Re: [rt-users] sendmail error (exited with code 75) - RHEL6
2012/9/12 Thomas Sibley t...@bestpractical.com
On 09/05/2012 10:21 AM, Raphaël Berlamont wrote:
Well! Very, very strange behaviour that I can't explain : the
/tmp/sendmail-stdin filled by tee is fulfilled all the time, but when I
encounter the bug, nothing appear in the file!
Can you modify the script (and go back to sendmailpipe) with this added
line?
echo === START $$ /tmp/sendmail-lsof
lsof -d^mem,^cwd,^txt,^rtd -a -p $$ /tmp/sendmail-lsof
echo === END $$ /tmp/sendmail-lsof
and then send us the output when you encounter the problem?
Thank you for your concern Thomas.
Here is the modified script :
###
#!/bin/bash
TMP_FILE=/tmp/sendmail-stdin
TMP_LSOF_FILE=/tmp/sendmail-lsof
DATUM=`date +%Y%m%d-%H%M%S`
echo =NEW SENDMAIL CALL=== ${TMP_LSOF_FILE}
echo ${DATUM} ${TMP_LSOF_FILE}
echo === START $$ ${TMP_LSOF_FILE}
lsof -d^mem,^cwd,^txt,^rtd -a -p $$ ${TMP_LSOF_FILE}
echo === END $$ ${TMP_LSOF_FILE}
echo =NEW SENDMAIL CALL=== ${TMP_FILE}
echo ${DATUM} ${TMP_FILE}
echo MESSAGE BEGIN ${TMP_FILE}
exec tee -a ${TMP_FILE} | /usr/sbin/sendmail.real $@
echo MESSAGE ENDED ${TMP_FILE}
echo ${DATUM} ${TMP_FILE}
echo ==END SENDMAIL CALL== ${TMP_FILE}
Here are the sendmail-stdin log, showing a bad behavior, for 3 mails in a
row :
=NEW SENDMAIL CALL===
20120913-110049
MESSAGE BEGIN
MESSAGE ENDED
20120913-110049
==END SENDMAIL CALL==
=NEW SENDMAIL CALL===
20120913-110049
MESSAGE BEGIN
MESSAGE ENDED
20120913-110049
==END SENDMAIL CALL==
=NEW SENDMAIL CALL===
20120913-110049
MESSAGE BEGIN
MESSAGE ENDED
20120913-110049
==END SENDMAIL CALL==
#
And here is the sendmail-lsof of the corresponding messages :
#
=NEW SENDMAIL CALL===
20120913-110049
=== START 18686
COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME
sendmail 18686 apache1r FIFO0,8 0t0 1982013 pipe
sendmail 18686 apache2w REG 253,0 1940786 144696
/var/log/httpd/error_log
sendmail 18686 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail
=== END 18686
=NEW SENDMAIL CALL===
20120913-110049
=== START 18693
COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME
sendmail 18693 apache1r FIFO0,8 0t0 1982078 pipe
sendmail 18693 apache2w REG 253,0 1941340 144696
/var/log/httpd/error_log
sendmail 18693 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail
=== END 18693
=NEW SENDMAIL CALL===
20120913-110049
=== START 18700
COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME
sendmail 18700 apache1r FIFO0,8 0t0 1982130 pipe
sendmail 18700 apache2w REG 253,0 1941912 144696
/var/log/httpd/error_log
sendmail 18700 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail
=== END 18700
#
I returned to SMTP until sendmailpipe work again...
Thanks,
--
Raphaël Berlamont
Final RT training for 2012 in Atlanta, GA - October 23 24
http://bestpractical.com/training
We're hiring! http://bestpractical.com/jobs
[rt-users] rt4 log rotation
Hi guys, does anyone of you configured log rotation for rt4 logs? thanks, Pedro. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] rt4 log rotation
On 13/09/2012 11:22, Pedro Albuquerque wrote: Hi guys, does anyone of you configured log rotation for rt4 logs? At Sanger, RT logs through apache's normal logging mechanisms, and therefore our normal Debian/Ubuntu log rotation takes care of it. Come round and see me if you want to see out config... we're only a few yards away! Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] rt4 log rotation
I did it by configuring /etc/logrotate.conf See man logrotate Alberto Scotto Blue Reply Via Cardinal Massaia, 83 10147 - Torino - ITALY phone: +39 011 29100 al.sco...@reply.it www.reply.it [Blue] From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Pedro Albuquerque Sent: giovedì 13 settembre 2012 12:22 To: rt-users@lists.bestpractical.com Subject: [rt-users] rt4 log rotation Hi guys, does anyone of you configured log rotation for rt4 logs? thanks, Pedro. -- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. inline: blue.png Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] rt4 log rotation
thanks, I'll do that way. On 13/09/2012 11:47, Scotto Alberto wrote: I did it by configuring /etc/logrotate.conf See man logrotate Alberto Scotto Blue Reply Via Cardinal Massaia, 83 10147 - Torino - ITALY phone: +39 011 29100 al.sco...@reply.it www.reply.it From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Pedro Albuquerque Sent: gioved 13 settembre 2012 12:22 To: rt-users@lists.bestpractical.com Subject: [rt-users] rt4 log rotation Hi guys, does anyone of you configured log rotation for rt4 logs? thanks, Pedro. -- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] Limit user in a perl script
Hi!
I try to search for users with no connections to any ticket and no
connection to any attachments to delete them later.
I can't use rt-shredder directly ;-)
I try this:
...
my $user = RT::User-new($RT::SystemUser);
my $users = RT::Users-new($RT::SystemUser);
my $tix = RT::Tickets-new($RT::SystemUser);
$users-FindAllRows ;
while (my $uid = $users-next ) {
my $tickets = RT::Tickets-new($RT::SystemUser);
$user-Load($uid);
$tickets-FromSQL('
Type = ticket AND
Watcher ='.$user-EmailAddress.'');
Delete_User if ! $tickets-Count();
...
But takes much time (about 10s per user ) in my system for every user.
~500.000 tickets
~ 61.100 users
Is there a better method to limit the user with no tickets and no
attachments?
Cheers,
Björn
Final RT training for 2012 in Atlanta, GA - October 23 24
http://bestpractical.com/training
We're hiring! http://bestpractical.com/jobs
[rt-users] Searching for a tickets with a filename
Hello, I have a problem where I need to search for tickets by attached file name. I am doing this currently by doing a SQL search against the database. Is there a way to do this via the API that I am missing? Thanks Robert Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] Custom fields and single/multiple entry
Hi, I've had two requests from different groups that work with a particular database system here. They each want a custom field which links to ids in this other database. All nice and easy to do. The problem is, that one of them wants the CF to be single entry, and the other one wants the CF to be multiple entry. Is there a sensible way to achieve this, other than having two otherwise identical custom fields, differing only in whether they are single or multiple entry? Thanks, Tim -- The Wellcome Trust Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] sendmail error (exited with code 75) - RHEL6
On 09/13/2012 02:14 AM, Raphaël Berlamont wrote: And here is the sendmail-lsof of the corresponding messages : # === START 18686 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 18686 apache1r FIFO0,8 0t0 1982013 pipe sendmail 18686 apache2w REG 253,0 1940786 144696 /var/log/httpd/error_log sendmail 18686 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 18686 What does the sendmail-lsof file look like for a successful invocation of sendmail? Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] Searching for a tickets with a filename
On 09/13/2012 07:31 AM, Robert Blackwell wrote: I have a problem where I need to search for tickets by attached file name. I am doing this currently by doing a SQL search against the database. Is there a way to do this via the API that I am missing? The Query Builder and hence TicketSQL support Filename: Queue = 'rt3' and Filename LIKE '.patch' and Status != 'resolved' for example. You use $tickets-FromSQL(...) for TicketSQL via the API. You'll probably want to add an index against Filename if you can for better performance, but EXPLAIN your queries to see if that's necessary and how much it helps. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] sendmail error (exited with code 75) - RHEL6
2012/9/13 Thomas Sibley t...@bestpractical.com On 09/13/2012 02:14 AM, Raphaël Berlamont wrote: And here is the sendmail-lsof of the corresponding messages : # === START 18686 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 18686 apache1r FIFO0,8 0t0 1982013 pipe sendmail 18686 apache2w REG 253,0 1940786 144696 /var/log/httpd/error_log sendmail 18686 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 18686 What does the sendmail-lsof file look like for a successful invocation of sendmail? On a working sendmail call, it looks like this : # =NEW SENDMAIL CALL=== 20120913-095359 === START 17662 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 17662 apache0r FIFO0,8 0t0 1970074 pipe sendmail 17662 apache1w FIFO0,8 0t0 1970075 pipe sendmail 17662 apache2w REG 253,0 1878695 144696 /var/log/httpd/error_log sendmail 17662 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 17662 # On a non-working sendmail call, we have only one pipe process : # =NEW SENDMAIL CALL=== 20120913-095159 === START 17601 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 17601 apache1r FIFO0,8 0t0 1969455 pipe sendmail 17601 apache2w REG 253,0 1871756 144696 /var/log/httpd/error_log sendmail 17601 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 17601 # -- Raphaël Berlamont Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] Searching for a tickets with a filename
This works great! Is this a supported field in simple search? Ex: Filename:filename.txt Robert On Thu, Sep 13, 2012 at 12:37 PM, Thomas Sibley t...@bestpractical.com wrote: On 09/13/2012 07:31 AM, Robert Blackwell wrote: I have a problem where I need to search for tickets by attached file name. I am doing this currently by doing a SQL search against the database. Is there a way to do this via the API that I am missing? The Query Builder and hence TicketSQL support Filename: Queue = 'rt3' and Filename LIKE '.patch' and Status != 'resolved' for example. You use $tickets-FromSQL(...) for TicketSQL via the API. You'll probably want to add an index against Filename if you can for better performance, but EXPLAIN your queries to see if that's necessary and how much it helps. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] Searching for a tickets with a filename
On 09/13/2012 09:53 AM, Robert Blackwell wrote: This works great! Is this a supported field in simple search? Ex: Filename:filename.txt It isn't. The simple search (RT::Search::Googleish) is designed to be cleanly extendable however, and adding support for it would be a fairly simple overlay. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] sendmail error (exited with code 75) - RHEL6
On 09/13/2012 09:49 AM, Raphaël Berlamont wrote: On a working sendmail call, it looks like this : # =NEW SENDMAIL CALL=== 20120913-095359 === START 17662 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 17662 apache0r FIFO0,8 0t0 1970074 pipe sendmail 17662 apache1w FIFO0,8 0t0 1970075 pipe sendmail 17662 apache2w REG 253,0 1878695 144696 /var/log/httpd/error_log sendmail 17662 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 17662 # On a non-working sendmail call, we have only one pipe process : # =NEW SENDMAIL CALL=== 20120913-095159 === START 17601 COMMANDPID USER FD TYPE DEVICE SIZE/OFFNODE NAME sendmail 17601 apache1r FIFO0,8 0t0 1969455 pipe sendmail 17601 apache2w REG 253,0 1871756 144696 /var/log/httpd/error_log sendmail 17601 apache 255r REG 253,0 687 24192 /usr/sbin/sendmail === END 17601 # FD 0 (normally STDIN) is non-existant, and FD 1 (normally STDOUT) is read not write. Can you save as HTML your RT System Configuration page and send it? It automatically redacts passwords, but if you don't want to send it to the list send it to me directly. Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] Adding it as a 'Requestor' would create a mail loop
hi All, Please cc my address as I'm not an active reader of the list. I upgraded an RT system from v3.6 (Ubuntu 10.04) to 4.0.6 (Ubuntu 12.04). Admin user can create ticket, but normal user receives this error message: u...@domain.com is an address RT receives mail at. Adding it as a 'Requestor' would create a mail loop The correspond address is of course something else: Set($CorrespondAddress , 'r...@domain.com'); Set($CommentAddress , 'rt-comm...@domain.com'); I really don't see, what the reason is. Thanks in advance, tamas Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] RT Documentation Now Online
All of the documentation which ships with RT is now published online in an easily browsable format: http://bestpractical.com/rt/docs Read our full blog post for all the details: http://blog.bestpractical.com/2012/09/rt-documentation-now-online.html Even though this documentation has been public and available for years, publishing it to the web site gives it a new level of visibility. This shows where our docs need some work (yes, we see it too). We'll continue to improve, correct, and add to the documentation over time. You can help by submitting documentation patches if you find areas that could be improved or are incorrect. Part of the published doc includes instructions for getting started contributing patches [1]. You can also browse the code and doc on Github [2] and use their web editing feature to make changes and submit pull requests easily. We hope you find the online documentation useful. Let us know what you think. [1] http://bestpractical.com/rt/docs/latest/hacking [2] http://github.com/bestpractical/rt Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
[rt-users] Alfresco integration
Hi Guys, I am working on integrating RT with Alfresco and I am having some difficulties with authentication. Essentially my requirement is that we can get something very similar to the saved search dashlet from RT into an Alfresco Share dashlet. As the two services are not hosted on the same box I am using the REST API to do this. In my original testing, using a REST client rather than a browser, I was able to follow the wiki instructions to download a cookie for my user, save it and pass it in the request, this works fine. When I came to trying to implement this in code I hit two problems, one is figuring out how I can send the cookie with xmlhttprequest (this is not the normal javascript xmlHttpRequest, rather Nathan McMinn's contributed class from http://www.unorganizedmachines.com/site/software-and-technology/34-software-development/97-calling-web-services-from-alfresco-web-scripts). The second issue is that to get the cookie in the first place I need the plaintext password of the user. For now I have developed my dashlet using a newly created user: RESTuser, who has very restricted rights to actually affect tickets but can see them from all queue's. I pass the user and pass values for this user with the request (which I know is entirely insecure, however at least in this case the javascript is server side). This is OK for the time being as RT and Alfresco still see very restricted use within the company, however before we go production I need this to be set up in such a way that the tickets someone views in their dashlet are ticket's that their user account has rights to view. Both Alfresco and RT authenticate off the same AD so the usernames will always be the same. I see a few possible ways to implement this. First to mind is that I could attempt to make a change to the REST interface allowing me to add a get parameter like restrictUser=JohnDoe and have RT do the rights calculation. Or I could attempt to build in some logic into the Share dashlet to at least filter by queue based on Alfresco security groups, but keeping the non-AD groups synced between RT and Alf feels like a nightmare waiting to happen. So does anyone see an easier way to figure this out? I am leaning towards the former of the two options above but I am just getting my foot into the perl pool so I am not sure how successful I'll be. Regards Chris O'Kelly Web Administrator Minecorp Australia 37 Murdoch Circuit Acacia Ridge QLD 4110 minecorp.com.auhttp://www.minecorp.com.au P: 07 3723 1000 M: 0450 586 190 E: chris.oke...@minecorp.com.aumailto:chris.oke...@minecorp.com.au S: chris.okelly.mvshttp://skype.com [http://oi46.tinypic.com/mw8nbd.jpg] Final RT training for 2012 in Atlanta, GA - October 23 24 http://bestpractical.com/training We're hiring! http://bestpractical.com/jobs
Re: [rt-users] Alfresco integration
Hello,
Just a quick followup, having done some more work on this: I think I am getting
a little closer here but I am still running up against some problems. I have
modified REST/1.0/search/ticket as follows:
%ARGS
$restrictUser = undef
$query
$format = undef
$orderby = undef
$fields = undef
/%ARGS
%INIT
use RT::Interface::REST;
my $output = ;
my $status = 200 Ok;
my $user = new RT::User;
$user-Load($restrictUser) if ( defined $restrictUser );
$user = $session{CurrentUser} unless ( $user-Id );
my $tickets = RT::Tickets-new($user);
There are no changes anywhere further down in the file. The error message I am
getting is:
RT/4.0.6 400 Bad request
Invalid query: 'No currentuser at
/var/www/ticket.obfuscated.com/sbin/../lib/RT/Base.pm line 139.
RT::Base::loc('RT::User=HASH(0x7f14e81bff60)', 'Valid Query')
called at /var/www/ticket.obfuscated.com/sbin/../lib/RT/Base.pm line 135
RT::Base::loc('RT::Tickets=HASH(0x7f14e81c0068)', 'Valid
Query') called at /var/www/ticket.obfuscated.com/sbin/../lib/RT/Tickets_SQL.pm
line 339
RT::Tickets::FromSQL('RT::Tickets=HASH(0x7f14e81c0068)',
'queue=\'ithelp\'') called at
/var/www/ticket.obfuscated.com/share/html/REST/1.0/search/ticket line 93
eval {...} called at
/var/www/ticket.obfuscated.com/share/html/REST/1.0/search/ticket line 92
HTML::Mason::Commands::__ANON__('pass', 'obfuscated', 'query',
'queue=\'ithelp\'', 'restrictUser', 'chriso', 'user', 'chriso') called at
/usr/local/share/perl/5.10.1/HTML/Mason/Component.pm line 138
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x637c348)',
'pass', 'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso',
'user', 'chriso', ...) called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1305
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1295
HTML::Mason::Request::comp(undef, undef, undef, 'pass',
'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso', ...)
called at /usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 958
HTML::Mason::Request::call_next('RT::Interface::Web::Request=HASH(0x610a820)')
called at /var/www/ticket.obfuscated.com/share/html/REST/1.0/autohandler line 54
HTML::Mason::Commands::__ANON__('pass', 'obfuscated', 'query',
'queue=\'ithelp\'', 'restrictUser', 'chriso', 'user', 'chriso') called at
/usr/local/share/perl/5.10.1/HTML/Mason/Component.pm line 138
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x638c730)',
'pass', 'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso',
'user', 'chriso', ...) called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1305
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1295
HTML::Mason::Request::comp(undef, undef, undef, 'pass',
'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso', ...)
called at /var/www/ticket.obfuscated.com/sbin/../lib/RT/Interface/Web.pm line
568
RT::Interface::Web::ShowRequestedPage('HASH(0x6386cc0)') called
at /var/www/ticket.obfuscated.com/sbin/../lib/RT/Interface/Web.pm line 318
RT::Interface::Web::HandleRequest('HASH(0x6386cc0)') called at
/var/www/ticket.obfuscated.com/share/html/autohandler line 53
HTML::Mason::Commands::__ANON__('pass', 'obfuscated', 'query',
'queue=\'ithelp\'', 'restrictUser', 'chriso', 'user', 'chriso') called at
/usr/local/share/perl/5.10.1/HTML/Mason/Component.pm line 138
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0x638d0c0)',
'pass', 'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso',
'user', 'chriso', ...) called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1300
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 1295
HTML::Mason::Request::comp(undef, undef, undef, 'pass',
'obfuscated', 'query', 'queue=\'ithelp\'', 'restrictUser', 'chriso', ...)
called at /usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 484
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 484
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/Request.pm line 436
HTML::Mason::Request::exec('RT::Interface::Web::Request=HASH(0x610a820)')
called at /usr/local/share/perl/5.10.1/HTML/Mason/PSGIHandler.pm line 85
eval {...} called at
/usr/local/share/perl/5.10.1/HTML/Mason/PSGIHandler.pm line 85
HTML::Mason::Request::PSGI::exec('RT::Interface::Web::Request=HASH(0x610a820)')
called at /usr/local/share/perl/5.10.1/HTML/Mason/Interp.pm line 345
HTML::Mason::Interp::exec(undef, undef, 'pass', 'obfuscated',
'query',
Re: [rt-users] Alfresco integration
Hi All,
I've figured it out, I had been using the RT::User object class where I should
have been using RT::CurrentUser. A little more thought about what I was
implementing also alerted me to the fact that what I am building is a possible
security hole.
I'll repeat that in case anyone has found this on google and plans to use it:
THIS CODE IS A POSSIBLE SECURITY FLAW! THINK LONG AND HARD!
Anyhoo, I'm fairly sure I understand and have addressed the security issues
here, so here's how I sorted this out for myself:
In .../share/html/REST/1.0/search/ticket, changed the first few lines as such:
%ARGS
$restrictUser = undef
$query
$format = undef
$orderby = undef
$fields = undef
/%ARGS
%INIT
use RT::Interface::REST;
my $output = ;
my $status = 200 Ok;
my $user = new RT::User;
my $current_user_obj = $session{CurrentUser};
if (lc $current_user_obj-UserObj-Name eq restuser)
{
$user-Load($restrictUser) if ( defined $restrictUser );
}
$user = $session{CurrentUser} unless ( $user-Id );
my $current_user = RT::CurrentUser-new( $user );
my $tickets = RT::Tickets-new($current_user);
# Parse and validate any field specifications.
...(the rest of the file)
Now, just to point out and make absolutely clear, the possible security flaw
here is that a user can view tickets they do not have the right to see. In this
case I have circumvented this by only making use of $restrictUser when the
logged in user is RestUser. As I am the only one who knows the password for
restUser this functionality will only be accessible in scripts that I have
created and setup to use RestUser.
I'd very much appreciate, if anyone can see any further security holes or other
bugs with what I've done, if you'd let me know.
Regards
Chris O'Kelly
Web Administrator
Minecorp Australia
37 Murdoch Circuit
Acacia Ridge QLD 4110
minecorp.com.auhttp://www.minecorp.com.au
P: 07 3723 1000
M: 0450 586 190
E: chris.oke...@minecorp.com.aumailto:chris.oke...@minecorp.com.au
S: chris.okelly.mvshttp://skype.com
[http://oi46.tinypic.com/mw8nbd.jpg]
Final RT training for 2012 in Atlanta, GA - October 23 24
http://bestpractical.com/training
We're hiring! http://bestpractical.com/jobs
