File:
[LON-CAPA] /
loncom /
auth /
lonracc.pm
Revision
1.10:
download - view:
text,
annotated -
select for diffs
Tue May 27 18:31:31 2003 UTC (21 years, 4 months ago) by
albertel
Branches:
MAIN
CVS tags:
version_1_1_X,
version_1_1_3,
version_1_1_2,
version_1_1_1,
version_1_1_0,
version_1_0_99_3,
version_1_0_99_2,
version_1_0_99_1,
version_1_0_99,
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
conference_2003,
HEAD
- actually returning the FORBIDDEN now
1: # The LearningOnline Network
2: # Access Handler for File Transfers
3: #
4: # $Id: lonracc.pm,v 1.10 2003/05/27 18:31:31 albertel Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28: # (lonacc: Cookie Based Access Handler
29: # 5/21/99,5/22,5/29,5/31,6/15 Gerd Kortemeyer)
30: # 6/16,6/18,7/3,
31: # 6/30/00 Gerd Kortemeyer
32:
33: package Apache::lonracc;
34:
35: use strict;
36: use Apache::Constants qw(:common :remotehost);
37: use Apache::lonnet();
38: use Apache::File();
39:
40: sub subscribed {
41: my ($filename,$id) = @_;
42: my $found=0;
43: my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
44: $expr =~ s/\./\\\./g;
45: my $sh;
46: if ($sh=Apache::File->new("$filename.subscription")) {
47: while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
48: $sh->close();
49: }
50: return $found;
51: }
52:
53: sub handler {
54: my $r = shift;
55: my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
56: if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) {
57: $reqhost = $r->get_server_name();
58: }
59: unless ($reqhost) {
60: $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
61: return FORBIDDEN;
62: }
63: my $readline;
64: my $lontabdir=$r->dir_config('lonTabDir');
65: {
66: my $fh;
67: unless ($fh=Apache::File->new("$lontabdir/hosts.tab")) {
68: $r->log_reason("Could not find host tab file");
69: return FORBIDDEN;
70: }
71: my $return;
72: my @ids=();
73: while ($readline=<$fh>) {
74: my ($id,$domain,$role,$name,$ip)=split(/:/,$readline);
75: if ($name =~ /$reqhost/i) {
76: my $filename=$r->filename;
77: if ((-e "$filename.$id") ||
78: &subscribed($filename,$id) ||
79: ($filename=~/\.meta$/)) {
80: return OK;
81: } else {
82: $return=FORBIDDEN;
83: push(@ids,$id);
84: }
85: }
86: }
87: if ($return == FORBIDDEN) {
88: $r->log_reason(join(':',@ids)." not subscribed", $r->filename);
89: return FORBIDDEN;
90: }
91: }
92: $r->log_reason("Invalid request for file transfer from $reqhost",
93: $r->filename);
94: return FORBIDDEN;
95: }
96:
97: 1;
98: __END__
99:
100: =head1 NAME
101:
102: Apache::lonracc - Access Handler for File Transfers
103:
104: =head1 SYNOPSIS
105:
106: Invoked by /etc/httpd/conf/loncapa.conf:
107:
108: <LocationMatch "^/raw.*">
109: PerlAccessHandler Apache::lonracc
110: </LocationMatch>
111:
112: =head1 INTRODUCTION
113:
114: This module enables authentication for file transfers and works
115: against the /res tree.
116:
117: Only lond invokes the /raw namespace through its subscribe function.
118:
119: This is part of the LearningOnline Network with CAPA project
120: described at http://www.lon-capa.org.
121:
122: =head1 HANDLER SUBROUTINE
123:
124: This routine is called by Apache and mod_perl.
125:
126: =over 4
127:
128: =item *
129:
130: Determine requesting host
131:
132: =item *
133:
134: See whether or not the requesting host is subscribed.
135:
136: =item *
137:
138: Respond with status of request and make log entry in case of unallowed
139: access.
140:
141: =back
142:
143: =cut
144:
145:
146:
147:
148:
149:
150:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>