https://... to the elogd daemon. If the
URL = directive is used, make sure to use
- https://... instead of http://...
+ https://... instead of http://...
there. The ELOG distribution contains a simple self-signed certificate
in the ssl subdirectory. One can replace this
certificate and key with a real ceritficate to avoid browser pop-up
@@ -199,7 +202,8 @@ Use Mail Subject = Location
Welcome title = <img src="welcome.jpg"><p><font size=5 color=white>Welcome to our Elog</font> -
-t switch when starting elogd. This is necessary
since the password is encrypted. To set your SMPT password, enter on
the command line:
-+elogd -t <your password>
[global] section for each
+
+Note that there can be a [global] section for each
top level group of logbooks. The rule is that a configuration setting in an
individual logbook section overrides a setting in the [global
<top group>] setting, which by itsel overrides a setting
@@ -566,7 +572,8 @@ not wanted, it can be disabled by setting Show top groups =
elog.css. If different CSS'es should be used
for different output media, this can be accomplished with a comma-
separated list in the form
- CSS = <file1>&<media1>,<file2>&<media2>. This will then be translated into separate style sheet
+ CSS = <file1>&<media1>,<file2>&<media2>. This will then be
+ translated into separate style sheet
statements for the different media. For example a statement
CSS = default.css&screen,print.css&print
@@ -617,7 +624,7 @@ not wanted, it can be disabled by setting Show top groups =
Date format = <string>
This option determines how the date is displayed from attributes which
are of type "date". The format of the string is the same as the C
- function strftime, so a string of %A, %B %d,
+ function strftime, so a string of %A, %B %d,
%Y yields in a display of Thursday, November 15, 2001 for
example.
@@ -639,7 +646,8 @@ not wanted, it can be disabled by setting Show top groups =
<li><a href="?cmd=new">Enter</a> a new message
<li><a href="?cmd=find">Search</a> the logbook
</ul>
-The file must be present in the resource directory. Alternatively, an
+
+ The file must be present in the resource directory. Alternatively, an
absolute path can be used if the file name starts with a
"/" (Unix) or "\" or
"x:" (Windows).
@@ -652,7 +660,8 @@ not wanted, it can be disabled by setting Show top groups =
?cmd=xxx. To start with the search page, one uses
Start page = ?cmd=Find
-
Please note that if another language than English is selected via the
+
+ Please note that if another language than English is selected via the
Language = xxx option, the commands have to be in that language as
well (like "Start page = 0?cmd=Letzter" for German).
@@ -664,7 +673,8 @@ Start page = ?cmd=Find
<h1>You successfully submitted a message</h1>
<a href="?cmd=Back">Back</a> to the logbook<p>
<a href="?cmd=New">Enter</a> another message
-The file must be present in the logbook directory. Alternatively, an
+
+ The file must be present in the logbook directory. Alternatively, an
absolute path can be used if the file name starts with a
"/" (Unix) or "\" or
"x:" (Windows).
@@ -749,7 +759,8 @@ Start page = ?cmd=Find
Help - General help
-
+
+
The commands are always in English, independent of the
language = ... setting, and are automatically
@@ -758,7 +769,8 @@ Start page = ?cmd=Find
If this option is not present, following default is used:
Menu commands = List, New, Edit, Delete, Reply, Duplicate, Find, Config, Help
-
+
+
Copy to = <logbook list>
@@ -878,7 +890,8 @@ Guest menu commands = List, Find, Login, Help
selection page like:
<center><a href="/">Main page</a></center>
-
Or it can contain other useful links. If a file is specified, it must be
+
+ Or it can contain other useful links. If a file is specified, it must be
present in the logbook directory. Alternatively, an absolute path can be used
if the file name starts with a "/" (Unix) or
"\" or "x:" (Windows).
@@ -942,6 +955,13 @@ Guest menu commands = List, Find, Login, Help
ensure that old entries cannot be modified. Hours can also be
fractional, like 0.5 for 30 min.
+
+ Admin restrict edit time = <hours>
+ Same option for admin users. This can be useful if normal users are
+ not allowed to change entries after "restrict edit time", but an admin
+ user should be allowed to do so. Setting this to zero disables any
+ restriction for admin users and they can edit entries forever.
+
Max content length = <bytes>
This option restricts the size of attachments. When very large
@@ -994,10 +1014,12 @@ Guest menu commands = List, Find, Login, Help
with the original image size, and can then be resized and rotated
interactively with the image manipulation buttons:
- 
+
+
- Setting Thumbnail size = 0 turns off the thumbnail
- creation.
+ Setting Thumbnail size = 0 turns off the thumbnail
+ creation.
+
Thumbnail options = <options>
@@ -1006,7 +1028,8 @@ Guest menu commands = List, Find, Login, Help
used is the -density option to increase the image quality when
converting from PDF or EPS files.
-
+
+
Attributes
@@ -1027,8 +1050,9 @@ Guest menu commands = List, Find, Login, Help
Locked by
Attachment
Path
-
- since these are used internally by elog.
+
+
+ since these are used internally by elog.
Options <attribute> = <list>
@@ -1068,7 +1092,8 @@ Options town = San Francisco, "Paris, Texas", "Paris, France"
checked for an entry. The attribue value then becomes
<value1> | <value2> | ...
-
In the "find" page only one of these values can be specified,
+
+ In the "find" page only one of these values can be specified,
which is then treated as a substring in the search filter.
@@ -1079,7 +1104,8 @@ Options town = San Francisco, "Paris, Texas", "Paris, France"
Attributes = Author, Icon, Subject...
IOptions Icon = icon1.gif, icon2.gif, icon3.gif, ...
-
New icons are welcome and should be sent back to the author to be
+
+ New icons are welcome and should be sent back to the author to be
incorporated in the next version.
@@ -1120,7 +1146,8 @@ IOptions Icon = icon1.gif, icon2.gif, icon3.gif, ...
login name for the author field like:
Preset Author = $long_name
-
If the attribute should be locked at the Web submission, use the
+
+ If the attribute should be locked at the Web submission, use the
"Locked Attributes = ..." option. If a preset value is given for an
attribute which has an options list, the preset value is selected in the drop
down box by default.
@@ -1247,13 +1274,15 @@ Preset on first reply Subject = Re: $Subject
Delete to display a column with a delete icon
to directly delete and entry
-
+
+
The restriction to certain attributes can be helpful if many attributes
are defined in a logbook, which usually makes the table too big to fit
in the browser. The default is
List display = ID, Date, <all attributs>
-
Which displays the message number, date, and all attributes. The display
+
+ Which displays the message number, date, and all attributes. The display
of the message body is controlled by the Display mode and
Summary lines options. If a search goes over "all
logbooks", an additional colums with the logbook name of each entry is added in
@@ -1293,7 +1322,8 @@ List display = ID, Date, <all attributs>
$message id: The message ID
-
+
+
A typical example would be
Thread display = $subject, posted by $author on $entry time
@@ -1327,7 +1357,8 @@ Thread display = $subject, posted by $author on $entry time
$message id: The message ID
-
+
+
A typical example would be
RSS Title = $subject, posted by $author on $entry time
@@ -1387,12 +1418,14 @@ RSS Title = $subject, posted by $author on $entry time
$shell(<command>): <command> gets passed to the
operating system shell and the result is taken for substitution.
-
+
+
Following example use this feature to add the remote host name to the
author:
Subst Author = $author from $remote_host
-
+
+
Following example substitutes an attribute with the contents of a
file:
@@ -1407,19 +1440,22 @@ Subst Author = $author from $remote_host
statement
Subst Number = XYZ-#####
-
results in automatically created attributes "Number" of the form
+
+ results in automatically created attributes "Number" of the form
XYZ-00001
XYZ-00002
XYZ-00003
-
and so on. In addition to the #'s one may specify format specifiers which
+
+ and so on. In addition to the #'s one may specify format specifiers which
are passed to the
strftime function. This allows to create tags wich contain the
current year, month and so on. Once the date part of the attribute
changes, the index restarts from one. The statement
Subst Number = XYZ-%Y-%b-###
-
results in automatically created attributes "Number" of the form
+
+ results in automatically created attributes "Number" of the form
XYZ-2005-Oct-001
XYZ-2005-Oct-002
@@ -1595,8 +1631,8 @@ Style importance severe = background-color:red
For possible formattings, please refer to some CSS documentation. You can
change the colors, font styles and sizes. The style is then valid for the
- whole row of that entry.
-
+ whole row of that entry.
+
For empty attributes one can specify "", such as
Style importance "" = background-color:red
@@ -1626,12 +1662,14 @@ Cell Style Status Under Process = background-color:yellow
http://any.company.com/telbook.cgi?search=<name>
-
where <name> has to be replaced by a search string. Now one can
+
+ where <name> has to be replaced by a search string. Now one can
construct an automatic telephonebook lookup with following options:
Attributes = Name, Telephone, ...
Display Telephone = <a href="http://any.company.com/telbook.cgi?search=$Name">$Name's telephone number</a>
-
The attribute Telephone is now automatically
+
+ The attribute Telephone is now automatically
constructed from the attribute Name and consists of a link
to the company's telephonebook. The advantage of this system is if the URL of
the telephonebook changes one day, only one statement in the config file has to
@@ -1658,7 +1696,8 @@ Display Telephone = <a href="http://any.company.com/telbook.cgi?search=$Name"
writes a notification into some file:
Execute new = echo "New message wiht ID $message id of type $type from $long_name on $remote_host" >> /tmp/elog.log
-
+
+
It should be noted that this feature can impose a security problem. If
someone can edit the elogd.cfg through the Config
command of elogd, that person can put malicious code into elogd.cfg and
@@ -1687,7 +1726,8 @@ Execute new = echo "New message wiht ID $message id of type $type from $long_nam
ID display = TAG-$message id
- would display the entry ID as "TAG-1","TAG-2", ... and so on.
+
+ would display the entry ID as "TAG-1","TAG-2", ... and so on.
Prepend on reply = <string>
@@ -1723,7 +1763,8 @@ ID display = TAG-$message id
together with other attributes, since it is sorted as the primary
key anyhow.
-
+
+
Conditional attributes
@@ -2240,12 +2281,12 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c}
Beside the Kerberos authentication, elogd version 3.0 and higher can be configured to accept a authentication done
by the webserver.
+
-
Authentication = Webserver
-
You can also combine it with other authentication methods as shown for Kerberos.
@@ -2260,7 +2301,8 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c}
LDAP (lightweight Directory Access Protocol) has been implemented by
- vykozlov in a separate branch at https://github.com/vykozlov/elog-ldap. The code has been merged into this distribution on
+ vykozlov in a separate branch at https://github.com/vykozlov/elog-ldap.
+ The code has been merged into this distribution on
an as-is basis. Following info has copied from the link above:
@@ -2296,7 +2338,8 @@ Options Location = Main Building{a}, New Building{b}, Old Building{c}
PAM authentication
-PAM (Pluggable authentication modules) support has been implemented by Jan Christoph Terasa as a separate branch at https://bitbucket.org/ritt/elog/branch/pam.
+ PAM (Pluggable authentication modules) support has been implemented by Jan Christoph Terasa as a separate branch at
+ https://bitbucket.org/ritt/elog/branch/pam.
To use PAM in elogd, do the following:
@@ -2304,7 +2347,8 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
-
- Compile
elogd with PAM support, by either setting USE_PAM = 1 in the Makefile, or by specifying it when invoking make
+ Compile elogd with PAM support, by either setting USE_PAM = 1 in the
+ Makefile, or by specifying it when invoking make
-
Enable PAM authentication in
elogd.cfg:
@@ -2313,16 +2357,25 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
Password file = elogd.passwdSelf register = 3
- The Password file is used to store the user names and email addresses of PAM authenticated users, since this information can not be (universally) requested via PAM. For security reasons the password file does not store a hash of the user password.
+ The Password file is used to store the user names and email addresses of PAM authenticated
+ users, since this information can not be (universally) requested via PAM. For security reasons the password file
+ does not store a hash of the user password.
Self registration has to be enabled (Self register ≥ 1) to use PAM authentication.
- To be able to use PAM, the PAM module in elogd needs to be able to access the authentication facilities on the system (e.g. be able to read /etc/shadow). This can be achieved by either running elogd as root, or by specifying the appropriate SUID/GUID values for the binary.
- WARNING: When running elogd as root, be careful when using the -x option to enable execution of commands via $shell, since the commands will be executed using the access rights of the user running elogd!
+ To be able to use PAM, the PAM module in elogd needs to be able to access the authentication
+ facilities on the system (e.g. be able to read /etc/shadow). This can be achieved by either running
+ elogd as root, or by specifying the appropriate SUID/GUID values for the
+ binary.
+ WARNING: When running elogd as root, be careful when using the -x option
+ to enable execution of commands via $shell, since the commands will be executed using the access
+ rights of the user running elogd!
+
- Please note that it is not possible to change the PAM password within ELOG. Instead, please use the available methods on the system
+ Please note that it is not possible to change the PAM password within ELOG. Instead, please use the available methods
+ on the system
@@ -2412,7 +2465,7 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
for the "From:" field in the email. Since more and more email
servers do not accept invalid "From:" addresses in order to reduce
spam mail, it might be important that a "real" email address is used in
- the "From:" field. If Use Email From is
+ the "From:" field. If Use Email From is
present, it is always used. If not, the email address of the currently
logged in user is used for the "From:" field. If no user is logged
in, or the current user has not specified a email address in the password
@@ -2442,7 +2495,7 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
- The option Use Email URL = <URL> can be used to
+ The option Use Email URL = <URL> can be used to
set the URL of the ELOG logbook used in email notifications. This can be
useful if no URL = ... statement is used form some
reason.
@@ -2542,7 +2595,7 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
Allowed encoding = <n>
- Allowed encoding options. <n> can be the sum of
+ Allowed encoding options. <n> can be the sum of
following flags:
- 1 : Plain
@@ -2553,7 +2606,7 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
To allow plain and HTML encoding for example, set
- <n> to 5. Default is 7. Note that
+ <n> to 5. Default is 7. Note that
allowing HTML encoding may cause some security risk, since an elog
entry may contain malicious scripting code. It should therefor only
be allowed for installations where it is really needed and with no
@@ -2625,7 +2678,8 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
64: Send names of optional attachments
- So to send for example only the attributes and the URL, set
+
+ So to send for example only the attributes and the URL, set
<n> to 6. Default is 63 (send everything).
@@ -2640,7 +2694,8 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
4 : Full HTML page as shown in elog
- So to send email in plain text and full HTML, set <n> to
+
+ So to send email in plain text and full HTML, set <n> to
5. Some email clients have the possibility then to switch from
one view to the other. Default is 2.
@@ -2704,7 +2759,8 @@ PAM (Pluggable authentication modules) support has been implemented by Jan Chris
3: Messages and replies are displayed together with the full
message body.
- The default is 1.
+
+ The default is 1.
Hidden = 0|1
@@ -3076,7 +3132,8 @@ elogd -v -C http://master.your.domain
Once every hour from 7:00 to 18:00 from Monday to Friday
-
+
+
Valid ranges for each value are:
@@ -3121,7 +3178,8 @@ elogd -v -C http://master.your.domain
0-6 with 0=Sunday, 1=Monday, etc.
-
+
+
If mirroring is turned on, it is advisable to use the
Logfile = option to turn on logging, so that
diff --git a/src/elogd.c b/src/elogd.c
index 98f47c43..ddf5f829 100755
--- a/src/elogd.c
+++ b/src/elogd.c
@@ -10026,16 +10026,31 @@ void show_edit_form(LOGBOOK * lbs, int message_id, BOOL breply, BOOL bedit, BOOL
}
/* check for editing interval */
- if (bedit && getcfg(lbs->name, "Restrict edit time", str, sizeof(str))) {
- for (i = 0; i < *lbs->n_el_index; i++)
- if (lbs->el_index[i].message_id == message_id)
- break;
+ if (is_admin_user(lbs, getparam("unm"))) {
+ if (bedit && getcfg(lbs->name, "Admin Restrict edit time", str, sizeof(str))) {
+ for (i = 0; i < *lbs->n_el_index; i++)
+ if (lbs->el_index[i].message_id == message_id)
+ break;
- if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600) {
- sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
- show_error(str);
- xfree(text);
- return;
+ if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600 && atof(str) > 0) {
+ sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
+ show_error(str);
+ xfree(text);
+ return;
+ }
+ }
+ } else {
+ if (bedit && getcfg(lbs->name, "Restrict edit time", str, sizeof(str))) {
+ for (i = 0; i < *lbs->n_el_index; i++)
+ if (lbs->el_index[i].message_id == message_id)
+ break;
+
+ if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600) {
+ sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
+ show_error(str);
+ xfree(text);
+ return;
+ }
}
}
@@ -23113,15 +23128,29 @@ void submit_elog(LOGBOOK * lbs)
/* check for editing interval */
- if (bedit && getcfg(lbs->name, "Restrict edit time", str, sizeof(str))) {
- for (i = 0; i < *lbs->n_el_index; i++)
- if (lbs->el_index[i].message_id == atoi(getparam("edit_id")))
- break;
-
- if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600) {
- sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
- show_error(str);
- return;
+ if (is_admin_user(lbs, getparam("unm"))) {
+ if (bedit && getcfg(lbs->name, "Admin Restrict edit time", str, sizeof(str))) {
+ for (i = 0; i < *lbs->n_el_index; i++)
+ if (lbs->el_index[i].message_id == atoi(getparam("edit_id")))
+ break;
+
+ if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600 && atof(str) > 0) {
+ sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
+ show_error(str);
+ return;
+ }
+ }
+ } else {
+ if (bedit && getcfg(lbs->name, "Restrict edit time", str, sizeof(str))) {
+ for (i = 0; i < *lbs->n_el_index; i++)
+ if (lbs->el_index[i].message_id == atoi(getparam("edit_id")))
+ break;
+
+ if (i < *lbs->n_el_index && time(NULL) > lbs->el_index[i].file_time + atof(str) * 3600) {
+ sprintf(str, loc("Entry can only be edited %1.2lg hours after creation"), atof(str));
+ show_error(str);
+ return;
+ }
}
}