Diff for /loncom/lond between versions 1.226 and 1.228

version 1.226, 2004/08/10 11:30:24 version 1.228, 2004/08/10 22:55:31
Line 1812  sub remove_user_file_handler { Line 1812  sub remove_user_file_handler {
     my ($fname) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.      my ($fname) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
   
     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);      my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
     &logthis("$udom - $uname - $ufile");  
     if ($ufile =~m|/\.\./|) {      if ($ufile =~m|/\.\./|) {
  # any files paths with /../ in them refuse    # any files paths with /../ in them refuse 
  # to deal with   # to deal with
Line 1839  sub remove_user_file_handler { Line 1838  sub remove_user_file_handler {
 }  }
 &register_handler("removeuserfile", \&remove_user_file_handler, 0,1,0);  &register_handler("removeuserfile", \&remove_user_file_handler, 0,1,0);
   
   
   #
   #  Authenticate access to a user file by checking the user's 
   #  session token(?)
   #
   # Parameters:
   #   cmd      - The request keyword that dispatched to tus.
   #   tail     - The tail of the request (colon separated parameters).
   #   client   - Filehandle open on the client.
   # Return:
   #    1.
   
   sub token_auth_user_file_handler {
       my ($cmd, $tail, $client) = @_;
   
       my ($fname, $session) = split(/:/, $tail);
       
       chomp($session);
       my $reply='non_auth';
       if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
        $session.'.id')) {
    while (my $line=<ENVIN>) {
       if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; }
    }
    close(ENVIN);
    &Reply($client, $reply);
       } else {
    &Failure($client, "invalid_token\n", "$cmd:$tail");
       }
       return 1;
   
   }
   
   &register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);
 #---------------------------------------------------------------  #---------------------------------------------------------------
 #  #
 #   Getting, decoding and dispatching requests:  #   Getting, decoding and dispatching requests:
Line 1954  sub process_request { Line 1987  sub process_request {
   
   
   
 # ------------------------------------------ authenticate access to a user file  
   
     if ($userinput =~ /^tokenauthuserfile/) { # Client only  
  if(isClient) {  
     my ($cmd,$fname,$session)=split(/:/,$userinput);  
     chomp($session);  
     my $reply='non_auth';  
     if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.  
      $session.'.id')) {  
  while (my $line=<ENVIN>) {  
     if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; }  
     }  
  close(ENVIN);  
  print $client $reply."\n";  
     } else {  
  print $client "invalid_token\n";  
     }  
  } else {  
     Reply($client, "refused\n", $userinput);  
       
  }  
 # ----------------------------------------------------------------- unsubscribe  # ----------------------------------------------------------------- unsubscribe
     } elsif ($userinput =~ /^unsub/) {      if ($userinput =~ /^unsub/) {
  if(isClient) {   if(isClient) {
     my ($cmd,$fname)=split(/:/,$userinput);      my ($cmd,$fname)=split(/:/,$userinput);
     if (-e $fname) {      if (-e $fname) {

Removed from v.1.226  
changed lines
  Added in v.1.228


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>