Annotation of loncom/auth/lonacc.pm, revision 1.34

1.1       albertel    1: # The LearningOnline Network
                      2: # Cookie Based Access Handler
1.22      www         3: #
1.34    ! www         4: # $Id: lonacc.pm,v 1.33 2002/06/15 19:45:26 www Exp $
1.22      www         5: #
                      6: # Copyright Michigan State University Board of Trustees
                      7: #
                      8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                      9: #
                     10: # LON-CAPA is free software; you can redistribute it and/or modify
                     11: # it under the terms of the GNU General Public License as published by
                     12: # the Free Software Foundation; either version 2 of the License, or
                     13: # (at your option) any later version.
                     14: #
                     15: # LON-CAPA is distributed in the hope that it will be useful,
                     16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     18: # GNU General Public License for more details.
                     19: #
                     20: # You should have received a copy of the GNU General Public License
                     21: # along with LON-CAPA; if not, write to the Free Software
                     22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     23: #
                     24: # /home/httpd/html/adm/gpl.txt
                     25: #
                     26: # http://www.lon-capa.org/
                     27: #
1.25      harris41   28: # YEAR=1999
1.4       www        29: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
1.25      harris41   30: # YEAR=2000
1.14      www        31: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
1.17      www        32: # 12/25,12/26,
1.25      harris41   33: # YEAR=2001
1.23      www        34: # 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
1.25      harris41   35: # 12/15 Scott Harrison
1.26      www        36: # YEAR=2002
1.27      www        37: # 1/4,2/25 Gerd Kortemeyer
1.25      harris41   38: #
                     39: ###
1.1       albertel   40: 
                     41: package Apache::lonacc;
                     42: 
                     43: use strict;
1.8       www        44: use Apache::Constants qw(:common :http :methods);
1.2       www        45: use Apache::File;
1.6       www        46: use Apache::lonnet;
1.25      harris41   47: use Apache::loncommon();
1.1       albertel   48: use CGI::Cookie();
1.16      www        49: use Fcntl qw(:flock);
1.1       albertel   50: 
                     51: sub handler {
                     52:     my $r = shift;
                     53:     my $requrl=$r->uri;
                     54:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
                     55:     my $lonid=$cookies{'lonID'};
                     56:     my $cookie;
                     57:     if ($lonid) {
                     58: 	my $handle=$lonid->value;
                     59:         $handle=~s/\W//g;
                     60:         my $lonidsdir=$r->dir_config('lonIDsDir');
                     61:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.6       www        62: 
                     63: # ------------------------------------------- Transfer profile into environment
                     64: 
1.2       www        65:             my @profile;
                     66: 	    {
                     67:              my $idf=Apache::File->new("$lonidsdir/$handle.id");
1.16      www        68:              flock($idf,LOCK_SH);
1.2       www        69:              @profile=<$idf>;
1.16      www        70:              $idf->close();
1.2       www        71: 	    }
                     72:             my $envi;
                     73:             for ($envi=0;$envi<=$#profile;$envi++) {
                     74: 		chomp($profile[$envi]);
                     75: 		my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9       www        76:                 $ENV{$envname} = $envvalue;
1.2       www        77:             }
1.9       www        78:             $ENV{'user.environment'} = "$lonidsdir/$handle.id";
1.18      www        79:             if ($requrl=~/^\/res\//) {
1.17      www        80:                $ENV{'request.state'} = "published";
                     81: 	    } else {
                     82: 	       $ENV{'request.state'} = 'unknown';
                     83:             }
1.9       www        84:             $ENV{'request.filename'} = $r->filename;
1.12      www        85: 
1.6       www        86: # -------------------------------------------------------- Load POST parameters
                     87: 
1.8       www        88: 
                     89:            
1.14      www        90:         my $buffer;
1.6       www        91: 
1.14      www        92:         $r->read($buffer,$r->header_in('Content-length'));
                     93: 
                     94: 	unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5       www        95:             my @pairs=split(/&/,$buffer);
1.6       www        96:             my $pair;
1.5       www        97:             foreach $pair (@pairs) {
1.6       www        98:                my ($name,$value) = split(/=/,$pair);
                     99:                $value =~ tr/+/ /;
                    100:                $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10      www       101:                $name  =~ tr/+/ /;
                    102:                $name  =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.28      albertel  103: 	       &Apache::loncommon::add_to_env("form.$name",$value);
1.6       www       104:             }
1.14      www       105:         } else {
                    106: 	    my $contentsep=$1;
                    107:             my @lines = split (/\n/,$buffer);
                    108:             my $name='';
                    109:             my $value='';
                    110:             my $fname='';
                    111:             my $fmime='';
                    112:             my $i;
                    113:             for ($i=0;$i<=$#lines;$i++) {
                    114: 		if ($lines[$i]=~/^$contentsep/) {
                    115: 		    if ($name) {
                    116:                         chomp($value);
                    117: 			if ($fname) {
                    118: 			    $ENV{"form.$name.filename"}=$fname;
                    119:                             $ENV{"form.$name.mimetype"}=$fmime;
1.15      www       120:                         } else {
                    121:                             $value=~s/\s+$//s;
1.14      www       122:                         }
1.28      albertel  123: 			&Apache::loncommon::add_to_env("form.$name",$value);
1.14      www       124:                     }
                    125:                     if ($i<$#lines) {
                    126: 			$i++;
                    127:                         $lines[$i]=~
                    128: 		 /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
                    129:                         $name=$1;
                    130:                         $value='';
                    131:                         if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
                    132: 			   $fname=$1;
                    133:                            if 
                    134:                             ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
                    135: 			      $fmime=$1;
                    136:                               $i++;
                    137: 			   } else {
                    138:                               $fmime='';
                    139:                            }
                    140:                         } else {
                    141: 			    $fname='';
                    142:                             $fmime='';
                    143:                         }
                    144:                         $i++;
                    145:                     }
                    146:                 } else {
                    147: 		    $value.=$lines[$i]."\n";
                    148:                 }
                    149:             }
                    150: 	}
1.26      www       151: 	    $ENV{'request.method'}=$ENV{'REQUEST_METHOD'};
1.8       www       152:             $r->method_number(M_GET);
                    153: 	    $r->method('GET');
                    154:             $r->headers_in->unset('Content-length');
1.6       www       155: 
                    156: # ---------------------------------------------------------------- Check access
                    157: 
                    158:             if ($requrl!~/^\/adm\//) {
1.7       www       159: 		my $access=&Apache::lonnet::allowed('bre',$requrl);
                    160:                 if ($access eq '1') {
                    161: 		   $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
                    162: 	           return HTTP_NOT_ACCEPTABLE; 
                    163:                 }
                    164:                 if (($access ne '2') && ($access ne 'F')) {
                    165: 		   $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
                    166: 	           return HTTP_NOT_ACCEPTABLE; 
                    167:                 }
1.23      www       168:             }
                    169: # ------------------------------------------------------------- This is allowed
                    170:           if ($ENV{'request.course.id'}) {
1.24      www       171: 	    &Apache::lonnet::countacc($requrl);
1.23      www       172:             $requrl=~/\.(\w+)$/;
1.25      harris41  173:             if (&Apache::loncommon::fileembstyle($1) eq 'ssi') {
1.23      www       174: # ------------------------------------- This is serious stuff, get symb and log
1.29      www       175: 		my $query=$r->args;
                    176:                 my $symb;
                    177:                 if ($query) {
                    178: 		    &Apache::loncommon::get_unprocessed_cgi($query,['symb']);
                    179:                 }
                    180:                 if ($ENV{'form.symb'}) {
1.31      www       181: 		    $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
                    182:                     if (&Apache::lonnet::symbverify($symb,$requrl)) {
                    183:                       my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
                    184:                       &Apache::lonnet::symblist($map,$murl => $mid,
                    185:                                                'last_known' => $murl);
                    186: 		    } else {
                    187: 			$r->log_reason('Invalid symb for '.$requrl.': '.
                    188:                                        $symb);
                    189: 		        $ENV{'user.error.msg'}=
                    190:                                 "$requrl:bre:1:1:Invalid Access";
                    191:   	                return HTTP_NOT_ACCEPTABLE; 
                    192:                     }
1.29      www       193:                 } else {
                    194: 	            $symb=&Apache::lonnet::symbread;
                    195:                 }
1.23      www       196:                 $ENV{'request.symb'}=$symb;
                    197:                 &Apache::lonnet::courseacclog($symb);
                    198:             } else {
                    199: # ------------------------------------------------------- This is other content
                    200:                 &Apache::lonnet::courseacclog($requrl);    
                    201:             }
                    202: 	  }
1.2       www       203:             return OK; 
1.1       albertel  204:         } else { 
1.5       www       205:             $r->log_reason("Cookie $handle not valid", $r->filename) 
1.1       albertel  206:         };
                    207:     }
1.6       www       208: 
1.21      www       209: # -------------------------------------------- See if this is a public resource
                    210:     if (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') {
                    211:         &Apache::lonnet::logthis('Granting public access: '.$requrl);
                    212: 	$ENV{'user.name'}='public';
                    213:         $ENV{'user.domain'}='public';
                    214:         $ENV{'request.state'} = "published";
                    215:         $ENV{'request.publicaccess'} = 1;
                    216:         $ENV{'request.filename'} = $r->filename;
                    217:         return OK;
                    218:     }
1.34    ! www       219: # -------------------------------------------------------------- Not authorized
        !           220:     $requrl=~/\.(\w+)$/;
        !           221:     if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
        !           222:         ($requrl=~/^\/adm\/(roles|logout)/)) {
        !           223: # -------------------------- Store where they wanted to go and get login screen
        !           224:        $ENV{'request.firsturl'}=$requrl;
        !           225:        return FORBIDDEN;
        !           226:    } else {
        !           227: # --------------------------------------------------------------------- Goodbye
        !           228:        return HTTP_BAD_REQUEST;
        !           229:    }
1.1       albertel  230: }
                    231: 
                    232: 1;
                    233: __END__
1.25      harris41  234: 
                    235: =head1 NAME
                    236: 
                    237: Apache::lonacc - Cookie Based Access Handler
                    238: 
                    239: =head1 SYNOPSIS
                    240: 
                    241: Invoked (for various locations) by /etc/httpd/conf/srm.conf:
                    242: 
                    243:  PerlAccessHandler       Apache::lonacc
                    244: 
                    245: =head1 INTRODUCTION
                    246: 
                    247: This module enables cookie based authentication and is used
                    248: to control access for many different LON-CAPA URIs.
                    249: 
                    250: Whenever the client sends the cookie back to the server, 
                    251: this cookie is handled by either lonacc.pm or loncacc.pm
                    252: (see srm.conf for what is invoked when).  If
                    253: the cookie is missing or invalid, the user is re-challenged
                    254: for login information.
                    255: 
                    256: This is part of the LearningOnline Network with CAPA project
                    257: described at http://www.lon-capa.org.
                    258: 
                    259: =head1 HANDLER SUBROUTINE
                    260: 
                    261: This routine is called by Apache and mod_perl.
                    262: 
                    263: =over 4
                    264: 
                    265: =item *
                    266: 
                    267: transfer profile into environment
                    268: 
                    269: =item *
                    270: 
                    271: load POST parameters
                    272: 
                    273: =item *
                    274: 
                    275: check access
                    276: 
                    277: =item *
                    278: 
                    279: if allowed, get symb, log, generate course statistics if applicable
                    280: 
                    281: =item *
                    282: 
                    283: otherwise return error
                    284: 
                    285: =item *
                    286: 
                    287: see if public resource
                    288: 
                    289: =item *
                    290: 
                    291: store attempted access
                    292: 
                    293: =back
                    294: 
                    295: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>