#48681 logconv.pl lists sasl binds with no dn as anonymous

Created 2 years ago by nhosoi
Modified 10 months ago

Description of problem:
- When analyzing log files with sasl binds (method=sasl and mech=EXTERNAL) with
an empty DN (dn="") they are counted as anonymous. If this is a successful SASL
bind attempt, should this be logged as a sasl bind?

Version-Release number of selected component (if applicable):
Directory Server 8.2
Directory Server 9.1

How reproducible:
Always

Steps to Reproduce:
Run logconv against the following log snippet:

[16/Jun/2014:16:32:05 +0000] conn=34397 fd=8193 slot=8193 SSL connection from
0.0.0.0 to 1.1.1.1
[16/Jun/2014:16:32:05 +0000] conn=34397 SSL 256-bit AES; client
CN=LDAPS-Portal-user-2,OU=People,DC=example,DC=local; issuer CN=CA-1
Certificate Authority,OU=Certification Authorities
[16/Jun/2014:16:32:05 +0000] conn=34397 SSL client bound as
cn=LDAPS-Portal-user-2,ou=People,dc=example,dc=com
[16/Jun/2014:16:32:05 +0000] conn=34397 op=0 BIND dn="" method=sasl version=3
mech=EXTERNAL


Actual results:
Binds:                        1
Unbinds:                      0

 LDAP v2 Binds:               0
 LDAP v3 Binds:               1
 SSL Client Binds:            1
 Failed SSL Client Binds:     0
 SASL Binds:                  1
  1     EXTERNAL

 Directory Manager Binds:     0
 Anonymous Binds:             1
 Other Binds:                 0


Expected results:
Binds:                        1
Unbinds:                      0

 LDAP v2 Binds:               0
 LDAP v3 Binds:               1
 SSL Client Binds:            1
 Failed SSL Client Binds:     0
 SASL Binds:                  1
  1     EXTERNAL

 Directory Manager Binds:     0
 Anonymous Binds:             0
 Other Binds:                 1

Additional info:
~~~
if (m/ BIND/ && m/dn=""/){$anony++; $bindlist{"Anonymous
Binds"}++;inc_stats('anonbind',$s_stats,$m_stats);}
~~~

on line 1463 comes before

~~~
if (/ BIND / && /method=sasl/i){
        $sasl++;
        if ($_ =~ /mech=(.*)/i ){
                $saslmech{$1}++;
        }
~~~

on line 1882. I think it's getting counted as Anonymous and moving to the next
line in the log  before it hits the method=sasl check.

Looks good to me.

dc7bde8..f000528 master -> master
commit f000528
Author: Mark Reynolds mreynolds@redhat.com
Date: Thu Dec 8 09:37:31 2016 -0500

2 years ago

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.6.0

a year ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to review (was: ack)
- Issue status updated to: Open (was: Closed)

a year ago

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to ack (was: review)

7995007..770bf3a master -> master

b414833..0b116ee 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

a year ago

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

Metadata Update from @mreynolds:
- Issue status updated to: Open (was: Closed)

Thanks Mark for offline explanations. Patch looks good to me. Ack

a year ago

Metadata Update from @tbordaz:
- Custom field reviewstatus adjusted to ack (was: review)

b1474a5..f913252 master -> master

d63e4cc..da751b8 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

b1474a5..f913252 master -> master

d63e4cc..da751b8 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

Regression was introduced (See https://bugzilla.redhat.com/show_bug.cgi?id=1474100).

FIxed:

35c20ca..e46749b master -> master

9271d5c..7719fde 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

184b8a1..55bceda 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

Edited 10 months ago by mreynolds
10 months ago

Metadata Update from @mreynolds:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1111400, https://bugzilla.redhat.com/show_bug.cgi?id=1474100 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1111400)
- Custom field version adjusted to None

b0b6346..6098e7b master -> master

cb589f4..4ac6ade 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

55bceda..2111276 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

patch file for above commit

0001-Ticket-48681-Use-of-uninitialized-value-in-string-ne.patch

Login to comment on this ticket.

review

Command Line Utilities

None

Community

defect

cancel