Description of problem:
Package is badly outdated (multi-years).
Developer has confirmed a serious bug in terms of the upload queue sync and backoff code.
The current code in the package DOS' their servers, and the servers will ban the IP of the client.
Version-Release number of selected component (if applicable):
Latest is: 1.3
RPM Package is: 0.8
Logging into the CLI client with a LastPass Enterprise account, and trying to create multiple items which require a sync (explicit or inexplicit) will end up blocking the client and banning the IP address. The client does not back off properly, so the server interprets it as abuse.
Steps to Reproduce:
1. export LPASS_LOG_LEVEL=8 && export LPASS_HOME=/root/.lpass && export LPASS_AGENT_TIMEOUT=0 && && lpass login $LASTPASS_ACCOUNT_ADMIN
2. printf "Username: TEST\nPassword: TEST\nURL: TEST" | lpass add TEST --non-interactive
3. Repeat a few times
# lpass ls
TEST [id: 0] <-- problem being the "ID: 0" -- means not uploaded/synced.
# ps aux | grep lpass
-> You will see an "upload" queue stuck
# cd /root/.lpass/
You will notice an "upload-queue" directory that is not empty. (stuck0
At last, the final test in this case when this happens:
# lpass sync
-> will hang indefinitely
At this point - it DOS' the server -- and the server bans the IP.
Upload should go through instantly, and lpass show will show an ID #.
# lpass sync
-> syncs perfectly and instantly.
# cd /root/.lpass
The upload queue will be empty.
We have been working with the LastPass CLI developer directly:
note: LogMeIn acquired LastPass and LastPass Enterprise
Andras Rutkai <Andras.Rutkai@logmein.com>
(and before that, the original developer who recently moved on - Bob Copeland)
Andras has confirmed that the EPEL package needs to be updated.
He has also confirmed that the github repository already contains the fix. We have tested, and it does in fact contains the fix.
See here: https://github.com/lastpass/lastpass-cli
Thank you for opening the ticket Ventz, this package is indeed very outdated and an update would be welcomed.
In case any more information would be needed from Lastpass side please let me know.
Just adding a comment that I tried emailing Tom directly, but have no heard back.
Wanted to see if anyone knows another way to get in touch with him.
Adding a comment as per the policy for nonresponsive package maintainers (https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers) -- it has now been 14 days (2 weeks)
Adding another re-try to the ticket -- trying to get a hold of Tom without any luck.
Adding a comment as per the policy for nonresponsive package maintainers (https://fedoraproject.org/wiki/Policy_for_nonresponsive_package_maintainers) -- it has now been 14 days (2 weeks) here within bugzilla.
Providing an EPEL build in an alternative location (github) for anyone that runs into this until the package maintainer/builder can be sorted out:
We are committed to maintaining it and keeping it up to date, so you can always find the latest stable release there packaged.