Bug 150557 - user-DN logging in httpd access_log causes problems with analog
user-DN logging in httpd access_log causes problems with analog
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mod_authz_ldap (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
Depends On:
  Show dependency treegraph
Reported: 2005-03-08 06:30 EST by Peter Bieringer
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-12 10:32:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2005-03-08 06:30:17 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

Description of problem:
The DN of the authenticated user in access_log contain spaces which can cause troubles on parsing through analog and other programs.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Setup mod_authz_ldap authentication
2. Authenticate as user


Actual Results:  access_log: - cn=user, dc=subkey1,dc=subkey2,dc=subkey3,dc=subkey4,dc=de [08/Mar/2005:08:30:15 +0100] "GET /something.html HTTP/1.0" 304 - "" "" 596 298

See space between
cn=user, dc=subkey1

Expected Results:  Escaped spaces or at least no spaces

Additional info:

I've got response from the mod_authz_ldap developer and told me, that currently no escape mechanism at all exists in mod_authz_ldap. The module put the value given from LDAP directory without any modification to the log.

Even more funny things can happen, e.g. also " is allowed and unfiltered.
Comment 1 Joe Orton 2005-03-08 06:38:10 EST
It's not clear what's the best thing to do about this.  Does analog parse the
logs OK if you change the LogFormat to double-quote the %u?  Even if it does,
quoting it by default could certainly confuse other programs which expect that
field unquoted.

In the RHEL4 httpd, at least the double-quotes and backslash characters will be
escaped in the logged username.
Comment 2 Joe Orton 2005-09-12 10:32:45 EDT
Given that:

1) any change to the logfile format will require modifying log analysis tools anyway

2) the log analysis tools could use the '[' of the date field to delimit the
username field to avoid the problem in the first place

3) in RHEL4 escaping of quotes and backslashes in the username field is easily

I don't think it's appropriate to change anything here in RHEL3.

Thanks for the report.

Note You need to log in before you can comment on or make changes to this bug.