|
|
61f723 |
From e78c098543bbf64b03d1f3df98aa26184c435737 Mon Sep 17 00:00:00 2001
|
|
|
61f723 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
61f723 |
Date: Fri, 19 May 2017 11:18:20 -0400
|
|
|
61f723 |
Subject: [PATCH] Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework
|
|
|
61f723 |
report format
|
|
|
61f723 |
|
|
|
61f723 |
Description: We were previously counting ANONYMOUS sasl bind mechanisms
|
|
|
61f723 |
as anonymous binds. The report was also changed to make the
|
|
|
61f723 |
binds stats clearer.
|
|
|
61f723 |
|
|
|
61f723 |
https://pagure.io/389-ds-base/issue/48681
|
|
|
61f723 |
|
|
|
61f723 |
Reviewed by: tbordaz(Thanks!)
|
|
|
61f723 |
|
|
|
61f723 |
(cherry picked from commit f913252541c90ab7f3d62d74818c43ad01ff5c4e)
|
|
|
61f723 |
---
|
|
|
61f723 |
ldap/admin/src/logconv.pl | 52 ++++++++++++++++++++++++++++++++++++-----------
|
|
|
61f723 |
1 file changed, 40 insertions(+), 12 deletions(-)
|
|
|
61f723 |
|
|
|
61f723 |
diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl
|
|
|
61f723 |
index c30e175..4932db4 100755
|
|
|
61f723 |
--- a/ldap/admin/src/logconv.pl
|
|
|
61f723 |
+++ b/ldap/admin/src/logconv.pl
|
|
|
61f723 |
@@ -1099,23 +1099,23 @@ print "Max BER Size Exceeded: $maxBerSizeCount\n";
|
|
|
61f723 |
print "\n";
|
|
|
61f723 |
print "Binds: $bindCount\n";
|
|
|
61f723 |
print "Unbinds: $unbindCount\n";
|
|
|
61f723 |
+print "------------------------------";
|
|
|
61f723 |
+print "-" x length $bindCount;
|
|
|
61f723 |
+print "\n";
|
|
|
61f723 |
print " - LDAP v2 Binds: $v2BindCount\n";
|
|
|
61f723 |
print " - LDAP v3 Binds: $v3BindCount\n";
|
|
|
61f723 |
-print " - AUTOBINDs: $autobindCount\n";
|
|
|
61f723 |
+print " - AUTOBINDs(LDAPI): $autobindCount\n";
|
|
|
61f723 |
print " - SSL Client Binds: $sslClientBindCount\n";
|
|
|
61f723 |
print " - Failed SSL Client Binds: $sslClientFailedCount\n";
|
|
|
61f723 |
print " - SASL Binds: $saslBindCount\n";
|
|
|
61f723 |
if ($saslBindCount > 0){
|
|
|
61f723 |
my $saslmech = $hashes->{saslmech};
|
|
|
61f723 |
foreach my $saslb ( sort {$saslmech->{$b} <=> $saslmech->{$a} } (keys %{$saslmech}) ){
|
|
|
61f723 |
- printf " %-4s - %s\n",$saslb, $saslmech->{$saslb};
|
|
|
61f723 |
+ printf " - %-4s: %s\n",$saslb, $saslmech->{$saslb};
|
|
|
61f723 |
}
|
|
|
61f723 |
}
|
|
|
61f723 |
-
|
|
|
61f723 |
print " - Directory Manager Binds: $rootDNBindCount\n";
|
|
|
61f723 |
print " - Anonymous Binds: $anonymousBindCount\n";
|
|
|
61f723 |
-my $otherBindCount = $bindCount -($rootDNBindCount + $anonymousBindCount);
|
|
|
61f723 |
-print " - Other Binds: $otherBindCount\n\n";
|
|
|
61f723 |
|
|
|
61f723 |
##########################################################################
|
|
|
61f723 |
# Verbose Logging Section #
|
|
|
61f723 |
@@ -1195,9 +1195,9 @@ if ($usage =~ /e/i || $verb eq "yes"){
|
|
|
61f723 |
}
|
|
|
61f723 |
|
|
|
61f723 |
####################################
|
|
|
61f723 |
-# #
|
|
|
61f723 |
+# #
|
|
|
61f723 |
# Print Failed Logins #
|
|
|
61f723 |
-# #
|
|
|
61f723 |
+# #
|
|
|
61f723 |
####################################
|
|
|
61f723 |
|
|
|
61f723 |
if ($verb eq "yes" || $usage =~ /f/ ){
|
|
|
61f723 |
@@ -2117,7 +2117,7 @@ sub parseLineNormal
|
|
|
61f723 |
($connID) = $_ =~ /conn=(\d*)\s/;
|
|
|
61f723 |
handleConnClose($connID);
|
|
|
61f723 |
}
|
|
|
61f723 |
- if (m/ BIND/ && $_ =~ /dn=\"(.*)\" method=128/i ){
|
|
|
61f723 |
+ if (m/ BIND / && $_ =~ /dn=\"(.*)\" method=128/i ){
|
|
|
61f723 |
my $binddn = $1;
|
|
|
61f723 |
if($reportStats){ inc_stats('bind',$s_stats,$m_stats); }
|
|
|
61f723 |
$bindCount++;
|
|
|
61f723 |
@@ -2531,21 +2531,49 @@ sub parseLineNormal
|
|
|
61f723 |
}
|
|
|
61f723 |
}
|
|
|
61f723 |
}
|
|
|
61f723 |
- if (/ BIND / && /method=sasl/i){
|
|
|
61f723 |
+ if (/ BIND / && $_ =~ /dn=\"(.*)\" method=sasl/i){
|
|
|
61f723 |
+ my $binddn = $1;
|
|
|
61f723 |
+ my ($conn, $op);
|
|
|
61f723 |
$saslBindCount++;
|
|
|
61f723 |
$bindCount++;
|
|
|
61f723 |
if ($_ =~ /mech=(.*)/i ){
|
|
|
61f723 |
my $mech = $1;
|
|
|
61f723 |
$hashes->{saslmech}->{$mech}++;
|
|
|
61f723 |
- my ($conn, $op);
|
|
|
61f723 |
if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){
|
|
|
61f723 |
$conn = $1;
|
|
|
61f723 |
$op = $2;
|
|
|
61f723 |
$hashes->{saslconnop}->{$conn-$op} = $mech;
|
|
|
61f723 |
}
|
|
|
61f723 |
}
|
|
|
61f723 |
- if (/ mech=ANONYMOUS/){
|
|
|
61f723 |
- $anonymousBindCount++;
|
|
|
61f723 |
+ if ($binddn ne ""){
|
|
|
61f723 |
+ if($binddn eq $rootDN){ $rootDNBindCount++; }
|
|
|
61f723 |
+ if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
|
|
|
61f723 |
+ $tmpp = $binddn;
|
|
|
61f723 |
+ $tmpp =~ tr/A-Z/a-z/;
|
|
|
61f723 |
+ $hashes->{bindlist}->{$tmpp}++;
|
|
|
61f723 |
+ $hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp;
|
|
|
61f723 |
+ }
|
|
|
61f723 |
+ }
|
|
|
61f723 |
+ }
|
|
|
61f723 |
+ if (/ RESULT err=/ && / tag=97 nentries=0 etime=/ && $_ =~ /dn=\"(.*)\"/i){
|
|
|
61f723 |
+ # Check if this is a sasl bind, if see we need to add the RESULT's dn as a bind dn
|
|
|
61f723 |
+ my $binddn = $1;
|
|
|
61f723 |
+ my ($conn, $op);
|
|
|
61f723 |
+ if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){
|
|
|
61f723 |
+ $conn = $1;
|
|
|
61f723 |
+ $op = $2;
|
|
|
61f723 |
+ if ($hashes->{saslconnop}->{$conn-$op} ne ""){
|
|
|
61f723 |
+ # This was a SASL BIND - record the dn
|
|
|
61f723 |
+ if ($binddn ne ""){
|
|
|
61f723 |
+ if($binddn eq $rootDN){ $rootDNBindCount++; }
|
|
|
61f723 |
+ if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){
|
|
|
61f723 |
+ $tmpp = $binddn;
|
|
|
61f723 |
+ $tmpp =~ tr/A-Z/a-z/;
|
|
|
61f723 |
+ $hashes->{bindlist}->{$tmpp}++;
|
|
|
61f723 |
+ $hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp;
|
|
|
61f723 |
+ }
|
|
|
61f723 |
+ }
|
|
|
61f723 |
+ }
|
|
|
61f723 |
}
|
|
|
61f723 |
}
|
|
|
61f723 |
if (/ RESULT err=14 tag=97 / && / SASL bind in progress/){
|
|
|
61f723 |
--
|
|
|
61f723 |
2.9.4
|
|
|
61f723 |
|