we had an elog with only one logbook and one password file,
we added a second logbook with a second password file and everything broke.

specifically, login to the original logbook stopped working,
username and password is accepted, elog.log says "user accepted", but I am presented
with the login dialog again, ad infinitum, and cannot access the elog.

solution seems to be to "delete all cookies" (which is excessive,
google chrome wants to delete all cookies for *.triumf.ca,
which will log me out from everywhere I am logged in and probably
erase/reset web site preferences everywhere).

manually deleting just the elog session cookie also seems to work, though.

this suggests that there is a bug in elog, where on successful login,
it fails to create a new authentication cookie, but reuses an old
cookie, which is no longer valid, for whatever reason (that would
be a different bug, why adding one more logbook invalidates
existing logins?).

K.O.

Something is not right with the elog account activation, I get the email
for "Registration request for ELOG logbook "haicu"", but when I follow the given URL,
I get "Invalid activation code". Account activation requests go to two people,
so maybe the other one already activate this user, in which case I expect a message "user already active".
When I check the elog config, I see that the user indeed is already active. And if I rerun
this URL I still get "Invalid activation code", and this time I definitely expect "user already active".

https://daq00.triumf.ca/elog-haicu/haicu/?cmd=Activate&new_user_name=fujiwara&code=-1904103410&unm=Olchansk

K.O.

Hi Stefan,

I've seen that ELOG is build now with gcc-c++ now, so i tried to check rpmbuild script with all options. It seems that ldap api is different with c++ (quick search : https://www.openldap.org/lists/openldap-software/200706/msg00177.html) and elogd can not been build anymore with ldap support. :-(

# make
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o mxml.o mxml/mxml.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o crypt.o src/crypt.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o strlcpy.o mxml/strlcpy.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -o elog src/elog.cxx mxml.o crypt.o strlcpy.o -lssl -lkrb5 -lldap -llber -lpam -llber
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o auth.o src/auth.cxx
src/auth.cxx: In function ‘int auth_verify_password_ldap(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:283:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:290:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:295:23: erreur: ‘ldap_unbind’ was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function ‘int ldap_adduser_file(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:323:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:330:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:358:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:369:62: erreur: ‘ldap_get_values’ was not declared in this scope
          if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
                                                              ^
src/auth.cxx:378:35: erreur: ‘ldap_value_free’ was not declared in this scope
             ldap_value_free(values);
                                   ^
src/auth.cxx:386:23: erreur: ‘ldap_unbind’ was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function ‘int elog_conv(int, const pam_message**, pam_response**, void*)’:
src/auth.cxx:451:59: erreur: invalid conversion from ‘void*’ to ‘pam_response*’ [-fpermissive]
    if((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL)
                                                           ^
src/auth.cxx:456:33: erreur: invalid conversion from ‘void*’ to ‘const char*’ [-fpermissive]
    if(!(resptok = strdup(my_data))) {
                                 ^
In file included from src/elogd.h:46:0,
                 from src/auth.cxx:30:
/usr/include/string.h:172:14: erreur:   initializing argument 1 of ‘char* strdup(const char*)’ [-fpermissive]
 extern char *strdup (const char *__s)
              ^
src/auth.cxx: In function ‘int auth_verify_password(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:593:73: erreur: invalid conversion from ‘const char*’ to ‘char*’ [-fpermissive]
          if (get_user_line(lbs, user, NULL, NULL, NULL, NULL, NULL, NULL) == 2) {
                                                                         ^
In file included from src/auth.cxx:30:0:
src/elogd.h:282:5: erreur:   initializing argument 2 of ‘int get_user_line(LOGBOOK*, char*, char*, char*, char*, BOOL*, time_t*, int*)’ [-fpermissive]
 int get_user_line(LOGBOOK * lbs, char *user, char *password, char *full_name, char *email,
     ^
make: *** [auth.o] Erreur 1
 

Regards,

Laurent

> I fixed these as well, please have a look again. BTW, midas had a few of these as well.

confirmed. elog commit d828aa58305ee8ce2ae882c0ff3c34cfa66650e5

K.O.

I fixed these as well, please have a look again. BTW, midas had a few of these as well.

Stefan

> Well, I bit the bullet and fixed all of these warnings. Took me like two days of work, but now should be fine.
> You might want to test it again.

Done. Only 2 sprintf() overruns remain, see below.

> I only have gcc 9.2.0, there it compiles now without warning.

Ubuntu LTS 20.04 is GCC 9.3.0. (And incoming Debian-11 based Ubuntu LTS 22.04 likely to be GCC 10.something).

If you do not have access, I can create an account for you on daq00.triumf.ca.

daq00:elog$ make
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -c -o mxml.o 
mxml/mxml.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -w -c -o crypt.o 
src/crypt.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -c -o strlcpy.o 
mxml/strlcpy.cxx
type git &> /dev/null; if [ $? -eq 1 ]; then REV="unknown" ;else REV=`git log -n 1 --pretty=format:"%ad - %h"`; fi; echo \#define 
GIT_REVISION \"$REV\" > src/git-revision.h
git is /usr/bin/git
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -o elog 
src/elog.cxx mxml.o crypt.o strlcpy.o -lssl
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -w -c -o auth.o 
src/auth.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -o elogd 
src/elogd.cxx auth.o mxml.o crypt.o strlcpy.o -lssl
src/elogd.cxx: In function ‘void show_elog_list(LOGBOOK*, int, int, int, BOOL, char*)’:
src/elogd.cxx:21676:42: warning: ‘%s’ directive writing up to 149999 bytes into a region of size 1588 [-Wformat-overflow=]
21676 |                sprintf(str, "Time format %s", attr_list[i]);
      |                                          ^~
In file included from /usr/include/stdio.h:867,
                 from src/elogd.h:42,
                 from src/elogd.cxx:38:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:36:34: note: ‘__builtin___sprintf_chk’ output between 13 and 150012 bytes into a destination 
of size 1600
   36 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   37 |       __bos (__s), __fmt, __va_arg_pack ());
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.cxx:21660:42: warning: ‘%s’ directive writing up to 149999 bytes into a region of size 1588 [-Wformat-overflow=]
21660 |                sprintf(str, "Date format %s", attr_list[i]);
      |                                          ^~
In file included from /usr/include/stdio.h:867,
                 from src/elogd.h:42,
                 from src/elogd.cxx:38:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:36:34: note: ‘__builtin___sprintf_chk’ output between 13 and 150012 bytes into a destination 
of size 1600
   36 |   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
      |          ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   37 |       __bos (__s), __fmt, __va_arg_pack ());
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -o elconv 
src/elconv.cxx -lssl



daq00:elog$ gcc -v
gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) 

Well, I bit the bullet and fixed all of these warnings. Took me like two days of work, but now should be fine. You might want to test it again. I only have gcc 9.2.0, there it compiles now without warning.

Stefan

Recently I have had problems with ELOG not accepting the certificates (in this case from https://letsencrypt.org/) probably due to the old version of the SSL library of the binary distribution for Windows.
I have tried to follow the instructions to set up ELOG to work with Apache but they are probably old.
I have a simple solution for the Apache installation of XAMPP, the example is for two separate logbooks using each its own ELOG service on the same server:

1. I have set up the two ELOG to run as http://my.server.example.com:8080/ and as http://my.server.example.com:8081/

2. in c:\xampp\apache\conf\httpd.conf I have enabled the following (I am not sure if all the modules are really needed but this works for me):

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so

3. still in c:\xampp\apache\conf\httpd.conf, at the very end of the file I added the following:

ProxyRequests off

Redirect permanent /app1 https://my.server.example.com/app1/
ProxyPass /app1/ http://my.server.example.com:8080/
ProxyHTMLURLMap http://my.server.example.com:8080 /app1

Redirect permanent /app2 https://my.server.example.com/app2/
ProxyPass /app2/ http://my.server.example.com:8081/
ProxyHTMLURLMap http://my.server.example.com:8081 /app2

This way I can now connect to the two ELOG using https://my.server.example.com/app1/ and https://my.server.example.com/app2/ without troubles and no additional setting to either the configuration files of ELOG nor any need for virtual hosts, ...

I hope this might be of use.