Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 766 of 808  Not logged in ELOG logo
 Find |  Login |  Help 
 Full | Summary | Threaded | Collapse | Expand  Show only new entries    6460 Entries 
Goto page Previous  1, 2, 3 ... 765, 766, 767 ... 806, 807, 808   Next  
icon4.gif   More adventures with SSL, posted by Chuck Brost on Thu Jul 22 16:59:00 2010 

Stefan,

Everything has been working great since we last spoke (Version 2.7.8), until InfoSec decided to change how the Certs were created.  Now they come with a little bit of code in the .key file before the Hash.. when I put the new .CRT and .KEY in the SSL folder I am asked on starting Elogd to provide a "PEM PassPhrase".  As you can expect, if you do not enter one, or the incorrect one, it does not just turn off SSL, it exits the program.  The key begins like this in the new versions:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,ACF4A8B263EAA51D

(that little encode piece on the end is not the actual one in the key.  I am assuming it is a passphrase key so it will know what the right passphrase is that should be entered.

We are assuming that this is the "Install password" they have set up to use to install the certs on all of the IIS servers we have.  If that is indeed the case.. Does elog save this passphrase somewhere?  does Elog save it in the registry? does it save it encrypted? Or with access security permissions set on the keys?  I have a feeling that the answer to most of this is probably "no", but to know where we go from here, that is the place to start.

Thanks

Chuck

    icon5.gif   Re: Post appearing twice, posted by Bertram Metz on Thu Sep 27 15:18:10 2007 
I've observed the same behavior with attributes containing a dash. Would it be possible to allow '-' in attributes?

Bertram
icon5.gif   elogd.cfg for this forum, posted by Bertram Metz on Tue Nov 24 10:38:26 2009  
Hi Stefan,

I'm interested in the current configuration file for this discussion forum. Could you please post it to the
'config examples' logbook?

Thanks,
Bertram
    icon2.gif   Re: elogd.cfg for this forum, posted by Bertram Metz on Thu Nov 26 13:12:23 2009 elogd.cfg 
> Hi Stefan,
> 
> I'm interested in the current configuration file for this discussion forum. Could you please post it to the
> 'config examples' logbook?
> 
> Thanks,
> Bertram

Sure, here it is!
icon5.gif   Invalid URL for groups beneath top groups in overview page, posted by Bertram Metz on Mon Mar 15 09:29:11 2010 elogd.cfg

Hi,

I'm trying to implement top groups and started with the sample configuration shown in the 'Syntax of elogd.cfg' chapter of the documentation. But now I'm facing a problem with the links in the logbook selection page.

Here's my group configuration:

Group Linux PCs = Red Hat, Debian, Mandrake
Group Windows PCs = NT, XP

Top group engineering = Linux PCs, Windows PCs
Top group administration = Employees, Purchases
Show top groups = 1
 

The selection page for the top groups is displayed correctly, but the URL for the groups beneath the top group is incorrect. The URL for the Linux PCs group for instance is http://localhost:8080/engineering/engineering/ . The URLs for the logbooks within the Linux PCs groups is correct (e.g. http://localhost:8080/Debian/)

Has anybody an idea what's going wrong in y configuration?

Bertram

    icon14.gif   Re: Invalid URL for groups beneath top groups in overview page, posted by Bertram Metz on Mon Mar 15 13:20:17 2010 

Stefan Ritt wrote:

Bertram Metz wrote:

Hi,

I'm trying to implement top groups and started with the sample configuration shown in the 'Syntax of elogd.cfg' chapter of the documentation. But now I'm facing a problem with the links in the logbook selection page.

Here's my group configuration:

Group Linux PCs = Red Hat, Debian, Mandrake
Group Windows PCs = NT, XP

Top group engineering = Linux PCs, Windows PCs
Top group administration = Employees, Purchases
Show top groups = 1
 

The selection page for the top groups is displayed correctly, but the URL for the groups beneath the top group is incorrect. The URL for the Linux PCs group for instance is http://localhost:8080/engineering/engineering/ . The URLs for the logbooks within the Linux PCs groups is correct (e.g. http://localhost:8080/Debian/)

Has anybody an idea what's going wrong in y configuration?

Bertram

Thanks for reporting this bug. I fixed it in the intermediate release 278-4 which is ready for download. 

 Thanks for the quick bug fix.

Bertram

icon4.gif   Webserver authentication may cause redirect loop, posted by Arjan Hulsbosch on Thu Jan 23 11:32:05 2025 

If

  1. Elog is configured to use webserver authentication, and
  2. the user reported by the webserver does not exist in the password file, and
  3. the "Guest Menu commands" configuration is set in "elogd.cfg", and
  4. a logbook is accessed,

then Elog returns with a redirect (302) to the logbook itself, causing the loop.

The fix here is to remove the "Guest Menu commands" configuration from "elogd.cfg".

Source code location: https://bitbucket.org/ritt/elog/src/30ada1df634529c8011c27275c52a05b01b7b3d6/src/elogd.cxx#lines-27599

icon4.gif   Compile issues on Fedora withe current elog source, posted by Allen Tuttle on Tue Sep 11 19:46:40 2018 

Tried compiling on FC27 and 28, both result in binaries but with serious issues; writing data larger than then allowed.
Example output:

make 
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -c -o mxml.o mxml/mxml.c
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -w -c -o crypt.o src/crypt.c
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -w -c -o regex.o src/regex.c
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -c -o strlcpy.o mxml/strlcpy.c
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -o elog src/elog.c mxml.o crypt.o regex.o strlcpy.o -lssl
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -w -c -o auth.o src/auth.c
gcc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Imxml -DHAVE_SSL -o elogd src/elogd.c auth.o mxml.o crypt.o regex.o strlcpy.o -lssl
src/elogd.c: In function ‘el_retrieve’:
src/elogd.c:4503:26: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                          ^~
src/elogd.c:4503:4: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_retrieve_attachment.part.30’:
src/elogd.c:4764:26: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                          ^~
src/elogd.c:4764:4: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_submit.constprop’:
src/elogd.c:4894:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
       sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                             ^~
src/elogd.c:4894:7: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
       sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_submit’:
src/elogd.c:4894:29: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
       sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                             ^~
src/elogd.c:4894:7: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
       sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_retrieve.constprop’:
src/elogd.c:4503:26: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                          ^~
src/elogd.c:4503:4: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_retrieve.constprop’:
src/elogd.c:4503:26: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                          ^~
src/elogd.c:4503:4: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘el_retrieve.constprop’:
src/elogd.c:4503:26: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                          ^~
src/elogd.c:4503:4: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
    sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘show_download_page’:
src/elogd.c:14775:32: warning: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 256 [-Wformat-overflow=]
          sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
                                ^~
src/elogd.c:14775:10: note: ‘sprintf’ output between 1 and 542 bytes into a destination of size 256
          sprintf(file_name, "%s%s%s", lbs->data_dir, lbs->el_index[index].subdir, lbs->el_index[index].file_name);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/elogd.c: In function ‘search_last_reply’:
.
.
.

Anyone aware of a cure?

Goto page Previous  1, 2, 3 ... 765, 766, 767 ... 806, 807, 808   Next  
ELOG V3.1.5-3fb85fa6