version 1.3, 2015/03/16 12:13:34
|
version 1.6, 2017/09/15 12:53:34
|
Line 34 Apache::lonwebdavacc - webDAV Authorizat
|
Line 34 Apache::lonwebdavacc - webDAV Authorizat
|
|
|
=head1 SYNOPSIS |
=head1 SYNOPSIS |
|
|
Invoked for /+webdav/[\w\-]+/[\w\-]+/ by |
Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by |
/etc/httpd/conf/loncapa_apache.conf: |
/etc/httpd/conf/loncapa_apache.conf: |
|
|
PerlAccessHandler Apache::lonwebdavacc |
PerlAccessHandler Apache::lonwebdavacc |
Line 44 PerlAccessHandler Apache::lonwebda
|
Line 44 PerlAccessHandler Apache::lonwebda
|
This module enables authorization for authoring space |
This module enables authorization for authoring space |
and is used to control access for the following type of URI: |
and is used to control access for the following type of URI: |
|
|
<LocationMatch "^/webdav/[\w\-]+/[\w\-]+> |
<LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/"> |
|
|
This module is only called following successful authentication. |
This module is only called following successful authentication. |
Unless lonOtherAuthen has been set, so Single Sign On can be used, |
Successful authentication will have created a session file and |
successful authentication will have created a session file and |
|
transferred the contents to the user's environment. |
transferred the contents to the user's environment. |
|
|
In the case of SSO, there is no existing user environment, but |
Note: because Apache Basic Auth is used for authentication |
$r->user will have been set to the user's username, following |
|
successful authentication. For SSO, the webDAV session file |
|
and environment are set up by a call to |
|
Apache::lonwebdavauth::init_webdav_env(). |
|
|
|
Note: because Apache Basic Auth is used for authentication (unless SSO) |
|
webDAV access is only available for servers running Apache with SSL. |
webDAV access is only available for servers running Apache with SSL. |
|
|
This is part of the LearningOnline Network with CAPA project |
This is part of the LearningOnline Network with CAPA project |
Line 75 Checks if $env{'user.environment'} is de
|
Line 68 Checks if $env{'user.environment'} is de
|
|
|
=item * |
=item * |
|
|
If no %env, this was SSO authentication so call to &sso_login() to |
If no %env, calls Apache::lonnet::check_for_valid_session() |
create session, and return cookie. |
to retrieve a valid sessionID (webDAV client needs to support |
|
cookies for session retrieval to be successful). If a session is |
|
found Apache::lonnet::transfer_profile_to_env() is called |
|
to populate %env. |
|
|
=item * |
=item * |
|
|
Checks if requested URL (of form /webdav/authordomain/authorname) is valid |
Checks if requested URL (of form /webdav/authordomain/authorname) is valid |
and whether authenticated user has an active author or co-author |
and whether authenticated user has an active author or co-author |
role in the corresonding Author Space. |
role in the corresponding Authoring Space. |
|
|
=back |
=back |
|
|
Line 96 role in the corresonding Author Space.
|
Line 92 role in the corresonding Author Space.
|
|
|
=item * |
=item * |
|
|
Called if no user.environment exists in %env. |
Not currently used. |
|
|
=item * |
=item * |
|
|
Line 133 sub handler {
|
Line 129 sub handler {
|
my $now = time; |
my $now = time; |
my $sessiondir=$r->dir_config('lonDAVsessDir'); |
my $sessiondir=$r->dir_config('lonDAVsessDir'); |
|
|
my ($adom,$aname); |
my ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/}); |
|
my $author = "$aname:$adom"; |
unless ($env{'user.environment'}) { |
unless ($env{'user.environment'}) { |
my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV'); |
my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV'); |
if ($handle eq '') { |
if ($handle ne '') { |
$handle = &sso_login($r,$sessiondir,$now,$timetolive); |
|
if ($handle eq '') { |
|
return FORBIDDEN; |
|
} |
|
} else { |
|
&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle); |
&Apache::lonnet::transfer_profile_to_env($sessiondir,$handle); |
|
} else { |
|
return FORBIDDEN; |
} |
} |
} |
} |
my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'}); |
my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'}); |
Line 150 sub handler {
|
Line 144 sub handler {
|
return FORBIDDEN; |
return FORBIDDEN; |
} |
} |
|
|
($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/}); |
|
my $docroot = $r->dir_config('lonDocRoot'); |
my $docroot = $r->dir_config('lonDocRoot'); |
if ($adom eq '' || $aname eq '') { |
if ($adom eq '' || $aname eq '') { |
return FORBIDDEN; |
return FORBIDDEN; |
Line 164 sub handler {
|
Line 157 sub handler {
|
} |
} |
} else { |
} else { |
if (($env{"user.role.ca./$adom/$aname"}) || |
if (($env{"user.role.ca./$adom/$aname"}) || |
(env{"user.role.aa./$adom/$aname"})) { |
($env{"user.role.aa./$adom/$aname"})) { |
$allowed = 1; |
$allowed = 1; |
} |
} |
} |
} |
Line 217 sub handler {
|
Line 210 sub handler {
|
} |
} |
|
|
sub sso_login { |
sub sso_login { |
my ($r,$sessiondir,$now,$timetolive) = @_; |
my ($r,$sessiondir,$now,$timetolive,$author) = @_; |
my ($uname,$udom); |
my ($uname,$udom); |
my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); |
my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); |
unless ($uname =~ /^$match_username$/) { |
unless ($uname =~ /^$match_username$/) { |
Line 235 sub sso_login {
|
Line 228 sub sso_login {
|
return; |
return; |
} |
} |
my $handle = |
my $handle = |
&Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom, |
&Apache::lonwebdavauth::init_webdav_env($r,$sessiondir,$uname,$udom, |
$uhome,$now,$timetolive); |
$uhome,$now,$timetolive,$author); |
if ($handle ne '') { |
if ($handle ne '') { |
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; |
if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) { |
$r->header_out('Set-cookie' => $cookie); |
my ($webdav) = |
$r->send_http_header; |
($r->uri =~ m{^(/webdav/$match_domain/$match_username/)}); |
|
&Apache::lonnet::log($udom,$uname,$uhome, |
|
"SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}"); |
|
my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;"; |
|
$r->header_out('Set-cookie' => $cookie); |
|
$r->send_http_header; |
|
} |
} |
} |
return ($handle); |
return ($handle); |
} |
} |