| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69350
|
Fri Apr 23 15:46:39 2021 |
 | Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Hi Mr. Holman,
The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.
I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.
I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.
I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.
Best wishes,
Sebastian
| gary holman wrote: |
|
Elog version: ELOG V3.1.4-611489ba
I am running openldap on the localhost. For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file. For example:
1. I delete user passord file defined in elogd.cfg
2. Bind/Authenticate to LDAP successfully
3. Segfaults in auth.c ldap_adduser_file()
Makefile:
...
ELOGDIR = /opt/elog
DESTDIR = $(ROOT)$(PREFIX)/bin
SDESTDIR = $(ROOT)$(PREFIX)/sbin
RCDIR = $(ROOT)/etc/rc.d/init.d
SRVDIR = $(ROOT)/usr/lib/systemd/system
# flag for SSL support
USE_SSL = 1
# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5 = 0
# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM = 0
...
For authentication, I am using openldap in the localhost:
----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
gdb output
----------
(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...
Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350 if (rc != LDAP_SUCCESS) {
(gdb) n
337 rc = ldap_search_ext_s(
(gdb) n
350 if (rc != LDAP_SUCCESS) {
(gdb) n
358 for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371 if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361 for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365 if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366 for(i=0; values[i] != NULL; i++) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366 for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
|
|
|
69351
|
Fri Apr 23 16:21:05 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Well, if you find a solution with works for everybody, I'm happy to commit it to the main repository. But unfortunately I cannot test it because I don't have LDAP here, so I'm flying blind.
Stefan |
|
69354
|
Sun Apr 25 15:17:27 2021 |
| Laurent Jean-Rigaud | lollspam@free.fr | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Hi,
Maybe it could be useful to add new parameters in elogd.cfg to define the attribute name to use to retrieve the given name, login name and email from LDAP server.
By example :
LDAP email attribute = mail
LDAP surname attribute = id
LDAP givename attribute = gn
So users can define them according to their exotic LDAP schema ;-)
Laurent |
|
69358
|
Wed Apr 28 04:01:49 2021 |
| gary holman | holman@uw.edu | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Dear Mr Ritt, Mr Schenk,
Thank you for the responses. This was indeed my issue and direction to fix the crash.
Thank you,
Gary
| Sebastian Schenk wrote: |
|
Hi Mr. Holman,
The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.
I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.
I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.
I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.
Best wishes,
Sebastian
| gary holman wrote: |
|
Elog version: ELOG V3.1.4-611489ba
I am running openldap on the localhost. For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file. For example:
1. I delete user passord file defined in elogd.cfg
2. Bind/Authenticate to LDAP successfully
3. Segfaults in auth.c ldap_adduser_file()
Makefile:
...
ELOGDIR = /opt/elog
DESTDIR = $(ROOT)$(PREFIX)/bin
SDESTDIR = $(ROOT)$(PREFIX)/sbin
RCDIR = $(ROOT)/etc/rc.d/init.d
SRVDIR = $(ROOT)/usr/lib/systemd/system
# flag for SSL support
USE_SSL = 1
# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5 = 0
# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM = 0
...
For authentication, I am using openldap in the localhost:
----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
gdb output
----------
(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...
Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350 if (rc != LDAP_SUCCESS) {
(gdb) n
337 rc = ldap_search_ext_s(
(gdb) n
350 if (rc != LDAP_SUCCESS) {
(gdb) n
358 for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371 if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361 for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365 if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366 for(i=0; values[i] != NULL; i++) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366 for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
|
|
|
|
69359
|
Fri Apr 30 07:27:31 2021 |
 | Faith | faithlessangel85@gmail.com | Bug report | Linux | V3.1.2 | [Bug?] Admin restrict edit time | I would like to know, if the command "Admin restrict edit time = " does really work as intended.
In my case I have the following global configuration:
Admin user = <me>
Restrict edit = 1
Restrict edit time = 1
Admin restrict edit time = 10000
And every time, when I want to edit an entry (as admin), that is older than 1 hour, i get the following error message:
"Entry can only be edited 1 hours after creation"
|
|
69363
|
Tue May 4 14:45:47 2021 |
| Faith | faithlessangel85@gmail.com | Bug report | Linux | 3.1.2 | Bug: "Append on edit" triggers too often | The command "Append on edit = " is getting executed everytime, when a dropdown menu is changed. This happens even at the first creation of an entry, so the append text stucks up multiple times in the text body. |
|
69364
|
Tue May 4 15:24:56 2021 |
| Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | 3.1.2 | Re: Bug: "Append on edit" triggers too often | I can confirm the issue also for "prepend on edit".
To be more precise, it gets executed everytime the condition state changes, if placed in the config without condition, or if placed in a condition, everytime the condition gets activated.
| Faith wrote: |
|
The command "Append on edit = " is getting executed everytime, when a dropdown menu is changed. This happens even at the first creation of an entry, so the append text stucks up multiple times in the text body.
|
|
|
69369
|
Mon Jun 14 16:15:10 2021 |
 | Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | Windows | Mac OSX | All | Other | 3.1.4 | Additional forbidden attributes | Hello Stefan,
I stubbled on a issue with our elog.
We introduced an attribute "mode" to one of the elogs and it breaks the "Find" function as this attribute is already used for the viewing settings "full", "summary" and "threaded".
(HTTP parameter pollution)
I suspect other special attributes used by the internals of elog should also not be allowed.
A quick search in the "Find" reveals these attributes in the URL, so I guess, these should also be avoided.
This list could be incomplete
npp, ma, da, ya, mb, db, yb, attach, reverse, mode
A simple workaround would be updating the documentation to add these to the list of forbidden attributes.
https://elog.psi.ch/elog/config.html
Maybe a warning can be added, if the elog behaves unexpected, try other attribute names, as they can conflict with internal attributes.
A fix could be to add a prefix for internal attributes, which can't be used for user attributes.
Best wishes,
Sebastian
PS: I also noticed using the "Find" command, the generated URL contains 2 reverse attributes like "reverse=0&reverse=1" |
|