summary
index.cgi : displays which groups your are part of.
It has links to other parts of the system.
admin.cgi : has two main parts:
- add
Lets you add a user. Takes 'real name', 'username', 'password' and 'groups'. Checks if:
- real name is > 0
- username is > 3
- password is > 6
- $user is allowed to add new users to groups
- modify
Lists all members who are in $user's groups, only those who are with: view permissions or both view and admin; not if a $username is just an admin. Select a username and click on either of:
- modify
- password - only username 'ripe' can change other's password. Each user can change their own password.
- groups - lists all the groups that $username is currently in and then lists all groups that you admin. If you leave all groups unselected, it will remove $username from the groups that you admin. If $username is not a member of any groups after you modify details, it will ask you if you want to delete it.
- delete - deletes a $username without asking for confirmation
- showall - lists all usernames, their names and groups. Pick one from the list and click on modify. See above.
addgroup.cgi : is a file which lets user RIPE add a new TT box to the list. Has two main parts:
- groups
lets user RIPE add a new group (new TT box). Checks if:
- group starts with tt
- option to add location details. doesn't check for any particular format.
- lists all the current groups
- checks if a group already exists before creating it
- location
lets user RIPE change the location details of groups. It:
- lists all current test boxes. check the radio button next to the name and then on the 'Change Location' button to go to next step.
- next step just asks you to enter new location and then you submit it.
showloc.cgi : is a file that just displays current groups and locations of the box
If you are part of a ttxx group then you're just a user. If you're part of a ttxx_admin group then you have admin right for that group.
How does it work?
First, there's the root directory with the above scripts, and a .htaccess file which looks like:
AuthType Basic
AuthDBUserFile /var/www/conf/tt/dbmpasswd
AuthDBGroupFile /var/www/conf/tt/dbmgroup
AuthName "Test Traffic"
Require valid-user
AddHandler cgi-script cgi
DirectoryIndex index.cgi index.html
Options ExecCGI
Then there is a directory called ttaccess which has three files: dbmpasswd, dbmgroup, dbmname and dbmloc.
- dbmpasswd has the username and encrypted password and is used directly by apache for user authentication. Its two fields are:
- dbmgroup has the username and the group memberships and is used directly by apache for matching the ttxx directory permissions. dbmgroup is also used by CGIs to decide who can do what. Its two fields are:
- dbmname has the real name of user. Its two fields are:
- dbmname has the locations of the groups. Its two fields are:
- These dbm files are in standard unix db/dbm binary format.
There is one apache directive in httpd.conf allowing use of .htaccess files in the /tt tree.
<Directory "name of directory in httpd.conf that ops set up">
AllowOverride All
</Directory>
Then there are subdirectories of /tt root, called ttxx. Each ttxx directory has a .htaccess file that looks like:
AuthType Basic
AuthDBUserFile /var/www/conf/tt/dbmpasswd
AuthDBGroupFile /var/www/conf/tt/dbmgroup
AuthName "Test Traffic"
Require group tt01
The only thing that varies is the "Require group" line.
In each ttxx there's at the moment index.html. If you are not a part of that group then you won't be able to view it. Try changing the url to a different ttxx directory and see what happens. At the moment there are three ttxx directories: tt01, tt06 and tt33.
If you want to make use of this mechanism for other scripts, all that's needed is the remote user variable from the standard apache environment.
TODO
1,. perhaps merge showloc.cgi and index.cgi so that all the names are shown on the first page..
keep in mind that showloc.cgi lists every group that user RIPE is in. If we were to modify
index.cgi to show locations, it should only show the group that that user is in and then just
have that link to showloc.cgi which shows them all.
2. make use of SSI so that it looks like the rest of RIPE NCC pages.
3. make it all look nicer.