Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 236 of 801  Not logged in ELOG logo
New entries since:Thu Jan 1 01:00:00 1970
ID Date Icon Author Author Email Category OS ELOG Version Subject
  67886   Wed May 6 21:25:34 2015 Question Francois CloutierFrancois@fcmail.caQuestionWindows310.3Preloading Options or Moptions from a text file or CSV
Title says all :)

Is it possible to preload Options or Moptions from a text file or CSV instead of being load from the elogd.conf ?

Thanks :)
  67885   Wed May 6 17:35:14 2015 Question Bruce Bushbruce_bush@sil.orgBug reportLinux3.10.2Path disclosure on unfound file

Greetings,

  Running elog 3.1.0 on CentOS 6.6.  When I try to access a nonexistent file, elog reveals a path in the 404 page.  For example:

Not Found

The requested file /usr/local/elog/themes/default/blortblortblort7854.htm was not found on this server


ELOG version 3.1.0
 
  Is there any way to use a custom 404 page with elog, or to make it stop displaying the file information?
 
Thank you,
bb
 
 

 

  67884   Wed May 6 15:13:11 2015 Warning Christof Hankehanke@rzg.mpg.deBug fixAll3.1.0parse a correctly the username in save_user_config when using Webserver authentication

Hi Stefan,

 

When we use Webserver authentication, we have the correct username already in the variable http_user.

The old way of copying this http_user to "user" is wrong since we don't use the size of http_user.

Instead, just encode the http_user variable directly.

See attached patch against git HEAD.

Christof

 

Attachment 1: parse_http_user_correctly.patch
diff --git a/src/elogd.c b/src/elogd.c
index 601639c..de4734b 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -13142,12 +13142,13 @@ int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
 
    /* if we outsourced the authentication, use external username */
    getcfg(lbs->name, "Authentication", str, sizeof(str));
-   if ( stristr(str, "Webserver")) {
-      strlcpy(user, http_user, sizeof(user));
-   }
 
    /* do not allow HTML in user name */
-   strencode2(user_enc, user, sizeof(user_enc));
+   if ( stristr(str, "Webserver")) {
+      strencode2(user_enc, http_user, sizeof(user_enc));
+   } else {
+      strencode2(user_enc, user, sizeof(user_enc));
+   }
 
    /* check for user name */
    if (!isparam("new_user_name") || *getparam("new_user_name") == 0) {
  67883   Wed May 6 12:31:04 2015 Entry Christof Hankehanke@rzg.mpg.deCommentAll3.1.0Documentation of the webserver authentication

Hi Stefan,

here is a draft of how you could describe the webserver authentication in your docs.

T/Christof

Attachment 1: webserver_auth_doc.patch
diff --git a/doc/adminguide.html b/doc/adminguide.html
index da25388..0568ae3 100755
--- a/doc/adminguide.html
+++ b/doc/adminguide.html
@@ -243,6 +243,37 @@ URL = http://your.proxy.host/subdir/
 
 into elogd.cfg.<p>
 
+<h3><hr><i>Using apache authentication:</i></h3>
+It is also possible to login via an apache-auth module.
+In elogd.cfg you should use the keyword "Webserver" for Authentication: + +<ul><pre> +Authentication = Webserver +</pre></ul> +This triggers elogd to use the environment variable "X-Forwarded-User" as the logged in user.
+A simple example of a apache configuration (including the proxy) is : +<ul><pre> +# this required to pass on the generated env-variable X-Forwarded-User to the proxy +ProxyPassInterpolateEnv On + +ProxyPass /elog/ http://your.host.domain:8080/ + +&lt;Location "/elog"&gt; + Order allow,deny + Allow from all + AuthType Basic + AuthName "elog-server" + AuthUserFile "/opt/elog/htpasswd" + require valid-user + RequestHeader unset Authorization + RequestHeader add X-Forwarded-User %{REMOTE_USER}s + # elog doesn't like the '@', so we need to cut it + RequestHeader edit X-Forwarded-User "@(.*)$" "" +&lt;/Location&gt; +</pre></ul> + + + <hr><a name="imagemagick"> <div class=section>&nbsp; Installing ImageMagick &nbsp;</div> <p> When images are attached to ELOG entries, thumbnails can be created for quick preview. This works also for PDF and PostScript files. ELOG forwards any image operation diff --git a/doc/config.html b/doc/config.html index 9848f58..9e98855 100755 --- a/doc/config.html +++ b/doc/config.html @@ -2207,6 +2207,22 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c} you have to change your password by other means (such as via the Windows login if you use a Windows Domain). </p> + <p> + Beside the Kerberos authentication, elogd version 3.0 and higher can be configured to accept a authentication done + by the webserver. + <ul> + <li> + <b><code>Authentication = Webserver</code></b> + </li> + </ul> + </p> + <p> + You can also combine it with other authentication methods as shown for Kerberos. + </p> + <p> + Elogd is then accepting the username set in the Request-Header "X-Forwarded-User" as already logged in.<br/> + To make this work, you need to configure the webserver correctly, as describe in the adminguide. + </p> <p> <a name="email" id="email"></a>
  67882   Wed May 6 11:00:14 2015 Idea Christof Hankehanke@rzg.mpg.deRequestAll3.1.0logout to external page

Hi Stefan,

I am happy to see that you include the webserver authentication.
So I can now login at some other page and then access elog.
However, I would also need some means of logging out some where else.

For this I propose a new Configuration option "Logout to page" which redirects to another page if set and "Logout to main" is 0.

See the attached patch (against git HEAD)

 

Does this make sense to you ?

 

Christof

PS: Many thanks for the autosave mode,  I already used it ;-)
 

Attachment 1: logout_to_page.patch
diff --git a/src/elogd.c b/src/elogd.c
index 601639c..0f976be 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -27975,6 +27975,11 @@ void interprete(char *lbook, char *path)
       if (getcfg(lbs->name, "Logout to main", str, sizeof(str)) && atoi(str) == 1) {
          sprintf(str, "../");
          setparam("redir", str);
+      } else {
+         getcfg(lbs->name, "Logout to page", str, sizeof(str));
+         if (str[0]) {
+             setparam("redir", str);
+         }
       }
       set_sid_cookie(lbs, "", "");
       sid_remove(getparam("sid"));
  67881   Tue May 5 12:17:24 2015 Agree Andreas Luedekeandreas.luedeke@psi.chBug reportLinux3.1.0Re: Problem with autosave functionality when combined with no 'edit' button

Oups, now I feel almost a little bit sorry for asking surprise    But thank you anyway!!! wink

You should see it that way: there are millions of possible applications for a smart electronic logbook like ELOG, and most possible combinations of flags and options will make sense for some of them smiley

Stefan Ritt wrote:

Arghhhh! Guess how many people asked me for the autosave feature! I worked really hard on it (including an airplane flight to Japan!), not the next guy comes "can we disable that feature?". angry

I agree that this feature has many side effects, and I have to adress one by one, but in the end the community will benefit. Think of starting a draft at one computer, and finishing at another one. Lazarus won't help you there.

Nevertheless crying, I added a "Save drafts" which you can set to zero. But I would rather prefer if people tell me their problems, and I fix them, instead of siletnly just disabling this feature and keeping the bugs there unresolved.

Andreas Luedeke wrote:

By the way Stefan: is there a way to disable the whole draft message feature?

If people are used to e.g. the lazarus addon for firefox, they might prefer their browser to keep their drafts confidential, instead of suffering from accidental premature draft postings ;-)

 

 

  67880   Tue May 5 12:09:53 2015 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.0Re: Problem with autosave functionality when combined with no 'edit' button

Arghhhh! Guess how many people asked me for the autosave feature! I worked really hard on it (including an airplane flight to Japan!), not the next guy comes "can we disable that feature?". angry

I agree that this feature has many side effects, and I have to adress one by one, but in the end the community will benefit. Think of starting a draft at one computer, and finishing at another one. Lazarus won't help you there.

Nevertheless crying, I added a "Save drafts" which you can set to zero. But I would rather prefer if people tell me their problems, and I fix them, instead of siletnly just disabling this feature and keeping the bugs there unresolved.

Andreas Luedeke wrote:

By the way Stefan: is there a way to disable the whole draft message feature?

If people are used to e.g. the lazarus addon for firefox, they might prefer their browser to keep their drafts confidential, instead of suffering from accidental premature draft postings ;-)

 

  67879   Tue May 5 12:05:47 2015 Reply Stefan Rittstefan.ritt@psi.chBug reportLinux3.1.0Re: Problem with autosave functionality when combined with no 'edit' button

I changed the code such that editing of draft messages is always possible, even if the "edit" command is not allowed otherwise. Update is in GIT. Please check if that works at ND280.

Thomas Lindner wrote:

We recently tried upgrading the ND280 elog instance to elog 3.1.0. [1] We seem to have some problems with this 'auto-save' functionality.  Specifically, it doesn't seem to play nice with the fact that we prefer to disable user's ability to edit old messages.  So we have (up to now), had the following set of commands specified in elogd.ccfg

Menu commands = List, New, Reply, Delete, Duplicate, Copy to, Move to, Find, Help

The problem is that we now get auto-saved messages, but no ability for the user to actually go back and finish the draft message.  You can see an example of this state in this test elog

http://neut17.triumf.ca:8080/demo/

Clicking on the draft message you can see that it can't be editted.  If you try to click 'new' then edit the draft, you get the message 'Error: Command "Edit" not allowed'.  So we had zombie draft messages, until we added the edit command back; but that defeats our preference that users not mess up old messages.

In general this auto-saving seems like a useful feature.  So the ideal solution for me would be to have some mode where users could edit/finish draft messages, but where we could still disable users from editting completed/finished messages.  Ie, where we can omit 'Edit' from the menu command, but still get auto-save.

A less ideal, but perhaps simpler solution would be that if an elog has omitted 'Edit' from the menu commands, then this auto-save/save functionality is disabled so that we don't get uneditable draft messages.

[1] https://midas.psi.ch/elogs/Forum/67855

 

ELOG V3.1.5-3fb85fa6