Annotation of loncom/auth/lonwebdavauth.pm, revision 1.1
1.1 ! raeburn 1: # The LearningOnline Network
! 2: # Authentication Handler for webDAV access to Authoring Space.
! 3: #
! 4: # $Id: lonwebdavauth.pm,v 1.1 2012/2/25 19:37:40 raeburn Exp $
! 5: #
! 6: # Copyright Michigan State University Board of Trustees
! 7: #
! 8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
! 9: #
! 10: # LON-CAPA is free software; you can redistribute it and/or modify
! 11: # it under the terms of the GNU General Public License as published by
! 12: # the Free Software Foundation; either version 2 of the License, or
! 13: # (at your option) any later version.
! 14: #
! 15: # LON-CAPA is distributed in the hope that it will be useful,
! 16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
! 17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 18: # GNU General Public License for more details.
! 19: #
! 20: # You should have received a copy of the GNU General Public License
! 21: # along with LON-CAPA; if not, write to the Free Software
! 22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
! 23: #
! 24: # /home/httpd/html/adm/gpl.txt
! 25: #
! 26: # http://www.lon-capa.org/
! 27: #
! 28:
! 29: =head1 NAME
! 30:
! 31: Apache::lonwebdavauth - webDAV Authentication Handler
! 32:
! 33: =head1 SYNOPSIS
! 34:
! 35: Invoked for /+webdav/[\w\-]+/[\w\-]+/ by
! 36: /etc/httpd/conf/loncapa_apache.conf:
! 37:
! 38: PerlAuthenHandler Apache::lonwebdavauth
! 39:
! 40: =head1 INTRODUCTION
! 41:
! 42: This module employs Apache Basic Auth authentication and is used
! 43: to provide authentication for webDAV client access to author
! 44: space(s). Note: because Apache Basic Auth is used, webDAV access
! 45: is only available for servers running Apache with SSL.
! 46:
! 47: If the webDAV client supports cookies then whenever the client
! 48: sends the cookie back, a check is made to see if a corresponding
! 49: valid session file exists in the server's webDAV session directory.
! 50: Support for cookies by webDAV clients is optional.
! 51:
! 52: If a valid session file exists, a cookie is returned containing
! 53: the session ID, otherwise a new session file is created and
! 54: returned in the cookie.
! 55:
! 56: The perlvar "lonDAVsessDir" in /etc/httpd/conf/loncapa_apache.conf
! 57: provides the directory location: /home/httpd/webdav/sessionIDs.
! 58:
! 59: If the session is stale, or the cookie is missing or invalid,
! 60: the user is re-challenged for login information. If the perlvar
! 61: lonOtherAuthen has been set, Single Sign On will be used, otherwise
! 62: an Apache Basic Auth request will be sent to the client.
! 63:
! 64: If Apache Basic Auth is used, successful authentication will
! 65: result in creation of a webDAV session file containing a
! 66: minimal set of information about the user which will also be
! 67: loaded into the user's environment. The environment persists
! 68: until the end of the Apache request, when it is cleaned up
! 69: by lonacc::cleanup, as is the case for requests for non-webdav URLs.
! 70:
! 71: If a valid session file exists, a cookie is returned containing
! 72: the session ID, otherwise a new session file is created and
! 73: returned in the cookie.
! 74:
! 75: This is part of the LearningOnline Network with CAPA project
! 76: described at http://www.lon-capa.org.
! 77:
! 78: =head1 HANDLER SUBROUTINE
! 79:
! 80: This routine is called by Apache and mod_perl.
! 81:
! 82: =over 4
! 83:
! 84: =item *
! 85:
! 86: Check for valid webDAV session
! 87:
! 88: =item *
! 89:
! 90: No session? - if SSO enabled: return DECLINED
! 91:
! 92: =item *
! 93:
! 94: No session? - if SSO not enabled: return AUTH_REQUIRED
! 95: which will prompt webDAV client to authenticate user
! 96: (via Apache Basic Auth).
! 97:
! 98: =item *
! 99:
! 100: If authenticated, call &init_webdav_env() to create sessionID
! 101: and populate environment, and send header containing cookie.
! 102:
! 103: =back
! 104:
! 105: =head1 NOTABLE SUBROUTINES
! 106:
! 107: =over
! 108:
! 109: =item * init_webdav_env()
! 110:
! 111: =over
! 112:
! 113: =item *
! 114:
! 115: Checks for valid session files in webDAV session directory.
! 116:
! 117: =item *
! 118:
! 119: Calls Apache::lonnet::transfer_profile_to_env() to create
! 120: %env for user if session is valid.
! 121:
! 122: =item *
! 123:
! 124: Otherwise creates new session file and populates %env.
! 125:
! 126: =item *
! 127:
! 128: Session ID file is a GDBM file containing:
! 129:
! 130: =over
! 131:
! 132: =item * user.name, user.domain, user.home, user.environment
! 133:
! 134: =item * user.role entries for:
! 135:
! 136: active author, co-author, and assistant co-author roles
! 137: in domains hosted on this machine.
! 138:
! 139: =back
! 140:
! 141: =back
! 142:
! 143: =back
! 144:
! 145: =cut
! 146:
! 147: package Apache::lonwebdavauth;
! 148:
! 149: use strict;
! 150: use GDBM_File;
! 151: use Apache::Constants qw(:common :http :methods);
! 152: use Apache::lonnet;
! 153: use LONCAPA qw(:DEFAULT :match);
! 154:
! 155: sub handler {
! 156: my $r = shift;
! 157: my $now = time;
! 158: my $timetolive = 600;
! 159: my $sessiondir=$r->dir_config('lonDAVsessDir');
! 160: my ($uname,$udom,$uhome);
! 161:
! 162: # Check for cookie
! 163: my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
! 164: if ($handle ne '') {
! 165: my $sesstime;
! 166: ($uname,$udom,$sesstime,$uhome) =
! 167: ($handle =~ /^($match_username)_($match_domain)_(\d+)_\d+_(.+)$/);
! 168: if ($sesstime) {
! 169: if ($now-$sesstime < $timetolive) {
! 170: if (&Apache::lonnet::homeserver($uname,$udom) eq $uhome) {
! 171: &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
! 172: return OK;
! 173: }
! 174: }
! 175: }
! 176: }
! 177:
! 178: if ($r->dir_config('lonOtherAuthen') eq 'yes') {
! 179: if (defined($r->dir_config('lonOtherAuthenType'))) {
! 180: $r->auth_type($r->dir_config('lonOtherAuthenType'));
! 181: }
! 182: return DECLINED;
! 183: }
! 184:
! 185: my ($status,$upass) = $r->get_basic_auth_pw;
! 186: return $status unless ($status == 0 || $status == OK);
! 187:
! 188: if ($r->user =~ /,/) {
! 189: ($uname,$udom) = split(/,/,$r->user);
! 190: unless (($uname =~ /^$match_username$/) && ($udom =~ /^$match_domain$/)) {
! 191: $r->note_basic_auth_failure;
! 192: return AUTH_REQUIRED;
! 193: }
! 194: } else {
! 195: $uname = $r->user;
! 196: ($udom) = ($r->uri =~ m{^/webdav/($match_domain)/});
! 197: unless (($udom ne '' ) && ($uname =~ /^$match_username$/)) {
! 198: $r->note_basic_auth_failure;
! 199: return AUTH_REQUIRED;
! 200: }
! 201: }
! 202: if (&Apache::lonnet::domain($udom) ne '') {
! 203: if (&Apache::lonnet::homeserver($uname,$udom) ne 'no_host') {
! 204: my $uhome = &Apache::lonnet::authenticate($uname,$upass,$udom);
! 205: if (($uhome ne 'no_host') &&
! 206: (&Apache::lonnet::hostname($uhome) ne '')) {
! 207: $handle = &init_webdav_env($sessiondir,$uname,$udom,
! 208: $uhome,$now,$timetolive);
! 209: if ($handle ne '') {
! 210: my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
! 211: $r->header_out('Set-cookie' => $cookie);
! 212: $r->send_http_header;
! 213: }
! 214: return OK;
! 215: }
! 216: }
! 217: }
! 218: $r->note_basic_auth_failure;
! 219: return AUTH_REQUIRED;
! 220: }
! 221:
! 222: sub init_webdav_env {
! 223: my ($sessiondir,$uname,$udom,$uhome,$now,$timetolive) = @_;
! 224: my $handle;
! 225: my $currnewest = 0;
! 226: if ($sessiondir ne '') {
! 227: if (opendir(DIR,$sessiondir)) {
! 228: while (my $filename=readdir(DIR)) {
! 229: if ($filename=~/^($uname\_$udom\_(\d+)\_\d+\_$uhome)\.id$/) {
! 230: my $oldhandle = $1;
! 231: my $sesstime = $2;
! 232: if ($now-$sesstime < $timetolive) {
! 233: if ($sesstime > $currnewest) {
! 234: $currnewest = $sesstime;
! 235: if ($handle ne '') {
! 236: unlink("$sessiondir/$handle.id");
! 237: }
! 238: $handle = $oldhandle;
! 239: next;
! 240: }
! 241: }
! 242: unlink($sessiondir.'/'.$filename);
! 243: }
! 244: }
! 245: closedir(DIR);
! 246: }
! 247: }
! 248: if ($handle ne '') {
! 249: &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
! 250: return $handle;
! 251: } else {
! 252: my $id = $$.int(rand(10000000));
! 253: $handle = "$uname\_$udom\_$now\_$id\_$uhome";
! 254: my $sessionfile = "$sessiondir/$handle.id";
! 255: if (tie(my %disk_env,'GDBM_File',"$sessionfile",
! 256: &GDBM_WRCREAT(),0640)) {
! 257: $disk_env{'user.name'} = $uname;
! 258: $disk_env{'user.domain'} = $udom;
! 259: $disk_env{'user.home'} = $uhome;
! 260: $disk_env{'user.environment'} = $sessionfile;
! 261: my $possroles = ['au','ca','aa'];
! 262: my @possdoms = &Apache::lonnet::current_machine_domains();
! 263: my %cstr_roles =
! 264: &Apache::lonnet::get_my_roles($uname,$udom,'userroles',
! 265: undef,$possroles,\@possdoms);
! 266: foreach my $item (keys(%cstr_roles)) {
! 267: my ($aname,$adom,$role) = split(/:/,$item);
! 268: if ($role eq 'au') {
! 269: $disk_env{"user.role.$role./$adom/"} = $cstr_roles{$item};
! 270: } else {
! 271: $disk_env{"user.role.$role./$adom/$aname"} = $cstr_roles{$item};
! 272: }
! 273: }
! 274: @env{keys(%disk_env)} = @disk_env{keys(%disk_env)};
! 275: untie(%disk_env);
! 276: }
! 277: return $handle;
! 278: }
! 279: return;
! 280: }
! 281:
! 282: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonwebdavauth.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth