| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69160
|
Thu Jun 11 08:23:01 2020 |
 | Hisataka YOSHIDA | hisataka@rcnp.osaka-u.ac.jp | Bug report | Linux | 3.1.4-2 | Re: SSL does not work | Dear Stefan,
Thank you for your comment. I successfuly compiled the latest elog from source code, and now elogd could work with SSL.
In fact, I reported the case of installation with rpm file. Maybe, the latest elog rpm doesn't support SSL, I guess.
The installtion with rpm file is easier to build the common environment, so I hope the next rpm will support the SSL.
best regards,
Hisataka YOSHIDA
| Stefan Ritt wrote: |
|
When you compile elog from the soruces, you need the OpenSSL library to be installed. The CMake build process will then find it and include it in the compile process. When you use the "make" build process, you have to make sure that SSL is enabled there:
USE_SSL = 1
To install the OpenSSL library, you can do on most systems something like "sudo yum install openssl-dev" or "sudo apt-get install openssl-dev"
/Stefan
| Hisataka YOSHIDA wrote: |
|
Hello.
I installed the latest elog (3.1.4-2) in CentOS 7, and it is working well without SSL.
When I enalbled SSL option (SSL = 1) in the "elogd.cfg", and tried to start the elogd, the message below was shown and failed to run.
SSL support not compiled into elogd
If I switched the elog to older one (3.1.4-1), I could successeed to run the elogd with SSL option.
Is there any other option required in the latest elog to run with SSL? Or is this bug in the latest version?
Thank you,
Hisataka YOSHIDA
|
|
|
|
69192
|
Tue Aug 4 13:29:23 2020 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.4-2 | Re: "New User" option does not work when Authentication=Webserver | Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.
Stefan
| Jan Just Keijser wrote: |
|
Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config" and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:
int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
admin_user[80], url[256], error[2000], sid[32];
int i, self_register, code, first_user;
PMXML_NODE node, subnode, npwd;
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
if (stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
strencode2(user_enc, user, sizeof(user_enc));
}
which seems to be the culprit: the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in. If I remove the "Authentication" check then I can create a new user without problems. So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?
|
|
|
69205
|
Wed Aug 26 20:41:50 2020 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.4-2 | Re: SSL does not work | Today I succeeded with the help of L.JR to produce a new RPM which contains SSL, KRB5, PAM and LDAP support. It's uploaded to https://elog.psi.ch/elog/download/RPMS/elog-3.1.4-2.el7.x86_64.rpm
| Hisataka YOSHIDA wrote: |
|
Dear Stefan,
Thank you for your comment. I successfuly compiled the latest elog from source code, and now elogd could work with SSL.
In fact, I reported the case of installation with rpm file. Maybe, the latest elog rpm doesn't support SSL, I guess.
The installtion with rpm file is easier to build the common environment, so I hope the next rpm will support the SSL.
best regards,
Hisataka YOSHIDA
| Stefan Ritt wrote: |
|
When you compile elog from the soruces, you need the OpenSSL library to be installed. The CMake build process will then find it and include it in the compile process. When you use the "make" build process, you have to make sure that SSL is enabled there:
USE_SSL = 1
To install the OpenSSL library, you can do on most systems something like "sudo yum install openssl-dev" or "sudo apt-get install openssl-dev"
/Stefan
| Hisataka YOSHIDA wrote: |
|
Hello.
I installed the latest elog (3.1.4-2) in CentOS 7, and it is working well without SSL.
When I enalbled SSL option (SSL = 1) in the "elogd.cfg", and tried to start the elogd, the message below was shown and failed to run.
SSL support not compiled into elogd
If I switched the elog to older one (3.1.4-1), I could successeed to run the elogd with SSL option.
Is there any other option required in the latest elog to run with SSL? Or is this bug in the latest version?
Thank you,
Hisataka YOSHIDA
|
|
|
|
|
69238
|
Tue Oct 20 16:05:40 2020 |
 | Bruno Schuler | bruno.schuler@empa.ch | Question | Windows | 3.1.4-2 | Upload attachment with py_elog | Hello,
How can one add an attachment to a new or existing entry with py_elog?
E.g. if I want to upload an image.
Thanks for the help! |
|
69300
|
Thu Feb 18 09:14:28 2021 |
| Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Bug report | Linux | 3.1.4-2 | elog server go to high CPU and hangs | Dear expert,
I'm running the latest git version of elog ELOG V3.1.4-395e101a on ubuntu 20.04.2.
I'm experiencing frequent hangs of the elog server: the status is always reported as running, but the web server is not responding.
The only hint I have of something strange is that the elogd process is using a lot of CPU (50-100%), the log do not show anything suspect
as far as I can see.
Has anyone experienced something similar or has any idea how can I start to debug the problem?
Sorry for lack of many information, but I don't know what to look at.
Thanks in advance
Stefano |
|
69301
|
Thu Feb 18 12:05:52 2021 |
| David Pilgram | David.Pilgram@epost.org.uk | Bug report | Linux | 3.1.4-2 | Re: elog server go to high CPU and hangs | Dear Stefano,
Try the entry I wrote some time ago elog:68655
David.
> Dear expert,
> I'm running the latest git version of elog ELOG V3.1.4-395e101a on ubuntu 20.04.2.
> I'm experiencing frequent hangs of the elog server: the status is always reported as running, but the web server is not responding.
> The only hint I have of something strange is that the elogd process is using a lot of CPU (50-100%), the log do not show anything suspect
> as far as I can see.
>
> Has anyone experienced something similar or has any idea how can I start to debug the problem?
>
> Sorry for lack of many information, but I don't know what to look at.
>
> Thanks in advance
> Stefano |
|
69302
|
Thu Feb 18 12:06:12 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.4-2 | Re: elog server go to high CPU and hangs | Usually a restart of the elogd server helps. If the problem persists, one of the logbooks might be corrupt. Try to disable one logbook at a time to figure out which one it is. Then
remove that one and set it up freshly.
Stefan |
|
69387
|
Wed Aug 18 09:05:51 2021 |
| Jan Just Keijser | janjust@nikhef.nl | Bug report | Linux | 3.1.4-2 | Re: "New User" option does not work when Authentication=Webserver | here's the patch that I use to enable use creation and deletion in combination with Webserver authentication.
The idea behind the patch is that if the user logged in via "http_user" is an elog admin, then {s}he is allowed to save a random user configuration, including creating or deleting a user.
| Stefan Ritt wrote: |
|
Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.
Stefan
| Jan Just Keijser wrote: |
|
Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config" and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:
int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
admin_user[80], url[256], error[2000], sid[32];
int i, self_register, code, first_user;
PMXML_NODE node, subnode, npwd;
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
if (stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
strencode2(user_enc, user, sizeof(user_enc));
}
which seems to be the culprit: the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in. If I remove the "Authentication" check then I can create a new user without problems. So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?
|
|
|
| Attachment 1: elog-webauth.patch
|
diff -Naur elog-3.1.4-3.org/src/elogd.c elog-3.1.4-3/src/elogd.c
--- elog-3.1.4-3.org/src/elogd.c 2021-02-19 09:55:03.000000000 +0100
+++ elog-3.1.4-3/src/elogd.c 2021-08-17 17:26:06.492232620 +0200
@@ -13273,7 +13273,7 @@
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if (stristr(str, "Webserver")) {
+ if (!is_admin_user(lbs, http_user) && stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
@@ -26139,6 +26139,8 @@
}
/* make sure user is logged in */
+ if (strcmp(user, http_user) == 0)
+ return TRUE;
if (lbs && !logged_in(lbs))
return FALSE;
|
|