loncom/auth/loncacc.pm - view

File: [LON-CAPA] / loncom / auth / loncacc.pm
Revision 1.34: download - view: text, annotated - select for diffs
Mon Feb 2 18:50:21 2004 UTC (20 years, 3 months ago) by albertel
Branches: MAIN
CVS tags: version_1_2_X, version_1_2_1, version_1_2_0, version_1_1_99_5, version_1_1_99_4, version_1_1_99_3, version_1_1_99_2, version_1_1_99_1, version_1_1_99_0, HEAD

- BUG#2692, log spew

1: # The LearningOnline Network 2: # Cookie Based Access Handler for Construction Area 3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer) 4: # 5: # $Id: loncacc.pm,v 1.34 2004/02/02 18:50:21 albertel Exp $ 6: # 7: # Copyright Michigan State University Board of Trustees 8: # 9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA). 10: # 11: # LON-CAPA is free software; you can redistribute it and/or modify 12: # it under the terms of the GNU General Public License as published by 13: # the Free Software Foundation; either version 2 of the License, or 14: # (at your option) any later version. 15: # 16: # LON-CAPA is distributed in the hope that it will be useful, 17: # but WITHOUT ANY WARRANTY; without even the implied warranty of 18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19: # GNU General Public License for more details. 20: # 21: # You should have received a copy of the GNU General Public License 22: # along with LON-CAPA; if not, write to the Free Software 23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 24: # 25: # /home/httpd/html/adm/gpl.txt 26: # 27: # http://www.lon-capa.org/ 28: # 29: # YEAR=2000 30: # 6/15,16/11,22/11, 31: # YEAR=2001 32: # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26, 33: # 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer 34: # YEAR=2002 35: # 1/4 Gerd Kortemeyer 36: ### 37: 38: package Apache::loncacc; 39: 40: use strict; 41: use Apache::Constants qw(:common :http :methods REDIRECT); 42: use Apache::File; 43: use CGI::Cookie(); 44: use Fcntl qw(:flock); 45: use Apache::lonlocal; 46: use Apache::lonnet(); 47: 48: 49: sub constructaccess { 50: my ($url,$ownerdomain)=@_; 51: my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//); 52: unless (($ownername) && ($ownerdomain)) { return ''; } 53: # We do not allow editing of previous versions of files. 54: if ($url=~/\.(\d+)\.(\w+)$/) { return ''; } 55: my @possibledomains = &Apache::lonnet::current_machine_domains(); 56: if ($ownername eq $ENV{'user.name'}) { 57: foreach my $domain (@possibledomains) { 58: if ($domain eq $ENV{'user.domain'}) { 59: return ($ownername,$domain); 60: } 61: } 62: } 63: 64: foreach my $domain (@possibledomains) { 65: my $capriv='user.priv.ca./'.$domain.'/'.$ownername.'./'; 66: foreach (keys %ENV) { 67: if ($_ eq $capriv) { 68: return ($ownername,$domain); 69: } 70: } 71: } 72: return ''; 73: } 74: 75: sub handler { 76: my $r = shift; 77: my $requrl=$r->uri; 78: $ENV{'request.editurl'}=$requrl; 79: my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); 80: my $lonid=$cookies{'lonID'}; 81: my $cookie; 82: if ($lonid) { 83: my $handle=$lonid->value; 84: $handle=~s/\W//g; 85: my $lonidsdir=$r->dir_config('lonIDsDir'); 86: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { 87: 88: # ------------------------------------------------------ Initialize Environment 89: 90: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); 91: 92: # --------------------------------------------------------- Initialize Language 93: 94: &Apache::lonlocal::get_language_handle($r); 95: 96: # -------------------------------------------------------------- Resource State 97: 98: $ENV{'request.state'} = "construct"; 99: $ENV{'request.filename'} = $r->filename; 100: 101: unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) { 102: $r->log_reason("Unauthorized $requrl", $r->filename); 103: return HTTP_NOT_ACCEPTABLE; 104: } 105: # Construction space needs Remote to work 106: if ($ENV{'environment.remote'} eq 'off') { 107: $r->content_type('text/html'); 108: $r->header_out(Location => 109: 'http://'.$r->server->server_hostname. 110: '/adm/remote?action=launch&url='. 111: &Apache::lonnet::escape($requrl)); 112: return REDIRECT; 113: } 114: 115: # -------------------------------------------------------- Load POST parameters 116: 117: &Apache::loncommon::get_posted_cgi($r); 118: 119: return OK; 120: } else { 121: $r->log_reason("Cookie $handle not valid", $r->filename) 122: }; 123: } 124: 125: # ----------------------------------------------- Store where they wanted to go 126: 127: $ENV{'request.firsturl'}=$requrl; 128: return FORBIDDEN; 129: } 130: 131: 1; 132: __END__ 133: 134: =head1 NAME 135: 136: Apache::lonacc - Cookie Based Access Handler for Construction Area 137: 138: =head1 SYNOPSIS 139: 140: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf: 141: 142: PerlAccessHandler Apache::loncacc 143: 144: =head1 INTRODUCTION 145: 146: This module enables cookie based authentication for construction area 147: and is used to control access for three (essentially equivalent) URIs. 148: 149: <LocationMatch "^/priv.*"> 150: <LocationMatch "^/\~.*"> 151: <LocationMatch "^/\~.*/$"> 152: 153: Whenever the client sends the cookie back to the server, 154: if the cookie is missing or invalid, the user is re-challenged 155: for login information. 156: 157: This is part of the LearningOnline Network with CAPA project 158: described at http://www.lon-capa.org. 159: 160: =head1 HANDLER SUBROUTINE 161: 162: This routine is called by Apache and mod_perl. 163: 164: =over 4 165: 166: =item * 167: 168: load POST parameters 169: 170: =item * 171: 172: store where they wanted to go (first url entered) 173: 174: =back 175: 176: =head1 OTHERSUBROUTINES 177: 178: =over 4 179: 180: =item * 181: 182: constructaccess($url,$ownerdomain) : See if the owner domain and name 183: in the URL match those in the expected environment. If so, return 184: two element list ($ownername,$ownerdomain). Else, return null string. 185: 186: =back 187: 188: =cut 189: 190: 191: 192: 193: 194: 195: