| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69358
|
Wed Apr 28 04:01:49 2021 |
 | gary holman | holman@uw.edu | Bug report | Linux | ELOG V3.1.4-611 | Re: segfault in auth.c:366 | Dear Mr Ritt, Mr Schenk,
Thank you for the responses. This was indeed my issue and direction to fix the crash.
Thank you,
Gary
| Sebastian Schenk wrote: |
|
Hi Mr. Holman,
The problem you are facing is more likely the issue, that the LDAP method is only provided as-is from a different developer.
I had a similar issue with the LDAP of my university.
I can't remember the correct error messages, but it looks similar, which arises from the used c library for LDAP.
The LDAP connection response can have 2 different variable types and only one of them is implemented in the elog, the other one crashes the elog with segfault.
I could fix it with this patch:
https://bitbucket.org/merrx/elog/commits/5a75fdb3e0b723380dae73bb57653946ed72690c
Obviously you have to adapt "displayName" and "postOfficeBox" to represent the name and email attributes of your LDAP structure.
I didn't made a PR for this commit, because it would break the current LDAP implementation, i assume.
Best wishes,
Sebastian
| gary holman wrote: |
|
Elog version: ELOG V3.1.4-611489ba
I am running openldap on the localhost. For some reason now, elogd is segfaulting when (I believe) when a new user is being added to the password file. For example:
1. I delete user passord file defined in elogd.cfg
2. Bind/Authenticate to LDAP successfully
3. Segfaults in auth.c ldap_adduser_file()
Makefile:
...
ELOGDIR = /opt/elog
DESTDIR = $(ROOT)$(PREFIX)/bin
SDESTDIR = $(ROOT)$(PREFIX)/sbin
RCDIR = $(ROOT)/etc/rc.d/init.d
SRVDIR = $(ROOT)/usr/lib/systemd/system
# flag for SSL support
USE_SSL = 1
# flag for Kerberos support, please turn off if you don't need Kerberos
USE_KRB5 = 0
# flag for LDAP support, please turn off if you don't need LDAP
USE_LDAP = 1# flag for PAM support, please turn of if you don't need PAM
USE_PAM = 0
...
For authentication, I am using openldap in the localhost:
----
Authentication = LDAP
LDAP server = ldap://localhost:389
LDAP userbase = ou=people,dc=example,dc=org
LDAP login attribute = uid
LDAP register = 1
Password file = /opt/elog/users
gdb output
----------
(gdb) run -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/ubuntu/UPGRADE-42221/work-src/elog/elogd -s /opt/elog -c /opt/elog/elogd.cfg -f /var/run/elog/elog.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
elogd 3.1.4 built Apr 22 2021, 19:19:39 revision 611489ba
File "/var/run/elog/elog.pid" exists, overwriting it.
CKeditor detected
ImageMagick detected
Indexing logbooks ... done
Server listening on port 9011 ...
Breakpoint 1, ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=0x7ffffffd53d0 "", error_size=<optimized out>) at src/auth.c:350
350 if (rc != LDAP_SUCCESS) {
(gdb) n
337 rc = ldap_search_ext_s(
(gdb) n
350 if (rc != LDAP_SUCCESS) {
(gdb) n
358 for(entry = ldap_first_entry(ldap_ld,result);
(gdb) n
371 if(strcmp(attribute,"mail")==0 || strcmp(attribute,"rfc822Mailbox")==0)
(gdb) n
361 for(attribute = ldap_first_attribute(ldap_ld,entry,&ber);
(gdb) n
365 if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
(gdb) n
366 for(i=0; values[i] != NULL; i++) {
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
ldap_adduser_file (lbs=0x555556811ad8, user=0x7ffffffd3bd0 "testuser", password=0x5555558ea110 <_value+6000> "testuser", error_str=<optimized out>, error_size=<optimized out>) at src/auth.c:366
366 for(i=0; values[i] != NULL; i++) {
(gdb) p attribute
$1 = 0x5555567f6a20 "uid"
(gdb) p values
$2 = (char **) 0x567f74f0
This user in LDAP:
-------------------------
# TESTUSER, people, example.org
dn: uid=TESTUSER,ou=people,dc=example,dc=org
uid: TESTUSER
cn: TESTUSER
givenName: TESTUSER
sn:: VEVTVFVTRVIg
mail: TESTUSER
uidNumber: 10000
gidNumber: 10000
homeDirectory: /dev/null
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
userPassword:: e1NTSEF9Y21ua1lsdFpMZ3ZrZlZ4OUp3MFN3cUY3NWIzdkFCSWY=
|
|
|
|
69359
|
Fri Apr 30 07:27:31 2021 |
 | Faith | faithlessangel85@gmail.com | Bug report | Linux | V3.1.2 | [Bug?] Admin restrict edit time | I would like to know, if the command "Admin restrict edit time = " does really work as intended.
In my case I have the following global configuration:
Admin user = <me>
Restrict edit = 1
Restrict edit time = 1
Admin restrict edit time = 10000
And every time, when I want to edit an entry (as admin), that is older than 1 hour, i get the following error message:
"Entry can only be edited 1 hours after creation"
|
|
69363
|
Tue May 4 14:45:47 2021 |
| Faith | faithlessangel85@gmail.com | Bug report | Linux | 3.1.2 | Bug: "Append on edit" triggers too often | The command "Append on edit = " is getting executed everytime, when a dropdown menu is changed. This happens even at the first creation of an entry, so the append text stucks up multiple times in the text body. |
|
69364
|
Tue May 4 15:24:56 2021 |
| Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | 3.1.2 | Re: Bug: "Append on edit" triggers too often | I can confirm the issue also for "prepend on edit".
To be more precise, it gets executed everytime the condition state changes, if placed in the config without condition, or if placed in a condition, everytime the condition gets activated.
| Faith wrote: |
|
The command "Append on edit = " is getting executed everytime, when a dropdown menu is changed. This happens even at the first creation of an entry, so the append text stucks up multiple times in the text body.
|
|
|
69369
|
Mon Jun 14 16:15:10 2021 |
 | Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | Linux | Windows | Mac OSX | All | Other | 3.1.4 | Additional forbidden attributes | Hello Stefan,
I stubbled on a issue with our elog.
We introduced an attribute "mode" to one of the elogs and it breaks the "Find" function as this attribute is already used for the viewing settings "full", "summary" and "threaded".
(HTTP parameter pollution)
I suspect other special attributes used by the internals of elog should also not be allowed.
A quick search in the "Find" reveals these attributes in the URL, so I guess, these should also be avoided.
This list could be incomplete
npp, ma, da, ya, mb, db, yb, attach, reverse, mode
A simple workaround would be updating the documentation to add these to the list of forbidden attributes.
https://elog.psi.ch/elog/config.html
Maybe a warning can be added, if the elog behaves unexpected, try other attribute names, as they can conflict with internal attributes.
A fix could be to add a prefix for internal attributes, which can't be used for user attributes.
Best wishes,
Sebastian
PS: I also noticed using the "Find" command, the generated URL contains 2 reverse attributes like "reverse=0&reverse=1" |
|
69370
|
Mon Jun 14 17:25:02 2021 |
 | Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | All | V3.1.4 | Bug Report with CSS includes (was Re: How to format a column in list display?) | Okay, found some solution for my problem:
List Change Pikett = <div class="pikett">$Pikett</div>
CSS=pikett.css
And file themes/default/pikett.css contains:
.pikett {
background-color:white;
font-size:16px;
font-family:monospace;
text-align:left;
}
That works like a charm - until I log in to the logbook. Then the include of the CSS in the header is garbled with some "prefix" of random chars:
And a quick check in the source code shows some bad code:
L7615: function "show_html_header"
rsprintf("<link rel=\"stylesheet\" type=\"text/css\" href=\"%s%s\">\n", css_base, css);
Here css_base is a not initialized local variable of the function. In fact the above line is the only reference of that variable char css_base[1000].
The bug is still present in elog-3.1.4-611489b
| Andreas Luedeke wrote: |
|
There is the nice conditional formatting feature for List display:
Cell Style <attribute> <value> = <style>
I would like to use it without conditions: some attributes should always be formatted in a specific way.
Specifically I want a generated attribute (combined from other attributes) to be display in monospace font.
The "Format Pikett = 0, attribname, messagelist" works nicely for the single entry display (pik1), but not for List view (pik-list).
Would it be possible to create a new command "List format <attribute> = <css_class_name>,<css_class_value>,<width>,<size>", or is there another way to achieve this?
|
|
|
69372
|
Mon Jun 14 18:51:59 2021 |
| Sebastian Schenk | sebastian.schenk@physik.uni-halle.de | Bug report | All | V3.1.4 | Bug Report with CSS includes (was Re: How to format a column in list display?) | Hi Andreas,
the bug you have found was already reported in an earlier issue, together with the same solution you have found.
https://elog.psi.ch/elogs/Forum/69368
Best wishes,
Sebastian
| Andreas Luedeke wrote: |
| [...]
That works like a charm - until I log in to the logbook. Then the include of the CSS in the header is garbled with some "prefix" of random chars:
And a quick check in the source code shows some bad code:
L7615: function "show_html_header"
rsprintf("<link rel=\"stylesheet\" type=\"text/css\" href=\"%s%s\">\n", css_base, css);
Here css_base is a not initialized local variable of the function. In fact the above line is the only reference of that variable char css_base[1000].
The bug is still present in elog-3.1.4-611489b
|
|
|
69387
|
Wed Aug 18 09:05:51 2021 |
| Jan Just Keijser | janjust@nikhef.nl | Bug report | Linux | 3.1.4-2 | Re: "New User" option does not work when Authentication=Webserver | here's the patch that I use to enable use creation and deletion in combination with Webserver authentication.
The idea behind the patch is that if the user logged in via "http_user" is an elog admin, then {s}he is allowed to save a random user configuration, including creating or deleting a user.
| Stefan Ritt wrote: |
|
Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.
Stefan
| Jan Just Keijser wrote: |
|
Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config" and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:
int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
admin_user[80], url[256], error[2000], sid[32];
int i, self_register, code, first_user;
PMXML_NODE node, subnode, npwd;
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
if (stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
strencode2(user_enc, user, sizeof(user_enc));
}
which seems to be the culprit: the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in. If I remove the "Authentication" check then I can create a new user without problems. So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?
|
|
|
| Attachment 1: elog-webauth.patch
|
diff -Naur elog-3.1.4-3.org/src/elogd.c elog-3.1.4-3/src/elogd.c
--- elog-3.1.4-3.org/src/elogd.c 2021-02-19 09:55:03.000000000 +0100
+++ elog-3.1.4-3/src/elogd.c 2021-08-17 17:26:06.492232620 +0200
@@ -13273,7 +13273,7 @@
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if (stristr(str, "Webserver")) {
+ if (!is_admin_user(lbs, http_user) && stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
@@ -26139,6 +26139,8 @@
}
/* make sure user is logged in */
+ if (strcmp(user, http_user) == 0)
+ return TRUE;
if (lbs && !logged_in(lbs))
return FALSE;
|
|