Annotation of loncom/auth/lonstatusacc.pm, revision 1.1
1.1 ! raeburn 1: #
! 2: # LON-CAPA authorization for pages generated by server-status reports
! 3: #
! 4: # $Id: lonstatusacc.pm,v 1.1 2008/11/28 17:15:00 raeburn Exp $
! 5: #
! 6: # Copyright Michigan State University Board of Trustees
! 7: #
! 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 9: #
! 10: # LON-CAPA is free software; you can redistribute it and/or modify
! 11: # it under the terms of the GNU General Public License as published by
! 12: # the Free Software Foundation; either version 2 of the License, or
! 13: # (at your option) any later version.
! 14: #
! 15: # LON-CAPA is distributed in the hope that it will be useful,
! 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 18: # GNU General Public License for more details.
! 19: #
! 20: # You should have received a copy of the GNU General Public License
! 21: # along with LON-CAPA; if not, write to the Free Software
! 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 23: #
! 24: # /home/httpd/html/adm/gpl.txt
! 25: #
! 26: # http://www.lon-capa.org/
! 27: #
! 28: #############################################
! 29: #############################################
! 30:
! 31: package Apache::lonstatusacc;
! 32:
! 33: use strict;
! 34: use Apache::Constants qw(:common :remotehost);
! 35: use Apache::lonnet;
! 36: use LONCAPA::loncgi;
! 37:
! 38: sub handler {
! 39: my $r = shift;
! 40: my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
! 41: my $page = 'serverstatus';
! 42: if ($r->uri eq '/adm/test') {
! 43: $page = 'showenv';
! 44: if (&LONCAPA::loncgi::check_cookie_and_load_env()) {
! 45: if (&LONCAPA::loncgi::can_view($page)) {
! 46: return OK;
! 47: } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
! 48: return OK;
! 49: }
! 50: }
! 51: } elsif ($r->uri ne '/server-status') {
! 52: $page = 'lonstatus';
! 53: if (!-e $r->filename) {
! 54: return NOT_FOUND;
! 55: }
! 56: }
! 57: if ($reqhost eq '127.0.0.1') {
! 58: return OK;
! 59: }
! 60: my @hostids= &Apache::lonnet::get_hosts_from_ip($reqhost);
! 61: my @poss_domains = &Apache::lonnet::current_machine_domains();
! 62: if (@hostids > 0) {
! 63: foreach my $id (@hostids) {
! 64: if ($id ne '') {
! 65: my $dom = &Apache::lonnet::host_domain($id);
! 66: if ($dom ne '') {
! 67: if (grep(/^\Q$dom\E$/,@poss_domains)) {
! 68: return OK;
! 69: }
! 70: }
! 71: }
! 72: }
! 73: } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
! 74: return OK;
! 75: } else {
! 76: if (&LONCAPA::loncgi::check_cookie_and_load_env($page)) {
! 77: if (&LONCAPA::loncgi::can_view($page)) {
! 78: return OK;
! 79: }
! 80: }
! 81: }
! 82: $r->log_reason("Invalid request for server status from $reqhost",
! 83: $r->uri);
! 84: return FORBIDDEN;
! 85: }
! 86:
! 87: 1;
! 88:
! 89: __END__
! 90:
! 91: =head1 NAME
! 92:
! 93: Apache::lonstatusacc - Access Handler for Apache's server-status page
! 94: and also pages in lon-status directory.
! 95:
! 96: =head1 SYNOPSIS
! 97:
! 98: Invoked (for appropriate locations) by /etc/httpd/conf/loncapa_apache.conf
! 99:
! 100: PerlAccessHandler Apache::lonstatusacc
! 101:
! 102: =head1 INTRODUCTION
! 103:
! 104: This module can support access control based on IP
! 105: address, or based on Domain Configuration settings
! 106: for authenticated users (via cookie).
! 107:
! 108: The module is used for control of access to
! 109: (a) Apache's server-status page
! 110: (b) Status pages in the /home/httpd/html/lon-status directory
! 111: which were generated as follows:
! 112: (i) when loncron was last run
! 113: (index.html, loncron_simple.txt, loncstatus.txt, and londstatus.txt),
! 114: (ii) when lonsql was last started
! 115: (mysql.txt - only on connection failure),
! 116: (iii) when /usr/local/loncapa/bin/CHECKRPMS was last run
! 117: (checkrpms.txt),
! 118: (iv) when ./UPDATE was run to install/update
! 119: (version.txt).
! 120: (c) User environment information reported by /adm/test
! 121:
! 122: This is part of the LearningOnline Network with CAPA project
! 123: described at http://www.lon-capa.org.
! 124:
! 125: =head1 HANDLER SUBROUTINE
! 126:
! 127: This routine is called by Apache and mod_perl.
! 128:
! 129: The check for whether access is allowed for a specific page proceeds as follows:
! 130:
! 131: (a) Access allowed for request from loopback address for any page.
! 132:
! 133: (b) For any page except /adm/test, access allowed if at least one of the following applies:
! 134: (a) If request is from a LON-CAPA server, if at least one domain hosted on
! 135: requesting machine is also a domain hosted on this server.
! 136: (b) IP address of requesting server is listed in domain configuration list
! 137: of allowed machines for any of the domains hosted on this server
! 138: (c) If requestor has an active LON-CAPA session -- checked using
! 139: LONCAPA::loncgi::check_cookie_and_load_env() -- access allowed
! 140: AND one of the following is true:
! 141: (i) Requestor has LON-CAPA superuser role
! 142: (ii) Requestor's role is Domain Coordinator in one of the domains
! 143: hosted on this server
! 144: (iii) Domain configurations for domains hosted on this server include
! 145: the requestor as one of the named users (username:domain) with access
! 146: to the page.
! 147:
! 148: (c) /adm/test
! 149: Access requires a valid session - checked using
! 150: LONCAPA::loncgi::check_cookie_and_load_env().
! 151: If so, access is allowed if one of the following is true:
! 152: (i) Requestor has LON-CAPA superuser role, or
! 153: (ii) Requestor's role is Domain Coordinator in one of the domains
! 154: hosted on this server
! 155: (iii) Domain configurations for domains hosted on this server include
! 156: the requestor as one of the named users (username:domain) with access
! 157: to the page.
! 158: (iv) IP address of requestor is listed in domain configuration list
! 159: of allowed machines for any of the domains hosted on this server
! 160:
! 161: =cut
! 162:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonstatusacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth