Return to loncacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

- moving get_posted_cgi from loncommon to lonacc

    1: # The LearningOnline Network
    2: # Cookie Based Access Handler for Construction Area
    3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
    4: #
    5: # $Id: loncacc.pm,v 1.41 2006/04/13 19:07:33 albertel Exp $
    6: #
    7: # Copyright Michigan State University Board of Trustees
    8: #
    9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   10: #
   11: # LON-CAPA is free software; you can redistribute it and/or modify
   12: # it under the terms of the GNU General Public License as published by
   13: # the Free Software Foundation; either version 2 of the License, or
   14: # (at your option) any later version.
   15: #
   16: # LON-CAPA is distributed in the hope that it will be useful,
   17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   19: # GNU General Public License for more details.
   20: #
   21: # You should have received a copy of the GNU General Public License
   22: # along with LON-CAPA; if not, write to the Free Software
   23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   24: #
   25: # /home/httpd/html/adm/gpl.txt
   26: #
   27: # http://www.lon-capa.org/
   28: #
   29: 
   30: package Apache::loncacc;
   31: 
   32: use strict;
   33: use Apache::Constants qw(:common :http :methods REDIRECT);
   34: use CGI::Cookie();
   35: use Fcntl qw(:flock);
   36: use Apache::lonlocal;
   37: use Apache::lonnet;
   38: use Apache::lonacc;
   39: 
   40: sub constructaccess {
   41:     my ($url,$ownerdomain)=@_;
   42:     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//);
   43:     unless (($ownername) && ($ownerdomain)) { return ''; }
   44:     # We do not allow editing of previous versions of files.
   45:     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
   46:     my @possibledomains = &Apache::lonnet::current_machine_domains();
   47:     if ($ownername eq $env{'user.name'}) {
   48: 	foreach my $domain (@possibledomains) {
   49: 	    if ($domain eq $env{'user.domain'}) {
   50: 		return ($ownername,$domain);
   51: 	    }
   52: 	}
   53:     }
   54:     
   55:     foreach my $domain (@possibledomains) {
   56: 	if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
   57: 	    exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
   58: 	    return ($ownername,$domain);
   59: 	}
   60:     }
   61:     return '';
   62: }
   63: 
   64: sub handler {
   65:     my $r = shift;
   66:     my $requrl=$r->uri;
   67:     $env{'request.editurl'}=$requrl;
   68:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
   69:     my $lonid=$cookies{'lonID'};
   70:     my $cookie;
   71:     if ($lonid) {
   72: 	my $handle=$lonid->value;
   73:         $handle=~s/\W//g;
   74:         my $lonidsdir=$r->dir_config('lonIDsDir');
   75:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
   76: 
   77: # ------------------------------------------------------ Initialize Environment
   78: 
   79:             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
   80: 
   81: # --------------------------------------------------------- Initialize Language
   82:  
   83:  	    &Apache::lonlocal::get_language_handle($r);
   84: 
   85: # -------------------------------------------------------------- Resource State
   86: 
   87:             $env{'request.state'}    = "construct";
   88:             $env{'request.filename'} = $r->filename;
   89: 
   90:             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
   91:                 $r->log_reason("Unauthorized $requrl", $r->filename); 
   92: 	        return HTTP_NOT_ACCEPTABLE;
   93:             }
   94: 
   95: # -------------------------------------------------------- Load POST parameters
   96: 
   97: 	    &Apache::lonacc::get_posted_cgi($r);
   98: 
   99:             return OK; 
  100:         } else { 
  101:             $r->log_reason("Cookie $handle not valid", $r->filename) 
  102:         };
  103:     }
  104: 
  105: # ----------------------------------------------- Store where they wanted to go
  106: 
  107:     $env{'request.firsturl'}=$requrl;
  108:     return FORBIDDEN;
  109: }
  110: 
  111: 1;
  112: __END__
  113: 
  114: =head1 NAME
  115: 
  116: Apache::lonacc - Cookie Based Access Handler for Construction Area
  117: 
  118: =head1 SYNOPSIS
  119: 
  120: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf:
  121: 
  122:  PerlAccessHandler       Apache::loncacc
  123: 
  124: =head1 INTRODUCTION
  125: 
  126: This module enables cookie based authentication for construction area
  127: and is used to control access for three (essentially equivalent) URIs.
  128: 
  129:  <LocationMatch "^/priv.*">
  130:  <LocationMatch "^/\~.*">
  131:  <LocationMatch "^/\~.*/$">
  132: 
  133: Whenever the client sends the cookie back to the server, 
  134: if the cookie is missing or invalid, the user is re-challenged
  135: for login information.
  136: 
  137: This is part of the LearningOnline Network with CAPA project
  138: described at http://www.lon-capa.org.
  139: 
  140: =head1 HANDLER SUBROUTINE
  141: 
  142: This routine is called by Apache and mod_perl.
  143: 
  144: =over 4
  145: 
  146: =item *
  147: 
  148: load POST parameters
  149: 
  150: =item *
  151: 
  152: store where they wanted to go (first url entered)
  153: 
  154: =back
  155: 
  156: =head1 OTHERSUBROUTINES
  157: 
  158: =over 4
  159: 
  160: =item *
  161: 
  162: constructaccess($url,$ownerdomain) : See if the owner domain and name
  163: in the URL match those in the expected environment.  If so, return 
  164: two element list ($ownername,$ownerdomain).  Else, return null string.
  165: 
  166: =back
  167: 
  168: =cut
  169: 
  170: 
  171: 
  172: 
  173: 
  174: 
  175: