loncom/auth/loncacc.pm - diff

Return to loncacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/loncacc.pm between versions 1.42 and 1.60

-version 1.42, 2006/11/23 01:49:41
+version 1.60, 2012/10/29 17:39:06
  Line 27
  # http://www.lon-capa.org/
  #
- package Apache::loncacc;
+ =pod
- use strict;
- use Apache::Constants qw(:common :http :methods REDIRECT);
- use CGI::Cookie();
- use Fcntl qw(:flock);
- use Apache::lonlocal;
- use Apache::lonnet;
- use Apache::lonacc;
- sub constructaccess {
-     my ($url,$ownerdomain)=@_;
-     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//);
-     unless (($ownername) && ($ownerdomain)) { return ''; }
-     # We do not allow editing of previous versions of files.
-     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
-     my @possibledomains = &Apache::lonnet::current_machine_domains();
-     if ($ownername eq $env{'user.name'}) {
- 	foreach my $domain (@possibledomains) {
- 	    if ($domain eq $env{'user.domain'}) {
- 		return ($ownername,$domain);
- 	    }
- 	}
-     }
-     foreach my $domain (@possibledomains) {
- 	if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
- 	    exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
- 	    return ($ownername,$domain);
- 	}
-     }
-     return '';
- }
- sub handler {
-     my $r = shift;
-     my $requrl=$r->uri;
-     $env{'request.editurl'}=$requrl;
-     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-     my $lonid=$cookies{'lonID'};
-     my $cookie;
-     if ($lonid) {
-       	my $handle=&LONCAPA::clean_handle($lonid->value);
-         my $lonidsdir=$r->dir_config('lonIDsDir');
-         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
- # ------------------------------------------------------ Initialize Environment
-             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
- # --------------------------------------------------------- Initialize Language
-  	    &Apache::lonlocal::get_language_handle($r);
- # -------------------------------------------------------------- Resource State
-             $env{'request.state'}    = "construct";
-             $env{'request.filename'} = $r->filename;
-             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
-                 $r->log_reason("Unauthorized $requrl", $r->filename);
- 	        return HTTP_NOT_ACCEPTABLE;
-             }
- # -------------------------------------------------------- Load POST parameters
- 	    &Apache::lonacc::get_posted_cgi($r);
-             return OK;
-         } else {
-             $r->log_reason("Cookie $handle not valid", $r->filename)
-         };
-     }
- # ----------------------------------------------- Store where they wanted to go
-     $env{'request.firsturl'}=$requrl;
-     return FORBIDDEN;
- }
-;
- __END__
  =head1 NAME
- Line 123  Invoked (for various locations) by /etc/
+ Line 42  Invoked (for various locations) by /etc/
  =head1 INTRODUCTION
  This module enables cookie based authentication for construction area
- and is used to control access for three (essentially equivalent) URIs.
+ and is used to control access for the following two types of URI
+ (one for files, and one for directories):
   <LocationMatch "^/priv.*">
-  <LocationMatch "^/\~.*">
+  <LocationMatch "^/priv.*/$">
-  <LocationMatch "^/\~.*/$">
  Whenever the client sends the cookie back to the server,
  if the cookie is missing or invalid, the user is re-challenged
- Line 152  store where they wanted to go (first url
+ Line 71  store where they wanted to go (first url
  =back
- =head1 OTHERSUBROUTINES
+ =cut
- =over 4
- =item *
+ package Apache::loncacc;
- constructaccess($url,$ownerdomain) : See if the owner domain and name
+ use strict;
- in the URL match those in the expected environment.  If so, return
+ use Apache::Constants qw(:common :http :methods REDIRECT);
- two element list ($ownername,$ownerdomain).  Else, return null string.
+ use Fcntl qw(:flock);
+ use Apache::lonlocal;
+ use Apache::lonnet;
+ use Apache::lonacc;
+ use LONCAPA qw(:DEFAULT :match);
- =back
+ sub handler {
+     my $r = shift;
+     my $requrl=$r->uri;
+     $env{'request.editurl'}=$requrl;
- =cut
+     my $handle =  &Apache::lonnet::check_for_valid_session($r);
+     if ($handle ne '') {
+ # ------------------------------------------------------ Initialize Environment
+         my $lonidsdir=$r->dir_config('lonIDsDir');
+ 	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+ # --------------------------------------------------------- Initialize Language
+ 	&Apache::lonlocal::get_language_handle($r);
+ # -------------------------------------------------------------- Resource State
+ 	$env{'request.state'}    = "construct";
+ 	$env{'request.filename'} = $r->filename;
+ 	my $allowed;
+ 	my ($ownername,$ownerdom,$ownerhome) =
+             &Apache::lonnet::constructaccess($requrl,'setpriv');
+         if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
+             unless ($ownerhome eq 'no_host') {
+                 my @hosts = &Apache::lonnet::current_machine_ids();
+                 if (grep(/^\Q$ownerhome\E$/,@hosts)) {
+                     $allowed = 1;
+                 }
+             }
+         }
+         unless ($allowed) {
+ 	    $r->log_reason("Unauthorized $requrl", $r->filename);
+ 	    return HTTP_NOT_ACCEPTABLE;
+ 	}
+ # -------------------------------------------------------- Load POST parameters
+ 	&Apache::lonacc::get_posted_cgi($r);
+ 	return OK;
+     } else {
+ 	$r->log_reason("Cookie $handle not valid", $r->filename)
+     }
+ # ----------------------------------------------- Store where they wanted to go
+     $env{'request.firsturl'}=$requrl;
+     return FORBIDDEN;
+ }
+;
+ __END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.42
changed lines
	Added in v.1.60