| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69387
|
Wed Aug 18 09:05:51 2021 |
 | Jan Just Keijser | janjust@nikhef.nl | Bug report | Linux | 3.1.4-2 | Re: "New User" option does not work when Authentication=Webserver | here's the patch that I use to enable use creation and deletion in combination with Webserver authentication.
The idea behind the patch is that if the user logged in via "http_user" is an elog admin, then {s}he is allowed to save a random user configuration, including creating or deleting a user.
| Stefan Ritt wrote: |
|
Unfortunately I locallly don't have Webserver authentication, so I cannot check or debug. If you send me a diff that works for you, I'm happy to incorporate it.
Stefan
| Jan Just Keijser wrote: |
|
Our setup uses "Authentication=Webserver" + no automatic user registration. Thus, logbook admins should add a user by clicking "Config" and then "New user". However, no matter what they fill in in the "new user " dialog, as soon as they hit "Save" an error pops up saying that their username (the admin one, not the new one) already exists. I found the following code:
int save_user_config(LOGBOOK * lbs, char *user, BOOL new_user)
{
char file_name[256], str[256], *pl, user_enc[256], new_pwd[80], new_pwd2[80], smtp_host[256],
email_addr[256], mail_from[256], mail_from_name[256], subject[256], mail_text[2000], str2[256],
admin_user[80], url[256], error[2000], sid[32];
int i, self_register, code, first_user;
PMXML_NODE node, subnode, npwd;
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
if (stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
strencode2(user_enc, user, sizeof(user_enc));
}
which seems to be the culprit: the admin user is logged using his/her Webserver (http_user) credentials and this overrides anything that he/she might fill in. If I remove the "Authentication" check then I can create a new user without problems. So, how to fix this? should the "Authentication=Webserver" check be extended with a self/auto registration check?
|
|
|
| Attachment 1: elog-webauth.patch
|
diff -Naur elog-3.1.4-3.org/src/elogd.c elog-3.1.4-3/src/elogd.c
--- elog-3.1.4-3.org/src/elogd.c 2021-02-19 09:55:03.000000000 +0100
+++ elog-3.1.4-3/src/elogd.c 2021-08-17 17:26:06.492232620 +0200
@@ -13273,7 +13273,7 @@
/* if we outsourced the authentication, use external username */
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if (stristr(str, "Webserver")) {
+ if (!is_admin_user(lbs, http_user) && stristr(str, "Webserver")) {
/* do not allow HTML in user name */
strencode2(user_enc, http_user, sizeof(user_enc));
} else {
@@ -26139,6 +26139,8 @@
}
/* make sure user is logged in */
+ if (strcmp(user, http_user) == 0)
+ return TRUE;
if (lbs && !logged_in(lbs))
return FALSE;
|
|
69388
|
Sat Aug 28 21:32:09 2021 |
 | Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | Linux | ELOG V3.1.4 | Adding entries without being logged in stopped working with attachments | Hi Stefan (et al),
we have several logbooks that allow to add new entries without logging in first.
That still works, as long as these entries don't have any attachments.
As soon as there is an attachment you are asked to login in the web interface.
I hope that this is not an intentional feature, but a bug?
Several of our software tools now fail to submit elog entries.
The problem occured when we upgraded to ELOG V3.1.4-2e1708b.
Version elog-3.1.4-611489b did not show this behaviour.
Kind Regards
Andreas
|
|
69391
|
Tue Sep 14 17:48:52 2021 |
 | Manoel Couder | mcouder@nd.edu | Question | Linux | ELOG V3.1.2-bd7 | How to lock a specific entry? | Hi All,
I am using elog to track technical changes in an experiment but also to log what experimentalist are doing during an experiment. For the latter, I would like to be able to lock those entries from being further edited after the expertiment if finished. Is there a way to do that?
Thanks,
Manoel |
|
69392
|
Tue Sep 14 18:18:03 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | ELOG V3.1.2-bd7 | Re: How to lock a specific entry? | You can either lock all entries or none. So I would propose you set up two logbooks, one for technical changes which is not locked and one for what experimentalists are doing which is locked. Locking can be done a certain time after an entry has been made (like 1h, 1d, 1 month etc.). Or you simply make the logbook read-only.
Stefan
| Manoel Couder wrote: |
|
Hi All,
I am using elog to track technical changes in an experiment but also to log what experimentalist are doing during an experiment. For the latter, I would like to be able to lock those entries from being further edited after the expertiment if finished. Is there a way to do that?
Thanks,
Manoel
|
|
|
69394
|
Wed Oct 13 02:38:34 2021 |
| Lin Wang | wanglin@ihep.ac.cn | Question | Linux | Unknown | How to access PSI Elog data from other web clients | We want to develop separate mobile web pages for the web applications deployed at CSNS accelerator, including the PSI Elog.
In Elog, is there RESTful API or HTTP/JSON or HTTP/XML interface for other web clients to access?
Or is there any workaround? |
|
69395
|
Wed Oct 13 08:17:23 2021 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | Unknown | Re: How to access PSI Elog data from other web clients | When elog has been developed, REST did not yet exist. The closest you can get is the RSS API. Just try https://elog.psi.ch/elogs/Forum/elog.rdf and you see the result for this forum. To write to elog, you can use teh HTTP/HTML interface and mimic a browser. See for example elog:69209
Stefan
| Lin Wang wrote: |
|
We want to develop separate mobile web pages for the web applications deployed at CSNS accelerator, including the PSI Elog.
In Elog, is there RESTful API or HTTP/JSON or HTTP/XML interface for other web clients to access?
Or is there any workaround?
|
|
|
69397
|
Fri Oct 15 23:57:38 2021 |
| Rob Calkins | rcalkins@smu.edu | Question | Linux | 3.1.4 | Too many open files - issue? | Has anyone had issues with having too many files open? I'll setup my server and let it go but after a while, I end up with a lot of "cannot create socket: Too many open files" errors being reported. I have a sync to another e-log going which I suspect is part of the cause since that e-log server hasn't had this issue. I suspect that there are files being opened, going into some return loop code and then never getting closed. I'm not a C programmer but I see lines like :
fh = open(tmp_filename, O_RDONLY);
if (fh > 0) {
read(fh, result, size - 1);
close(fh);
}
/* remove temporary file */
remove(tmp_filename);
This looks like it opens the file but unless the remove function closes the file, it will remain open even through the file has been deleted. Maybe this isn't the correct behaviour of 'remove' and I am mistaken?
There are also parts like :
fh = open(textfile, O_RDONLY | O_BINARY);
if (fh < 0) {
printf("Message file \"%s\" does not exist.\n", textfile);
return 1;
}
size = (INT) lseek(fh, 0, SEEK_END);
lseek(fh, 0, SEEK_SET);
if (size > (INT) (sizeof(text) - 1)) {
printf("Message file \"%s\" is too long (%zd bytes max).\n", textfile, sizeof(text));
return 1;
}
This looks like for the second error, it will complain that the file is too long, return an error message but not close the file and would leave it open. Is this a reasonable avenue to pursue or am I mis-reading the code? Thanks.
|
|
69398
|
Thu Oct 21 00:42:42 2021 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Info | Linux | Unknown | Re: How to access PSI Elog data from other web clients | There is a python API to access ELOG via HTTP: https://github.com/paulscherrerinstitute/py_elog
| Lin Wang wrote: |
|
We want to develop separate mobile web pages for the web applications deployed at CSNS accelerator, including the PSI Elog.
In Elog, is there RESTful API or HTTP/JSON or HTTP/XML interface for other web clients to access?
Or is there any workaround?
|
|
|