1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
9: # allowed(short,url) : returns codes for allowed actions
10: # F: full access
11: # U,I,K: authentication modes (cxx only)
12: # '': forbidden
13: # 1: user needs to choose course
14: # 2: browse allowed
15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
26: # appenv(hash) : adds hash to session environment
27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
31: # del(namesp,array) : deletes keys out of arry from namesp
32: # put(namesp,hash) : stores hash in namesp
33: # dump(namesp) : dumps the complete namespace into a hash
34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
36: # repcopy(filename) : replicate file
37: # dirlist(url) : gets a directory listing
38: # condval(index) : value of condition index based on state
39: # varval(name) : value of a variable
40: # refreshstate() : refresh the state information string
41: # symblist(map,hash) : Updates symbolic storage links
42: # rndseed() : returns a random seed
43: #
44: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
45: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
46: # 11/8,11/16,11/18,11/22,11/23,12/22,
47: # 01/06,01/13,02/24,02/28,02/29,
48: # 03/01,03/02,03/06,03/07,03/13,
49: # 04/05,05/29,05/31,06/01,
50: # 06/05,06/26 Gerd Kortemeyer
51: # 06/26 Ben Tyszka
52: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
53: # 08/14 Ben Tyszka
54: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28 Gerd Kortemeyer
55:
56: package Apache::lonnet;
57:
58: use strict;
59: use Apache::File;
60: use LWP::UserAgent();
61: use HTTP::Headers;
62: use vars
63: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
64: use IO::Socket;
65: use GDBM_File;
66: use Apache::Constants qw(:common :http);
67:
68: # --------------------------------------------------------------------- Logging
69:
70: sub logthis {
71: my $message=shift;
72: my $execdir=$perlvar{'lonDaemons'};
73: my $now=time;
74: my $local=localtime($now);
75: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
76: print $fh "$local ($$): $message\n";
77: return 1;
78: }
79:
80: sub logperm {
81: my $message=shift;
82: my $execdir=$perlvar{'lonDaemons'};
83: my $now=time;
84: my $local=localtime($now);
85: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
86: print $fh "$now:$message:$local\n";
87: return 1;
88: }
89:
90: # -------------------------------------------------- Non-critical communication
91: sub subreply {
92: my ($cmd,$server)=@_;
93: my $peerfile="$perlvar{'lonSockDir'}/$server";
94: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
95: Type => SOCK_STREAM,
96: Timeout => 10)
97: or return "con_lost";
98: print $client "$cmd\n";
99: my $answer=<$client>;
100: if (!$answer) { $answer="con_lost"; }
101: chomp($answer);
102: return $answer;
103: }
104:
105: sub reply {
106: my ($cmd,$server)=@_;
107: my $answer=subreply($cmd,$server);
108: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
109: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
110: ($answer=~/^rejected/)) {
111: &logthis("<font color=blue>WARNING:".
112: " $cmd to $server returned $answer</font>");
113: }
114: return $answer;
115: }
116:
117: # ----------------------------------------------------------- Send USR1 to lonc
118:
119: sub reconlonc {
120: my $peerfile=shift;
121: &logthis("Trying to reconnect for $peerfile");
122: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
123: if (my $fh=Apache::File->new("$loncfile")) {
124: my $loncpid=<$fh>;
125: chomp($loncpid);
126: if (kill 0 => $loncpid) {
127: &logthis("lonc at pid $loncpid responding, sending USR1");
128: kill USR1 => $loncpid;
129: sleep 1;
130: if (-e "$peerfile") { return; }
131: &logthis("$peerfile still not there, give it another try");
132: sleep 5;
133: if (-e "$peerfile") { return; }
134: &logthis(
135: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
136: } else {
137: &logthis(
138: "<font color=blue>WARNING:".
139: " lonc at pid $loncpid not responding, giving up</font>");
140: }
141: } else {
142: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
143: }
144: }
145:
146: # ------------------------------------------------------ Critical communication
147:
148: sub critical {
149: my ($cmd,$server)=@_;
150: my $answer=reply($cmd,$server);
151: if ($answer eq 'con_lost') {
152: my $pingreply=reply('ping',$server);
153: &reconlonc("$perlvar{'lonSockDir'}/$server");
154: my $pongreply=reply('pong',$server);
155: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
156: $answer=reply($cmd,$server);
157: if ($answer eq 'con_lost') {
158: my $now=time;
159: my $middlename=$cmd;
160: $middlename=substr($middlename,0,16);
161: $middlename=~s/\W//g;
162: my $dfilename=
163: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
164: {
165: my $dfh;
166: if ($dfh=Apache::File->new(">$dfilename")) {
167: print $dfh "$cmd\n";
168: }
169: }
170: sleep 2;
171: my $wcmd='';
172: {
173: my $dfh;
174: if ($dfh=Apache::File->new("$dfilename")) {
175: $wcmd=<$dfh>;
176: }
177: }
178: chomp($wcmd);
179: if ($wcmd eq $cmd) {
180: &logthis("<font color=blue>WARNING: ".
181: "Connection buffer $dfilename: $cmd</font>");
182: &logperm("D:$server:$cmd");
183: return 'con_delayed';
184: } else {
185: &logthis("<font color=red>CRITICAL:"
186: ." Critical connection failed: $server $cmd</font>");
187: &logperm("F:$server:$cmd");
188: return 'con_failed';
189: }
190: }
191: }
192: return $answer;
193: }
194:
195: # ---------------------------------------------------------- Append Environment
196:
197: sub appenv {
198: my %newenv=@_;
199: my @oldenv;
200: {
201: my $fh;
202: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
203: return 'error';
204: }
205: @oldenv=<$fh>;
206: }
207: for (my $i=0; $i<=$#oldenv; $i++) {
208: chomp($oldenv[$i]);
209: if ($oldenv[$i] ne '') {
210: my ($name,$value)=split(/=/,$oldenv[$i]);
211: unless (defined($newenv{$name})) {
212: $newenv{$name}=$value;
213: }
214: }
215: }
216: {
217: my $fh;
218: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
219: return 'error';
220: }
221: my $newname;
222: foreach $newname (keys %newenv) {
223: print $fh "$newname=$newenv{$newname}\n";
224: }
225: }
226: return 'ok';
227: }
228:
229: # ------------------------------ Find server with least workload from spare.tab
230:
231: sub spareserver {
232: my $tryserver;
233: my $spareserver='';
234: my $lowestserver=100;
235: foreach $tryserver (keys %spareid) {
236: my $answer=reply('load',$tryserver);
237: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
238: $spareserver="http://$hostname{$tryserver}";
239: $lowestserver=$answer;
240: }
241: }
242: return $spareserver;
243: }
244:
245: # --------- Try to authenticate user from domain's lib servers (first this one)
246:
247: sub authenticate {
248: my ($uname,$upass,$udom)=@_;
249: $upass=escape($upass);
250: if (($perlvar{'lonRole'} eq 'library') &&
251: ($udom eq $perlvar{'lonDefDomain'})) {
252: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
253: if ($answer =~ /authorized/) {
254: if ($answer eq 'authorized') {
255: &logthis("User $uname at $udom authorized by local server");
256: return $perlvar{'lonHostID'};
257: }
258: if ($answer eq 'non_authorized') {
259: &logthis("User $uname at $udom rejected by local server");
260: return 'no_host';
261: }
262: }
263: }
264:
265: my $tryserver;
266: foreach $tryserver (keys %libserv) {
267: if ($hostdom{$tryserver} eq $udom) {
268: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
269: if ($answer =~ /authorized/) {
270: if ($answer eq 'authorized') {
271: &logthis("User $uname at $udom authorized by $tryserver");
272: return $tryserver;
273: }
274: if ($answer eq 'non_authorized') {
275: &logthis("User $uname at $udom rejected by $tryserver");
276: return 'no_host';
277: }
278: }
279: }
280: }
281: &logthis("User $uname at $udom could not be authenticated");
282: return 'no_host';
283: }
284:
285: # ---------------------- Find the homebase for a user from domain's lib servers
286:
287: sub homeserver {
288: my ($uname,$udom)=@_;
289:
290: my $index="$uname:$udom";
291: if ($homecache{$index}) { return "$homecache{$index}"; }
292:
293: my $tryserver;
294: foreach $tryserver (keys %libserv) {
295: if ($hostdom{$tryserver} eq $udom) {
296: my $answer=reply("home:$udom:$uname",$tryserver);
297: if ($answer eq 'found') {
298: $homecache{$index}=$tryserver;
299: return $tryserver;
300: }
301: }
302: }
303: return 'no_host';
304: }
305:
306: # ----------------------------- Subscribe to a resource, return URL if possible
307:
308: sub subscribe {
309: my $fname=shift;
310: my $author=$fname;
311: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
312: my ($udom,$uname)=split(/\//,$author);
313: my $home=homeserver($uname,$udom);
314: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
315: return 'not_found';
316: }
317: my $answer=reply("sub:$fname",$home);
318: return $answer;
319: }
320:
321: # -------------------------------------------------------------- Replicate file
322:
323: sub repcopy {
324: my $filename=shift;
325: $filename=~s/\/+/\//g;
326: my $transname="$filename.in.transfer";
327: if ((-e $filename) || (-e $transname)) { return OK; }
328: my $remoteurl=subscribe($filename);
329: if ($remoteurl eq 'con_lost') {
330: &logthis("Subscribe returned con_lost: $filename");
331: return HTTP_SERVICE_UNAVAILABLE;
332: } elsif ($remoteurl eq 'not_found') {
333: &logthis("Subscribe returned not_found: $filename");
334: return HTTP_NOT_FOUND;
335: } elsif ($remoteurl eq 'rejected') {
336: &logthis("Subscribe returned rejected: $filename");
337: return FORBIDDEN;
338: } elsif ($remoteurl eq 'directory') {
339: return OK;
340: } else {
341: my @parts=split(/\//,$filename);
342: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
343: if ($path ne "$perlvar{'lonDocRoot'}/res") {
344: &logthis("Malconfiguration for replication: $filename");
345: return HTTP_BAD_REQUEST;
346: }
347: my $count;
348: for ($count=5;$count<$#parts;$count++) {
349: $path.="/$parts[$count]";
350: if ((-e $path)!=1) {
351: mkdir($path,0777);
352: }
353: }
354: my $ua=new LWP::UserAgent;
355: my $request=new HTTP::Request('GET',"$remoteurl");
356: my $response=$ua->request($request,$transname);
357: if ($response->is_error()) {
358: unlink($transname);
359: my $message=$response->status_line;
360: &logthis("<font color=blue>WARNING:"
361: ." LWP get: $message: $filename</font>");
362: return HTTP_SERVICE_UNAVAILABLE;
363: } else {
364: if ($remoteurl!~/\.meta$/) {
365: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
366: my $mresponse=$ua->request($mrequest,$filename.'.meta');
367: if ($mresponse->is_error()) {
368: unlink($filename.'.meta');
369: &logthis(
370: "<font color=yellow>INFO: No metadata: $filename</font>");
371: }
372: }
373: rename($transname,$filename);
374: return OK;
375: }
376: }
377: }
378:
379: # --------------------------------------------------------- Server Side Include
380:
381: sub ssi {
382:
383: my ($fn,%form)=@_;
384:
385: my $ua=new LWP::UserAgent;
386:
387: my $request;
388:
389: if (%form) {
390: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
391: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
392: } else {
393: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
394: }
395:
396: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
397: my $response=$ua->request($request);
398:
399: return $response->content;
400: }
401:
402: # ------------------------------------------------------------------------- Log
403:
404: sub log {
405: my ($dom,$nam,$hom,$what)=@_;
406: return reply("log:$dom:$nam:$what",$hom);
407: }
408:
409: # ----------------------------------------------------------------------- Store
410:
411: sub store {
412: my %storehash=@_;
413: my $symb;
414: unless ($symb=escape(&symbread())) { return ''; }
415: my $namespace;
416: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
417: my $namevalue='';
418: map {
419: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
420: } keys %storehash;
421: $namevalue=~s/\&$//;
422: return reply(
423: "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue",
424: "$ENV{'user.home'}");
425: }
426:
427: # --------------------------------------------------------------------- Restore
428:
429: sub restore {
430: my $symb;
431: unless ($symb=escape(&symbread())) { return ''; }
432: my $namespace;
433: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
434: my $answer=reply(
435: "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb",
436: "$ENV{'user.home'}");
437: my %returnhash=();
438: map {
439: my ($name,$value)=split(/\=/,$_);
440: $returnhash{&unescape($name)}=&unescape($value);
441: } split(/\&/,$answer);
442: map {
443: $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_};
444: } split(/\:/,$returnhash{$returnhash{'version'}.':keys'});
445: return %returnhash;
446: }
447:
448: # -------------------------------------------------------- Get user priviledges
449:
450: sub rolesinit {
451: my ($domain,$username,$authhost)=@_;
452: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
453: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
454: my %allroles=();
455: my %thesepriv=();
456: my $now=time;
457: my $userroles="user.login.time=$now\n";
458: my $thesestr;
459:
460: if ($rolesdump ne '') {
461: map {
462: if ($_!~/^rolesdef\&/) {
463: my ($area,$role)=split(/=/,$_);
464: $area=~s/\_\w\w$//;
465: my ($trole,$tend,$tstart)=split(/_/,$role);
466: $userroles.='user.role.'.$trole.'.'.$area.'='.
467: $tstart.'.'.$tend."\n";
468: if ($tend!=0) {
469: if ($tend<$now) {
470: $trole='';
471: }
472: }
473: if ($tstart!=0) {
474: if ($tstart>$now) {
475: $trole='';
476: }
477: }
478: if (($area ne '') && ($trole ne '')) {
479: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
480: if ($trole =~ /^cr\//) {
481: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
482: my $homsvr=homeserver($rauthor,$rdomain);
483: if ($hostname{$homsvr} ne '') {
484: my $roledef=
485: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
486: $homsvr);
487: if (($roledef ne 'con_lost') && ($roledef ne '')) {
488: my ($syspriv,$dompriv,$coursepriv)=
489: split(/\_/,unescape($roledef));
490: $allroles{'/'}.=':'.$syspriv;
491: if ($tdomain ne '') {
492: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
493: if ($trest ne '') {
494: $allroles{$area}.=':'.$coursepriv;
495: }
496: }
497: }
498: }
499: } else {
500: $allroles{'/'}.=':'.$pr{$trole.':s'};
501: if ($tdomain ne '') {
502: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
503: if ($trest ne '') {
504: $allroles{$area}.=':'.$pr{$trole.':c'};
505: }
506: }
507: }
508: }
509: }
510: } split(/&/,$rolesdump);
511: map {
512: %thesepriv=();
513: map {
514: if ($_ ne '') {
515: my ($priviledge,$restrictions)=split(/&/,$_);
516: if ($restrictions eq '') {
517: $thesepriv{$priviledge}='F';
518: } else {
519: if ($thesepriv{$priviledge} ne 'F') {
520: $thesepriv{$priviledge}.=$restrictions;
521: }
522: }
523: }
524: } split(/:/,$allroles{$_});
525: $thesestr='';
526: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
527: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
528: } keys %allroles;
529: }
530: return $userroles;
531: }
532:
533: # --------------------------------------------------------------- get interface
534:
535: sub get {
536: my ($namespace,@storearr)=@_;
537: my $items='';
538: map {
539: $items.=escape($_).'&';
540: } @storearr;
541: $items=~s/\&$//;
542: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
543: $ENV{'user.home'});
544: my @pairs=split(/\&/,$rep);
545: my %returnhash=();
546: map {
547: my ($key,$value)=split(/=/,$_);
548: $returnhash{unescape($key)}=unescape($value);
549: } @pairs;
550: return %returnhash;
551: }
552:
553: # --------------------------------------------------------------- del interface
554:
555: sub del {
556: my ($namespace,@storearr)=@_;
557: my $items='';
558: map {
559: $items.=escape($_).'&';
560: } @storearr;
561: $items=~s/\&$//;
562: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
563: $ENV{'user.home'});
564: }
565:
566: # -------------------------------------------------------------- dump interface
567:
568: sub dump {
569: my $namespace=shift;
570: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
571: $ENV{'user.home'});
572: my @pairs=split(/\&/,$rep);
573: my %returnhash=();
574: map {
575: my ($key,$value)=split(/=/,$_);
576: $returnhash{unescape($key)}=unescape($value);
577: } @pairs;
578: return %returnhash;
579: }
580:
581: # --------------------------------------------------------------- put interface
582:
583: sub put {
584: my ($namespace,%storehash)=@_;
585: my $items='';
586: map {
587: $items.=escape($_).'='.escape($storehash{$_}).'&';
588: } keys %storehash;
589: $items=~s/\&$//;
590: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
591: $ENV{'user.home'});
592: }
593:
594: # -------------------------------------------------------------- eget interface
595:
596: sub eget {
597: my ($namespace,@storearr)=@_;
598: my $items='';
599: map {
600: $items.=escape($_).'&';
601: } @storearr;
602: $items=~s/\&$//;
603: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
604: $ENV{'user.home'});
605: my @pairs=split(/\&/,$rep);
606: my %returnhash=();
607: map {
608: my ($key,$value)=split(/=/,$_);
609: $returnhash{unescape($key)}=unescape($value);
610: } @pairs;
611: return %returnhash;
612: }
613:
614: # ------------------------------------------------- Check for a user priviledge
615:
616: sub allowed {
617: my ($priv,$uri)=@_;
618: $uri=~s/^\/res//;
619: $uri=~s/^\///;
620:
621: # Free bre access to adm resources
622:
623: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
624: return 'F';
625: }
626:
627: # Gather priviledges over system and domain
628:
629: my $thisallowed='';
630: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
631: $thisallowed.=$1;
632: }
633: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
634: $thisallowed.=$1;
635: }
636:
637: # Full access at system or domain level? Exit.
638:
639: if ($thisallowed=~/F/) {
640: return 'F';
641: }
642:
643: # The user does not have full access at system or domain level
644: # Course level access control
645:
646: # uri itself refering to a course?
647:
648: if ($uri=~/\.course$/) {
649: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
650: $thisallowed.=$1;
651: }
652: # Full access on course level? Exit.
653: if ($thisallowed=~/F/) {
654: return 'F';
655: }
656:
657: # uri is refering to an individual resource; user needs to be in a course
658:
659: } else {
660:
661: unless(defined($ENV{'request.course.id'})) {
662: return '1';
663: }
664:
665: # Get access priviledges for course
666:
667: if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) {
668: $thisallowed.=$1;
669: }
670:
671: # See if resource or referer is part of this course
672:
673: my @uriparts=split(/\//,$uri);
674: my $urifile=$uriparts[$#uriparts];
675: $urifile=~/\.(\w+)$/;
676: my $uritype=$1;
677: $#uriparts--;
678: my $uripath=join('/',@uriparts);
679: my $uricond=-1;
680: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
681: /\&$urifile\:(\d+)\&/) {
682: $uricond=$1;
683: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
684: my $refuri=$ENV{'HTTP_REFERER'};
685: $refuri=~s/^\/res//;
686: $refuri=~s/^\///;
687: @uriparts=split(/\//,$refuri);
688: $urifile=$uriparts[$#uriparts];
689: $#uriparts--;
690: $uripath=join('/',@uriparts);
691: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
692: /\&$urifile\:(\d+)\&/) {
693: $uricond=$1;
694: }
695: }
696:
697: if ($uricond>=0) {
698:
699: # The resource is part of the course
700: # If user had full access on course level, go ahead
701:
702: if ($thisallowed=~/F/) {
703: return 'F';
704: }
705:
706: # Restricted by state?
707:
708: if ($thisallowed=~/X/) {
709: if (&condval($uricond)>1) {
710: return '2';
711: } else {
712: return '';
713: }
714: }
715: }
716: }
717: return $thisallowed;
718: }
719:
720: # ---------------------------------------------------------- Refresh State Info
721:
722: sub refreshstate {
723: }
724:
725: # ----------------------------------------------------------------- Define Role
726:
727: sub definerole {
728: if (allowed('mcr','/')) {
729: my ($rolename,$sysrole,$domrole,$courole)=@_;
730: map {
731: my ($crole,$cqual)=split(/\&/,$_);
732: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
733: if ($pr{'cr:s'}=~/$crole\&/) {
734: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
735: return "refused:s:$crole&$cqual";
736: }
737: }
738: } split('/',$sysrole);
739: map {
740: my ($crole,$cqual)=split(/\&/,$_);
741: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
742: if ($pr{'cr:d'}=~/$crole\&/) {
743: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
744: return "refused:d:$crole&$cqual";
745: }
746: }
747: } split('/',$domrole);
748: map {
749: my ($crole,$cqual)=split(/\&/,$_);
750: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
751: if ($pr{'cr:c'}=~/$crole\&/) {
752: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
753: return "refused:c:$crole&$cqual";
754: }
755: }
756: } split('/',$courole);
757: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
758: "$ENV{'user.domain'}:$ENV{'user.name'}:".
759: "rolesdef_$rolename=".
760: escape($sysrole.'_'.$domrole.'_'.$courole);
761: return reply($command,$ENV{'user.home'});
762: } else {
763: return 'refused';
764: }
765: }
766:
767: # ------------------------------------------------------------------ Plain Text
768:
769: sub plaintext {
770: my $short=shift;
771: return $prp{$short};
772: }
773:
774: # ------------------------------------------------------------------ Plain Text
775:
776: sub fileembstyle {
777: my $ending=shift;
778: return $fe{$ending};
779: }
780:
781: # ------------------------------------------------------------ Description Text
782:
783: sub filedecription {
784: my $ending=shift;
785: return $fd{$ending};
786: }
787:
788: # ----------------------------------------------------------------- Assign Role
789:
790: sub assignrole {
791: my ($udom,$uname,$url,$role,$end,$start)=@_;
792: my $mrole;
793: $url=declutter($url);
794: if ($role =~ /^cr\//) {
795: unless ($url=~/\.course$/) { return 'invalid'; }
796: unless (allowed('ccr',$url)) { return 'refused'; }
797: $mrole='cr';
798: } else {
799: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
800: unless (allowed('c'+$role)) { return 'refused'; }
801: $mrole=$role;
802: }
803: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
804: "$udom:$uname:$url".'_'."$mrole=$role";
805: if ($end) { $command.='_$end'; }
806: if ($start) {
807: if ($end) {
808: $command.='_$start';
809: } else {
810: $command.='_0_$start';
811: }
812: }
813: return &reply($command,&homeserver($uname,$udom));
814: }
815:
816: # ---------------------------------------------------------- Assign Custom Role
817:
818: sub assigncustomrole {
819: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
820: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
821: $end,$start);
822: }
823:
824: # ----------------------------------------------------------------- Revoke Role
825:
826: sub revokerole {
827: my ($udom,$uname,$url,$role)=@_;
828: my $now=time;
829: return &assignrole($udom,$uname,$url,$role,$now);
830: }
831:
832: # ---------------------------------------------------------- Revoke Custom Role
833:
834: sub revokecustomrole {
835: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
836: my $now=time;
837: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
838: }
839:
840: # ------------------------------------------------------------ Directory lister
841:
842: sub dirlist {
843: my $uri=shift;
844: $uri=~s/^\///;
845: $uri=~s/\/$//;
846: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
847: if ($udom) {
848: if ($uname) {
849: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
850: homeserver($uname,$udom));
851: return split(/:/,$listing);
852: } else {
853: my $tryserver;
854: my %allusers=();
855: foreach $tryserver (keys %libserv) {
856: if ($hostdom{$tryserver} eq $udom) {
857: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
858: $tryserver);
859: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
860: && ($listing ne 'con_lost')) {
861: map {
862: my ($entry,@stat)=split(/&/,$_);
863: $allusers{$entry}=1;
864: } split(/:/,$listing);
865: }
866: }
867: }
868: my $alluserstr='';
869: map {
870: $alluserstr.=$_.'&user:';
871: } sort keys %allusers;
872: $alluserstr=~s/:$//;
873: return split(/:/,$alluserstr);
874: }
875: } else {
876: my $tryserver;
877: my %alldom=();
878: foreach $tryserver (keys %libserv) {
879: $alldom{$hostdom{$tryserver}}=1;
880: }
881: my $alldomstr='';
882: map {
883: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
884: } sort keys %alldom;
885: $alldomstr=~s/:$//;
886: return split(/:/,$alldomstr);
887: }
888: }
889:
890: # -------------------------------------------------------- Value of a Condition
891:
892: sub condval {
893: my $condidx=shift;
894: my $result=0;
895: if ($ENV{'request.course.id'}) {
896: if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) {
897: my $operand='|';
898: my @stack;
899: map {
900: if ($_ eq '(') {
901: push @stack,($operand,$result)
902: } elsif ($_ eq ')') {
903: my $before=pop @stack;
904: if (pop @stack eq '&') {
905: $result=$result>$before?$before:$result;
906: } else {
907: $result=$result>$before?$result:$before;
908: }
909: } elsif (($_ eq '&') || ($_ eq '|')) {
910: $operand=$_;
911: } else {
912: my $new=
913: substr($ENV{'user.state.'.$ENV{'request.course.id'}},$_,1);
914: if ($operand eq '&') {
915: $result=$result>$new?$new:$result;
916: } else {
917: $result=$result>$new?$result:$new;
918: }
919: }
920: } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~
921: /(\d+|\(|\)|\&|\|)/g);
922: }
923: }
924: return $result;
925: }
926:
927: # --------------------------------------------------------- Value of a Variable
928:
929: sub varval {
930: my ($realm,$space,@components)=split(/\./,shift);
931: my $value='';
932: if ($realm eq 'user') {
933: if ($space=~/^resource/) {
934: $space=~s/^resource\[//;
935: $space=~s/\]$//;
936:
937: } else {
938: }
939: } elsif ($realm eq 'course') {
940: } elsif ($realm eq 'session') {
941: } elsif ($realm eq 'system') {
942: }
943: return $value;
944: }
945:
946: # ------------------------------------------------- Update symbolic store links
947:
948: sub symblist {
949: my ($mapname,%newhash)=@_;
950: $mapname=declutter($mapname);
951: my %hash;
952: if (($ENV{'request.course.fn'}) && (%newhash)) {
953: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
954: &GDBM_WRCREAT,0640)) {
955: map {
956: $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
957: } keys %newhash;
958: if (untie(%hash)) {
959: return 'ok';
960: }
961: }
962: }
963: return 'error';
964: }
965:
966: # ------------------------------------------------------ Return symb list entry
967:
968: sub symbread {
969: my %hash;
970: my $syval;
971: if (($ENV{'request.course.fn'}) && ($ENV{'request.filename'})) {
972: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
973: &GDBM_READER,0640)) {
974: my $thisfn=declutter($ENV{'request.filename'});
975: $syval=$hash{$thisfn};
976: if (untie(%hash)) {
977: unless ($syval=~/\_\d+$/) {
978: unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
979: return '';
980: }
981: $syval.=$1;
982: }
983: $syval.='___'.$thisfn;
984: return $syval;
985: }
986: }
987: }
988: return '';
989: }
990:
991: # ---------------------------------------------------------- Return random seed
992:
993: sub numval {
994: my $txt=shift;
995: $txt=~tr/A-J/0-9/;
996: $txt=~tr/a-j/0-9/;
997: $txt=~tr/K-T/0-9/;
998: $txt=~tr/k-t/0-9/;
999: $txt=~tr/U-Z/0-5/;
1000: $txt=~tr/u-z/0-5/;
1001: $txt=~s/\D//g;
1002: return int($txt);
1003: }
1004:
1005: sub rndseed {
1006: my $symb;
1007: unless ($symb=&symbread()) { return ''; }
1008: my $symbchck=unpack("%32C*",$symb);
1009: my $symbseed=numval($symb)%$symbchck;
1010: my $namechck=unpack("%32C*",$ENV{'user.name'});
1011: my $nameseed=numval($ENV{'user.name'})%$namechck;
1012: return int( $symbseed
1013: .$nameseed
1014: .unpack("%32C*",$ENV{'user.domain'})
1015: .unpack("%32C*",$ENV{'request.course.id'})
1016: .$namechck
1017: .$symbchck);
1018: }
1019:
1020: # ------------------------------------------------------------- Declutters URLs
1021:
1022: sub declutter {
1023: my $thisfn=shift;
1024: $thisfn=~s/^$perlvar{'lonDocRoot'}//;
1025: $thisfn=~s/^\///;
1026: $thisfn=~s/^res\///;
1027: return $thisfn;
1028: }
1029:
1030: # -------------------------------------------------------- Escape Special Chars
1031:
1032: sub escape {
1033: my $str=shift;
1034: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
1035: return $str;
1036: }
1037:
1038: # ----------------------------------------------------- Un-Escape Special Chars
1039:
1040: sub unescape {
1041: my $str=shift;
1042: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1043: return $str;
1044: }
1045:
1046: # ================================================================ Main Program
1047:
1048: sub BEGIN {
1049: if ($readit ne 'done') {
1050: # ------------------------------------------------------------ Read access.conf
1051: {
1052: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
1053:
1054: while (my $configline=<$config>) {
1055: if ($configline =~ /PerlSetVar/) {
1056: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1057: chomp($varvalue);
1058: $perlvar{$varname}=$varvalue;
1059: }
1060: }
1061: }
1062:
1063: # ------------------------------------------------------------- Read hosts file
1064: {
1065: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
1066:
1067: while (my $configline=<$config>) {
1068: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
1069: $hostname{$id}=$name;
1070: $hostdom{$id}=$domain;
1071: if ($role eq 'library') { $libserv{$id}=$name; }
1072: }
1073: }
1074:
1075: # ------------------------------------------------------ Read spare server file
1076: {
1077: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
1078:
1079: while (my $configline=<$config>) {
1080: chomp($configline);
1081: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
1082: $spareid{$configline}=1;
1083: }
1084: }
1085: }
1086: # ------------------------------------------------------------ Read permissions
1087: {
1088: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
1089:
1090: while (my $configline=<$config>) {
1091: chomp($configline);
1092: my ($role,$perm)=split(/ /,$configline);
1093: if ($perm ne '') { $pr{$role}=$perm; }
1094: }
1095: }
1096:
1097: # -------------------------------------------- Read plain texts for permissions
1098: {
1099: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
1100:
1101: while (my $configline=<$config>) {
1102: chomp($configline);
1103: my ($short,$plain)=split(/:/,$configline);
1104: if ($plain ne '') { $prp{$short}=$plain; }
1105: }
1106: }
1107:
1108: # ------------------------------------------------------------- Read file types
1109: {
1110: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
1111:
1112: while (my $configline=<$config>) {
1113: chomp($configline);
1114: my ($ending,$emb,@descr)=split(/\s+/,$configline);
1115: if ($descr[0] ne '') {
1116: $fe{$ending}=$emb;
1117: $fd{$ending}=join(' ',@descr);
1118: }
1119: }
1120: }
1121:
1122:
1123: $readit='done';
1124: &logthis('<font color=yellow>INFO: Read configuration</font>');
1125: }
1126: }
1127: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl