# The LearningOnline Network # Access Handler for File Transfers # # $Id: lonracc.pm,v 1.10 2003/05/27 18:31:31 albertel Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # # (lonacc: Cookie Based Access Handler # 5/21/99,5/22,5/29,5/31,6/15 Gerd Kortemeyer) # 6/16,6/18,7/3, # 6/30/00 Gerd Kortemeyer package Apache::lonracc; use strict; use Apache::Constants qw(:common :remotehost); use Apache::lonnet(); use Apache::File(); sub subscribed { my ($filename,$id) = @_; my $found=0; my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':'; $expr =~ s/\./\\\./g; my $sh; if ($sh=Apache::File->new("$filename.subscription")) { while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } } $sh->close(); } return $found; } sub handler { my $r = shift; my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV); if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { $reqhost = $r->get_server_name(); } unless ($reqhost) { $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'}); return FORBIDDEN; } my $readline; my $lontabdir=$r->dir_config('lonTabDir'); { my $fh; unless ($fh=Apache::File->new("$lontabdir/hosts.tab")) { $r->log_reason("Could not find host tab file"); return FORBIDDEN; } my $return; my @ids=(); while ($readline=<$fh>) { my ($id,$domain,$role,$name,$ip)=split(/:/,$readline); if ($name =~ /$reqhost/i) { my $filename=$r->filename; if ((-e "$filename.$id") || &subscribed($filename,$id) || ($filename=~/\.meta$/)) { return OK; } else { $return=FORBIDDEN; push(@ids,$id); } } } if ($return == FORBIDDEN) { $r->log_reason(join(':',@ids)." not subscribed", $r->filename); return FORBIDDEN; } } $r->log_reason("Invalid request for file transfer from $reqhost", $r->filename); return FORBIDDEN; } 1; __END__ =head1 NAME Apache::lonracc - Access Handler for File Transfers =head1 SYNOPSIS Invoked by /etc/httpd/conf/loncapa.conf: PerlAccessHandler Apache::lonracc =head1 INTRODUCTION This module enables authentication for file transfers and works against the /res tree. Only lond invokes the /raw namespace through its subscribe function. This is part of the LearningOnline Network with CAPA project described at http://www.lon-capa.org. =head1 HANDLER SUBROUTINE This routine is called by Apache and mod_perl. =over 4 =item * Determine requesting host =item * See whether or not the requesting host is subscribed. =item * Respond with status of request and make log entry in case of unallowed access. =back =cut