loncom/auth/lonracc.pm - diff

Return to lonracc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonracc.pm between versions 1.3 and 1.23

-version 1.3, 2001/11/29 19:12:44
+version 1.23, 2008/11/12 20:01:09
  Line 25
  #
  # http://www.lon-capa.org/
  #
- # (lonacc: Cookie Based Access Handler
- # 5/21/99,5/22,5/29,5/31,6/15 Gerd Kortemeyer)
+ =pod
- # 6/16,6/18,7/3,
- # 6/30/00 Gerd Kortemeyer
+ =head1 NAME
+ Apache::lonracc - Access Handler for File Transfers
+ =head1 SYNOPSIS
+ Invoked by /etc/httpd/conf/loncapa.conf:
+  <LocationMatch "^/raw.*">
+  PerlAccessHandler Apache::lonracc
+  </LocationMatch>
+ =head1 INTRODUCTION
+ This module enables authentication for file transfers and works
+ against the /res tree.
+ Only lond invokes the /raw namespace through its subscribe function.
+ This is part of the LearningOnline Network with CAPA project
+ described at http://www.lon-capa.org.
+ =head1 HANDLER SUBROUTINE
+ This routine is called by Apache and mod_perl.
+ =over 4
+ =item *
+ Determine requesting host
+ =item *
+ See whether or not the requesting host is subscribed.
+ =item *
+ Respond with status of request and make log entry in case of unallowed
+ access.
+ =back
+ =cut
  package Apache::lonracc;
  use strict;
  use Apache::Constants qw(:common :remotehost);
+ use Apache::lonnet;
  use Apache::File();
+ use IO::Socket;
+ sub subscribed {
+     my ($filename,$id) = @_;
+     return 0 if (!-e "$filename.subscription");
+     my $hostname=&Apache::lonnet::hostname($id);
+     my (undef,undef,undef,undef,$ip) = gethostbyname($hostname);
+     return 0 if (length($ip) != 4);
+     $ip=inet_ntoa($ip);
+     my $expr='^'.quotemeta($id).':'.quotemeta($ip).':';
+     my $found=0;
+     if (my $sh=Apache::File->new("$filename.subscription")) {
+ 	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
+ 	$sh->close();
+     }
+     return $found;
+ }
  sub handler {
      my $r = shift;
-     my $reqhost;
-     unless ($reqhost=$r->get_remote_host(REMOTE_DOUBLE_REV)) {
-        $r->log_reason("Spoof request");
-        return FORBIDDEN;
-     }
-     my $readline;
-     my $lontabdir=$r->dir_config('lonTabDir');
-     {
-        my $fh;
-        unless ($fh=Apache::File->new("$lontabdir/hosts.tab")) {
-           $r->log_reason("Could not find host tab file");
-           return FORBIDDEN;
-        }
-        while ($readline=<$fh>) {
-           my ($id,$domain,$role,$name,$ip)=split(/:/,$readline);
-           if ($name =~ /$reqhost/i) {
-               my $filename=$r->filename;
-               if ((-e "$filename.$id") || ($filename=~/\.meta$/)) {
- 	         return OK;
-               } else {
-                  $r->log_reason("$id not subscribed", $r->filename);
-                  return FORBIDDEN;
-               }
-           }
-        }
+     my $filename=$r->filename;
+     if (!-e $filename) {
+ 	return NOT_FOUND;
+     }
+     my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
+     my @hostids= &Apache::lonnet::get_hosts_from_ip($reqhost);
+     if (!@hostids && $reqhost ne '127.0.0.1' ) {
+ 	$r->log_reason("Unable to find a host for ".
+ 		       $r->get_remote_host(REMOTE_NOLOOKUP));
+ 	return FORBIDDEN;
+     }
+     if ($reqhost eq '127.0.0.1') {
+ 	return OK;
+     }
+     my $return;
+     my @ids;
+     foreach my $id (@hostids) {
+ 	my $uri =$r->uri;
+ 	if (($filename=~/\.meta$/) ||
+ 	    ($uri=~m|^/raw/uploaded|) ||
+ 	    (-e "$filename.$id") ||
+ 	    &subscribed($filename,$id) ) {
+ 	    return OK;
+ 	} else {
+ 	    $return=FORBIDDEN;
+ 	    push(@ids,$id);
+ 	}
+     }
+     if ($return == FORBIDDEN) {
+ 	$r->log_reason(join(':',@ids)." not subscribed", $r->filename);
+ 	return FORBIDDEN;
      }
      $r->log_reason("Invalid request for file transfer from $reqhost",
                     $r->filename);
- Line 75  __END__
+ Line 150  __END__

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.3
changed lines
	Added in v.1.23