Annotation of loncom/auth/loncacc.pm, revision 1.39

1.1       albertel    1: # The LearningOnline Network
                      2: # Cookie Based Access Handler for Construction Area
                      3: # (lonacc: 5/21/99,5/22,5/29,5/31 Gerd Kortemeyer)
1.20      www         4: #
1.39    ! www         5: # $Id: loncacc.pm,v 1.38 2005/04/07 06:56:21 albertel Exp $
1.20      www         6: #
                      7: # Copyright Michigan State University Board of Trustees
                      8: #
                      9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                     10: #
                     11: # LON-CAPA is free software; you can redistribute it and/or modify
                     12: # it under the terms of the GNU General Public License as published by
                     13: # the Free Software Foundation; either version 2 of the License, or
                     14: # (at your option) any later version.
                     15: #
                     16: # LON-CAPA is distributed in the hope that it will be useful,
                     17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     19: # GNU General Public License for more details.
                     20: #
                     21: # You should have received a copy of the GNU General Public License
                     22: # along with LON-CAPA; if not, write to the Free Software
                     23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     24: #
                     25: # /home/httpd/html/adm/gpl.txt
                     26: #
                     27: # http://www.lon-capa.org/
                     28: #
1.1       albertel   29: 
                     30: package Apache::loncacc;
                     31: 
                     32: use strict;
1.26      www        33: use Apache::Constants qw(:common :http :methods REDIRECT);
1.7       www        34: use Apache::File;
1.1       albertel   35: use CGI::Cookie();
1.14      www        36: use Fcntl qw(:flock);
1.30      www        37: use Apache::lonlocal;
1.38      albertel   38: use Apache::lonnet;
1.33      albertel   39: 
1.1       albertel   40: 
1.15      www        41: sub constructaccess {
                     42:     my ($url,$ownerdomain)=@_;
1.32      www        43:     my ($ownername)=($url=~/\/(?:\~|priv\/|home\/)(\w+)\//);
1.15      www        44:     unless (($ownername) && ($ownerdomain)) { return ''; }
1.24      matthew    45:     # We do not allow editing of previous versions of files.
                     46:     if ($url=~/\.(\d+)\.(\w+)$/) { return ''; }
1.33      albertel   47:     my @possibledomains = &Apache::lonnet::current_machine_domains();
1.38      albertel   48:     if ($ownername eq $env{'user.name'}) {
1.33      albertel   49: 	foreach my $domain (@possibledomains) {
1.38      albertel   50: 	    if ($domain eq $env{'user.domain'}) {
1.33      albertel   51: 		return ($ownername,$domain);
                     52: 	    }
                     53: 	}
1.15      www        54:     }
1.33      albertel   55:     
                     56:     foreach my $domain (@possibledomains) {
                     57: 	my $capriv='user.priv.ca./'.$domain.'/'.$ownername.'./';
1.38      albertel   58: 	foreach (keys %env) {
1.33      albertel   59: 	    if ($_ eq $capriv) {
                     60: 		return ($ownername,$domain);
                     61: 	    }
                     62: 	}
1.39    ! www        63: 	my $aapriv='user.priv.aa./'.$domain.'/'.$ownername.'./';
        !            64: 	foreach (keys %env) {
        !            65: 	    if ($_ eq $aapriv) {
        !            66: 		return ($ownername,$domain);
        !            67: 	    }
        !            68: 	}
1.20      www        69:     }
1.15      www        70:     return '';
                     71: }
                     72: 
1.1       albertel   73: sub handler {
                     74:     my $r = shift;
                     75:     my $requrl=$r->uri;
1.38      albertel   76:     $env{'request.editurl'}=$requrl;
1.1       albertel   77:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
                     78:     my $lonid=$cookies{'lonID'};
                     79:     my $cookie;
                     80:     if ($lonid) {
                     81: 	my $handle=$lonid->value;
                     82:         $handle=~s/\W//g;
                     83:         my $lonidsdir=$r->dir_config('lonIDsDir');
                     84:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
1.28      www        85: 
                     86: # ------------------------------------------------------ Initialize Environment
                     87: 
                     88:             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
1.30      www        89: 
                     90: # --------------------------------------------------------- Initialize Language
                     91:  
1.31      www        92:  	    &Apache::lonlocal::get_language_handle($r);
1.28      www        93: 
                     94: # -------------------------------------------------------------- Resource State
                     95: 
1.38      albertel   96:             $env{'request.state'}    = "construct";
                     97:             $env{'request.filename'} = $r->filename;
1.15      www        98: 
                     99:             unless (&constructaccess($requrl,$r->dir_config('lonDefDomain'))) {
                    100:                 $r->log_reason("Unauthorized $requrl", $r->filename); 
                    101: 	        return HTTP_NOT_ACCEPTABLE;
1.26      www       102:             }
1.9       www       103: 
                    104: # -------------------------------------------------------- Load POST parameters
                    105: 
1.28      www       106: 	    &Apache::loncommon::get_posted_cgi($r);
1.8       www       107: 
1.1       albertel  108:             return OK; 
                    109:         } else { 
                    110:             $r->log_reason("Cookie $handle not valid", $r->filename) 
                    111:         };
                    112:     }
1.6       www       113: 
                    114: # ----------------------------------------------- Store where they wanted to go
                    115: 
1.38      albertel  116:     $env{'request.firsturl'}=$requrl;
1.1       albertel  117:     return FORBIDDEN;
                    118: }
                    119: 
                    120: 1;
                    121: __END__
                    122: 
1.20      www       123: =head1 NAME
                    124: 
                    125: Apache::lonacc - Cookie Based Access Handler for Construction Area
                    126: 
                    127: =head1 SYNOPSIS
                    128: 
1.23      albertel  129: Invoked (for various locations) by /etc/httpd/conf/loncapa_apache.conf:
1.20      www       130: 
                    131:  PerlAccessHandler       Apache::loncacc
                    132: 
                    133: =head1 INTRODUCTION
                    134: 
                    135: This module enables cookie based authentication for construction area
                    136: and is used to control access for three (essentially equivalent) URIs.
                    137: 
                    138:  <LocationMatch "^/priv.*">
                    139:  <LocationMatch "^/\~.*">
                    140:  <LocationMatch "^/\~.*/$">
                    141: 
                    142: Whenever the client sends the cookie back to the server, 
                    143: if the cookie is missing or invalid, the user is re-challenged
                    144: for login information.
                    145: 
                    146: This is part of the LearningOnline Network with CAPA project
                    147: described at http://www.lon-capa.org.
                    148: 
                    149: =head1 HANDLER SUBROUTINE
                    150: 
                    151: This routine is called by Apache and mod_perl.
                    152: 
                    153: =over 4
                    154: 
                    155: =item *
                    156: 
                    157: load POST parameters
                    158: 
                    159: =item *
                    160: 
                    161: store where they wanted to go (first url entered)
                    162: 
                    163: =back
                    164: 
                    165: =head1 OTHERSUBROUTINES
                    166: 
                    167: =over 4
                    168: 
                    169: =item *
                    170: 
                    171: constructaccess($url,$ownerdomain) : See if the owner domain and name
                    172: in the URL match those in the expected environment.  If so, return 
                    173: two element list ($ownername,$ownerdomain).  Else, return null string.
                    174: 
                    175: =back
                    176: 
                    177: =cut
1.1       albertel  178: 
                    179: 
                    180: 
                    181: 
                    182: 
                    183: 
                    184: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>