I fixed these as well, please have a look again. BTW, midas had a few of these as well.

Stefan

> I fixed these as well, please have a look again. BTW, midas had a few of these as well.

confirmed. elog commit d828aa58305ee8ce2ae882c0ff3c34cfa66650e5

K.O.

Hi Stefan,

I've seen that ELOG is build now with gcc-c++ now, so i tried to check rpmbuild script with all options. It seems that ldap api is different with c++ (quick search : https://www.openldap.org/lists/openldap-software/200706/msg00177.html) and elogd can not been build anymore with ldap support. :-(

# make
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o mxml.o mxml/mxml.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o crypt.o src/crypt.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o strlcpy.o mxml/strlcpy.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -o elog src/elog.cxx mxml.o crypt.o strlcpy.o -lssl -lkrb5 -lldap -llber -lpam -llber
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o auth.o src/auth.cxx
src/auth.cxx: In function ‘int auth_verify_password_ldap(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:283:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:290:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:295:23: erreur: ‘ldap_unbind’ was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function ‘int ldap_adduser_file(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:323:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
    bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
                                                            ^
src/auth.cxx:330:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:358:26: erreur: ‘ldap_unbind’ was not declared in this scope
       ldap_unbind(ldap_ld);
                          ^
src/auth.cxx:369:62: erreur: ‘ldap_get_values’ was not declared in this scope
          if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
                                                              ^
src/auth.cxx:378:35: erreur: ‘ldap_value_free’ was not declared in this scope
             ldap_value_free(values);
                                   ^
src/auth.cxx:386:23: erreur: ‘ldap_unbind’ was not declared in this scope
    ldap_unbind(ldap_ld);
                       ^
src/auth.cxx: In function ‘int elog_conv(int, const pam_message**, pam_response**, void*)’:
src/auth.cxx:451:59: erreur: invalid conversion from ‘void*’ to ‘pam_response*’ [-fpermissive]
    if((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL)
                                                           ^
src/auth.cxx:456:33: erreur: invalid conversion from ‘void*’ to ‘const char*’ [-fpermissive]
    if(!(resptok = strdup(my_data))) {
                                 ^
In file included from src/elogd.h:46:0,
                 from src/auth.cxx:30:
/usr/include/string.h:172:14: erreur:   initializing argument 1 of ‘char* strdup(const char*)’ [-fpermissive]
 extern char *strdup (const char *__s)
              ^
src/auth.cxx: In function ‘int auth_verify_password(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:593:73: erreur: invalid conversion from ‘const char*’ to ‘char*’ [-fpermissive]
          if (get_user_line(lbs, user, NULL, NULL, NULL, NULL, NULL, NULL) == 2) {
                                                                         ^
In file included from src/auth.cxx:30:0:
src/elogd.h:282:5: erreur:   initializing argument 2 of ‘int get_user_line(LOGBOOK*, char*, char*, char*, char*, BOOL*, time_t*, int*)’ [-fpermissive]
 int get_user_line(LOGBOOK * lbs, char *user, char *password, char *full_name, char *email,
     ^
make: *** [auth.o] Erreur 1
 

Regards,

Laurent

Something is not right with the elog account activation, I get the email
for "Registration request for ELOG logbook "haicu"", but when I follow the given URL,
I get "Invalid activation code". Account activation requests go to two people,
so maybe the other one already activate this user, in which case I expect a message "user already active".
When I check the elog config, I see that the user indeed is already active. And if I rerun
this URL I still get "Invalid activation code", and this time I definitely expect "user already active".

https://daq00.triumf.ca/elog-haicu/haicu/?cmd=Activate&new_user_name=fujiwara&code=-1904103410&unm=Olchansk

K.O.

we had an elog with only one logbook and one password file,
we added a second logbook with a second password file and everything broke.

specifically, login to the original logbook stopped working,
username and password is accepted, elog.log says "user accepted", but I am presented
with the login dialog again, ad infinitum, and cannot access the elog.

solution seems to be to "delete all cookies" (which is excessive,
google chrome wants to delete all cookies for *.triumf.ca,
which will log me out from everywhere I am logged in and probably
erase/reset web site preferences everywhere).

manually deleting just the elog session cookie also seems to work, though.

this suggests that there is a bug in elog, where on successful login,
it fails to create a new authentication cookie, but reuses an old
cookie, which is no longer valid, for whatever reason (that would
be a different bug, why adding one more logbook invalidates
existing logins?).

K.O.

> Something is not right with the elog account activation...

I did a test:
- register as new user "test", web page says "request for approval sent..." (good)
- check elog config, user "test" is present, "active" set to "no" (good)
- open the "approve/activate" URL, get "Invalid activation code" (should say: "activated successfully!")
- check elog config, user "test" now has "active" set to "yes" (good, "approve/activate" URL worked)
- open the "approve/activate" URL again, again "Invalid activation code" (should say: "already activated!")

additional test:
- from the elog config, user "test", set active to "no", save.
- open the "approve/activate" URL, get "Invalid activation code" (good, this time)
- check elog config, user "test" is still inactive (good)

So it looks like the "approve/activate" URL works correctly - only the first time it is accessed - but
returns wrong message "invalid activation code" instead of "success".

K.O.
 

"file not found" should return http code 404. elogd returns code 200 together
with a page containing text "404 not found". This pollutes the browser cache
with wrong content (in this case, we are trying to load a css file, and the browser
is trying to use text "404 not found" as if it were a css. bad. file not found
should return http code 404. K.O.

in example below, response "HTTP/1.1 200 Document follows" should be "HTTP/1.1 404 ..."

to reproduce, through the https proxy:

daq00:~$ curl -v https://daq00.triumf.ca/elog-midas/Midas/zzz.css
*   Trying 142.90.111.168:443...
...
> GET /elog-midas/Midas/zzz.css HTTP/1.1
...
< HTTP/1.1 200 Document follows
< Date: Thu, 17 Mar 2022 23:40:04 GMT
< Server: ELOG HTTP 3.1.4-2e1708b5
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Content-Type: text/html;charset=ISO-8859-1
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
< 
<!DOCTYPE html>
<html><head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<title>404 Not Found</title>
<link rel="stylesheet" type="text/css" href="elog.css">
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
</head>
<body><h1>404 Not Found</h1>
The requested file <b>zzz.css</b> was not found on this server<p>
* Connection #0 to host daq00.triumf.ca left intact
daq00:~$ 

directly:

daq00:~$ curl -v http://localhost:9080/Midas/zzz.css
*   Trying 127.0.0.1:9080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9080 (#0)
> GET /Midas/zzz.css HTTP/1.1
> Host: localhost:9080
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 Document follows
< Server: ELOG HTTP 3.1.4-2e1708b5
< Content-Type: text/html;charset=ISO-8859-1
< Connection: Close
< 
<!DOCTYPE html>
<html><head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW">
<title>404 Not Found</title>
<link rel="stylesheet" type="text/css" href="elog.css">
<link rel="shortcut icon" href="favicon.ico" />
<link rel="icon" href="favicon.png" type="image/png" />
</head>
<body><h1>404 Not Found</h1>
The requested file <b>zzz.css</b> was not found on this server<p>
* Closing connection 0
daq00:~$ 

Hi,
  I'm running 
elogd 3.1.4 built Jan 27 2021, 09:56:34 revision 395e101a
on an ubuntu server.

I have a crash when very long filename (200 chars) are attached to an logbook entry.

The uploading of the attachment works almost fine: the filename is truncated and the convert to thumbnail is not working (as a consequence, maybe) but the file is actually uploaded and can be 
downloaded correctly from the entry itself.

However, if I try to access the logbook list which contains that entry, I have a crash:

*** buffer overflow detected ***: terminated
Aborted (core dumped)

[backtrace is attached below]

The only way I found to solve this is to edit manually the log entry and delete the attachment from it.

Any suggestion how to solve this?

Thanks
  Stefano


*** buffer overflow detected ***: terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bp
Undefined command: "bp".  Try "help".
(gdb) backtrace 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7cf4859 in __GI_abort () at abort.c:79
#2  0x00007ffff7d5f29e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff7e8908f "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff7e01aea in __GI___fortify_fail (msg=msg@entry=0x7ffff7e89025 "buffer overflow detected") at fortify_fail.c:26
#4  0x00007ffff7e00386 in __GI___chk_fail () at chk_fail.c:28
#5  0x00007ffff7d5707f in _IO_str_chk_overflow (fp=<optimized out>, c=<optimized out>) at iovsprintf.c:35
#6  0x00007ffff7d64054 in __GI__IO_default_xsputn (n=<optimized out>, data=<optimized out>, f=<optimized out>) at libioP.h:948
#7  __GI__IO_default_xsputn (f=0x7ffffff36ca0, data=<optimized out>, n=241) at genops.c:370
#8  0x00007ffff7d4912c in __vfprintf_internal (s=s@entry=0x7ffffff36ca0, format=format@entry=0x555555622e74 "../%s/%s/%s", ap=ap@entry=0x7ffffff36de0, mode_flags=mode_flags@entry=6)
    at ../libio/libioP.h:948
#9  0x00007ffff7d57129 in __vsprintf_internal (
    string=0x7ffffff37120 
"../DAQ/220325_090630/j5K1OSy8XN9FRPriaBGOmMg3bih07CQKo68Sw6dskclxdOqKaTOsf2bX8UugSWn0s8zaAHe6VWiPcQVnmD8PM1tbQoVMr08dBrXKU2X2tBR4pJ3hlfxbKjspmcbiDTMy32eHIp6lFAVA9lppShmpiut4g4CtgDK3F2bOPzgzXEjPw
W0SJWG"..., maxlen=<optimized out>, format=0x555555622e74 "../%s/%s/%s", args=args@entry=0x7ffffff36de0, mode_flags=6) at iovsprintf.c:95
#10 0x00007ffff7dffe7b in ___sprintf_chk (s=<optimized out>, flag=<optimized out>, slen=<optimized out>, format=<optimized out>) at sprintf_chk.c:40
#11 0x00005555555a939d in display_line ()
#12 0x00005555555ddc8a in show_elog_list ()
#13 0x00005555556010cf in interprete ()
#14 0x0000555555601a33 in decode_get ()
#15 0x000055555560461f in process_http_request ()
#16 0x0000555555607745 in server_loop ()
#17 0x000055555555a92c in main ()