Annotation of nsdl/nsdlloncapaorg/lonacc.pm, revision 1.1

1.1     ! www         1: # The LearningOnline Network
        !             2: # Cookie Based Access Handler
        !             3: #
        !             4: # $Id: lonacc.pm,v 1.46 2003/05/13 00:52:46 www Exp $
        !             5: #
        !             6: # Copyright Michigan State University Board of Trustees
        !             7: #
        !             8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
        !             9: #
        !            10: # LON-CAPA is free software; you can redistribute it and/or modify
        !            11: # it under the terms of the GNU General Public License as published by
        !            12: # the Free Software Foundation; either version 2 of the License, or
        !            13: # (at your option) any later version.
        !            14: #
        !            15: # LON-CAPA is distributed in the hope that it will be useful,
        !            16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
        !            17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
        !            18: # GNU General Public License for more details.
        !            19: #
        !            20: # You should have received a copy of the GNU General Public License
        !            21: # along with LON-CAPA; if not, write to the Free Software
        !            22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
        !            23: #
        !            24: # /home/httpd/html/adm/gpl.txt
        !            25: #
        !            26: # http://www.lon-capa.org/
        !            27: #
        !            28: # YEAR=1999
        !            29: # 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
        !            30: # YEAR=2000
        !            31: # 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
        !            32: # 12/25,12/26,
        !            33: # YEAR=2001
        !            34: # 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
        !            35: # YEAR=2002
        !            36: # 1/4,2/25 Gerd Kortemeyer
        !            37: #
        !            38: ###
        !            39: 
        !            40: package Apache::lonacc;
        !            41: 
        !            42: use strict;
        !            43: use Apache::Constants qw(:common :http :methods);
        !            44: use Apache::File;
        !            45: use Apache::lonnet;
        !            46: use Apache::loncommon();
        !            47: use CGI::Cookie();
        !            48: use Fcntl qw(:flock);
        !            49: 
        !            50: sub handler {
        !            51:     my $r = shift;
        !            52:     my $requrl=$r->uri;
        !            53:     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
        !            54:     if ($r->header_in('User-Agent')=~/NSDL\_Search\_Bot/) {
        !            55: 	return OK;
        !            56:     }
        !            57:     my $lonid=$cookies{'lonID'};
        !            58:     my $cookie;
        !            59:     if ($lonid) {
        !            60: 	my $handle=$lonid->value;
        !            61:         $handle=~s/\W//g;
        !            62:         my $lonidsdir=$r->dir_config('lonIDsDir');
        !            63:         if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
        !            64: 
        !            65: # ------------------------------------------------------ Initialize Environment
        !            66: 
        !            67:             &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
        !            68: 
        !            69: # -------------------------------------------------------------- Resource State
        !            70: 
        !            71:             if ($requrl=~/^\/res\//) {
        !            72:                $ENV{'request.state'} = "published";
        !            73: 	    } else {
        !            74: 	       $ENV{'request.state'} = 'unknown';
        !            75:             }
        !            76:             $ENV{'request.filename'} = $r->filename;
        !            77: 
        !            78: # -------------------------------------------------------- Load POST parameters
        !            79: 
        !            80: 	    &Apache::loncommon::get_posted_cgi($r);
        !            81: 
        !            82: # ---------------------------------------------------------------- Check access
        !            83: 
        !            84:             if ($requrl!~/^\/adm|public|prtspool\//) {
        !            85: 		my $access=&Apache::lonnet::allowed('bre',$requrl);
        !            86:                 if ($access eq '1') {
        !            87: 		   $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
        !            88: 	           return HTTP_NOT_ACCEPTABLE; 
        !            89:                 }
        !            90:                 if (($access ne '2') && ($access ne 'F')) {
        !            91: 		   $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
        !            92: 	           return HTTP_NOT_ACCEPTABLE; 
        !            93:                 }
        !            94:             }
        !            95: 	    if ($requrl =~ m|^/prtspool/|) {
        !            96: 		my $start='/prtspool/'.$ENV{'user.name'}.'_'.
        !            97: 		    $ENV{'user.domain'};
        !            98: 		if ($requrl !~ /^\Q$start\E/) {
        !            99: 		    $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
        !           100: 		    return HTTP_NOT_ACCEPTABLE;
        !           101: 		}
        !           102: 	    }
        !           103: # ------------------------------------------------------------- This is allowed
        !           104:           if ($ENV{'request.course.id'}) {
        !           105: 	    &Apache::lonnet::countacc($requrl);
        !           106:             $requrl=~/\.(\w+)$/;
        !           107:             if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
        !           108:  ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) ||
        !           109:  ($requrl=~/^\/adm\/wrapper\//) ||
        !           110:  ($requrl=~/^\/public\/.*\/syllabus$/)) {
        !           111: # ------------------------------------- This is serious stuff, get symb and log
        !           112: 		my $query=$r->args;
        !           113:                 my $symb;
        !           114:                 if ($query) {
        !           115: 		    &Apache::loncommon::get_unprocessed_cgi($query,['symb']);
        !           116:                 }
        !           117:                 if ($ENV{'form.symb'}) {
        !           118: 		    $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
        !           119:                     if (&Apache::lonnet::symbverify($symb,$requrl)) {
        !           120:                       my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
        !           121:                       &Apache::lonnet::symblist($map,$murl => $mid,
        !           122:                                                'last_known' => $murl);
        !           123: 		    } else {
        !           124: 			$r->log_reason('Invalid symb for '.$requrl.': '.
        !           125:                                        $symb);
        !           126: 		        $ENV{'user.error.msg'}=
        !           127:                                 "$requrl:bre:1:1:Invalid Access";
        !           128:   	                return HTTP_NOT_ACCEPTABLE; 
        !           129:                     }
        !           130:                 } else {
        !           131: 	            $symb=&Apache::lonnet::symbread($requrl);
        !           132:                     my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
        !           133: 		    &Apache::lonnet::symblist($map,$murl => $mid,
        !           134:                                               'last_known' => $murl);
        !           135:                 }
        !           136:                 $ENV{'request.symb'}=$symb;
        !           137:                 &Apache::lonnet::courseacclog($symb);
        !           138:             } else {
        !           139: # ------------------------------------------------------- This is other content
        !           140:                 &Apache::lonnet::courseacclog($requrl);    
        !           141:             }
        !           142: 	  }
        !           143:             return OK; 
        !           144:         } else { 
        !           145:             $r->log_reason("Cookie $handle not valid", $r->filename) 
        !           146:         };
        !           147:     }
        !           148: 
        !           149: # -------------------------------------------- See if this is a public resource
        !           150:     if ($requrl=~m|^/public/|
        !           151: 	|| (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
        !           152:         &Apache::lonnet::logthis('Granting public access: '.$requrl);
        !           153: 	my $buffer;
        !           154: 	$r->read($buffer,$r->header_in('Content-length'),0);
        !           155: 	&Apache::loncommon::get_unprocessed_cgi($buffer);
        !           156: 	$ENV{'user.name'}='public';
        !           157:         $ENV{'user.domain'}='public';
        !           158:         $ENV{'request.state'} = "published";
        !           159:         $ENV{'request.publicaccess'} = 1;
        !           160:         $ENV{'request.filename'} = $r->filename;
        !           161:         return OK;
        !           162:     }
        !           163: # -------------------------------------------------------------- Not authorized
        !           164:     $requrl=~/\.(\w+)$/;
        !           165:     if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
        !           166:         ($requrl=~/^\/adm\/(roles|logout|email|menu|remote)/) ||
        !           167:         ($requrl=~m|^/prtspool/|)) {
        !           168: # -------------------------- Store where they wanted to go and get login screen
        !           169: 	$ENV{'request.querystring'}=$r->args;
        !           170: 	$ENV{'request.firsturl'}=$requrl;
        !           171:        return FORBIDDEN;
        !           172:    } else {
        !           173: # --------------------------------------------------------------------- Goodbye
        !           174:        return HTTP_BAD_REQUEST;
        !           175:    }
        !           176: }
        !           177: 
        !           178: 1;
        !           179: __END__
        !           180: 
        !           181: =head1 NAME
        !           182: 
        !           183: Apache::lonacc - Cookie Based Access Handler
        !           184: 
        !           185: =head1 SYNOPSIS
        !           186: 
        !           187: Invoked (for various locations) by /etc/httpd/conf/srm.conf:
        !           188: 
        !           189:  PerlAccessHandler       Apache::lonacc
        !           190: 
        !           191: =head1 INTRODUCTION
        !           192: 
        !           193: This module enables cookie based authentication and is used
        !           194: to control access for many different LON-CAPA URIs.
        !           195: 
        !           196: Whenever the client sends the cookie back to the server, 
        !           197: this cookie is handled by either lonacc.pm or loncacc.pm
        !           198: (see srm.conf for what is invoked when).  If
        !           199: the cookie is missing or invalid, the user is re-challenged
        !           200: for login information.
        !           201: 
        !           202: This is part of the LearningOnline Network with CAPA project
        !           203: described at http://www.lon-capa.org.
        !           204: 
        !           205: =head1 HANDLER SUBROUTINE
        !           206: 
        !           207: This routine is called by Apache and mod_perl.
        !           208: 
        !           209: =over 4
        !           210: 
        !           211: =item *
        !           212: 
        !           213: transfer profile into environment
        !           214: 
        !           215: =item *
        !           216: 
        !           217: load POST parameters
        !           218: 
        !           219: =item *
        !           220: 
        !           221: check access
        !           222: 
        !           223: =item *
        !           224: 
        !           225: if allowed, get symb, log, generate course statistics if applicable
        !           226: 
        !           227: =item *
        !           228: 
        !           229: otherwise return error
        !           230: 
        !           231: =item *
        !           232: 
        !           233: see if public resource
        !           234: 
        !           235: =item *
        !           236: 
        !           237: store attempted access
        !           238: 
        !           239: =back
        !           240: 
        !           241: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>