[BACK]Return to loncacc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/loncacc.pm between versions 1.7 and 1.61

version 1.7, 2000/07/01 17:57:01 version 1.61, 2013/06/04 23:12:13
Line 1 Line 1
 # The LearningOnline Network  # The LearningOnline Network
 # Cookie Based Access Handler for Construction Area  # Cookie Based Access Handler for Authoring Spaces
 # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)  # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
 # 6/15,16/11,22/11,  #
 # 01/06,01/11,6/1 Gerd Kortemeyer  # $Id$
   #
   # Copyright Michigan State University Board of Trustees
   #
   # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   #
   # LON-CAPA is free software; you can redistribute it and/or modify
   # it under the terms of the GNU General Public License as published by
   # the Free Software Foundation; either version 2 of the License, or
   # (at your option) any later version.
   #
   # LON-CAPA is distributed in the hope that it will be useful,
   # but WITHOUT ANY WARRANTY; without even the implied warranty of
   # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   # GNU General Public License for more details.
   #
   # You should have received a copy of the GNU General Public License
   # along with LON-CAPA; if not, write to the Free Software
   # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   #
   # /home/httpd/html/adm/gpl.txt
   #
   # http://www.lon-capa.org/
   #
   
   =pod
   
   =head1 NAME
   
   Apache::lonacc - Cookie Based Access Handler for Authoring Spaces 
   
   =head1 SYNOPSIS
   
   Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf:
   
    PerlAccessHandler       Apache::loncacc
   
   =head1 INTRODUCTION
   
   This module enables cookie based authentication for construction area
   and is used to control access for the following two types of URI 
   (one for files, and one for directories):
   
    <LocationMatch "^/priv.*">
    <LocationMatch "^/priv.*/$">
   
   Whenever the client sends the cookie back to the server, 
   if the cookie is missing or invalid, the user is re-challenged
   for login information.
   
   This is part of the LearningOnline Network with CAPA project
   described at http://www.lon-capa.org.
   
   =head1 HANDLER SUBROUTINE
   
   This routine is called by Apache and mod_perl.
   
   =over 4
   
   =item *
   
   load POST parameters
   
   =item *
   
   store where they wanted to go (first url entered)
   
   =back
   
   =cut
   
   
 package Apache::loncacc;  package Apache::loncacc;
   
 use strict;  use strict;
 use Apache::Constants qw(:common :http);  use Apache::Constants qw(:common :http :methods REDIRECT);
 use Apache::File;  use Fcntl qw(:flock);
 use CGI::Cookie();  use Apache::lonlocal;
   use Apache::lonnet;
   use Apache::lonacc;
   use LONCAPA qw(:DEFAULT :match);
   
 sub handler {  sub handler {
     my $r = shift;      my $r = shift;
     my $requrl=$r->uri;      my $requrl=$r->uri;
     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));      $env{'request.editurl'}=$requrl;
     my $lonid=$cookies{'lonID'};  
     my $cookie;      my $handle =  &Apache::lonnet::check_for_valid_session($r);
     if ($lonid) {      if ($handle ne '') {
  my $handle=$lonid->value;  
         $handle=~s/\W//g;  # ------------------------------------------------------ Initialize Environment
         my $lonidsdir=$r->dir_config('lonIDsDir');          my $lonidsdir=$r->dir_config('lonIDsDir');
         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {   &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
             my $ownername=$requrl;  
             $ownername=~s/\/\~(\w+).*/\1/;  # --------------------------------------------------------- Initialize Language
             my $ownerdomain=$r->dir_config('lonDefDomain');   
             my @handleparts=split(/\_/,$handle);   &Apache::lonlocal::get_language_handle($r);
             my $username=$handleparts[0];  
             my $domain=$handleparts[2];  # -------------------------------------------------------------- Resource State
             if (($username ne $ownername) || ($domain ne $ownerdomain)) {  
                 $r->log_reason   $env{'request.state'}    = "construct";
                    ("$username at $domain not authorized", $r->filename);    $env{'request.filename'} = $r->filename;
         return HTTP_NOT_ACCEPTABLE;  
             }   my $allowed;
             my @profile;   my ($ownername,$ownerdom,$ownerhome) = 
     {              &Apache::lonnet::constructaccess($requrl,'setpriv');
              my $idf=Apache::File->new("$lonidsdir/$handle.id");          if (($ownername ne '') && ($ownerdom ne '') && ($ownerhome ne '')) {
              @profile=<$idf>;              unless ($ownerhome eq 'no_host') {
     }                  my @hosts = &Apache::lonnet::current_machine_ids();
             my $envi;                  if (grep(/^\Q$ownerhome\E$/,@hosts)) {
             for ($envi=0;$envi<=$#profile;$envi++) {                      $allowed = 1;
  chomp($profile[$envi]);                  }
  my ($envname,$envvalue)=split(/=/,$profile[$envi]);  
                 $r->subprocess_env("$envname" => "$envvalue");  
             }              }
             $r->subprocess_env("user.environment" => "$lonidsdir/$handle.id",          }
                                "request.state"    => "construct",  
                                "request.filename" => $r->filename);          unless ($allowed) {
             my $buffer;      $r->log_reason("Unauthorized $requrl", $r->filename); 
             $r->read($buffer,$r->header_in('Content-length'));      return HTTP_NOT_ACCEPTABLE;
             my @pairs=split(/&/,$buffer);   }
             my $pair; my $name; my $value;  
             foreach $pair (@pairs) {  # -------------------------------------------------------- Load POST parameters
                ($name,$value) = split(/=/,$pair);  
                $value =~ tr/+/ /;   &Apache::lonacc::get_posted_cgi($r);
                $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;  
                $r->subprocess_env("form.$name" => $value);   return OK; 
             }       } else {
             return OK;    $r->log_reason("Cookie $handle not valid", $r->filename) 
         } else {   
             $r->log_reason("Cookie $handle not valid", $r->filename)   
         };  
     }      }
   
 # ----------------------------------------------- Store where they wanted to go  # ----------------------------------------------- Store where they wanted to go
   
     $ENV{'request.firsturl'}=$requrl;      $env{'request.firsturl'}=$requrl;
     return FORBIDDEN;      return FORBIDDEN;
 }  }
   
 1;  1;
 __END__  __END__
   
   
   
   
   
   
   
   
Removed from v.1.7  
changed lines
  Added in v.1.61

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>