--- nmz_wrapper.cgi 2006-10-20 00:42:56.000000000 +0200 +++ /home/namazu/bin/search.py 2006-12-08 17:04:20.007486426 +0100 @@ -1,24 +1,65 @@ #!/usr/bin/python +# A slightly modified version of Lindsay Haisley's (fmouse@fmp.com) +# nmz_wrapper.cgi script (as of 2006-12-05). +# Authentication added (... err... shamelessly stolen from +# Mailman/Cgi/private.py) by Gabor Kiss +# + import os import sys -import pwd import cgi +import urllib + +namazucgi = "/usr/lib/cgi-bin/namazu.cgi" + +sys.path.append("/usr/lib/mailman") +from Mailman import MailList +from Mailman import mm_cfg def openlist(lname): # See if we have a valid list identified by idxname - global real_name, list_info, internal_name, idxpath, rcpath, mlist + global real_name, list_info, internal_name, idxpath, rcfile, mlist + global preferred_language try: - mlist = MailList.MailList(list_name, lock=False) + mlist = MailList.MailList(lname, lock=False) except MailList.Errors.MMUnknownListError: - error_nolist(idxname) - + error_nolist(lname) + return 0 real_name = mlist.real_name + preferred_language = mlist.preferred_language list_info = mlist.web_page_url + "listinfo" internal_name = mlist.internal_name() - idxpath = nmz_home + "/" + internal_name - rcpath = idxpath + "/.namazurc" + idxpath = "/var/lib/namazu/mailman/" + internal_name + rcfile = idxpath + "/namazurc" + + if not mlist.archive_private: + return 1 # Public archive + + # Authentication + cgidata = cgi.FieldStorage() + username = cgidata.getvalue('username', '') + password = cgidata.getvalue('password', '') + + if not mlist.WebAuthenticate((mm_cfg.AuthUser,), password, username): + error_no_access() + return 0 + + return 1 + +def error_no_access(): + print"""Content-type: text/html + + + + + Unauthorized access + + + You have no permission to search this list + +""" def unsearchable(rn, li): print"""Content-type: text/html @@ -77,14 +118,10 @@ """ % (marker) -mm_home = pwd.getpwnam("mailman")[5] -nmz_home = pwd.getpwnam("nmz")[5] -sys.path.append(mm_home) -from Mailman import MailList - +def main(): if type(os.getenv("QUERY_STRING")) == type(None) or os.getenv("QUERY_STRING") == "": error_no_qs() - sys.exit(0) + return # Get the query string, parse out the internal name of the list # and check for other required information @@ -94,58 +131,69 @@ query_string = cgi.parse_qs(os.getenv("QUERY_STRING")) except AttributeError: error_invalid_qs(1) - sys.exit(0) + return + + try: + query_string["idxname"][0] = query_string["idxname"][0].lower() + os.putenv("QUERY_STRING", urllib.urlencode(query_string,True)) + except: + print >>sys.stderr, "Cannot change QUERY_STRING" + return try: list_name = query_string["idxname"][0] except KeyError: error_invalid_qs(2) - sys.exit(0) + return try: query_string["query"][0] except KeyError: - openlist(list_name) - if os.access(idxpath, os.R_OK): + # No query. + # Let's allow namazu.cgi to print its "usage" page. + if not openlist(list_name): + return + if os.access(idxpath, os.R_OK) and os.access(rcfile, os.R_OK): os.environ.update({"QUERY_STRING": ""}) - os.environ.update({"NAMAZURC": rcpath}) - print "Executing namazu.cgi" - os.execl("/usr/libexec/namazu.cgi","/usr/libexec/namazu.cgi") + os.environ.update({"NAMAZURC": rcfile}) + os.environ.update({"LANG": preferred_language}) + os.execl(namazucgi,namazucgi) else: unsearchable(real_name, list_info) - sys.exit(0) - + return try: query_string["submit"][0] except KeyError: error_invalid_qs(4) - sys.exit(0) + return + return try: query_string["max"][0] except KeyError: error_invalid_qs(5) - sys.exit(0) + return try: query_string["result"][0] except KeyError: error_invalid_qs(6) - sys.exit(0) + return try: query_string["sort"][0] except KeyError: error_invalid_qs(7) - sys.exit(0) + return -openlist(list_name) + if not openlist(list_name): + return -if os.access(idxpath, os.R_OK): - os.environ.update({"NAMAZURC": rcpath}) - os.execl("/usr/libexec/namazu.cgi","/usr/libexec/namazu.cgi") + if os.access(idxpath, os.R_OK) and os.access(rcfile, os.R_OK): + os.environ.update({"NAMAZURC": rcfile}) + os.environ.update({"LANG": preferred_language}) + os.execl(namazucgi,namazucgi) else: unsearchable(real_name, list_info) - sys.exit(0) - + return