Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Contributions to ELOG, Page 5 of 6  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Hide attachments  Show only new entries    57 Entries 
Goto page Previous  1, 2, 3, 4, 5, 6   Next  All
ID Dateup Author Author Email Category Subject Status Last Revision
  43   Mon Jun 30 15:00:05 2014 Branislav Gardonbranislav.gardon@gmail.comTheme/Skinblue-gray themeStable 

I`ve edited-prepared new default.css
It`s very simple but maybe will for someone useful.

Have a nice day.

regards
Branislav

Attachment 1: default.css 
/* default formatting */
body {
  margin:3px;
  color:black;
  background-color:white;
  font-family:verdana,tahoma,sans-serif;
  /* background-image:url(elog.gif); */
}

/* standard link colors and decorations */
a:link { color:#000000; text-decoration:none }
a:visited { color:#606060; text-decoration:none }
a:hover { color:#FF0092; text-decoration:underline }
a:active { color:#FF0092; text-decoration:underline }
a:focus { color:#FF0092; text-decoration:underline }

td {
  color:black;
  font-size:12px;
}

/* frame table */
.frame {
  width:100%;
}

/* printable frame table */
.pframe {
  width:600px;
}

/* standard formatting for logbook tabs */
.tabs {
  font-family:sans-serif;
  font-size:10pt;
  background-color:white;
}

/* logbook selection page */
.selframe {
  width:60%;
  background-color:#486090; 
  border:1px solid #486090;
  font-size:10pt;
}

.seltitle {
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#ffffff;
  color:#486090;
  text-align:center;
}

.selexp {
  border:1px solid #0000FF;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#CCCCFF;
  color:#486090;
  text-align:left;
  font-size:10pt;
}

.selspace {
  width:2%;
  border:1px solid #308000;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
}

.selgroup {
  border:1px solid #308000;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#00ffff;
  padding:3px;
  text-align:left;
  font-weight:bold;
  font-size:14pt;
}

.sellogbook {
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#ffffff;
  padding:3px;
  text-align:left;
  font-weight:normal;
}

.selcomment {
  font-size:8pt;
}

.selentries {
  background-color:#ffffff;
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  text-align:center;
  font-size:10pt;
}

/* unselected and selected group tabs */

.gtab a {
  background-color:#B0E0B0;
  padding-left:5px;
  padding-right:5px;
}

.gtab {
  background-color:#B0E0B0;
  border-right:1px solid #409040;
}

.sgtab a {
  color:white;
  padding-left:5px;
  padding-right:5px;
}

.sgtab {
  background-color:#486090;
  color:white;
  border-right:1px solid #084070;
}

.sgtab a:visited { color:white; } /* bug for IE */

/* unselected and selected logbook tabs */

.ltab a {
  background-color:#EEEEEE;
  padding-left:5px;
  padding-right:5px;
}

.ltab {
  background-color:#EEEEEE;
  border-top:1px solid white;
  border-left:1px solid white;
  border-right:1px solid gray;
}

.sltab a {
  background-color:#486090;
  color:white;
  padding-left:5px;
  padding-right:5px;
}

.sltab {
  background-color:#486090;
  color:white;
  border-left:1px solid #EEEEEE;
  border-right:1px solid #084070;
}

.sltab a:visited { color:white; } /* bug for IE */

/* logbook title, left, middle and right cell */

.title1 {
  padding:5px;
  background-color:#486090;
  border-bottom:1px solid black;
  border-left:1px solid #EEEEEE;
  color:#486090;
  font-size:small;
  font-family:sans-serif;
  text-align:left;
}

.title1 a:visited { color:#A0FFA0; }
.title1 a:link { color:#A0FFA0; }

.title2 {
  background-color:#486090;
  border-bottom:1px solid black;
  color:white;
  font-size:xs-small;
  font-family:sans-serif;
  text-align:right;
}

.title3 {
  border-bottom:1px solid black;
  border-right:1px solid black;
  background-color:#486090;
  text-align:right;
  width:100px;
}

/* main menu row */

.menuframe {
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  height:29px;
}

.menu1 {
  text-align:left;
  font-size:10pt;
  vertical-align:middle;
}

.menu1a {
  text-align:center;
  width:110px;
  font-size:10pt;
  font-weight:bold;
  vertical-align:middle;
}

.menu2a {
  text-align:left;
  font-size:10pt;
}

.menu2b {
  text-align:right;
  font-size:10pt;
}

.menu3 {
  text-align:left;
  font-size:8pt;
  font-weight:bold;
}

.menu4 {
  text-align:right;
  font-size:10pt;
  vertical-align:middle;
}

.menucenter {
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  text-align:center;
  font-size:10pt;
}

.toolframe {
  border:1px solid #486090;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  padding:2px;
}

/* frame table in listings */
.listframe {
  border:1px solid #0000FF;
  border-top:1px solid white;
  border-left:1pc solid white;
  background-color:#486090;
  border:0px;
}

/* title row in listing */
.listtitle {
  border:1px solid #000000;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  font-size:10pt;  
  font-weight:normal;
  text-align:center;
  width:0%;
}

.listtitle2 {
  border:1px solid #000000;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  font-size:10pt;  
  font-weight:normal;
  text-align:center;
  width:100%;
}

.listtitle3 {
  border:1px solid #000000;
  border-top:1px solid white;
  border-left:1px solid white;
  background-color:#EEEEEE;
  text-align:center;
  width:0%;
... 387 more lines ...
Attachment 2: ScreenShot174.jpg
ScreenShot174.jpg
  44   Tue Jul 8 15:43:21 2014 TimStimpie_s@yahoo.comScriptRe: Custom input forms implementationStableTue Mar 19 13:18:33 2013 by Stefan Ritt


Stefan Ritt wrote:

Dear ELOG users,

starting with SVN revision 2328, custom input forms are implemented. This allows application specific formats for check lists etc. In our specific case we had to implement a shift check list, which was quite long. Furthermore the check list should be optimized for an iPad, which we take in the field and record various checks and readings (in our case some gas pressure gauges at the PSI particle accelerator). Since the standard ELOG interface was too inflexible, a completely hand-written form was needed. The form can be activated by the new configuration options Custom New Form, Custom Edit Form and Custom Display Form, one for a new entry, an entry to edit and and entry to display. In our case we used the same form for all three cases. This is how the shift check list looks under the Safari Browser on a PC:

Capture.png 

And here is how it looks on the iPad:

IMAG0036.jpg

Each section can be collapsed and expanded (blue arrows at the left), and various internal checks are made before the check list can be submitted.

Implementing such forms is however more something for the advanced user, since you have to hand-write HTML with CSS and JavaScript code. It can then however be a powerful method for check lists. Please find in the attachments the elogd.cfg configuration for that logbook and the shiftcheck.html source code file. It is a bit complicated since the page is a static page, elogd just serves it from the file. This requires all the dynamic functions to be implemented inside the HTML file with JavaScript. To display an entry for example, the JavaScript loads the raw data with the "?cmd=Download" command and the populates the form fields. The collapsing and expanding is done by using CSS properties. The integrated style sheet was optimized for the rendering on an iPad. Rather large fonts were chosen so that the items can be checked easily with your finger tips. Various parameters are sent between the browser and the elogd program via hidden fields and cookies. So only something for experts! But if you go through the effort and hand-write the form, it can be very handy. Note that you have to upgrade to SVN revision 2328 for the three new options.

 

 

That's awesome!! Didn't know ELOG was still being developed!!  I was looking for this ...been trying this version now with
supplied example but there's files missing which are being referenced from the html file.

Anyway it would be nice to know a little more on how to use this and how it incorporates into ELOG.

Is some more work being done on this version ?

Thankx heaps for this great enhancement although now it's still needs a lot of figuring out on how to do this.
 

  45   Thu May 7 09:14:25 2015 Christof Hankehanke@rzg.mpg.deScriptsystemd-unit fileStable1

sample systemd-unit file.

Use it as you like.

Attachment 1: elogd.service 
[Unit]
Description=ELOG Daemon
Wants=network-online.target
After=network-online.target

[Service]
Type=forking
ExecStart=@PREFIX@/elogd -D -c @PREFIX@/elog/elogd.cfg
StandardOutput=null

[Install]
WantedBy=multi-user.target
  46   Fri Jul 31 13:52:32 2015 TorstenJtorsten.jakob@jet-services.comWeb siteProblem with Internet Explorer when saving an entryStableFri May 31 14:20:43 2019 by Stefan Ritt

Hi all,

first off all let me say, that I realy like this great tool. That is a lot of help for keeping our server documentation up-to-date. Thanks to all contributors for that.

I right here, because I actually have an issue with saving entries working with IE11 (but also in IE9). When ever I enter an entry, and click the save button, the page open a page with the text: "OK 1"   or the second attemp: "OK 2"   3rd  "OK 3" and so on. To get back to my Item list, I have to click the back button in the internet explorer. I also opens a lot of draft entries in my databases.  When I submit my entry, I don't have an issue, and the entry is saved correctly.

This issue doesn't happen when using Google Chrome.

Had anyone an simlar issue using elog with IE?  It would be great to have some help with that issue.

Thanks

Torsten

  47   Sun Aug 23 21:27:00 2015 Daniel Sajdykdaniel.sajdyk@gmail.comTheme/SkinSimple themeBetaTue Sep 1 07:39:45 2015 by Daniel Sajdyk

Hello. 

I did simple theme for ELOG called "dansaj". 

This is verision which I did for my ELOG, and if you have troubles in other configurations, please let me know, and we will correct it. 

Vectors versions of icons you can find in oryginals folder (if you want to transform it). 

The most current version you can download from my blog - Elog theme, czyli skórka, albo temat.

Regards

Daniel.

Attachment 1: choose_elog.png
choose_elog.png
Attachment 2: entry.png
entry.png
Attachment 3: Full.png
Full.png
Attachment 4: login.png
login.png
Attachment 5: Summary.png
Summary.png
Attachment 6: Threaded_demo_logbook.png
Threaded_demo_logbook.png
Attachment 7: dansaj.7z
Attachment 8: Threaded.png
Threaded.png
  49   Wed May 11 09:35:23 2016 Hanno Perreyhanno.perrey@nuclear.lu.seScriptRe: Re: Custom input forms implementationStableWed May 11 09:43:34 2016 by Hanno Perrey
Stefan Ritt wrote:

Dear ELOG users,

starting with SVN revision 2328, custom input forms are implemented. This allows application specific formats for check lists etc. In our specific case we had to implement a shift check list, which was quite long. Furthermore the check list should be optimized for an iPad, which we take in the field and record various checks and readings (in our case some gas pressure gauges at the PSI particle accelerator). Since the standard ELOG interface was too inflexible, a completely hand-written form was needed. The form can be activated by the new configuration options Custom New Form, Custom Edit Form and Custom Display Form, one for a new entry, an entry to edit and and entry to display. In our case we used the same form for all three cases. This is how the shift check list looks under the Safari Browser on a PC:

Capture.png

And here is how it looks on the iPad:

IMAG0036.jpg

Each section can be collapsed and expanded (blue arrows at the left), and various internal checks are made before the check list can be submitted.

Implementing such forms is however more something for the advanced user, since you have to hand-write HTML with CSS and JavaScript code. It can then however be a powerful method for check lists. Please find in the attachments the elogd.cfg configuration for that logbook and the shiftcheck.html source code file. It is a bit complicated since the page is a static page, elogd just serves it from the file. This requires all the dynamic functions to be implemented inside the HTML file with JavaScript. To display an entry for example, the JavaScript loads the raw data with the "?cmd=Download" command and the populates the form fields. The collapsing and expanding is done by using CSS properties. The integrated style sheet was optimized for the rendering on an iPad. Rather large fonts were chosen so that the items can be checked easily with your finger tips. Various parameters are sent between the browser and the elogd program via hidden fields and cookies. So only something for experts! But if you go through the effort and hand-write the form, it can be very handy. Note that you have to upgrade to SVN revision 2328 for the three new options.

 

Thank you very much for this nice example!

I found a little issue with newer ELOG versions: if the authentication is done via session cookies, the submission of the checklist will fail with the error "Cannot open file passwd". This is actually misleading as the cause of the error is the empty user name submitted (since the cookie storing user name and pwd hash is never created) and not the password file itself. This can be worked around by removing the user name and pwd fields in the html form before submitting in case there is a SID cookie around.

The attached shiftcheck.html contains this workaround and seems to be functioning fine on my installation (ELOG 3.1.0).

 

Cheers,

Hanno

Attachment 1: shiftcheck.html
  50   Tue Jul 26 10:16:22 2016 Andreas Luedekesimon.ebner@psi.chScriptPython module to read/write/edit/reply/delete ELOG entriesStableTue Jul 26 10:26:34 2016 by Andreas Luedeke
Hello Everybody!
I would just like to inform you that there is a new Python module available to access and work with ELOG (read/write/edit/reply/delete).
Currently the module is only supported for Python version 3. The package is pure Python and has no special dependencies. Therefore you can use the package on any machine.

The documentation you can find on https://github.com/paulscherrerinstitute/py_elog

If you want to install the package in an Anaconda on your local machine just use
conda install -c paulscherrerinstitute elog
(also works from outside PSI - the package is available at https://anaconda.org/paulscherrerinstitute/elog)

If there are issues with the package please use the issue tracker that comes with the github repository
https://github.com/paulscherrerinstitute/py_elog/issues or let me know.

Best
Simon
  52   Fri Sep 15 17:19:47 2017 Andreas Luedekeandreas.luedeke@psi.chScriptCheck logbook files for wrong referencesStableFri Sep 15 17:41:41 2017 by Andreas Luedeke
You can run this little script to check if all entries referenced "In reply to:" do actually exist.
To use it, you first need to "cd" to your logbook directory ("cd /usr/local/elog/logbooks") and then run it without arguments "logcheck".
If it finds references pointing to a missing entry, it'll print the path to the file with the offending reference and some lines. For example:
### error: reference to entry 146, that exists 0 times. Reference is:
### Proscan/2012/120507a.log-<p>[...].</p>
### Proscan/2012/120507a.log-$ @ MID @ $: 147
### Proscan/2012/120507a.log-Date: Mon, 07 May 2012 13:44:03 +0200
### Proscan/2012/120507a.log:In reply to: 146
### Proscan/2012/120507a.log-Wann: 1336373261
### Proscan/2012/120507a.log-Autor: [...]
### Proscan/2012/120507a.log-Eintrag: Problem
[...]-

Very often this happens if an entry is deleted AFTER someone already replied to it. Normally that is no problem, but in some cases you might get infinite loops and that causes ELOG to hang. The script is not checking for loops, but wrong references might give you a hint where to look.

The script will print duplicate entries as well, if the referenced entry exist more than once.

Cheers, Andreas

PS: never include the string "$ @ MID @ $:" without spaces in an ELOG entry: apparently ELOG cuts off all text from that token on.

Attachment 1: logcheck 
#!/usr/bin/perl
$cmd=q/find * -noleaf -maxdepth 0 -wholename Backup -prune -o -wholename en -prune -o -type d -exec printf '%s:' {} + /;
#print $cmd;
$logf=q/*\/[0-9][0-9][01][0-9][0-3][0-9]a.log/;
open(INP,$cmd . "2>/dev/null |") || die "can't open " . $cmd . ": $!";
$list=<INP>;
close(INP);
#print "list=" . $list ."\n";
foreach $dir (split(":",$list)) {
    chomp $dir;
    if (length($dir) > 1) {
        print "Check \"" . $dir . "\"\n";
        $files=$dir . "/" . $logf;
        $cmd="grep ^In.reply.to: " . $files . " 2>/dev/null | cut -d \" \" -f 4 | sort -nu |";
        open(INPB,$cmd) || die "can't open " . $cmd . ": $!";
        while (<INPB>) {
            chomp;
            $id=$_;
            $cmd="grep '[\$\]\@MID\@[\$\]:.$id\$' $files |";
            open(INPC,$cmd) || die "can't open " . $cmd . ": $!";
            $c=0;
            while (<INPC>) {$c++};
            close(INPC);
            if ($c != 1) {
                print "### error: reference to entry $id, that exists $c times. Reference is:\n";
                $cmd="grep -C 3 '^In.reply.to:.$id\$' $files |";
                #print $cmd;
                open(INPD,$cmd) || die "can't open " . $cmd . ": $!";
                while (<INPD>) {
                    print "### ".$_;
                }
                close(INPD);
            }
        }
        close(INPB);
    }
}
  53   Sat Sep 16 15:47:16 2017 David PilgramDavid.Pilgram@epost.org.ukScriptRe: Check logbook files for wrong referencesStableSat Sep 16 15:52:58 2017 by David Pilgram

I had to modify the script because I'm still on elog 2.9.2, where there are not subdirectories (by year) for
 each logbook.  Line 5 had to be changed to  

$logf=q/[0-9][0-9][01][0-9][0-3][0-9]a.log/;

to do this.

Once done, I found the deliberate orphan script that I had put in to test, and rather too many other orphans than I had expected.  One or two I cannot explain.   If I had clicked on any of those entries elog would have gone into infinate loop.

A very useful utility.  Thanks Andreas!

Andreas Luedeke wrote:
You can run this little script to check if all entries referenced "In reply to:" do actually exist.
To use it, you first need to "cd" to your logbook directory ("cd /usr/local/elog/logbooks") and then run it without arguments "logcheck".
If it finds references pointing to a missing entry, it'll print the path to the file with the offending reference and some lines. For example:
### error: reference to entry 146, that exists 0 times. Reference is:
### Proscan/2012/120507a.log-<p>[...].</p>
### Proscan/2012/120507a.log-$ @ MID @ $: 147
### Proscan/2012/120507a.log-Date: Mon, 07 May 2012 13:44:03 +0200
### Proscan/2012/120507a.log:In reply to: 146
### Proscan/2012/120507a.log-Wann: 1336373261
### Proscan/2012/120507a.log-Autor: [...]
### Proscan/2012/120507a.log-Eintrag: Problem
[...]-

Very often this happens if an entry is deleted AFTER someone already replied to it. Normally that is no problem, but in some cases you might get infinite loops and that causes ELOG to hang. The script is not checking for loops, but wrong references might give you a hint where to look.

The script will print duplicate entries as well, if the referenced entry exist more than once.

Cheers, Andreas

PS: never include the string "$ @ MID @ $:" without spaces in an ELOG entry: apparently ELOG cuts off all text from that token on.

 

  148   Mon Mar 11 09:28:15 2019 Mauratgm001@free.frScriptCode change for LDAP authenticationStableMon Mar 11 10:15:43 2019 by Maurat

Hi,

I had to change code to authenticate users in my organization's LDAP directory. Indeed, accounts are distributed under several organizational units in my LDAP directory.

The current version of the code can't authenticate accounts when these are in different organizational units. Hence my contribution.

I Use a read account to request LDAP to locate the account that has logged in (with e-mail address in the search filter).

I get the number of LDAP entries. If I have one entry then I call ldap_get_dn function to get the DN account and then I call ldap_simple_bind_s using the account's DN and password to perform LDAP authentication.

I changed configuration file elogd.cfg. I added two parameters:

LDAP DN user = <DN read account>

LDAP PW user = <password read account>

I changed code auth.c too (see attached file)

I had to change Makefile. I added a call to lber library

ifdef USE_LDAP
ifneq ($(USE_LDAP),0)
CFLAGS += -DHAVE_LDAP
LIBS += -lldap -llber
endif
endif

Have good day

 

 

 

 

 

 

Attachment 1: auth.c 
/********************************************************************\

  Name:         auth.c
  Created by:   Stefan Ritt
  Copyright 2000 + Stefan Ritt

  ELOG is free software: you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.

  ELOG is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with ELOG.  If not, see <http://www.gnu.org/licenses/>.


  Contents:     Authentication subroutines. Currently supported:

                - password file authentication
                - kerberos5 password authentication

  $Id: elog.c 2350 2010-12-23 10:45:10Z ritt $

\********************************************************************/

#include "elogd.h"

#ifdef HAVE_KRB5
#include <krb5.h>
#endif

#ifdef HAVE_LDAP
#include <ldap.h>

LDAP *ldap_ld;
char ldap_login_attr[64];
char ldap_dn_user[256];
char ldap_pw_user[64];
char ldap_userbase[256];
char ldap_bindDN[512];
#endif  /* HAVE_LDAP */

extern LOGBOOK *lb_list;

/*==================================================================*/

/*---- Kerberos5 routines ------------------------------------------*/

#ifdef HAVE_KRB5

int auth_verify_password_krb5(LOGBOOK * lbs, const char *user, const char *password, char *error_str,
                              int error_size)
{
   char *princ_name, str[256], realm[256];
   krb5_error_code error;
   krb5_principal princ;
   krb5_context context;
   krb5_creds creds;
   krb5_get_init_creds_opt options;

   if (krb5_init_context(&context) < 0)
      return FALSE;

   strlcpy(str, user, sizeof(str));
   if (getcfg(lbs->name, "Kerberos Realm", realm, sizeof(realm))) {
      strlcat(str, "@", sizeof(str));
      strlcat(str, realm, sizeof(str));
   }
   if ((error = krb5_parse_name(context, str, &princ)) != 0) {
      strlcpy(error_str, "<b>Kerberos error:</b>
", error_size);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   error = krb5_unparse_name(context, princ, &princ_name);
   if (error) {
      strlcpy(error_str, "<b>Kerberos error:</b>
", error_size);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   sprintf(str, "Using %s as server principal for authentication", princ_name);
   write_logfile(lbs, str);

   memset(&options, 0, sizeof(options));
   krb5_get_init_creds_opt_init(&options);
   memset(&creds, 0, sizeof(creds));
   error = krb5_get_init_creds_password(context, &creds, princ,
                                        (char *) password, NULL, NULL, 0, NULL, &options);

   krb5_free_context(context);

   if (error && error != KRB5KDC_ERR_PREAUTH_FAILED && error != KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
      sprintf(error_str, "<b>Kerberos error %d:</b>
", error);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   if (error)
      return FALSE;

   return TRUE;
}

int auth_change_password_krb5(LOGBOOK * lbs, const char *user, const char *old_pwd, const char *new_pwd,
                              char *error_str, int error_size)
{
   char *princ_name, str[256], realm[256];
   int result_code, n;
   krb5_error_code error;
   krb5_data result_code_string, result_string;
   krb5_principal princ;
   krb5_context context;
   krb5_creds creds;
   krb5_get_init_creds_opt options;

   if (krb5_init_context(&context) < 0)
      return FALSE;

   strlcpy(str, user, sizeof(str));
   if (getcfg(lbs->name, "Kerberos Realm", realm, sizeof(realm))) {
      strlcat(str, "@", sizeof(str));
      strlcat(str, realm, sizeof(str));
   }
   if ((error = krb5_parse_name(context, str, &princ)) != 0) {
      strlcpy(error_str, "<b>Kerberos error:</b>
", error_size);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   error = krb5_unparse_name(context, princ, &princ_name);

   sprintf(str, "Using %s as server principal for authentication", princ_name);
   write_logfile(lbs, str);

   memset(&options, 0, sizeof(options));
   krb5_get_init_creds_opt_init(&options);
   krb5_get_init_creds_opt_set_tkt_life(&options, 300);
   krb5_get_init_creds_opt_set_forwardable(&options, FALSE);
   krb5_get_init_creds_opt_set_proxiable(&options, FALSE);

   memset(&creds, 0, sizeof(creds));
   error = krb5_get_init_creds_password(context, &creds, princ,
                                        (char *) old_pwd, NULL, NULL, 0, "kadmin/changepw", &options);
   if (error) {
      strlcpy(error_str, "<b>Kerberos error:</b>
", error_size);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   error = krb5_set_password(context, &creds, (char *) new_pwd, princ,
                             &result_code, &result_code_string, &result_string);
   if (error) {
      strlcpy(error_str, "<b>Kerberos error:</b>
", error_size);
      strlcat(error_str, krb5_get_error_message(context, error), error_size);
      strlcat(error_str, ".
Please check your Kerberos configuration.", error_size);
      return FALSE;
   }

   if (result_code > 0) {
      if (result_code_string.length > 0) {
         strlcpy(error_str, result_code_string.data, error_size);
         if ((int) result_code_string.length < error_size)
            error_str[result_code_string.length] = 0;
      }
      if (result_string.length > 0) {
         strlcat(error_str, ": ", error_size);
         n = strlen(error_str) + result_string.length;
         strlcat(error_str, result_string.data, error_size);
         if (n < error_size)
            error_str[n] = 0;
      }
   }

   krb5_free_data_contents(context, &result_code_string);
   krb5_free_data_contents(context, &result_string);
   krb5_free_cred_contents(context, &creds);
   krb5_get_init_creds_opt_free(context, &options);
   krb5_free_context(context);

   if (result_code > 0)
      return FALSE;

   return TRUE;
}
#endif

/*---- LDAP routines ------------------------------------------*/

#ifdef HAVE_LDAP

int ldap_init(LOGBOOK *lbs, char *error_str, int error_size)
{
   char str[512], ldap_server[256];
   int version;
   int bind=0;
   
   // Read Config file
   if (getcfg(lbs->name, "LDAP server", ldap_server, sizeof(ldap_server))) {
      strlcpy(str, ldap_server, sizeof(str));
   }
   else   {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      strlcat(str, "ERR: Cannot find LDAP server entry!", sizeof(str));
      write_logfile(lbs, str);
      return FALSE;
   }
   
   if (!getcfg(lbs->name, "LDAP userbase", ldap_userbase, sizeof(ldap_userbase))) {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      strlcat(str, ", ERR: Cannot find LDAP userbase (e.g. \'ou=People,dc=example,dc=org\')!", sizeof(str));
      write_logfile(lbs, str);
      return FALSE;
   }
   
   if (!getcfg(lbs->name, "LDAP login attribute", ldap_login_attr, sizeof(ldap_login_attr))) {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      strlcat(str, ", ERR: Cannot find LDAP login attribute (e.g. uid, cn, ...)!", sizeof(str));
      write_logfile(lbs, str);
      return FALSE;
   }

   if (!getcfg(lbs->name, "LDAP DN User", ldap_dn_user, sizeof(ldap_dn_user))) {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      strlcat(str, ", ERR: Cannot find LDAP login attribute (e.g. uid, cn, ...)!", sizeof(str));
      write_logfile(lbs, str);
      return FALSE;
   }
   
   if (!getcfg(lbs->name, "LDAP PW User", ldap_pw_user, sizeof(ldap_pw_user))) {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      strlcat(str, ", ERR: Cannot find LDAP login attribute (e.g. uid, cn, ...)!", sizeof(str));
      write_logfile(lbs, str);
      return FALSE;
   }
   // Initialize/open LDAP connection
   if(ldap_initialize( &ldap_ld, ldap_server )) {
      perror("ldap_initialize");
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      return FALSE;
   }

   // Use the LDAP_OPT_PROTOCOL_VERSION session preference to specify that the client is LDAPv3 client
   version = LDAP_VERSION3;
   ldap_set_option(ldap_ld, LDAP_OPT_PROTOCOL_VERSION, &version);
   
   write_logfile(lbs, str);
   
   return TRUE;
}

int auth_verify_password_ldap(LOGBOOK *lbs, const char *user, const char *password, char *error_str,
                              int error_size)
{  LDAPMessage *result, *err, *entry;
   int bind=0, i, rc=0, nb=0;
   char str[512], filter[512];
   char *attribute , *dn;
   BerElement *ber;
   BerValue **values;
    ldap_ld = NULL;
    memset(&ldap_bindDN[0], 0, sizeof(ldap_bindDN));
   struct timeval timeOut = {3,0}; // 3 second connection/search timeout
   // zerotime.tv_sec = zerotime.tv_usec = 0L;
   
   if(!ldap_init(lbs,error_str,error_size)) {
      strlcpy(error_str, "<b>LDAP initialization error</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      return FALSE;
   }
  
      printf("\n dn: %s\n", ldap_dn_user );
   //Bind with read account
   bind = ldap_simple_bind_s(ldap_ld, ldap_dn_user, ldap_pw_user, LDAP_AUTH_SIMPLE);
   if(bind != LDAP_SUCCESS) {
      strlcpy(error_str, "<b>LDAP BIND error with read account</b>
", error_size);
      strlcat(error_str, "
Please check your LDAP configuration.", error_size);
      return FALSE;
   }

   // search user
   sprintf(filter, "(%s=%s)", ldap_login_attr, user);

   rc = ldap_search_ext_s(
          ldap_ld,             // LDAP session handle
          ldap_userbase,       // Search Base
... 318 more lines ...
Goto page Previous  1, 2, 3, 4, 5, 6   Next  All
ELOG V3.1.5-2eba886