Bug 1247812

Summary: logconv autobind handling regression caused by 47446
Product: Red Hat Enterprise Linux 6 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: low Docs Contact: Petr Bokoc <pbokoc>
Priority: low    
Version: 6.0CC: amsharma, jgalipea, nhosoi, nkinder, pbokoc, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.2.11.15-67.el6 Doc Type: Bug Fix
Doc Text:
When there are autobinds with ldapi, logconv.pl failed with an syntax error. The bug was fixed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-10 19:20:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Noriko Hosoi 2015-07-29 00:30:59 UTC 

https://fedorahosted.org/389/ticket/47446 has introduced a (small) regression. when there are autobinds with ldapi, the code enters into the 
 if($_ =~ /AUTOBIND dn=\"(.*)\"/) 
and compares $1 with $rootDN. Everything is ok until the next if concerning the usage
  if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes") 

At this stage, $1 is reset to undef and the translate operator $tmpp =~ tr/A-Z/a-z/; spits out

Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207.
Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207.

The patch is trivial - just set the value of $tmpp outside of the second if. For the logconv.pl from the branch 1.3.3.x :

--- ./dirsrv/bin/logconv.pl     2015-07-28 11:24:31.000000000 +0200
+++ /Local/dirsrv/bin/logconv.pl        2015-07-28 14:59:06.358309779 +0200
@@ -2013,8 +2013,8 @@
                        if($1 eq $rootDN){
                                $rootDNBindCount++;
                        }
+                       $tmpp = $1;
                        if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
-                               $tmpp = $1;
                                $tmpp =~ tr/A-Z/a-z/;
                                $hashes->{bindlist}->{$tmpp}++;
                        }
Comment 2 Amita Sharma 2015-12-17 10:13:12 UTC 
Hi Norkio,

This is the current logconv.pl code ::
                       if($1 eq $rootDN){
                                $rootDNBindCount++;
                        }
                        $tmpp = $1;
                        if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
                                $tmpp =~ tr/A-Z/a-z/;
                                $hashes->{bindlist}->{$tmpp}++;
                        }
                } else {
                        $anonymousBindCount++;
                        if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
                                $hashes->{bindlist}->{"Anonymous Binds"}++;
                                if($reportStats){ inc_stats('anonbind',$s_stats,$m_stats); }
                        }

with [root@mgmt7 ~]# rpm -qa | grep 389
389-ds-base-1.2.11.15-70.el6.x86_64
389-ds-base-devel-1.2.11.15-70.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-70.el6.x86_64
389-ds-base-libs-1.2.11.15-70.el6.x86_64

Do I need to verify with some other execution as well?

Thanks,
Ami
Comment 3 Noriko Hosoi 2015-12-17 19:17:52 UTC 
Hi Ami,

(In reply to Amita Sharma from comment #2)
> Hi Norkio,
> 
> This is the current logconv.pl code ::
>                        if($1 eq $rootDN){
>                                 $rootDNBindCount++;
>                         }
>                         $tmpp = $1;
>                         if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/
> || $usage =~ /b/ || $verb eq "yes"){
>                                 $tmpp =~ tr/A-Z/a-z/;
>                                 $hashes->{bindlist}->{$tmpp}++;
>                         }
The fix by DS 48231 is correctly applied in the above code.

And without the patch, there was this symptom.

> Description: When there are autobinds with ldapi, the tool fails 
> with an syntax error:
> Use of uninitialized value in transliteration (tr///) at /Local/dirsrv/bin/logconv.pl line 2018, <$LOGFH> line 207.
> Use of uninitialized value $tmpp in hash element at /Local/dirsrv/bin/logconv.pl line 2019, <$LOGFH> line 207.

In addition to the verification on the code, if you don't have the problem, then you could mark VERIFIED.

Thanks!
Comment 4 Amita Sharma 2015-12-22 16:08:12 UTC 
Thanks Noriko.
[root@mgmt7 6.0]# rpm -qa | grep 389
389-ds-base-1.2.11.15-70.el6.x86_64
389-ds-base-devel-1.2.11.15-70.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-70.el6.x86_64
389-ds-base-libs-1.2.11.15-70.el6.x86_64

[root@mgmt7 ldapi]# logconv.pl /var/log/dirsrv/slapd-deftestinst/access
Access Log Analyzer 8.1
Command: logconv.pl /var/log/dirsrv/slapd-deftestinst/access
Processing 1 Access Log(s)...
[001] /var/log/dirsrv/slapd-deftestinst/access	size (bytes):       174366


Total Log Lines Analysed:  2058


----------- Access Log Output ------------

Start of Logs:    22/Dec/2015:11:01:37
End of Logs:      22/Dec/2015:11:04:47

Processed Log Time:  0 Hours, 3 Minutes, 10 Seconds

Restarts:                     12
Total Connections:            88
 - LDAP Connections:          -59
 - LDAPI Connections:         147
 - LDAPS Connections:         0
 - StartTLS Extended Ops:     0
Peak Concurrent Connections:  1
Total Operations:             677
Total Results:                680
Overall Performance:          100.0%

Searches:                     97            (0.51/sec)  (30.63/min)
Modifications:                139           (0.73/sec)  (43.89/min)
Adds:                         84            (0.44/sec)  (26.53/min)
Deletes:                      117           (0.62/sec)  (36.95/min)
Mod RDNs:                     3             (0.02/sec)  (0.95/min)
Compares:                     0             (0.00/sec)  (0.00/min)
Binds:                        237           (1.25/sec)  (74.84/min)

Proxied Auth Operations:      0
Persistent Searches:          0
Internal Operations:          0
Entry Operations:             0
Extended Operations:          0
Abandoned Requests:           0
Smart Referrals Received:     0

VLV Operations:               0
VLV Unindexed Searches:       0
VLV Unindexed Components:     0
SORT Operations:              0

Entire Search Base Queries:   25
Paged Searches:               0
Unindexed Searches:           0
Unindexed Components:         8

FDs Taken:                    235
FDs Returned:                 235
Highest FD Taken:             65

Broken Pipes:                 0
Connections Reset By Peer:    0
Resource Unavailable:         0
Max BER Size Exceeded:        0

Binds:                        237
Unbinds:                      231
 - LDAP v2 Binds:             0
 - LDAP v3 Binds:             235
 - AUTOBINDs:                 2
 - SSL Client Binds:          0
 - Failed SSL Client Binds:   0
 - SASL Binds:                7
    CRAM-MD5 - 2
    DIGEST-MD5 - 2
    EXTERNAL - 2
    PLAIN - 1
 - Directory Manager Binds:   183
 - Anonymous Binds:           53
 - Other Binds:               1


Cleaning up temp files...
Done.

LDAPI does not give any error here..

Hence VERIFIED.
Comment 6 errata-xmlrpc 2016-05-10 19:20:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0737.html