1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
9: # allowed(short,url) : returns codes for allowed actions
10: # F: full access
11: # U,I,K: authentication modes (cxx only)
12: # '': forbidden
13: # 1: user needs to choose course
14: # 2: browse allowed
15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
26: # appenv(hash) : adds hash to session environment
27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
31: # del(namesp,array) : deletes keys out of arry from namesp
32: # put(namesp,hash) : stores hash in namesp
33: # dump(namesp) : dumps the complete namespace into a hash
34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
36: # coursedescription(id) : returns and caches course description for id
37: # repcopy(filename) : replicate file
38: # dirlist(url) : gets a directory listing
39: # condval(index) : value of condition index based on state
40: # varval(name) : value of a variable
41: # refreshstate() : refresh the state information string
42: # symblist(map,hash) : Updates symbolic storage links
43: # rndseed() : returns a random seed
44: #
45: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
46: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
47: # 11/8,11/16,11/18,11/22,11/23,12/22,
48: # 01/06,01/13,02/24,02/28,02/29,
49: # 03/01,03/02,03/06,03/07,03/13,
50: # 04/05,05/29,05/31,06/01,
51: # 06/05,06/26 Gerd Kortemeyer
52: # 06/26 Ben Tyszka
53: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
54: # 08/14 Ben Tyszka
55: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer
56:
57: package Apache::lonnet;
58:
59: use strict;
60: use Apache::File;
61: use LWP::UserAgent();
62: use HTTP::Headers;
63: use vars
64: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
65: use IO::Socket;
66: use GDBM_File;
67: use Apache::Constants qw(:common :http);
68:
69: # --------------------------------------------------------------------- Logging
70:
71: sub logthis {
72: my $message=shift;
73: my $execdir=$perlvar{'lonDaemons'};
74: my $now=time;
75: my $local=localtime($now);
76: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
77: print $fh "$local ($$): $message\n";
78: return 1;
79: }
80:
81: sub logperm {
82: my $message=shift;
83: my $execdir=$perlvar{'lonDaemons'};
84: my $now=time;
85: my $local=localtime($now);
86: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
87: print $fh "$now:$message:$local\n";
88: return 1;
89: }
90:
91: # -------------------------------------------------- Non-critical communication
92: sub subreply {
93: my ($cmd,$server)=@_;
94: my $peerfile="$perlvar{'lonSockDir'}/$server";
95: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
96: Type => SOCK_STREAM,
97: Timeout => 10)
98: or return "con_lost";
99: print $client "$cmd\n";
100: my $answer=<$client>;
101: if (!$answer) { $answer="con_lost"; }
102: chomp($answer);
103: return $answer;
104: }
105:
106: sub reply {
107: my ($cmd,$server)=@_;
108: my $answer=subreply($cmd,$server);
109: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
110: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
111: ($answer=~/^rejected/)) {
112: &logthis("<font color=blue>WARNING:".
113: " $cmd to $server returned $answer</font>");
114: }
115: return $answer;
116: }
117:
118: # ----------------------------------------------------------- Send USR1 to lonc
119:
120: sub reconlonc {
121: my $peerfile=shift;
122: &logthis("Trying to reconnect for $peerfile");
123: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
124: if (my $fh=Apache::File->new("$loncfile")) {
125: my $loncpid=<$fh>;
126: chomp($loncpid);
127: if (kill 0 => $loncpid) {
128: &logthis("lonc at pid $loncpid responding, sending USR1");
129: kill USR1 => $loncpid;
130: sleep 1;
131: if (-e "$peerfile") { return; }
132: &logthis("$peerfile still not there, give it another try");
133: sleep 5;
134: if (-e "$peerfile") { return; }
135: &logthis(
136: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
137: } else {
138: &logthis(
139: "<font color=blue>WARNING:".
140: " lonc at pid $loncpid not responding, giving up</font>");
141: }
142: } else {
143: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
144: }
145: }
146:
147: # ------------------------------------------------------ Critical communication
148:
149: sub critical {
150: my ($cmd,$server)=@_;
151: my $answer=reply($cmd,$server);
152: if ($answer eq 'con_lost') {
153: my $pingreply=reply('ping',$server);
154: &reconlonc("$perlvar{'lonSockDir'}/$server");
155: my $pongreply=reply('pong',$server);
156: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
157: $answer=reply($cmd,$server);
158: if ($answer eq 'con_lost') {
159: my $now=time;
160: my $middlename=$cmd;
161: $middlename=substr($middlename,0,16);
162: $middlename=~s/\W//g;
163: my $dfilename=
164: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
165: {
166: my $dfh;
167: if ($dfh=Apache::File->new(">$dfilename")) {
168: print $dfh "$cmd\n";
169: }
170: }
171: sleep 2;
172: my $wcmd='';
173: {
174: my $dfh;
175: if ($dfh=Apache::File->new("$dfilename")) {
176: $wcmd=<$dfh>;
177: }
178: }
179: chomp($wcmd);
180: if ($wcmd eq $cmd) {
181: &logthis("<font color=blue>WARNING: ".
182: "Connection buffer $dfilename: $cmd</font>");
183: &logperm("D:$server:$cmd");
184: return 'con_delayed';
185: } else {
186: &logthis("<font color=red>CRITICAL:"
187: ." Critical connection failed: $server $cmd</font>");
188: &logperm("F:$server:$cmd");
189: return 'con_failed';
190: }
191: }
192: }
193: return $answer;
194: }
195:
196: # ---------------------------------------------------------- Append Environment
197:
198: sub appenv {
199: my %newenv=@_;
200: my @oldenv;
201: {
202: my $fh;
203: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
204: return 'error';
205: }
206: @oldenv=<$fh>;
207: }
208: for (my $i=0; $i<=$#oldenv; $i++) {
209: chomp($oldenv[$i]);
210: if ($oldenv[$i] ne '') {
211: my ($name,$value)=split(/=/,$oldenv[$i]);
212: unless (defined($newenv{$name})) {
213: $newenv{$name}=$value;
214: }
215: }
216: }
217: {
218: my $fh;
219: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
220: return 'error';
221: }
222: my $newname;
223: foreach $newname (keys %newenv) {
224: print $fh "$newname=$newenv{$newname}\n";
225: }
226: }
227: return 'ok';
228: }
229:
230: # ------------------------------ Find server with least workload from spare.tab
231:
232: sub spareserver {
233: my $tryserver;
234: my $spareserver='';
235: my $lowestserver=100;
236: foreach $tryserver (keys %spareid) {
237: my $answer=reply('load',$tryserver);
238: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
239: $spareserver="http://$hostname{$tryserver}";
240: $lowestserver=$answer;
241: }
242: }
243: return $spareserver;
244: }
245:
246: # --------- Try to authenticate user from domain's lib servers (first this one)
247:
248: sub authenticate {
249: my ($uname,$upass,$udom)=@_;
250: $upass=escape($upass);
251: if (($perlvar{'lonRole'} eq 'library') &&
252: ($udom eq $perlvar{'lonDefDomain'})) {
253: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
254: if ($answer =~ /authorized/) {
255: if ($answer eq 'authorized') {
256: &logthis("User $uname at $udom authorized by local server");
257: return $perlvar{'lonHostID'};
258: }
259: if ($answer eq 'non_authorized') {
260: &logthis("User $uname at $udom rejected by local server");
261: return 'no_host';
262: }
263: }
264: }
265:
266: my $tryserver;
267: foreach $tryserver (keys %libserv) {
268: if ($hostdom{$tryserver} eq $udom) {
269: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
270: if ($answer =~ /authorized/) {
271: if ($answer eq 'authorized') {
272: &logthis("User $uname at $udom authorized by $tryserver");
273: return $tryserver;
274: }
275: if ($answer eq 'non_authorized') {
276: &logthis("User $uname at $udom rejected by $tryserver");
277: return 'no_host';
278: }
279: }
280: }
281: }
282: &logthis("User $uname at $udom could not be authenticated");
283: return 'no_host';
284: }
285:
286: # ---------------------- Find the homebase for a user from domain's lib servers
287:
288: sub homeserver {
289: my ($uname,$udom)=@_;
290:
291: my $index="$uname:$udom";
292: if ($homecache{$index}) { return "$homecache{$index}"; }
293:
294: my $tryserver;
295: foreach $tryserver (keys %libserv) {
296: if ($hostdom{$tryserver} eq $udom) {
297: my $answer=reply("home:$udom:$uname",$tryserver);
298: if ($answer eq 'found') {
299: $homecache{$index}=$tryserver;
300: return $tryserver;
301: }
302: }
303: }
304: return 'no_host';
305: }
306:
307: # ----------------------------- Subscribe to a resource, return URL if possible
308:
309: sub subscribe {
310: my $fname=shift;
311: my $author=$fname;
312: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
313: my ($udom,$uname)=split(/\//,$author);
314: my $home=homeserver($uname,$udom);
315: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
316: return 'not_found';
317: }
318: my $answer=reply("sub:$fname",$home);
319: return $answer;
320: }
321:
322: # -------------------------------------------------------------- Replicate file
323:
324: sub repcopy {
325: my $filename=shift;
326: $filename=~s/\/+/\//g;
327: my $transname="$filename.in.transfer";
328: if ((-e $filename) || (-e $transname)) { return OK; }
329: my $remoteurl=subscribe($filename);
330: if ($remoteurl eq 'con_lost') {
331: &logthis("Subscribe returned con_lost: $filename");
332: return HTTP_SERVICE_UNAVAILABLE;
333: } elsif ($remoteurl eq 'not_found') {
334: &logthis("Subscribe returned not_found: $filename");
335: return HTTP_NOT_FOUND;
336: } elsif ($remoteurl eq 'rejected') {
337: &logthis("Subscribe returned rejected: $filename");
338: return FORBIDDEN;
339: } elsif ($remoteurl eq 'directory') {
340: return OK;
341: } else {
342: my @parts=split(/\//,$filename);
343: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
344: if ($path ne "$perlvar{'lonDocRoot'}/res") {
345: &logthis("Malconfiguration for replication: $filename");
346: return HTTP_BAD_REQUEST;
347: }
348: my $count;
349: for ($count=5;$count<$#parts;$count++) {
350: $path.="/$parts[$count]";
351: if ((-e $path)!=1) {
352: mkdir($path,0777);
353: }
354: }
355: my $ua=new LWP::UserAgent;
356: my $request=new HTTP::Request('GET',"$remoteurl");
357: my $response=$ua->request($request,$transname);
358: if ($response->is_error()) {
359: unlink($transname);
360: my $message=$response->status_line;
361: &logthis("<font color=blue>WARNING:"
362: ." LWP get: $message: $filename</font>");
363: return HTTP_SERVICE_UNAVAILABLE;
364: } else {
365: if ($remoteurl!~/\.meta$/) {
366: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
367: my $mresponse=$ua->request($mrequest,$filename.'.meta');
368: if ($mresponse->is_error()) {
369: unlink($filename.'.meta');
370: &logthis(
371: "<font color=yellow>INFO: No metadata: $filename</font>");
372: }
373: }
374: rename($transname,$filename);
375: return OK;
376: }
377: }
378: }
379:
380: # --------------------------------------------------------- Server Side Include
381:
382: sub ssi {
383:
384: my ($fn,%form)=@_;
385:
386: my $ua=new LWP::UserAgent;
387:
388: my $request;
389:
390: if (%form) {
391: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
392: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
393: } else {
394: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
395: }
396:
397: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
398: my $response=$ua->request($request);
399:
400: return $response->content;
401: }
402:
403: # ------------------------------------------------------------------------- Log
404:
405: sub log {
406: my ($dom,$nam,$hom,$what)=@_;
407: return reply("log:$dom:$nam:$what",$hom);
408: }
409:
410: # ----------------------------------------------------------------------- Store
411:
412: sub store {
413: my %storehash=@_;
414: my $symb;
415: unless ($symb=escape(&symbread())) { return ''; }
416: my $namespace;
417: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
418: my $namevalue='';
419: map {
420: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
421: } keys %storehash;
422: $namevalue=~s/\&$//;
423: return reply(
424: "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue",
425: "$ENV{'user.home'}");
426: }
427:
428: # --------------------------------------------------------------------- Restore
429:
430: sub restore {
431: my $symb;
432: unless ($symb=escape(&symbread())) { return ''; }
433: my $namespace;
434: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
435: my $answer=reply(
436: "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb",
437: "$ENV{'user.home'}");
438: my %returnhash=();
439: map {
440: my ($name,$value)=split(/\=/,$_);
441: $returnhash{&unescape($name)}=&unescape($value);
442: } split(/\&/,$answer);
443: map {
444: $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_};
445: } split(/\:/,$returnhash{$returnhash{'version'}.':keys'});
446: return %returnhash;
447: }
448:
449: # ---------------------------------------------------------- Course Description
450:
451: sub coursedescription {
452: my $courseid=shift;
453: $courseid=~s/^\///;
454: my ($cdomain,$cnum)=split(/\//,$courseid);
455: my $chome=homeserver($cnum,$cdomain);
456: if ($chome ne 'no_host') {
457: my $rep=reply("dump:$cdomain:$cnum:environment",$chome);
458: if ($rep ne 'con_lost') {
459: my %cachehash=();
460: my %returnhash=('home' => $chome,
461: 'domain' => $cdomain,
462: 'num' => $cnum);
463: map {
464: my ($name,$value)=split(/\=/,$_);
465: $name=&unescape($name);
466: $value=&unescape($value);
467: $returnhash{$name}=$value;
468: if ($name eq 'description') {
469: $cachehash{$courseid}=$value;
470: }
471: } split(/\&/,$rep);
472: $returnhash{'url'}='/res/'.declutter($returnhash{'url'});
473: $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'.
474: $ENV{'user.name.'}.'_'.$cdomain.'_'.$cnum;
475: put ('coursedescriptions',%cachehash);
476: return %returnhash;
477: }
478: }
479: return ();
480: }
481:
482: # -------------------------------------------------------- Get user priviledges
483:
484: sub rolesinit {
485: my ($domain,$username,$authhost)=@_;
486: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
487: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
488: my %allroles=();
489: my %thesepriv=();
490: my $now=time;
491: my $userroles="user.login.time=$now\n";
492: my $thesestr;
493:
494: if ($rolesdump ne '') {
495: map {
496: if ($_!~/^rolesdef\&/) {
497: my ($area,$role)=split(/=/,$_);
498: $area=~s/\_\w\w$//;
499: my ($trole,$tend,$tstart)=split(/_/,$role);
500: $userroles.='user.role.'.$trole.'.'.$area.'='.
501: $tstart.'.'.$tend."\n";
502: if ($tend!=0) {
503: if ($tend<$now) {
504: $trole='';
505: }
506: }
507: if ($tstart!=0) {
508: if ($tstart>$now) {
509: $trole='';
510: }
511: }
512: if (($area ne '') && ($trole ne '')) {
513: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
514: if ($trole =~ /^cr\//) {
515: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
516: my $homsvr=homeserver($rauthor,$rdomain);
517: if ($hostname{$homsvr} ne '') {
518: my $roledef=
519: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
520: $homsvr);
521: if (($roledef ne 'con_lost') && ($roledef ne '')) {
522: my ($syspriv,$dompriv,$coursepriv)=
523: split(/\_/,unescape($roledef));
524: $allroles{'/'}.=':'.$syspriv;
525: if ($tdomain ne '') {
526: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
527: if ($trest ne '') {
528: $allroles{$area}.=':'.$coursepriv;
529: }
530: }
531: }
532: }
533: } else {
534: $allroles{'/'}.=':'.$pr{$trole.':s'};
535: if ($tdomain ne '') {
536: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
537: if ($trest ne '') {
538: $allroles{$area}.=':'.$pr{$trole.':c'};
539: }
540: }
541: }
542: }
543: }
544: } split(/&/,$rolesdump);
545: map {
546: %thesepriv=();
547: map {
548: if ($_ ne '') {
549: my ($priviledge,$restrictions)=split(/&/,$_);
550: if ($restrictions eq '') {
551: $thesepriv{$priviledge}='F';
552: } else {
553: if ($thesepriv{$priviledge} ne 'F') {
554: $thesepriv{$priviledge}.=$restrictions;
555: }
556: }
557: }
558: } split(/:/,$allroles{$_});
559: $thesestr='';
560: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
561: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
562: } keys %allroles;
563: }
564: return $userroles;
565: }
566:
567: # --------------------------------------------------------------- get interface
568:
569: sub get {
570: my ($namespace,@storearr)=@_;
571: my $items='';
572: map {
573: $items.=escape($_).'&';
574: } @storearr;
575: $items=~s/\&$//;
576: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
577: $ENV{'user.home'});
578: my @pairs=split(/\&/,$rep);
579: my %returnhash=();
580: map {
581: my ($key,$value)=split(/=/,$_);
582: $returnhash{unescape($key)}=unescape($value);
583: } @pairs;
584: return %returnhash;
585: }
586:
587: # --------------------------------------------------------------- del interface
588:
589: sub del {
590: my ($namespace,@storearr)=@_;
591: my $items='';
592: map {
593: $items.=escape($_).'&';
594: } @storearr;
595: $items=~s/\&$//;
596: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
597: $ENV{'user.home'});
598: }
599:
600: # -------------------------------------------------------------- dump interface
601:
602: sub dump {
603: my $namespace=shift;
604: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
605: $ENV{'user.home'});
606: my @pairs=split(/\&/,$rep);
607: my %returnhash=();
608: map {
609: my ($key,$value)=split(/=/,$_);
610: $returnhash{unescape($key)}=unescape($value);
611: } @pairs;
612: return %returnhash;
613: }
614:
615: # --------------------------------------------------------------- put interface
616:
617: sub put {
618: my ($namespace,%storehash)=@_;
619: my $items='';
620: map {
621: $items.=escape($_).'='.escape($storehash{$_}).'&';
622: } keys %storehash;
623: $items=~s/\&$//;
624: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
625: $ENV{'user.home'});
626: }
627:
628: # -------------------------------------------------------------- eget interface
629:
630: sub eget {
631: my ($namespace,@storearr)=@_;
632: my $items='';
633: map {
634: $items.=escape($_).'&';
635: } @storearr;
636: $items=~s/\&$//;
637: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
638: $ENV{'user.home'});
639: my @pairs=split(/\&/,$rep);
640: my %returnhash=();
641: map {
642: my ($key,$value)=split(/=/,$_);
643: $returnhash{unescape($key)}=unescape($value);
644: } @pairs;
645: return %returnhash;
646: }
647:
648: # ------------------------------------------------- Check for a user priviledge
649:
650: sub allowed {
651: my ($priv,$uri)=@_;
652: $uri=~s/^\/res//;
653: $uri=~s/^\///;
654:
655: # Free bre access to adm resources
656:
657: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
658: return 'F';
659: }
660:
661: # Gather priviledges over system and domain
662:
663: my $thisallowed='';
664: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
665: $thisallowed.=$1;
666: }
667: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
668: $thisallowed.=$1;
669: }
670:
671: # Full access at system or domain level? Exit.
672:
673: if ($thisallowed=~/F/) {
674: return 'F';
675: }
676:
677: # The user does not have full access at system or domain level
678: # Course level access control
679:
680: # uri itself refering to a course?
681:
682: if ($uri=~/\.course$/) {
683: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
684: $thisallowed.=$1;
685: }
686: # Full access on course level? Exit.
687: if ($thisallowed=~/F/) {
688: return 'F';
689: }
690:
691: # uri is refering to an individual resource; user needs to be in a course
692:
693: } else {
694:
695: unless(defined($ENV{'request.course.id'})) {
696: return '1';
697: }
698:
699: # Get access priviledges for course
700:
701: if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) {
702: $thisallowed.=$1;
703: }
704:
705: # See if resource or referer is part of this course
706:
707: my @uriparts=split(/\//,$uri);
708: my $urifile=$uriparts[$#uriparts];
709: $urifile=~/\.(\w+)$/;
710: my $uritype=$1;
711: $#uriparts--;
712: my $uripath=join('/',@uriparts);
713: my $uricond=-1;
714: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
715: /\&$urifile\:(\d+)\&/) {
716: $uricond=$1;
717: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
718: my $refuri=$ENV{'HTTP_REFERER'};
719: $refuri=~s/^\/res//;
720: $refuri=~s/^\///;
721: @uriparts=split(/\//,$refuri);
722: $urifile=$uriparts[$#uriparts];
723: $#uriparts--;
724: $uripath=join('/',@uriparts);
725: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
726: /\&$urifile\:(\d+)\&/) {
727: $uricond=$1;
728: }
729: }
730:
731: if ($uricond>=0) {
732:
733: # The resource is part of the course
734: # If user had full access on course level, go ahead
735:
736: if ($thisallowed=~/F/) {
737: return 'F';
738: }
739:
740: # Restricted by state?
741:
742: if ($thisallowed=~/X/) {
743: if (&condval($uricond)>1) {
744: return '2';
745: } else {
746: return '';
747: }
748: }
749: }
750: }
751: return $thisallowed;
752: }
753:
754: # ---------------------------------------------------------- Refresh State Info
755:
756: sub refreshstate {
757: }
758:
759: # ----------------------------------------------------------------- Define Role
760:
761: sub definerole {
762: if (allowed('mcr','/')) {
763: my ($rolename,$sysrole,$domrole,$courole)=@_;
764: map {
765: my ($crole,$cqual)=split(/\&/,$_);
766: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
767: if ($pr{'cr:s'}=~/$crole\&/) {
768: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
769: return "refused:s:$crole&$cqual";
770: }
771: }
772: } split('/',$sysrole);
773: map {
774: my ($crole,$cqual)=split(/\&/,$_);
775: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
776: if ($pr{'cr:d'}=~/$crole\&/) {
777: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
778: return "refused:d:$crole&$cqual";
779: }
780: }
781: } split('/',$domrole);
782: map {
783: my ($crole,$cqual)=split(/\&/,$_);
784: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
785: if ($pr{'cr:c'}=~/$crole\&/) {
786: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
787: return "refused:c:$crole&$cqual";
788: }
789: }
790: } split('/',$courole);
791: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
792: "$ENV{'user.domain'}:$ENV{'user.name'}:".
793: "rolesdef_$rolename=".
794: escape($sysrole.'_'.$domrole.'_'.$courole);
795: return reply($command,$ENV{'user.home'});
796: } else {
797: return 'refused';
798: }
799: }
800:
801: # ------------------------------------------------------------------ Plain Text
802:
803: sub plaintext {
804: my $short=shift;
805: return $prp{$short};
806: }
807:
808: # ------------------------------------------------------------------ Plain Text
809:
810: sub fileembstyle {
811: my $ending=shift;
812: return $fe{$ending};
813: }
814:
815: # ------------------------------------------------------------ Description Text
816:
817: sub filedecription {
818: my $ending=shift;
819: return $fd{$ending};
820: }
821:
822: # ----------------------------------------------------------------- Assign Role
823:
824: sub assignrole {
825: my ($udom,$uname,$url,$role,$end,$start)=@_;
826: my $mrole;
827: $url=declutter($url);
828: if ($role =~ /^cr\//) {
829: unless ($url=~/\.course$/) { return 'invalid'; }
830: unless (allowed('ccr',$url)) { return 'refused'; }
831: $mrole='cr';
832: } else {
833: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
834: unless (allowed('c'+$role)) { return 'refused'; }
835: $mrole=$role;
836: }
837: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
838: "$udom:$uname:$url".'_'."$mrole=$role";
839: if ($end) { $command.='_$end'; }
840: if ($start) {
841: if ($end) {
842: $command.='_$start';
843: } else {
844: $command.='_0_$start';
845: }
846: }
847: return &reply($command,&homeserver($uname,$udom));
848: }
849:
850: # ---------------------------------------------------------- Assign Custom Role
851:
852: sub assigncustomrole {
853: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
854: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
855: $end,$start);
856: }
857:
858: # ----------------------------------------------------------------- Revoke Role
859:
860: sub revokerole {
861: my ($udom,$uname,$url,$role)=@_;
862: my $now=time;
863: return &assignrole($udom,$uname,$url,$role,$now);
864: }
865:
866: # ---------------------------------------------------------- Revoke Custom Role
867:
868: sub revokecustomrole {
869: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
870: my $now=time;
871: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
872: }
873:
874: # ------------------------------------------------------------ Directory lister
875:
876: sub dirlist {
877: my $uri=shift;
878: $uri=~s/^\///;
879: $uri=~s/\/$//;
880: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
881: if ($udom) {
882: if ($uname) {
883: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
884: homeserver($uname,$udom));
885: return split(/:/,$listing);
886: } else {
887: my $tryserver;
888: my %allusers=();
889: foreach $tryserver (keys %libserv) {
890: if ($hostdom{$tryserver} eq $udom) {
891: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
892: $tryserver);
893: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
894: && ($listing ne 'con_lost')) {
895: map {
896: my ($entry,@stat)=split(/&/,$_);
897: $allusers{$entry}=1;
898: } split(/:/,$listing);
899: }
900: }
901: }
902: my $alluserstr='';
903: map {
904: $alluserstr.=$_.'&user:';
905: } sort keys %allusers;
906: $alluserstr=~s/:$//;
907: return split(/:/,$alluserstr);
908: }
909: } else {
910: my $tryserver;
911: my %alldom=();
912: foreach $tryserver (keys %libserv) {
913: $alldom{$hostdom{$tryserver}}=1;
914: }
915: my $alldomstr='';
916: map {
917: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
918: } sort keys %alldom;
919: $alldomstr=~s/:$//;
920: return split(/:/,$alldomstr);
921: }
922: }
923:
924: # -------------------------------------------------------- Value of a Condition
925:
926: sub condval {
927: my $condidx=shift;
928: my $result=0;
929: if ($ENV{'request.course.id'}) {
930: if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) {
931: my $operand='|';
932: my @stack;
933: map {
934: if ($_ eq '(') {
935: push @stack,($operand,$result)
936: } elsif ($_ eq ')') {
937: my $before=pop @stack;
938: if (pop @stack eq '&') {
939: $result=$result>$before?$before:$result;
940: } else {
941: $result=$result>$before?$result:$before;
942: }
943: } elsif (($_ eq '&') || ($_ eq '|')) {
944: $operand=$_;
945: } else {
946: my $new=
947: substr($ENV{'user.state.'.$ENV{'request.course.id'}},$_,1);
948: if ($operand eq '&') {
949: $result=$result>$new?$new:$result;
950: } else {
951: $result=$result>$new?$result:$new;
952: }
953: }
954: } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~
955: /(\d+|\(|\)|\&|\|)/g);
956: }
957: }
958: return $result;
959: }
960:
961: # --------------------------------------------------------- Value of a Variable
962:
963: sub varval {
964: my ($realm,$space,@components)=split(/\./,shift);
965: my $value='';
966: if ($realm eq 'user') {
967: if ($space=~/^resource/) {
968: $space=~s/^resource\[//;
969: $space=~s/\]$//;
970:
971: } else {
972: }
973: } elsif ($realm eq 'course') {
974: } elsif ($realm eq 'session') {
975: } elsif ($realm eq 'system') {
976: }
977: return $value;
978: }
979:
980: # ------------------------------------------------- Update symbolic store links
981:
982: sub symblist {
983: my ($mapname,%newhash)=@_;
984: $mapname=declutter($mapname);
985: my %hash;
986: if (($ENV{'request.course.fn'}) && (%newhash)) {
987: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
988: &GDBM_WRCREAT,0640)) {
989: map {
990: $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
991: } keys %newhash;
992: if (untie(%hash)) {
993: return 'ok';
994: }
995: }
996: }
997: return 'error';
998: }
999:
1000: # ------------------------------------------------------ Return symb list entry
1001:
1002: sub symbread {
1003: my %hash;
1004: my $syval;
1005: if (($ENV{'request.course.fn'}) && ($ENV{'request.filename'})) {
1006: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1007: &GDBM_READER,0640)) {
1008: my $thisfn=declutter($ENV{'request.filename'});
1009: $syval=$hash{$thisfn};
1010: if (untie(%hash)) {
1011: unless ($syval=~/\_\d+$/) {
1012: unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
1013: return '';
1014: }
1015: $syval.=$1;
1016: }
1017: $syval.='___'.$thisfn;
1018: return $syval;
1019: }
1020: }
1021: }
1022: return '';
1023: }
1024:
1025: # ---------------------------------------------------------- Return random seed
1026:
1027: sub numval {
1028: my $txt=shift;
1029: $txt=~tr/A-J/0-9/;
1030: $txt=~tr/a-j/0-9/;
1031: $txt=~tr/K-T/0-9/;
1032: $txt=~tr/k-t/0-9/;
1033: $txt=~tr/U-Z/0-5/;
1034: $txt=~tr/u-z/0-5/;
1035: $txt=~s/\D//g;
1036: return int($txt);
1037: }
1038:
1039: sub rndseed {
1040: my $symb;
1041: unless ($symb=&symbread()) { return ''; }
1042: my $symbchck=unpack("%32C*",$symb);
1043: my $symbseed=numval($symb)%$symbchck;
1044: my $namechck=unpack("%32C*",$ENV{'user.name'});
1045: my $nameseed=numval($ENV{'user.name'})%$namechck;
1046: return int( $symbseed
1047: .$nameseed
1048: .unpack("%32C*",$ENV{'user.domain'})
1049: .unpack("%32C*",$ENV{'request.course.id'})
1050: .$namechck
1051: .$symbchck);
1052: }
1053:
1054: # ------------------------------------------------------------- Declutters URLs
1055:
1056: sub declutter {
1057: my $thisfn=shift;
1058: $thisfn=~s/^$perlvar{'lonDocRoot'}//;
1059: $thisfn=~s/^\///;
1060: $thisfn=~s/^res\///;
1061: return $thisfn;
1062: }
1063:
1064: # -------------------------------------------------------- Escape Special Chars
1065:
1066: sub escape {
1067: my $str=shift;
1068: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
1069: return $str;
1070: }
1071:
1072: # ----------------------------------------------------- Un-Escape Special Chars
1073:
1074: sub unescape {
1075: my $str=shift;
1076: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1077: return $str;
1078: }
1079:
1080: # ================================================================ Main Program
1081:
1082: sub BEGIN {
1083: if ($readit ne 'done') {
1084: # ------------------------------------------------------------ Read access.conf
1085: {
1086: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
1087:
1088: while (my $configline=<$config>) {
1089: if ($configline =~ /PerlSetVar/) {
1090: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1091: chomp($varvalue);
1092: $perlvar{$varname}=$varvalue;
1093: }
1094: }
1095: }
1096:
1097: # ------------------------------------------------------------- Read hosts file
1098: {
1099: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
1100:
1101: while (my $configline=<$config>) {
1102: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
1103: $hostname{$id}=$name;
1104: $hostdom{$id}=$domain;
1105: if ($role eq 'library') { $libserv{$id}=$name; }
1106: }
1107: }
1108:
1109: # ------------------------------------------------------ Read spare server file
1110: {
1111: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
1112:
1113: while (my $configline=<$config>) {
1114: chomp($configline);
1115: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
1116: $spareid{$configline}=1;
1117: }
1118: }
1119: }
1120: # ------------------------------------------------------------ Read permissions
1121: {
1122: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
1123:
1124: while (my $configline=<$config>) {
1125: chomp($configline);
1126: my ($role,$perm)=split(/ /,$configline);
1127: if ($perm ne '') { $pr{$role}=$perm; }
1128: }
1129: }
1130:
1131: # -------------------------------------------- Read plain texts for permissions
1132: {
1133: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
1134:
1135: while (my $configline=<$config>) {
1136: chomp($configline);
1137: my ($short,$plain)=split(/:/,$configline);
1138: if ($plain ne '') { $prp{$short}=$plain; }
1139: }
1140: }
1141:
1142: # ------------------------------------------------------------- Read file types
1143: {
1144: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
1145:
1146: while (my $configline=<$config>) {
1147: chomp($configline);
1148: my ($ending,$emb,@descr)=split(/\s+/,$configline);
1149: if ($descr[0] ne '') {
1150: $fe{$ending}=$emb;
1151: $fd{$ending}=join(' ',@descr);
1152: }
1153: }
1154: }
1155:
1156:
1157: $readit='done';
1158: &logthis('<font color=yellow>INFO: Read configuration</font>');
1159: }
1160: }
1161: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl