Context Navigation

← Previous Changeset
Next Changeset →

Changeset 2032

Timestamp:

01/19/05 09:49:41 (19 years ago)

Author:

jalet

Message:

Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment
variables if the script is username+password protected.
Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was
not used everywhere.

Location:

pykota/trunk

Files:

: 6 modified

cgi-bin/dumpykota.cgi (modified) (3 diffs)
cgi-bin/printquota.cgi (modified) (4 diffs)
cgi-bin/README (modified) (1 diff)
NEWS (modified) (1 diff)
pykota/dumper.py (modified) (2 diffs)
pykota/version.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

pykota/trunk/cgi-bin/dumpykota.cgi

r2028	r2032
24	24	#
25	25	# $Log$
	26	# Revision 1.5 2005/01/19 08:49:41 jalet
	27	# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment
	28	# variables if the script is username+password protected.
	29	# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was
	30	# not used everywhere.
	31	#
26	32	# Revision 1.4 2005/01/17 08:44:24 jalet
27	33	# Modified copyright years
…	…
149	155	self.arguments = self.form["filter"].value.split()
150	156
	157	# when no authentication is done, or when the remote username
	158	# is 'root' (even if not run as root of course), then unrestricted
	159	# dump is allowed.
	160	remuser = os.environ.get("REMOTE_USER", "root")
	161	# special hack to accomodate mod_auth_ldap Apache module
	162	try :
	163	remuser = remuser.split("=")[1].split(",")[0]
	164	except IndexError :
	165	pass
	166	if remuser != "root" :
	167	# non-'root' users when the script is password protected
	168	# can not dump any data as they like, we restrict them
	169	# to their own datas.
	170	if self.options["data"] not in ["printers", "pmembers", "groups", "gpquotas"] :
	171	self.arguments.append("username=%s" % remuser)
	172
151	173	if self.options["format"] in ("csv", "ssv") :
152		#ctype = "application/vnd.sun.xml.calc"
	174	#ctype = "application/vnd.sun.xml.calc" # OpenOffice.org
153	175	ctype = "text/comma-separated-values"
154	176	fname = "dump.csv"
155	177	elif self.options["format"] == "tsv" :
156		#ctype = "application/vnd.sun.xml.calc"
	178	#ctype = "application/vnd.sun.xml.calc" # OpenOffice.org
157	179	ctype = "text/tab-separated-values"
158	180	fname = "dump.tsv"
…	…
167	189	print
168	190	try :
169		self.main(self.arguments, self.options)
	191	self.main(self.arguments, self.options, restricted=0)
170	192	except PyKotaToolError, msg :
171	193	print msg

pykota/trunk/cgi-bin/printquota.cgi

r2028	r2032
24	24	#
25	25	# $Log$
	26	# Revision 1.44 2005/01/19 08:49:41 jalet
	27	# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment
	28	# variables if the script is username+password protected.
	29	# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was
	30	# not used everywhere.
	31	#
26	32	# Revision 1.43 2005/01/17 08:44:24 jalet
27	33	# Modified copyright years
…	…
255	261	"""Main function"""
256	262	printers = ugmask = isgroup = None
	263	remuser = os.environ.get("REMOTE_USER", "root")
	264	# special hack to accomodate mod_auth_ldap Apache module
	265	try :
	266	remuser = remuser.split("=")[1].split(",")[0]
	267	except IndexError :
	268	pass
257	269	self.body = "<p>%s</p>\n" % _("Please click on the above button")
258	270	if self.form.has_key("report") :
…	…
264	276	else :
265	277	printers = self.storage.getMatchingPrinters("*")
266		~~remuser = os.environ.get("REMOTE_USER", "root")~~
267
268		~~# special hack to accomodate mod_auth_ldap Apache module~~
269		~~try :~~
270		~~remuser = remuser.split("=")[1].split(",")[0]~~
271		~~except IndexError :~~
272		~~pass~~
273
274	278	if remuser == "root" :
275	279	if self.form.has_key("ugmask") :
…	…
300	304	self.body += "%s" % self.reportingtool.generateReport()
301	305	else :
302		~~remuser = os.environ.get("REMOTE_USER", "root")~~
303	306	if remuser != "root" :
304	307	username = remuser

pykota/trunk/cgi-bin/README

r2028	r2032
25	25	Be sure to restrict access to these CGI scripts as necessary.
26	26
27		If you protect access to printquota.cgi with user+password
28		authentication, the REMOTE_USER CGI environment variable
29		is honored, so an user can only see his own quota report, but
30		not other users' quota.
	27	If you protect access to printquota.cgi or dumpykota.cgi with
	28	username+password authentication, the REMOTE_USER CGI environment variable
	29	is honored, so an user can only see his own datas, but not
	30	other users' datas. However, the special REMOTE_USER value 'root'
	31	is allowed an unrestricted access.
31	32
32		To make dumpykota.cgi work, you have to ensure that your web server
33		runs it as a PyKota administrator. This means that dumpykota.cgi
34		when run must be able to read the pykotadmin.conf file. There are
35		several ways to do so, one of them is to put the user your web
36		server normally runs as into the pykota group (which must be allowed
37		to read pykotadmin.conf), then restart your web server :
38
39		$ adduser www-data pykota
40		$ /etc/init.d/apache restart
41
42		This is probably not the safest way though, so you may want to
43		restrict access further with an username and password, or use
44		Apache's suExec mechanism to directly run this particular
45		script as the pykota system user. Please refer to your web
46		server's documentation for details.
47
	33	If no username+password authentication takes place, then access
	34	is completely unrestricted.
	35
	36	You must ensure that the user your web server runs as can read
	37	PyKota's pykota.conf configuration file. No read access to
	38	PyKota's pykotadmin.conf configuration file is necessary though.
	39
48	40	The web server doesn't need to be a print server nor a PyKota
49	41	Storage Backend server, but it must contain a correctly configured

pykota/trunk/NEWS

r2030	r2032
22	22	PyKota NEWS :
23	23
	24	- 1.21alpha21 :
	25
	26	- dumpykota.cgi can now be run as a normal user as opposed to
	27	a PyKota administrator. No read access to pykotadmin.conf is
	28	necessary anymore. This CGI scripts now honors the REMOTE_USER
	29	environment variable just like printquota.cgi does, see
	30	the file cgi-bin/README for details.
	31	The command line tool dumpykota must still be run by a PyKota
	32	administrator.
	33
	34	- Fix exception's name error due to a change in recent versions
	35	of PygreSQL.
	36
24	37	- 1.21alpha20 :
25
26		- Big bug fix wrt the datelimit field which was never
27		reset.
	38
	39	- Big bug fix wrt the datelimit field which was never reset.
28	40
29	41	- 1.21alpha19 :

pykota/trunk/pykota/dumper.py

r2016	r2032
21	21	#
22	22	# $Log$
	23	# Revision 1.2 2005/01/19 08:49:41 jalet
	24	# Now dumpykota.cgi behaves like printquota.cgi wrt the REMOTE_USER environment
	25	# variables if the script is username+password protected.
	26	# Small fix in printquota.cgi wrt ldap auth with Apache : the workaround was
	27	# not used everywhere.
	28	#
23	29	# Revision 1.1 2005/01/08 17:03:07 jalet
24	30	# "--format cups" output more resembling CUPS' page_log.
…	…
69	75	"pgroupname",
70	76	]
71		def main(self, arguments, options) :
	77	def main(self, arguments, options, restricted=1) :
72	78	"""Print Quota Data Dumper."""
73		if not self.config.isAdmin :
	79	if restricted and not self.config.isAdmin :
74	80	raise PyKotaToolError, "%s : %s" % (pwd.getpwuid(os.geteuid())[0], _("You're not allowed to use this command."))
75	81

pykota/trunk/pykota/version.py

r2030	r2032
22	22	#
23	23
24		__version__ = "1.21alpha20_unofficial"
	24	__version__ = "1.21alpha21_unofficial"
25	25
26	26	__doc__ = """PyKota : a complete Printing Quota Solution for CUPS and LPRng."""