loncom/auth/loncacc.pm - view

File: [LON-CAPA] / loncom / auth / loncacc.pm
Revision 1.24: download - view: text, annotated - select for diffs
Tue Dec 10 20:37:21 2002 UTC (21 years, 4 months ago) by matthew
Branches: MAIN
CVS tags: version_0_6_2, version_0_6, HEAD

Remainder of fix for bug 262.  Do not allow editing of old versions of
resources in the construction space.

# The LearningOnline Network # Cookie Based Access Handler for Construction Area # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer) # # $Id: loncacc.pm,v 1.24 2002/12/10 20:37:21 matthew Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # # YEAR=2000 # 6/15,16/11,22/11, # YEAR=2001 # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26, # 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer # 12/21 Scott Harrison # YEAR=2002 # 1/4 Gerd Kortemeyer ### package Apache::loncacc; use strict; use Apache::Constants qw(:common :http :methods); use Apache::File; use CGI::Cookie(); use Fcntl qw(:flock); sub constructaccess { my ($url,$ownerdomain)=@_; my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)/); unless (($ownername) && ($ownerdomain)) { return ''; } # We do not allow editing of previous versions of files. if ($url=~/\.(\d+)\.(\w+)$/) { return ''; } if (($ownername eq $ENV{'user.name'}) && ($ownerdomain eq $ENV{'user.domain'})) { return ($ownername,$ownerdomain); } my $capriv='user.priv.ca./'. $ownerdomain.'/'.$ownername.'./'. $ownerdomain.'/'.$ownername; foreach (keys %ENV) { if ($_ eq $capriv) { return ($ownername,$ownerdomain); } } return ''; } sub handler { my $r = shift; my $requrl=$r->uri; $ENV{'request.editurl'}=$requrl; my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); my $lonid=$cookies{'lonID'}; my $cookie; if ($lonid) { my $handle=$lonid->value; $handle=~s/\W//g; my $lonidsdir=$r->dir_config('lonIDsDir'); if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { my @profile; { my $idf=Apache::File->new("$lonidsdir/$handle.id"); flock($idf,LOCK_SH); @profile=<$idf>; $idf->close(); } my $envi; for ($envi=0;$envi<=$#profile;$envi++) { chomp($profile[$envi]); my ($envname,$envvalue)=split(/=/,$profile[$envi]); $ENV{$envname} = $envvalue; } $ENV{'user.environment'} = "$lonidsdir/$handle.id"; $ENV{'request.state'} = "construct"; $ENV{'request.filename'} = $r->filename; unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) { $r->log_reason("Unauthorized $requrl", $r->filename); return HTTP_NOT_ACCEPTABLE; } # -------------------------------------------------------- Load POST parameters my $buffer; $r->read($buffer,$r->header_in('Content-length')); unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) { my @pairs=split(/&/,$buffer); my $pair; foreach $pair (@pairs) { my ($name,$value) = split(/=/,$pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; &Apache::loncommon::add_to_env("form.$name",$value); } } else { my $contentsep=$1; my @lines = split (/\n/,$buffer); my $name=''; my $value=''; my $fname=''; my $fmime=''; my $i; for ($i=0;$i<=$#lines;$i++) { if ($lines[$i]=~/^$contentsep/) { if ($name) { chomp($value); if ($fname) { $ENV{"form.$name.filename"}=$fname; $ENV{"form.$name.mimetype"}=$fmime; } else { $value=~s/\s+$//s; } &Apache::loncommon::add_to_env("form.$name",$value); } if ($i<$#lines) { $i++; $lines[$i]=~ /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i; $name=$1; $value=''; if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) { $fname=$1; if ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) { $fmime=$1; $i++; } else { $fmime=''; } } else { $fname=''; $fmime=''; } $i++; } } else { $value.=$lines[$i]."\n"; } } } $ENV{'request.method'}=$ENV{'REQUEST_METHOD'}; $r->method_number(M_GET); $r->method('GET'); $r->headers_in->unset('Content-length'); return OK; } else { $r->log_reason("Cookie $handle not valid", $r->filename) }; } # ----------------------------------------------- Store where they wanted to go $ENV{'request.firsturl'}=$requrl; return FORBIDDEN; } 1; __END__ =head1 NAME Apache::lonacc - Cookie Based Access Handler for Construction Area =head1 SYNOPSIS Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf: PerlAccessHandler Apache::loncacc =head1 INTRODUCTION This module enables cookie based authentication for construction area and is used to control access for three (essentially equivalent) URIs. <LocationMatch "^/priv.*"> <LocationMatch "^/\~.*"> <LocationMatch "^/\~.*/$"> Whenever the client sends the cookie back to the server, if the cookie is missing or invalid, the user is re-challenged for login information. This is part of the LearningOnline Network with CAPA project described at http://www.lon-capa.org. =head1 HANDLER SUBROUTINE This routine is called by Apache and mod_perl. =over 4 =item * load POST parameters =item * store where they wanted to go (first url entered) =back =head1 OTHERSUBROUTINES =over 4 =item * constructaccess($url,$ownerdomain) : See if the owner domain and name in the URL match those in the expected environment. If so, return two element list ($ownername,$ownerdomain). Else, return null string. =back =cut