Return to lonracc.pm CVS log

Up to [LON-CAPA] / loncom / auth

This took way longer then it should have.

lonracc and lontokacc will now be accepting when one of two conditions
is met:

* The double-reverse lookup, according to $r->get_remote_host(REMOTE_DOUBLE_REV)
  is successful. This is identical to before.
* The claimed host is the same as the current server, which works even with
  wonky /etc/hosts files.

I was initially worried this might be a potential security problem, but I do
not believe it is. The reason is that this clause ONLY comes into effect
when you're trying to spoof yourself as the server you are talking to. Even
if you succeed, the server will then proceed to send itself a subscription
request, which is not a big deal, PLUS the reason this is occuring in the
first place is that the name maps back to 127.0.0.1, SO this request will
go through the local interface anyhow, meaning Mr. Remote Attacker can't even
see the subscription request that wouldn't help him anyhow.

So in the end, all this does is hypothetically allow an attacker to cause a
server machine to subscribe itself to resources it hosts. This does not give
the hypothetical attacker any benefit. Thus, this is not a security hole.

    1: # The LearningOnline Network
    2: # Access Handler for File Transfers
    3: #
    4: # $Id: lonracc.pm,v 1.6 2002/10/21 19:15:10 bowersj2 Exp $
    5: #
    6: # Copyright Michigan State University Board of Trustees
    7: #
    8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
    9: #
   10: # LON-CAPA is free software; you can redistribute it and/or modify
   11: # it under the terms of the GNU General Public License as published by
   12: # the Free Software Foundation; either version 2 of the License, or
   13: # (at your option) any later version.
   14: #
   15: # LON-CAPA is distributed in the hope that it will be useful,
   16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   18: # GNU General Public License for more details.
   19: #
   20: # You should have received a copy of the GNU General Public License
   21: # along with LON-CAPA; if not, write to the Free Software
   22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   23: #
   24: # /home/httpd/html/adm/gpl.txt
   25: #
   26: # http://www.lon-capa.org/
   27: #
   28: # (lonacc: Cookie Based Access Handler
   29: # 5/21/99,5/22,5/29,5/31,6/15 Gerd Kortemeyer)
   30: # 6/16,6/18,7/3,
   31: # 6/30/00 Gerd Kortemeyer
   32: 
   33: package Apache::lonracc;
   34: 
   35: use strict;
   36: use Apache::Constants qw(:common :remotehost);
   37: use Apache::lonnet();
   38: use Apache::File();
   39: 
   40: sub subscribed {
   41:     my ($filename,$id) = @_;
   42:     my $found=0;
   43:     my $expr='^'.$id.':'.$Apache::lonnet::hostip{$id}.':';
   44:     $expr =~ s/\./\\\./g;
   45:     my $sh;
   46:     if ($sh=Apache::File->new("$filename.subscription")) {
   47: 	while (my $subline=<$sh>) { if ($subline =~ /$expr/) { $found=1; } }
   48: 	$sh->close();
   49:     }
   50:     return $found;
   51: }
   52: 
   53: sub handler {
   54:     my $r = shift;
   55:     my $reqhost = $r->get_remote_host(REMOTE_DOUBLE_REV);
   56:     if (!$reqhost && $r->get_remote_host(REMOTE_NOLOOKUP) eq $r->get_server_name()) { 
   57:         $reqhost = $r->get_server_name();
   58:     } 
   59:     unless ($reqhost)
   60:        $r->log_reason("Spoof request from ".$ENV{'REMOTE_ADDR'});
   61:        return FORBIDDEN;
   62:     }
   63:     my $readline;
   64:     my $lontabdir=$r->dir_config('lonTabDir');
   65:     {
   66:        my $fh;
   67:        unless ($fh=Apache::File->new("$lontabdir/hosts.tab")) {
   68:           $r->log_reason("Could not find host tab file");
   69:           return FORBIDDEN;
   70:        }
   71:        while ($readline=<$fh>) {
   72:           my ($id,$domain,$role,$name,$ip)=split(/:/,$readline);
   73:           if ($name =~ /$reqhost/i) {
   74:               my $filename=$r->filename;
   75:               if ((-e "$filename.$id") ||
   76: 		  &subscribed($filename,$id) ||
   77: 		  ($filename=~/\.meta$/)) {
   78: 	         return OK;
   79:               } else {
   80:                  $r->log_reason("$id not subscribed", $r->filename);
   81:                  return FORBIDDEN;
   82:               }
   83:           }
   84:        }
   85: 
   86:     }
   87:     $r->log_reason("Invalid request for file transfer from $reqhost", 
   88:                    $r->filename); 
   89:     return FORBIDDEN;
   90: }
   91: 
   92: 1;
   93: __END__
   94: 
   95: =head1 NAME
   96: 
   97: Apache::lonracc - Access Handler for File Transfers
   98: 
   99: =head1 SYNOPSIS
  100: 
  101: Invoked by /etc/httpd/conf/loncapa.conf:
  102: 
  103:  <LocationMatch "^/raw.*">
  104:  PerlAccessHandler Apache::lonracc
  105:  </LocationMatch>
  106: 
  107: =head1 INTRODUCTION
  108: 
  109: This module enables authentication for file transfers and works
  110: against the /res tree.
  111: 
  112: Only lond invokes the /raw namespace through its subscribe function.
  113: 
  114: This is part of the LearningOnline Network with CAPA project
  115: described at http://www.lon-capa.org.
  116: 
  117: =head1 HANDLER SUBROUTINE
  118: 
  119: This routine is called by Apache and mod_perl.
  120: 
  121: =over 4
  122: 
  123: =item *
  124: 
  125: Determine requesting host
  126: 
  127: =item *
  128: 
  129: See whether or not the requesting host is subscribed.
  130: 
  131: =item *
  132: 
  133: Respond with status of request and make log entry in case of unallowed
  134: access.
  135: 
  136: =back
  137: 
  138: =cut
  139: 
  140: 
  141: 
  142: 
  143: 
  144: 
  145: