loncom/auth/loncacc.pm - view

File: [LON-CAPA] / loncom / auth / loncacc.pm
Revision 1.37: download - view: text, annotated - select for diffs
Fri Oct 29 20:44:30 2004 UTC (19 years, 7 months ago) by raeburn
Branches: MAIN
CVS tags: version_1_3_X, version_1_3_3, version_1_3_2, version_1_3_1, version_1_3_0, version_1_2_99_1, version_1_2_99_0, HEAD

Eliminate requirement for Remote Control when entering Construction Space.

1: # The LearningOnline Network 2: # Cookie Based Access Handler for Construction Area 3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer) 4: # 5: # $Id: loncacc.pm,v 1.37 2004/10/29 20:44:30 raeburn Exp $ 6: # 7: # Copyright Michigan State University Board of Trustees 8: # 9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA). 10: # 11: # LON-CAPA is free software; you can redistribute it and/or modify 12: # it under the terms of the GNU General Public License as published by 13: # the Free Software Foundation; either version 2 of the License, or 14: # (at your option) any later version. 15: # 16: # LON-CAPA is distributed in the hope that it will be useful, 17: # but WITHOUT ANY WARRANTY; without even the implied warranty of 18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19: # GNU General Public License for more details. 20: # 21: # You should have received a copy of the GNU General Public License 22: # along with LON-CAPA; if not, write to the Free Software 23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24: # 25: # /home/httpd/html/adm/gpl.txt 26: # 27: # http://www.lon-capa.org/ 28: # 29: # YEAR=2000 30: # 6/15,16/11,22/11, 31: # YEAR=2001 32: # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26, 33: # 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer 34: # YEAR=2002 35: # 1/4 Gerd Kortemeyer 36: ### 37: 38: package Apache::loncacc; 39: 40: use strict; 41: use Apache::Constants qw(:common :http :methods REDIRECT); 42: use Apache::File; 43: use CGI::Cookie(); 44: use Fcntl qw(:flock); 45: use Apache::lonlocal; 46: use Apache::lonnet(); 47: 48: 49: sub constructaccess { 50: my ($url,$ownerdomain)=@_; 51: my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//); 52: unless (($ownername) && ($ownerdomain)) { return ''; } 53: # We do not allow editing of previous versions of files. 54: if ($url=~/\.(\d+)\.(\w+)$/) { return ''; } 55: my @possibledomains = &Apache::lonnet::current_machine_domains(); 56: if ($ownername eq $ENV{'user.name'}) { 57: foreach my $domain (@possibledomains) { 58: if ($domain eq $ENV{'user.domain'}) { 59: return ($ownername,$domain); 60: } 61: } 62: } 63: 64: foreach my $domain (@possibledomains) { 65: my $capriv='user.priv.ca./'.$domain.'/'.$ownername.'./'; 66: foreach (keys %ENV) { 67: if ($_ eq $capriv) { 68: return ($ownername,$domain); 69: } 70: } 71: } 72: return ''; 73: } 74: 75: sub handler { 76: my $r = shift; 77: my $requrl=$r->uri; 78: $ENV{'request.editurl'}=$requrl; 79: my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); 80: my $lonid=$cookies{'lonID'}; 81: my $cookie; 82: if ($lonid) { 83: my $handle=$lonid->value; 84: $handle=~s/\W//g; 85: my $lonidsdir=$r->dir_config('lonIDsDir'); 86: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { 87: 88: # ------------------------------------------------------ Initialize Environment 89: 90: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); 91: 92: # --------------------------------------------------------- Initialize Language 93: 94: &Apache::lonlocal::get_language_handle($r); 95: 96: # -------------------------------------------------------------- Resource State 97: 98: $ENV{'request.state'} = "construct"; 99: $ENV{'request.filename'} = $r->filename; 100: 101: unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) { 102: $r->log_reason("Unauthorized $requrl", $r->filename); 103: return HTTP_NOT_ACCEPTABLE; 104: } 105: 106: # -------------------------------------------------------- Load POST parameters 107: 108: &Apache::loncommon::get_posted_cgi($r); 109: 110: return OK; 111: } else { 112: $r->log_reason("Cookie $handle not valid", $r->filename) 113: }; 114: } 115: 116: # ----------------------------------------------- Store where they wanted to go 117: 118: $ENV{'request.firsturl'}=$requrl; 119: return FORBIDDEN; 120: } 121: 122: 1; 123: __END__ 124: 125: =head1 NAME 126: 127: Apache::lonacc - Cookie Based Access Handler for Construction Area 128: 129: =head1 SYNOPSIS 130: 131: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf: 132: 133: PerlAccessHandler Apache::loncacc 134: 135: =head1 INTRODUCTION 136: 137: This module enables cookie based authentication for construction area 138: and is used to control access for three (essentially equivalent) URIs. 139: 140: <LocationMatch "^/priv.*"> 141: <LocationMatch "^/\~.*"> 142: <LocationMatch "^/\~.*/$"> 143: 144: Whenever the client sends the cookie back to the server, 145: if the cookie is missing or invalid, the user is re-challenged 146: for login information. 147: 148: This is part of the LearningOnline Network with CAPA project 149: described at http://www.lon-capa.org. 150: 151: =head1 HANDLER SUBROUTINE 152: 153: This routine is called by Apache and mod_perl. 154: 155: =over 4 156: 157: =item * 158: 159: load POST parameters 160: 161: =item * 162: 163: store where they wanted to go (first url entered) 164: 165: =back 166: 167: =head1 OTHERSUBROUTINES 168: 169: =over 4 170: 171: =item * 172: 173: constructaccess($url,$ownerdomain) : See if the owner domain and name 174: in the URL match those in the expected environment. If so, return 175: two element list ($ownername,$ownerdomain). Else, return null string. 176: 177: =back 178: 179: =cut 180: 181: 182: 183: 184: 185: 186: