version 1.3, 2015/03/16 12:13:34
|
version 1.4, 2015/05/29 18:42:01
|
Line 34 Apache::lonwebdavacc - webDAV Authorizat
|
Line 34 Apache::lonwebdavacc - webDAV Authorizat
|
|
|
=head1 SYNOPSIS |
=head1 SYNOPSIS |
|
|
Invoked for /+webdav/[\w\-]+/[\w\-]+/ by |
Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by |
/etc/httpd/conf/loncapa_apache.conf: |
/etc/httpd/conf/loncapa_apache.conf: |
|
|
PerlAccessHandler Apache::lonwebdavacc |
PerlAccessHandler Apache::lonwebdavacc |
Line 44 PerlAccessHandler Apache::lonwebda
|
Line 44 PerlAccessHandler Apache::lonwebda
|
This module enables authorization for authoring space |
This module enables authorization for authoring space |
and is used to control access for the following type of URI: |
and is used to control access for the following type of URI: |
|
|
<LocationMatch "^/webdav/[\w\-]+/[\w\-]+> |
<LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/"> |
|
|
This module is only called following successful authentication. |
This module is only called following successful authentication. |
Unless lonOtherAuthen has been set, so Single Sign On can be used, |
Unless lonOtherAuthen has been set, so Single Sign On can be used, |
Line 133 sub handler {
|
Line 133 sub handler {
|
my $now = time; |
my $now = time; |
my $sessiondir=$r->dir_config('lonDAVsessDir'); |
my $sessiondir=$r->dir_config('lonDAVsessDir'); |
|
|
my ($adom,$aname); |
my ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/}); |
|
my $author = "$aname:$adom"; |
unless ($env{'user.environment'}) { |
unless ($env{'user.environment'}) { |
my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV'); |
my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV'); |
if ($handle eq '') { |
if ($handle eq '') { |
$handle = &sso_login($r,$sessiondir,$now,$timetolive); |
$handle = &sso_login($r,$sessiondir,$now,$timetolive,$author); |
if ($handle eq '') { |
if ($handle eq '') { |
return FORBIDDEN; |
return FORBIDDEN; |
} |
} |
Line 150 sub handler {
|
Line 151 sub handler {
|
return FORBIDDEN; |
return FORBIDDEN; |
} |
} |
|
|
($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/}); |
|
my $docroot = $r->dir_config('lonDocRoot'); |
my $docroot = $r->dir_config('lonDocRoot'); |
if ($adom eq '' || $aname eq '') { |
if ($adom eq '' || $aname eq '') { |
return FORBIDDEN; |
return FORBIDDEN; |
Line 217 sub handler {
|
Line 217 sub handler {
|
} |
} |
|
|
sub sso_login { |
sub sso_login { |
my ($r,$sessiondir,$now,$timetolive) = @_; |
my ($r,$sessiondir,$now,$timetolive,$author) = @_; |
my ($uname,$udom); |
my ($uname,$udom); |
my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); |
my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); |
unless ($uname =~ /^$match_username$/) { |
unless ($uname =~ /^$match_username$/) { |
Line 235 sub sso_login {
|
Line 235 sub sso_login {
|
return; |
return; |
} |
} |
my $handle = |
my $handle = |
&Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom, |
&Apache::lonwebdavauth::init_webdav_env($r,$sessiondir,$uname,$udom, |
$uhome,$now,$timetolive); |
$uhome,$now,$timetolive,$author); |
if ($handle ne '') { |
if ($handle ne '') { |
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; |
if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) { |
$r->header_out('Set-cookie' => $cookie); |
my ($webdav) = |
$r->send_http_header; |
($r->uri =~ m{^(/webdav/$match_domain/$match_username/)}); |
|
&Apache::lonnet::log($udom,$uname,$uhome, |
|
"SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}"); |
|
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; |
|
$r->header_out('Set-cookie' => $cookie); |
|
$r->send_http_header; |
|
} |
} |
} |
return ($handle); |
return ($handle); |
} |
} |