loncom/auth/lonwebdavacc.pm - diff

Return to lonwebdavacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonwebdavacc.pm between versions 1.3 and 1.6

version 1.3, 2015/03/16 12:13:34	version 1.6, 2017/09/15 12:53:34
Line 34 Apache::lonwebdavacc - webDAV Authorizat	Line 34 Apache::lonwebdavacc - webDAV Authorizat

=head1 SYNOPSIS	=head1 SYNOPSIS

Invoked for /+webdav/[\w\-]+/[\w\-]+/ by	Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by
/etc/httpd/conf/loncapa_apache.conf:	/etc/httpd/conf/loncapa_apache.conf:

PerlAccessHandler Apache::lonwebdavacc	PerlAccessHandler Apache::lonwebdavacc
Line 44 PerlAccessHandler Apache::lonwebda	Line 44 PerlAccessHandler Apache::lonwebda
This module enables authorization for authoring space	This module enables authorization for authoring space
and is used to control access for the following type of URI:	and is used to control access for the following type of URI:

<LocationMatch "^/webdav/[\w\-]+/[\w\-]+>	<LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/">

This module is only called following successful authentication.	This module is only called following successful authentication.
Unless lonOtherAuthen has been set, so Single Sign On can be used,	Successful authentication will have created a session file and
successful authentication will have created a session file and
transferred the contents to the user's environment.	transferred the contents to the user's environment.

In the case of SSO, there is no existing user environment, but	Note: because Apache Basic Auth is used for authentication
$r->user will have been set to the user's username, following
successful authentication. For SSO, the webDAV session file
and environment are set up by a call to
Apache::lonwebdavauth::init_webdav_env().

Note: because Apache Basic Auth is used for authentication (unless SSO)
webDAV access is only available for servers running Apache with SSL.	webDAV access is only available for servers running Apache with SSL.

This is part of the LearningOnline Network with CAPA project	This is part of the LearningOnline Network with CAPA project
Line 75 Checks if $env{'user.environment'} is de	Line 68 Checks if $env{'user.environment'} is de

=item *	=item *

If no %env, this was SSO authentication so call to &sso_login() to	If no %env, calls Apache::lonnet::check_for_valid_session()
create session, and return cookie.	to retrieve a valid sessionID (webDAV client needs to support
	cookies for session retrieval to be successful). If a session is
	found Apache::lonnet::transfer_profile_to_env() is called
	to populate %env.

=item *	=item *

Checks if requested URL (of form /webdav/authordomain/authorname) is valid	Checks if requested URL (of form /webdav/authordomain/authorname) is valid
and whether authenticated user has an active author or co-author	and whether authenticated user has an active author or co-author
role in the corresonding Author Space.	role in the corresponding Authoring Space.

=back	=back

Line 96 role in the corresonding Author Space.	Line 92 role in the corresonding Author Space.

=item *	=item *

Called if no user.environment exists in %env.	Not currently used.

=item *	=item *

Line 133 sub handler {	Line 129 sub handler {
my $now = time;	my $now = time;
my $sessiondir=$r->dir_config('lonDAVsessDir');	my $sessiondir=$r->dir_config('lonDAVsessDir');

my ($adom,$aname);	my ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
	my $author = "$aname:$adom";
unless ($env{'user.environment'}) {	unless ($env{'user.environment'}) {
my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');	my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
if ($handle eq '') {	if ($handle ne '') {
$handle = &sso_login($r,$sessiondir,$now,$timetolive);
if ($handle eq '') {
return FORBIDDEN;
}
} else {
&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);	&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
	} else {
	return FORBIDDEN;
}	}
}	}
my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'});	my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'});
Line 150 sub handler {	Line 144 sub handler {
return FORBIDDEN;	return FORBIDDEN;
}	}

($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
my $docroot = $r->dir_config('lonDocRoot');	my $docroot = $r->dir_config('lonDocRoot');
if ($adom eq '' \|\| $aname eq '') {	if ($adom eq '' \|\| $aname eq '') {
return FORBIDDEN;	return FORBIDDEN;
Line 164 sub handler {	Line 157 sub handler {
}	}
} else {	} else {
if (($env{"user.role.ca./$adom/$aname"}) \|\|	if (($env{"user.role.ca./$adom/$aname"}) \|\|
(env{"user.role.aa./$adom/$aname"})) {	($env{"user.role.aa./$adom/$aname"})) {
$allowed = 1;	$allowed = 1;
}	}
}	}
Line 217 sub handler {	Line 210 sub handler {
}	}

sub sso_login {	sub sso_login {
my ($r,$sessiondir,$now,$timetolive) = @_;	my ($r,$sessiondir,$now,$timetolive,$author) = @_;
my ($uname,$udom);	my ($uname,$udom);
my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);	my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);
unless ($uname =~ /^$match_username$/) {	unless ($uname =~ /^$match_username$/) {
Line 235 sub sso_login {	Line 228 sub sso_login {
return;	return;
}	}
my $handle =	my $handle =
&Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom,	&Apache::lonwebdavauth::init_webdav_env($r,$sessiondir,$uname,$udom,
$uhome,$now,$timetolive);	$uhome,$now,$timetolive,$author);
if ($handle ne '') {	if ($handle ne '') {
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";	if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
$r->header_out('Set-cookie' => $cookie);	my ($webdav) =
$r->send_http_header;	($r->uri =~ m{^(/webdav/$match_domain/$match_username/)});
	&Apache::lonnet::log($udom,$uname,$uhome,
	"SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}");
	my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
	$r->header_out('Set-cookie' => $cookie);
	$r->send_http_header;
	}
}	}
return ($handle);	return ($handle);
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.3
changed lines
	Added in v.1.6