1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
9: # allowed(short,url) : returns codes for allowed actions
10: # F: full access
11: # U,I,K: authentication modes (cxx only)
12: # '': forbidden
13: # 1: user needs to choose course
14: # 2: browse allowed
15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
26: # appenv(hash) : adds hash to session environment
27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
31: # del(namesp,array) : deletes keys out of arry from namesp
32: # put(namesp,hash) : stores hash in namesp
33: # dump(namesp) : dumps the complete namespace into a hash
34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
36: # coursedescription(id) : returns and caches course description for id
37: # repcopy(filename) : replicate file
38: # dirlist(url) : gets a directory listing
39: # condval(index) : value of condition index based on state
40: # varval(name) : value of a variable
41: # refreshstate() : refresh the state information string
42: # symblist(map,hash) : Updates symbolic storage links
43: # rndseed() : returns a random seed
44: # getfile(filename) : returns the contents of filename, or a -1 if it can't
45: # be found, replicates and subscribes to the file
46: # filelocation(dir,file) : returns a farily clean absolute reference to file
47: # from the directory dir
48: #
49: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
50: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
51: # 11/8,11/16,11/18,11/22,11/23,12/22,
52: # 01/06,01/13,02/24,02/28,02/29,
53: # 03/01,03/02,03/06,03/07,03/13,
54: # 04/05,05/29,05/31,06/01,
55: # 06/05,06/26 Gerd Kortemeyer
56: # 06/26 Ben Tyszka
57: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
58: # 08/14 Ben Tyszka
59: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer
60: # 10/04 Gerd Kortemeyer
61: # 10/04 Guy Albertelli
62:
63:
64: package Apache::lonnet;
65:
66: use strict;
67: use Apache::File;
68: use LWP::UserAgent();
69: use HTTP::Headers;
70: use vars
71: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
72: use IO::Socket;
73: use GDBM_File;
74: use Apache::Constants qw(:common :http);
75:
76: # --------------------------------------------------------------------- Logging
77:
78: sub logthis {
79: my $message=shift;
80: my $execdir=$perlvar{'lonDaemons'};
81: my $now=time;
82: my $local=localtime($now);
83: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
84: print $fh "$local ($$): $message\n";
85: return 1;
86: }
87:
88: sub logperm {
89: my $message=shift;
90: my $execdir=$perlvar{'lonDaemons'};
91: my $now=time;
92: my $local=localtime($now);
93: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
94: print $fh "$now:$message:$local\n";
95: return 1;
96: }
97:
98: # -------------------------------------------------- Non-critical communication
99: sub subreply {
100: my ($cmd,$server)=@_;
101: my $peerfile="$perlvar{'lonSockDir'}/$server";
102: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
103: Type => SOCK_STREAM,
104: Timeout => 10)
105: or return "con_lost";
106: print $client "$cmd\n";
107: my $answer=<$client>;
108: if (!$answer) { $answer="con_lost"; }
109: chomp($answer);
110: return $answer;
111: }
112:
113: sub reply {
114: my ($cmd,$server)=@_;
115: my $answer=subreply($cmd,$server);
116: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
117: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
118: ($answer=~/^rejected/)) {
119: &logthis("<font color=blue>WARNING:".
120: " $cmd to $server returned $answer</font>");
121: }
122: return $answer;
123: }
124:
125: # ----------------------------------------------------------- Send USR1 to lonc
126:
127: sub reconlonc {
128: my $peerfile=shift;
129: &logthis("Trying to reconnect for $peerfile");
130: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
131: if (my $fh=Apache::File->new("$loncfile")) {
132: my $loncpid=<$fh>;
133: chomp($loncpid);
134: if (kill 0 => $loncpid) {
135: &logthis("lonc at pid $loncpid responding, sending USR1");
136: kill USR1 => $loncpid;
137: sleep 1;
138: if (-e "$peerfile") { return; }
139: &logthis("$peerfile still not there, give it another try");
140: sleep 5;
141: if (-e "$peerfile") { return; }
142: &logthis(
143: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
144: } else {
145: &logthis(
146: "<font color=blue>WARNING:".
147: " lonc at pid $loncpid not responding, giving up</font>");
148: }
149: } else {
150: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
151: }
152: }
153:
154: # ------------------------------------------------------ Critical communication
155:
156: sub critical {
157: my ($cmd,$server)=@_;
158: my $answer=reply($cmd,$server);
159: if ($answer eq 'con_lost') {
160: my $pingreply=reply('ping',$server);
161: &reconlonc("$perlvar{'lonSockDir'}/$server");
162: my $pongreply=reply('pong',$server);
163: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
164: $answer=reply($cmd,$server);
165: if ($answer eq 'con_lost') {
166: my $now=time;
167: my $middlename=$cmd;
168: $middlename=substr($middlename,0,16);
169: $middlename=~s/\W//g;
170: my $dfilename=
171: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
172: {
173: my $dfh;
174: if ($dfh=Apache::File->new(">$dfilename")) {
175: print $dfh "$cmd\n";
176: }
177: }
178: sleep 2;
179: my $wcmd='';
180: {
181: my $dfh;
182: if ($dfh=Apache::File->new("$dfilename")) {
183: $wcmd=<$dfh>;
184: }
185: }
186: chomp($wcmd);
187: if ($wcmd eq $cmd) {
188: &logthis("<font color=blue>WARNING: ".
189: "Connection buffer $dfilename: $cmd</font>");
190: &logperm("D:$server:$cmd");
191: return 'con_delayed';
192: } else {
193: &logthis("<font color=red>CRITICAL:"
194: ." Critical connection failed: $server $cmd</font>");
195: &logperm("F:$server:$cmd");
196: return 'con_failed';
197: }
198: }
199: }
200: return $answer;
201: }
202:
203: # ---------------------------------------------------------- Append Environment
204:
205: sub appenv {
206: my %newenv=@_;
207: map {
208: if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) {
209: &logthis("<font color=blue>WARNING: ".
210: "Attempt to modify environment ".$_." to ".$newenv{$_});
211: delete($newenv{$_});
212: } else {
213: $ENV{$_}=$newenv{$_};
214: }
215: } keys %newenv;
216: my @oldenv;
217: {
218: my $fh;
219: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
220: return 'error';
221: }
222: @oldenv=<$fh>;
223: }
224: for (my $i=0; $i<=$#oldenv; $i++) {
225: chomp($oldenv[$i]);
226: if ($oldenv[$i] ne '') {
227: my ($name,$value)=split(/=/,$oldenv[$i]);
228: unless (defined($newenv{$name})) {
229: $newenv{$name}=$value;
230: }
231: }
232: }
233: {
234: my $fh;
235: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
236: return 'error';
237: }
238: my $newname;
239: foreach $newname (keys %newenv) {
240: print $fh "$newname=$newenv{$newname}\n";
241: }
242: }
243: return 'ok';
244: }
245:
246: # ------------------------------ Find server with least workload from spare.tab
247:
248: sub spareserver {
249: my $tryserver;
250: my $spareserver='';
251: my $lowestserver=100;
252: foreach $tryserver (keys %spareid) {
253: my $answer=reply('load',$tryserver);
254: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
255: $spareserver="http://$hostname{$tryserver}";
256: $lowestserver=$answer;
257: }
258: }
259: return $spareserver;
260: }
261:
262: # --------- Try to authenticate user from domain's lib servers (first this one)
263:
264: sub authenticate {
265: my ($uname,$upass,$udom)=@_;
266: $upass=escape($upass);
267: if (($perlvar{'lonRole'} eq 'library') &&
268: ($udom eq $perlvar{'lonDefDomain'})) {
269: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
270: if ($answer =~ /authorized/) {
271: if ($answer eq 'authorized') {
272: &logthis("User $uname at $udom authorized by local server");
273: return $perlvar{'lonHostID'};
274: }
275: if ($answer eq 'non_authorized') {
276: &logthis("User $uname at $udom rejected by local server");
277: return 'no_host';
278: }
279: }
280: }
281:
282: my $tryserver;
283: foreach $tryserver (keys %libserv) {
284: if ($hostdom{$tryserver} eq $udom) {
285: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
286: if ($answer =~ /authorized/) {
287: if ($answer eq 'authorized') {
288: &logthis("User $uname at $udom authorized by $tryserver");
289: return $tryserver;
290: }
291: if ($answer eq 'non_authorized') {
292: &logthis("User $uname at $udom rejected by $tryserver");
293: return 'no_host';
294: }
295: }
296: }
297: }
298: &logthis("User $uname at $udom could not be authenticated");
299: return 'no_host';
300: }
301:
302: # ---------------------- Find the homebase for a user from domain's lib servers
303:
304: sub homeserver {
305: my ($uname,$udom)=@_;
306:
307: my $index="$uname:$udom";
308: if ($homecache{$index}) { return "$homecache{$index}"; }
309:
310: my $tryserver;
311: foreach $tryserver (keys %libserv) {
312: if ($hostdom{$tryserver} eq $udom) {
313: my $answer=reply("home:$udom:$uname",$tryserver);
314: if ($answer eq 'found') {
315: $homecache{$index}=$tryserver;
316: return $tryserver;
317: }
318: }
319: }
320: return 'no_host';
321: }
322:
323: # ----------------------------- Subscribe to a resource, return URL if possible
324:
325: sub subscribe {
326: my $fname=shift;
327: my $author=$fname;
328: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
329: my ($udom,$uname)=split(/\//,$author);
330: my $home=homeserver($uname,$udom);
331: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
332: return 'not_found';
333: }
334: my $answer=reply("sub:$fname",$home);
335: return $answer;
336: }
337:
338: # -------------------------------------------------------------- Replicate file
339:
340: sub repcopy {
341: my $filename=shift;
342: $filename=~s/\/+/\//g;
343: my $transname="$filename.in.transfer";
344: if ((-e $filename) || (-e $transname)) { return OK; }
345: my $remoteurl=subscribe($filename);
346: if ($remoteurl eq 'con_lost') {
347: &logthis("Subscribe returned con_lost: $filename");
348: return HTTP_SERVICE_UNAVAILABLE;
349: } elsif ($remoteurl eq 'not_found') {
350: &logthis("Subscribe returned not_found: $filename");
351: return HTTP_NOT_FOUND;
352: } elsif ($remoteurl eq 'rejected') {
353: &logthis("Subscribe returned rejected: $filename");
354: return FORBIDDEN;
355: } elsif ($remoteurl eq 'directory') {
356: return OK;
357: } else {
358: my @parts=split(/\//,$filename);
359: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
360: if ($path ne "$perlvar{'lonDocRoot'}/res") {
361: &logthis("Malconfiguration for replication: $filename");
362: return HTTP_BAD_REQUEST;
363: }
364: my $count;
365: for ($count=5;$count<$#parts;$count++) {
366: $path.="/$parts[$count]";
367: if ((-e $path)!=1) {
368: mkdir($path,0777);
369: }
370: }
371: my $ua=new LWP::UserAgent;
372: my $request=new HTTP::Request('GET',"$remoteurl");
373: my $response=$ua->request($request,$transname);
374: if ($response->is_error()) {
375: unlink($transname);
376: my $message=$response->status_line;
377: &logthis("<font color=blue>WARNING:"
378: ." LWP get: $message: $filename</font>");
379: return HTTP_SERVICE_UNAVAILABLE;
380: } else {
381: if ($remoteurl!~/\.meta$/) {
382: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
383: my $mresponse=$ua->request($mrequest,$filename.'.meta');
384: if ($mresponse->is_error()) {
385: unlink($filename.'.meta');
386: &logthis(
387: "<font color=yellow>INFO: No metadata: $filename</font>");
388: }
389: }
390: rename($transname,$filename);
391: return OK;
392: }
393: }
394: }
395:
396: # --------------------------------------------------------- Server Side Include
397:
398: sub ssi {
399:
400: my ($fn,%form)=@_;
401:
402: my $ua=new LWP::UserAgent;
403:
404: my $request;
405:
406: if (%form) {
407: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
408: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
409: } else {
410: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
411: }
412:
413: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
414: my $response=$ua->request($request);
415:
416: return $response->content;
417: }
418:
419: # ------------------------------------------------------------------------- Log
420:
421: sub log {
422: my ($dom,$nam,$hom,$what)=@_;
423: return reply("log:$dom:$nam:$what",$hom);
424: }
425:
426: # ----------------------------------------------------------------------- Store
427:
428: sub store {
429: my %storehash=@_;
430: my $symb;
431: unless ($symb=escape(&symbread())) { return ''; }
432: my $namespace;
433: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
434: my $namevalue='';
435: map {
436: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
437: } keys %storehash;
438: $namevalue=~s/\&$//;
439: return reply(
440: "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue",
441: "$ENV{'user.home'}");
442: }
443:
444: # --------------------------------------------------------------------- Restore
445:
446: sub restore {
447: my $symb;
448: unless ($symb=escape(&symbread())) { return ''; }
449: my $namespace;
450: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
451: my $answer=reply(
452: "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb",
453: "$ENV{'user.home'}");
454: my %returnhash=();
455: map {
456: my ($name,$value)=split(/\=/,$_);
457: $returnhash{&unescape($name)}=&unescape($value);
458: } split(/\&/,$answer);
459: map {
460: $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_};
461: } split(/\:/,$returnhash{$returnhash{'version'}.':keys'});
462: return %returnhash;
463: }
464:
465: # ---------------------------------------------------------- Course Description
466:
467: sub coursedescription {
468: my $courseid=shift;
469: $courseid=~s/^\///;
470: my ($cdomain,$cnum)=split(/\//,$courseid);
471: my $chome=homeserver($cnum,$cdomain);
472: if ($chome ne 'no_host') {
473: my $rep=reply("dump:$cdomain:$cnum:environment",$chome);
474: if ($rep ne 'con_lost') {
475: my %cachehash=();
476: my %returnhash=('home' => $chome,
477: 'domain' => $cdomain,
478: 'num' => $cnum);
479: map {
480: my ($name,$value)=split(/\=/,$_);
481: $name=&unescape($name);
482: $value=&unescape($value);
483: $returnhash{$name}=$value;
484: if ($name eq 'description') {
485: $cachehash{$courseid}=$value;
486: }
487: } split(/\&/,$rep);
488: $returnhash{'url'}='/res/'.declutter($returnhash{'url'});
489: $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'.
490: $ENV{'user.name.'}.'_'.$cdomain.'_'.$cnum;
491: put ('coursedescriptions',%cachehash);
492: return %returnhash;
493: }
494: }
495: return ();
496: }
497:
498: # -------------------------------------------------------- Get user priviledges
499:
500: sub rolesinit {
501: my ($domain,$username,$authhost)=@_;
502: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
503: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
504: my %allroles=();
505: my %thesepriv=();
506: my $now=time;
507: my $userroles="user.login.time=$now\n";
508: my $thesestr;
509:
510: if ($rolesdump ne '') {
511: map {
512: if ($_!~/^rolesdef\&/) {
513: my ($area,$role)=split(/=/,$_);
514: $area=~s/\_\w\w$//;
515: my ($trole,$tend,$tstart)=split(/_/,$role);
516: $userroles.='user.role.'.$trole.'.'.$area.'='.
517: $tstart.'.'.$tend."\n";
518: if ($tend!=0) {
519: if ($tend<$now) {
520: $trole='';
521: }
522: }
523: if ($tstart!=0) {
524: if ($tstart>$now) {
525: $trole='';
526: }
527: }
528: if (($area ne '') && ($trole ne '')) {
529: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
530: if ($trole =~ /^cr\//) {
531: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
532: my $homsvr=homeserver($rauthor,$rdomain);
533: if ($hostname{$homsvr} ne '') {
534: my $roledef=
535: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
536: $homsvr);
537: if (($roledef ne 'con_lost') && ($roledef ne '')) {
538: my ($syspriv,$dompriv,$coursepriv)=
539: split(/\_/,unescape($roledef));
540: $allroles{'/'}.=':'.$syspriv;
541: if ($tdomain ne '') {
542: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
543: if ($trest ne '') {
544: $allroles{$area}.=':'.$coursepriv;
545: }
546: }
547: }
548: }
549: } else {
550: $allroles{'/'}.=':'.$pr{$trole.':s'};
551: if ($tdomain ne '') {
552: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
553: if ($trest ne '') {
554: $allroles{$area}.=':'.$pr{$trole.':c'};
555: }
556: }
557: }
558: }
559: }
560: } split(/&/,$rolesdump);
561: map {
562: %thesepriv=();
563: map {
564: if ($_ ne '') {
565: my ($priviledge,$restrictions)=split(/&/,$_);
566: if ($restrictions eq '') {
567: $thesepriv{$priviledge}='F';
568: } else {
569: if ($thesepriv{$priviledge} ne 'F') {
570: $thesepriv{$priviledge}.=$restrictions;
571: }
572: }
573: }
574: } split(/:/,$allroles{$_});
575: $thesestr='';
576: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
577: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
578: } keys %allroles;
579: }
580: return $userroles;
581: }
582:
583: # --------------------------------------------------------------- get interface
584:
585: sub get {
586: my ($namespace,@storearr)=@_;
587: my $items='';
588: map {
589: $items.=escape($_).'&';
590: } @storearr;
591: $items=~s/\&$//;
592: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
593: $ENV{'user.home'});
594: my @pairs=split(/\&/,$rep);
595: my %returnhash=();
596: map {
597: my ($key,$value)=split(/=/,$_);
598: $returnhash{unescape($key)}=unescape($value);
599: } @pairs;
600: return %returnhash;
601: }
602:
603: # --------------------------------------------------------------- del interface
604:
605: sub del {
606: my ($namespace,@storearr)=@_;
607: my $items='';
608: map {
609: $items.=escape($_).'&';
610: } @storearr;
611: $items=~s/\&$//;
612: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
613: $ENV{'user.home'});
614: }
615:
616: # -------------------------------------------------------------- dump interface
617:
618: sub dump {
619: my $namespace=shift;
620: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
621: $ENV{'user.home'});
622: my @pairs=split(/\&/,$rep);
623: my %returnhash=();
624: map {
625: my ($key,$value)=split(/=/,$_);
626: $returnhash{unescape($key)}=unescape($value);
627: } @pairs;
628: return %returnhash;
629: }
630:
631: # --------------------------------------------------------------- put interface
632:
633: sub put {
634: my ($namespace,%storehash)=@_;
635: my $items='';
636: map {
637: $items.=escape($_).'='.escape($storehash{$_}).'&';
638: } keys %storehash;
639: $items=~s/\&$//;
640: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
641: $ENV{'user.home'});
642: }
643:
644: # -------------------------------------------------------------- eget interface
645:
646: sub eget {
647: my ($namespace,@storearr)=@_;
648: my $items='';
649: map {
650: $items.=escape($_).'&';
651: } @storearr;
652: $items=~s/\&$//;
653: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
654: $ENV{'user.home'});
655: my @pairs=split(/\&/,$rep);
656: my %returnhash=();
657: map {
658: my ($key,$value)=split(/=/,$_);
659: $returnhash{unescape($key)}=unescape($value);
660: } @pairs;
661: return %returnhash;
662: }
663:
664: # ------------------------------------------------- Check for a user priviledge
665:
666: sub allowed {
667: my ($priv,$uri)=@_;
668: $uri=~s/^\/res//;
669: $uri=~s/^\///;
670:
671: # Free bre access to adm resources
672:
673: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
674: return 'F';
675: }
676:
677: # Gather priviledges over system and domain
678:
679: my $thisallowed='';
680: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
681: $thisallowed.=$1;
682: }
683: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
684: $thisallowed.=$1;
685: }
686:
687: # Full access at system or domain level? Exit.
688:
689: if ($thisallowed=~/F/) {
690: return 'F';
691: }
692:
693: # The user does not have full access at system or domain level
694: # Course level access control
695:
696: # uri itself refering to a course?
697:
698: if ($uri=~/\.course$/) {
699: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
700: $thisallowed.=$1;
701: }
702: # Full access on course level? Exit.
703: if ($thisallowed=~/F/) {
704: return 'F';
705: }
706:
707: # uri is refering to an individual resource; user needs to be in a course
708:
709: } else {
710:
711: unless(defined($ENV{'request.course.id'})) {
712: return '1';
713: }
714:
715: # Get access priviledges for course
716:
717: if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) {
718: $thisallowed.=$1;
719: }
720:
721: # See if resource or referer is part of this course
722:
723: my @uriparts=split(/\//,$uri);
724: my $urifile=$uriparts[$#uriparts];
725: $urifile=~/\.(\w+)$/;
726: my $uritype=$1;
727: $#uriparts--;
728: my $uripath=join('/',@uriparts);
729: my $uricond=-1;
730: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
731: /\&$urifile\:(\d+)\&/) {
732: $uricond=$1;
733: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
734: my $refuri=$ENV{'HTTP_REFERER'};
735: $refuri=~s/^\/res//;
736: $refuri=~s/^\///;
737: @uriparts=split(/\//,$refuri);
738: $urifile=$uriparts[$#uriparts];
739: $#uriparts--;
740: $uripath=join('/',@uriparts);
741: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
742: /\&$urifile\:(\d+)\&/) {
743: $uricond=$1;
744: }
745: }
746:
747: if ($uricond>=0) {
748:
749: # The resource is part of the course
750: # If user had full access on course level, go ahead
751:
752: if ($thisallowed=~/F/) {
753: return 'F';
754: }
755:
756: # Restricted by state?
757:
758: if ($thisallowed=~/X/) {
759: if (&condval($uricond)>1) {
760: return '2';
761: } else {
762: return '';
763: }
764: }
765: }
766: }
767: return $thisallowed;
768: }
769:
770: # ---------------------------------------------------------- Refresh State Info
771:
772: sub refreshstate {
773: }
774:
775: # ----------------------------------------------------------------- Define Role
776:
777: sub definerole {
778: if (allowed('mcr','/')) {
779: my ($rolename,$sysrole,$domrole,$courole)=@_;
780: map {
781: my ($crole,$cqual)=split(/\&/,$_);
782: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
783: if ($pr{'cr:s'}=~/$crole\&/) {
784: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
785: return "refused:s:$crole&$cqual";
786: }
787: }
788: } split('/',$sysrole);
789: map {
790: my ($crole,$cqual)=split(/\&/,$_);
791: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
792: if ($pr{'cr:d'}=~/$crole\&/) {
793: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
794: return "refused:d:$crole&$cqual";
795: }
796: }
797: } split('/',$domrole);
798: map {
799: my ($crole,$cqual)=split(/\&/,$_);
800: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
801: if ($pr{'cr:c'}=~/$crole\&/) {
802: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
803: return "refused:c:$crole&$cqual";
804: }
805: }
806: } split('/',$courole);
807: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
808: "$ENV{'user.domain'}:$ENV{'user.name'}:".
809: "rolesdef_$rolename=".
810: escape($sysrole.'_'.$domrole.'_'.$courole);
811: return reply($command,$ENV{'user.home'});
812: } else {
813: return 'refused';
814: }
815: }
816:
817: # ------------------------------------------------------------------ Plain Text
818:
819: sub plaintext {
820: my $short=shift;
821: return $prp{$short};
822: }
823:
824: # ------------------------------------------------------------------ Plain Text
825:
826: sub fileembstyle {
827: my $ending=shift;
828: return $fe{$ending};
829: }
830:
831: # ------------------------------------------------------------ Description Text
832:
833: sub filedecription {
834: my $ending=shift;
835: return $fd{$ending};
836: }
837:
838: # ----------------------------------------------------------------- Assign Role
839:
840: sub assignrole {
841: my ($udom,$uname,$url,$role,$end,$start)=@_;
842: my $mrole;
843: $url=declutter($url);
844: if ($role =~ /^cr\//) {
845: unless ($url=~/\.course$/) { return 'invalid'; }
846: unless (allowed('ccr',$url)) { return 'refused'; }
847: $mrole='cr';
848: } else {
849: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
850: unless (allowed('c'+$role)) { return 'refused'; }
851: $mrole=$role;
852: }
853: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
854: "$udom:$uname:$url".'_'."$mrole=$role";
855: if ($end) { $command.='_$end'; }
856: if ($start) {
857: if ($end) {
858: $command.='_$start';
859: } else {
860: $command.='_0_$start';
861: }
862: }
863: return &reply($command,&homeserver($uname,$udom));
864: }
865:
866: # ---------------------------------------------------------- Assign Custom Role
867:
868: sub assigncustomrole {
869: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
870: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
871: $end,$start);
872: }
873:
874: # ----------------------------------------------------------------- Revoke Role
875:
876: sub revokerole {
877: my ($udom,$uname,$url,$role)=@_;
878: my $now=time;
879: return &assignrole($udom,$uname,$url,$role,$now);
880: }
881:
882: # ---------------------------------------------------------- Revoke Custom Role
883:
884: sub revokecustomrole {
885: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
886: my $now=time;
887: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
888: }
889:
890: # ------------------------------------------------------------ Directory lister
891:
892: sub dirlist {
893: my $uri=shift;
894: $uri=~s/^\///;
895: $uri=~s/\/$//;
896: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
897: if ($udom) {
898: if ($uname) {
899: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
900: homeserver($uname,$udom));
901: return split(/:/,$listing);
902: } else {
903: my $tryserver;
904: my %allusers=();
905: foreach $tryserver (keys %libserv) {
906: if ($hostdom{$tryserver} eq $udom) {
907: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
908: $tryserver);
909: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
910: && ($listing ne 'con_lost')) {
911: map {
912: my ($entry,@stat)=split(/&/,$_);
913: $allusers{$entry}=1;
914: } split(/:/,$listing);
915: }
916: }
917: }
918: my $alluserstr='';
919: map {
920: $alluserstr.=$_.'&user:';
921: } sort keys %allusers;
922: $alluserstr=~s/:$//;
923: return split(/:/,$alluserstr);
924: }
925: } else {
926: my $tryserver;
927: my %alldom=();
928: foreach $tryserver (keys %libserv) {
929: $alldom{$hostdom{$tryserver}}=1;
930: }
931: my $alldomstr='';
932: map {
933: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
934: } sort keys %alldom;
935: $alldomstr=~s/:$//;
936: return split(/:/,$alldomstr);
937: }
938: }
939:
940: # -------------------------------------------------------- Value of a Condition
941:
942: sub condval {
943: my $condidx=shift;
944: my $result=0;
945: if ($ENV{'request.course.id'}) {
946: if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) {
947: my $operand='|';
948: my @stack;
949: map {
950: if ($_ eq '(') {
951: push @stack,($operand,$result)
952: } elsif ($_ eq ')') {
953: my $before=pop @stack;
954: if (pop @stack eq '&') {
955: $result=$result>$before?$before:$result;
956: } else {
957: $result=$result>$before?$result:$before;
958: }
959: } elsif (($_ eq '&') || ($_ eq '|')) {
960: $operand=$_;
961: } else {
962: my $new=
963: substr($ENV{'user.state.'.$ENV{'request.course.id'}},$_,1);
964: if ($operand eq '&') {
965: $result=$result>$new?$new:$result;
966: } else {
967: $result=$result>$new?$result:$new;
968: }
969: }
970: } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~
971: /(\d+|\(|\)|\&|\|)/g);
972: }
973: }
974: return $result;
975: }
976:
977: # --------------------------------------------------------- Value of a Variable
978:
979: sub varval {
980: my ($realm,$space,@components)=split(/\./,shift);
981: my $value='';
982: if ($realm eq 'user') {
983: if ($space=~/^resource/) {
984: $space=~s/^resource\[//;
985: $space=~s/\]$//;
986:
987: } else {
988: }
989: } elsif ($realm eq 'course') {
990: } elsif ($realm eq 'session') {
991: } elsif ($realm eq 'system') {
992: }
993: return $value;
994: }
995:
996: # ------------------------------------------------- Update symbolic store links
997:
998: sub symblist {
999: my ($mapname,%newhash)=@_;
1000: $mapname=declutter($mapname);
1001: my %hash;
1002: if (($ENV{'request.course.fn'}) && (%newhash)) {
1003: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1004: &GDBM_WRCREAT,0640)) {
1005: map {
1006: $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
1007: } keys %newhash;
1008: if (untie(%hash)) {
1009: return 'ok';
1010: }
1011: }
1012: }
1013: return 'error';
1014: }
1015:
1016: # ------------------------------------------------------ Return symb list entry
1017:
1018: sub symbread {
1019: my %hash;
1020: my $syval;
1021: if (($ENV{'request.course.fn'}) && ($ENV{'request.filename'})) {
1022: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1023: &GDBM_READER,0640)) {
1024: my $thisfn=declutter($ENV{'request.filename'});
1025: $syval=$hash{$thisfn};
1026: if (untie(%hash)) {
1027: unless ($syval=~/\_\d+$/) {
1028: unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
1029: return '';
1030: }
1031: $syval.=$1;
1032: }
1033: $syval.='___'.$thisfn;
1034: return $syval;
1035: }
1036: }
1037: }
1038: return '';
1039: }
1040:
1041: # ---------------------------------------------------------- Return random seed
1042:
1043: sub numval {
1044: my $txt=shift;
1045: $txt=~tr/A-J/0-9/;
1046: $txt=~tr/a-j/0-9/;
1047: $txt=~tr/K-T/0-9/;
1048: $txt=~tr/k-t/0-9/;
1049: $txt=~tr/U-Z/0-5/;
1050: $txt=~tr/u-z/0-5/;
1051: $txt=~s/\D//g;
1052: return int($txt);
1053: }
1054:
1055: sub rndseed {
1056: my $symb;
1057: unless ($symb=&symbread()) { return ''; }
1058: my $symbchck=unpack("%32C*",$symb);
1059: my $symbseed=numval($symb)%$symbchck;
1060: my $namechck=unpack("%32C*",$ENV{'user.name'});
1061: my $nameseed=numval($ENV{'user.name'})%$namechck;
1062: return int( $symbseed
1063: .$nameseed
1064: .unpack("%32C*",$ENV{'user.domain'})
1065: .unpack("%32C*",$ENV{'request.course.id'})
1066: .$namechck
1067: .$symbchck);
1068: }
1069:
1070: # ------------------------------------------------------------ Serves up a file
1071: # returns either the contents of the file or a -1
1072: sub getfile {
1073: my $file=shift;
1074: if (! -e $file ) {
1075: &subscribe($file);
1076: &repcopy($file);
1077: }
1078: if (! -e $file ) { return -1; };
1079: my $fh=Apache::File->new($file);
1080: my $a='';
1081: while (<$fh>) { $a .=$_; }
1082: return $a
1083: }
1084:
1085: sub filelocation {
1086: my ($dir,$file) = @_;
1087: my $location;
1088: $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces
1089: $file=~s/^$perlvar{'lonDocRoot'}//;
1090: $file=~s:^/*res::;
1091: if ( !( $file =~ m:^/:) ) {
1092: $location = $dir. '/'.$file;
1093: } else {
1094: $location = '/home/httpd/html/res'.$file;
1095: }
1096: $location=~s://+:/:g; # remove duplicate /
1097: while ($location=~m:/../:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/..
1098:
1099: return $location;
1100: }
1101:
1102: # ------------------------------------------------------------- Declutters URLs
1103:
1104: sub declutter {
1105: my $thisfn=shift;
1106: $thisfn=~s/^$perlvar{'lonDocRoot'}//;
1107: $thisfn=~s/^\///;
1108: $thisfn=~s/^res\///;
1109: return $thisfn;
1110: }
1111:
1112: # -------------------------------------------------------- Escape Special Chars
1113:
1114: sub escape {
1115: my $str=shift;
1116: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
1117: return $str;
1118: }
1119:
1120: # ----------------------------------------------------- Un-Escape Special Chars
1121:
1122: sub unescape {
1123: my $str=shift;
1124: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1125: return $str;
1126: }
1127:
1128: # ================================================================ Main Program
1129:
1130: sub BEGIN {
1131: if ($readit ne 'done') {
1132: # ------------------------------------------------------------ Read access.conf
1133: {
1134: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
1135:
1136: while (my $configline=<$config>) {
1137: if ($configline =~ /PerlSetVar/) {
1138: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1139: chomp($varvalue);
1140: $perlvar{$varname}=$varvalue;
1141: }
1142: }
1143: }
1144:
1145: # ------------------------------------------------------------- Read hosts file
1146: {
1147: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
1148:
1149: while (my $configline=<$config>) {
1150: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
1151: $hostname{$id}=$name;
1152: $hostdom{$id}=$domain;
1153: if ($role eq 'library') { $libserv{$id}=$name; }
1154: }
1155: }
1156:
1157: # ------------------------------------------------------ Read spare server file
1158: {
1159: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
1160:
1161: while (my $configline=<$config>) {
1162: chomp($configline);
1163: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
1164: $spareid{$configline}=1;
1165: }
1166: }
1167: }
1168: # ------------------------------------------------------------ Read permissions
1169: {
1170: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
1171:
1172: while (my $configline=<$config>) {
1173: chomp($configline);
1174: my ($role,$perm)=split(/ /,$configline);
1175: if ($perm ne '') { $pr{$role}=$perm; }
1176: }
1177: }
1178:
1179: # -------------------------------------------- Read plain texts for permissions
1180: {
1181: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
1182:
1183: while (my $configline=<$config>) {
1184: chomp($configline);
1185: my ($short,$plain)=split(/:/,$configline);
1186: if ($plain ne '') { $prp{$short}=$plain; }
1187: }
1188: }
1189:
1190: # ------------------------------------------------------------- Read file types
1191: {
1192: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
1193:
1194: while (my $configline=<$config>) {
1195: chomp($configline);
1196: my ($ending,$emb,@descr)=split(/\s+/,$configline);
1197: if ($descr[0] ne '') {
1198: $fe{$ending}=$emb;
1199: $fd{$ending}=join(' ',@descr);
1200: }
1201: }
1202: }
1203:
1204:
1205: $readit='done';
1206: &logthis('<font color=yellow>INFO: Read configuration</font>');
1207: }
1208: }
1209: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl