using some simple terms didn’t turn up anything.

As a final note, incase you are wondering, user accounts disappearing is happening to other OS X users, but none of them tried to look at the console log to see why. http://www.google.com/search?q=”mac+os+x”+user+account+disappeared

Tags: ,
SleePy | December 15, 2010
No comments

phpMyAdmin using login with nginx behind a https auth login

The title may be confusing, but I am sure it is related to how I have things setup. I have phpMyAdmin setup to use http login, which means it gives a login form for me to log into phpMyAdmin. phpMyAdmin is on a protected folder with a auth basic login setup (so a dual auth is required to access my database). This is all behind https.

The problem as been that after I login, is phpMyAdmin will redirect to http://domain.tld:443/phpmyadmin/index.php[...]
This causes Nginx to complain that a redirect to a https port coming from a http protocol. Nginx won’t even do the redirect to https protocol even though I have that setup.

I know the blame here is phpMyAdmin. It took some time to figure out why and sadly a solution in phpMyAdmin isn’t the easiest. It is much easier to fix in the Nginx configuration.

The issue is that HTTPS is not set in the server environment variables. So phpMyAdmin detects the port mismatch and when it fixes up the url, it includes the port (since it doesn’t detect HTTPS on and the port is not 80).

The simplest solution is just to add this to my fastcgi_params. Since the location of phpMyAdmin is behinds its own domain that always uses https, I don’t have to worry about the variable being set where it shouldn’t.

                # Needed by phpmyadmin.
                fastcgi_param   HTTPS   on;
                fastcgi_param   HTTP_SCHEME https;

I also show a HTTP_SCHEME environment variable. phpMyAdmin will also detect this if it doesn’t detect HTTPS is on. Either one of these should work. I only tested the first but the second is looked at in the phpMyAdmin config test and it bypasses all the other scheme checks.

Tags: ,
SleePy | December 3, 2010
No comments

Content Security Policy with google ads

Content Security Policy is a relativity new header being promoted. Browsers such as Firefox 4 will make use of this. Considering the benefits it and X-Frame-Options headers offer. It is almost stupid to not look into this.
These new headers try to do one thing and that is prevent some of the common security issues (Clickjacking, XSS, and data injection).

However, google ads require some setup. You have to allow it on multiple src. From my tests, this includes the allow and script-src twice (two domains).

Mantis has already implanted this in their source code. Due to how limiting what they implanted is, it breaks a lot of integrations. SimpleMachines.org uses mantis as its bug tracking software. CSP also happen to of broken everything from working correctly in FireFox4.

So after some testing with FireFox4 and reading the CSP information. I came up with the following header (which you can view if you have the proper tools installed and visit Mantis on SimpleMachines.org).

		header( "X-Content-Security-Policy: allow 'self' http://pagead2.googlesyndication.com; options inline-script eval-script; img-src 'self' *; script-src 'self' http://*.simplemachines.org http://pagead2.googlesyndication.com http://googleads.g.doubleclick.net; style-src 'self' http://*.simplemachines.org; frame-ancestors 'none'" );

Note that image-src is set to self and *. The wildcard allows us to load in remote images. Although this lowers security, there is no other simple way to do this with remote avatars.  The header gets nasty in length and I personally start to worry about all headers being able to be transmitted in one packet in some setups where the header is even longer.   But this is the price you pay for security.

Tags: ,
SleePy | December 2, 2010
4 comments

Convert TS3 from sqlite to mysql database

I run a teamspeak server and it uses teamspeak3.  However when I set it up, I didn’t bother getting any further than getting it running.  Now I find out that its using sqlite for a database and that database is taking up a lot of data for useless logs.

First step was to figure out how to convert the database.  After some thankless google searches I found something that worked (after my own edits to it):

sqlite3 ts3server.sqlitedb .dump | egrep -vi ‘^(BEGIN TRANSACTION|PRAGMA|COMMIT|INSERT INTO “devices”|INSERT INTO “sqlite_sequence”|DELETE FROM “sqlite_sequence”)’ | perl -pe ‘s/INSERT INTO \”(.*)\” VALUES/INSERT INTO \1 VALUES/’ | perl -pe ‘s/AUTOINCREMENT/auto_increment/’ | perl -pe ‘s/varchar\)/varchar\(255\)\)/’ > tsdb.sql

Basically it dumps the database, then we remove the things that mysql doesn’t understand or are useless for mysql, and finally it fixes some stuff up so its a proper database script acceptable by mysql.  Then I just went to importing it.  I setup a teamspeak database and user before I did this.

mysql -u teampseak -p teamspeak < tsdb.sql

For the next part, I was just testing.  First I created a ts3server.ini file, then added the agrument into it:

dbplugin=ts3db_mysql

I tried to start up the server but failed.  It seems from google searches others are getting this error as well:

|CRITICAL|DatabaseQuery |   | unable to load database plugin library “libts3db_mysql.so”, halting

It turns out that it needs a library file on the server.  You can find this out with the ldd command:

$ ldd libts3db_mysql.so
linux-vdso.so.1 =>  (0x00007fffa27ff000)
libmysqlclient.so.15 => not found
libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0x00007f272c3f8000)
libm.so.6 => /lib/libm.so.6 (0x00007f272c174000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f272bf5d000)
libc.so.6 => /lib/libc.so.6 (0x00007f272bbda000)
/lib64/ld-linux-x86-64.so.2 (0x00007f272c919000)

So I had hopped that I had some sort of file:

/usr/lib/libmysqlclient.so.16
/usr/lib/libmysqlclient.so.16.0.0

I had located those two files, but I couldn’t get them to work.  Suggestions from searching showed people symlinking the .15 version to their teamspeak home directory.  I tried to just use the .16, but no go.  Back to google to find out how to get that file for my version of ubuntu.  I tried to do a apt-get on “libmysqlclient15off” as suggested name elsewhere, but no luck for my ubuntu version.  I found out I could just pull it right from the package server directly.  That works out for me :)   I use 64 bit, so I got the 64 bit version:

$ wget http://mirrors.kernel.org/ubuntu/pool/universe/m/mysql-dfsg-5.0/libmysqlclient15off_5.1.30really5.0.83-0ubuntu3_amd64.deb

$ dpkg -i libmysqlclient15off_5.1.30really5.0.83-0ubuntu3_amd64.deb

Tried to restart teamspeak, still no luck.  So I tried the symlink suggestion (while working in my teamspeak install location):

$ ln -s /usr/lib/libmysqlclient.so.15 libmysqlclient.so.15

Finally it worked, but gave errors because I never setup the ini file that contained the mysql user details (ts3db_mysql.ini).  So I created that and restarted teamspeak again.  The format of the file is as follows:

[config]
host=localhost
port=3306
username=mysql_user_name
password=Your_cool_password
database=mysql_database_name
socket=

Finally, things where working :) .  After that I also used the “createinifile=1″ attribute when I started the server so it would dump all current contents of my configuration into a ini file.

I setup my log folder for teamspeak via a symlink (as you can’t move it to /var/log directly since it was running as a unprivileged user) to a folder in /var/log (I called mine ts3).  I wanted to setup autorotation of the log files (since the server almost never goes down and I don’t want a 100 mb log file :P ).  Alas, it seems to of gotten the best of me so far.  I haven’t had time to figure out how to get it to auto rotate the log files out.

The only other issue is teamspeak also seems to log files into the database (two places!).  I just ran this manually, but I may have to setup a cron script to auto do this for me later on:

DELETE from log WHERE log_timestamp > unix_timestamp() – 2592000

That little command will delete all logs older than 30 days.  Which is more than good for me.  I haven’t even read the logs since I set it up.

Tags: , ,
SleePy | November 22, 2010
No comments

Multiviews in nginx (sorta)

I use wsvn on my svn subdomain. Nginx doesn’t have real support for this, but there is a way to sorta do this.

First we set this in our / location:

                #Sorta emulate multiviews.
                set $path_info "";
                if ($uri ~ "^/wsvn/(.+)$")
                {
                        set $path_info "/$1";
                        rewrite ^(.+)$ /wsvn.php?$1 last;
                }

Now I just need to let fastcgi know this. My fast cgi params are in their own file, but this is the only thing that uses this. So I do not bother with adding it into the params file. I just define it after my SCRIPT_FILENAME param is defined.

                fastcgi_param  PATH_INFO $path_info;

That gets it working.. However, I ran into two issues so far while working with this.
1. when trying to view a file that has a .php extension, it will try to run that through fastcgi. You can’t use fastcgi inside of a if statement. So there is no way I could see to resolve this. This is actually my breaking point of using nginx to serve my wsvn pages.
2. For some reason, it urlencodes the data in PATH_INFO. Apache when it sets this, does not (spaces are not converted to %20). I had to modify the wsvn code that used multiviews and told it to urldecode() the path info before it handled it elsewhere in the script.

Maybe somebody else who knows more about nginx can resolve these two issues. I would be glad to hear anything about it.

Update:
After more working, I did find a solution for the php issue. Not a nice solution, but it gets around the issue. The urlencode issue still exists. But a minor change to my wsvn.php to fix this was no biggie.

Update 2:
I did locate a solution on nginx’s website. Although I found it by chance.

http://wiki.nginx.org/HttpFcgiModule#fastcgi_split_path_info

However, I would like to note while this solution would work, it would fail still if a .php exist in the url.

I am including my current entire config for my svn sub domain just to show how its being done. I know some things can be done better and would love to hear thoughts.

I should note that the note at the top is what I am using as reference for what ports fastcgi ports I can use on this virtualhost. Since each php configuration needs its own .ini file, I need a simple way to know what ports to be using.

# FastCGI Ports: 9050 - 9059
server
{
	listen   443;
	server_name  svn.sleepycode.com;

	ssl on;
	ssl_certificate  /home/certs/svn.sleepycode.pem;
	ssl_certificate_key  /home/certs/svn.sleepycode.key;
	ssl_session_timeout  5m;

	access_log  /var/log/nginx/svn.sleepycode.com-.access.log;
        error_log  /var/log/nginx/svn.sleepycode.com-error.log;

	## TODO: test this :P
	location /code
	{
		proxy_pass      http://svn.sleepycode.com:8999;
		include         /etc/nginx/proxy.conf;
		set  $dest  $http_destination;
		proxy_set_header  Destination   $dest;
	}

	location /
	{
		root   /home/sites/svn.sleepycode.com/public_html;
		index  index.php;

		location /wsvn/
		{
			# Sorta emulates multiviews.
			set $path_info "";
			if ($uri ~ "^/wsvn/(.+)$")
			{
				set $path_info "/$1";
			}

			include /etc/nginx/fastcgi_params;
			fastcgi_pass   127.0.0.1:9050;
			fastcgi_index  wsvn.php;
			fastcgi_param  SCRIPT_FILENAME  /home/sites/svn.sleepycode.com/public_html/wsvn.php;
			fastcgi_param  PATH_INFO $path_info;
			fastcgi_param  SCRIPT_NAME /wsvn;

			# Some reason php files still don't work, this is a solution?
			location ~ \.php$
			{
				set $path_info "";
				if ($uri ~ "^/wsvn/(.+)$")
				{
					set $path_info "/$1";
				}

				include /etc/nginx/fastcgi_params;
				fastcgi_pass   127.0.0.1:9050;
				fastcgi_index  wsvn.php;
				fastcgi_param  SCRIPT_FILENAME  /home/sites/svn.sleepycode.com/public_html/wsvn.php;
				fastcgi_param  PATH_INFO $path_info;
				fastcgi_param  SCRIPT_NAME /wsvn;

				break;
			}
		}
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
	#
	location  ~ \.php$
	{
                include /etc/nginx/fastcgi_params;
                fastcgi_pass   127.0.0.1:9050;
                fastcgi_index  wsvn.php;
                fastcgi_param  SCRIPT_FILENAME  /home/sites/svn.sleepycode.com/public_html/$fastcgi_script_name;
		fastcgi_param  PATH_INFO $path_info;
                #includefastcgi_params;
        }

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	location ~ /\.ht
	{
		deny  all;
	}
}
Tags: , ,
SleePy | November 22, 2010
No comments

Disabling php files in wordpress upload when using nginx

This isn’t well documented anywhere for nginx. In fact it is sorta hidden and hard to find. Nginx does support a way for me to disable php from being executed in my uploads directory.
The way I came across actually I am loving, as I am able to control how content is handled actually. This is a plus on the server admins end.

                # Only allow images to be viewed.
                location /wordpress/wp-content/uploads/
                {
                        types
                        {
                                image/gif       gif;
                                image/jpeg      jpeg jpg;
                                image/png       png;
                                text/plain      txt;
                        }

                        default_type    application/octet-stream;

                        location ~ \.php$
                        {
                                break;
                        }
                }

Simply put, I setup a location to only run on my uploads directory. Then I change the types and only defined jpg, gif and png. All other files get sent as a download. Finally since I run php as fastcgi, I setup a nested location to run for php files and tell it to stop evaluating rules.

In fact, this is all actually nested in my primary location /. I did it this way as it worked the easiest. Although I am sure I could remove that nesting.

Read more

Tags: , ,
SleePy | November 21, 2010
No comments

Nginx with wordpress seo urls

I have been testing running my site with Nginx instead of Apache.  One of the issues I have ran across is getting wordpress to work right since I use the SEO urls.  Not that SEO urls make any difference, its a fun challenge to just work with.

One issue I ran across is getting these urls to work right.  After some reading, I did discover that there is a simple code for the rewrite that is used in apache.  However I couldn’t get this to work as the document examples showed.  I found out after testing, that it must exist in the location attribute.  Which is actually better for the setup.

        location / {
                root   /home/sites/sleepycode.com/public_html;
                index  index.php index.html index.htm;

                # Send a expire header for static files.
                if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)\?[A-Za-z0-9\.-_]+$")
                {
                        expires 30d;
                        break;
                }

                # Handle wordpress pretty urls.
                if (!-e $request_filename)
                {
                        rewrite ^(.+)$ /index.php?q=$1 last;
                }
        }

This makes things work as they should.

Update:

If has been suggested by the Nginx team to be avoided.  So here is another solution that avoids if:

        # Handle wordpress pretty urls.
        location /
        {
                try_files $uri @wordpress;
        }
        location @wordpress
        {
                rewrite "^/(\d{4})/(\d{2})/(.+)$" /index.php?q=$1 last;
        }
Tags: , ,
SleePy | October 24, 2010
No comments

Disabling smb shares requires users password on snow leopard

I have just came across a very stupid idea that is implanted in OS X (Snow Leopard at least).  Believe me it doesn’t make sense as the computer administrator to have it setup this way.

When I go to sharing -> File Sharing and then open the options window.  I get options on setting up SMB for my windows machines on my network.  That is all fine and dandy, however if I want to disable it from sharing a users folder via smb (user authentication is required for the windows machine to access the files) I discovered that I must enter that users password to disable it.

To me this seems like a very bad idea from an administrators point of view.  I have no way without resetting the password to change this setting.  I didn’t even remember my postgresql users password as when I had set it up I generated a random password and never remembered it.

I can’t say whether hiding the user completely will make it disappear from that page.  I am too lazy to read up on how to do that for something that doesn’t even display on my login page (how I did that I can’t remember as I read a tutorial on how to setup postgresql on mac os x a long time ago).

So, I had to reset the password to something I could type in just to disable this feature.  Not the best way for a computer administrator to disable something.

Tags: ,
SleePy | October 10, 2010
One comment

SMF poster info on right

So I am a little bored.  I decided to figure out how much css it would take to make the poster info be on the right.  Turns out, actually not that much.

.poster
{
float: right;
width: 16em;
}

.postarea
{
margin: 0 15em 0 1em;
}

.post, .modifybutton
{
clear: left;
}

.moderatorbar
{
margin: 0 0 0 1em;
}

Which could be shrunk down even more, but I wanted to tweak a few things as well to perfect the fit.

Now for the fun part, we can make this a user option.

First we create a file in Themes/default/css/ and call it something like post_right.css.  It will need the contents of the css above.

Secondly, we go to Admin Control Panel -> Core Features.  Then we enable Advanced Profile Fields and save.  We can either click the link now or navigate to it from the menu.

Now we create a new field.  There is a trick here I would suggest.  For the name use “postright”.  You can fix it after you save it the first time.  This will ensure we get a column name of “cust_postri” and not something totally meaning less.  Advance Profile Fields will use the first 6 characters of the name as the column name, unless you modify it manually (ie direct database edit).

Since that is all said and done, we have to make one edit to index.template.php in Themes/default

We will look for:

// RTL languages require an additional stylesheet.

Now we will add some code to check the user option exists

// If the user wants it, put the poster info on the right.
if (!empty($options['cust_postri']))
echo ‘
<link rel=”stylesheet” type=”text/css” href=”‘, $settings['theme_url'], ‘/css/post_right.css?rc3″ />’;

Save that and it is done.

SMF Poster Info to the right

What is even better is the fact we can make a greasemonkey script.  Now I am not an expert so I just googled how to do this.

Basically it would be something like this though:

// ==UserScript==
// @name           SMF poster to right
// @namespace      http://inj3ct0r.com
// @include        http://www.simplemachines.org/community/index.php?topic=*
// ==/UserScript==

function addGlobalStyle(css) {
var head, style;
head = document.getElementsByTagName(‘head’)[0];
if (!head) { return; }
style = document.createElement(‘style’);
style.type = ‘text/css’;
style.innerHTML = css;
head.appendChild(style);
}

addGlobalStyle(‘.poster{ float: right; width: 16em;} .postarea{ margin: 0 15em 0 1em;} .post, .modifybutton{ clear: left;} .moderatorbar{ margin: 0 0 0 1em;}’);

It would require some configuration such as where to include it.

Here are the files css and greasemonkey files, you will need to save them to your desktop and put them in their correct locations.

post_right CSS file

smf_poster_to_right.user JS file

Tags:
SleePy | September 8, 2010
2 comments

$smcFunc as a static method via overloading

This was more of something I wanted to play with.  I wanted to convert $smcFunc into a method.  So for instance lets say $smcFunc['db_quote']() would be smcFunc::db_quote().

This wasn’t looking good at first.  I thought I could use __construct and just intercept what is going on.  But static calls do not use __construct.  So this left me thinking of how I can achieve this.  Of course I could just manually setup all functions inside a smcFunc class.  But this would be a lot of work and wouldn’t work with db_extend.

Finally I came across what I need.  It only exists in php 5.3.0+, so this isn’t a solution for everyone.  But for my sites and where this script is going to be ran, I use php 5.3.  I am using __callStatic.  Simply using that, I then just use call_user_func_array to pass it to $smcFunc

Here is all the code needed to do this:

class smcFunc
{

public static function __callStatic($name, $arugments)
{

global $smcFunc;
return call_user_func_array($smcFunc[$name], $arugments);

}

}

Really slick and gets the job done nicely :)

Of course the smcFunc class won’t just have that, as I have other plans.  However this is my biggest hurdle I needed to jump.  I am hoping the others will be possible as well.

Tags:
« Older Entries   Recent Entries »
Highslide for Wordpress Plugin