loncom/auth/loncacc.pm - diff

Return to loncacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/loncacc.pm between versions 1.47 and 1.60

version 1.47, 2008/11/12 20:01:09	version 1.60, 2012/10/29 17:39:06
Line 42 Invoked (for various locations) by /etc/	Line 42 Invoked (for various locations) by /etc/
=head1 INTRODUCTION	=head1 INTRODUCTION

This module enables cookie based authentication for construction area	This module enables cookie based authentication for construction area
and is used to control access for three (essentially equivalent) URIs.	and is used to control access for the following two types of URI
	(one for files, and one for directories):

<LocationMatch "^/priv.*">	<LocationMatch "^/priv.*">
<LocationMatch "^/\~.*">	<LocationMatch "^/priv.*/$">
<LocationMatch "^/\~.*/$">

Whenever the client sends the cookie back to the server,	Whenever the client sends the cookie back to the server,
if the cookie is missing or invalid, the user is re-challenged	if the cookie is missing or invalid, the user is re-challenged
Line 71 store where they wanted to go (first url	Line 71 store where they wanted to go (first url

=back	=back

=head1 OTHERSUBROUTINES

=over 4

=item *

constructaccess($url,$ownerdomain) : See if the owner domain and name
in the URL match those in the expected environment. If so, return
two element list ($ownername,$ownerdomain). Else, return null string.

=back

=cut	=cut


Line 96 use Apache::lonnet;	Line 84 use Apache::lonnet;
use Apache::lonacc;	use Apache::lonacc;
use LONCAPA qw(:DEFAULT :match);	use LONCAPA qw(:DEFAULT :match);

sub constructaccess {
my ($url,$ownerdomain)=@_;
my ($ownername)=($url=~/\/(?:\~\|priv\/\|home\/)($match_username)\//);
unless (($ownername) && ($ownerdomain)) { return ''; }
# We do not allow editing of previous versions of files.
if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
my @possibledomains = &Apache::lonnet::current_machine_domains();
if ($ownername eq $env{'user.name'}) {
foreach my $domain (@possibledomains) {
if ($domain eq $env{'user.domain'}) {
return ($ownername,$domain);
}
}
}

foreach my $domain (@possibledomains) {
if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) \|\|
exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
return ($ownername,$domain);
}
}
return '';
}

sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requrl=$r->uri;	my $requrl=$r->uri;
Line 141 sub handler {	Line 105 sub handler {
$env{'request.state'} = "construct";	$env{'request.state'} = "construct";
$env{'request.filename'} = $r->filename;	$env{'request.filename'} = $r->filename;

unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {	my $allowed;
	my ($ownername,$ownerdom,$ownerhome) =
	&Apache::lonnet::constructaccess($requrl,'setpriv');
	if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
	unless ($ownerhome eq 'no_host') {
	my @hosts = &Apache::lonnet::current_machine_ids();
	if (grep(/^\Q$ownerhome\E$/,@hosts)) {
	$allowed = 1;
	}
	}
	}

	unless ($allowed) {
$r->log_reason("Unauthorized $requrl", $r->filename);	$r->log_reason("Unauthorized $requrl", $r->filename);
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
Line 151 sub handler {	Line 127 sub handler {
&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);

return OK;	return OK;
} else {	} else {
$r->log_reason("Cookie $handle not valid", $r->filename)	$r->log_reason("Cookie $handle not valid", $r->filename)
}	}

Line 164 sub handler {	Line 140 sub handler {
1;	1;
__END__	__END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.47
changed lines
	Added in v.1.60