ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
66661
|
Thu Jan 7 21:22:09 2010 |
| Aaron Couture | acouture@lanl.gov | Bug report | Linux | rev2280 | Re: Problem with CRYPT+SSL and elog command line entries |
I Aaron Couture wrote: |
I have attached a possible patch--basically pirated from elogd.c Because strlcpy needed for the crypt cares about size, do_crypt needed the size, which had not been a concern for base64_encode in elog.c As a result, base64_encode changed slightly as well. I think the implementation places a limit of 32 characters on passwords, which seemed to already be the limit in elogd.c The elog.c limit appeared to be 80 characters. I tested both SSL and SSL+CRYPT for commandline elog entries with both a logbook specific write password as well as username/password combo in a password file.
AJC
I am in the process of setting up a new ELOG logbook. I checked out rev2280 from svn.savannah.psi.ch. I knew I wanted to encrypt passwords, so when I compiled, I used flags
USE_SSL=1
and
USE_CRYPT=1
I am running Red Hat enterprise linux 3, glibc-devel-2.3.2-95.50, openssl-devel-0.9.7a-33.25
Everything seemed to be working fine--I was able to set up logbooks using both a password file as well as write passwords and make entries to the logs. Then I tried to use the command line 'elog' to make an entry which failed to both logbooks.
/opt/elog/pro/elogd -c /opt/elog/pro/dansce_fancy.cfg -l Demo1 -w <mypassword>
Would change the password in dansce_fancy.cfg and I could make entries through the web interface, but
elog -h acouture -s -p 8081 -w <mypassword> -l Demo1 -a Author="Aaron Couture" -a Type=Routine -m Sampleinfo.txt -x -n 1
failed with
Error: Invalid user name or password
I got the same behaviour when I used a logbook with a user/password pair defined in a password file.
When I looked at the output from running elogd with the -v flag, I could see that everything was being received on the server side, but that the password did not agree with the write password in dansce_fancy.cfg
I then recompiled elog with
USE_SSL=1
USE_CRYPT=
And then the elog command line entries worked, both with write passwords and a password file (after recreating the password file and the write password). Looking at the elog.c source code, it appears that it does not know to use crypt rather then base64_encode when USE_CRYPT is true. elogd.c defined different behaviour if USE_CRYPT is defined.
Thanks,
Aaron Couture
|
|
Attachment 1: elogc.patch
|
64c64
< void base64_encode(char *s, char *d)
---
> void base64_encode(unsigned char *s, unsigned char *d, int size)
66a67
> unsigned char *p;
68c69
< pad = 3 - strlen(s) % 3;
---
> pad = 3 - strlen((char *) s) % 3;
70a72
> p = d;
86a89,90
> if (d - p >= size - 3)
> return;
92a97,106
> void do_crypt(char *s, char *d, int size)
> {
> #ifdef HAVE_CRYPT
> strlcpy(d, crypt(s, "el"), size);
> #else
> base64_encode((unsigned char *) s, (unsigned char *) d, size);
> #endif
> }
>
>
382c396
< char str[256], *ph, *ps;
---
> char str[256], encrypted_passwd[32], *ph, *ps;
422,423c436,437
< base64_encode(passwd, str);
< sprintf(request + strlen(request), "wpwd=%s;", str);
---
> do_crypt(passwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "wpwd=%s;", encrypted_passwd);
439,440c453,454
< base64_encode(upwd, str);
< sprintf(request + strlen(request), "upwd=%s;", str);
---
> do_crypt(upwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "upwd=%s;", encrypted_passwd);
628c642
< char host_name[256], boundary[80], str[80], *p, *old_encoding;
---
> char host_name[256], boundary[80], str[80], encrypted_passwd[32], *p, *old_encoding;
801c815
< base64_encode(upwd, str);
---
> do_crypt(upwd, encrypted_passwd, sizeof(encrypted_passwd) );
803c817
< "%s\r\nContent-Disposition: form-data; name=\"upwd\"\r\n\r\n%s\r\n", boundary, str);
---
> "%s\r\nContent-Disposition: form-data; name=\"upwd\"\r\n\r\n%s\r\n", boundary, encrypted_passwd);
885,886c899,900
< base64_encode(passwd, str);
< sprintf(request + strlen(request), "Cookie: wpwd=%s\r\n", str);
---
> do_crypt(passwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "Cookie: wpwd=%s\r\n", encrypted_passwd);
|
66663
|
Fri Jan 8 18:26:56 2010 |
| Aaron Couture | acouture@lanl.gov | Bug report | Linux | rev2280 | Re: Problem with CRYPT+SSL and elog command line entries |
Aaron Couture wrote: |
I Aaron Couture wrote: |
There was some sloppiness in the original patch--__USE_XOPEN wasn't defined, but worked when elog wasn't compiled alone. Now the appropriate ifndef/define statements are in elog.c
I have attached a possible patch--basically pirated from elogd.c Because strlcpy needed for the crypt cares about size, do_crypt needed the size, which had not been a concern for base64_encode in elog.c As a result, base64_encode changed slightly as well. I think the implementation places a limit of 32 characters on passwords, which seemed to already be the limit in elogd.c The elog.c limit appeared to be 80 characters. I tested both SSL and SSL+CRYPT for commandline elog entries with both a logbook specific write password as well as username/password combo in a password file.
AJC
I am in the process of setting up a new ELOG logbook. I checked out rev2280 from svn.savannah.psi.ch. I knew I wanted to encrypt passwords, so when I compiled, I used flags
USE_SSL=1
and
USE_CRYPT=1
I am running Red Hat enterprise linux 3, glibc-devel-2.3.2-95.50, openssl-devel-0.9.7a-33.25
Everything seemed to be working fine--I was able to set up logbooks using both a password file as well as write passwords and make entries to the logs. Then I tried to use the command line 'elog' to make an entry which failed to both logbooks.
/opt/elog/pro/elogd -c /opt/elog/pro/dansce_fancy.cfg -l Demo1 -w <mypassword>
Would change the password in dansce_fancy.cfg and I could make entries through the web interface, but
elog -h acouture -s -p 8081 -w <mypassword> -l Demo1 -a Author="Aaron Couture" -a Type=Routine -m Sampleinfo.txt -x -n 1
failed with
Error: Invalid user name or password
I got the same behaviour when I used a logbook with a user/password pair defined in a password file.
When I looked at the output from running elogd with the -v flag, I could see that everything was being received on the server side, but that the password did not agree with the write password in dansce_fancy.cfg
I then recompiled elog with
USE_SSL=1
USE_CRYPT=
And then the elog command line entries worked, both with write passwords and a password file (after recreating the password file and the write password). Looking at the elog.c source code, it appears that it does not know to use crypt rather then base64_encode when USE_CRYPT is true. elogd.c defined different behaviour if USE_CRYPT is defined.
Thanks,
Aaron Couture
|
|
|
Attachment 1: elogc.patch
|
26a27,30
> #ifndef __USE_XOPEN
> #define __USE_XOPEN /* needed for crypt() */
> #endif
>
64c68
< void base64_encode(char *s, char *d)
---
> void base64_encode(unsigned char *s, unsigned char *d, int size)
66a71
> unsigned char *p;
68c73
< pad = 3 - strlen(s) % 3;
---
> pad = 3 - strlen((char *) s) % 3;
70a76
> p = d;
86a93,94
> if (d - p >= size - 3)
> return;
92a101
>
182a192,201
>
> void do_crypt(char *s, char *d, int size)
> {
> #ifdef HAVE_CRYPT
> strlcpy(d, crypt(s, "el"), size);
> #else
> base64_encode((unsigned char *) s, (unsigned char *) d, size);
> #endif
> }
>
382c401
< char str[256], *ph, *ps;
---
> char str[256], encrypted_passwd[32], *ph, *ps;
422,423c441,442
< base64_encode(passwd, str);
< sprintf(request + strlen(request), "wpwd=%s;", str);
---
> do_crypt(passwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "wpwd=%s;", encrypted_passwd);
439,440c458,459
< base64_encode(upwd, str);
< sprintf(request + strlen(request), "upwd=%s;", str);
---
> do_crypt(upwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "upwd=%s;", encrypted_passwd);
628c647
< char host_name[256], boundary[80], str[80], *p, *old_encoding;
---
> char host_name[256], boundary[80], str[80], encrypted_passwd[32], *p, *old_encoding;
801c820
< base64_encode(upwd, str);
---
> do_crypt(upwd, encrypted_passwd, sizeof(encrypted_passwd) );
803c822
< "%s\r\nContent-Disposition: form-data; name=\"upwd\"\r\n\r\n%s\r\n", boundary, str);
---
> "%s\r\nContent-Disposition: form-data; name=\"upwd\"\r\n\r\n%s\r\n", boundary, encrypted_passwd);
885,886c904,905
< base64_encode(passwd, str);
< sprintf(request + strlen(request), "Cookie: wpwd=%s\r\n", str);
---
> do_crypt(passwd, encrypted_passwd, sizeof(encrypted_passwd) );
> sprintf(request + strlen(request), "Cookie: wpwd=%s\r\n", encrypted_passwd);
|
236
|
Tue Feb 25 22:18:57 2003 |
| Aamir Khan | aamir@aamir.uk.com | Comment | | | Security (passwords over web browser) | Stefan - Just to say that this is an excellent piece of work well done.
I have just started an internal company Elog server, couple of
clarifications :
1) is there a way around seeing the password in text when self regestering,
if I turn this option off when the user changes his password will this
password still be seen?
2) I have changed all the files to be owned on my RedHat Server by the
user:group as elog:elog and set and moved the logbooks to another directory
other than in /usr/local/elog namely /home/elog/logbooks, my concern is is
I was to upgrade to a newer version would it be a simple install over the
top? any caveats?
thanks again an absolute dream program.
kind regards Aamir |
237
|
Tue Feb 25 22:35:44 2003 |
| Aamir Khan | aamir@aamir.uk.com | Request | | | elogd.cfg | Stefan and friends,
without breaching your own security, could it be possible to see what the
elogd.cfg file looks like, also if others would like to post theirs, this
would be great in building exmaples etc, obviosly an security related or
mail server entries hashed out.
I am a tad new at this stuff, but eventually would try my hand at getting
hold of the source code and compiling on AIX and then intergrating into
shell and error reporting. - OK .. a bit in the furture anyway, if someone
has already done this please post.
kind regards Aamir |
245
|
Tue Mar 11 18:40:39 2003 |
| Aamir Khan | aamir@aamir.uk.com | Question | | | Compile on AIX 5L | Dear Friends,
Anyone managed to compile elog on AIX 5.2 or 5.1 ... is there a binary
anywhere?
new to "C"
kind regards Aamir |
67602
|
Tue Nov 5 23:21:52 2013 |
| A.G. Schubert | alexis4@stanford.edu | Bug report | Mac OSX | 2.9.2-2494 | Compilation failure on Mac OSX 10.9 | When compiling elog on OSX 10.9 (Mavericks), I get the error below.
Elog will compile without error if I add -D_FORTIFY_SOURCE=0 to CFLAGS in Makefile, but I'm not sure whether this is a good idea.
$ make
cc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -I../mxml -DHAVE_SSL -w -c -o crypt.o src/crypt.c
cc -O3 -funroll-loops -fomit-frame-pointer -W -Wall -I../mxml -DHAVE_SSL -o elog src/elog.c crypt.o -lssl
src/elog.c:125:8: error: expected parameter declarator
size_t strlcpy(char *dst, const char *src, size_t size)
^
/usr/include/secure/_string.h:105:44: note: expanded from macro 'strlcpy'
__builtin___strlcpy_chk (dest, src, len, __darwin_obsz (dest))
^
/usr/include/secure/_common.h:39:62: note: expanded from macro '__darwin_obsz'
#define __darwin_obsz(object) __builtin_object_size (object, _USE_FORTIFY_LEVEL > 1 ? 1 : 0)
^
/usr/include/secure/_common.h:30:32: note: expanded from macro '_USE_FORTIFY_LEVEL'
# define _USE_FORTIFY_LEVEL 2
^
src/elog.c:125:8: error: expected ')'
/usr/include/secure/_string.h:105:44: note: expanded from macro 'strlcpy'
__builtin___strlcpy_chk (dest, src, len, __darwin_obsz (dest))
^
/usr/include/secure/_common.h:39:62: note: expanded from macro '__darwin_obsz'
#define __darwin_obsz(object) __builtin_object_size (object, _USE_FORTIFY_LEVEL > 1 ? 1 : 0)
^
/usr/include/secure/_common.h:30:32: note: expanded from macro '_USE_FORTIFY_LEVEL'
# define _USE_FORTIFY_LEVEL 2
^
src/elog.c:125:8: note: to match this '('
/usr/include/secure/_string.h:105:44: note: expanded from macro 'strlcpy'
__builtin___strlcpy_chk (dest, src, len, __darwin_obsz (dest))
^
/usr/include/secure/_common.h:39:53: note: expanded from macro '__darwin_obsz'
#define __darwin_obsz(object) __builtin_object_size (object, _USE_FORTIFY_LEVEL > 1 ? 1 : 0)
^ |
67605
|
Thu Nov 7 02:18:17 2013 |
| A.G. Schubert | alexis4@stanford.edu | Bug report | Mac OSX | 2.9.2-2494 | Re: Compilation failure on Mac OSX 10.9 |
Stefan Ritt wrote: |
A.G. Schubert wrote: |
When compiling elog on OSX 10.9 (Mavericks), I get the error below.
Elog will compile without error if I add -D_FORTIFY_SOURCE=0 to CFLAGS in Makefile, but I'm not sure whether this is a good idea.
|
All over sudden gcc comes with its own version of "strlcpy", which I had defined "manually" since many years inside ELOG. Using -DFORTIFY_SOURCE=0 will not harm, so you can use it. The "real" solution is to take our ELOG's strlcpy/strlcat, which I did on the current SVN version.
Best regards,
Stefan
|
Ok, I tried updating my SVN working copy, but I didn't get any updates past elog rev. 2494, mxml rev. 74. I undid my changes to Makefile, tried to compile, but got the same errors.
I then pulled down elog and mxml with git, and these are working for me with no errors. Thanks! |
67252
|
Wed Apr 18 21:53:26 2012 |
| A. Tuttle | ATuttle@UW.edu | Question | Linux | 2.9.1-2435 | Re: author field in reply | Look in https://midas.psi.ch/elog/config.html
--
Fun things to set are:
Preset on first reply <attribute> = <string>
and
Preset on reply <attribute> = <string> |
|