--- loncom/auth/lonuploadedacc.pm 2002/11/12 22:37:18 1.6 +++ loncom/auth/lonuploadedacc.pm 2002/12/04 15:23:39 1.7 @@ -1,7 +1,7 @@ # The LearningOnline Network # Access Handler for User Files # -# $Id: lonuploadedacc.pm,v 1.6 2002/11/12 22:37:18 albertel Exp $ +# $Id: lonuploadedacc.pm,v 1.7 2002/12/04 15:23:39 www Exp $ # # Copyright Michigan State University Board of Trustees # @@ -28,20 +28,31 @@ package Apache::lonuploadedacc; +# +# The way this is supposed to work: +# +# User A has client machine C +# User A is logged into LON-CAPA server S +# needs file from user B +# homeserver for user B is H +# +# This handler runs on H +# To access a userfile: +# Server S generates a token and puts it into the query string of URL for H +# Client box C asks H for file with token issued by C +# H now must ask S if token is valid, uses S's lond-command tokenauthuserfile + use strict; -use Apache::Constants qw(:common :remotehost); +use Apache::Constants qw(:common); use Apache::lonnet(); sub handler { my $r = shift; - my $c = $r->connection; my $args=$r->args; - &Apache::loncommon::get_unprocessed_cgi($args,['token']); + &Apache::loncommon::get_unprocessed_cgi($args,['token','tokenissued']); my (undef,undef,$udom,$uname,$ufile)=split(/\//,$r->uri); $ufile=~s/^[\~\.]+//; - my ($homeserver)=($ENV{'form.token'}=~/\_([a-zA-Z0-9]+)$/); - my $remoteip=$c->remote_ip; - my $remoteserver=$Apache::lonnet::iphost{$remoteip}; + my $remoteserver=$ENV{'form.tokenissued'}; my $reply=&Apache::lonnet::reply('tokenauthuserfile:'. $udom.'/'.$uname.'/'.$ufile.':'.$ENV{'form.token'}, $remoteserver); @@ -49,7 +60,7 @@ sub handler { return OK; } else { &Apache::lonnet::logthis( -"Refused userfile access $uname at $udom for $ufile from $remoteip -> $remoteserver home $homeserver with $ENV{'form.token'}: $reply"); +"Refused userfile access $uname at $udom for $ufile with $remoteserver token $ENV{'form.token'}: $reply"); return FORBIDDEN; } }