loncom/auth/lonwebdavauth.pm - diff

Return to lonwebdavauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonwebdavauth.pm between versions 1.1 and 1.6

version 1.1, 2012/02/27 03:06:33	version 1.6, 2016/08/16 20:17:49
Line 32 Apache::lonwebdavauth - webDAV Authentic	Line 32 Apache::lonwebdavauth - webDAV Authentic

=head1 SYNOPSIS	=head1 SYNOPSIS

Invoked for /+webdav/[\w\-]+/[\w\-]+/ by	Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by
/etc/httpd/conf/loncapa_apache.conf:	/etc/httpd/conf/loncapa_apache.conf:

PerlAuthenHandler Apache::lonwebdavauth	PerlAuthenHandler Apache::lonwebdavauth
Line 57 The perlvar "lonDAVsessDir" in /etc/http	Line 57 The perlvar "lonDAVsessDir" in /etc/http
provides the directory location: /home/httpd/webdav/sessionIDs.	provides the directory location: /home/httpd/webdav/sessionIDs.

If the session is stale, or the cookie is missing or invalid,	If the session is stale, or the cookie is missing or invalid,
the user is re-challenged for login information. If the perlvar	the user is re-challenged for login information, by sending
lonOtherAuthen has been set, Single Sign On will be used, otherwise	an Apache Basic Auth request to the client.
an Apache Basic Auth request will be sent to the client.

If Apache Basic Auth is used, successful authentication will	If Apache Basic Auth is successful authentication will
result in creation of a webDAV session file containing a	result in creation of a webDAV session file containing a
minimal set of information about the user which will also be	minimal set of information about the user which will also be
loaded into the user's environment. The environment persists	loaded into the user's environment. The environment persists
Line 87 Check for valid webDAV session	Line 86 Check for valid webDAV session

=item *	=item *

No session? - if SSO enabled: return DECLINED	No session? return AUTH_REQUIRED which will prompt
	webDAV client to authenticate user (via Apache Basic Auth).
=item *

No session? - if SSO not enabled: return AUTH_REQUIRED
which will prompt webDAV client to authenticate user
(via Apache Basic Auth).

=item *	=item *

Line 169 sub handler {	Line 163 sub handler {
if ($now-$sesstime < $timetolive) {	if ($now-$sesstime < $timetolive) {
if (&Apache::lonnet::homeserver($uname,$udom) eq $uhome) {	if (&Apache::lonnet::homeserver($uname,$udom) eq $uhome) {
&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);	&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
return OK;	if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
	return OK;
	} else {
	return FORBIDDEN;
	}
}	}
}	}
}	}
}	}

if ($r->dir_config('lonOtherAuthen') eq 'yes') {
if (defined($r->dir_config('lonOtherAuthenType'))) {
$r->auth_type($r->dir_config('lonOtherAuthenType'));
}
return DECLINED;
}

my ($status,$upass) = $r->get_basic_auth_pw;	my ($status,$upass) = $r->get_basic_auth_pw;
return $status unless ($status == 0 \|\| $status == OK);	return $status unless ($status == 0 \|\| $status == OK);

if ($r->user =~ /,/) {	if ($r->user =~ /,/) {
($uname,$udom) = split(/,/,$r->user);	($uname,$udom) = split(/,/,$r->user);
	$uname =~ s/^\s+//;
	$uname =~ s/\s+$//;
	$udom =~ s/^\s+//;
	$udom =~ s/\s+$//;
unless (($uname =~ /^$match_username$/) && ($udom =~ /^$match_domain$/)) {	unless (($uname =~ /^$match_username$/) && ($udom =~ /^$match_domain$/)) {
$r->note_basic_auth_failure;	$r->note_basic_auth_failure;
return AUTH_REQUIRED;	return AUTH_REQUIRED;
}	}
} else {	} else {
$uname = $r->user;	$uname = $r->user;
	$uname =~ s/^\s+//;
	$uname =~ s/\s+$//;
($udom) = ($r->uri =~ m{^/webdav/($match_domain)/});	($udom) = ($r->uri =~ m{^/webdav/($match_domain)/});
unless (($udom ne '' ) && ($uname =~ /^$match_username$/)) {	unless (($udom ne '' ) && ($uname =~ /^$match_username$/) && ($upass ne '')) {
$r->note_basic_auth_failure;	$r->note_basic_auth_failure;
return AUTH_REQUIRED;	return AUTH_REQUIRED;
}	}
Line 204 sub handler {	Line 201 sub handler {
my $uhome = &Apache::lonnet::authenticate($uname,$upass,$udom);	my $uhome = &Apache::lonnet::authenticate($uname,$upass,$udom);
if (($uhome ne 'no_host') &&	if (($uhome ne 'no_host') &&
(&Apache::lonnet::hostname($uhome) ne '')) {	(&Apache::lonnet::hostname($uhome) ne '')) {
$handle = &init_webdav_env($sessiondir,$uname,$udom,	my ($author) = ($r->uri =~ m{^/webdav/($match_domain/$match_username)/});
$uhome,$now,$timetolive);	$handle = &init_webdav_env($r,$sessiondir,$uname,$udom,
	$uhome,$now,$timetolive,$author);
if ($handle ne '') {	if ($handle ne '') {
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";	if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
$r->header_out('Set-cookie' => $cookie);	my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
$r->send_http_header;	$r->header_out('Set-cookie' => $cookie);
	$r->send_http_header;
	return OK;
	} else {
	return FORBIDDEN;
	}
}	}
return OK;
}	}
}	}
}	}
Line 220 sub handler {	Line 222 sub handler {
}	}

sub init_webdav_env {	sub init_webdav_env {
my ($sessiondir,$uname,$udom,$uhome,$now,$timetolive) = @_;	my ($r,$sessiondir,$uname,$udom,$uhome,$now,$timetolive,$author) = @_;
my $handle;	my $handle;
my $currnewest = 0;	my $currnewest = 0;
if ($sessiondir ne '') {	if ($sessiondir ne '') {
Line 257 sub init_webdav_env {	Line 259 sub init_webdav_env {
$disk_env{'user.name'} = $uname;	$disk_env{'user.name'} = $uname;
$disk_env{'user.domain'} = $udom;	$disk_env{'user.domain'} = $udom;
$disk_env{'user.home'} = $uhome;	$disk_env{'user.home'} = $uhome;
	my %userenv = &Apache::lonnet::get('environment',['inststatus','tools.webdav'],
	$udom,$uname);
	my ($tmp) = keys(%userenv);
	if ($tmp =~ /^(con_lost\|error\|no_such_host)/i) {
	$disk_env{'environment.inststatus'} = $userenv{'inststatus'};
	$disk_env{'environment.tools.webdav'} = $userenv{'tools.webdav'};
	}
$disk_env{'user.environment'} = $sessionfile;	$disk_env{'user.environment'} = $sessionfile;
my $possroles = ['au','ca','aa'];	my $possroles = ['au','ca','aa'];
my @possdoms = &Apache::lonnet::current_machine_domains();	my @possdoms = &Apache::lonnet::current_machine_domains();
my %cstr_roles =	my %cstr_roles =
&Apache::lonnet::get_my_roles($uname,$udom,'userroles',	&Apache::lonnet::get_my_roles($uname,$udom,'userroles',
undef,$possroles,\@possdoms);	undef,$possroles,\@possdoms);
foreach my $item (keys(%cstr_roles)) {	if (keys(%cstr_roles) > 0) {
my ($aname,$adom,$role) = split(/:/,$item);	$disk_env{'user.adv'} = 1;
if ($role eq 'au') {	$disk_env{'user.author'} = 1;
$disk_env{"user.role.$role./$adom/"} = $cstr_roles{$item};	foreach my $item (keys(%cstr_roles)) {
} else {	my ($aname,$adom,$role) = split(/:/,$item);
$disk_env{"user.role.$role./$adom/$aname"} = $cstr_roles{$item};	if ($role eq 'au') {
	$disk_env{"user.role.$role./$adom/"} = $cstr_roles{$item};
	} else {
	$disk_env{"user.role.$role./$adom/$aname"} = $cstr_roles{$item};
	}
}	}
}	}
	my %is_adv = ( is_adv => $disk_env{'user.adv'} );
	my %domdef = &Apache::lonnet::get_domain_defaults($udom);
	$disk_env{'environment.availabletools.webdav'} =
	&Apache::lonnet::usertools_access($uname,$udom,'webdav','reload',undef,
	\%userenv,\%domdef,\%is_adv);
@env{keys(%disk_env)} = @disk_env{keys(%disk_env)};	@env{keys(%disk_env)} = @disk_env{keys(%disk_env)};
untie(%disk_env);	untie(%disk_env);
	my $ip = $r->get_remote_host();
	&Apache::lonnet::log($udom,$uname,$uhome,
	"Login webdav/$author $ip");
}	}
return $handle;	return $handle;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1
changed lines
	Added in v.1.6