--- loncom/auth/lonwebdavauth.pm 2012/02/27 03:06:33 1.1 +++ loncom/auth/lonwebdavauth.pm 2015/05/29 20:00:49 1.4 @@ -1,7 +1,7 @@ # The LearningOnline Network # Authentication Handler for webDAV access to Authoring Space. # -# $Id: lonwebdavauth.pm,v 1.1 2012/02/27 03:06:33 raeburn Exp $ +# $Id: lonwebdavauth.pm,v 1.4 2015/05/29 20:00:49 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -32,7 +32,7 @@ Apache::lonwebdavauth - webDAV Authentic =head1 SYNOPSIS -Invoked for /+webdav/[\w\-]+/[\w\-]+/ by +Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by /etc/httpd/conf/loncapa_apache.conf: PerlAuthenHandler Apache::lonwebdavauth @@ -57,11 +57,10 @@ The perlvar "lonDAVsessDir" in /etc/http provides the directory location: /home/httpd/webdav/sessionIDs. If the session is stale, or the cookie is missing or invalid, -the user is re-challenged for login information. If the perlvar -lonOtherAuthen has been set, Single Sign On will be used, otherwise -an Apache Basic Auth request will be sent to the client. +the user is re-challenged for login information, by sending +an Apache Basic Auth request to the client. -If Apache Basic Auth is used, successful authentication will +If Apache Basic Auth is successful authentication will result in creation of a webDAV session file containing a minimal set of information about the user which will also be loaded into the user's environment. The environment persists @@ -87,13 +86,8 @@ Check for valid webDAV session =item * -No session? - if SSO enabled: return DECLINED - -=item * - -No session? - if SSO not enabled: return AUTH_REQUIRED -which will prompt webDAV client to authenticate user -(via Apache Basic Auth). +No session? return AUTH_REQUIRED which will prompt +webDAV client to authenticate user (via Apache Basic Auth). =item * @@ -169,19 +163,16 @@ sub handler { if ($now-$sesstime < $timetolive) { if (&Apache::lonnet::homeserver($uname,$udom) eq $uhome) { &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle); - return OK; + if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) { + return OK; + } else { + return FORBIDDEN; + } } } } } - if ($r->dir_config('lonOtherAuthen') eq 'yes') { - if (defined($r->dir_config('lonOtherAuthenType'))) { - $r->auth_type($r->dir_config('lonOtherAuthenType')); - } - return DECLINED; - } - my ($status,$upass) = $r->get_basic_auth_pw; return $status unless ($status == 0 || $status == OK); @@ -194,7 +185,7 @@ sub handler { } else { $uname = $r->user; ($udom) = ($r->uri =~ m{^/webdav/($match_domain)/}); - unless (($udom ne '' ) && ($uname =~ /^$match_username$/)) { + unless (($udom ne '' ) && ($uname =~ /^$match_username$/) && ($upass ne '')) { $r->note_basic_auth_failure; return AUTH_REQUIRED; } @@ -204,14 +195,19 @@ sub handler { my $uhome = &Apache::lonnet::authenticate($uname,$upass,$udom); if (($uhome ne 'no_host') && (&Apache::lonnet::hostname($uhome) ne '')) { - $handle = &init_webdav_env($sessiondir,$uname,$udom, - $uhome,$now,$timetolive); + my ($author) = ($r->uri =~ m{^/webdav/($match_domain/$match_username)/}); + $handle = &init_webdav_env($r,$sessiondir,$uname,$udom, + $uhome,$now,$timetolive,$author); if ($handle ne '') { - my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; - $r->header_out('Set-cookie' => $cookie); - $r->send_http_header; + if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) { + my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; + $r->header_out('Set-cookie' => $cookie); + $r->send_http_header; + return OK; + } else { + return FORBIDDEN; + } } - return OK; } } } @@ -220,7 +216,7 @@ sub handler { } sub init_webdav_env { - my ($sessiondir,$uname,$udom,$uhome,$now,$timetolive) = @_; + my ($r,$sessiondir,$uname,$udom,$uhome,$now,$timetolive,$author) = @_; my $handle; my $currnewest = 0; if ($sessiondir ne '') { @@ -257,22 +253,45 @@ sub init_webdav_env { $disk_env{'user.name'} = $uname; $disk_env{'user.domain'} = $udom; $disk_env{'user.home'} = $uhome; + my %userenv = &Apache::lonnet::get('environment',['inststatus','tools.webdav'], + $udom,$uname); + my ($tmp) = keys(%userenv); + if ($tmp =~ /^(con_lost|error|no_such_host)/i) { + $disk_env{'environment.inststatus'} = $userenv{'inststatus'}; + $disk_env{'environment.tools.webdav'} = $userenv{'tools.webdav'}; + } $disk_env{'user.environment'} = $sessionfile; my $possroles = ['au','ca','aa']; my @possdoms = &Apache::lonnet::current_machine_domains(); my %cstr_roles = &Apache::lonnet::get_my_roles($uname,$udom,'userroles', undef,$possroles,\@possdoms); - foreach my $item (keys(%cstr_roles)) { - my ($aname,$adom,$role) = split(/:/,$item); - if ($role eq 'au') { - $disk_env{"user.role.$role./$adom/"} = $cstr_roles{$item}; - } else { - $disk_env{"user.role.$role./$adom/$aname"} = $cstr_roles{$item}; + if (keys(%cstr_roles) > 0) { + $disk_env{'user.adv'} = 1; + $disk_env{'user.author'} = 1; + foreach my $item (keys(%cstr_roles)) { + my ($aname,$adom,$role) = split(/:/,$item); + if ($role eq 'au') { + $disk_env{"user.role.$role./$adom/"} = $cstr_roles{$item}; + } else { + $disk_env{"user.role.$role./$adom/$aname"} = $cstr_roles{$item}; + } } } + my %is_adv = ( is_adv => $disk_env{'user.adv'} ); + my %domdef = &Apache::lonnet::get_domain_defaults($udom); + $disk_env{'environment.availabletools.webdav'} = + &Apache::lonnet::usertools_access($uname,$udom,'webdav','reload',undef, + \%userenv,\%domdef,\%is_adv); @env{keys(%disk_env)} = @disk_env{keys(%disk_env)}; untie(%disk_env); + my $ip; + my $c = $r->connection; + if (ref($c)) { + $ip = $c->remote_ip; + } + &Apache::lonnet::log($udom,$uname,$uhome, + "Login webdav/$author $ip"); } return $handle; }