[BACK]Return to lonwebdavacc.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / lonwebdavacc.pm
Revision 1.1: download - view: text, annotated - select for diffs
Mon Feb 27 03:06:33 2012 UTC (12 years, 2 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, HEAD
- Bug 6034.
  - webDAV access to Authoring Spaces.
  - requires prior migration of Authoring Spaces from /home/<user>/public_html
    to /home/httpd/html/priv/<domain>/<user>
  - Work in progress.

    1: # The LearningOnline Network
    2: # Authorization Handler for webDAV access to Authoring Space. 
    3: #
    4: # $Id: lonwebdavacc.pm,v 1.1 2012/02/27 03:06:33 raeburn Exp $
    5: #
    6: # Copyright Michigan State University Board of Trustees
    7: #
    8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    9: #
   10: # LON-CAPA is free software; you can redistribute it and/or modify
   11: # it under the terms of the GNU General Public License as published by
   12: # the Free Software Foundation; either version 2 of the License, or
   13: # (at your option) any later version.
   14: #
   15: # LON-CAPA is distributed in the hope that it will be useful,
   16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18: # GNU General Public License for more details.
   19: #
   20: # You should have received a copy of the GNU General Public License
   21: # along with LON-CAPA; if not, write to the Free Software
   22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   23: #
   24: # /home/httpd/html/adm/gpl.txt
   25: #
   26: # http://www.lon-capa.org/
   27: #
   28: 
   29: =pod
   30: 
   31: =head1 NAME
   32: 
   33: Apache::lonwebdavacc - webDAV Authorization Handler
   34: 
   35: =head1 SYNOPSIS
   36: 
   37: Invoked for /+webdav/[\w\-]+/[\w\-]+/ by
   38: /etc/httpd/conf/loncapa_apache.conf:
   39: 
   40: PerlAccessHandler       Apache::lonwebdavacc
   41: 
   42: =head1 INTRODUCTION
   43: 
   44: This module enables authorization for authoring space
   45: and is used to control access for the following type of URI:
   46: 
   47:  <LocationMatch "^/webdav/[\w\-]+/[\w\-]+>
   48: 
   49: This module is only called following successful authentication. 
   50: Unless lonOtherAuthen has been set, so Single Sign On can be used,
   51: successful authentication will have created a session file and
   52: transferred the contents to the user's environment.
   53: 
   54: In the case of SSO, there is no existing user environment, but  
   55: $r->user will have been set to the user's username, following 
   56: successful authentication.  For SSO, the webDAV session file
   57: and environment are set up by a call to 
   58: Apache::lonwebdavauth::init_webdav_env().
   59: 
   60: Note: because Apache Basic Auth is used for authentication (unless SSO)
   61: webDAV access is only available for servers running Apache with SSL.
   62: 
   63: This is part of the LearningOnline Network with CAPA project
   64: described at http://www.lon-capa.org.
   65: 
   66: =head1 HANDLER SUBROUTINE
   67: 
   68: This routine is called by Apache and mod_perl.
   69: 
   70: =over 4
   71: 
   72: =item *
   73: 
   74: Checks if $env{'user.environment'} is defined.
   75: 
   76: =item *
   77: 
   78: If no %env, this was SSO authentication so call to &sso_login() to
   79: create session, and return cookie. 
   80: 
   81: =item *
   82: 
   83: Checks if requested URL (of form /webdav/authordomain/authorname) is valid
   84: and whether authenticated user has an active author or co-author
   85: role in the corresonding Author Space. 
   86: 
   87: =back
   88: 
   89: =head1 NOTABLE SUBROUTINES
   90: 
   91: =over
   92: 
   93: =item * sso_login()
   94: 
   95: =over 
   96: 
   97: =item *
   98: 
   99: Called if no user.environment exists in %env.
  100: 
  101: =item *
  102: 
  103: Checks if $r->user contains a valid user.
  104: 
  105: =item *
  106: 
  107: Domain is set either from lonSSOUserDomain perlvar (if defined)
  108: or from lonDefDomain perlvar.
  109:  
  110: =item *
  111: 
  112: For a valid user a new session file and is created, and the corresponding 
  113: cookie is returned to the client in an Apache response header.
  114: 
  115: =back
  116: 
  117: =back
  118: 
  119: =cut
  120: 
  121: package Apache::lonwebdavacc;
  122: 
  123: use strict;
  124: use GDBM_File;
  125: use Apache::Constants qw(:common :http :methods);
  126: use Apache::lonnet;
  127: use LONCAPA qw(:DEFAULT :match);
  128: 
  129: sub handler {
  130:     my $r = shift;
  131:     my $timetolive = 600;
  132:     my $now = time;
  133:     my $sessiondir=$r->dir_config('lonDAVsessDir');
  134: 
  135:     my ($adom,$aname);
  136:     unless ($env{'user.environment'}) {
  137:         my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
  138:         if ($handle eq '') {
  139:             $handle = &sso_login($r,$sessiondir,$now,$timetolive);
  140:             if ($handle eq '') {
  141:                 return FORBIDDEN;
  142:             }
  143:         } else {
  144:             &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
  145:         }
  146:     }
  147:     my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'});
  148:     if ($uhome =~ /^(con_lost|no_host|no_such_host)$/) {
  149:         return FORBIDDEN;
  150:     }
  151: 
  152:     ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
  153:     my $docroot = $r->dir_config('lonDocRoot');
  154:     if ($adom eq '' || $aname eq '') {
  155:         return FORBIDDEN;
  156:     } elsif (!-d "$docroot/priv/$adom/$aname") {
  157:         return FORBIDDEN;
  158:     }
  159:     # FIXME method check for MKCOL MOVE PUT DELETE for *.log, *.bak
  160:     # FIXME method check for regexp for "version-style" names: /\.\d+\.\w+$/
  161:     # for MOVE PUT MKCOL 
  162:     if (($env{'user.name'} eq $aname) && ($env{'user.domain'} eq $adom)) {
  163:         if ($env{"user.role.au./$adom/"}) {
  164:             return OK;
  165:         }
  166:     } else {
  167:         if (($env{"user.role.ca./$adom/$aname"}) ||
  168:             (env{"user.role.aa./$adom/$aname"})) {
  169:             return OK;
  170:         }
  171:     }
  172:     return FORBIDDEN;
  173: }
  174: 
  175: sub sso_login {
  176:     my ($r,$sessiondir,$now,$timetolive) = @_;
  177:     my ($uname,$udom);
  178:     my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
  179:     unless ($uname =~ /^$match_username$/) {
  180:         return;
  181:     }
  182:     $udom = $r->dir_config('lonSSOUserDomain');
  183:     if ($udom eq '') {
  184:         $udom = $r->dir_config('lonDefDomain');
  185:     }
  186:     unless (($udom =~ /^$match_domain$/)) {
  187:         return;
  188:     }
  189:     my $uhome = &Apache::lonnet::homeserver($uname,$udom);
  190:     if ($uhome =~ /^(con_lost|no_host|no_such_host)$/) {
  191:         return;
  192:     }
  193:     my $handle = 
  194:         &Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom,
  195:                                                 $uhome,$now,$timetolive);
  196:     if ($handle ne '') {
  197:         my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
  198:         $r->header_out('Set-cookie' => $cookie);
  199:         $r->send_http_header;
  200:     }
  201:     return ($handle);
  202: }
  203: 
  204: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>