#48681 logconv.pl lists sasl binds with no dn as anonymous
Closed: wontfix 6 years ago Opened 8 years ago by nhosoi.

Description of problem:
- When analyzing log files with sasl binds (method=sasl and mech=EXTERNAL) with
an empty DN (dn="") they are counted as anonymous. If this is a successful SASL
bind attempt, should this be logged as a sasl bind?

Version-Release number of selected component (if applicable):
Directory Server 8.2
Directory Server 9.1

How reproducible:
Always

Steps to Reproduce:
Run logconv against the following log snippet:

[16/Jun/2014:16:32:05 +0000] conn=34397 fd=8193 slot=8193 SSL connection from
0.0.0.0 to 1.1.1.1
[16/Jun/2014:16:32:05 +0000] conn=34397 SSL 256-bit AES; client
CN=LDAPS-Portal-user-2,OU=People,DC=example,DC=local; issuer CN=CA-1
Certificate Authority,OU=Certification Authorities
[16/Jun/2014:16:32:05 +0000] conn=34397 SSL client bound as
cn=LDAPS-Portal-user-2,ou=People,dc=example,dc=com
[16/Jun/2014:16:32:05 +0000] conn=34397 op=0 BIND dn="" method=sasl version=3
mech=EXTERNAL


Actual results:
Binds:                        1
Unbinds:                      0

 LDAP v2 Binds:               0
 LDAP v3 Binds:               1
 SSL Client Binds:            1
 Failed SSL Client Binds:     0
 SASL Binds:                  1
  1     EXTERNAL

 Directory Manager Binds:     0
 Anonymous Binds:             1
 Other Binds:                 0


Expected results:
Binds:                        1
Unbinds:                      0

 LDAP v2 Binds:               0
 LDAP v3 Binds:               1
 SSL Client Binds:            1
 Failed SSL Client Binds:     0
 SASL Binds:                  1
  1     EXTERNAL

 Directory Manager Binds:     0
 Anonymous Binds:             0
 Other Binds:                 1

Additional info:
~~~
if (m/ BIND/ && m/dn=""/){$anony++; $bindlist{"Anonymous
Binds"}++;inc_stats('anonbind',$s_stats,$m_stats);}
~~~

on line 1463 comes before

~~~
if (/ BIND / && /method=sasl/i){
        $sasl++;
        if ($_ =~ /mech=(.*)/i ){
                $saslmech{$1}++;
        }
~~~

on line 1882. I think it's getting counted as Anonymous and moving to the next
line in the log  before it hits the method=sasl check.

dc7bde8..f000528 master -> master
commit f000528
Author: Mark Reynolds mreynolds@redhat.com
Date: Thu Dec 8 09:37:31 2016 -0500

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.3.6.0

7 years ago

Metadata Update from @mreynolds:
- Custom field reviewstatus adjusted to review (was: ack)
- Issue status updated to: Open (was: Closed)

6 years ago

Metadata Update from @firstyear:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

7995007..770bf3a master -> master

b414833..0b116ee 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata Update from @mreynolds:
- Issue status updated to: Open (was: Closed)

6 years ago

Thanks Mark for offline explanations. Patch looks good to me. Ack

Metadata Update from @tbordaz:
- Custom field reviewstatus adjusted to ack (was: review)

6 years ago

b1474a5..f913252 master -> master

d63e4cc..da751b8 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

b1474a5..f913252 master -> master

d63e4cc..da751b8 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

Regression was introduced (See https://bugzilla.redhat.com/show_bug.cgi?id=1474100).

FIxed:

35c20ca..e46749b master -> master

9271d5c..7719fde 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

184b8a1..55bceda 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

6 years ago

b0b6346..6098e7b master -> master

cb589f4..4ac6ade 389-ds-base-1.3.7 -> 389-ds-base-1.3.7

55bceda..2111276 389-ds-base-1.3.6 -> 389-ds-base-1.3.6

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1796

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

3 years ago

Login to comment on this ticket.