1: # The LearningOnline Network
2: # TCP networking package
3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
9: # allowed(short,url) : returns codes for allowed actions
10: # F: full access
11: # U,I,K: authentication modes (cxx only)
12: # '': forbidden
13: # 1: user needs to choose course
14: # 2: browse allowed
15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
26: # appenv(hash) : adds hash to session environment
27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
31: # del(namesp,array) : deletes keys out of array from namesp
32: # put(namesp,hash) : stores hash in namesp
33: # dump(namesp) : dumps the complete namespace into a hash
34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
36: # coursedescription(id) : returns and caches course description for id
37: # repcopy(filename) : replicate file
38: # dirlist(url) : gets a directory listing
39: # directcondval(index) : reading condition value of single condition from
40: # state string
41: # condval(index) : value of condition index based on state
42: # varval(name) : value of a variable
43: # refreshstate() : refresh the state information string
44: # symblist(map,hash) : Updates symbolic storage links
45: # symbread([filename]) : returns the data handle (filename optional)
46: # rndseed() : returns a random seed
47: # getfile(filename) : returns the contents of filename, or a -1 if it can't
48: # be found, replicates and subscribes to the file
49: # filelocation(dir,file) : returns a farily clean absolute reference to file
50: # from the directory dir
51: # hreflocation(dir,file) : same as filelocation, but for hrefs
52: #
53: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
54: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
55: # 11/8,11/16,11/18,11/22,11/23,12/22,
56: # 01/06,01/13,02/24,02/28,02/29,
57: # 03/01,03/02,03/06,03/07,03/13,
58: # 04/05,05/29,05/31,06/01,
59: # 06/05,06/26 Gerd Kortemeyer
60: # 06/26 Ben Tyszka
61: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
62: # 08/14 Ben Tyszka
63: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05,09/25,09/28,09/30 Gerd Kortemeyer
64: # 10/04 Gerd Kortemeyer
65: # 10/04 Guy Albertelli
66: # 10/06,10/09,10/10,10/11,10/14 Gerd Kortemeyer
67:
68: package Apache::lonnet;
69:
70: use strict;
71: use Apache::File;
72: use LWP::UserAgent();
73: use HTTP::Headers;
74: use vars
75: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
76: use IO::Socket;
77: use GDBM_File;
78: use Apache::Constants qw(:common :http);
79:
80: # --------------------------------------------------------------------- Logging
81:
82: sub logthis {
83: my $message=shift;
84: my $execdir=$perlvar{'lonDaemons'};
85: my $now=time;
86: my $local=localtime($now);
87: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
88: print $fh "$local ($$): $message\n";
89: return 1;
90: }
91:
92: sub logperm {
93: my $message=shift;
94: my $execdir=$perlvar{'lonDaemons'};
95: my $now=time;
96: my $local=localtime($now);
97: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
98: print $fh "$now:$message:$local\n";
99: return 1;
100: }
101:
102: # -------------------------------------------------- Non-critical communication
103: sub subreply {
104: my ($cmd,$server)=@_;
105: my $peerfile="$perlvar{'lonSockDir'}/$server";
106: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
107: Type => SOCK_STREAM,
108: Timeout => 10)
109: or return "con_lost";
110: print $client "$cmd\n";
111: my $answer=<$client>;
112: if (!$answer) { $answer="con_lost"; }
113: chomp($answer);
114: return $answer;
115: }
116:
117: sub reply {
118: my ($cmd,$server)=@_;
119: my $answer=subreply($cmd,$server);
120: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
121: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
122: ($answer=~/^rejected/)) {
123: &logthis("<font color=blue>WARNING:".
124: " $cmd to $server returned $answer</font>");
125: }
126: return $answer;
127: }
128:
129: # ----------------------------------------------------------- Send USR1 to lonc
130:
131: sub reconlonc {
132: my $peerfile=shift;
133: &logthis("Trying to reconnect for $peerfile");
134: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
135: if (my $fh=Apache::File->new("$loncfile")) {
136: my $loncpid=<$fh>;
137: chomp($loncpid);
138: if (kill 0 => $loncpid) {
139: &logthis("lonc at pid $loncpid responding, sending USR1");
140: kill USR1 => $loncpid;
141: sleep 1;
142: if (-e "$peerfile") { return; }
143: &logthis("$peerfile still not there, give it another try");
144: sleep 5;
145: if (-e "$peerfile") { return; }
146: &logthis(
147: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
148: } else {
149: &logthis(
150: "<font color=blue>WARNING:".
151: " lonc at pid $loncpid not responding, giving up</font>");
152: }
153: } else {
154: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
155: }
156: }
157:
158: # ------------------------------------------------------ Critical communication
159:
160: sub critical {
161: my ($cmd,$server)=@_;
162: my $answer=reply($cmd,$server);
163: if ($answer eq 'con_lost') {
164: my $pingreply=reply('ping',$server);
165: &reconlonc("$perlvar{'lonSockDir'}/$server");
166: my $pongreply=reply('pong',$server);
167: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
168: $answer=reply($cmd,$server);
169: if ($answer eq 'con_lost') {
170: my $now=time;
171: my $middlename=$cmd;
172: $middlename=substr($middlename,0,16);
173: $middlename=~s/\W//g;
174: my $dfilename=
175: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
176: {
177: my $dfh;
178: if ($dfh=Apache::File->new(">$dfilename")) {
179: print $dfh "$cmd\n";
180: }
181: }
182: sleep 2;
183: my $wcmd='';
184: {
185: my $dfh;
186: if ($dfh=Apache::File->new("$dfilename")) {
187: $wcmd=<$dfh>;
188: }
189: }
190: chomp($wcmd);
191: if ($wcmd eq $cmd) {
192: &logthis("<font color=blue>WARNING: ".
193: "Connection buffer $dfilename: $cmd</font>");
194: &logperm("D:$server:$cmd");
195: return 'con_delayed';
196: } else {
197: &logthis("<font color=red>CRITICAL:"
198: ." Critical connection failed: $server $cmd</font>");
199: &logperm("F:$server:$cmd");
200: return 'con_failed';
201: }
202: }
203: }
204: return $answer;
205: }
206:
207: # ---------------------------------------------------------- Append Environment
208:
209: sub appenv {
210: my %newenv=@_;
211: map {
212: if (($newenv{$_}=~/^user\.role/) || ($newenv{$_}=~/^user\.priv/)) {
213: &logthis("<font color=blue>WARNING: ".
214: "Attempt to modify environment ".$_." to ".$newenv{$_});
215: delete($newenv{$_});
216: } else {
217: $ENV{$_}=$newenv{$_};
218: }
219: } keys %newenv;
220: my @oldenv;
221: {
222: my $fh;
223: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
224: return 'error';
225: }
226: @oldenv=<$fh>;
227: }
228: for (my $i=0; $i<=$#oldenv; $i++) {
229: chomp($oldenv[$i]);
230: if ($oldenv[$i] ne '') {
231: my ($name,$value)=split(/=/,$oldenv[$i]);
232: unless (defined($newenv{$name})) {
233: $newenv{$name}=$value;
234: }
235: }
236: }
237: {
238: my $fh;
239: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
240: return 'error';
241: }
242: my $newname;
243: foreach $newname (keys %newenv) {
244: print $fh "$newname=$newenv{$newname}\n";
245: }
246: }
247: return 'ok';
248: }
249:
250: # ------------------------------ Find server with least workload from spare.tab
251:
252: sub spareserver {
253: my $tryserver;
254: my $spareserver='';
255: my $lowestserver=100;
256: foreach $tryserver (keys %spareid) {
257: my $answer=reply('load',$tryserver);
258: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
259: $spareserver="http://$hostname{$tryserver}";
260: $lowestserver=$answer;
261: }
262: }
263: return $spareserver;
264: }
265:
266: # --------- Try to authenticate user from domain's lib servers (first this one)
267:
268: sub authenticate {
269: my ($uname,$upass,$udom)=@_;
270: $upass=escape($upass);
271: if (($perlvar{'lonRole'} eq 'library') &&
272: ($udom eq $perlvar{'lonDefDomain'})) {
273: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
274: if ($answer =~ /authorized/) {
275: if ($answer eq 'authorized') {
276: &logthis("User $uname at $udom authorized by local server");
277: return $perlvar{'lonHostID'};
278: }
279: if ($answer eq 'non_authorized') {
280: &logthis("User $uname at $udom rejected by local server");
281: return 'no_host';
282: }
283: }
284: }
285:
286: my $tryserver;
287: foreach $tryserver (keys %libserv) {
288: if ($hostdom{$tryserver} eq $udom) {
289: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
290: if ($answer =~ /authorized/) {
291: if ($answer eq 'authorized') {
292: &logthis("User $uname at $udom authorized by $tryserver");
293: return $tryserver;
294: }
295: if ($answer eq 'non_authorized') {
296: &logthis("User $uname at $udom rejected by $tryserver");
297: return 'no_host';
298: }
299: }
300: }
301: }
302: &logthis("User $uname at $udom could not be authenticated");
303: return 'no_host';
304: }
305:
306: # ---------------------- Find the homebase for a user from domain's lib servers
307:
308: sub homeserver {
309: my ($uname,$udom)=@_;
310:
311: my $index="$uname:$udom";
312: if ($homecache{$index}) { return "$homecache{$index}"; }
313:
314: my $tryserver;
315: foreach $tryserver (keys %libserv) {
316: if ($hostdom{$tryserver} eq $udom) {
317: my $answer=reply("home:$udom:$uname",$tryserver);
318: if ($answer eq 'found') {
319: $homecache{$index}=$tryserver;
320: return $tryserver;
321: }
322: }
323: }
324: return 'no_host';
325: }
326:
327: # ----------------------------- Subscribe to a resource, return URL if possible
328:
329: sub subscribe {
330: my $fname=shift;
331: my $author=$fname;
332: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
333: my ($udom,$uname)=split(/\//,$author);
334: my $home=homeserver($uname,$udom);
335: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
336: return 'not_found';
337: }
338: my $answer=reply("sub:$fname",$home);
339: return $answer;
340: }
341:
342: # -------------------------------------------------------------- Replicate file
343:
344: sub repcopy {
345: my $filename=shift;
346: $filename=~s/\/+/\//g;
347: my $transname="$filename.in.transfer";
348: if ((-e $filename) || (-e $transname)) { return OK; }
349: my $remoteurl=subscribe($filename);
350: if ($remoteurl eq 'con_lost') {
351: &logthis("Subscribe returned con_lost: $filename");
352: return HTTP_SERVICE_UNAVAILABLE;
353: } elsif ($remoteurl eq 'not_found') {
354: &logthis("Subscribe returned not_found: $filename");
355: return HTTP_NOT_FOUND;
356: } elsif ($remoteurl eq 'rejected') {
357: &logthis("Subscribe returned rejected: $filename");
358: return FORBIDDEN;
359: } elsif ($remoteurl eq 'directory') {
360: return OK;
361: } else {
362: my @parts=split(/\//,$filename);
363: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
364: if ($path ne "$perlvar{'lonDocRoot'}/res") {
365: &logthis("Malconfiguration for replication: $filename");
366: return HTTP_BAD_REQUEST;
367: }
368: my $count;
369: for ($count=5;$count<$#parts;$count++) {
370: $path.="/$parts[$count]";
371: if ((-e $path)!=1) {
372: mkdir($path,0777);
373: }
374: }
375: my $ua=new LWP::UserAgent;
376: my $request=new HTTP::Request('GET',"$remoteurl");
377: my $response=$ua->request($request,$transname);
378: if ($response->is_error()) {
379: unlink($transname);
380: my $message=$response->status_line;
381: &logthis("<font color=blue>WARNING:"
382: ." LWP get: $message: $filename</font>");
383: return HTTP_SERVICE_UNAVAILABLE;
384: } else {
385: if ($remoteurl!~/\.meta$/) {
386: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
387: my $mresponse=$ua->request($mrequest,$filename.'.meta');
388: if ($mresponse->is_error()) {
389: unlink($filename.'.meta');
390: &logthis(
391: "<font color=yellow>INFO: No metadata: $filename</font>");
392: }
393: }
394: rename($transname,$filename);
395: return OK;
396: }
397: }
398: }
399:
400: # --------------------------------------------------------- Server Side Include
401:
402: sub ssi {
403:
404: my ($fn,%form)=@_;
405:
406: my $ua=new LWP::UserAgent;
407:
408: my $request;
409:
410: if (%form) {
411: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
412: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
413: } else {
414: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
415: }
416:
417: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
418: my $response=$ua->request($request);
419:
420: return $response->content;
421: }
422:
423: # ------------------------------------------------------------------------- Log
424:
425: sub log {
426: my ($dom,$nam,$hom,$what)=@_;
427: return reply("log:$dom:$nam:$what",$hom);
428: }
429:
430: # ----------------------------------------------------------------------- Store
431:
432: sub store {
433: my %storehash=@_;
434: my $symb;
435: unless ($symb=escape(&symbread())) { return ''; }
436: my $namespace;
437: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
438: my $namevalue='';
439: map {
440: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
441: } keys %storehash;
442: $namevalue=~s/\&$//;
443: return reply(
444: "store:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb:$namevalue",
445: "$ENV{'user.home'}");
446: }
447:
448: # --------------------------------------------------------------------- Restore
449:
450: sub restore {
451: my $symb;
452: unless ($symb=escape(&symbread())) { return ''; }
453: my $namespace;
454: unless ($namespace=$ENV{'request.course.id'}) { return ''; }
455: my $answer=reply(
456: "restore:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$symb",
457: "$ENV{'user.home'}");
458: my %returnhash=();
459: map {
460: my ($name,$value)=split(/\=/,$_);
461: $returnhash{&unescape($name)}=&unescape($value);
462: } split(/\&/,$answer);
463: map {
464: $returnhash{$_}=$returnhash{$returnhash{'version'}.':'.$_};
465: } split(/\:/,$returnhash{$returnhash{'version'}.':keys'});
466: return %returnhash;
467: }
468:
469: # ---------------------------------------------------------- Course Description
470:
471: sub coursedescription {
472: my $courseid=shift;
473: $courseid=~s/^\///;
474: my ($cdomain,$cnum)=split(/\//,$courseid);
475: my $chome=homeserver($cnum,$cdomain);
476: if ($chome ne 'no_host') {
477: my $rep=reply("dump:$cdomain:$cnum:environment",$chome);
478: if ($rep ne 'con_lost') {
479: my %cachehash=();
480: my %returnhash=('home' => $chome,
481: 'domain' => $cdomain,
482: 'num' => $cnum);
483: map {
484: my ($name,$value)=split(/\=/,$_);
485: $name=&unescape($name);
486: $value=&unescape($value);
487: $returnhash{$name}=$value;
488: if ($name eq 'description') {
489: $cachehash{$courseid}=$value;
490: }
491: } split(/\&/,$rep);
492: $returnhash{'url'}='/res/'.declutter($returnhash{'url'});
493: $returnhash{'fn'}=$perlvar{'lonDaemons'}.'/tmp/'.
494: $ENV{'user.name'}.'_'.$cdomain.'_'.$cnum;
495: put ('coursedescriptions',%cachehash);
496: return %returnhash;
497: }
498: }
499: return ();
500: }
501:
502: # -------------------------------------------------------- Get user priviledges
503:
504: sub rolesinit {
505: my ($domain,$username,$authhost)=@_;
506: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
507: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
508: my %allroles=();
509: my %thesepriv=();
510: my $now=time;
511: my $userroles="user.login.time=$now\n";
512: my $thesestr;
513:
514: if ($rolesdump ne '') {
515: map {
516: if ($_!~/^rolesdef\&/) {
517: my ($area,$role)=split(/=/,$_);
518: $area=~s/\_\w\w$//;
519: my ($trole,$tend,$tstart)=split(/_/,$role);
520: $userroles.='user.role.'.$trole.'.'.$area.'='.
521: $tstart.'.'.$tend."\n";
522: if ($tend!=0) {
523: if ($tend<$now) {
524: $trole='';
525: }
526: }
527: if ($tstart!=0) {
528: if ($tstart>$now) {
529: $trole='';
530: }
531: }
532: if (($area ne '') && ($trole ne '')) {
533: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
534: if ($trole =~ /^cr\//) {
535: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
536: my $homsvr=homeserver($rauthor,$rdomain);
537: if ($hostname{$homsvr} ne '') {
538: my $roledef=
539: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
540: $homsvr);
541: if (($roledef ne 'con_lost') && ($roledef ne '')) {
542: my ($syspriv,$dompriv,$coursepriv)=
543: split(/\_/,unescape($roledef));
544: $allroles{'/'}.=':'.$syspriv;
545: if ($tdomain ne '') {
546: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
547: if ($trest ne '') {
548: $allroles{$area}.=':'.$coursepriv;
549: }
550: }
551: }
552: }
553: } else {
554: $allroles{'/'}.=':'.$pr{$trole.':s'};
555: if ($tdomain ne '') {
556: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
557: if ($trest ne '') {
558: $allroles{$area}.=':'.$pr{$trole.':c'};
559: }
560: }
561: }
562: }
563: }
564: } split(/&/,$rolesdump);
565: map {
566: %thesepriv=();
567: map {
568: if ($_ ne '') {
569: my ($priviledge,$restrictions)=split(/&/,$_);
570: if ($restrictions eq '') {
571: $thesepriv{$priviledge}='F';
572: } else {
573: if ($thesepriv{$priviledge} ne 'F') {
574: $thesepriv{$priviledge}.=$restrictions;
575: }
576: }
577: }
578: } split(/:/,$allroles{$_});
579: $thesestr='';
580: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
581: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
582: } keys %allroles;
583: }
584: return $userroles;
585: }
586:
587: # --------------------------------------------------------------- get interface
588:
589: sub get {
590: my ($namespace,@storearr)=@_;
591: my $items='';
592: map {
593: $items.=escape($_).'&';
594: } @storearr;
595: $items=~s/\&$//;
596: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
597: $ENV{'user.home'});
598: my @pairs=split(/\&/,$rep);
599: my %returnhash=();
600: my $i=0;
601: map {
602: $returnhash{$_}=unescape($pairs[$i]);
603: $i++;
604: } @storearr;
605: return %returnhash;
606: }
607:
608: # --------------------------------------------------------------- del interface
609:
610: sub del {
611: my ($namespace,@storearr)=@_;
612: my $items='';
613: map {
614: $items.=escape($_).'&';
615: } @storearr;
616: $items=~s/\&$//;
617: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
618: $ENV{'user.home'});
619: }
620:
621: # -------------------------------------------------------------- dump interface
622:
623: sub dump {
624: my $namespace=shift;
625: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
626: $ENV{'user.home'});
627: my @pairs=split(/\&/,$rep);
628: my %returnhash=();
629: map {
630: my ($key,$value)=split(/=/,$_);
631: $returnhash{unescape($key)}=unescape($value);
632: } @pairs;
633: return %returnhash;
634: }
635:
636: # --------------------------------------------------------------- put interface
637:
638: sub put {
639: my ($namespace,%storehash)=@_;
640: my $items='';
641: map {
642: $items.=escape($_).'='.escape($storehash{$_}).'&';
643: } keys %storehash;
644: $items=~s/\&$//;
645: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
646: $ENV{'user.home'});
647: }
648:
649: # -------------------------------------------------------------- eget interface
650:
651: sub eget {
652: my ($namespace,@storearr)=@_;
653: my $items='';
654: map {
655: $items.=escape($_).'&';
656: } @storearr;
657: $items=~s/\&$//;
658: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
659: $ENV{'user.home'});
660: my @pairs=split(/\&/,$rep);
661: my %returnhash=();
662: my $i=0;
663: map {
664: $returnhash{$_}=unescape($pairs[$i]);
665: $i++;
666: } @storearr;
667: return %returnhash;
668: }
669:
670: # ------------------------------------------------- Check for a user priviledge
671:
672: sub allowed {
673: my ($priv,$uri)=@_;
674: $uri=~s/^\/res//;
675: $uri=~s/^\///;
676:
677: # Free bre access to adm resources
678:
679: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
680: return 'F';
681: }
682:
683: # Gather priviledges over system and domain
684:
685: my $thisallowed='';
686: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
687: $thisallowed.=$1;
688: }
689: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
690: $thisallowed.=$1;
691: }
692:
693: # Full access at system or domain level? Exit.
694:
695: if ($thisallowed=~/F/) {
696: return 'F';
697: }
698:
699: # The user does not have full access at system or domain level
700: # Course level access control
701:
702: # uri itself refering to a course?
703:
704: if ($uri=~/\.course$/) {
705: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
706: $thisallowed.=$1;
707: }
708: # Full access on course level? Exit.
709: if ($thisallowed=~/F/) {
710: return 'F';
711: }
712:
713: # uri is refering to an individual resource; user needs to be in a course
714:
715: } else {
716:
717: unless(defined($ENV{'request.course.id'})) {
718: return '1';
719: }
720:
721: # Get access priviledges for course
722:
723: if ($ENV{'user.priv./'.$ENV{'request.course.id'}}=~/$priv\&([^\:]*)/) {
724: $thisallowed.=$1;
725: }
726:
727: # See if resource or referer is part of this course
728:
729: my @uriparts=split(/\//,$uri);
730: my $urifile=$uriparts[$#uriparts];
731: $urifile=~/\.(\w+)$/;
732: my $uritype=$1;
733: $#uriparts--;
734: my $uripath=join('/',@uriparts);
735: my $uricond=-1;
736: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
737: /\&$urifile\:(\d+)\&/) {
738: $uricond=$1;
739: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
740: my $refuri=$ENV{'HTTP_REFERER'};
741: $refuri=~s/^\/res//;
742: $refuri=~s/^\///;
743: @uriparts=split(/\//,$refuri);
744: $urifile=$uriparts[$#uriparts];
745: $#uriparts--;
746: $uripath=join('/',@uriparts);
747: if ($ENV{'acc.res.'.$ENV{'request.course.id'}.'.'.$uripath}=~
748: /\&$urifile\:(\d+)\&/) {
749: $uricond=$1;
750: }
751: }
752:
753: if ($uricond>=0) {
754:
755: # The resource is part of the course
756: # If user had full access on course level, go ahead
757:
758: if ($thisallowed=~/F/) {
759: return 'F';
760: }
761:
762: # Restricted by state?
763:
764: if ($thisallowed=~/X/) {
765: if (&condval($uricond)) {
766: return '2';
767: } else {
768: return '';
769: }
770: }
771: }
772: }
773: return $thisallowed;
774: }
775:
776: # ---------------------------------------------------------- Refresh State Info
777:
778: sub refreshstate {
779: }
780:
781: # ----------------------------------------------------------------- Define Role
782:
783: sub definerole {
784: if (allowed('mcr','/')) {
785: my ($rolename,$sysrole,$domrole,$courole)=@_;
786: map {
787: my ($crole,$cqual)=split(/\&/,$_);
788: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
789: if ($pr{'cr:s'}=~/$crole\&/) {
790: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
791: return "refused:s:$crole&$cqual";
792: }
793: }
794: } split('/',$sysrole);
795: map {
796: my ($crole,$cqual)=split(/\&/,$_);
797: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
798: if ($pr{'cr:d'}=~/$crole\&/) {
799: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
800: return "refused:d:$crole&$cqual";
801: }
802: }
803: } split('/',$domrole);
804: map {
805: my ($crole,$cqual)=split(/\&/,$_);
806: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
807: if ($pr{'cr:c'}=~/$crole\&/) {
808: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
809: return "refused:c:$crole&$cqual";
810: }
811: }
812: } split('/',$courole);
813: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
814: "$ENV{'user.domain'}:$ENV{'user.name'}:".
815: "rolesdef_$rolename=".
816: escape($sysrole.'_'.$domrole.'_'.$courole);
817: return reply($command,$ENV{'user.home'});
818: } else {
819: return 'refused';
820: }
821: }
822:
823: # ------------------------------------------------------------------ Plain Text
824:
825: sub plaintext {
826: my $short=shift;
827: return $prp{$short};
828: }
829:
830: # ------------------------------------------------------------------ Plain Text
831:
832: sub fileembstyle {
833: my $ending=shift;
834: return $fe{$ending};
835: }
836:
837: # ------------------------------------------------------------ Description Text
838:
839: sub filedecription {
840: my $ending=shift;
841: return $fd{$ending};
842: }
843:
844: # ----------------------------------------------------------------- Assign Role
845:
846: sub assignrole {
847: my ($udom,$uname,$url,$role,$end,$start)=@_;
848: my $mrole;
849: $url=declutter($url);
850: if ($role =~ /^cr\//) {
851: unless ($url=~/\.course$/) { return 'invalid'; }
852: unless (allowed('ccr',$url)) { return 'refused'; }
853: $mrole='cr';
854: } else {
855: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
856: unless (allowed('c'+$role)) { return 'refused'; }
857: $mrole=$role;
858: }
859: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
860: "$udom:$uname:$url".'_'."$mrole=$role";
861: if ($end) { $command.='_$end'; }
862: if ($start) {
863: if ($end) {
864: $command.='_$start';
865: } else {
866: $command.='_0_$start';
867: }
868: }
869: return &reply($command,&homeserver($uname,$udom));
870: }
871:
872: # ---------------------------------------------------------- Assign Custom Role
873:
874: sub assigncustomrole {
875: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
876: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
877: $end,$start);
878: }
879:
880: # ----------------------------------------------------------------- Revoke Role
881:
882: sub revokerole {
883: my ($udom,$uname,$url,$role)=@_;
884: my $now=time;
885: return &assignrole($udom,$uname,$url,$role,$now);
886: }
887:
888: # ---------------------------------------------------------- Revoke Custom Role
889:
890: sub revokecustomrole {
891: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
892: my $now=time;
893: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
894: }
895:
896: # ------------------------------------------------------------ Directory lister
897:
898: sub dirlist {
899: my $uri=shift;
900: $uri=~s/^\///;
901: $uri=~s/\/$//;
902: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
903: if ($udom) {
904: if ($uname) {
905: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
906: homeserver($uname,$udom));
907: return split(/:/,$listing);
908: } else {
909: my $tryserver;
910: my %allusers=();
911: foreach $tryserver (keys %libserv) {
912: if ($hostdom{$tryserver} eq $udom) {
913: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
914: $tryserver);
915: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
916: && ($listing ne 'con_lost')) {
917: map {
918: my ($entry,@stat)=split(/&/,$_);
919: $allusers{$entry}=1;
920: } split(/:/,$listing);
921: }
922: }
923: }
924: my $alluserstr='';
925: map {
926: $alluserstr.=$_.'&user:';
927: } sort keys %allusers;
928: $alluserstr=~s/:$//;
929: return split(/:/,$alluserstr);
930: }
931: } else {
932: my $tryserver;
933: my %alldom=();
934: foreach $tryserver (keys %libserv) {
935: $alldom{$hostdom{$tryserver}}=1;
936: }
937: my $alldomstr='';
938: map {
939: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
940: } sort keys %alldom;
941: $alldomstr=~s/:$//;
942: return split(/:/,$alldomstr);
943: }
944: }
945:
946: # -------------------------------------------------------- Value of a Condition
947:
948: sub directcondval {
949: my $number=shift;
950: if ($ENV{'user.state.'.$ENV{'request.course.id'}}) {
951: return substr($ENV{'user.state.'.$ENV{'request.course.id'}},$number,1);
952: } else {
953: return 2;
954: }
955: }
956:
957: sub condval {
958: my $condidx=shift;
959: my $result=0;
960: if ($ENV{'request.course.id'}) {
961: if (defined($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx})) {
962: my $operand='|';
963: my @stack;
964: map {
965: if ($_ eq '(') {
966: push @stack,($operand,$result)
967: } elsif ($_ eq ')') {
968: my $before=pop @stack;
969: if (pop @stack eq '&') {
970: $result=$result>$before?$before:$result;
971: } else {
972: $result=$result>$before?$result:$before;
973: }
974: } elsif (($_ eq '&') || ($_ eq '|')) {
975: $operand=$_;
976: } else {
977: my $new=directcondval($_);
978: if ($operand eq '&') {
979: $result=$result>$new?$new:$result;
980: } else {
981: $result=$result>$new?$result:$new;
982: }
983: }
984: } ($ENV{'acc.cond.'.$ENV{'request.course.id'}.'.'.$condidx}=~
985: /(\d+|\(|\)|\&|\|)/g);
986: }
987: }
988: return $result;
989: }
990:
991: # --------------------------------------------------------- Value of a Variable
992:
993: sub varval {
994: my ($realm,$space,@components)=split(/\./,shift);
995: my $value='';
996: if ($realm eq 'user') {
997: if ($space=~/^resource/) {
998: $space=~s/^resource\[//;
999: $space=~s/\]$//;
1000:
1001: } else {
1002: }
1003: } elsif ($realm eq 'course') {
1004: } elsif ($realm eq 'session') {
1005: } elsif ($realm eq 'system') {
1006: }
1007: return $value;
1008: }
1009:
1010: # ------------------------------------------------- Update symbolic store links
1011:
1012: sub symblist {
1013: my ($mapname,%newhash)=@_;
1014: $mapname=declutter($mapname);
1015: my %hash;
1016: if (($ENV{'request.course.fn'}) && (%newhash)) {
1017: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1018: &GDBM_WRCREAT,0640)) {
1019: map {
1020: $hash{declutter($_)}=$mapname.'___'.$newhash{$_};
1021: } keys %newhash;
1022: if (untie(%hash)) {
1023: return 'ok';
1024: }
1025: }
1026: }
1027: return 'error';
1028: }
1029:
1030: # ------------------------------------------------------ Return symb list entry
1031:
1032: sub symbread {
1033: my $thisfn=shift;
1034: unless ($thisfn) {
1035: $thisfn=$ENV{'request.filename'};
1036: }
1037: $thisfn=declutter($thisfn);
1038: my %hash;
1039: my %bighash;
1040: my $syval='';
1041: if (($ENV{'request.course.fn'}) && ($thisfn)) {
1042: if (tie(%hash,'GDBM_File',$ENV{'request.course.fn'}.'_symb.db',
1043: &GDBM_READER,0640)) {
1044: $syval=$hash{$thisfn};
1045: untie(%hash);
1046: }
1047: # ---------------------------------------------------------- There was an entry
1048: if ($syval) {
1049: unless ($syval=~/\_\d+$/) {
1050: unless ($ENV{'form.request.prefix'}=~/\.(\d+)\_$/) {
1051: &appenv('request.ambiguous' => $thisfn);
1052: return '';
1053: }
1054: $syval.=$1;
1055: }
1056: } else {
1057: # ------------------------------------------------------- Was not in symb table
1058: if (tie(%bighash,'GDBM_File',$ENV{'request.course.fn'}.'.db',
1059: &GDBM_READER,0640)) {
1060: # ---------------------------------------------- Get ID(s) for current resource
1061: my $ids=$bighash{'ids_/res/'.$thisfn};
1062: if ($ids) {
1063: # ------------------------------------------------------------------- Has ID(s)
1064: my @possibilities=split(/\,/,$ids);
1065: if ($#possibilities==0) {
1066: # ----------------------------------------------- There is only one possibility
1067: my ($mapid,$resid)=split(/\./,$ids);
1068: $syval=declutter($bighash{'map_id_'.$mapid}).'___'.$resid;
1069: } else {
1070: # ------------------------------------------ There is more than one possibility
1071: my $realpossible=0;
1072: map {
1073: my $file=$bighash{'src_'.$_};
1074: if (&allowed('bre',$file)) {
1075: my ($mapid,$resid)=split(/\./,$_);
1076: if ($bighash{'map_type_'.$mapid} ne 'page') {
1077: $realpossible++;
1078: $syval=declutter($bighash{'map_id_'.$mapid}).
1079: '___'.$resid;
1080: }
1081: }
1082: } @possibilities;
1083: if ($realpossible!=1) { $syval=''; }
1084: }
1085: }
1086: untie(%bighash)
1087: }
1088: }
1089: if ($syval) { return $syval.'___'.$thisfn; }
1090: }
1091: &appenv('request.ambiguous' => $thisfn);
1092: return '';
1093: }
1094:
1095: # ---------------------------------------------------------- Return random seed
1096:
1097: sub numval {
1098: my $txt=shift;
1099: $txt=~tr/A-J/0-9/;
1100: $txt=~tr/a-j/0-9/;
1101: $txt=~tr/K-T/0-9/;
1102: $txt=~tr/k-t/0-9/;
1103: $txt=~tr/U-Z/0-5/;
1104: $txt=~tr/u-z/0-5/;
1105: $txt=~s/\D//g;
1106: return int($txt);
1107: }
1108:
1109: sub rndseed {
1110: my $symb;
1111: unless ($symb=&symbread()) { return time; }
1112: my $symbchck=unpack("%32C*",$symb);
1113: my $symbseed=numval($symb)%$symbchck;
1114: my $namechck=unpack("%32C*",$ENV{'user.name'});
1115: my $nameseed=numval($ENV{'user.name'})%$namechck;
1116: return int( $symbseed
1117: .$nameseed
1118: .unpack("%32C*",$ENV{'user.domain'})
1119: .unpack("%32C*",$ENV{'request.course.id'})
1120: .$namechck
1121: .$symbchck);
1122: }
1123:
1124: # ------------------------------------------------------------ Serves up a file
1125: # returns either the contents of the file or a -1
1126: sub getfile {
1127: my $file=shift;
1128: &repcopy($file);
1129: if (! -e $file ) { return -1; };
1130: my $fh=Apache::File->new($file);
1131: my $a='';
1132: while (<$fh>) { $a .=$_; }
1133: return $a
1134: }
1135:
1136: sub filelocation {
1137: my ($dir,$file) = @_;
1138: my $location;
1139: $file=~ s/^\s*(\S+)\s*$/$1/; ## strip off leading and trailing spaces
1140: $file=~s/^$perlvar{'lonDocRoot'}//;
1141: $file=~s:^/*res::;
1142: if ( !( $file =~ m:^/:) ) {
1143: $location = $dir. '/'.$file;
1144: } else {
1145: $location = '/home/httpd/html/res'.$file;
1146: }
1147: $location=~s://+:/:g; # remove duplicate /
1148: while ($location=~m:/\.\./:) {$location=~ s:/[^/]+/\.\./:/:g;} #remove dir/..
1149: return $location;
1150: }
1151:
1152: sub hreflocation {
1153: my ($dir,$file)=@_;
1154: unless (($_=~/^http:\/\//i) || ($_=~/^\//)) {
1155: my $finalpath=filelocation($dir,$file);
1156: $finalpath=~s/^\/home\/httpd\/html//;
1157: return $finalpath;
1158: } else {
1159: return $file;
1160: }
1161: }
1162:
1163: # ------------------------------------------------------------- Declutters URLs
1164:
1165: sub declutter {
1166: my $thisfn=shift;
1167: $thisfn=~s/^$perlvar{'lonDocRoot'}//;
1168: $thisfn=~s/^\///;
1169: $thisfn=~s/^res\///;
1170: return $thisfn;
1171: }
1172:
1173: # -------------------------------------------------------- Escape Special Chars
1174:
1175: sub escape {
1176: my $str=shift;
1177: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
1178: return $str;
1179: }
1180:
1181: # ----------------------------------------------------- Un-Escape Special Chars
1182:
1183: sub unescape {
1184: my $str=shift;
1185: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
1186: return $str;
1187: }
1188:
1189: # ================================================================ Main Program
1190:
1191: sub BEGIN {
1192: if ($readit ne 'done') {
1193: # ------------------------------------------------------------ Read access.conf
1194: {
1195: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
1196:
1197: while (my $configline=<$config>) {
1198: if ($configline =~ /PerlSetVar/) {
1199: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1200: chomp($varvalue);
1201: $perlvar{$varname}=$varvalue;
1202: }
1203: }
1204: }
1205:
1206: # ------------------------------------------------------------- Read hosts file
1207: {
1208: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
1209:
1210: while (my $configline=<$config>) {
1211: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
1212: $hostname{$id}=$name;
1213: $hostdom{$id}=$domain;
1214: if ($role eq 'library') { $libserv{$id}=$name; }
1215: }
1216: }
1217:
1218: # ------------------------------------------------------ Read spare server file
1219: {
1220: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
1221:
1222: while (my $configline=<$config>) {
1223: chomp($configline);
1224: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
1225: $spareid{$configline}=1;
1226: }
1227: }
1228: }
1229: # ------------------------------------------------------------ Read permissions
1230: {
1231: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
1232:
1233: while (my $configline=<$config>) {
1234: chomp($configline);
1235: my ($role,$perm)=split(/ /,$configline);
1236: if ($perm ne '') { $pr{$role}=$perm; }
1237: }
1238: }
1239:
1240: # -------------------------------------------- Read plain texts for permissions
1241: {
1242: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
1243:
1244: while (my $configline=<$config>) {
1245: chomp($configline);
1246: my ($short,$plain)=split(/:/,$configline);
1247: if ($plain ne '') { $prp{$short}=$plain; }
1248: }
1249: }
1250:
1251: # ------------------------------------------------------------- Read file types
1252: {
1253: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
1254:
1255: while (my $configline=<$config>) {
1256: chomp($configline);
1257: my ($ending,$emb,@descr)=split(/\s+/,$configline);
1258: if ($descr[0] ne '') {
1259: $fe{$ending}=$emb;
1260: $fd{$ending}=join(' ',@descr);
1261: }
1262: }
1263: }
1264:
1265:
1266: $readit='done';
1267: &logthis('<font color=yellow>INFO: Read configuration</font>');
1268: }
1269: }
1270: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl