Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 209 of 793  Not logged in ELOG logo
ID Date Icon Author Author Email Categoryup OS ELOG Version Subject
  69168   Mon Jul 6 20:19:21 2020 Reply Laurent Jean-Rigaudlollspam@free.frBug reportLinux3.1.4Re: bug in elog.spec

Hi,

You rights, CFLAGS should not be in specfile to take care of distrib env.

Btw, I sent in the past an update for build process of Stefan delivery to generate src.rpm file copatible to tarball version. I think Stefan did not have time yet to test and to check.

With the enclosed SPEC file, you can build ELOG with options at rpmbulld command w/o modifying sources. For exemple,

rpm -i elog-.....src.rpm

rpmbuild -bb --with ssl --with pam --with ldap --with krb5 ~/rpmbuild/SPECS/elog.spec

 

I enclosed also the SRPMS i used for my projects. Be careful, It's maybe not uptodate of last GIT version or PSI releases... but you can test it on your RPM distrib. It should be nice to hare your feedback.

Bye,

Laurent

 

Janusz Szuba wrote:

Hi, 

in commit 1812e7c, specifying CFLAGS to make command in elog.spec, renders all other settings in Makefile void. That is, if I want to include any of KRB5, LDAP, PAM support, and change makefile accordingly, then when producing rpm they are not taken into account. Anyway, CFLAGS in Makefile are already set to the same defaults, so why it is redefined in spec file?

best

Janusz

 

Attachment 1: elog.spec
# ELOG weblog application
# rpmbuild -ba --define 'elogver 3.1.4' --define 'elogrel 2' --with ssl --with pam --with ldap --with krb5 --define 'factorydate date'
 
# define date of build for changelog and default release
%define build_timestamp %(LC_TIME=C date '+%a %b %d %Y')
%{!?factorydate: %define factorydate %build_timestamp}

# default version and release
%{!?elogver: %define elogver 3.1.4 }
%{!?elogrel: %define elogrel 2 }
# default release is build date
%{!?elogrel: %define elogrel %{build_timestamp} }

# Build options :
# Read: If neither macro exists, then add the default definition.
%{?_with_krb5: %define _with_krb5 USEKRB5=1}
%{?_with_ldap: %define _with_ldap USELDAP=1}
%{?_with_pam: %define _with_pam USEPAM=1}
%{?_with_ssl: %define _with_ssl USESSL=1}
# Default build options are with SSL 
%{!?_with_ssl: %{!?_without_ssl: %define _with_ssl USESSL=1}}
# builder info
%define whoami %(eval who am i | awk '{print $1}')
%define HOSTNAME %(hostname)
%{!?packager: %define packager %{whoami} %{whoami}@%{HOSTNAME}}

Name:       elog
Summary:    elog is a standalone electronic web logbook
Version:    %elogver
Release:    %elogrel%{?customrel}%{?dist}
License:    GPL
Group:      Applications/Networking
Source:     http://elog.psi.ch/elog/download/elog-%{elogver}-%{elogrel}.tar.gz
Vendor:     Stefan Ritt <stefan.ritt@psi.ch>
URL:        http://elog.psi.ch/elog
BuildRoot:  /tmp/%{name}-root
Prefix:     /usr/local
# Add build dependencies for pam, ssl and ldap features if enabled.
# Note: Tag tokens must start at beginning-of-line.
#
# Read: If feature is enabled, then add the build dependency.
%{?_with_krb5:BuildRequires: krb5-devel}
%{?_with_krb5:Requires: krb5-libs}
%{?_with_ldap:BuildRequires: openldap-devel >= 2.4.1}
%{?_with_ldap:Requires: openldap >= 2.4.1}
%{?_with_pam:BuildRequires: pam-devel >= 1.1.1}
%{?_with_ssl:BuildRequires: openssl-devel >= 0.9.8e}
# GAIAOPS: set max N limit to 500
Patch1:     elog_set_max_list_500.patch

%description
ELOG is part of a family of applications known as weblogs. 
Their general purpose is : 

1. To make it easy for people to put information online in a chronological
   fashion, in the form of short, time-stamped text messages ("entries") 
   with optional HTML markup for presentation, and optional file attachments 
   (images, archives, etc.) 

2. To make it easy for other people to access this information through a 
   Web interface, browse entries, search, download files, and optionally add, 
   update, delete or comment on entries. 

ELOG is a remarkable implementation of a weblog in at least two respects : 

- Its simplicity of use: you don't need to be a seasoned server operator 
and/or an experimented database administrator to run ELOG ; one executable 
file (under Unix or Windows), a simple configuration text file, and it works. 
No Web server or relational database required. It is also easy to translate 
the interface to the appropriate language for your users. 

- Its versatility: through its single configuration file, ELOG can be made 
to display an infinity of variants of the weblog concept. There are options 
for what to display, how to display it, what commands are available and to whom, 
access control, etc. Moreover, a single server can host several weblogs, and 
each weblog can be totally different from the rest. 

%changelog
* %{build_timestamp} %{packager} %{version}-%{release}
- rebuild with option(s): %{?_with_krb5:KRB5 }%{?_with_ldap:LDAP }%{?_with_pam:PAM }%{?_with_ssl:SSL}
- set MAX_N_LIST to 500 (patch1)

* %{factorydate} Stefan Ritt <stefan.ritt@psi.ch> %{version}-%{release}
- Updated from git 
* Wed Sep 26 2018 Stefan Ritt <stefan.ritt@psi.ch>
- Made adjustments for new elog server and RH7
* Fri Aug 29 2014 Stefan Ritt <stefan.ritt@psi.ch>
- Added BuildRequires, thanks to Stefan Roiser from CERN
* Fri Oct 21 2005 Stefan Ritt <stefan.ritt@psi.ch>
- Added resources/ directory
* Fri Mar 14 2003 Stefan Ritt <stefan.ritt@psi.ch>
- Added %post to change ownership of elog files
* Thu Jan 30 2003 Stefan Ritt <stefan.ritt@psi.ch>
- Added installation of man pages, thanks to Serge Droz <serge.droz@psi.ch>
* Tue Aug 13 2002 Stefan Ritt <stefan.ritt@psi.ch>
- Added elog group and user, thanks to Nicolas Chuche [nchuche@teaser.fr]
* Tue Jun 18 2002 Stefan Ritt <stefan.ritt@psi.ch>
- Put elogd.init into TAR file, add logbooks directory, put elogd in sbin/
* Tue Jun 18 2002 Serge Droz <serge.droz@psi.ch>
- Update to 2.0.0
* Mon Jun  3 2002 Serge Droz <serge.droz@psi.ch>
- Update to 1.3.6 
* Fri May 31 2002 Serge Droz <serge.droz@psi.ch>
- Initial RPM


%prep
%setup -q
%patch1 -p0

%pre
%{_sbindir}/groupadd -r elog 2>/dev/null || :
%{_sbindir}/useradd -d / -s /bin/false \
   -g elog -M -r elog 2>/dev/null || :

%build
make %{?_with_ssl} %{?_with_pam} %{?_with_ldap} %{?_with_krb5} CFLAGS='-O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -g'
sed "s#\@PREFIX\@#%{prefix}#g" elogd.init_template > elogd.init

%install
make install ROOT=$RPM_BUILD_ROOT MANDIR=$RPM_BUILD_ROOT%{_mandir}

%post
chown -R elog:elog $RPM_BUILD_ROOT%{prefix}/elog

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
/etc/rc.d/init.d/elogd
%{_mandir}/man1/*
%{_mandir}/man8/*
%doc	README COPYING doc
%defattr(-,elog,elog)
%prefix/bin/*
%prefix/sbin/elogd
%prefix/elog/resources
%prefix/elog/ssl
%prefix/elog/themes
%prefix/elog/scripts
%prefix/elog/logbooks
%config(noreplace) %prefix/elog/elogd.cfg
Attachment 2: elog-3.1.4-2.CNES.el6.src.rpm
  69169   Tue Jul 7 11:22:45 2020 Reply Janusz Szubajanusz.szuba@xfel.euBug reportLinux3.1.4Re: bug in elog.spec

Thanks for the answer, I will try with your specfile

best

Janusz

Laurent Jean-Rigaud wrote:

Hi,

You rights, CFLAGS should not be in specfile to take care of distrib env.

Btw, I sent in the past an update for build process of Stefan delivery to generate src.rpm file copatible to tarball version. I think Stefan did not have time yet to test and to check.

With the enclosed SPEC file, you can build ELOG with options at rpmbulld command w/o modifying sources. For exemple,

rpm -i elog-.....src.rpm

rpmbuild -bb --with ssl --with pam --with ldap --with krb5 ~/rpmbuild/SPECS/elog.spec

 

I enclosed also the SRPMS i used for my projects. Be careful, It's maybe not uptodate of last GIT version or PSI releases... but you can test it on your RPM distrib. It should be nice to hare your feedback.

Bye,

Laurent

 

Janusz Szuba wrote:

Hi, 

in commit 1812e7c, specifying CFLAGS to make command in elog.spec, renders all other settings in Makefile void. That is, if I want to include any of KRB5, LDAP, PAM support, and change makefile accordingly, then when producing rpm they are not taken into account. Anyway, CFLAGS in Makefile are already set to the same defaults, so why it is redefined in spec file?

best

Janusz

 

 

  69192   Tue Aug 4 13:29:23 2020 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4-2Re: "New User" option does not work when Authentication=Webserver

Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.

Stefan

Jan Just Keijser wrote:

Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config"  and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:

int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
   char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
       email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
       admin_user[80], url[256], error[2000], sid[32];
   int i, self_register, code, first_user;
   PMXML_NODE node, subnode, npwd; 

   /* if we outsourced the authentication, use external username */
   getcfg(lbs->name, "Authentication", str, sizeof(str));
   if (stristr(str, "Webserver")) {
      /* do not allow HTML in user name */
      strencode2(user_enc, http_user, sizeof(user_enc));
   } else {
      strencode2(user_enc, user, sizeof(user_enc));
   }

 

which seems to be the culprit:  the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in.  If I remove the "Authentication" check then I can create a new user without problems.  So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?

 

 

  69198   Mon Aug 10 07:56:43 2020 Idea HyonSan Seohyon.san.seo@cern.chBug reportLinux3.1.4SSL connection drop with large content

Dear all,

 

I had some difficulty to upload large files (>20MB) with SSL connection. I think it is also related to https://elog.psi.ch/elogs/Forum/68636

During debuging, I found that, when uploading large files, ssl connection is dropped since 'SSL_read' function returns -1.

But it doesn't alway mean broken connection. It may be "SSL_ERROR_WANT_READ".

I changed the "server_loop" function in the source code to "continue" when it is SSL_ERROR_WANT_READ. And it fixed the problem.

Here is my code.


## elogd.c "server_loop" function L30031

                        if (FD_ISSET(_sock, &readfds)) {
#ifdef HAVE_SSL
                          if (_ssl_flag){
                            i = SSL_read(_ssl_con, net_buffer + len, net_buffer_size - len);
                            if(i<=0){
                              int ssl_error=SSL_get_error(_ssl_con,i);    ## check ssl error code
                              if(ssl_error==SSL_ERROR_WANT_READ||ssl_error==SSL_ERROR_WANT_WRITE) continue;    ## if ssl wants more, continue
                            }
                          }
                          else
#endif
                            i = recv(_sock, net_buffer + len, net_buffer_size - len, 0);
 


 

I am ignorant about networking. Some experts on ssl connection would know a better way to deal with this problem.

 

Best,

HyonSan Seo

 

  69199   Mon Aug 10 08:33:42 2020 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4Re: SSL connection drop with large content

Your solution sounds quite good, I will incorporate them in the distribution.

Stefan

HyonSan Seo wrote:

Dear all,

 

I had some difficulty to upload large files (>20MB) with SSL connection. I think it is also related to https://elog.psi.ch/elogs/Forum/68636

During debuging, I found that, when uploading large files, ssl connection is dropped since 'SSL_read' function returns -1.

But it doesn't alway mean broken connection. It may be "SSL_ERROR_WANT_READ".

I changed the "server_loop" function in the source code to "continue" when it is SSL_ERROR_WANT_READ. And it fixed the problem.

Here is my code.


## elogd.c "server_loop" function L30031

                        if (FD_ISSET(_sock, &readfds)) {
#ifdef HAVE_SSL
                          if (_ssl_flag){
                            i = SSL_read(_ssl_con, net_buffer + len, net_buffer_size - len);
                            if(i<=0){
                              int ssl_error=SSL_get_error(_ssl_con,i);    ## check ssl error code
                              if(ssl_error==SSL_ERROR_WANT_READ||ssl_error==SSL_ERROR_WANT_WRITE) continue;    ## if ssl wants more, continue
                            }
                          }
                          else
#endif
                            i = recv(_sock, net_buffer + len, net_buffer_size - len, 0);
 


 

I am ignorant about networking. Some experts on ssl connection would know a better way to deal with this problem.

 

Best,

HyonSan Seo

 

 

  69205   Wed Aug 26 20:41:50 2020 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.4-2Re: SSL does not work

Today I succeeded with the help of L.JR to produce a new RPM which contains SSL, KRB5, PAM and LDAP support. It's uploaded to https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm

Hisataka YOSHIDA wrote:

Dear Stefan,

Thank you for your comment. I successfuly compiled the latest elog from source code, and now elogd could work with SSL.

In fact, I reported the case of installation with rpm file. Maybe, the latest elog rpm doesn't support SSL, I guess.
The installtion with rpm file is easier to build the common environment, so I hope the next rpm will support the SSL.

best regards,
Hisataka YOSHIDA

Stefan Ritt wrote:

When you compile elog from the soruces, you need the OpenSSL library to be installed. The CMake build process will then find it and include it in the compile process. When you use the "make" build process, you have to make sure that SSL is enabled there:

USE_SSL = 1

To install the OpenSSL library, you can do on most systems something like "sudo yum install openssl-dev" or "sudo apt-get install openssl-dev"

/Stefan

 

Hisataka YOSHIDA wrote:

Hello.

I installed the latest elog (3.1.4-2) in CentOS 7, and it is working well without SSL.
When I enalbled SSL option (SSL = 1) in the "elogd.cfg", and tried to start the elogd, the message below was shown and failed to run.

SSL support not compiled into elogd

If I switched the elog to older one (3.1.4-1), I could successeed to run the elogd with SSL option.
Is there any other option required in the latest elog to run with SSL? Or is this bug in the latest version?

Thank you,
Hisataka YOSHIDA

 

 

 

  69224   Tue Sep 22 18:54:04 2020 Question Andreykowaraj4stuff@gmail.comBug reportLinuxELOG V3.1.4-493Bug report. "Submit" button misbehave

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

  69225   Wed Sep 23 11:51:57 2020 Reply Andreykowaraj4stuff@gmail.comBug reportLinuxELOG V3.1.4-493SOLVED

Hi again. We have solved our problem! 

It was caused by a non-defined mod_auth_openidc configuration parameter:

# Interval in seconds after which the session will be invalidated when no interaction has occurred.

# When not defined, the default is 300 seconds.

#OIDCSessionInactivityTimeout <seconds>

 

As a guess... This somehow makes elogd to forget a user who is editing an entry. And then, clicking "Submit" button makes elogd to start a new session? 

 

Andrey wrote:

Hi. 

I am an IT guy of the AMS collaboration at CERN. We have been using your wonderful elog software for about 10 years now. Thanks! It served us so well that I guess we never got in touch with you. 

Recently we have upgraded it (probably for the first time in years) up to the version ELOG V3.1.4-4936b76.

Since then, we have a particular problem. And finally, I managed to reproduce it.

So, when I edit a record and click the "Submit" button it goes back to the summary view (as usual, as before) but it does not really save the entry. And it shows that the record is still being edited. I can actually click "back" in the browser and not to lose the modifications (otherwise, if I try to edit and steal the lock, it's lost). 

I will try to figure out where the problem is coming from. The most verbose mode of the elog server I've found is just GET-POST lines, not helpful. Is there a debug mode? 

Also, we ran httpd configured with the elogd as a virtual host (proxy).

Any help is very appreciated. 

Cheers, 

Andrey

 

 

ELOG V3.1.5-fe60aaf