1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # allowed(short,url) : returns codes for allowed actions
8: # appendenv(hash) : adds hash to session environment
9: # store(hash) : stores hash permanently for this url
10: # restore : returns hash for this url
11: # eget(namesp,array) : returns hash with keys from array filled in from namesp
12: # get(namesp,array) : returns hash with keys from array filled in from namesp
13: # put(namesp,hash) : stores hash in namesp
14: # dump(namesp) : dumps the complete namespace into a hash
15: # ssi(url) : does a complete request cycle on url to localhost
16: # repcopy(filename) : replicate file
17: # dirlist(url) : gets a directory listing
18: #
19: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
20: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
21: # 11/8,11/16,11/18,11/22,11/23,12/22,
22: # 01/06,01/13,02/24,02/28,02/29,
23: # 03/01,03/02,03/06,03/07,03/13,
24: # 04/05,05/29,05/31,06/01,
25: # 06/05,06/26 Gerd Kortemeyer
26: # 06/26 Ben Tyszka
27: # 06/30,07/15,07/17 Gerd Kortemeyer
28:
29: package Apache::lonnet;
30:
31: use strict;
32: use Apache::File;
33: use LWP::UserAgent();
34: use HTTP::Headers;
35: use vars
36: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp $readit);
37: use IO::Socket;
38: use Apache::Constants qw(:common :http);
39:
40: # --------------------------------------------------------------------- Logging
41:
42: sub logthis {
43: my $message=shift;
44: my $execdir=$perlvar{'lonDaemons'};
45: my $now=time;
46: my $local=localtime($now);
47: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
48: print $fh "$local ($$): $message\n";
49: return 1;
50: }
51:
52: sub logperm {
53: my $message=shift;
54: my $execdir=$perlvar{'lonDaemons'};
55: my $now=time;
56: my $local=localtime($now);
57: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
58: print $fh "$now:$message:$local\n";
59: return 1;
60: }
61:
62: # -------------------------------------------------- Non-critical communication
63: sub subreply {
64: my ($cmd,$server)=@_;
65: my $peerfile="$perlvar{'lonSockDir'}/$server";
66: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
67: Type => SOCK_STREAM,
68: Timeout => 10)
69: or return "con_lost";
70: print $client "$cmd\n";
71: my $answer=<$client>;
72: if (!$answer) { $answer="con_lost"; }
73: chomp($answer);
74: return $answer;
75: }
76:
77: sub reply {
78: my ($cmd,$server)=@_;
79: my $answer=subreply($cmd,$server);
80: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
81: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
82: ($answer=~/^rejected/)) {
83: &logthis("<font color=blue>WARNING:".
84: " $cmd to $server returned $answer</font>");
85: }
86: return $answer;
87: }
88:
89: # ----------------------------------------------------------- Send USR1 to lonc
90:
91: sub reconlonc {
92: my $peerfile=shift;
93: &logthis("Trying to reconnect for $peerfile");
94: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
95: if (my $fh=Apache::File->new("$loncfile")) {
96: my $loncpid=<$fh>;
97: chomp($loncpid);
98: if (kill 0 => $loncpid) {
99: &logthis("lonc at pid $loncpid responding, sending USR1");
100: kill USR1 => $loncpid;
101: sleep 1;
102: if (-e "$peerfile") { return; }
103: &logthis("$peerfile still not there, give it another try");
104: sleep 5;
105: if (-e "$peerfile") { return; }
106: &logthis(
107: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
108: } else {
109: &logthis(
110: "<font color=blue>WARNING:".
111: " lonc at pid $loncpid not responding, giving up</font>");
112: }
113: } else {
114: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
115: }
116: }
117:
118: # ------------------------------------------------------ Critical communication
119:
120: sub critical {
121: my ($cmd,$server)=@_;
122: my $answer=reply($cmd,$server);
123: if ($answer eq 'con_lost') {
124: my $pingreply=reply('ping',$server);
125: &reconlonc("$perlvar{'lonSockDir'}/$server");
126: my $pongreply=reply('pong',$server);
127: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
128: $answer=reply($cmd,$server);
129: if ($answer eq 'con_lost') {
130: my $now=time;
131: my $middlename=$cmd;
132: $middlename=substr($middlename,0,16);
133: $middlename=~s/\W//g;
134: my $dfilename=
135: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
136: {
137: my $dfh;
138: if ($dfh=Apache::File->new(">$dfilename")) {
139: print $dfh "$cmd\n";
140: }
141: }
142: sleep 2;
143: my $wcmd='';
144: {
145: my $dfh;
146: if ($dfh=Apache::File->new("$dfilename")) {
147: $wcmd=<$dfh>;
148: }
149: }
150: chomp($wcmd);
151: if ($wcmd eq $cmd) {
152: &logthis("<font color=blue>WARNING: ".
153: "Connection buffer $dfilename: $cmd</font>");
154: &logperm("D:$server:$cmd");
155: return 'con_delayed';
156: } else {
157: &logthis("<font color=red>CRITICAL:"
158: ." Critical connection failed: $server $cmd</font>");
159: &logperm("F:$server:$cmd");
160: return 'con_failed';
161: }
162: }
163: }
164: return $answer;
165: }
166:
167: # ---------------------------------------------------------- Append Environment
168:
169: sub appenv {
170: my %newenv=@_;
171: my @oldenv;
172: {
173: my $fh;
174: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
175: return 'error';
176: }
177: @oldenv=<$fh>;
178: }
179: for (my $i=0; $i<=$#oldenv; $i++) {
180: chomp($oldenv[$i]);
181: if ($oldenv[$i] ne '') {
182: my ($name,$value)=split(/=/,$oldenv[$i]);
183: $newenv{$name}=$value;
184: }
185: }
186: {
187: my $fh;
188: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
189: return 'error';
190: }
191: my $newname;
192: foreach $newname (keys %newenv) {
193: print $fh "$newname=$newenv{$newname}\n";
194: }
195: }
196: return 'ok';
197: }
198:
199: # ------------------------------ Find server with least workload from spare.tab
200:
201: sub spareserver {
202: my $tryserver;
203: my $spareserver='';
204: my $lowestserver=100;
205: foreach $tryserver (keys %spareid) {
206: my $answer=reply('load',$tryserver);
207: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
208: $spareserver="http://$hostname{$tryserver}";
209: $lowestserver=$answer;
210: }
211: }
212: return $spareserver;
213: }
214:
215: # --------- Try to authenticate user from domain's lib servers (first this one)
216:
217: sub authenticate {
218: my ($uname,$upass,$udom)=@_;
219: $upass=escape($upass);
220: if (($perlvar{'lonRole'} eq 'library') &&
221: ($udom eq $perlvar{'lonDefDomain'})) {
222: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
223: if ($answer =~ /authorized/) {
224: if ($answer eq 'authorized') {
225: &logthis("User $uname at $udom authorized by local server");
226: return $perlvar{'lonHostID'};
227: }
228: if ($answer eq 'non_authorized') {
229: &logthis("User $uname at $udom rejected by local server");
230: return 'no_host';
231: }
232: }
233: }
234:
235: my $tryserver;
236: foreach $tryserver (keys %libserv) {
237: if ($hostdom{$tryserver} eq $udom) {
238: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
239: if ($answer =~ /authorized/) {
240: if ($answer eq 'authorized') {
241: &logthis("User $uname at $udom authorized by $tryserver");
242: return $tryserver;
243: }
244: if ($answer eq 'non_authorized') {
245: &logthis("User $uname at $udom rejected by $tryserver");
246: return 'no_host';
247: }
248: }
249: }
250: }
251: &logthis("User $uname at $udom could not be authenticated");
252: return 'no_host';
253: }
254:
255: # ---------------------- Find the homebase for a user from domain's lib servers
256:
257: sub homeserver {
258: my ($uname,$udom)=@_;
259:
260: my $index="$uname:$udom";
261: if ($homecache{$index}) { return "$homecache{$index}"; }
262:
263: my $tryserver;
264: foreach $tryserver (keys %libserv) {
265: if ($hostdom{$tryserver} eq $udom) {
266: my $answer=reply("home:$udom:$uname",$tryserver);
267: if ($answer eq 'found') {
268: $homecache{$index}=$tryserver;
269: return $tryserver;
270: }
271: }
272: }
273: return 'no_host';
274: }
275:
276: # ----------------------------- Subscribe to a resource, return URL if possible
277:
278: sub subscribe {
279: my $fname=shift;
280: my $author=$fname;
281: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
282: my ($udom,$uname)=split(/\//,$author);
283: my $home=homeserver($uname,$udom);
284: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
285: return 'not_found';
286: }
287: my $answer=reply("sub:$fname",$home);
288: return $answer;
289: }
290:
291: # -------------------------------------------------------------- Replicate file
292:
293: sub repcopy {
294: my $filename=shift;
295: my $transname="$filename.in.transfer";
296: if ((-e $filename) || (-e $transname)) { return OK; }
297: my $remoteurl=subscribe($filename);
298: if ($remoteurl eq 'con_lost') {
299: &logthis("Subscribe returned con_lost: $filename");
300: return HTTP_SERVICE_UNAVAILABLE;
301: } elsif ($remoteurl eq 'not_found') {
302: &logthis("Subscribe returned not_found: $filename");
303: return HTTP_NOT_FOUND;
304: } elsif ($remoteurl eq 'forbidden') {
305: &logthis("Subscribe returned forbidden: $filename");
306: return FORBIDDEN;
307: } else {
308: my @parts=split(/\//,$filename);
309: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
310: if ($path ne "$perlvar{'lonDocRoot'}/res") {
311: &logthis("Malconfiguration for replication: $filename");
312: return HTTP_BAD_REQUEST;
313: }
314: my $count;
315: for ($count=5;$count<$#parts;$count++) {
316: $path.="/$parts[$count]";
317: if ((-e $path)!=1) {
318: mkdir($path,0777);
319: }
320: }
321: my $ua=new LWP::UserAgent;
322: my $request=new HTTP::Request('GET',"$remoteurl");
323: my $response=$ua->request($request,$transname);
324: if ($response->is_error()) {
325: unlink($transname);
326: my $message=$response->status_line;
327: &logthis("<font color=blue>WARNING:"
328: ." LWP get: $message: $filename</font>");
329: return HTTP_SERVICE_UNAVAILABLE;
330: } else {
331: if ($remoteurl!~/\.meta$/) {
332: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
333: my $mresponse=$ua->request($mrequest,$filename.'.meta');
334: if ($mresponse->is_error()) {
335: unlink($filename.'.meta');
336: &logthis(
337: "<font color=yellow>INFO: No metadata: $filename</font>");
338: }
339: }
340: rename($transname,$filename);
341: return OK;
342: }
343: }
344: }
345:
346: # --------------------------------------------------------- Server Side Include
347:
348: sub ssi {
349:
350: my $fn=shift;
351:
352: my $ua=new LWP::UserAgent;
353: my $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
354: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
355: my $response=$ua->request($request);
356:
357: return $response->content;
358: }
359:
360: # ------------------------------------------------------------------------- Log
361:
362: sub log {
363: my ($dom,$nam,$hom,$what)=@_;
364: return reply("log:$dom:$nam:$what",$hom);
365: }
366:
367: # ----------------------------------------------------------------------- Store
368:
369: sub store {
370: my %storehash=shift;
371: my $namevalue='';
372: map {
373: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
374: } keys %storehash;
375: $namevalue=~s/\&$//;
376: return reply("store:$ENV{'user.domain'}:$ENV{'user.name'}:"
377: ."$ENV{'user.class'}:$ENV{'request.filename'}:$namevalue",
378: "$ENV{'user.home'}");
379: }
380:
381: # --------------------------------------------------------------------- Restore
382:
383: sub restore {
384: my $answer=reply("restore:$ENV{'user.domain'}:$ENV{'user.name'}:"
385: ."$ENV{'user.class'}:$ENV{'request.filename'}",
386: "$ENV{'user.home'}");
387: my %returnhash=();
388: map {
389: my ($name,$value)=split(/\=/,$_);
390: $returnhash{&unescape($name)}=&unescape($value);
391: } split(/\&/,$answer);
392: return %returnhash;
393: }
394:
395: # -------------------------------------------------------- Get user priviledges
396:
397: sub rolesinit {
398: my ($domain,$username,$authhost)=@_;
399: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
400: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
401: my %allroles=();
402: my %thesepriv=();
403: my $userroles='';
404: my $now=time;
405: my $thesestr;
406:
407: if ($rolesdump ne '') {
408: map {
409: if ($_!~/rolesdef\&/) {
410: my ($area,$role)=split(/=/,$_);
411: my ($trole,$tend,$tstart)=split(/_/,$role);
412: if ($tend!=0) {
413: if ($tend<$now) {
414: $trole='';
415: }
416: }
417: if ($tstart!=0) {
418: if ($tstart>$now) {
419: $trole='';
420: }
421: }
422: if (($area ne '') && ($trole ne '')) {
423: $userroles.='user.role.'.$trole.'.'.$area.'='.
424: $tstart.'.'.$tend."\n";
425: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
426: if ($trole =~ /^cr\//) {
427: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
428: my $homsvr=homeserver($rauthor,$rdomain);
429: if ($hostname{$homsvr} ne '') {
430: my $roledef=
431: reply("get:$rdomain:$rauthor:roles:rolesdef&$rrole",
432: $homsvr);
433: if (($roledef ne 'con_lost') && ($roledef ne '')) {
434: my ($syspriv,$dompriv,$coursepriv)=
435: split(/&&/,$roledef);
436: $allroles{'/'}.=':'.$syspriv;
437: if ($tdomain ne '') {
438: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
439: if ($trest ne '') {
440: $allroles{$area}.=':'.$coursepriv;
441: }
442: }
443: }
444: }
445: } else {
446: $allroles{'/'}.=':'.$pr{$trole.':s'};
447: if ($tdomain ne '') {
448: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
449: if ($trest ne '') {
450: $allroles{$area}.=':'.$pr{$trole.':c'};
451: }
452: }
453: }
454: }
455: }
456: } split(/&/,$rolesdump);
457: map {
458: %thesepriv=();
459: map {
460: if ($_ ne '') {
461: my ($priviledge,$restrictions)=split(/&/,$_);
462: if ($restrictions eq '') {
463: $thesepriv{$priviledge}='F';
464: } else {
465: if ($thesepriv{$priviledge} ne 'F') {
466: $thesepriv{$priviledge}.=$restrictions;
467: }
468: }
469: }
470: } split(/:/,$allroles{$_});
471: $thesestr='';
472: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
473: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
474: } keys %allroles;
475: }
476: return $userroles;
477: }
478:
479: # --------------------------------------------------------------- get interface
480:
481: sub get {
482: my ($namespace,@storearr)=@_;
483: my $items='';
484: map {
485: $items.=escape($_).'&';
486: } @storearr;
487: $items=~s/\&$//;
488: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
489: $ENV{'user.home'});
490: my @pairs=split(/\&/,$rep);
491: my %returnhash=();
492: map {
493: my ($key,$value)=split(/=/,$_);
494: $returnhash{unespace($key)}=unescape($value);
495: } @pairs;
496: return %returnhash;
497: }
498:
499: # -------------------------------------------------------------- dump interface
500:
501: sub dump {
502: my $namespace=shift;
503: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
504: $ENV{'user.home'});
505: my @pairs=split(/\&/,$rep);
506: my %returnhash=();
507: map {
508: my ($key,$value)=split(/=/,$_);
509: $returnhash{unespace($key)}=unescape($value);
510: } @pairs;
511: return %returnhash;
512: }
513:
514: # --------------------------------------------------------------- put interface
515:
516: sub put {
517: my ($namespace,%storehash)=@_;
518: my $items='';
519: map {
520: $items.=escape($_).'='.escape($storehash{$_}).'&';
521: } keys %storehash;
522: $items=~s/\&$//;
523: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
524: $ENV{'user.home'});
525: }
526:
527: # -------------------------------------------------------------- eget interface
528:
529: sub eget {
530: my ($namespace,@storearr)=@_;
531: my $items='';
532: map {
533: $items.=escape($_).'&';
534: } @storearr;
535: $items=~s/\&$//;
536: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
537: $ENV{'user.home'});
538: my @pairs=split(/\&/,$rep);
539: my %returnhash=();
540: map {
541: my ($key,$value)=split(/=/,$_);
542: $returnhash{unespace($key)}=unescape($value);
543: } @pairs;
544: return %returnhash;
545: }
546:
547: # ------------------------------------------------- Check for a user priviledge
548:
549: sub allowed {
550: my ($priv,$uri)=@_;
551: $uri=~s/^\/res//;
552: $uri=~s/^\///;
553: if ($uri=~/^adm\//) {
554: return 'F';
555: }
556: my $thisallowed='';
557: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
558: $thisallowed.=$1;
559: }
560: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
561: $thisallowed.=$1;
562: }
563: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
564: $thisallowed.=$1;
565: }
566: return $thisallowed;
567: }
568:
569: # ----------------------------------------------------------------- Define Role
570:
571: sub definerole {
572: if (allowed('mcr','/')) {
573: my ($rolename,$sysrole,$domrole,$courole)=@_;
574: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
575: "$ENV{'user.domain'}:$ENV{'user.name'}:".
576: "rolesdef&$rolename=$sysrole&&$domrole&&$courole";
577: return reply($command,$ENV{'user.home'});
578: } else {
579: return 'refused';
580: }
581: }
582:
583: # ------------------------------------------------------------------ Plain Text
584:
585: sub plaintext {
586: return $prp{$_};
587: }
588:
589: # ----------------------------------------------------------------- Assign Role
590:
591: sub assignrole {
592: }
593:
594: # ------------------------------------------------------------ Directory lister
595:
596: sub dirlist {
597: my $uri=shift;
598: $uri=~s/^\///;
599: $uri=~s/\/$//;
600: $uri=~/^res\/(\w+)\/(\w+)/;
601: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,homeserver($2,$1));
602: return split(/:/,$listing);
603: }
604:
605: # -------------------------------------------------------- Escape Special Chars
606:
607: sub escape {
608: my $str=shift;
609: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
610: return $str;
611: }
612:
613: # ----------------------------------------------------- Un-Escape Special Chars
614:
615: sub unescape {
616: my $str=shift;
617: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
618: return $str;
619: }
620:
621: # ================================================================ Main Program
622:
623: sub BEGIN {
624: if ($readit ne 'done') {
625: # ------------------------------------------------------------ Read access.conf
626: {
627: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
628:
629: while (my $configline=<$config>) {
630: if ($configline =~ /PerlSetVar/) {
631: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
632: chomp($varvalue);
633: $perlvar{$varname}=$varvalue;
634: }
635: }
636: }
637:
638: # ------------------------------------------------------------- Read hosts file
639: {
640: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
641:
642: while (my $configline=<$config>) {
643: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
644: $hostname{$id}=$name;
645: $hostdom{$id}=$domain;
646: if ($role eq 'library') { $libserv{$id}=$name; }
647: }
648: }
649:
650: # ------------------------------------------------------ Read spare server file
651: {
652: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
653:
654: while (my $configline=<$config>) {
655: chomp($configline);
656: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
657: $spareid{$configline}=1;
658: }
659: }
660: }
661: # ------------------------------------------------------------ Read permissions
662: {
663: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
664:
665: while (my $configline=<$config>) {
666: chomp($configline);
667: my ($role,$perm)=split(/ /,$configline);
668: if ($perm ne '') { $pr{$role}=$perm; }
669: }
670: }
671:
672: # -------------------------------------------- Read plain texts for permissions
673: {
674: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
675:
676: while (my $configline=<$config>) {
677: chomp($configline);
678: my ($short,$plain)=split(/:/,$configline);
679: if ($plain ne '') { $prp{$short}=$plain; }
680: }
681: }
682:
683: $readit='done';
684: &logthis('<font color=yellow>INFO: Read configuration</font>');
685: }
686: }
687: 1;
688:
689:
690:
691:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl