From e78c098543bbf64b03d1f3df98aa26184c435737 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Fri, 19 May 2017 11:18:20 -0400 Subject: [PATCH] Ticket 48681 - logconv.pl - Fix SASL Bind stats and rework report format Description: We were previously counting ANONYMOUS sasl bind mechanisms as anonymous binds. The report was also changed to make the binds stats clearer. https://pagure.io/389-ds-base/issue/48681 Reviewed by: tbordaz(Thanks!) (cherry picked from commit f913252541c90ab7f3d62d74818c43ad01ff5c4e) --- ldap/admin/src/logconv.pl | 52 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/ldap/admin/src/logconv.pl b/ldap/admin/src/logconv.pl index c30e175..4932db4 100755 --- a/ldap/admin/src/logconv.pl +++ b/ldap/admin/src/logconv.pl @@ -1099,23 +1099,23 @@ print "Max BER Size Exceeded: $maxBerSizeCount\n"; print "\n"; print "Binds: $bindCount\n"; print "Unbinds: $unbindCount\n"; +print "------------------------------"; +print "-" x length $bindCount; +print "\n"; print " - LDAP v2 Binds: $v2BindCount\n"; print " - LDAP v3 Binds: $v3BindCount\n"; -print " - AUTOBINDs: $autobindCount\n"; +print " - AUTOBINDs(LDAPI): $autobindCount\n"; print " - SSL Client Binds: $sslClientBindCount\n"; print " - Failed SSL Client Binds: $sslClientFailedCount\n"; print " - SASL Binds: $saslBindCount\n"; if ($saslBindCount > 0){ my $saslmech = $hashes->{saslmech}; foreach my $saslb ( sort {$saslmech->{$b} <=> $saslmech->{$a} } (keys %{$saslmech}) ){ - printf " %-4s - %s\n",$saslb, $saslmech->{$saslb}; + printf " - %-4s: %s\n",$saslb, $saslmech->{$saslb}; } } - print " - Directory Manager Binds: $rootDNBindCount\n"; print " - Anonymous Binds: $anonymousBindCount\n"; -my $otherBindCount = $bindCount -($rootDNBindCount + $anonymousBindCount); -print " - Other Binds: $otherBindCount\n\n"; ########################################################################## # Verbose Logging Section # @@ -1195,9 +1195,9 @@ if ($usage =~ /e/i || $verb eq "yes"){ } #################################### -# # +# # # Print Failed Logins # -# # +# # #################################### if ($verb eq "yes" || $usage =~ /f/ ){ @@ -2117,7 +2117,7 @@ sub parseLineNormal ($connID) = $_ =~ /conn=(\d*)\s/; handleConnClose($connID); } - if (m/ BIND/ && $_ =~ /dn=\"(.*)\" method=128/i ){ + if (m/ BIND / && $_ =~ /dn=\"(.*)\" method=128/i ){ my $binddn = $1; if($reportStats){ inc_stats('bind',$s_stats,$m_stats); } $bindCount++; @@ -2531,21 +2531,49 @@ sub parseLineNormal } } } - if (/ BIND / && /method=sasl/i){ + if (/ BIND / && $_ =~ /dn=\"(.*)\" method=sasl/i){ + my $binddn = $1; + my ($conn, $op); $saslBindCount++; $bindCount++; if ($_ =~ /mech=(.*)/i ){ my $mech = $1; $hashes->{saslmech}->{$mech}++; - my ($conn, $op); if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){ $conn = $1; $op = $2; $hashes->{saslconnop}->{$conn-$op} = $mech; } } - if (/ mech=ANONYMOUS/){ - $anonymousBindCount++; + if ($binddn ne ""){ + if($binddn eq $rootDN){ $rootDNBindCount++; } + if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){ + $tmpp = $binddn; + $tmpp =~ tr/A-Z/a-z/; + $hashes->{bindlist}->{$tmpp}++; + $hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp; + } + } + } + if (/ RESULT err=/ && / tag=97 nentries=0 etime=/ && $_ =~ /dn=\"(.*)\"/i){ + # Check if this is a sasl bind, if see we need to add the RESULT's dn as a bind dn + my $binddn = $1; + my ($conn, $op); + if ($_ =~ /conn= *([0-9A-Z]+) +op= *([0-9\-]+)/i){ + $conn = $1; + $op = $2; + if ($hashes->{saslconnop}->{$conn-$op} ne ""){ + # This was a SASL BIND - record the dn + if ($binddn ne ""){ + if($binddn eq $rootDN){ $rootDNBindCount++; } + if($usage =~ /f/ || $usage =~ /u/ || $usage =~ /U/ || $usage =~ /b/ || $verb eq "yes"){ + $tmpp = $binddn; + $tmpp =~ tr/A-Z/a-z/; + $hashes->{bindlist}->{$tmpp}++; + $hashes->{bind_conn_op}->{"$serverRestartCount,$conn,$op"} = $tmpp; + } + } + } } } if (/ RESULT err=14 tag=97 / && / SASL bind in progress/){ -- 2.9.4