1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
9: # allowed(short,url) : returns codes for allowed actions
10: # F: full access
11: # U,I,K: authentication modes (cxx only)
12: # '': forbidden
13: # 1: user needs to choose course
14: # 2: browse allowed
15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
26: # appenv(hash) : adds hash to session environment
27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
31: # del(namesp,array) : deletes keys out of arry from namesp
32: # put(namesp,hash) : stores hash in namesp
33: # dump(namesp) : dumps the complete namespace into a hash
34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
36: # coursedescription(id) : returns and caches course description for id
37: # repcopy(filename) : replicate file
38: # dirlist(url) : gets a directory listing
39: # condval(index) : value of condition index based on state
40: # varval(name) : value of a variable
41: # refreshstate() : refresh the state information string
42: # symblist(map,hash) : Updates symbolic storage links
43: # rndseed() : returns a random seed
44: #
45: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
46: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
47: # 11/8,11/16,11/18,11/22,11/23,12/22,
48: # 01/06,01/13,02/24,02/28,02/29,
49: # 03/01,03/02,03/06,03/07,03/13,
50: # 04/05,05/29,05/31,06/01,
51: # 06/05,06/26 Gerd Kortemeyer
52: # 06/26 Ben Tyszka
53: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
54: # 08/14 Ben Tyszka
55: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30,
56: # 10/04 Gerd Kortemeyer
57:
58: package Apache::lonnet;
59:
60: use strict;
61: use Apache::File;
62: use LWP::UserAgent();
63: use HTTP::Headers;
64: use vars
65: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
66: use IO::Socket;
67: use GDBM_File;
68: use Apache::Constants qw(:common :http);
69:
70: # --------------------------------------------------------------------- Logging
71:
72: sub logthis {
73: my $message=shift;
74: my $execdir=$perlvar{'lonDaemons'};
75: my $now=time;
76: my $local=localtime($now);
77: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
78: print $fh "$local ($$): $message\n";
79: return 1;
80: }
81:
82: sub logperm {
83: my $message=shift;
84: my $execdir=$perlvar{'lonDaemons'};
85: my $now=time;
86: my $local=localtime($now);
87: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
88: print $fh "$now:$message:$local\n";
89: return 1;
90: }
91:
92: # -------------------------------------------------- Non-critical communication
93: sub subreply {
94: my ($cmd,$server)=@_;
95: my $peerfile="$perlvar{'lonSockDir'}/$server";
96: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
97: Type => SOCK_STREAM,
98: Timeout => 10)
99: or return "con_lost";
100: print $client "$cmd\n";
101: my $answer=<$client>;
102: if (!$answer) { $answer="con_lost"; }
103: chomp($answer);
104: return $answer;
105: }
106:
107: sub reply {
108: my ($cmd,$server)=@_;
109: my $answer=subreply($cmd,$server);
110: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
111: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
112: ($answer=~/^rejected/)) {
113: &logthis("<font color=blue>WARNING:".
114: " $cmd to $server returned $answer</font>");
115: }
116: return $answer;
117: }
118:
119: # ----------------------------------------------------------- Send USR1 to lonc
120:
121: sub reconlonc {
122: my $peerfile=shift;
123: &logthis("Trying to reconnect for $peerfile");
124: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
125: if (my $fh=Apache::File->new("$loncfile")) {
126: my $loncpid=<$fh>;
127: chomp($loncpid);
128: if (kill 0 => $loncpid) {
129: &logthis("lonc at pid $loncpid responding, sending USR1");
130: kill USR1 => $loncpid;
131: sleep 1;
132: if (-e "$peerfile") { return; }
133: &logthis("$peerfile still not there, give it another try");
134: sleep 5;
135: if (-e "$peerfile") { return; }
136: &logthis(
137: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
138: } else {
139: &logthis(
140: "<font color=blue>WARNING:".
141: " lonc at pid $loncpid not responding, giving up</font>");
142: }
143: } else {
144: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
145: }
146: }
147:
148: # ------------------------------------------------------ Critical communication
149:
150: sub critical {
151: my ($cmd,$server)=@_;
152: my $answer=reply($cmd,$server);
153: if ($answer eq 'con_lost') {
154: my $pingreply=reply('ping',$server);
155: &reconlonc("$perlvar{'lonSockDir'}/$server");
156: my $pongreply=reply('pong',$server);
157: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
158: $answer=reply($cmd,$server);
159: if ($answer eq 'con_lost') {
160: my $now=time;
161: my $middlename=$cmd;
162: $middlename=substr($middlename,0,16);
163: $middlename=~s/\W//g;
164: my $dfilename=
165: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
166: {
167: my $dfh;
168: if ($dfh=Apache::File->new(">$dfilename")) {
169: print $dfh "$cmd\n";
170: }
171: }
172: sleep 2;
173: my $wcmd='';
174: {
175: my $dfh;
176: if ($dfh=Apache::File->new("$dfilename")) {
177: $wcmd=<$dfh>;
178: }
179: }
180: chomp($wcmd);
181: if ($wcmd eq $cmd) {
182: &logthis("<font color=blue>WARNING: ".
183: "Connection buffer $dfilename: $cmd</font>");
184: &logperm("D:$server:$cmd");
185: return 'con_delayed';
186: } else {
187: &logthis("<font color=red>CRITICAL:"
188: ." Critical connection failed: $server $cmd</font>");
189: &logperm("F:$server:$cmd");
190: return 'con_failed';
191: }
192: }
193: }
194: return $answer;
195: }
196:
197: # ---------------------------------------------------------- Append Environment
198:
199: sub appenv {
200: my %newenv=@_;
201: map {
202: if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) {
203: &logthis("<font color=blue>WARNING: ".
204: "Attempt to modify environment ".$_." to ".$newenv{$_});
205: delete($newenv{$_});
206: } else {
207: $ENV{$_}=$newenv{$_};
208: }
209: } keys %newenv;
210: my @oldenv;
211: {
212: my $fh;
213: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
214: return 'error';
215: }
216: @oldenv=<$fh>;
217: }
218: for (my $i=0; $i<=$#oldenv; $i++) {
219: chomp($oldenv[$i]);
220: if ($oldenv[$i] ne '') {
221: my ($name,$value)=split(/=/,$oldenv[$i]);
222: unless (defined($newenv{$name})) {
223: $newenv{$name}=$value;
224: }
225: }
226: }
227: {
228: my $fh;
229: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
230: return 'error';
231: }
232: my $newname;
233: foreach $newname (keys %newenv) {
234: print $fh "$newname=$newenv{$newname}\n";
235: }
236: }
237: return 'ok';
238: }
239:
240: # ------------------------------ Find server with least workload from spare.tab
241:
242: sub spareserver {
243: my $tryserver;
244: my $spareserver='';
245: my $lowestserver=100;
246: foreach $tryserver (keys %spareid) {
247: my $answer=reply('load',$tryserver);
248: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
249: $spareserver="http://$hostname{$tryserver}";
250: $lowestserver=$answer;
251: }
252: }
253: return $spareserver;
254: }
255:
256: # --------- Try to authenticate user from domain's lib servers (first this one)
257:
258: sub authenticate {
259: my ($uname,$upass,$udom)=@_;
260: $upass=escape($upass);
261: if (($perlvar{'lonRole'} eq 'library') &&
262: ($udom eq $perlvar{'lonDefDomain'})) {
263: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
264: if ($answer =~ /authorized/) {
265: if ($answer eq 'authorized') {
266: &logthis("User $uname at $udom authorized by local server");
267: return $perlvar{'lonHostID'};
268: }
269: if ($answer eq 'non_authorized') {
270: &logthis("User $uname at $udom rejected by local server");
271: return 'no_host';
272: }
273: }
274: }
275:
276: my $tryserver;
277: foreach $tryserver (keys %libserv) {
278: if ($hostdom{$tryserver} eq $udom) {
279: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
280: if ($answer =~ /authorized/) {
281: if ($answer eq 'authorized') {
282: &logthis("User $uname at $udom authorized by $tryserver");
283: return $tryserver;
284: }
285: if ($answer eq 'non_authorized') {
286: &logthis("User $uname at $udom rejected by $tryserver");
287: return 'no_host';
288: }
289: }
290: }
291: }
292: &logthis("User $uname at $udom could not be authenticated");
293: return 'no_host';
294: }
295:
296: # ---------------------- Find the homebase for a user from domain's lib servers
297:
298: sub homeserver {
299: my ($uname,$udom)=@_;
300:
301: my $index="$uname:$udom";
302: if ($homecache{$index}) { return "$homecache{$index}"; }
303:
304: my $tryserver;
305: foreach $tryserver (keys %libserv) {
306: if ($hostdom{$tryserver} eq $udom) {
307: my $answer=reply("home:$udom:$uname",$tryserver);
308: if ($answer eq 'found') {
309: $homecache{$index}=$tryserver;
310: return $tryserver;
311: }
312: }
313: }
314: return 'no_host';
315: }
316:
317: # ----------------------------- Subscribe to a resource, return URL if possible
318:
319: sub subscribe {
320: my $fname=shift;
321: my $author=$fname;
322: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
323: my ($udom,$uname)=split(/\//,$author);
324: my $home=homeserver($uname,$udom);
325: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
326: return 'not_found';
327: }
328: my $answer=reply("sub:$fname",$home);
329: return $answer;
330: }
331:
332: # -------------------------------------------------------------- Replicate file
333:
334: sub repcopy {
335: my $filename=shift;
336: $filename=~s/\/+/\//g;
337: my $transname="$filename.in.transfer";
338: if ((-e $filename) || (-e $transname)) { return OK; }
339: my $remoteurl=subscribe($filename);
340: if ($remoteurl eq 'con_lost') {
341: &logthis("Subscribe returned con_lost: $filename");
342: return HTTP_SERVICE_UNAVAILABLE;
343: } elsif ($remoteurl eq 'not_found') {
344: &logthis("Subscribe returned not_found: $filename");
345: return HTTP_NOT_FOUND;
346: } elsif ($remoteurl eq 'rejected') {
347: &logthis("Subscribe returned rejected: $filename");
348: return FORBIDDEN;
349: } elsif ($remoteurl eq 'directory') {
350: return OK;
351: } else {
352: my @parts=split(/\//,$filename);
353: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
354: if ($path ne "$perlvar{'lonDocRoot'}/res") {
355: &logthis("Malconfiguration for replication: $filename");
356: return HTTP_BAD_REQUEST;
357: }
358: my $count;
359: for ($count=5;$count<$#parts;$count++) {
360: $path.="/$parts[$count]";
361: if ((-e $path)!=1) {
362: mkdir($path,0777);
363: }
364: }
365: my $ua=new LWP::UserAgent;
366: my $request=new HTTP::Request('GET',"$remoteurl");
367: my $response=$ua->request($request,$transname);
368: if ($response->is_error()) {
369: unlink($transname);
370: my $message=$response->status_line;
371: &logthis("<font color=blue>WARNING:"
372: ." LWP get: $message: $filename</font>");
373: return HTTP_SERVICE_UNAVAILABLE;
374: } else {
375: if ($remoteurl!~/\.meta$/) {
376: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
377: my $mresponse=$ua->request($mrequest,$filename.'.meta');
378: if ($mresponse->is_error()) {
379: unlink($filename.'.meta');
380: &logthis(
381: "<font color=yellow>INFO: No metadata: $filename</font>");
382: }
383: }
384: rename($transname,$filename);
385: return OK;
386: }
387: }
388: }
389:
390: # --------------------------------------------------------- Server Side Include
391:
392: sub ssi {
393:
394: my ($fn,%form)=@_;
395:
396: my $ua=new LWP::UserAgent;
397:
398: my $request;
399:
400: if (%form) {
401: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
402: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
403: } else {
404: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
405: }
406:
407: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
408: my $response=$ua->request($request);
409:
410: return $response->content;
411: }
412:
413: # ------------------------------------------------------------------------- Log
414:
415: sub log {
416: my ($dom,$nam,$hom,$what)=@_;
417: return reply("log:$dom:$nam:$what",$hom);
418: }
419:
420: # ----------------------------------------------------------------------- Store
421:
422: sub store {
423: my %storehash=@_;
424: my $symb;
425: unless ($symb=escape(&symbread())) { return ''; }
426: my $namespace;
427: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
428: my $namevalue='';
429: map {
430: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
431: } keys %storehash;
432: $namevalue=~s/\&$//;
433: return reply(
434: "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue",
435: "$ENV{'user.home'}");
436: }
437:
438: # --------------------------------------------------------------------- Restore
439:
440: sub restore {
441: my $symb;
442: unless ($symb=escape(&symbread())) { return ''; }
443: my $namespace;
444: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
445: my $answer=reply(
446: "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb",
447: "$ENV{'user.home'}");
448: my %returnhash=();
449: map {
450: my ($name,$value)=split(/\=/,$_);
451: $returnhash{&unescape($name)}=&unescape($value);
452: } split(/\&/,$answer);
453: map {
454: $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_};
455: } split(/\:/,$returnhash{$returnhash{'version'}.':keys'});
456: return %returnhash;
457: }
458:
459: # ---------------------------------------------------------- Course Description
460:
461: sub coursedescription {
462: my $courseid=shift;
463: $courseid=~s/^\///;
464: my ($cdomain,$cnum)=split(/\//,$courseid);
465: my $chome=homeserver($cnum,$cdomain);
466: if ($chome ne 'no_host') {
467: my $rep=reply("dump:$cdomain:$cnum:environment",$chome);
468: if ($rep ne 'con_lost') {
469: my %cachehash=();
470: my %returnhash=('home' => $chome,
471: 'domain' => $cdomain,
472: 'num' => $cnum);
473: map {
474: my ($name,$value)=split(/\=/,$_);
475: $name=&unescape($name);
476: $value=&unescape($value);
477: $returnhash{$name}=$value;
478: if ($name eq 'description') {
479: $cachehash{$courseid}=$value;
480: }
481: } split(/\&/,$rep);
482: $returnhash{'url'}='/res/'.declutter($returnhash{'url'});
483: $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'.
484: $ENV{'user.name.'}.'_'.$cdomain.'_'.$cnum;
485: put ('coursedescriptions',%cachehash);
486: return %returnhash;
487: }
488: }
489: return ();
490: }
491:
492: # -------------------------------------------------------- Get user priviledges
493:
494: sub rolesinit {
495: my ($domain,$username,$authhost)=@_;
496: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
497: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
498: my %allroles=();
499: my %thesepriv=();
500: my $now=time;
501: my $userroles="user.login.time=$now\n";
502: my $thesestr;
503:
504: if ($rolesdump ne '') {
505: map {
506: if ($_!~/^rolesdef\&/) {
507: my ($area,$role)=split(/=/,$_);
508: $area=~s/\_\w\w$//;
509: my ($trole,$tend,$tstart)=split(/_/,$role);
510: $userroles.='user.role.'.$trole.'.'.$area.'='.
511: $tstart.'.'.$tend."\n";
512: if ($tend!=0) {
513: if ($tend<$now) {
514: $trole='';
515: }
516: }
517: if ($tstart!=0) {
518: if ($tstart>$now) {
519: $trole='';
520: }
521: }
522: if (($area ne '') && ($trole ne '')) {
523: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
524: if ($trole =~ /^cr\//) {
525: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
526: my $homsvr=homeserver($rauthor,$rdomain);
527: if ($hostname{$homsvr} ne '') {
528: my $roledef=
529: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
530: $homsvr);
531: if (($roledef ne 'con_lost') && ($roledef ne '')) {
532: my ($syspriv,$dompriv,$coursepriv)=
533: split(/\_/,unescape($roledef));
534: $allroles{'/'}.=':'.$syspriv;
535: if ($tdomain ne '') {
536: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
537: if ($trest ne '') {
538: $allroles{$area}.=':'.$coursepriv;
539: }
540: }
541: }
542: }
543: } else {
544: $allroles{'/'}.=':'.$pr{$trole.':s'};
545: if ($tdomain ne '') {
546: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
547: if ($trest ne '') {
548: $allroles{$area}.=':'.$pr{$trole.':c'};
549: }
550: }
551: }
552: }
553: }
554: } split(/&/,$rolesdump);
555: map {
556: %thesepriv=();
557: map {
558: if ($_ ne '') {
559: my ($priviledge,$restrictions)=split(/&/,$_);
560: if ($restrictions eq '') {
561: $thesepriv{$priviledge}='F';
562: } else {
563: if ($thesepriv{$priviledge} ne 'F') {
564: $thesepriv{$priviledge}.=$restrictions;
565: }
566: }
567: }
568: } split(/:/,$allroles{$_});
569: $thesestr='';
570: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
571: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
572: } keys %allroles;
573: }
574: return $userroles;
575: }
576:
577: # --------------------------------------------------------------- get interface
578:
579: sub get {
580: my ($namespace,@storearr)=@_;
581: my $items='';
582: map {
583: $items.=escape($_).'&';
584: } @storearr;
585: $items=~s/\&$//;
586: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
587: $ENV{'user.home'});
588: my @pairs=split(/\&/,$rep);
589: my %returnhash=();
590: map {
591: my ($key,$value)=split(/=/,$_);
592: $returnhash{unescape($key)}=unescape($value);
593: } @pairs;
594: return %returnhash;
595: }
596:
597: # --------------------------------------------------------------- del interface
598:
599: sub del {
600: my ($namespace,@storearr)=@_;
601: my $items='';
602: map {
603: $items.=escape($_).'&';
604: } @storearr;
605: $items=~s/\&$//;
606: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
607: $ENV{'user.home'});
608: }
609:
610: # -------------------------------------------------------------- dump interface
611:
612: sub dump {
613: my $namespace=shift;
614: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
615: $ENV{'user.home'});
616: my @pairs=split(/\&/,$rep);
617: my %returnhash=();
618: map {
619: my ($key,$value)=split(/=/,$_);
620: $returnhash{unescape($key)}=unescape($value);
621: } @pairs;
622: return %returnhash;
623: }
624:
625: # --------------------------------------------------------------- put interface
626:
627: sub put {
628: my ($namespace,%storehash)=@_;
629: my $items='';
630: map {
631: $items.=escape($_).'='.escape($storehash{$_}).'&';
632: } keys %storehash;
633: $items=~s/\&$//;
634: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
635: $ENV{'user.home'});
636: }
637:
638: # -------------------------------------------------------------- eget interface
639:
640: sub eget {
641: my ($namespace,@storearr)=@_;
642: my $items='';
643: map {
644: $items.=escape($_).'&';
645: } @storearr;
646: $items=~s/\&$//;
647: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
648: $ENV{'user.home'});
649: my @pairs=split(/\&/,$rep);
650: my %returnhash=();
651: map {
652: my ($key,$value)=split(/=/,$_);
653: $returnhash{unescape($key)}=unescape($value);
654: } @pairs;
655: return %returnhash;
656: }
657:
658: # ------------------------------------------------- Check for a user priviledge
659:
660: sub allowed {
661: my ($priv,$uri)=@_;
662: $uri=~s/^\/res//;
663: $uri=~s/^\///;
664:
665: # Free bre access to adm resources
666:
667: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
668: return 'F';
669: }
670:
671: # Gather priviledges over system and domain
672:
673: my $thisallowed='';
674: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
675: $thisallowed.=$1;
676: }
677: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
678: $thisallowed.=$1;
679: }
680:
681: # Full access at system or domain level? Exit.
682:
683: if ($thisallowed=~/F/) {
684: return 'F';
685: }
686:
687: # The user does not have full access at system or domain level
688: # Course level access control
689:
690: # uri itself refering to a course?
691:
692: if ($uri=~/\.course$/) {
693: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
694: $thisallowed.=$1;
695: }
696: # Full access on course level? Exit.
697: if ($thisallowed=~/F/) {
698: return 'F';
699: }
700:
701: # uri is refering to an individual resource; user needs to be in a course
702:
703: } else {
704:
705: unless(defined($ENV{'request.course.id'})) {
706: return '1';
707: }
708:
709: # Get access priviledges for course
710:
711: if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) {
712: $thisallowed.=$1;
713: }
714:
715: # See if resource or referer is part of this course
716:
717: my @uriparts=split(/\//,$uri);
718: my $urifile=$uriparts[$#uriparts];
719: $urifile=~/\.(\w+)$/;
720: my $uritype=$1;
721: $#uriparts--;
722: my $uripath=join('/',@uriparts);
723: my $uricond=-1;
724: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
725: /\&$urifile\:(\d+)\&/) {
726: $uricond=$1;
727: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
728: my $refuri=$ENV{'HTTP_REFERER'};
729: $refuri=~s/^\/res//;
730: $refuri=~s/^\///;
731: @uriparts=split(/\//,$refuri);
732: $urifile=$uriparts[$#uriparts];
733: $#uriparts--;
734: $uripath=join('/',@uriparts);
735: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
736: /\&$urifile\:(\d+)\&/) {
737: $uricond=$1;
738: }
739: }
740:
741: if ($uricond>=0) {
742:
743: # The resource is part of the course
744: # If user had full access on course level, go ahead
745:
746: if ($thisallowed=~/F/) {
747: return 'F';
748: }
749:
750: # Restricted by state?
751:
752: if ($thisallowed=~/X/) {
753: if (&condval($uricond)>1) {
754: return '2';
755: } else {
756: return '';
757: }
758: }
759: }
760: }
761: return $thisallowed;
762: }
763:
764: # ---------------------------------------------------------- Refresh State Info
765:
766: sub refreshstate {
767: }
768:
769: # ----------------------------------------------------------------- Define Role
770:
771: sub definerole {
772: if (allowed('mcr','/')) {
773: my ($rolename,$sysrole,$domrole,$courole)=@_;
774: map {
775: my ($crole,$cqual)=split(/\&/,$_);
776: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
777: if ($pr{'cr:s'}=~/$crole\&/) {
778: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
779: return "refused:s:$crole&$cqual";
780: }
781: }
782: } split('/',$sysrole);
783: map {
784: my ($crole,$cqual)=split(/\&/,$_);
785: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
786: if ($pr{'cr:d'}=~/$crole\&/) {
787: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
788: return "refused:d:$crole&$cqual";
789: }
790: }
791: } split('/',$domrole);
792: map {
793: my ($crole,$cqual)=split(/\&/,$_);
794: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
795: if ($pr{'cr:c'}=~/$crole\&/) {
796: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
797: return "refused:c:$crole&$cqual";
798: }
799: }
800: } split('/',$courole);
801: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
802: "$ENV{'user.domain'}:$ENV{'user.name'}:".
803: "rolesdef_$rolename=".
804: escape($sysrole.'_'.$domrole.'_'.$courole);
805: return reply($command,$ENV{'user.home'});
806: } else {
807: return 'refused';
808: }
809: }
810:
811: # ------------------------------------------------------------------ Plain Text
812:
813: sub plaintext {
814: my $short=shift;
815: return $prp{$short};
816: }
817:
818: # ------------------------------------------------------------------ Plain Text
819:
820: sub fileembstyle {
821: my $ending=shift;
822: return $fe{$ending};
823: }
824:
825: # ------------------------------------------------------------ Description Text
826:
827: sub filedecription {
828: my $ending=shift;
829: return $fd{$ending};
830: }
831:
832: # ----------------------------------------------------------------- Assign Role
833:
834: sub assignrole {
835: my ($udom,$uname,$url,$role,$end,$start)=@_;
836: my $mrole;
837: $url=declutter($url);
838: if ($role =~ /^cr\//) {
839: unless ($url=~/\.course$/) { return 'invalid'; }
840: unless (allowed('ccr',$url)) { return 'refused'; }
841: $mrole='cr';
842: } else {
843: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
844: unless (allowed('c'+$role)) { return 'refused'; }
845: $mrole=$role;
846: }
847: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
848: "$udom:$uname:$url".'_'."$mrole=$role";
849: if ($end) { $command.='_$end'; }
850: if ($start) {
851: if ($end) {
852: $command.='_$start';
853: } else {
854: $command.='_0_$start';
855: }
856: }
857: return &reply($command,&homeserver($uname,$udom));
858: }
859:
860: # ---------------------------------------------------------- Assign Custom Role
861:
862: sub assigncustomrole {
863: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
864: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
865: $end,$start);
866: }
867:
868: # ----------------------------------------------------------------- Revoke Role
869:
870: sub revokerole {
871: my ($udom,$uname,$url,$role)=@_;
872: my $now=time;
873: return &assignrole($udom,$uname,$url,$role,$now);
874: }
875:
876: # ---------------------------------------------------------- Revoke Custom Role
877:
878: sub revokecustomrole {
879: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
880: my $now=time;
881: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
882: }
883:
884: # ------------------------------------------------------------ Directory lister
885:
886: sub dirlist {
887: my $uri=shift;
888: $uri=~s/^\///;
889: $uri=~s/\/$//;
890: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
891: if ($udom) {
892: if ($uname) {
893: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
894: homeserver($uname,$udom));
895: return split(/:/,$listing);
896: } else {
897: my $tryserver;
898: my %allusers=();
899: foreach $tryserver (keys %libserv) {
900: if ($hostdom{$tryserver} eq $udom) {
901: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
902: $tryserver);
903: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
904: && ($listing ne 'con_lost')) {
905: map {
906: my ($entry,@stat)=split(/&/,$_);
907: $allusers{$entry}=1;
908: } split(/:/,$listing);
909: }
910: }
911: }
912: my $alluserstr='';
913: map {
914: $alluserstr.=$_.'&user:';
915: } sort keys %allusers;
916: $alluserstr=~s/:$//;
917: return split(/:/,$alluserstr);
918: }
919: } else {
920: my $tryserver;
921: my %alldom=();
922: foreach $tryserver (keys %libserv) {
923: $alldom{$hostdom{$tryserver}}=1;
924: }
925: my $alldomstr='';
926: map {
927: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
928: } sort keys %alldom;
929: $alldomstr=~s/:$//;
930: return split(/:/,$alldomstr);
931: }
932: }
933:
934: # -------------------------------------------------------- Value of a Condition
935:
936: sub condval {
937: my $condidx=shift;
938: my $result=0;
939: if ($ENV{'request.course.id'}) {
940: if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) {
941: my $operand='|';
942: my @stack;
943: map {
944: if ($_ eq '(') {
945: push @stack,($operand,$result)
946: } elsif ($_ eq ')') {
947: my $before=pop @stack;
948: if (pop @stack eq '&') {
949: $result=$result>$before?$before:$result;
950: } else {
951: $result=$result>$before?$result:$before;
952: }
953: } elsif (($_ eq '&') || ($_ eq '|')) {
954: $operand=$_;
955: } else {
956: my $new=
957: substr($ENV{'user.state.'.$ENV{'request.course.id'}},$_,1);
958: if ($operand eq '&') {
959: $result=$result>$new?$new:$result;
960: } else {
961: $result=$result>$new?$result:$new;
962: }
963: }
964: } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~
965: /(\d+|\(|\)|\&|\|)/g);
966: }
967: }
968: return $result;
969: }
970:
971: # --------------------------------------------------------- Value of a Variable
972:
973: sub varval {
974: my ($realm,$space,@components)=split(/\./,shift);
975: my $value='';
976: if ($realm eq 'user') {
977: if ($space=~/^resource/) {
978: $space=~s/^resource\[//;
979: $space=~s/\]$//;
980:
981: } else {
982: }
983: } elsif ($realm eq 'course') {
984: } elsif ($realm eq 'session') {
985: } elsif ($realm eq 'system') {
986: }
987: return $value;
988: }
989:
990: # ------------------------------------------------- Update symbolic store links
991:
992: sub symblist {
993: my ($mapname,%newhash)=@_;
994: $mapname=declutter($mapname);
995: my %hash;
996: if (($ENV{'request.course.fn'}) && (%newhash)) {
997: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
998: &GDBM_WRCREAT,0640)) {
999: map {
1000: $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
1001: } keys %newhash;
1002: if (untie(%hash)) {
1003: return 'ok';
1004: }
1005: }
1006: }
1007: return 'error';
1008: }
1009:
1010: # ------------------------------------------------------ Return symb list entry
1011:
1012: sub symbread {
1013: my %hash;
1014: my $syval;
1015: if (($ENV{'request.course.fn'}) && ($ENV{'request.filename'})) {
1016: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1017: &GDBM_READER,0640)) {
1018: my $thisfn=declutter($ENV{'request.filename'});
1019: $syval=$hash{$thisfn};
1020: if (untie(%hash)) {
1021: unless ($syval=~/\_\d+$/) {
1022: unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
1023: return '';
1024: }
1025: $syval.=$1;
1026: }
1027: $syval.='___'.$thisfn;
1028: return $syval;
1029: }
1030: }
1031: }
1032: return '';
1033: }
1034:
1035: # ---------------------------------------------------------- Return random seed
1036:
1037: sub numval {
1038: my $txt=shift;
1039: $txt=~tr/A-J/0-9/;
1040: $txt=~tr/a-j/0-9/;
1041: $txt=~tr/K-T/0-9/;
1042: $txt=~tr/k-t/0-9/;
1043: $txt=~tr/U-Z/0-5/;
1044: $txt=~tr/u-z/0-5/;
1045: $txt=~s/\D//g;
1046: return int($txt);
1047: }
1048:
1049: sub rndseed {
1050: my $symb;
1051: unless ($symb=&symbread()) { return ''; }
1052: my $symbchck=unpack("%32C*",$symb);
1053: my $symbseed=numval($symb)%$symbchck;
1054: my $namechck=unpack("%32C*",$ENV{'user.name'});
1055: my $nameseed=numval($ENV{'user.name'})%$namechck;
1056: return int( $symbseed
1057: .$nameseed
1058: .unpack("%32C*",$ENV{'user.domain'})
1059: .unpack("%32C*",$ENV{'request.course.id'})
1060: .$namechck
1061: .$symbchck);
1062: }
1063:
1064: # ------------------------------------------------------------- Declutters URLs
1065:
1066: sub declutter {
1067: my $thisfn=shift;
1068: $thisfn=~s/^$perlvar{'lonDocRoot'}//;
1069: $thisfn=~s/^\///;
1070: $thisfn=~s/^res\///;
1071: return $thisfn;
1072: }
1073:
1074: # -------------------------------------------------------- Escape Special Chars
1075:
1076: sub escape {
1077: my $str=shift;
1078: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
1079: return $str;
1080: }
1081:
1082: # ----------------------------------------------------- Un-Escape Special Chars
1083:
1084: sub unescape {
1085: my $str=shift;
1086: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1087: return $str;
1088: }
1089:
1090: # ================================================================ Main Program
1091:
1092: sub BEGIN {
1093: if ($readit ne 'done') {
1094: # ------------------------------------------------------------ Read access.conf
1095: {
1096: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
1097:
1098: while (my $configline=<$config>) {
1099: if ($configline =~ /PerlSetVar/) {
1100: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1101: chomp($varvalue);
1102: $perlvar{$varname}=$varvalue;
1103: }
1104: }
1105: }
1106:
1107: # ------------------------------------------------------------- Read hosts file
1108: {
1109: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
1110:
1111: while (my $configline=<$config>) {
1112: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
1113: $hostname{$id}=$name;
1114: $hostdom{$id}=$domain;
1115: if ($role eq 'library') { $libserv{$id}=$name; }
1116: }
1117: }
1118:
1119: # ------------------------------------------------------ Read spare server file
1120: {
1121: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
1122:
1123: while (my $configline=<$config>) {
1124: chomp($configline);
1125: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
1126: $spareid{$configline}=1;
1127: }
1128: }
1129: }
1130: # ------------------------------------------------------------ Read permissions
1131: {
1132: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
1133:
1134: while (my $configline=<$config>) {
1135: chomp($configline);
1136: my ($role,$perm)=split(/ /,$configline);
1137: if ($perm ne '') { $pr{$role}=$perm; }
1138: }
1139: }
1140:
1141: # -------------------------------------------- Read plain texts for permissions
1142: {
1143: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
1144:
1145: while (my $configline=<$config>) {
1146: chomp($configline);
1147: my ($short,$plain)=split(/:/,$configline);
1148: if ($plain ne '') { $prp{$short}=$plain; }
1149: }
1150: }
1151:
1152: # ------------------------------------------------------------- Read file types
1153: {
1154: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
1155:
1156: while (my $configline=<$config>) {
1157: chomp($configline);
1158: my ($ending,$emb,@descr)=split(/\s+/,$configline);
1159: if ($descr[0] ne '') {
1160: $fe{$ending}=$emb;
1161: $fd{$ending}=join(' ',@descr);
1162: }
1163: }
1164: }
1165:
1166:
1167: $readit='done';
1168: &logthis('<font color=yellow>INFO: Read configuration</font>');
1169: }
1170: }
1171: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl