Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon8.gif   Top Groups, Show Top Groups, password file and Protect Selection page have nasty interaction, posted by Chris Green on Fri Aug 5 02:27:15 2005 
    icon2.gif   Re: Top Groups, Show Top Groups, password file and Protect Selection page have nasty interaction, posted by Stefan Ritt on Fri Aug 5 12:06:47 2005 
       icon7.gif   Re: Top Groups, Show Top Groups, password file and Protect Selection page have nasty interaction, posted by Chris Green on Fri Aug 5 16:15:04 2005 
          icon2.gif   Re: Top Groups, Show Top Groups, password file and Protect Selection page have nasty interaction, posted by Stefan Ritt on Fri Aug 5 16:51:02 2005 
Message ID: 1385     Entry time: Fri Aug 5 12:06:47 2005     In reply to: 1379     Reply to this: 1388
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Bug report  OS: Linux  ELOG Version: 2.6.0-CVS 
Subject: Re: Top Groups, Show Top Groups, password file and Protect Selection page have nasty interaction 

Chris Green wrote:
Index: elogd.c
===================================================================
RCS file: /usr/local/cvsroot/elog/src/elogd.c,v
retrieving revision 1.739
diff -r1.739 elogd.c
21368,21369c21368
< sprintf(str, "?fail=1", user);
< redirect(lbs, str);
---
> redirect(lbs, "?fail=1");


Thanks, applied.


Chris Green wrote:
Regardless (ie if I use the original CVS code or the patched version), a hard-to trace problem occurs with my configuration whereby users are denied access after password entry at the logbook selection page (even when details are verifiably correct), and users are dropped through to the next (non-protected) Top Group page. This problem goes away if "Protect Selection Page" is turned off.


I hope I have fixed this problem, at least it works ok here when I tried with your config file.

One note I would like to make however: "Top groups" were invented for having completely separate logbook groups. Before the invention of top groups, one had to run several instances of elogd for different departments for example, where one department should not see the other department's logbooks. But having many departments means having to maintain many elogd daemons. This led to the invention of top groups, so one daemon can serve several independent groups, each having their own [global] section, with probably their own administrator.

In your case however, it would be more applicable not to use top groups, but use nested groups. Like
Group MiniBooNE = Analysis, Miscellaneous
Group Analysis = Charged Current Pi Plus, Neutral Current Coherent Pions
Group Miscellaneous = demo

I presume this is more what you want, and you can avoid some problems which arise from top groups.



Chris Green wrote:
A kind of "shadow" of this problem occurs if you create a new logbook from the Change Config File page, whereby after creating the new logbook one is dropped through to the next Top Group's selection page after saving the configuration (and the url has ?fail=1 added to it, althoguh line 21368 above is hardly the only place where this could have occurred).


I have not tested this one, but it could well be that the modification I made also fixes this.
ELOG V3.1.5-fe60aaf