--- loncom/lonnet/perl/lonnet.pm 2000/07/24 21:22:35 1.21 +++ loncom/lonnet/perl/lonnet.pm 2000/10/20 10:57:46 1.47 @@ -4,7 +4,14 @@ # Functions for use by content handlers: # # plaintext(short) : plain text explanation of short term -# allowed(short,url) : returns codes for allowed actions F,R,S,C +# fileembstyle(ext) : embed style in page for file extension +# filedescription(ext) : descriptor text for file extension +# allowed(short,url) : returns codes for allowed actions +# F: full access +# U,I,K: authentication modes (cxx only) +# '': forbidden +# 1: user needs to choose course +# 2: browse allowed # definerole(rolename,sys,dom,cou) : define a custom role rolename # set priviledges in format of lonTabs/roles.tab for # system, domain and course level, @@ -16,16 +23,35 @@ # Specify name and domain of role author, and role name # revokerole (udom,uname,url,role) : Revoke a role for url # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role -# appendenv(hash) : adds hash to session environment +# appenv(hash) : adds hash to session environment # store(hash) : stores hash permanently for this url +# cstore(hash) : critical store # restore : returns hash for this url # eget(namesp,array) : returns hash with keys from array filled in from namesp # get(namesp,array) : returns hash with keys from array filled in from namesp +# del(namesp,array) : deletes keys out of array from namesp # put(namesp,hash) : stores hash in namesp +# cput(namesp,hash) : critical put # dump(namesp) : dumps the complete namespace into a hash -# ssi(url) : does a complete request cycle on url to localhost +# ssi(url,hash) : does a complete request cycle on url to localhost, posts +# hash +# coursedescription(id) : returns and caches course description for id # repcopy(filename) : replicate file # dirlist(url) : gets a directory listing +# directcondval(index) : reading condition value of single condition from +# state string +# condval(index) : value of condition index based on state +# varval(name) : value of a variable +# refreshstate() : refresh the state information string +# symblist(map,hash) : Updates symbolic storage links +# symbread([filename]) : returns the data handle (filename optional) +# rndseed() : returns a random seed +# getfile(filename) : returns the contents of filename, or a -1 if it can't +# be found, replicates and subscribes to the file +# filelocation(dir,file) : returns a farily clean absolute reference to file +# from the directory dir +# hreflocation(dir,file) : same as filelocation, but for hrefs +# log(domain,user,home,msg) : write to permanent log for user # # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30, # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19, @@ -35,7 +61,12 @@ # 04/05,05/29,05/31,06/01, # 06/05,06/26 Gerd Kortemeyer # 06/26 Ben Tyszka -# 06/30,07/15,07/17,07/18,07/20,07/21,07/22 Gerd Kortemeyer +# 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer +# 08/14 Ben Tyszka +# 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer +# 10/04 Gerd Kortemeyer +# 10/04 Guy Albertelli +# 10/06,10/09,10/10,10/11,10/14,10/20 Gerd Kortemeyer package Apache::lonnet; @@ -44,8 +75,9 @@ use Apache::File; use LWP::UserAgent(); use HTTP::Headers; use vars -qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp $readit); +qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit); use IO::Socket; +use GDBM_File; use Apache::Constants qw(:common :http); # --------------------------------------------------------------------- Logging @@ -179,6 +211,15 @@ sub critical { sub appenv { my %newenv=@_; + map { + if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) { + &logthis("WARNING: ". + "Attempt to modify environment ".$_." to ".$newenv{$_}); + delete($newenv{$_}); + } else { + $ENV{$_}=$newenv{$_}; + } + } keys %newenv; my @oldenv; { my $fh; @@ -191,7 +232,9 @@ sub appenv { chomp($oldenv[$i]); if ($oldenv[$i] ne '') { my ($name,$value)=split(/=/,$oldenv[$i]); - $newenv{$name}=$value; + unless (defined($newenv{$name})) { + $newenv{$name}=$value; + } } } { @@ -303,6 +346,7 @@ sub subscribe { sub repcopy { my $filename=shift; + $filename=~s/\/+/\//g; my $transname="$filename.in.transfer"; if ((-e $filename) || (-e $transname)) { return OK; } my $remoteurl=subscribe($filename); @@ -360,10 +404,19 @@ sub repcopy { sub ssi { - my $fn=shift; + my ($fn,%form)=@_; my $ua=new LWP::UserAgent; - my $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn); + + my $request; + + if (%form) { + $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn); + $request->content(join '&', map { "$_=$form{$_}" } keys %form); + } else { + $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn); + } + $request->header(Cookie => $ENV{'HTTP_COOKIE'}); my $response=$ua->request($request); @@ -374,37 +427,99 @@ sub ssi { sub log { my ($dom,$nam,$hom,$what)=@_; - return reply("log:$dom:$nam:$what",$hom); + return critical("log:$dom:$nam:$what",$hom); } # ----------------------------------------------------------------------- Store sub store { - my %storehash=shift; + my %storehash=@_; + my $symb; + unless ($symb=escape(&symbread())) { return ''; } + my $namespace; + unless ($namespace=$ENV{'request.course.id'}) { return ''; } my $namevalue=''; map { $namevalue.=escape($_).'='.escape($storehash{$_}).'&'; } keys %storehash; $namevalue=~s/\&$//; - return reply("store:$ENV{'user.domain'}:$ENV{'user.name'}:" - ."$ENV{'user.class'}:$ENV{'request.filename'}:$namevalue", + return reply( + "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue", + "$ENV{'user.home'}"); +} + +# -------------------------------------------------------------- Critical Store + +sub cstore { + my %storehash=@_; + my $symb; + unless ($symb=escape(&symbread())) { return ''; } + my $namespace; + unless ($namespace=$ENV{'request.course.id'}) { return ''; } + my $namevalue=''; + map { + $namevalue.=escape($_).'='.escape($storehash{$_}).'&'; + } keys %storehash; + $namevalue=~s/\&$//; + return critical( + "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue", "$ENV{'user.home'}"); } # --------------------------------------------------------------------- Restore sub restore { - my $answer=reply("restore:$ENV{'user.domain'}:$ENV{'user.name'}:" - ."$ENV{'user.class'}:$ENV{'request.filename'}", - "$ENV{'user.home'}"); + my $symb; + unless ($symb=escape(&symbread())) { return ''; } + my $namespace; + unless ($namespace=$ENV{'request.course.id'}) { return ''; } + my $answer=reply( + "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb", + "$ENV{'user.home'}"); my %returnhash=(); map { my ($name,$value)=split(/\=/,$_); $returnhash{&unescape($name)}=&unescape($value); } split(/\&/,$answer); + map { + $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_}; + } split(/\:/,$returnhash{$returnhash{'version'}.':keys'}); return %returnhash; } +# ---------------------------------------------------------- Course Description + +sub coursedescription { + my $courseid=shift; + $courseid=~s/^\///; + my ($cdomain,$cnum)=split(/\//,$courseid); + my $chome=homeserver($cnum,$cdomain); + if ($chome ne 'no_host') { + my $rep=reply("dump:$cdomain:$cnum:environment",$chome); + if ($rep ne 'con_lost') { + my %cachehash=(); + my %returnhash=('home' => $chome, + 'domain' => $cdomain, + 'num' => $cnum); + map { + my ($name,$value)=split(/\=/,$_); + $name=&unescape($name); + $value=&unescape($value); + $returnhash{$name}=$value; + if ($name eq 'description') { + $cachehash{$courseid}=$value; + } + } split(/\&/,$rep); + $returnhash{'url'}='/res/'.declutter($returnhash{'url'}); + $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'. + $ENV{'user.name'}.'_'.$cdomain.'_'.$cnum; + put ('coursedescriptions',%cachehash); + return %returnhash; + } + } + return (); +} + # -------------------------------------------------------- Get user priviledges sub rolesinit { @@ -503,13 +618,27 @@ sub get { $ENV{'user.home'}); my @pairs=split(/\&/,$rep); my %returnhash=(); + my $i=0; map { - my ($key,$value)=split(/=/,$_); - $returnhash{unespace($key)}=unescape($value); - } @pairs; + $returnhash{$_}=unescape($pairs[$i]); + $i++; + } @storearr; return %returnhash; } +# --------------------------------------------------------------- del interface + +sub del { + my ($namespace,@storearr)=@_; + my $items=''; + map { + $items.=escape($_).'&'; + } @storearr; + $items=~s/\&$//; + return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items", + $ENV{'user.home'}); +} + # -------------------------------------------------------------- dump interface sub dump { @@ -520,7 +649,7 @@ sub dump { my %returnhash=(); map { my ($key,$value)=split(/=/,$_); - $returnhash{unespace($key)}=unescape($value); + $returnhash{unescape($key)}=unescape($value); } @pairs; return %returnhash; } @@ -538,6 +667,20 @@ sub put { $ENV{'user.home'}); } +# ------------------------------------------------------ critical put interface + +sub cput { + my ($namespace,%storehash)=@_; + my $items=''; + map { + $items.=escape($_).'='.escape($storehash{$_}).'&'; + } keys %storehash; + $items=~s/\&$//; + return critical + ("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items", + $ENV{'user.home'}); +} + # -------------------------------------------------------------- eget interface sub eget { @@ -551,10 +694,11 @@ sub eget { $ENV{'user.home'}); my @pairs=split(/\&/,$rep); my %returnhash=(); + my $i=0; map { - my ($key,$value)=split(/=/,$_); - $returnhash{unespace($key)}=unescape($value); - } @pairs; + $returnhash{$_}=unescape($pairs[$i]); + $i++; + } @storearr; return %returnhash; } @@ -564,9 +708,15 @@ sub allowed { my ($priv,$uri)=@_; $uri=~s/^\/res//; $uri=~s/^\///; - if ($uri=~/^adm\//) { + +# Free bre access to adm resources + + if (($uri=~/^adm\//) && ($priv eq 'bre')) { return 'F'; } + +# Gather priviledges over system and domain + my $thisallowed=''; if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) { $thisallowed.=$1; @@ -574,12 +724,95 @@ sub allowed { if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) { $thisallowed.=$1; } - if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) { - $thisallowed.=$1; + +# Full access at system or domain level? Exit. + + if ($thisallowed=~/F/) { + return 'F'; + } + +# The user does not have full access at system or domain level +# Course level access control + +# uri itself refering to a course? + + if ($uri=~/\.course$/) { + if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) { + $thisallowed.=$1; + } +# Full access on course level? Exit. + if ($thisallowed=~/F/) { + return 'F'; + } + +# uri is refering to an individual resource; user needs to be in a course + + } else { + + unless(defined($ENV{'request.course.id'})) { + return '1'; + } + +# Get access priviledges for course + + if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) { + $thisallowed.=$1; + } + +# See if resource or referer is part of this course + + my @uriparts=split(/\//,$uri); + my $urifile=$uriparts[$#uriparts]; + $urifile=~/\.(\w+)$/; + my $uritype=$1; + $#uriparts--; + my $uripath=join('/',@uriparts); + my $uricond=-1; + if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ + /\&$urifile\:(\d+)\&/) { + $uricond=$1; + } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) { + my $refuri=$ENV{'HTTP_REFERER'}; + $refuri=~s/^\/res//; + $refuri=~s/^\///; + @uriparts=split(/\//,$refuri); + $urifile=$uriparts[$#uriparts]; + $#uriparts--; + $uripath=join('/',@uriparts); + if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~ + /\&$urifile\:(\d+)\&/) { + $uricond=$1; + } + } + + if ($uricond>=0) { + +# The resource is part of the course +# If user had full access on course level, go ahead + + if ($thisallowed=~/F/) { + return 'F'; + } + +# Restricted by state? + + if ($thisallowed=~/X/) { + if (&condval($uricond)) { + return '2'; + } else { + return ''; + } + } + } } return $thisallowed; } +# ---------------------------------------------------------- Refresh State Info + +sub refreshstate { +} + # ----------------------------------------------------------------- Define Role sub definerole { @@ -625,7 +858,22 @@ sub definerole { # ------------------------------------------------------------------ Plain Text sub plaintext { - return $prp{$_}; + my $short=shift; + return $prp{$short}; +} + +# ------------------------------------------------------------------ Plain Text + +sub fileembstyle { + my $ending=shift; + return $fe{$ending}; +} + +# ------------------------------------------------------------ Description Text + +sub filedecription { + my $ending=shift; + return $fd{$ending}; } # ----------------------------------------------------------------- Assign Role @@ -633,6 +881,7 @@ sub plaintext { sub assignrole { my ($udom,$uname,$url,$role,$end,$start)=@_; my $mrole; + $url=declutter($url); if ($role =~ /^cr\//) { unless ($url=~/\.course$/) { return 'invalid'; } unless (allowed('ccr',$url)) { return 'refused'; } @@ -729,6 +978,233 @@ sub dirlist { } } +# -------------------------------------------------------- Value of a Condition + +sub directcondval { + my $number=shift; + if ($ENV{'user.state.'.$ENV{'request.course.id'}}) { + return substr($ENV{'user.state.'.$ENV{'request.course.id'}},$number,1); + } else { + return 2; + } +} + +sub condval { + my $condidx=shift; + my $result=0; + if ($ENV{'request.course.id'}) { + if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) { + my $operand='|'; + my @stack; + map { + if ($_ eq '(') { + push @stack,($operand,$result) + } elsif ($_ eq ')') { + my $before=pop @stack; + if (pop @stack eq '&') { + $result=$result>$before?$before:$result; + } else { + $result=$result>$before?$result:$before; + } + } elsif (($_ eq '&') || ($_ eq '|')) { + $operand=$_; + } else { + my $new=directcondval($_); + if ($operand eq '&') { + $result=$result>$new?$new:$result; + } else { + $result=$result>$new?$result:$new; + } + } + } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~ + /(\d+|\(|\)|\&|\|)/g); + } + } + return $result; +} + +# --------------------------------------------------------- Value of a Variable + +sub varval { + my ($realm,$space,@components)=split(/\./,shift); + my $value=''; + if ($realm eq 'user') { + if ($space=~/^resource/) { + $space=~s/^resource\[//; + $space=~s/\]$//; + + } else { + } + } elsif ($realm eq 'course') { + } elsif ($realm eq 'session') { + } elsif ($realm eq 'system') { + } + return $value; +} + +# ------------------------------------------------- Update symbolic store links + +sub symblist { + my ($mapname,%newhash)=@_; + $mapname=declutter($mapname); + my %hash; + if (($ENV{'request.course.fn'}) && (%newhash)) { + if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db', + &GDBM_WRCREAT,0640)) { + map { + $hash{declutter($_)}=$mapname.'___'.$newhash{$_}; + } keys %newhash; + if (untie(%hash)) { + return 'ok'; + } + } + } + return 'error'; +} + +# ------------------------------------------------------ Return symb list entry + +sub symbread { + my $thisfn=shift; + unless ($thisfn) { + $thisfn=$ENV{'request.filename'}; + } + $thisfn=declutter($thisfn); + my %hash; + my %bighash; + my $syval=''; + if (($ENV{'request.course.fn'}) && ($thisfn)) { + if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db', + &GDBM_READER,0640)) { + $syval=$hash{$thisfn}; + untie(%hash); + } +# ---------------------------------------------------------- There was an entry + if ($syval) { + unless ($syval=~/\_\d+$/) { + unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) { + &appenv('request.ambiguous' => $thisfn); + return ''; + } + $syval.=$1; + } + } else { +# ------------------------------------------------------- Was not in symb table + if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db', + &GDBM_READER,0640)) { +# ---------------------------------------------- Get ID(s) for current resource + my $ids=$bighash{'ids_/res/'.$thisfn}; + if ($ids) { +# ------------------------------------------------------------------- Has ID(s) + my @possibilities=split(/\,/,$ids); + if ($#possibilities==0) { +# ----------------------------------------------- There is only one possibility + my ($mapid,$resid)=split(/\./,$ids); + $syval=declutter($bighash{'map_id_'.$mapid}).'___'.$resid; + } else { +# ------------------------------------------ There is more than one possibility + my $realpossible=0; + map { + my $file=$bighash{'src_'.$_}; + if (&allowed('bre',$file)) { + my ($mapid,$resid)=split(/\./,$_); + if ($bighash{'map_type_'.$mapid} ne 'page') { + $realpossible++; + $syval=declutter($bighash{'map_id_'.$mapid}). + '___'.$resid; + } + } + } @possibilities; + if ($realpossible!=1) { $syval=''; } + } + } + untie(%bighash) + } + } + if ($syval) { return $syval.'___'.$thisfn; } + } + &appenv('request.ambiguous' => $thisfn); + return ''; +} + +# ---------------------------------------------------------- Return random seed + +sub numval { + my $txt=shift; + $txt=~tr/A-J/0-9/; + $txt=~tr/a-j/0-9/; + $txt=~tr/K-T/0-9/; + $txt=~tr/k-t/0-9/; + $txt=~tr/U-Z/0-5/; + $txt=~tr/u-z/0-5/; + $txt=~s/\D//g; + return int($txt); +} + +sub rndseed { + my $symb; + unless ($symb=&symbread()) { return time; } + my $symbchck=unpack("%32C*",$symb); + my $symbseed=numval($symb)%$symbchck; + my $namechck=unpack("%32C*",$ENV{'user.name'}); + my $nameseed=numval($ENV{'user.name'})%$namechck; + return int( $symbseed + .$nameseed + .unpack("%32C*",$ENV{'user.domain'}) + .unpack("%32C*",$ENV{'request.course.id'}) + .$namechck + .$symbchck); +} + +# ------------------------------------------------------------ Serves up a file +# returns either the contents of the file or a -1 +sub getfile { + my $file=shift; + &repcopy($file); + if (! -e $file ) { return -1; }; + my $fh=Apache::File->new($file); + my $a=''; + while (<$fh>) { $a .=$_; } + return $a +} + +sub filelocation { + my ($dir,$file) = @_; + my $location; + $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces + $file=~s/^$perlvar{'lonDocRoot'}//; + $file=~s:^/*res::; + if ( !( $file =~ m:^/:) ) { + $location = $dir. '/'.$file; + } else { + $location = '/home/httpd/html/res'.$file; + } + $location=~s://+:/:g; # remove duplicate / + while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/.. + return $location; +} + +sub hreflocation { + my ($dir,$file)=@_; + unless (($_=~/^http:\/\//i) || ($_=~/^\//)) { + my $finalpath=filelocation($dir,$file); + $finalpath=~s/^\/home\/httpd\/html//; + return $finalpath; + } else { + return $file; + } +} + +# ------------------------------------------------------------- Declutters URLs + +sub declutter { + my $thisfn=shift; + $thisfn=~s/^$perlvar{'lonDocRoot'}//; + $thisfn=~s/^\///; + $thisfn=~s/^res\///; + return $thisfn; +} + # -------------------------------------------------------- Escape Special Chars sub escape { @@ -807,12 +1283,23 @@ if ($readit ne 'done') { } } +# ------------------------------------------------------------- Read file types +{ + my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab"); + + while (my $configline=<$config>) { + chomp($configline); + my ($ending,$emb,@descr)=split(/\s+/,$configline); + if ($descr[0] ne '') { + $fe{$ending}=$emb; + $fd{$ending}=join(' ',@descr); + } + } +} + + $readit='done'; &logthis('INFO: Read configuration'); } } 1; - - - -