Annotation of nsdl/nsdlloncapaorg/lonacc.pm, revision 1.1
1.1 ! www 1: # The LearningOnline Network
! 2: # Cookie Based Access Handler
! 3: #
! 4: # $Id: lonacc.pm,v 1.46 2003/05/13 00:52:46 www Exp $
! 5: #
! 6: # Copyright Michigan State University Board of Trustees
! 7: #
! 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 9: #
! 10: # LON-CAPA is free software; you can redistribute it and/or modify
! 11: # it under the terms of the GNU General Public License as published by
! 12: # the Free Software Foundation; either version 2 of the License, or
! 13: # (at your option) any later version.
! 14: #
! 15: # LON-CAPA is distributed in the hope that it will be useful,
! 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 18: # GNU General Public License for more details.
! 19: #
! 20: # You should have received a copy of the GNU General Public License
! 21: # along with LON-CAPA; if not, write to the Free Software
! 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 23: #
! 24: # /home/httpd/html/adm/gpl.txt
! 25: #
! 26: # http://www.lon-capa.org/
! 27: #
! 28: # YEAR=1999
! 29: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
! 30: # YEAR=2000
! 31: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
! 32: # 12/25,12/26,
! 33: # YEAR=2001
! 34: # 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
! 35: # YEAR=2002
! 36: # 1/4,2/25 Gerd Kortemeyer
! 37: #
! 38: ###
! 39:
! 40: package Apache::lonacc;
! 41:
! 42: use strict;
! 43: use Apache::Constants qw(:common :http :methods);
! 44: use Apache::File;
! 45: use Apache::lonnet;
! 46: use Apache::loncommon();
! 47: use CGI::Cookie();
! 48: use Fcntl qw(:flock);
! 49:
! 50: sub handler {
! 51: my $r = shift;
! 52: my $requrl=$r->uri;
! 53: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
! 54: if ($r->header_in('User-Agent')=~/NSDL\_Search\_Bot/) {
! 55: return OK;
! 56: }
! 57: my $lonid=$cookies{'lonID'};
! 58: my $cookie;
! 59: if ($lonid) {
! 60: my $handle=$lonid->value;
! 61: $handle=~s/\W//g;
! 62: my $lonidsdir=$r->dir_config('lonIDsDir');
! 63: if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
! 64:
! 65: # ------------------------------------------------------ Initialize Environment
! 66:
! 67: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
! 68:
! 69: # -------------------------------------------------------------- Resource State
! 70:
! 71: if ($requrl=~/^\/res\//) {
! 72: $ENV{'request.state'} = "published";
! 73: } else {
! 74: $ENV{'request.state'} = 'unknown';
! 75: }
! 76: $ENV{'request.filename'} = $r->filename;
! 77:
! 78: # -------------------------------------------------------- Load POST parameters
! 79:
! 80: &Apache::loncommon::get_posted_cgi($r);
! 81:
! 82: # ---------------------------------------------------------------- Check access
! 83:
! 84: if ($requrl!~/^\/adm|public|prtspool\//) {
! 85: my $access=&Apache::lonnet::allowed('bre',$requrl);
! 86: if ($access eq '1') {
! 87: $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
! 88: return HTTP_NOT_ACCEPTABLE;
! 89: }
! 90: if (($access ne '2') && ($access ne 'F')) {
! 91: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
! 92: return HTTP_NOT_ACCEPTABLE;
! 93: }
! 94: }
! 95: if ($requrl =~ m|^/prtspool/|) {
! 96: my $start='/prtspool/'.$ENV{'user.name'}.'_'.
! 97: $ENV{'user.domain'};
! 98: if ($requrl !~ /^\Q$start\E/) {
! 99: $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
! 100: return HTTP_NOT_ACCEPTABLE;
! 101: }
! 102: }
! 103: # ------------------------------------------------------------- This is allowed
! 104: if ($ENV{'request.course.id'}) {
! 105: &Apache::lonnet::countacc($requrl);
! 106: $requrl=~/\.(\w+)$/;
! 107: if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
! 108: ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) ||
! 109: ($requrl=~/^\/adm\/wrapper\//) ||
! 110: ($requrl=~/^\/public\/.*\/syllabus$/)) {
! 111: # ------------------------------------- This is serious stuff, get symb and log
! 112: my $query=$r->args;
! 113: my $symb;
! 114: if ($query) {
! 115: &Apache::loncommon::get_unprocessed_cgi($query,['symb']);
! 116: }
! 117: if ($ENV{'form.symb'}) {
! 118: $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
! 119: if (&Apache::lonnet::symbverify($symb,$requrl)) {
! 120: my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
! 121: &Apache::lonnet::symblist($map,$murl => $mid,
! 122: 'last_known' => $murl);
! 123: } else {
! 124: $r->log_reason('Invalid symb for '.$requrl.': '.
! 125: $symb);
! 126: $ENV{'user.error.msg'}=
! 127: "$requrl:bre:1:1:Invalid Access";
! 128: return HTTP_NOT_ACCEPTABLE;
! 129: }
! 130: } else {
! 131: $symb=&Apache::lonnet::symbread($requrl);
! 132: my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
! 133: &Apache::lonnet::symblist($map,$murl => $mid,
! 134: 'last_known' => $murl);
! 135: }
! 136: $ENV{'request.symb'}=$symb;
! 137: &Apache::lonnet::courseacclog($symb);
! 138: } else {
! 139: # ------------------------------------------------------- This is other content
! 140: &Apache::lonnet::courseacclog($requrl);
! 141: }
! 142: }
! 143: return OK;
! 144: } else {
! 145: $r->log_reason("Cookie $handle not valid", $r->filename)
! 146: };
! 147: }
! 148:
! 149: # -------------------------------------------- See if this is a public resource
! 150: if ($requrl=~m|^/public/|
! 151: || (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
! 152: &Apache::lonnet::logthis('Granting public access: '.$requrl);
! 153: my $buffer;
! 154: $r->read($buffer,$r->header_in('Content-length'),0);
! 155: &Apache::loncommon::get_unprocessed_cgi($buffer);
! 156: $ENV{'user.name'}='public';
! 157: $ENV{'user.domain'}='public';
! 158: $ENV{'request.state'} = "published";
! 159: $ENV{'request.publicaccess'} = 1;
! 160: $ENV{'request.filename'} = $r->filename;
! 161: return OK;
! 162: }
! 163: # -------------------------------------------------------------- Not authorized
! 164: $requrl=~/\.(\w+)$/;
! 165: if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
! 166: ($requrl=~/^\/adm\/(roles|logout|email|menu|remote)/) ||
! 167: ($requrl=~m|^/prtspool/|)) {
! 168: # -------------------------- Store where they wanted to go and get login screen
! 169: $ENV{'request.querystring'}=$r->args;
! 170: $ENV{'request.firsturl'}=$requrl;
! 171: return FORBIDDEN;
! 172: } else {
! 173: # --------------------------------------------------------------------- Goodbye
! 174: return HTTP_BAD_REQUEST;
! 175: }
! 176: }
! 177:
! 178: 1;
! 179: __END__
! 180:
! 181: =head1 NAME
! 182:
! 183: Apache::lonacc - Cookie Based Access Handler
! 184:
! 185: =head1 SYNOPSIS
! 186:
! 187: Invoked (for various locations) by /etc/httpd/conf/srm.conf:
! 188:
! 189: PerlAccessHandler Apache::lonacc
! 190:
! 191: =head1 INTRODUCTION
! 192:
! 193: This module enables cookie based authentication and is used
! 194: to control access for many different LON-CAPA URIs.
! 195:
! 196: Whenever the client sends the cookie back to the server,
! 197: this cookie is handled by either lonacc.pm or loncacc.pm
! 198: (see srm.conf for what is invoked when). If
! 199: the cookie is missing or invalid, the user is re-challenged
! 200: for login information.
! 201:
! 202: This is part of the LearningOnline Network with CAPA project
! 203: described at http://www.lon-capa.org.
! 204:
! 205: =head1 HANDLER SUBROUTINE
! 206:
! 207: This routine is called by Apache and mod_perl.
! 208:
! 209: =over 4
! 210:
! 211: =item *
! 212:
! 213: transfer profile into environment
! 214:
! 215: =item *
! 216:
! 217: load POST parameters
! 218:
! 219: =item *
! 220:
! 221: check access
! 222:
! 223: =item *
! 224:
! 225: if allowed, get symb, log, generate course statistics if applicable
! 226:
! 227: =item *
! 228:
! 229: otherwise return error
! 230:
! 231: =item *
! 232:
! 233: see if public resource
! 234:
! 235: =item *
! 236:
! 237: store attempted access
! 238:
! 239: =back
! 240:
! 241: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / nsdl / nsdlloncapaorg