Changeset 2032

Show
Ignore:
Timestamp:
01/19/05 09:49:41 (18 years ago)
Author:
jalet
Message:

Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment
variables if the script is username+password protected.
Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was
not used everywhere.

Location:
pykota/trunk
Files:
6 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/cgi-bin/dumpykota.cgi

    r2028 r2032  
    2424# 
    2525# $Log$ 
     26# Revision 1.5  2005/01/19 08:49:41  jalet 
     27# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment 
     28# variables if the script is username+password protected. 
     29# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was 
     30# not used everywhere. 
     31# 
    2632# Revision 1.4  2005/01/17 08:44:24  jalet 
    2733# Modified copyright years 
     
    149155                    self.arguments = self.form["filter"].value.split() 
    150156                     
     157                # when no authentication is done, or when the remote username     
     158                # is 'root' (even if not run as root of course), then unrestricted 
     159                # dump is allowed. 
     160                remuser = os.environ.get("REMOTE_USER", "root")     
     161                # special hack to accomodate mod_auth_ldap Apache module 
     162                try : 
     163                    remuser = remuser.split("=")[1].split(",")[0] 
     164                except IndexError :     
     165                    pass 
     166                if remuser != "root" : 
     167                    # non-'root' users when the script is password protected 
     168                    # can not dump any data as they like, we restrict them 
     169                    # to their own datas. 
     170                    if self.options["data"] not in ["printers", "pmembers", "groups", "gpquotas"] : 
     171                        self.arguments.append("username=%s" % remuser) 
     172                     
    151173                if self.options["format"] in ("csv", "ssv") : 
    152                     #ctype = "application/vnd.sun.xml.calc" 
     174                    #ctype = "application/vnd.sun.xml.calc"     # OpenOffice.org 
    153175                    ctype = "text/comma-separated-values" 
    154176                    fname = "dump.csv" 
    155177                elif self.options["format"] == "tsv" : 
    156                     #ctype = "application/vnd.sun.xml.calc" 
     178                    #ctype = "application/vnd.sun.xml.calc"     # OpenOffice.org 
    157179                    ctype = "text/tab-separated-values" 
    158180                    fname = "dump.tsv" 
     
    167189                print 
    168190                try : 
    169                     self.main(self.arguments, self.options) 
     191                    self.main(self.arguments, self.options, restricted=0) 
    170192                except PyKotaToolError, msg :     
    171193                    print msg 
  • pykota/trunk/cgi-bin/printquota.cgi

    r2028 r2032  
    2424# 
    2525# $Log$ 
     26# Revision 1.44  2005/01/19 08:49:41  jalet 
     27# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment 
     28# variables if the script is username+password protected. 
     29# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was 
     30# not used everywhere. 
     31# 
    2632# Revision 1.43  2005/01/17 08:44:24  jalet 
    2733# Modified copyright years 
     
    255261        """Main function""" 
    256262        printers = ugmask = isgroup = None 
     263        remuser = os.environ.get("REMOTE_USER", "root")     
     264        # special hack to accomodate mod_auth_ldap Apache module 
     265        try : 
     266            remuser = remuser.split("=")[1].split(",")[0] 
     267        except IndexError :     
     268            pass 
    257269        self.body = "<p>%s</p>\n" % _("Please click on the above button") 
    258270        if self.form.has_key("report") : 
     
    264276            else :     
    265277                printers = self.storage.getMatchingPrinters("*") 
    266             remuser = os.environ.get("REMOTE_USER", "root")     
    267              
    268             # special hack to accomodate mod_auth_ldap Apache module 
    269             try : 
    270                 remuser = remuser.split("=")[1].split(",")[0] 
    271             except IndexError :     
    272                 pass 
    273              
    274278            if remuser == "root" : 
    275279                if self.form.has_key("ugmask") :      
     
    300304                self.body += "%s" % self.reportingtool.generateReport() 
    301305        else :         
    302             remuser = os.environ.get("REMOTE_USER", "root")     
    303306            if remuser != "root" : 
    304307                username = remuser 
  • pykota/trunk/cgi-bin/README

    r2028 r2032  
    2525Be sure to restrict access to these CGI scripts as necessary. 
    2626 
    27 If you protect access to printquota.cgi with user+password 
    28 authentication, the REMOTE_USER CGI environment variable 
    29 is honored, so an user can only see his own quota report, but 
    30 not other users' quota. 
     27If you protect access to printquota.cgi or dumpykota.cgi with  
     28username+password authentication, the REMOTE_USER CGI environment variable 
     29is honored, so an user can only see his own datas, but not 
     30other users' datas. However, the special REMOTE_USER value 'root' 
     31is allowed an unrestricted access. 
    3132 
    32 To make dumpykota.cgi work, you have to ensure that your web server  
    33 runs it as a PyKota administrator. This means that dumpykota.cgi  
    34 when run must be able to read the pykotadmin.conf file. There are  
    35 several ways to do so, one of them is to put the user your web  
    36 server normally runs as into the pykota group (which must be allowed  
    37 to read pykotadmin.conf), then restart your web server : 
    38              
    39             $ adduser www-data pykota 
    40             $ /etc/init.d/apache restart 
    41              
    42 This is probably not the safest way though, so you may want to             
    43 restrict access further with an username and password, or use 
    44 Apache's suExec mechanism to directly run this particular  
    45 script as the pykota system user. Please refer to your web 
    46 server's documentation for details. 
    47          
     33If no username+password authentication takes place, then access 
     34is completely unrestricted. 
     35 
     36You must ensure that the user your web server runs as can read 
     37PyKota's pykota.conf configuration file. No read access to 
     38PyKota's pykotadmin.conf configuration file is necessary though. 
     39 
    4840The web server doesn't need to be a print server nor a PyKota  
    4941Storage Backend server, but it must contain a correctly configured  
  • pykota/trunk/NEWS

    r2030 r2032  
    2222PyKota NEWS : 
    2323 
     24    - 1.21alpha21 : 
     25     
     26        - dumpykota.cgi can now be run as a normal user as opposed to  
     27          a PyKota administrator. No read access to pykotadmin.conf is 
     28          necessary anymore. This CGI scripts now honors the REMOTE_USER 
     29          environment variable just like printquota.cgi does, see  
     30          the file cgi-bin/README for details. 
     31          The command line tool dumpykota must still be run by a PyKota  
     32          administrator. 
     33           
     34        - Fix exception's name error due to a change in recent versions  
     35          of PygreSQL.    
     36           
    2437    - 1.21alpha20 : 
    25      
    26         - Big bug fix wrt the datelimit field which was never 
    27           reset. 
     38           
     39        - Big bug fix wrt the datelimit field which was never reset. 
    2840           
    2941    - 1.21alpha19 : 
  • pykota/trunk/pykota/dumper.py

    r2016 r2032  
    2121# 
    2222# $Log$ 
     23# Revision 1.2  2005/01/19 08:49:41  jalet 
     24# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment 
     25# variables if the script is username+password protected. 
     26# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was 
     27# not used everywhere. 
     28# 
    2329# Revision 1.1  2005/01/08 17:03:07  jalet 
    2430# "--format cups" output more resembling CUPS' page_log. 
     
    6975                        "pgroupname", 
    7076                      ] 
    71     def main(self, arguments, options) : 
     77    def main(self, arguments, options, restricted=1) : 
    7278        """Print Quota Data Dumper.""" 
    73         if not self.config.isAdmin : 
     79        if restricted and not self.config.isAdmin : 
    7480            raise PyKotaToolError, "%s : %s" % (pwd.getpwuid(os.geteuid())[0], _("You're not allowed to use this command.")) 
    7581             
  • pykota/trunk/pykota/version.py

    r2030 r2032  
    2222# 
    2323 
    24 __version__ = "1.21alpha20_unofficial" 
     24__version__ = "1.21alpha21_unofficial" 
    2525 
    2626__doc__ = """PyKota : a complete Printing Quota Solution for CUPS and LPRng."""