Annotation of loncom/auth/lonwebdavacc.pm, revision 1.1
1.1 ! raeburn 1: # The LearningOnline Network
! 2: # Authorization Handler for webDAV access to Authoring Space.
! 3: #
! 4: # $Id: lonwebdavacc.pm,v 1.1 2012/2/25 19:37:40 raeburn Exp $
! 5: #
! 6: # Copyright Michigan State University Board of Trustees
! 7: #
! 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 9: #
! 10: # LON-CAPA is free software; you can redistribute it and/or modify
! 11: # it under the terms of the GNU General Public License as published by
! 12: # the Free Software Foundation; either version 2 of the License, or
! 13: # (at your option) any later version.
! 14: #
! 15: # LON-CAPA is distributed in the hope that it will be useful,
! 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 18: # GNU General Public License for more details.
! 19: #
! 20: # You should have received a copy of the GNU General Public License
! 21: # along with LON-CAPA; if not, write to the Free Software
! 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 23: #
! 24: # /home/httpd/html/adm/gpl.txt
! 25: #
! 26: # http://www.lon-capa.org/
! 27: #
! 28:
! 29: =pod
! 30:
! 31: =head1 NAME
! 32:
! 33: Apache::lonwebdavacc - webDAV Authorization Handler
! 34:
! 35: =head1 SYNOPSIS
! 36:
! 37: Invoked for /+webdav/[\w\-]+/[\w\-]+/ by
! 38: /etc/httpd/conf/loncapa_apache.conf:
! 39:
! 40: PerlAccessHandler Apache::lonwebdavacc
! 41:
! 42: =head1 INTRODUCTION
! 43:
! 44: This module enables authorization for authoring space
! 45: and is used to control access for the following type of URI:
! 46:
! 47: <LocationMatch "^/webdav/[\w\-]+/[\w\-]+>
! 48:
! 49: This module is only called following successful authentication.
! 50: Unless lonOtherAuthen has been set, so Single Sign On can be used,
! 51: successful authentication will have created a session file and
! 52: transferred the contents to the user's environment.
! 53:
! 54: In the case of SSO, there is no existing user environment, but
! 55: $r->user will have been set to the user's username, following
! 56: successful authentication. For SSO, the webDAV session file
! 57: and environment are set up by a call to
! 58: Apache::lonwebdavauth::init_webdav_env().
! 59:
! 60: Note: because Apache Basic Auth is used for authentication (unless SSO)
! 61: webDAV access is only available for servers running Apache with SSL.
! 62:
! 63: This is part of the LearningOnline Network with CAPA project
! 64: described at http://www.lon-capa.org.
! 65:
! 66: =head1 HANDLER SUBROUTINE
! 67:
! 68: This routine is called by Apache and mod_perl.
! 69:
! 70: =over 4
! 71:
! 72: =item *
! 73:
! 74: Checks if $env{'user.environment'} is defined.
! 75:
! 76: =item *
! 77:
! 78: If no %env, this was SSO authentication so call to &sso_login() to
! 79: create session, and return cookie.
! 80:
! 81: =item *
! 82:
! 83: Checks if requested URL (of form /webdav/authordomain/authorname) is valid
! 84: and whether authenticated user has an active author or co-author
! 85: role in the corresonding Author Space.
! 86:
! 87: =back
! 88:
! 89: =head1 NOTABLE SUBROUTINES
! 90:
! 91: =over
! 92:
! 93: =item * sso_login()
! 94:
! 95: =over
! 96:
! 97: =item *
! 98:
! 99: Called if no user.environment exists in %env.
! 100:
! 101: =item *
! 102:
! 103: Checks if $r->user contains a valid user.
! 104:
! 105: =item *
! 106:
! 107: Domain is set either from lonSSOUserDomain perlvar (if defined)
! 108: or from lonDefDomain perlvar.
! 109:
! 110: =item *
! 111:
! 112: For a valid user a new session file and is created, and the corresponding
! 113: cookie is returned to the client in an Apache response header.
! 114:
! 115: =back
! 116:
! 117: =back
! 118:
! 119: =cut
! 120:
! 121: package Apache::lonwebdavacc;
! 122:
! 123: use strict;
! 124: use GDBM_File;
! 125: use Apache::Constants qw(:common :http :methods);
! 126: use Apache::lonnet;
! 127: use LONCAPA qw(:DEFAULT :match);
! 128:
! 129: sub handler {
! 130: my $r = shift;
! 131: my $timetolive = 600;
! 132: my $now = time;
! 133: my $sessiondir=$r->dir_config('lonDAVsessDir');
! 134:
! 135: my ($adom,$aname);
! 136: unless ($env{'user.environment'}) {
! 137: my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
! 138: if ($handle eq '') {
! 139: $handle = &sso_login($r,$sessiondir,$now,$timetolive);
! 140: if ($handle eq '') {
! 141: return FORBIDDEN;
! 142: }
! 143: } else {
! 144: &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
! 145: }
! 146: }
! 147: my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'});
! 148: if ($uhome =~ /^(con_lost|no_host|no_such_host)$/) {
! 149: return FORBIDDEN;
! 150: }
! 151:
! 152: ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
! 153: my $docroot = $r->dir_config('lonDocRoot');
! 154: if ($adom eq '' || $aname eq '') {
! 155: return FORBIDDEN;
! 156: } elsif (!-d "$docroot/priv/$adom/$aname") {
! 157: return FORBIDDEN;
! 158: }
! 159: # FIXME method check for MKCOL MOVE PUT DELETE for *.log, *.bak
! 160: # FIXME method check for regexp for "version-style" names: /\.\d+\.\w+$/
! 161: # for MOVE PUT MKCOL
! 162: if (($env{'user.name'} eq $aname) && ($env{'user.domain'} eq $adom)) {
! 163: if ($env{"user.role.au./$adom/"}) {
! 164: return OK;
! 165: }
! 166: } else {
! 167: if (($env{"user.role.ca./$adom/$aname"}) ||
! 168: (env{"user.role.aa./$adom/$aname"})) {
! 169: return OK;
! 170: }
! 171: }
! 172: return FORBIDDEN;
! 173: }
! 174:
! 175: sub sso_login {
! 176: my ($r,$sessiondir,$now,$timetolive) = @_;
! 177: my ($uname,$udom);
! 178: my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
! 179: unless ($uname =~ /^$match_username$/) {
! 180: return;
! 181: }
! 182: $udom = $r->dir_config('lonSSOUserDomain');
! 183: if ($udom eq '') {
! 184: $udom = $r->dir_config('lonDefDomain');
! 185: }
! 186: unless (($udom =~ /^$match_domain$/)) {
! 187: return;
! 188: }
! 189: my $uhome = &Apache::lonnet::homeserver($uname,$udom);
! 190: if ($uhome =~ /^(con_lost|no_host|no_such_host)$/) {
! 191: return;
! 192: }
! 193: my $handle =
! 194: &Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom,
! 195: $uhome,$now,$timetolive);
! 196: if ($handle ne '') {
! 197: my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
! 198: $r->header_out('Set-cookie' => $cookie);
! 199: $r->send_http_header;
! 200: }
! 201: return ($handle);
! 202: }
! 203:
! 204: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonwebdavacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth