让 Python CGI 调用 Perl CGI,传递原始信息(以限制对登录用户搜索私人 Mailman 档案)
我需要有一个Python CGI 脚本做一些事情(一些安全检查),然后最终调用一个Perl CGI 脚本,将它收到的任何内容(例如,POST 信息)传递到Perl 脚本上。
作为背景,我这样做的原因是我试图将 Swish 搜索与 Mailman 列表档案集成起来。
Swish 搜索使用 swish.cgi(一个 Perl 脚本),但因为这些是私人列表档案,所以我不能允许人们按照本页上的建议直接调用 swish.cgi: http://wpkg.org/Integrating_Mailman_with_a_Swish-e_search_engine#Mailman_configuration
我相信我需要做的是让Mailman“私有”cgi-bin 文件(写为在 Python 中)进行定期安全检查(调用一些 Mailman/python 模块),然后调用 swish.cgi 进行搜索(在验证用户位于邮件列表中之后)。
本质上,我认为最简单的解决方案就是使用标准 mailman cgi-bin/private Python 脚本的变体来保护对 swish.cgi Perl 脚本的访问。
(我考虑过人们可以使用不受保护的 swish.cgi 进行搜索,并且人们无法查看完整的结果,因为这些帖子在默认的 Mailman 设置中已经受到密码保护......但问题是即使在搜索结果中显示 Swish 帖子摘录也可能会暴露机密信息,因此我必须将搜索本身的访问权限限制为仅订阅者。)
如果有人更好地了解如何在不执行 Python-CGI 的情况下解决整个问题-调用-Perl-CGI 我很乐意将其视为“答案”。
只需知道我的目标是对标准 Mailman 安装进行少量(最好是没有)更改。复制“私有”cgi-bin 脚本(其来源为 mailman-2.1.12/Mailman/Cgi/private.py)并进行更改以调用 swish.cgi 很酷,但修改现有的私有 cgi-bin 脚本则不行真的很酷。
这是我测试答案的方法(使用 os.execv 将 python 脚本替换为 perl 脚本,以便 perl 脚本将继承 python 脚本的环境):
我创建了一个 pythontest 脚本:
import os
os.environ['FOO'] = 'BAR'
mydir = os.path.dirname(os.environ.get('SCRIPT_FILENAME'))
childprog = mydir + '/perltest'
childargs = []
os.execv(childprog, childargs)
然后是 perltest 脚本:
print "Content-type: text/html\n\n";
while (($key,$value) = each %ENV) {
print "<p>$key=$value</p>\n";
}
然后我调用 http ://myserver.com/cgi-bin/pythontest 并看到环境打印输出包含自定义 FOO 变量,因此子 perltest 进程已成功继承了所有环境变量。
I need to have a Python CGI script do some stuff (a little bit of security checking), and then end up calling a Perl CGI script, passing anything it received (e.g., POST info) onto the Perl script.
For background, my reason for doing this is that I'm trying to integrate Swish searching with Mailman list archives.
Swish searching uses swish.cgi, a Perl script, but because these are private list archives I can't just allow people to call swish.cgi directly as recommended on this page: http://wpkg.org/Integrating_Mailman_with_a_Swish-e_search_engine#Mailman_configuration
I believe what I need to do is have the Mailman "private" cgi-bin file (written in Python) do its regular security checking (which calls a few Mailman/python modules) and THEN call on swish.cgi to do the search (after having verified that the user is on the mailing list).
Essentially, I believe the simplest solution would just be to protect access to the swish.cgi Perl script with a variant of the standard mailman cgi-bin/private Python script.
(I considered the idea that people could search with a non-protected swish.cgi, and people wouldn't be able to view the full results because those posts are already password-protected by default Mailman setup... but the problem is that even showing the Swish post excerpts in the search results could expose confidential information, so I must restrict access to even the search itself to just subscribers.)
If someone has a better idea of how to solve the overall problem without doing the Python-CGI-calls-Perl-CGI I'll be happy to consider that the "answer".
Just know that my goal is to make little (ideally no) changes to the standard Mailman installation. Copying the "private" cgi-bin script (whose source is mailman-2.1.12/Mailman/Cgi/private.py) and making changes to call swish.cgi is cool, but modifying the existing private cgi-bin script wouldn't really be cool.
Here's what I did to test the answer (using os.execv to replace the python script with the perl script, so that the perl script will inherit the python script's environment):
I created a pythontest script with:
import os
os.environ['FOO'] = 'BAR'
mydir = os.path.dirname(os.environ.get('SCRIPT_FILENAME'))
childprog = mydir + '/perltest'
childargs = []
os.execv(childprog, childargs)
Then a perltest script with:
print "Content-type: text/html\n\n";
while (($key,$value) = each %ENV) {
print "<p>$key=$value</p>\n";
}
Then I called http://myserver.com/cgi-bin/pythontest and saw that the environment printout included the custom FOO variable so the child perltest process had successfully inherited all the environment variables.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我只是在这里陈述显而易见的事情,因为我对您的具体环境没有任何详细的了解。
如果您的 python 脚本是真正的 CGI 而不是 mod_python 脚本或类似脚本,那么它只是为处理一个请求而生成的常规进程。您可以使用os.execv将其替换为另一个进程(例如perl CGI),新进程将继承当前进程的环境,stdin,stdout 和
stderr。这假设您不需要读取stdin进行安全检查。它还可能取决于您的 CGI 是否在受限环境中运行。execv具有潜在危险,在这种环境中可能会被阻止。如果您在 mod_python 环境中运行,或者需要查看发布的数据(即
stdin),则 execv 方法不适合您。您有两个主要选择。您可以直接运行 perl CGI(例如,查看
subprocess模块),为其提供正确的环境并将正确的数据提供给其stdin。您可以将stdout原始(或根据需要经过处理)返回的数据直接返回到 Web 服务器。否则,您可以发出本地 Web 请求来运行 CGI。这可能需要较少的服务器设置知识,但需要在 python CGI 中进行更多的工作来发出和处理 HTTP 请求。
I'm just going to state the obvious here because I don't have any detailed knowledge about your specific environment.
If your python script is a genuine CGI and not a mod_python script or similar then it is just a regular process spawned to handle the one request. You can use
os.execvto replace it with another process (e.g. the perl CGI) and the new process will inherit the current process' environment,stdin,stdoutandstderr. This assumes that you don't need to readstdinfor your security checks. It may also depend on whether your CGI is running in a restricted environment.execvis potentially dangerous and might be blocked in such an environment.If you're running from a mod_python environment or if you need to peek at posted data (i.e.
stdin) then the execv approach isn't available to you. You have two main alternatives.You could run the perl CGI directly (e.g. look at the
subprocessmodule) handing it a correct environment and feeding it the correct data to itsstdin. You can the spool the returned data from itsstdoutraw (or cooked if needed) directly back to the web server.Otherwise, you could make a local web request to run the CGI. This is likely to require a bit less knowledge about the server setup, but a bit more work in the python CGI to make and handle the HTTP request.