--- loncom/auth/lonacc.pm 2002/06/15 19:45:26 1.33
+++ loncom/auth/lonacc.pm 2006/04/07 22:42:00 1.75
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.33 2002/06/15 19:45:26 www Exp $
+# $Id: lonacc.pm,v 1.75 2006/04/07 22:42:00 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -25,17 +25,6 @@
#
# http://www.lon-capa.org/
#
-# YEAR=1999
-# 5/21/99,5/22,5/29,5/31,6/15,16/11,22/11,
-# YEAR=2000
-# 01/06,01/13,05/31,06/01,09/06,09/25,09/28,10/30,11/6,
-# 12/25,12/26,
-# YEAR=2001
-# 01/06/01,05/28,8/11,9/26,11/29 Gerd Kortemeyer
-# 12/15 Scott Harrison
-# YEAR=2002
-# 1/4,2/25 Gerd Kortemeyer
-#
###
package Apache::lonacc;
@@ -45,155 +34,159 @@ use Apache::Constants qw(:common :http :
use Apache::File;
use Apache::lonnet;
use Apache::loncommon();
+use Apache::lonlocal;
use CGI::Cookie();
use Fcntl qw(:flock);
+sub cleanup {
+ my ($r)=@_;
+ if (! $r->is_initial_req()) { return DECLINED; }
+ &Apache::lonnet::save_cache();
+ return OK;
+}
+
+sub goodbye {
+ my ($r)=@_;
+ &Apache::lonnet::goodbye();
+ return DONE;
+}
+
sub handler {
my $r = shift;
my $requrl=$r->uri;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
my $lonid=$cookies{'lonID'};
my $cookie;
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+
+ my $handle;
if ($lonid) {
- my $handle=$lonid->value;
+ $handle=$lonid->value;
$handle=~s/\W//g;
- my $lonidsdir=$r->dir_config('lonIDsDir');
- if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
+ }
+
+ if ($r->user
+ && (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq '') ) {
+ my $domain = $r->dir_config('lonDefDomain');
+ my $home=&Apache::lonnet::homeserver($r->user,$domain);
+ if ($home !~ /(con_lost|no_such_host)/) {
+ $handle=&Apache::lonauth::success($r,$r->user,$domain,
+ $home,'noredirect');
+ $r->header_out('Set-cookie',"lonID=$handle; path=/");
+ }
+ }
-# ------------------------------------------- Transfer profile into environment
+ if ($r->dir_config("lonBalancer") eq 'yes') {
+ $r->set_handlers('PerlResponseHandler'=>
+ [\&Apache::switchserver::handler]);
+ }
- my @profile;
- {
- my $idf=Apache::File->new("$lonidsdir/$handle.id");
- flock($idf,LOCK_SH);
- @profile=<$idf>;
- $idf->close();
- }
- my $envi;
- for ($envi=0;$envi<=$#profile;$envi++) {
- chomp($profile[$envi]);
- my ($envname,$envvalue)=split(/=/,$profile[$envi]);
- $ENV{$envname} = $envvalue;
- }
- $ENV{'user.environment'} = "$lonidsdir/$handle.id";
- if ($requrl=~/^\/res\//) {
- $ENV{'request.state'} = "published";
- } else {
- $ENV{'request.state'} = 'unknown';
- }
- $ENV{'request.filename'} = $r->filename;
+ if ($handle ne '') {
+ if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
-# -------------------------------------------------------- Load POST parameters
+# ------------------------------------------------------ Initialize Environment
+ &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
-
- my $buffer;
+# --------------------------------------------------------- Initialize Language
- $r->read($buffer,$r->header_in('Content-length'));
+ &Apache::lonlocal::get_language_handle($r);
- unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {
- my @pairs=split(/&/,$buffer);
- my $pair;
- foreach $pair (@pairs) {
- my ($name,$value) = split(/=/,$pair);
- $value =~ tr/+/ /;
- $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
- $name =~ tr/+/ /;
- $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
- &Apache::loncommon::add_to_env("form.$name",$value);
- }
- } else {
- my $contentsep=$1;
- my @lines = split (/\n/,$buffer);
- my $name='';
- my $value='';
- my $fname='';
- my $fmime='';
- my $i;
- for ($i=0;$i<=$#lines;$i++) {
- if ($lines[$i]=~/^$contentsep/) {
- if ($name) {
- chomp($value);
- if ($fname) {
- $ENV{"form.$name.filename"}=$fname;
- $ENV{"form.$name.mimetype"}=$fmime;
- } else {
- $value=~s/\s+$//s;
- }
- &Apache::loncommon::add_to_env("form.$name",$value);
- }
- if ($i<$#lines) {
- $i++;
- $lines[$i]=~
- /Content\-Disposition\:\s*form\-data\;\s*name\=\"([^\"]+)\"/i;
- $name=$1;
- $value='';
- if ($lines[$i]=~/filename\=\"([^\"]+)\"/i) {
- $fname=$1;
- if
- ($lines[$i+1]=~/Content\-Type\:\s*([\w\-\/]+)/i) {
- $fmime=$1;
- $i++;
- } else {
- $fmime='';
- }
- } else {
- $fname='';
- $fmime='';
- }
- $i++;
- }
- } else {
- $value.=$lines[$i]."\n";
- }
+# -------------------------------------------------------------- Resource State
+
+ if ($requrl=~/^\/+(res|uploaded)\//) {
+ $env{'request.state'} = "published";
+ } else {
+ $env{'request.state'} = 'unknown';
}
- }
- $ENV{'request.method'}=$ENV{'REQUEST_METHOD'};
- $r->method_number(M_GET);
- $r->method('GET');
- $r->headers_in->unset('Content-length');
+ $env{'request.filename'} = $r->filename;
+ $env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+# -------------------------------------------------------- Load POST parameters
+
+ &Apache::loncommon::get_posted_cgi($r);
# ---------------------------------------------------------------- Check access
- if ($requrl!~/^\/adm\//) {
+ if ($requrl!~/^\/adm|public|prtspool\//) {
my $access=&Apache::lonnet::allowed('bre',$requrl);
if ($access eq '1') {
- $ENV{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
+ $env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
return HTTP_NOT_ACCEPTABLE;
}
if (($access ne '2') && ($access ne 'F')) {
- $ENV{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;
}
}
+ if ($requrl =~ m|^/prtspool/|) {
+ my $start='/prtspool/'.$env{'user.name'}.'_'.
+ $env{'user.domain'};
+ if ($requrl !~ /^\Q$start\E/) {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ }
+ if ($env{'user.name'} eq 'public' &&
+ $env{'user.domain'} eq 'public' &&
+ $requrl !~ m{^/+(res|public)/} &&
+ $requrl !~ m{^/+adm/(help|logout|randomlabel\.png)}) {
+ $env{'request.querystring'}=$r->args;
+ $env{'request.firsturl'}=$requrl;
+ return FORBIDDEN;
+ }
# ------------------------------------------------------------- This is allowed
- if ($ENV{'request.course.id'}) {
+ if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);
$requrl=~/\.(\w+)$/;
- if (&Apache::loncommon::fileembstyle($1) eq 'ssi') {
+ if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+ ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) ||
+ ($requrl=~/^\/adm\/wrapper\//) ||
+ ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
+ ($requrl=~m|\.problem/smpedit$|) ||
+ ($requrl=~/^\/public\/.*\/syllabus$/)) {
# ------------------------------------- This is serious stuff, get symb and log
my $query=$r->args;
my $symb;
if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);
}
- if ($ENV{'form.symb'}) {
- $symb=&Apache::lonnet::symbclean($ENV{'form.symb'});
- if (&Apache::lonnet::symbverify($symb,$requrl)) {
- my ($map,$mid,$murl)=split(/\_\_\_/,$symb);
- &Apache::lonnet::symblist($map,$murl => $mid,
- 'last_known' => $murl);
+ if ($env{'form.symb'}) {
+ $symb=&Apache::lonnet::symbclean($env{'form.symb'});
+ if ($requrl =~ m|^/adm/wrapper/|
+ || $requrl =~ m|^/adm/coursedocs/showdoc/|) {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
+ } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
+ (($requrl=~m|(.*)/smpedit$|) &&
+ &Apache::lonnet::symbverify($symb,$1))) {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
} else {
$r->log_reason('Invalid symb for '.$requrl.': '.
$symb);
- $ENV{'user.error.msg'}=
+ $env{'user.error.msg'}=
"$requrl:bre:1:1:Invalid Access";
return HTTP_NOT_ACCEPTABLE;
}
} else {
- $symb=&Apache::lonnet::symbread;
+ $symb=&Apache::lonnet::symbread($requrl);
+ if (&Apache::lonnet::is_on_map($requrl) && $symb &&
+ !&Apache::lonnet::symbverify($symb,$requrl)) {
+ $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ if ($symb) {
+ my ($map,$mid,$murl)=
+ &Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
+ }
}
- $ENV{'request.symb'}=$symb;
+ $env{'request.symb'}=$symb;
&Apache::lonnet::courseacclog($symb);
} else {
# ------------------------------------------------------- This is other content
@@ -202,24 +195,43 @@ sub handler {
}
return OK;
} else {
- $r->log_reason("Cookie $handle not valid", $r->filename)
- };
+ $r->log_reason("Cookie $handle not valid", $r->filename);
+ }
}
# -------------------------------------------- See if this is a public resource
- if (&Apache::lonnet::metadata($requrl,'copyright') eq 'public') {
+ if ($requrl=~m|^/public/|
+ || (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
&Apache::lonnet::logthis('Granting public access: '.$requrl);
- $ENV{'user.name'}='public';
- $ENV{'user.domain'}='public';
- $ENV{'request.state'} = "published";
- $ENV{'request.publicaccess'} = 1;
- $ENV{'request.filename'} = $r->filename;
+ &Apache::lonlocal::get_language_handle($r);
+ my $cookie=
+ &Apache::lonauth::success($r,'public','public','public');
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
+ &Apache::loncommon::get_posted_cgi($r);
+ $env{'request.state'} = "published";
+ $env{'request.publicaccess'} = 1;
+ $env{'request.filename'} = $r->filename;
+
+ $r->header_out('Set-cookie',"lonID=$cookie; path=/");
return OK;
}
-# ----------------------------------------------- Store where they wanted to go
-
- $ENV{'request.firsturl'}=$requrl;
- return FORBIDDEN;
+ if ($requrl=~m|^/+adm/+help/+|) {
+ return OK;
+ }
+# -------------------------------------------------------------- Not authorized
+ $requrl=~/\.(\w+)$/;
+# if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+# ($requrl=~/^\/adm\/(roles|logout|email|menu|remote)/) ||
+# ($requrl=~m|^/prtspool/|)) {
+# -------------------------- Store where they wanted to go and get login screen
+ $env{'request.querystring'}=$r->args;
+ $env{'request.firsturl'}=$requrl;
+ return FORBIDDEN;
+# } else {
+# --------------------------------------------------------------------- Goodbye
+# return HTTP_BAD_REQUEST;
+# }
}
1;
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.