Annotation of loncom/auth/loncacc.pm, revision 1.28

1.1       albertel    1: # The LearningOnline Network
                      2: # Cookie Based Access Handler for Construction Area
                      3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
1.20      www         4: #
1.28    ! www         5: # $Id: loncacc.pm,v 1.27 2003/05/06 21:45:25 albertel Exp $
1.20      www         6: #
                      7: # Copyright Michigan State University Board of Trustees
                      8: #
                      9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                     10: #
                     11: # LON-CAPA is free software; you can redistribute it and/or modify
                     12: # it under the terms of the GNU General Public License as published by
                     13: # the Free Software Foundation; either version 2 of the License, or
                     14: # (at your option) any later version.
                     15: #
                     16: # LON-CAPA is distributed in the hope that it will be useful,
                     17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     19: # GNU General Public License for more details.
                     20: #
                     21: # You should have received a copy of the GNU General Public License
                     22: # along with LON-CAPA; if not, write to the Free Software
                     23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     24: #
                     25: # /home/httpd/html/adm/gpl.txt
                     26: #
                     27: # http://www.lon-capa.org/
                     28: #
                     29: # YEAR=2000
1.4       www        30: # 6/15,16/11,22/11,
1.20      www        31: # YEAR=2001
1.15      www        32: # 01/06,01/11,6/1,9/25,9/28,11/22,12/25,12/26,
1.16      www        33: # 01/06/01,05/04,05/05,05/09 Gerd Kortemeyer
1.20      www        34: # YEAR=2002
                     35: # 1/4 Gerd Kortemeyer
                     36: ###
1.1       albertel   37: 
                     38: package Apache::loncacc;
                     39: 
                     40: use strict;
1.26      www        41: use Apache::Constants qw(:common :http :methods REDIRECT);
1.7       www        42: use Apache::File;
1.1       albertel   43: use CGI::Cookie();
1.14      www        44: use Fcntl qw(:flock);
1.1       albertel   45: 
1.15      www        46: sub constructaccess {
                     47:     my ($url,$ownerdomain)=@_;
1.16      www        48:     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)/);
1.15      www        49:     unless (($ownername) && ($ownerdomain)) { return ''; }
1.24      matthew    50:     # We do not allow editing of previous versions of files.
                     51:     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
1.15      www        52:     if (($ownername eq $ENV{'user.name'}) &&
                     53:         ($ownerdomain eq $ENV{'user.domain'})) {
                     54: 	return ($ownername,$ownerdomain);
                     55:     }
                     56: 
                     57:     my $capriv='user.priv.ca./'.
                     58:                $ownerdomain.'/'.$ownername.'./'.
                     59: 	       $ownerdomain.'/'.$ownername;
1.20      www        60:     foreach (keys %ENV) {
1.15      www        61:         if ($_ eq $capriv) {
                     62:            return ($ownername,$ownerdomain);
                     63:         }
1.20      www        64:     }
1.15      www        65: 
                     66:     return '';
                     67: }
                     68: 
1.1       albertel   69: sub handler {
                     70:     my $r = shift;
                     71:     my $requrl=$r->uri;
1.22      www        72:     $ENV{'request.editurl'}=$requrl;
1.1       albertel   73:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
                     74:     my $lonid=$cookies{'lonID'};
                     75:     my $cookie;
                     76:     if ($lonid) {
                     77: 	my $handle=$lonid->value;
                     78:         $handle=~s/\W//g;
                     79:         my $lonidsdir=$r->dir_config('lonIDsDir');
                     80:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.28    ! www        81: 
        !            82: # ------------------------------------------------------ Initialize Environment
        !            83: 
        !            84:             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
        !            85: 
        !            86: # -------------------------------------------------------------- Resource State
        !            87: 
1.9       www        88:             $ENV{'request.state'}    = "construct";
                     89:             $ENV{'request.filename'} = $r->filename;
1.15      www        90: 
                     91:             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
                     92:                 $r->log_reason("Unauthorized $requrl", $r->filename); 
                     93: 	        return HTTP_NOT_ACCEPTABLE;
1.26      www        94:             }
                     95: # Construction space needs Remote to work
                     96:             if ($ENV{'environment.remote'} eq 'off') {
                     97: 	        $r->content_type('text/html');
                     98:                 $r->header_out(Location => 
                     99:                     'http://'.$r->server->server_hostname.
                    100:                     '/adm/remote?action=launch&url='.
                    101:                     &Apache::lonnet::escape($requrl));
                    102:                 return REDIRECT;
1.15      www       103:             }
1.9       www       104: 
                    105: # -------------------------------------------------------- Load POST parameters
                    106: 
1.28    ! www       107: 	    &Apache::loncommon::get_posted_cgi($r);
1.8       www       108: 
1.1       albertel  109:             return OK; 
                    110:         } else { 
                    111:             $r->log_reason("Cookie $handle not valid", $r->filename) 
                    112:         };
                    113:     }
1.6       www       114: 
                    115: # ----------------------------------------------- Store where they wanted to go
                    116: 
                    117:     $ENV{'request.firsturl'}=$requrl;
1.1       albertel  118:     return FORBIDDEN;
                    119: }
                    120: 
                    121: 1;
                    122: __END__
                    123: 
1.20      www       124: =head1 NAME
                    125: 
                    126: Apache::lonacc - Cookie Based Access Handler for Construction Area
                    127: 
                    128: =head1 SYNOPSIS
                    129: 
1.23      albertel  130: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf:
1.20      www       131: 
                    132:  PerlAccessHandler       Apache::loncacc
                    133: 
                    134: =head1 INTRODUCTION
                    135: 
                    136: This module enables cookie based authentication for construction area
                    137: and is used to control access for three (essentially equivalent) URIs.
                    138: 
                    139:  <LocationMatch "^/priv.*">
                    140:  <LocationMatch "^/\~.*">
                    141:  <LocationMatch "^/\~.*/$">
                    142: 
                    143: Whenever the client sends the cookie back to the server, 
                    144: if the cookie is missing or invalid, the user is re-challenged
                    145: for login information.
                    146: 
                    147: This is part of the LearningOnline Network with CAPA project
                    148: described at http://www.lon-capa.org.
                    149: 
                    150: =head1 HANDLER SUBROUTINE
                    151: 
                    152: This routine is called by Apache and mod_perl.
                    153: 
                    154: =over 4
                    155: 
                    156: =item *
                    157: 
                    158: load POST parameters
                    159: 
                    160: =item *
                    161: 
                    162: store where they wanted to go (first url entered)
                    163: 
                    164: =back
                    165: 
                    166: =head1 OTHERSUBROUTINES
                    167: 
                    168: =over 4
                    169: 
                    170: =item *
                    171: 
                    172: constructaccess($url,$ownerdomain) : See if the owner domain and name
                    173: in the URL match those in the expected environment.  If so, return 
                    174: two element list ($ownername,$ownerdomain).  Else, return null string.
                    175: 
                    176: =back
                    177: 
                    178: =cut
1.1       albertel  179: 
                    180: 
                    181: 
                    182: 
                    183: 
                    184: 
                    185: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>