Annotation of loncom/auth/lonstatusacc.pm, revision 1.3
1.1 raeburn 1: #
2: # LON-CAPA authorization for pages generated by server-status reports
3: #
1.3 ! raeburn 4: # $Id: lonstatusacc.pm,v 1.2 2008/11/30 14:47:11 raeburn Exp $
1.1 raeburn 5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28: #############################################
29: #############################################
30:
31: package Apache::lonstatusacc;
32:
33: use strict;
1.3 ! raeburn 34: use Apache::Constants qw(:common :http :remotehost);
1.1 raeburn 35: use Apache::lonnet;
36: use LONCAPA::loncgi;
37:
38: sub handler {
39: my $r = shift;
40: my $reqhost = $r->get_remote_host(REMOTE_NOLOOKUP);
41: my $page = 'serverstatus';
1.3 ! raeburn 42: if (($r->uri eq '/adm/domainstatus') ||
! 43: ($r->uri eq '/adm/test')) {
1.2 raeburn 44: if (&LONCAPA::loncgi::check_cookie_and_load_env($r)) {
1.3 ! raeburn 45: if ($r->uri eq '/adm/domainstatus') {
1.1 raeburn 46: return OK;
1.3 ! raeburn 47: } elsif ($r->uri eq '/adm/test') {
! 48: $page = 'showenv';
! 49: if (&LONCAPA::loncgi::can_view($page)) {
! 50: return OK;
! 51: } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
! 52: return OK;
! 53: } else {
! 54: $Apache::lonnet::env{'user.error.msg'} =
! 55: $r->uri.":bre:1:1:Access Denied";
! 56: return HTTP_NOT_ACCEPTABLE;
! 57: }
1.1 raeburn 58: }
1.3 ! raeburn 59: } else {
! 60: return FORBIDDEN;
1.1 raeburn 61: }
62: } elsif ($r->uri ne '/server-status') {
63: $page = 'lonstatus';
64: if (!-e $r->filename) {
65: return NOT_FOUND;
66: }
67: }
68: if ($reqhost eq '127.0.0.1') {
69: return OK;
70: }
71: my @hostids= &Apache::lonnet::get_hosts_from_ip($reqhost);
72: my @poss_domains = &Apache::lonnet::current_machine_domains();
73: if (@hostids > 0) {
74: foreach my $id (@hostids) {
75: if ($id ne '') {
76: my $dom = &Apache::lonnet::host_domain($id);
77: if ($dom ne '') {
78: if (grep(/^\Q$dom\E$/,@poss_domains)) {
79: return OK;
80: }
81: }
82: }
83: }
84: } elsif (&LONCAPA::loncgi::check_ipbased_access($page,$reqhost)) {
85: return OK;
86: } else {
1.2 raeburn 87: if (&LONCAPA::loncgi::check_cookie_and_load_env($r)) {
1.1 raeburn 88: if (&LONCAPA::loncgi::can_view($page)) {
89: return OK;
90: }
91: }
92: }
93: $r->log_reason("Invalid request for server status from $reqhost",
94: $r->uri);
95: return FORBIDDEN;
96: }
97:
98: 1;
99:
100: __END__
101:
102: =head1 NAME
103:
104: Apache::lonstatusacc - Access Handler for Apache's server-status page
105: and also pages in lon-status directory.
106:
107: =head1 SYNOPSIS
108:
109: Invoked (for appropriate locations) by /etc/httpd/conf/loncapa_apache.conf
110:
111: PerlAccessHandler Apache::lonstatusacc
112:
113: =head1 INTRODUCTION
114:
115: This module can support access control based on IP
116: address, or based on Domain Configuration settings
117: for authenticated users (via cookie).
118:
119: The module is used for control of access to
120: (a) Apache's server-status page
121: (b) Status pages in the /home/httpd/html/lon-status directory
122: which were generated as follows:
123: (i) when loncron was last run
124: (index.html, loncron_simple.txt, loncstatus.txt, and londstatus.txt),
125: (ii) when lonsql was last started
126: (mysql.txt - only on connection failure),
127: (iii) when /usr/local/loncapa/bin/CHECKRPMS was last run
128: (checkrpms.txt),
129: (iv) when ./UPDATE was run to install/update
130: (version.txt).
131: (c) User environment information reported by /adm/test
132:
133: This is part of the LearningOnline Network with CAPA project
134: described at http://www.lon-capa.org.
135:
136: =head1 HANDLER SUBROUTINE
137:
138: This routine is called by Apache and mod_perl.
139:
140: The check for whether access is allowed for a specific page proceeds as follows:
141:
142: (a) Access allowed for request from loopback address for any page.
143:
144: (b) For any page except /adm/test, access allowed if at least one of the following applies:
145: (a) If request is from a LON-CAPA server, if at least one domain hosted on
146: requesting machine is also a domain hosted on this server.
147: (b) IP address of requesting server is listed in domain configuration list
148: of allowed machines for any of the domains hosted on this server
149: (c) If requestor has an active LON-CAPA session -- checked using
150: LONCAPA::loncgi::check_cookie_and_load_env() -- access allowed
151: AND one of the following is true:
152: (i) Requestor has LON-CAPA superuser role
153: (ii) Requestor's role is Domain Coordinator in one of the domains
154: hosted on this server
155: (iii) Domain configurations for domains hosted on this server include
156: the requestor as one of the named users (username:domain) with access
157: to the page.
158:
159: (c) /adm/test
160: Access requires a valid session - checked using
161: LONCAPA::loncgi::check_cookie_and_load_env().
162: If so, access is allowed if one of the following is true:
163: (i) Requestor has LON-CAPA superuser role, or
164: (ii) Requestor's role is Domain Coordinator in one of the domains
165: hosted on this server
166: (iii) Domain configurations for domains hosted on this server include
167: the requestor as one of the named users (username:domain) with access
168: to the page.
169: (iv) IP address of requestor is listed in domain configuration list
170: of allowed machines for any of the domains hosted on this server
171:
172: =cut
173:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonstatusacc.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth