glauth · Fusion · Jul 3, 2023 · Nov 7, 2022 · Nov 7, 2022 · Nov 12, 2022
diff --git a/v2/glauth.go b/v2/glauth.go
@@ -17,9 +17,7 @@ import (
 	"github.com/rs/zerolog"
 	"gopkg.in/amz.v3/aws"
 	"gopkg.in/amz.v3/s3"
-	"io"
 	"io/ioutil"
-	"log/syslog"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -768,7 +766,7 @@ func doConfig(checkConfig bool) error {
 
 	// Handle logging settings for new config
 	// - we do this last to make sure we only respect a fully validated config
-	initLogging(activeConfig.Debug, activeConfig.Syslog, activeConfig.StructuredLog)
+	log = logging.InitLogging(activeConfig.Debug, activeConfig.Syslog, activeConfig.StructuredLog)
 
 	if !checkConfig {
 		if activeConfig.Debug {
@@ -781,40 +779,3 @@ func doConfig(checkConfig bool) error {
 
 	return nil
 }
-
-// initLogging sets up logging to stderr
-func initLogging(reqdebug bool, reqsyslog bool, reqstructlog bool) {
-	var level zerolog.Level
-	if reqdebug {
-		level = zerolog.DebugLevel
-	} else {
-		level = zerolog.InfoLevel
-	}
-
-	var mainWriter io.Writer
-	if reqstructlog {
-		// Vroom vroom
-		mainWriter = os.Stderr
-		zerolog.TimeFieldFormat = time.RFC1123Z
-	} else {
-		// This is the inefficient writer
-		mainWriter = zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC1123Z}
-	}
-
-	if reqsyslog {
-		s, err := syslog.New(syslog.LOG_INFO, "glauth")
-		if err != nil {
-			fmt.Println("Unable to write to syslog: ignoring...")
-			reqsyslog = false
-		} else {
-			writers := zerolog.MultiLevelWriter(mainWriter, zerolog.SyslogLevelWriter(s))
-			log = zerolog.New(writers).Level(level).With().Timestamp().Logger()
-		}
-	}
-
-	if !reqsyslog {
-		log = zerolog.New(mainWriter).Level(level).With().Timestamp().Logger()
-	}
-
-	logging.RewireLogging(log, reqstructlog)
-}
diff --git a/v2/go.mod b/v2/go.mod
@@ -11,11 +11,9 @@ require (
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815
 	github.com/fsnotify/fsnotify v1.4.9
-	github.com/go-logr/logr v0.4.0
 	github.com/hydronica/toml v0.4.2
 	github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a
 	github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba
-	github.com/op/go-logging v0.0.0-20160315200505-970db520ece7
 	github.com/pquerna/otp v1.3.0
 	github.com/prometheus/client_golang v1.13.0
 	github.com/rs/zerolog v1.28.0

diff --git a/v2/go.sum b/v2/go.sum
@@ -81,8 +81,6 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs=
-github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
-github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -188,8 +186,6 @@ github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 h1:D9EvfGQvlkKaD
 github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484/go.mod h1:O1EljZ+oHprtxDDPHiMWVo/5dBT6PlvWX5PSwj80aBA=
 github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba h1:DO8NFYdcRv1dnyAINJIBm6Bw2XibtLvQniNFGzf2W8E=
 github.com/nmcclain/ldap v0.0.0-20210720162743-7f8d1e44eeba/go.mod h1:4S0XndRL8HNOaQBfdViJ2F/GPCgL524xlXRuXFH12/U=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 h1:lDH9UUVJtmYCjyT0CI4q8xvlXPxeZ0gYCVvWbmPlp88=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=

diff --git a/v2/pkg/handler/config.go b/v2/pkg/handler/config.go
@@ -238,12 +238,12 @@ func (h configHandler) getGroupMemberDNs(gid int) []string {
 	members := make(map[string]bool)
 	for _, u := range h.cfg.Users {
 		if u.PrimaryGroup == gid {
-			dn := fmt.Sprintf("%s=%s,%s=%s,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
+			dn := fmt.Sprintf("%s=%s,%s=%s,ou=users,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
 			members[dn] = true
 		} else {
 			for _, othergid := range u.OtherGroups {
 				if othergid == gid {
-					dn := fmt.Sprintf("%s=%s,%s=%s,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
+					dn := fmt.Sprintf("%s=%s,%s=%s,ou=users,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
 					members[dn] = true
 				}
 			}

diff --git a/v2/pkg/logging/loghandler_other.go b/v2/pkg/logging/loghandler_other.go
@@ -0,0 +1,84 @@
+//go:build !windows
+// +build !windows
+
+package logging
+
+import (
+	"fmt"
+	"github.com/rs/zerolog"
+	"io"
+	"log"
+	"log/syslog"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// We will use this package to wrap log messages coming from libraries who have no interest
+// in generating structured output.
+
+var (
+	ldapliblogmatcher = regexp.MustCompile(`^\d{4}\/\d{1,2}\/\d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2} `)
+)
+
+func InitLogging(reqdebug bool, reqsyslog bool, reqstructlog bool) zerolog.Logger {
+	var level zerolog.Level
+	if reqdebug {
+		level = zerolog.DebugLevel
+	} else {
+		level = zerolog.InfoLevel
+	}
+
+	var mainWriter io.Writer
+	if reqstructlog {
+		// Vroom vroom
+		mainWriter = os.Stderr
+		zerolog.TimeFieldFormat = time.RFC1123Z
+	} else {
+		// This is the inefficient writer
+		mainWriter = zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC1123Z}
+	}
+
+	var logr zerolog.Logger
+	if reqsyslog {
+		s, err := syslog.New(syslog.LOG_INFO, "glauth")
+		if err != nil {
+			fmt.Println("Unable to write to syslog: ignoring...")
+			reqsyslog = false
+		} else {
+			writers := zerolog.MultiLevelWriter(mainWriter, zerolog.SyslogLevelWriter(s))
+			logr = zerolog.New(writers).Level(level).With().Timestamp().Logger()
+		}
+	}
+
+	if !reqsyslog {
+		logr = zerolog.New(mainWriter).Level(level).With().Timestamp().Logger()
+	}
+
+	log.SetOutput(customWriter{logr: logr, structlog: reqstructlog})
+
+	return logr
+}
+
+type customWriter struct {
+	logr      zerolog.Logger
+	structlog bool
+}
+
+func (e customWriter) Write(p []byte) (int, error) {
+	submatchall := ldapliblogmatcher.FindAllString(string(p), 1)
+	var msg string
+	for _, element := range submatchall {
+		msg = strings.TrimSpace(string(p[len(element):]))
+	}
+	if msg == "" {
+		msg = strings.TrimSpace(string(p))
+	}
+	if e.structlog {
+		fmt.Fprintf(os.Stderr, "{\"level\":\"info\",\"time\":\"%s\",\"message\":\"%s\"}\n", time.Now().Format(time.RFC1123Z), strings.Replace(strings.TrimSpace(msg), `"`, `\"`, -1))
+	} else {
+		e.logr.Info().Msg(msg)
+	}
+	return len(p), nil
+}
diff --git a/v2/pkg/logging/loghandler.go → v2/pkg/logging/loghandler_windows.go b/v2/pkg/logging/loghandler.go → v2/pkg/logging/loghandler_windows.go
@@ -1,8 +1,12 @@
+//go:build windows
+// +build windows
+
 package logging
 
 import (
 	"fmt"
 	"github.com/rs/zerolog"
+	"io"
 	"log"
 	"os"
 	"regexp"
@@ -17,8 +21,29 @@ var (
 	ldapliblogmatcher = regexp.MustCompile(`^\d{4}\/\d{1,2}\/\d{1,2} \d{1,2}\:\d{1,2}\:\d{1,2} `)
 )
 
-func RewireLogging(logr zerolog.Logger, reqstructlog bool) {
+func InitLogging(reqdebug bool, reqsyslog bool, reqstructlog bool) zerolog.Logger {
+	var level zerolog.Level
+	if reqdebug {
+		level = zerolog.DebugLevel
+	} else {
+		level = zerolog.InfoLevel
+	}
+
+	var mainWriter io.Writer
+	if reqstructlog {
+		// Vroom vroom
+		mainWriter = os.Stderr
+		zerolog.TimeFieldFormat = time.RFC1123Z
+	} else {
+		// This is the inefficient writer
+		mainWriter = zerolog.ConsoleWriter{Out: os.Stderr, TimeFormat: time.RFC1123Z}
+	}
+
+	logr := zerolog.New(mainWriter).Level(level).With().Timestamp().Logger()
+
 	log.SetOutput(customWriter{logr: logr, structlog: reqstructlog})
+
+	return logr
 }
 
 type customWriter struct {

diff --git a/v2/pkg/plugins/basesqlhandler.go b/v2/pkg/plugins/basesqlhandler.go
@@ -369,13 +369,13 @@ func (h databaseHandler) getGroupMemberDNs(gid int) []string {
 			return []string{}
 		}
 		if u.PrimaryGroup == gid {
-			dn := fmt.Sprintf("%s=%s,%s=%s,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
+			dn := fmt.Sprintf("%s=%s,%s=%s,ou=users,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
 			members[dn] = true
 		} else {
 			u.OtherGroups = h.commaListToIntTable(otherGroups)
 			for _, othergid := range u.OtherGroups {
 				if othergid == gid {
-					dn := fmt.Sprintf("%s=%s,%s=%s,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
+					dn := fmt.Sprintf("%s=%s,%s=%s,ou=users,%s", h.backend.NameFormat, u.Name, h.backend.GroupFormat, h.getGroupName(u.PrimaryGroup), h.backend.BaseDN)
 					members[dn] = true
 				}
 			}

diff --git a/v2/scripts/ci/good-results/posixGroupList0 b/v2/scripts/ci/good-results/posixGroupList0
@@ -3,12 +3,12 @@ cn: superheros
 uid: superheros
 description: superheros
 gidNumber: 5501
-uniqueMember: cn=alexdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=hackers,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jackdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jamesdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=johndoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=sarahdoe,ou=superheros,dc=glauth,dc=com
+uniqueMember: cn=alexdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=hackers,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jackdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jamesdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=johndoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=sarahdoe,ou=superheros,ou=users,dc=glauth,dc=com
 memberUid: alexdoe
 memberUid: hackers
 memberUid: jackdoe
@@ -23,7 +23,7 @@ cn: svcaccts
 uid: svcaccts
 description: svcaccts
 gidNumber: 5502
-uniqueMember: cn=serviceuser,ou=svcaccts,dc=glauth,dc=com
+uniqueMember: cn=serviceuser,ou=svcaccts,ou=users,dc=glauth,dc=com
 memberUid: serviceuser
 objectClass: posixGroup
 objectClass: top
@@ -33,12 +33,12 @@ cn: vpnaccess
 uid: vpnaccess
 description: vpnaccess
 gidNumber: 5503
-uniqueMember: cn=alexdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=hackers,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jackdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jamesdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=johndoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=sarahdoe,ou=superheros,dc=glauth,dc=com
+uniqueMember: cn=alexdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=hackers,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jackdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jamesdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=johndoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=sarahdoe,ou=superheros,ou=users,dc=glauth,dc=com
 memberUid: alexdoe
 memberUid: hackers
 memberUid: jackdoe
@@ -53,13 +53,13 @@ cn: allaccs
 uid: allaccs
 description: allaccs
 gidNumber: 5504
-uniqueMember: cn=alexdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=hackers,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jackdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jamesdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=johndoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=sarahdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=serviceuser,ou=svcaccts,dc=glauth,dc=com
+uniqueMember: cn=alexdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=hackers,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jackdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jamesdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=johndoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=sarahdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=serviceuser,ou=svcaccts,ou=users,dc=glauth,dc=com
 memberUid: alexdoe
 memberUid: hackers
 memberUid: jackdoe
@@ -75,10 +75,10 @@ cn: mailadmin
 uid: mailadmin
 description: mailadmin
 gidNumber: 5505
-uniqueMember: cn=alexdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jackdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jamesdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=sarahdoe,ou=superheros,dc=glauth,dc=com
+uniqueMember: cn=alexdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jackdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jamesdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=sarahdoe,ou=superheros,ou=users,dc=glauth,dc=com
 memberUid: alexdoe
 memberUid: jackdoe
 memberUid: jamesdoe
@@ -99,10 +99,10 @@ cn: fulltime
 uid: fulltime
 description: fulltime
 gidNumber: 5507
-uniqueMember: cn=alexdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jackdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=jamesdoe,ou=superheros,dc=glauth,dc=com
-uniqueMember: cn=sarahdoe,ou=superheros,dc=glauth,dc=com
+uniqueMember: cn=alexdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jackdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=jamesdoe,ou=superheros,ou=users,dc=glauth,dc=com
+uniqueMember: cn=sarahdoe,ou=superheros,ou=users,dc=glauth,dc=com
 memberUid: alexdoe
 memberUid: jackdoe
 memberUid: jamesdoe