zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0040-Ticket-48681-logconv.pl-Fix-SASL-Bind-stats-and-rewo.patch

b69e47
From e78c098543bbf64b03d1f3df98aa26184c435737 Mon Sep 17 00:00:00 2001
b69e47
From: Mark Reynolds <mreynolds@redhat.com>
b69e47
Date: Fri, 19 May 2017 11:18:20 -0400
b69e47
Subject: [PATCH] Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework
b69e47
 report format
b69e47
b69e47
Description:  We were previously counting ANONYMOUS sasl bind mechanisms
b69e47
              as anonymous binds.  The report was also changed to make the
b69e47
              binds stats clearer.
b69e47
b69e47
https://pagure.io/389-ds-base/issue/48681
b69e47
b69e47
Reviewed by: tbordaz(Thanks!)
b69e47
b69e47
(cherry picked from commit f913252541c90ab7f3d62d74818c43ad01ff5c4e)
b69e47
---
b69e47
 ldap/admin/src/logconv.pl | 52 ++++++++++++++++++++++++++++++++++++-----------
b69e47
 1 file changed, 40 insertions(+), 12 deletions(-)
b69e47
b69e47
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
b69e47
index c30e175..4932db4 100755
b69e47
--- a/ldap/admin/src/logconv.pl
b69e47
+++ b/ldap/admin/src/logconv.pl
b69e47
@@ -1099,23 +1099,23 @@ print "Max BER Size Exceeded:        $maxBerSizeCount\n";
b69e47
 print "\n";
b69e47
 print "Binds:                        $bindCount\n";
b69e47
 print "Unbinds:                      $unbindCount\n";
b69e47
+print "------------------------------";
b69e47
+print "-" x length $bindCount;
b69e47
+print "\n";
b69e47
 print " - LDAP v2 Binds:             $v2BindCount\n";
b69e47
 print " - LDAP v3 Binds:             $v3BindCount\n";
b69e47
-print " - AUTOBINDs:                 $autobindCount\n";
b69e47
+print " - AUTOBINDs(LDAPI):          $autobindCount\n";
b69e47
 print " - SSL Client Binds:          $sslClientBindCount\n";
b69e47
 print " - Failed SSL Client Binds:   $sslClientFailedCount\n";
b69e47
 print " - SASL Binds:                $saslBindCount\n";
b69e47
 if ($saslBindCount > 0){
b69e47
 	my $saslmech = $hashes->{saslmech};
b69e47
 	foreach my $saslb ( sort {$saslmech->{$b} <=> $saslmech->{$a} } (keys %{$saslmech}) ){
b69e47
-		printf "    %-4s - %s\n",$saslb, $saslmech->{$saslb};
b69e47
+		printf "   - %-4s: %s\n",$saslb, $saslmech->{$saslb};
b69e47
 	}
b69e47
 }
b69e47
-
b69e47
 print " - Directory Manager Binds:   $rootDNBindCount\n";
b69e47
 print " - Anonymous Binds:           $anonymousBindCount\n";
b69e47
-my $otherBindCount = $bindCount -($rootDNBindCount + $anonymousBindCount);
b69e47
-print " - Other Binds:               $otherBindCount\n\n";
b69e47
 
b69e47
 ##########################################################################
b69e47
 #                       Verbose Logging Section                          #
b69e47
@@ -1195,9 +1195,9 @@ if ($usage =~ /e/i || $verb eq "yes"){
b69e47
 }
b69e47
 
b69e47
 ####################################
b69e47
-#			   #
b69e47
+#                                  #
b69e47
 #     Print Failed Logins          #
b69e47
-#				   #
b69e47
+#                                  #
b69e47
 ####################################
b69e47
 
b69e47
 if ($verb eq "yes" || $usage =~ /f/ ){
b69e47
@@ -2117,7 +2117,7 @@ sub parseLineNormal
b69e47
 		($connID) = $_ =~ /conn=(\d*)\s/;
b69e47
 		handleConnClose($connID);
b69e47
 	}
b69e47
-	if (m/ BIND/ && $_ =~ /dn=\"(.*)\" method=128/i ){
b69e47
+	if (m/ BIND / && $_ =~ /dn=\"(.*)\" method=128/i ){
b69e47
 		my $binddn = $1;
b69e47
 		if($reportStats){ inc_stats('bind',$s_stats,$m_stats); }
b69e47
 		$bindCount++;
b69e47
@@ -2531,21 +2531,49 @@ sub parseLineNormal
b69e47
 			}
b69e47
 		}
b69e47
 	}
b69e47
-	if (/ BIND / && /method=sasl/i){
b69e47
+	if (/ BIND / && $_ =~ /dn=\"(.*)\" method=sasl/i){
b69e47
+		my $binddn = $1;
b69e47
+		my ($conn, $op);
b69e47
 		$saslBindCount++;
b69e47
 		$bindCount++;
b69e47
 		if ($_ =~ /mech=(.*)/i ){
b69e47
 			my $mech = $1;
b69e47
 			$hashes->{saslmech}->{$mech}++;
b69e47
-			my ($conn, $op);
b69e47
 			if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){
b69e47
 				$conn = $1;
b69e47
 				$op = $2;
b69e47
 				$hashes->{saslconnop}->{$conn-$op} = $mech;
b69e47
 			}
b69e47
 		}
b69e47
-		if (/ mech=ANONYMOUS/){
b69e47
-			$anonymousBindCount++;
b69e47
+		if ($binddn ne ""){
b69e47
+			if($binddn eq $rootDN){ $rootDNBindCount++; }
b69e47
+			if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
b69e47
+				$tmpp = $binddn;
b69e47
+				$tmpp =~ tr/A-Z/a-z/;
b69e47
+				$hashes->{bindlist}->{$tmpp}++;
b69e47
+				$hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp;
b69e47
+			}
b69e47
+		}
b69e47
+	}
b69e47
+	if (/ RESULT err=/ && / tag=97 nentries=0 etime=/ && $_ =~ /dn=\"(.*)\"/i){
b69e47
+		# Check if this is a sasl bind, if see we need to add the RESULT's dn as a bind dn
b69e47
+		my $binddn = $1;
b69e47
+		my ($conn, $op);
b69e47
+		if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){
b69e47
+			$conn = $1;
b69e47
+			$op = $2;
b69e47
+			if ($hashes->{saslconnop}->{$conn-$op} ne ""){
b69e47
+				# This was a SASL BIND - record the dn
b69e47
+				if ($binddn ne ""){
b69e47
+					if($binddn eq $rootDN){ $rootDNBindCount++; }
b69e47
+					if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
b69e47
+						$tmpp = $binddn;
b69e47
+						$tmpp =~ tr/A-Z/a-z/;
b69e47
+						$hashes->{bindlist}->{$tmpp}++;
b69e47
+						$hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp;
b69e47
+					}
b69e47
+				}
b69e47
+			}
b69e47
 		}
b69e47
 	}
b69e47
 	if (/ RESULT err=14 tag=97 / && / SASL bind in progress/){
b69e47
-- 
b69e47
2.9.4
b69e47