[BACK]Return to loncacc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / loncacc.pm
Revision 1.51: download - view: text, annotated - select for diffs
Thu Sep 30 16:42:30 2010 UTC (13 years, 7 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_9_X, version_2_9_1, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0, loncapaMITrelate_1, HEAD
- Bug 6373.
  - Do not change request.role, request.role.domain, request.course.sec
    when DC assumes ad hoc co-author role via "Edit resource" in a course.

    1: # The LearningOnline Network
    2: # Cookie Based Access Handler for Construction Area
    3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
    4: #
    5: # $Id: loncacc.pm,v 1.51 2010/09/30 16:42:30 raeburn Exp $
    6: #
    7: # Copyright Michigan State University Board of Trustees
    8: #
    9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   10: #
   11: # LON-CAPA is free software; you can redistribute it and/or modify
   12: # it under the terms of the GNU General Public License as published by
   13: # the Free Software Foundation; either version 2 of the License, or
   14: # (at your option) any later version.
   15: #
   16: # LON-CAPA is distributed in the hope that it will be useful,
   17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   19: # GNU General Public License for more details.
   20: #
   21: # You should have received a copy of the GNU General Public License
   22: # along with LON-CAPA; if not, write to the Free Software
   23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   24: #
   25: # /home/httpd/html/adm/gpl.txt
   26: #
   27: # http://www.lon-capa.org/
   28: #
   29: 
   30: =pod
   31: 
   32: =head1 NAME
   33: 
   34: Apache::lonacc - Cookie Based Access Handler for Construction Area
   35: 
   36: =head1 SYNOPSIS
   37: 
   38: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf:
   39: 
   40:  PerlAccessHandler       Apache::loncacc
   41: 
   42: =head1 INTRODUCTION
   43: 
   44: This module enables cookie based authentication for construction area
   45: and is used to control access for three (essentially equivalent) URIs.
   46: 
   47:  <LocationMatch "^/priv.*">
   48:  <LocationMatch "^/\~.*">
   49:  <LocationMatch "^/\~.*/$">
   50: 
   51: Whenever the client sends the cookie back to the server, 
   52: if the cookie is missing or invalid, the user is re-challenged
   53: for login information.
   54: 
   55: This is part of the LearningOnline Network with CAPA project
   56: described at http://www.lon-capa.org.
   57: 
   58: =head1 HANDLER SUBROUTINE
   59: 
   60: This routine is called by Apache and mod_perl.
   61: 
   62: =over 4
   63: 
   64: =item *
   65: 
   66: load POST parameters
   67: 
   68: =item *
   69: 
   70: store where they wanted to go (first url entered)
   71: 
   72: =back
   73: 
   74: =head1 OTHERSUBROUTINES
   75: 
   76: =over
   77: 
   78: =item constructaccess($url,$ownerdomain)
   79: 
   80: See if the owner domain and name
   81: in the URL match those in the expected environment.  If so, return 
   82: two element list ($ownername,$ownerdomain).  Else, return null string.
   83: 
   84: =back
   85: 
   86: =cut
   87: 
   88: 
   89: package Apache::loncacc;
   90: 
   91: use strict;
   92: use Apache::Constants qw(:common :http :methods REDIRECT);
   93: use Fcntl qw(:flock);
   94: use Apache::lonlocal;
   95: use Apache::lonnet;
   96: use Apache::lonacc;
   97: use LONCAPA qw(:DEFAULT :match);
   98: 
   99: sub constructaccess {
  100:     my ($url,$ownerdomain,$setpriv)=@_;
  101:     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)($match_username)\//);
  102:     unless (($ownername) && ($ownerdomain)) { return ''; }
  103:     # We do not allow editing of previous versions of files.
  104:     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
  105:     my @possibledomains = &Apache::lonnet::current_machine_domains();
  106:     if ($ownername eq $env{'user.name'}) {
  107: 	foreach my $domain (@possibledomains) {
  108: 	    if ($domain eq $env{'user.domain'}) {
  109: 		return ($ownername,$domain);
  110: 	    }
  111: 	}
  112:     }
  113:     
  114:     foreach my $domain (@possibledomains) {
  115: 	if (exists($env{'user.priv.ca./'.$domain.'/'.$ownername.'./'}) ||
  116: 	    exists($env{'user.priv.aa./'.$domain.'/'.$ownername.'./'}) ) {
  117: 	    return ($ownername,$domain);
  118: 	}
  119:     }
  120: 
  121:     my $then=$env{'user.login.time'};
  122:     my %dcroles = ();
  123:     if (&is_active_dc($ownerdomain,$then)) {
  124:         my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],
  125:                                          $ownerdomain,$ownername);
  126:         unless ($blocked{'domcoord.author'} eq 'blocked') {
  127:             if (grep(/^$ownerdomain$/,@possibledomains)) {
  128:                 if ($setpriv) {
  129:                     my $refresh=$env{'user.refresh.time'};
  130:                     if (!$refresh) {
  131:                         $refresh = $then;
  132:                     }
  133:                     my $now = time;
  134:                     &Apache::lonnet::check_adhoc_privs($ownerdomain,$ownername,
  135:                                                        $then,$refresh,$now,'ca',
  136:                                                        'constructaccess');
  137:                 }
  138:                 return($ownername,$ownerdomain);
  139:             }
  140:         }
  141:     }
  142:     return '';
  143: }
  144: 
  145: sub is_active_dc {
  146:     my ($ownerdomain,$then) = @_;
  147:     my $livedc;
  148:     if ($env{'user.adv'}) {
  149:         my $domrole = $env{'user.role.dc./'.$ownerdomain.'/'};
  150:         if ($domrole) {
  151:             my ($tstart,$tend)=split(/\./,$domrole);
  152:             $livedc = 1;
  153:             if ($tstart && $tstart>$then) { undef($livedc); }
  154:             if ($tend   && $tend  <$then) { undef($livedc); }
  155:         }
  156:     }
  157:     return $livedc;
  158: }
  159: 
  160: 
  161: sub handler {
  162:     my $r = shift;
  163:     my $requrl=$r->uri;
  164:     $env{'request.editurl'}=$requrl;
  165: 
  166:     my $handle =  &Apache::lonnet::check_for_valid_session($r);
  167:     if ($handle ne '') {
  168: 
  169: # ------------------------------------------------------ Initialize Environment
  170:         my $lonidsdir=$r->dir_config('lonIDsDir');
  171: 	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
  172: 
  173: # --------------------------------------------------------- Initialize Language
  174:  
  175: 	&Apache::lonlocal::get_language_handle($r);
  176: 
  177: # -------------------------------------------------------------- Resource State
  178: 
  179: 	$env{'request.state'}    = "construct";
  180: 	$env{'request.filename'} = $r->filename;
  181: 
  182: 	unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'),'setpriv')) {
  183: 	    $r->log_reason("Unauthorized $requrl", $r->filename); 
  184: 	    return HTTP_NOT_ACCEPTABLE;
  185: 	}
  186: 
  187: # -------------------------------------------------------- Load POST parameters
  188: 
  189: 	&Apache::lonacc::get_posted_cgi($r);
  190: 
  191: 	return OK; 
  192:     } else { 
  193: 	$r->log_reason("Cookie $handle not valid", $r->filename) 
  194:     }
  195: 
  196: # ----------------------------------------------- Store where they wanted to go
  197: 
  198:     $env{'request.firsturl'}=$requrl;
  199:     return FORBIDDEN;
  200: }
  201: 
  202: 1;
  203: __END__
  204: 
  205: 
  206: 
  207: 
  208: 
  209: 
  210: 
  211:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>