Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 107 of 806  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Hide attachments  Show only new entries    6445 Entries 
Goto page Previous  1, 2, 3 ... 106, 107, 108 ... 804, 805, 806   Next  
ID Date Icon Author Author Email Category OS ELOG Versiondown Subject
  69358   Wed Apr 28 04:01:49 2021 Reply gary holmanholman@uw.eduBug reportLinuxELOG V3.1.4-611Re: segfault in auth.c:366

Dear Mr Ritt, Mr Schenk,

Thank you for the responses.  This was indeed my issue and direction to fix the crash.

Thank you,

Gary

Sebastian Schenk wrote:

Hi Mr. Holman,

The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.

I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.

I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.

I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.

Best wishes,
Sebastian

gary holman wrote:

Elog version:  ELOG V3.1.4-611489ba

I am running openldap on the localhost.  For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file.  For example:

1. I delete user passord file defined in elogd.cfg

2. Bind/Authenticate to LDAP successfully

3.  Segfaults in auth.c ldap_adduser_file()

 

Makefile:
...
ELOGDIR    = /opt/elog
DESTDIR    = $(ROOT)$(PREFIX)/bin
SDESTDIR   = $(ROOT)$(PREFIX)/sbin
RCDIR      = $(ROOT)/etc/rc.d/init.d
SRVDIR     = $(ROOT)/usr/lib/systemd/system

# flag for SSL support
USE_SSL    = 1

# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5   = 0

# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP   = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM    = 0
...

For authentication, I am using openldap in the localhost:

----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
 

gdb output

----------

(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...

Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350       if (rc != LDAP_SUCCESS) {
(gdb) n
337       rc = ldap_search_ext_s(
(gdb) n
350       if (rc != LDAP_SUCCESS) {
(gdb) n
358       for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371                   if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361          for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365             if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366                for(i=0; values[i] != NULL; i++) {
(gdb) n

Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366                for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
 

This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
 

 

 

 

 

 

  69224   Tue Sep 22 18:54:04 2020 Question Andreykowaraj4stuff@gmail.comBug reportLinuxELOG V3.1.4-493Bug report. "Submit" button misbehave

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

  69225   Wed Sep 23 11:51:57 2020 Reply Andreykowaraj4stuff@gmail.comBug reportLinuxELOG V3.1.4-493SOLVED

Hi again. We have solved our problem! 

It was caused by a non-defined mod_auth_openidc configuration parameter:

# Interval in seconds after which the session will be invalidated when no interaction has occurred.

# When not defined, the default is 300 seconds.

#OIDCSessionInactivityTimeout <seconds>

 

As a guess... This somehow makes elogd to forget a user who is editing an entry. And then, clicking "Submit" button makes elogd to start a new session? 

 

Andrey wrote:

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

 

  69528   Tue May 10 09:31:40 2022 Question Andrey`kowaraj4stuff@gmail.comBug reportMac OSXELOG V3.1.4-493duplicated/extra newlines (LF) after submit with Safari (since 15.4)
I think this is a bug report. 
However, I am not sure whether the problem is in the new version of Apple's WebKit (15.4) or in the ELOG itself.

When we edit an ELOG record with Safari (as of version 15.4, new WebKit features added) the number of "newline" symbols (actually LF, 0xA) are doubled.

So, for instance, if I edit the following page (1 LF symbol between "aaa" and "bbb"):
```
aaa
bbb
```

then after a "Submit" (without actually any changes) the record becomes (2 LF symbols):

```
aaa

bbb
```

then after a "Submit" (without actually any changes) the record becomes (4 LF symbols in between):
```
aaa



bbb
```

NOTE: The LF symbol at the end (after the "bbb" line) does NOT get duplicated (it gets truncated, I believe).


Our current ELOG version is "ELOG V3.1.4-4936b76".
Could you please have a look?
  69529   Tue May 10 10:58:12 2022 Reply Andreykowaraj4stuff@gmail.comBug reportMac OSXELOG V3.1.4-493reproduced on the latest newly compiled Elogd
I have just setup a new ELOG server on another machine. I took the latest source code from here: http://elog.psi.ch/elog/download/tar/elog-latest.tar.gz. Compiled it and ran. 
Still the same problem with Safari.
  Draft   Tue May 10 12:35:40 2022 Reply Andreykowaraj4stuff@gmail.comBug reportMac OSXELOG V3.1.4-493important detail: No ^M after the last 
> I think this is a bug report. 
> However, I am not sure whether the problem is in the new version of Apple's WebKit (15.4) or in the ELOG itself.
> 
> When we edit an ELOG record with Safari (as of version 15.4, new WebKit features added) there are extra "newline" symbols (actually ^M) being added after EACH line of the record.
> 
> So, for instance, if I edit the following page:
> ```
> aaa
> aaa
> aaa
> ```
> 
> then after a "Submit" (without actually any changes) the record becomes:
> ```
> aaa
> 
> aaa
> 
> aaa
> ```
> 
> Our current ELOG version is "ELOG V3.1.4-4936b76".
> Could you please have a look?
  69594   Tue Dec 27 12:44:52 2022 Warning Andreykowaraj4stuff@gmail.comInfoAllELOG V3.1.4-493Duplicated \n in "plain" format with new WebKit

Dear Stefan, 

There is a problem with editing an Elog page in "plain" format with the following "User Agent" :

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15"

It duplicates the newline symbols such that "1<CRLF>2" becomes "1<CRLF><CRLF>2". If edited again - "1<CRLF><CRLF><CRLF><CRLF>2".

I blame the new version of the Apple WebKit. 

It works fine with Chrome (user agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"). But fails with Safari. 
 

Could you please have a look? 

Thank you in advance, 

Andrey Pashnin

AMS collaboration

 

  69595   Wed Dec 28 16:09:30 2022 Reply Andreykowaraj4stuff@gmail.comInfoAllELOG V3.1.4-493bug report to webkit.org

It shound't be a "bug report", sorry. I have changed the category to "Info".

It seems to be really a bug in the WebKit core. I have created a bug report there. For reference: https://bugs.webkit.org/show_bug.cgi?id=249923

 

I am going to try to patch the ELOG code to handle the content of the textarea in the "plain" format.... it doesn't seem possible though. 

Goto page Previous  1, 2, 3 ... 106, 107, 108 ... 804, 805, 806   Next  
ELOG V3.1.5-3fb85fa6