Annotation of loncom/auth/loncacc.pm, revision 1.20

1.1       albertel    1: # The LearningOnline Network
                      2: # Cookie Based Access Handler for Construction Area
                      3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
1.20    ! www         4: #
        !             5: # $Id: loncacc.pm,v 1.18 2001/12/21 16:57:54 harris41 Exp $
        !             6: #
        !             7: # Copyright Michigan State University Board of Trustees
        !             8: #
        !             9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
        !            10: #
        !            11: # LON-CAPA is free software; you can redistribute it and/or modify
        !            12: # it under the terms of the GNU General Public License as published by
        !            13: # the Free Software Foundation; either version 2 of the License, or
        !            14: # (at your option) any later version.
        !            15: #
        !            16: # LON-CAPA is distributed in the hope that it will be useful,
        !            17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
        !            18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        !            19: # GNU General Public License for more details.
        !            20: #
        !            21: # You should have received a copy of the GNU General Public License
        !            22: # along with LON-CAPA; if not, write to the Free Software
        !            23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
        !            24: #
        !            25: # /home/httpd/html/adm/gpl.txt
        !            26: #
        !            27: # http://www.lon-capa.org/
        !            28: #
        !            29: # YEAR=2000
1.4       www        30: # 6/15,16/11,22/11,
1.20    ! www        31: # YEAR=2001
1.15      www        32: # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26,
1.16      www        33: # 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer
1.20    ! www        34: # 12/21 Scott Harrison
        !            35: # YEAR=2002
        !            36: # 1/4 Gerd Kortemeyer
        !            37: ###
1.1       albertel   38: 
                     39: package Apache::loncacc;
                     40: 
                     41: use strict;
1.8       www        42: use Apache::Constants qw(:common :http :methods);
1.7       www        43: use Apache::File;
1.1       albertel   44: use CGI::Cookie();
1.14      www        45: use Fcntl qw(:flock);
1.1       albertel   46: 
1.15      www        47: sub constructaccess {
                     48:     my ($url,$ownerdomain)=@_;
1.16      www        49:     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)/);
1.15      www        50:     unless (($ownername) && ($ownerdomain)) { return ''; }
                     51: 
                     52:     if (($ownername eq $ENV{'user.name'}) &&
                     53:         ($ownerdomain eq $ENV{'user.domain'})) {
                     54: 	return ($ownername,$ownerdomain);
                     55:     }
                     56: 
                     57:     my $capriv='user.priv.ca./'.
                     58:                $ownerdomain.'/'.$ownername.'./'.
                     59: 	       $ownerdomain.'/'.$ownername;
1.20    ! www        60:     foreach (keys %ENV) {
1.15      www        61:         if ($_ eq $capriv) {
                     62:            return ($ownername,$ownerdomain);
                     63:         }
1.20    ! www        64:     }
1.15      www        65: 
                     66:     return '';
                     67: }
                     68: 
1.1       albertel   69: sub handler {
                     70:     my $r = shift;
                     71:     my $requrl=$r->uri;
                     72:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
                     73:     my $lonid=$cookies{'lonID'};
                     74:     my $cookie;
                     75:     if ($lonid) {
                     76: 	my $handle=$lonid->value;
                     77:         $handle=~s/\W//g;
                     78:         my $lonidsdir=$r->dir_config('lonIDsDir');
                     79:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.2       www        80:             my @profile;
                     81: 	    {
                     82:              my $idf=Apache::File->new("$lonidsdir/$handle.id");
1.14      www        83:              flock($idf,LOCK_SH);
1.2       www        84:              @profile=<$idf>;
1.14      www        85:              $idf->close();
1.2       www        86: 	    }
                     87:             my $envi;
                     88:             for ($envi=0;$envi<=$#profile;$envi++) {
                     89: 		chomp($profile[$envi]);
                     90: 		my ($envname,$envvalue)=split(/=/,$profile[$envi]);
1.9       www        91:                 $ENV{$envname} = $envvalue;
1.2       www        92:             }
1.9       www        93:             $ENV{'user.environment'} = "$lonidsdir/$handle.id";
                     94:             $ENV{'request.state'}    = "construct";
                     95:             $ENV{'request.filename'} = $r->filename;
1.15      www        96: 
                     97:             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
                     98:                 $r->log_reason("Unauthorized $requrl", $r->filename); 
                     99: 	        return HTTP_NOT_ACCEPTABLE;
                    100:             }
1.9       www       101: 
                    102: # -------------------------------------------------------- Load POST parameters
                    103: 
                    104: 
1.12      www       105:         my $buffer;
1.8       www       106: 
1.12      www       107:         $r->read($buffer,$r->header_in('Content-length'));
                    108: 
                    109: 	unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
1.5       www       110:             my @pairs=split(/&/,$buffer);
1.9       www       111:             my $pair;
1.5       www       112:             foreach $pair (@pairs) {
1.9       www       113:                my ($name,$value) = split(/=/,$pair);
1.6       www       114:                $value =~ tr/+/ /;
                    115:                $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.10      www       116:                $name  =~ tr/+/ /;
                    117:                $name  =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1.9       www       118:                $ENV{"form.$name"}=$value;
1.5       www       119:             } 
1.12      www       120:         } else {
                    121: 	    my $contentsep=$1;
                    122:             my @lines = split (/\n/,$buffer);
                    123:             my $name='';
                    124:             my $value='';
                    125:             my $fname='';
                    126:             my $fmime='';
                    127:             my $i;
                    128:             for ($i=0;$i<=$#lines;$i++) {
                    129: 		if ($lines[$i]=~/^$contentsep/) {
                    130: 		    if ($name) {
                    131:                         chomp($value);
                    132: 			if ($fname) {
                    133: 			    $ENV{"form.$name.filename"}=$fname;
                    134:                             $ENV{"form.$name.mimetype"}=$fmime;
1.13      www       135:                         } else {
                    136:                             $value=~s/\s+$//s;
1.12      www       137:                         }
1.13      www       138:                         $ENV{"form.$name"}=$value;
1.12      www       139:                     }
                    140:                     if ($i<$#lines) {
                    141: 			$i++;
                    142:                         $lines[$i]=~
                    143: 		 /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
                    144:                         $name=$1;
                    145:                         $value='';
                    146:                         if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
                    147: 			   $fname=$1;
                    148:                            if 
                    149:                             ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
                    150: 			      $fmime=$1;
                    151:                               $i++;
                    152: 			   } else {
                    153:                               $fmime='';
                    154:                            }
                    155:                         } else {
                    156: 			    $fname='';
                    157:                             $fmime='';
                    158:                         }
                    159:                         $i++;
                    160:                     }
                    161:                 } else {
                    162: 		    $value.=$lines[$i]."\n";
                    163:                 }
                    164:             }
                    165: 	}
1.20    ! www       166:             $ENV{'request.method'}=$ENV{'REQUEST_METHOD'};
1.8       www       167:             $r->method_number(M_GET);
                    168: 	    $r->method('GET');
                    169:             $r->headers_in->unset('Content-length');
                    170: 
1.1       albertel  171:             return OK; 
                    172:         } else { 
                    173:             $r->log_reason("Cookie $handle not valid", $r->filename) 
                    174:         };
                    175:     }
1.6       www       176: 
                    177: # ----------------------------------------------- Store where they wanted to go
                    178: 
                    179:     $ENV{'request.firsturl'}=$requrl;
1.1       albertel  180:     return FORBIDDEN;
                    181: }
                    182: 
                    183: 1;
                    184: __END__
                    185: 
1.20    ! www       186: =head1 NAME
        !           187: 
        !           188: Apache::lonacc - Cookie Based Access Handler for Construction Area
        !           189: 
        !           190: =head1 SYNOPSIS
        !           191: 
        !           192: Invoked (for various locations) by /etc/httpd/conf/srm.conf:
        !           193: 
        !           194:  PerlAccessHandler       Apache::loncacc
        !           195: 
        !           196: =head1 INTRODUCTION
        !           197: 
        !           198: This module enables cookie based authentication for construction area
        !           199: and is used to control access for three (essentially equivalent) URIs.
        !           200: 
        !           201:  <LocationMatch "^/priv.*">
        !           202:  <LocationMatch "^/\~.*">
        !           203:  <LocationMatch "^/\~.*/$">
        !           204: 
        !           205: Whenever the client sends the cookie back to the server, 
        !           206: if the cookie is missing or invalid, the user is re-challenged
        !           207: for login information.
        !           208: 
        !           209: This is part of the LearningOnline Network with CAPA project
        !           210: described at http://www.lon-capa.org.
        !           211: 
        !           212: =head1 HANDLER SUBROUTINE
        !           213: 
        !           214: This routine is called by Apache and mod_perl.
        !           215: 
        !           216: =over 4
        !           217: 
        !           218: =item *
        !           219: 
        !           220: load POST parameters
        !           221: 
        !           222: =item *
        !           223: 
        !           224: store where they wanted to go (first url entered)
        !           225: 
        !           226: =back
        !           227: 
        !           228: =head1 OTHERSUBROUTINES
        !           229: 
        !           230: =over 4
        !           231: 
        !           232: =item *
        !           233: 
        !           234: constructaccess($url,$ownerdomain) : See if the owner domain and name
        !           235: in the URL match those in the expected environment.  If so, return 
        !           236: two element list ($ownername,$ownerdomain).  Else, return null string.
        !           237: 
        !           238: =back
        !           239: 
        !           240: =cut
1.1       albertel  241: 
                    242: 
                    243: 
                    244: 
                    245: 
                    246: 
                    247: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>