Re: Elogd crashes on search, posted by Laurent Jean-Rigaud on Fri Feb 21 14:42:25 2020
|
Thanks to you, Stefan !
You software is very usefull for us and it's nice to have support.
Have a nice day !
| Stefan Ritt wrote: |
|
Thanks for the detailed investiations and report. Finally I could reproduce the problem by having messages with a text body size close to 250000 bytes (some internal limit). Never thought that someone really has the patience to write 250'000 chars in a single message, but I guess you did some copy/paste from a large file. Thought in such cases people use attachments. Nevertheless, I fixed an internal memory allocation problem, now it shoudl be fine to have such large messages. Change is committed.
Stefan
| Laurent Jean-Rigaud wrote: |
|
Stefan,
I cut the log in two parts w/o modifying the content and the search runs. It seems that the size of this entrie 426 is closed to a limit (as during testing, i met a message after clicking save to recompile elog to increase a size of something), so it could be the problem.
I reduced the entrie size by extracting the last part in a new entrie and it seems to be OK.
The old size was 250099 bytes. New size is 240084.
I hope this will be OK.
Regards
|
|
|
Re: bug in elog.spec, posted by Laurent Jean-Rigaud on Mon Jul 6 20:19:21 2020 
|
Hi,
You rights, CFLAGS should not be in specfile to take care of distrib env.
Btw, I sent in the past an update for build process of Stefan delivery to generate src.rpm file copatible to tarball version. I think Stefan did not have time yet to test and to check.
With the enclosed SPEC file, you can build ELOG with options at rpmbulld command w/o modifying sources. For exemple,
rpm -i elog-.....src.rpm
rpmbuild -bb --with ssl --with pam --with ldap --with krb5 ~/rpmbuild/SPECS/elog.spec
I enclosed also the SRPMS i used for my projects. Be careful, It's maybe not uptodate of last GIT version or PSI releases... but you can test it on your RPM distrib. It should be nice to hare your feedback.
Bye,
Laurent
| Janusz Szuba wrote: |
|
Hi,
in commit 1812e7c, specifying CFLAGS to make command in elog.spec, renders all other settings in Makefile void. That is, if I want to include any of KRB5, LDAP, PAM support, and change makefile accordingly, then when producing rpm they are not taken into account. Anyway, CFLAGS in Makefile are already set to the same defaults, so why it is redefined in spec file?
best
Janusz
|
|
|
Re: Problem in logging with LDAP and passwd, posted by Laurent Jean-Rigaud on Fri Mar 5 01:43:20 2021
|
Hi,
It seems that ELOG does not support LDAPS but only simple LDAP connection.
Regards |
|
Re: Problem in logging with LDAP and passwd, posted by Laurent Jean-Rigaud on Sun Mar 14 17:02:49 2021
|
Hi Sebastian,
Nice to hear !
So i retried some tests and in fact, as my NAS LDAP is using self-signed certificate, connexion is refused by openldap libs from ELOG (ldap_simple_bind_s Can't contact LDAP server).
By disabling certificates verification in ldap.cfg on ELOG VM, i could connect using LDAPS URL...
Maybe it should be an option to add in elog.conf... :-)
Thanks for information,
Laurent
|
|
Re: segfault in auth.c:366, posted by Laurent Jean-Rigaud on Sun Apr 25 15:17:27 2021
|
Hi,
Maybe it could be useful to add new parameters in elogd.cfg to define the attribute name to use to retrieve the given name, login name and email from LDAP server.
By example :
LDAP email attribute = mail
LDAP surname attribute = id
LDAP givename attribute = gn
So users can define them according to their exotic LDAP schema ;-)
Laurent |
elog c++ and LDAP, posted by Laurent Jean-Rigaud on Wed Feb 16 22:24:18 2022
|
Hi Stefan,
I've seen that ELOG is build now with gcc-c++ now, so i tried to check rpmbuild script with all options. It seems that ldap api is different with c++ (quick search : https://www.openldap.org/lists/openldap-software/200706/msg00177.html) and elogd can not been build anymore with ldap support. :-(
# make
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o mxml.o mxml/mxml.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o crypt.o src/crypt.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -c -o strlcpy.o mxml/strlcpy.cxx
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -o elog src/elog.cxx mxml.o crypt.o strlcpy.o -lssl -lkrb5 -lldap -llber -lpam -llber
c++ -O3 -funroll-loops -fomit-frame-pointer -W -Wall -Wno-deprecated-declarations -Wno-unused-result -Imxml -DHAVE_SSL -DHAVE_KRB5 -DHAVE_LDAP -DHAVE_PAM -w -c -o auth.o src/auth.cxx
src/auth.cxx: In function ‘int auth_verify_password_ldap(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:283:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
^
src/auth.cxx:290:26: erreur: ‘ldap_unbind’ was not declared in this scope
ldap_unbind(ldap_ld);
^
src/auth.cxx:295:23: erreur: ‘ldap_unbind’ was not declared in this scope
ldap_unbind(ldap_ld);
^
src/auth.cxx: In function ‘int ldap_adduser_file(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:323:60: erreur: ‘ldap_simple_bind_s’ was not declared in this scope
bind = ldap_simple_bind_s(ldap_ld, ldap_bindDN, password);
^
src/auth.cxx:330:26: erreur: ‘ldap_unbind’ was not declared in this scope
ldap_unbind(ldap_ld);
^
src/auth.cxx:358:26: erreur: ‘ldap_unbind’ was not declared in this scope
ldap_unbind(ldap_ld);
^
src/auth.cxx:369:62: erreur: ‘ldap_get_values’ was not declared in this scope
if((values = ldap_get_values(ldap_ld,entry,attribute)) != NULL ) {
^
src/auth.cxx:378:35: erreur: ‘ldap_value_free’ was not declared in this scope
ldap_value_free(values);
^
src/auth.cxx:386:23: erreur: ‘ldap_unbind’ was not declared in this scope
ldap_unbind(ldap_ld);
^
src/auth.cxx: In function ‘int elog_conv(int, const pam_message**, pam_response**, void*)’:
src/auth.cxx:451:59: erreur: invalid conversion from ‘void*’ to ‘pam_response*’ [-fpermissive]
if((*resp = calloc(num_msg, sizeof(struct pam_response))) == NULL)
^
src/auth.cxx:456:33: erreur: invalid conversion from ‘void*’ to ‘const char*’ [-fpermissive]
if(!(resptok = strdup(my_data))) {
^
In file included from src/elogd.h:46:0,
from src/auth.cxx:30:
/usr/include/string.h:172:14: erreur: initializing argument 1 of ‘char* strdup(const char*)’ [-fpermissive]
extern char *strdup (const char *__s)
^
src/auth.cxx: In function ‘int auth_verify_password(LOGBOOK*, const char*, const char*, char*, int)’:
src/auth.cxx:593:73: erreur: invalid conversion from ‘const char*’ to ‘char*’ [-fpermissive]
if (get_user_line(lbs, user, NULL, NULL, NULL, NULL, NULL, NULL) == 2) {
^
In file included from src/auth.cxx:30:0:
src/elogd.h:282:5: erreur: initializing argument 2 of ‘int get_user_line(LOGBOOK*, char*, char*, char*, char*, BOOL*, time_t*, int*)’ [-fpermissive]
int get_user_line(LOGBOOK * lbs, char *user, char *password, char *full_name, char *email,
^
make: *** [auth.o] Erreur 1
Regards,
Laurent |
|
Re: Vulnerability?, posted by Laurent Jean-Rigaud on Mon Mar 7 22:07:54 2022
|
> > I trust Stefan is reading this thread and will do something about it. My vote would
> > be to remove the download link to the windows executables and ask Debian to remove
> > the elog package. I think they have a way for upstream developers (Stefan) to request
> > removal of unmaintained out-of-date insecure versions of their stuff. ROOT
> > was in the same situation years ago, the Debian package for ROOT was very old version,
> > also built incorrectly, and everybody complained to us that our stuff does
> > not work (midas, rootana, etc).
>
> Yeah, I have to recompile the Windows version. Unfortunately my old Windows PC is gone, I
> switched now completely to MacOSX and Linux. Probably have to borrow something from somewhere.
> If anybody can compile the Windows version with the current source code I would be happy.
>
> Stefan
Hi Stefan,
I don't find any howto to build elog under windows, so i tried to compile elog-latest sources with cygwin (packages gcc + openssl-devel + openldap-devel + make).
It builds, i could start elogd.exe and connect to localhost:8080 !
I generate a zip with cygwin dll needed to launch elogd and tools. I think they could be enclosed (maybe the cygwin licence file have to be added ?).
Btw it should be possible to crossbuild it under Mac or Linux. The problem is to test it ;-). On Mac, you can use UTM to create a Windows VM to do the work.
Bye
Laurent |
|
Re: Up to date windows version, posted by Laurent Jean-Rigaud on Thu Oct 20 13:13:16 2022
|
> Dear Developers
>
> I know this topic i on and off in this forum but it seems the only updated versions of Elog are in the
linux binaries. Have anybody been able to compile a windows versions since 2018?
>
> Kind Regards Finn
Hi,
We discussed on windows build some weeks ago and i tried to make one to check if it’s possible.
The result is in https://elog.psi.ch/elogs/Forum/69491
This could help you up to official new build.
.
Laurent |
|