[BACK]Return to lonracc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / lonracc.pm
Revision 1.13: download - view: text, annotated - select for diffs
Mon May 3 19:52:19 2004 UTC (20 years, 1 month ago) by www
Branches: MAIN
CVS tags: version_1_3_X, version_1_3_3, version_1_3_2, version_1_3_1, version_1_3_0, version_1_2_X, version_1_2_99_1, version_1_2_99_0, version_1_2_1, version_1_2_0, version_1_1_99_5, version_1_1_99_4, version_1_1_99_3, version_1_1_99_2, version_1_1_99_1, version_1_1_99_0, HEAD
Bug #2951: do not read hosts.tab every time somebody wants a /raw resource.

Need to make sure that this still works for multi-domain servers, since I
remember that at some point the order of entries in either hosts.tab or
domain.tab mattered - this is now in random hash order.

    1: # The LearningOnline Network
    2: # Access Handler for File Transfers
    3: #
    4: # $Id: lonracc.pm,v 1.13 2004/05/03 19:52:19 www Exp $
    5: #
    6: # Copyright Michigan State University Board of Trustees
    7: #
    8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    9: #
   10: # LON-CAPA is free software; you can redistribute it and/or modify
   11: # it under the terms of the GNU General Public License as published by
   12: # the Free Software Foundation; either version 2 of the License, or
   13: # (at your option) any later version.
   14: #
   15: # LON-CAPA is distributed in the hope that it will be useful,
   16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18: # GNU General Public License for more details.
   19: #
   20: # You should have received a copy of the GNU General Public License
   21: # along with LON-CAPA; if not, write to the Free Software
   22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   23: #
   24: # /home/httpd/html/adm/gpl.txt
   25: #
   26: # http://www.lon-capa.org/
   27: #
   28: 
   29: package Apache::lonracc;
   30: 
   31: use strict;
   32: use Apache::Constants qw(:common :remotehost);
   33: use Apache::lonnet();
   34: use Apache::File();
   35: 
   36: sub subscribed {
   37:     my ($filename,$id) = @_;
   38:     my $found=0;
   39:     my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
   40:     $expr =~ s/\./\\\./g;
   41:     my $sh;
   42:     if ($sh=Apache::File->new("$filename.subscription")) {
   43: 	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
   44: 	$sh->close();
   45:     }
   46:     return $found;
   47: }
   48: 
   49: sub handler {
   50:     my $r = shift;
   51:     my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
   52:     if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { 
   53:         $reqhost = $r->get_server_name();
   54:     } 
   55:     unless ($reqhost) {
   56:        $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
   57:        return FORBIDDEN;
   58:     }
   59:     if ($reqhost eq 'localhost.localdomain') {
   60:        return OK;
   61:     }
   62:     my $return;
   63:     my @ids=();
   64:     my $id;
   65:     foreach $id (keys %Apache::lonnet::hostname) {
   66: 	if ($Apache::lonnet::hostname{$id} =~ /$reqhost/i) {
   67: 	    my $filename=$r->filename;
   68: 	    my $uri =$r->uri;
   69: 	    if ((-e "$filename.$id") ||
   70: 		&subscribed($filename,$id) ||
   71: 		($filename=~/\.meta$/) ||
   72: 		($uri=~m|^/raw/uploaded|)) {
   73: 		return OK;
   74: 	    } else {
   75: 		$return=FORBIDDEN;
   76: 		push(@ids,$id);
   77: 	    }
   78: 	}
   79:     }
   80:     if ($return == FORBIDDEN) {
   81: 	$r->log_reason(join(':',@ids)." not subscribed", $r->filename);
   82: 	return FORBIDDEN;
   83:     }
   84:     $r->log_reason("Invalid request for file transfer from $reqhost", 
   85:                    $r->filename); 
   86:     return FORBIDDEN;
   87: }
   88: 
   89: 1;
   90: __END__
   91: 
   92: =head1 NAME
   93: 
   94: Apache::lonracc - Access Handler for File Transfers
   95: 
   96: =head1 SYNOPSIS
   97: 
   98: Invoked by /etc/httpd/conf/loncapa.conf:
   99: 
  100:  <LocationMatch "^/raw.*">
  101:  PerlAccessHandler Apache::lonracc
  102:  </LocationMatch>
  103: 
  104: =head1 INTRODUCTION
  105: 
  106: This module enables authentication for file transfers and works
  107: against the /res tree.
  108: 
  109: Only lond invokes the /raw namespace through its subscribe function.
  110: 
  111: This is part of the LearningOnline Network with CAPA project
  112: described at http://www.lon-capa.org.
  113: 
  114: =head1 HANDLER SUBROUTINE
  115: 
  116: This routine is called by Apache and mod_perl.
  117: 
  118: =over 4
  119: 
  120: =item *
  121: 
  122: Determine requesting host
  123: 
  124: =item *
  125: 
  126: See whether or not the requesting host is subscribed.
  127: 
  128: =item *
  129: 
  130: Respond with status of request and make log entry in case of unallowed
  131: access.
  132: 
  133: =back
  134: 
  135: =cut
  136: 
  137: 
  138: 
  139: 
  140: 
  141: 
  142:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>