Annotation of loncom/auth/lonracc.pm, revision 1.13

1.1       albertel    1: # The LearningOnline Network
                      2: # Access Handler for File Transfers
1.3       www         3: #
1.13    ! www         4: # $Id: lonracc.pm,v 1.12 2004/04/26 00:07:29 www Exp $
1.3       www         5: #
                      6: # Copyright Michigan State University Board of Trustees
                      7: #
                      8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
                      9: #
                     10: # LON-CAPA is free software; you can redistribute it and/or modify
                     11: # it under the terms of the GNU General Public License as published by
                     12: # the Free Software Foundation; either version 2 of the License, or
                     13: # (at your option) any later version.
                     14: #
                     15: # LON-CAPA is distributed in the hope that it will be useful,
                     16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
                     17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
                     18: # GNU General Public License for more details.
                     19: #
                     20: # You should have received a copy of the GNU General Public License
                     21: # along with LON-CAPA; if not, write to the Free Software
                     22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
                     23: #
                     24: # /home/httpd/html/adm/gpl.txt
                     25: #
                     26: # http://www.lon-capa.org/
                     27: #
1.1       albertel   28: 
                     29: package Apache::lonracc;
                     30: 
                     31: use strict;
                     32: use Apache::Constants qw(:common :remotehost);
1.5       albertel   33: use Apache::lonnet();
1.1       albertel   34: use Apache::File();
                     35: 
1.5       albertel   36: sub subscribed {
                     37:     my ($filename,$id) = @_;
                     38:     my $found=0;
                     39:     my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
                     40:     $expr =~ s/\./\\\./g;
                     41:     my $sh;
                     42:     if ($sh=Apache::File->new("$filename.subscription")) {
                     43: 	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
                     44: 	$sh->close();
                     45:     }
                     46:     return $found;
                     47: }
                     48: 
1.1       albertel   49: sub handler {
                     50:     my $r = shift;
1.6       bowersj2   51:     my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
                     52:     if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { 
                     53:         $reqhost = $r->get_server_name();
                     54:     } 
1.7       matthew    55:     unless ($reqhost) {
1.6       bowersj2   56:        $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
1.1       albertel   57:        return FORBIDDEN;
1.12      www        58:     }
                     59:     if ($reqhost eq 'localhost.localdomain') {
                     60:        return OK;
1.1       albertel   61:     }
1.13    ! www        62:     my $return;
        !            63:     my @ids=();
        !            64:     my $id;
        !            65:     foreach $id (keys %Apache::lonnet::hostname) {
        !            66: 	if ($Apache::lonnet::hostname{$id} =~ /$reqhost/i) {
        !            67: 	    my $filename=$r->filename;
        !            68: 	    my $uri =$r->uri;
        !            69: 	    if ((-e "$filename.$id") ||
        !            70: 		&subscribed($filename,$id) ||
        !            71: 		($filename=~/\.meta$/) ||
        !            72: 		($uri=~m|^/raw/uploaded|)) {
        !            73: 		return OK;
        !            74: 	    } else {
        !            75: 		$return=FORBIDDEN;
        !            76: 		push(@ids,$id);
        !            77: 	    }
        !            78: 	}
        !            79:     }
        !            80:     if ($return == FORBIDDEN) {
        !            81: 	$r->log_reason(join(':',@ids)." not subscribed", $r->filename);
        !            82: 	return FORBIDDEN;
1.1       albertel   83:     }
                     84:     $r->log_reason("Invalid request for file transfer from $reqhost", 
                     85:                    $r->filename); 
                     86:     return FORBIDDEN;
                     87: }
                     88: 
                     89: 1;
                     90: __END__
                     91: 
1.4       harris41   92: =head1 NAME
                     93: 
                     94: Apache::lonracc - Access Handler for File Transfers
                     95: 
                     96: =head1 SYNOPSIS
                     97: 
                     98: Invoked by /etc/httpd/conf/loncapa.conf:
                     99: 
                    100:  <LocationMatch "^/raw.*">
                    101:  PerlAccessHandler Apache::lonracc
                    102:  </LocationMatch>
                    103: 
                    104: =head1 INTRODUCTION
                    105: 
                    106: This module enables authentication for file transfers and works
                    107: against the /res tree.
                    108: 
                    109: Only lond invokes the /raw namespace through its subscribe function.
                    110: 
                    111: This is part of the LearningOnline Network with CAPA project
                    112: described at http://www.lon-capa.org.
                    113: 
                    114: =head1 HANDLER SUBROUTINE
                    115: 
                    116: This routine is called by Apache and mod_perl.
                    117: 
                    118: =over 4
                    119: 
                    120: =item *
                    121: 
                    122: Determine requesting host
                    123: 
                    124: =item *
                    125: 
                    126: See whether or not the requesting host is subscribed.
                    127: 
                    128: =item *
                    129: 
                    130: Respond with status of request and make log entry in case of unallowed
                    131: access.
                    132: 
                    133: =back
                    134: 
                    135: =cut
1.1       albertel  136: 
                    137: 
                    138: 
                    139: 
                    140: 
                    141: 
                    142: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>