Annotation of loncom/lonnet/perl/lonnet.pm, revision 1.29
1.1 albertel 1: # The LearningOnline Network
2: # TCP networking package
1.12 www 3: #
4: # Functions for use by content handlers:
5: #
6: # plaintext(short) : plain text explanation of short term
1.25 www 7: # fileembstyle(ext) : embed style in page for file extension
8: # filedescription(ext) : descriptor text for file extension
1.29 ! www 9: # allowed(short,url) : returns codes for allowed actions
! 10: # F: full access
! 11: # U,I,K: authentication modes (cxx only)
! 12: # '': forbidden
! 13: # 1: user needs to choose course
! 14: # 2: browse allowed
1.21 www 15: # definerole(rolename,sys,dom,cou) : define a custom role rolename
16: # set priviledges in format of lonTabs/roles.tab for
17: # system, domain and course level,
18: # assignrole(udom,uname,url,role,end,start) : give a role to a user for the
19: # level given by url. Optional start and end dates
20: # (leave empty string or zero for "no date")
21: # assigncustomrole (udom,uname,url,rdom,rnam,rolename,end,start) : give a
22: # custom role to a user for the level given by url.
23: # Specify name and domain of role author, and role name
24: # revokerole (udom,uname,url,role) : Revoke a role for url
25: # revokecustomrole (udom,uname,url,rdom,rnam,rolename) : Revoke a custom role
1.24 www 26: # appenv(hash) : adds hash to session environment
1.12 www 27: # store(hash) : stores hash permanently for this url
28: # restore : returns hash for this url
29: # eget(namesp,array) : returns hash with keys from array filled in from namesp
30: # get(namesp,array) : returns hash with keys from array filled in from namesp
1.27 www 31: # del(namesp,array) : deletes keys out of arry from namesp
1.12 www 32: # put(namesp,hash) : stores hash in namesp
1.15 www 33: # dump(namesp) : dumps the complete namespace into a hash
1.23 www 34: # ssi(url,hash) : does a complete request cycle on url to localhost, posts
35: # hash
1.17 www 36: # repcopy(filename) : replicate file
37: # dirlist(url) : gets a directory listing
1.28 www 38: # condval(index) : value of condition index based on state
1.29 ! www 39: # varval(name) : value of a variable
! 40: # refreshstate() : refresh the state information string
1.12 www 41: #
1.1 albertel 42: # 6/1/99,6/2,6/10,6/11,6/12,6/14,6/26,6/28,6/29,6/30,
1.5 www 43: # 7/1,7/2,7/9,7/10,7/12,7/14,7/15,7/19,
1.8 www 44: # 11/8,11/16,11/18,11/22,11/23,12/22,
1.12 www 45: # 01/06,01/13,02/24,02/28,02/29,
46: # 03/01,03/02,03/06,03/07,03/13,
1.15 www 47: # 04/05,05/29,05/31,06/01,
48: # 06/05,06/26 Gerd Kortemeyer
49: # 06/26 Ben Tyszka
1.22 www 50: # 06/30,07/15,07/17,07/18,07/20,07/21,07/22,07/25 Gerd Kortemeyer
1.23 www 51: # 08/14 Ben Tyszka
1.29 ! www 52: # 08/22,08/28,08/31,09/01,09/02,09/04,09/05 Gerd Kortemeyer
1.1 albertel 53:
54: package Apache::lonnet;
55:
56: use strict;
57: use Apache::File;
1.8 www 58: use LWP::UserAgent();
1.15 www 59: use HTTP::Headers;
1.11 www 60: use vars
1.25 www 61: qw(%perlvar %hostname %homecache %spareid %hostdom %libserv %pr %prp %fe %fd $readit);
1.1 albertel 62: use IO::Socket;
1.8 www 63: use Apache::Constants qw(:common :http);
1.1 albertel 64:
65: # --------------------------------------------------------------------- Logging
66:
67: sub logthis {
68: my $message=shift;
69: my $execdir=$perlvar{'lonDaemons'};
70: my $now=time;
71: my $local=localtime($now);
72: my $fh=Apache::File->new(">>$execdir/logs/lonnet.log");
73: print $fh "$local ($$): $message\n";
74: return 1;
75: }
76:
77: sub logperm {
78: my $message=shift;
79: my $execdir=$perlvar{'lonDaemons'};
80: my $now=time;
81: my $local=localtime($now);
82: my $fh=Apache::File->new(">>$execdir/logs/lonnet.perm.log");
83: print $fh "$now:$message:$local\n";
84: return 1;
85: }
86:
87: # -------------------------------------------------- Non-critical communication
88: sub subreply {
89: my ($cmd,$server)=@_;
90: my $peerfile="$perlvar{'lonSockDir'}/$server";
91: my $client=IO::Socket::UNIX->new(Peer =>"$peerfile",
92: Type => SOCK_STREAM,
93: Timeout => 10)
94: or return "con_lost";
95: print $client "$cmd\n";
96: my $answer=<$client>;
1.9 www 97: if (!$answer) { $answer="con_lost"; }
1.1 albertel 98: chomp($answer);
99: return $answer;
100: }
101:
102: sub reply {
103: my ($cmd,$server)=@_;
104: my $answer=subreply($cmd,$server);
105: if ($answer eq 'con_lost') { $answer=subreply($cmd,$server); }
1.12 www 106: if (($answer=~/^error:/) || ($answer=~/^refused/) ||
107: ($answer=~/^rejected/)) {
108: &logthis("<font color=blue>WARNING:".
109: " $cmd to $server returned $answer</font>");
110: }
1.1 albertel 111: return $answer;
112: }
113:
114: # ----------------------------------------------------------- Send USR1 to lonc
115:
116: sub reconlonc {
117: my $peerfile=shift;
118: &logthis("Trying to reconnect for $peerfile");
119: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
120: if (my $fh=Apache::File->new("$loncfile")) {
121: my $loncpid=<$fh>;
122: chomp($loncpid);
123: if (kill 0 => $loncpid) {
124: &logthis("lonc at pid $loncpid responding, sending USR1");
125: kill USR1 => $loncpid;
126: sleep 1;
127: if (-e "$peerfile") { return; }
128: &logthis("$peerfile still not there, give it another try");
129: sleep 5;
130: if (-e "$peerfile") { return; }
1.12 www 131: &logthis(
132: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
1.1 albertel 133: } else {
1.12 www 134: &logthis(
135: "<font color=blue>WARNING:".
136: " lonc at pid $loncpid not responding, giving up</font>");
1.1 albertel 137: }
138: } else {
1.12 www 139: &logthis('<font color=blue>WARNING: lonc not running, giving up</font>');
1.1 albertel 140: }
141: }
142:
143: # ------------------------------------------------------ Critical communication
1.12 www 144:
1.1 albertel 145: sub critical {
146: my ($cmd,$server)=@_;
147: my $answer=reply($cmd,$server);
148: if ($answer eq 'con_lost') {
149: my $pingreply=reply('ping',$server);
150: &reconlonc("$perlvar{'lonSockDir'}/$server");
151: my $pongreply=reply('pong',$server);
152: &logthis("Ping/Pong for $server: $pingreply/$pongreply");
153: $answer=reply($cmd,$server);
154: if ($answer eq 'con_lost') {
155: my $now=time;
156: my $middlename=$cmd;
1.5 www 157: $middlename=substr($middlename,0,16);
1.1 albertel 158: $middlename=~s/\W//g;
159: my $dfilename=
160: "$perlvar{'lonSockDir'}/delayed/$now.$middlename.$server";
161: {
162: my $dfh;
163: if ($dfh=Apache::File->new(">$dfilename")) {
1.7 www 164: print $dfh "$cmd\n";
1.1 albertel 165: }
166: }
167: sleep 2;
168: my $wcmd='';
169: {
170: my $dfh;
171: if ($dfh=Apache::File->new("$dfilename")) {
172: $wcmd=<$dfh>;
173: }
174: }
175: chomp($wcmd);
1.7 www 176: if ($wcmd eq $cmd) {
1.12 www 177: &logthis("<font color=blue>WARNING: ".
178: "Connection buffer $dfilename: $cmd</font>");
1.1 albertel 179: &logperm("D:$server:$cmd");
180: return 'con_delayed';
181: } else {
1.12 www 182: &logthis("<font color=red>CRITICAL:"
183: ." Critical connection failed: $server $cmd</font>");
1.1 albertel 184: &logperm("F:$server:$cmd");
185: return 'con_failed';
186: }
187: }
188: }
189: return $answer;
190: }
191:
1.5 www 192: # ---------------------------------------------------------- Append Environment
193:
194: sub appenv {
1.6 www 195: my %newenv=@_;
196: my @oldenv;
197: {
198: my $fh;
199: unless ($fh=Apache::File->new("$ENV{'user.environment'}")) {
1.5 www 200: return 'error';
1.6 www 201: }
202: @oldenv=<$fh>;
203: }
204: for (my $i=0; $i<=$#oldenv; $i++) {
205: chomp($oldenv[$i]);
1.9 www 206: if ($oldenv[$i] ne '') {
207: my ($name,$value)=split(/=/,$oldenv[$i]);
1.24 www 208: unless (defined($newenv{$name})) {
209: $newenv{$name}=$value;
210: }
1.9 www 211: }
1.6 www 212: }
213: {
214: my $fh;
215: unless ($fh=Apache::File->new(">$ENV{'user.environment'}")) {
216: return 'error';
217: }
218: my $newname;
219: foreach $newname (keys %newenv) {
220: print $fh "$newname=$newenv{$newname}\n";
221: }
1.5 www 222: }
223: return 'ok';
224: }
1.1 albertel 225:
226: # ------------------------------ Find server with least workload from spare.tab
1.11 www 227:
1.1 albertel 228: sub spareserver {
229: my $tryserver;
230: my $spareserver='';
231: my $lowestserver=100;
232: foreach $tryserver (keys %spareid) {
233: my $answer=reply('load',$tryserver);
234: if (($answer =~ /\d/) && ($answer<$lowestserver)) {
235: $spareserver="http://$hostname{$tryserver}";
236: $lowestserver=$answer;
237: }
238: }
239: return $spareserver;
240: }
241:
242: # --------- Try to authenticate user from domain's lib servers (first this one)
1.11 www 243:
1.1 albertel 244: sub authenticate {
245: my ($uname,$upass,$udom)=@_;
1.12 www 246: $upass=escape($upass);
1.1 albertel 247: if (($perlvar{'lonRole'} eq 'library') &&
248: ($udom eq $perlvar{'lonDefDomain'})) {
1.3 www 249: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$perlvar{'lonHostID'});
1.2 www 250: if ($answer =~ /authorized/) {
1.9 www 251: if ($answer eq 'authorized') {
252: &logthis("User $uname at $udom authorized by local server");
253: return $perlvar{'lonHostID'};
254: }
255: if ($answer eq 'non_authorized') {
256: &logthis("User $uname at $udom rejected by local server");
257: return 'no_host';
258: }
1.2 www 259: }
1.1 albertel 260: }
261:
262: my $tryserver;
263: foreach $tryserver (keys %libserv) {
264: if ($hostdom{$tryserver} eq $udom) {
1.10 www 265: my $answer=reply("encrypt:auth:$udom:$uname:$upass",$tryserver);
1.1 albertel 266: if ($answer =~ /authorized/) {
1.9 www 267: if ($answer eq 'authorized') {
268: &logthis("User $uname at $udom authorized by $tryserver");
269: return $tryserver;
270: }
271: if ($answer eq 'non_authorized') {
272: &logthis("User $uname at $udom rejected by $tryserver");
273: return 'no_host';
274: }
1.1 albertel 275: }
276: }
1.9 www 277: }
278: &logthis("User $uname at $udom could not be authenticated");
1.1 albertel 279: return 'no_host';
280: }
281:
282: # ---------------------- Find the homebase for a user from domain's lib servers
1.11 www 283:
1.1 albertel 284: sub homeserver {
285: my ($uname,$udom)=@_;
286:
287: my $index="$uname:$udom";
288: if ($homecache{$index}) { return "$homecache{$index}"; }
289:
290: my $tryserver;
291: foreach $tryserver (keys %libserv) {
292: if ($hostdom{$tryserver} eq $udom) {
293: my $answer=reply("home:$udom:$uname",$tryserver);
294: if ($answer eq 'found') {
295: $homecache{$index}=$tryserver;
296: return $tryserver;
297: }
298: }
299: }
300: return 'no_host';
301: }
302:
303: # ----------------------------- Subscribe to a resource, return URL if possible
1.11 www 304:
1.1 albertel 305: sub subscribe {
306: my $fname=shift;
307: my $author=$fname;
308: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
309: my ($udom,$uname)=split(/\//,$author);
310: my $home=homeserver($uname,$udom);
311: if (($home eq 'no_host') || ($home eq $perlvar{'lonHostID'})) {
312: return 'not_found';
313: }
314: my $answer=reply("sub:$fname",$home);
315: return $answer;
316: }
317:
1.8 www 318: # -------------------------------------------------------------- Replicate file
319:
320: sub repcopy {
321: my $filename=shift;
1.23 www 322: $filename=~s/\/+/\//g;
1.8 www 323: my $transname="$filename.in.transfer";
1.17 www 324: if ((-e $filename) || (-e $transname)) { return OK; }
1.8 www 325: my $remoteurl=subscribe($filename);
326: if ($remoteurl eq 'con_lost') {
327: &logthis("Subscribe returned con_lost: $filename");
328: return HTTP_SERVICE_UNAVAILABLE;
329: } elsif ($remoteurl eq 'not_found') {
330: &logthis("Subscribe returned not_found: $filename");
331: return HTTP_NOT_FOUND;
1.20 www 332: } elsif ($remoteurl eq 'rejected') {
333: &logthis("Subscribe returned rejected: $filename");
1.8 www 334: return FORBIDDEN;
1.20 www 335: } elsif ($remoteurl eq 'directory') {
336: return OK;
1.8 www 337: } else {
338: my @parts=split(/\//,$filename);
339: my $path="/$parts[1]/$parts[2]/$parts[3]/$parts[4]";
340: if ($path ne "$perlvar{'lonDocRoot'}/res") {
341: &logthis("Malconfiguration for replication: $filename");
342: return HTTP_BAD_REQUEST;
343: }
344: my $count;
345: for ($count=5;$count<$#parts;$count++) {
346: $path.="/$parts[$count]";
347: if ((-e $path)!=1) {
348: mkdir($path,0777);
349: }
350: }
351: my $ua=new LWP::UserAgent;
352: my $request=new HTTP::Request('GET',"$remoteurl");
353: my $response=$ua->request($request,$transname);
354: if ($response->is_error()) {
355: unlink($transname);
356: my $message=$response->status_line;
1.12 www 357: &logthis("<font color=blue>WARNING:"
358: ." LWP get: $message: $filename</font>");
1.8 www 359: return HTTP_SERVICE_UNAVAILABLE;
360: } else {
1.16 www 361: if ($remoteurl!~/\.meta$/) {
362: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
363: my $mresponse=$ua->request($mrequest,$filename.'.meta');
364: if ($mresponse->is_error()) {
365: unlink($filename.'.meta');
366: &logthis(
367: "<font color=yellow>INFO: No metadata: $filename</font>");
368: }
369: }
1.8 www 370: rename($transname,$filename);
371: return OK;
372: }
373: }
374: }
375:
1.15 www 376: # --------------------------------------------------------- Server Side Include
377:
378: sub ssi {
379:
1.23 www 380: my ($fn,%form)=@_;
1.15 www 381:
382: my $ua=new LWP::UserAgent;
1.23 www 383:
384: my $request;
385:
386: if (%form) {
387: $request=new HTTP::Request('POST',"http://".$ENV{'HTTP_HOST'}.$fn);
388: $request->content(join '&', map { "$_=$form{$_}" } keys %form);
389: } else {
390: $request=new HTTP::Request('GET',"http://".$ENV{'HTTP_HOST'}.$fn);
391: }
392:
1.15 www 393: $request->header(Cookie => $ENV{'HTTP_COOKIE'});
394: my $response=$ua->request($request);
395:
396: return $response->content;
397: }
398:
1.14 www 399: # ------------------------------------------------------------------------- Log
400:
401: sub log {
402: my ($dom,$nam,$hom,$what)=@_;
403: return reply("log:$dom:$nam:$what",$hom);
404: }
405:
1.9 www 406: # ----------------------------------------------------------------------- Store
407:
408: sub store {
409: my %storehash=shift;
1.12 www 410: my $namevalue='';
411: map {
412: $namevalue.=escape($_).'='.escape($storehash{$_}).'&';
413: } keys %storehash;
414: $namevalue=~s/\&$//;
415: return reply("store:$ENV{'user.domain'}:$ENV{'user.name'}:"
416: ."$ENV{'user.class'}:$ENV{'request.filename'}:$namevalue",
417: "$ENV{'user.home'}");
1.9 www 418: }
419:
420: # --------------------------------------------------------------------- Restore
421:
422: sub restore {
1.12 www 423: my $answer=reply("restore:$ENV{'user.domain'}:$ENV{'user.name'}:"
424: ."$ENV{'user.class'}:$ENV{'request.filename'}",
425: "$ENV{'user.home'}");
426: my %returnhash=();
427: map {
428: my ($name,$value)=split(/\=/,$_);
429: $returnhash{&unescape($name)}=&unescape($value);
430: } split(/\&/,$answer);
1.13 www 431: return %returnhash;
1.9 www 432: }
1.1 albertel 433:
1.11 www 434: # -------------------------------------------------------- Get user priviledges
435:
436: sub rolesinit {
437: my ($domain,$username,$authhost)=@_;
438: my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
1.12 www 439: if (($rolesdump eq 'con_lost') || ($rolesdump eq '')) { return ''; }
1.11 www 440: my %allroles=();
441: my %thesepriv=();
442: my $now=time;
1.21 www 443: my $userroles="user.login.time=$now\n";
1.11 www 444: my $thesestr;
445:
446: if ($rolesdump ne '') {
447: map {
1.21 www 448: if ($_!~/^rolesdef\&/) {
1.11 www 449: my ($area,$role)=split(/=/,$_);
1.21 www 450: $area=~s/\_\w\w$//;
1.11 www 451: my ($trole,$tend,$tstart)=split(/_/,$role);
1.21 www 452: $userroles.='user.role.'.$trole.'.'.$area.'='.
453: $tstart.'.'.$tend."\n";
1.11 www 454: if ($tend!=0) {
455: if ($tend<$now) {
456: $trole='';
457: }
458: }
459: if ($tstart!=0) {
460: if ($tstart>$now) {
461: $trole='';
462: }
463: }
464: if (($area ne '') && ($trole ne '')) {
1.12 www 465: my ($tdummy,$tdomain,$trest)=split(/\//,$area);
466: if ($trole =~ /^cr\//) {
467: my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$trole);
468: my $homsvr=homeserver($rauthor,$rdomain);
469: if ($hostname{$homsvr} ne '') {
470: my $roledef=
1.21 www 471: reply("get:$rdomain:$rauthor:roles:rolesdef_$rrole",
1.12 www 472: $homsvr);
473: if (($roledef ne 'con_lost') && ($roledef ne '')) {
474: my ($syspriv,$dompriv,$coursepriv)=
1.21 www 475: split(/\_/,unescape($roledef));
1.12 www 476: $allroles{'/'}.=':'.$syspriv;
477: if ($tdomain ne '') {
478: $allroles{'/'.$tdomain.'/'}.=':'.$dompriv;
479: if ($trest ne '') {
480: $allroles{$area}.=':'.$coursepriv;
481: }
482: }
483: }
1.11 www 484: }
1.12 www 485: } else {
486: $allroles{'/'}.=':'.$pr{$trole.':s'};
487: if ($tdomain ne '') {
488: $allroles{'/'.$tdomain.'/'}.=':'.$pr{$trole.':d'};
489: if ($trest ne '') {
490: $allroles{$area}.=':'.$pr{$trole.':c'};
491: }
492: }
1.11 www 493: }
1.12 www 494: }
495: }
1.11 www 496: } split(/&/,$rolesdump);
497: map {
498: %thesepriv=();
499: map {
500: if ($_ ne '') {
501: my ($priviledge,$restrictions)=split(/&/,$_);
502: if ($restrictions eq '') {
503: $thesepriv{$priviledge}='F';
504: } else {
505: if ($thesepriv{$priviledge} ne 'F') {
506: $thesepriv{$priviledge}.=$restrictions;
507: }
508: }
509: }
510: } split(/:/,$allroles{$_});
511: $thesestr='';
512: map { $thesestr.=':'.$_.'&'.$thesepriv{$_}; } keys %thesepriv;
513: $userroles.='user.priv.'.$_.'='.$thesestr."\n";
514: } keys %allroles;
515: }
516: return $userroles;
517: }
518:
1.12 www 519: # --------------------------------------------------------------- get interface
520:
521: sub get {
522: my ($namespace,@storearr)=@_;
523: my $items='';
524: map {
525: $items.=escape($_).'&';
526: } @storearr;
527: $items=~s/\&$//;
528: my $rep=reply("get:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
529: $ENV{'user.home'});
1.15 www 530: my @pairs=split(/\&/,$rep);
531: my %returnhash=();
532: map {
533: my ($key,$value)=split(/=/,$_);
1.29 ! www 534: $returnhash{unescape($key)}=unescape($value);
1.15 www 535: } @pairs;
536: return %returnhash;
1.27 www 537: }
538:
539: # --------------------------------------------------------------- del interface
540:
541: sub del {
542: my ($namespace,@storearr)=@_;
543: my $items='';
544: map {
545: $items.=escape($_).'&';
546: } @storearr;
547: $items=~s/\&$//;
548: return reply("del:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
549: $ENV{'user.home'});
1.15 www 550: }
551:
552: # -------------------------------------------------------------- dump interface
553:
554: sub dump {
555: my $namespace=shift;
556: my $rep=reply("dump:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace",
557: $ENV{'user.home'});
1.12 www 558: my @pairs=split(/\&/,$rep);
559: my %returnhash=();
560: map {
561: my ($key,$value)=split(/=/,$_);
1.29 ! www 562: $returnhash{unescape($key)}=unescape($value);
1.12 www 563: } @pairs;
564: return %returnhash;
565: }
566:
567: # --------------------------------------------------------------- put interface
568:
569: sub put {
570: my ($namespace,%storehash)=@_;
571: my $items='';
572: map {
573: $items.=escape($_).'='.escape($storehash{$_}).'&';
574: } keys %storehash;
575: $items=~s/\&$//;
576: return reply("put:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
577: $ENV{'user.home'});
578: }
579:
580: # -------------------------------------------------------------- eget interface
581:
582: sub eget {
583: my ($namespace,@storearr)=@_;
584: my $items='';
585: map {
586: $items.=escape($_).'&';
587: } @storearr;
588: $items=~s/\&$//;
589: my $rep=reply("eget:$ENV{'user.domain'}:$ENV{'user.name'}:$namespace:$items",
590: $ENV{'user.home'});
591: my @pairs=split(/\&/,$rep);
592: my %returnhash=();
593: map {
594: my ($key,$value)=split(/=/,$_);
1.29 ! www 595: $returnhash{unescape($key)}=unescape($value);
1.12 www 596: } @pairs;
597: return %returnhash;
598: }
599:
600: # ------------------------------------------------- Check for a user priviledge
601:
602: sub allowed {
603: my ($priv,$uri)=@_;
604: $uri=~s/^\/res//;
605: $uri=~s/^\///;
1.29 ! www 606:
! 607: # Free bre access to adm resources
! 608:
! 609: if (($uri=~/^adm\//) && ($priv eq 'bre')) {
1.14 www 610: return 'F';
611: }
1.29 ! www 612:
! 613: # Gather priviledges over system and domain
! 614:
1.12 www 615: my $thisallowed='';
616: if ($ENV{'user.priv./'}=~/$priv\&([^\:]*)/) {
617: $thisallowed.=$1;
618: }
619: if ($ENV{'user.priv./'.(split(/\//,$uri))[0].'/'}=~/$priv\&([^\:]*)/) {
620: $thisallowed.=$1;
621: }
1.29 ! www 622:
! 623: # Full access at system or domain level? Exit.
! 624:
! 625: if ($thisallowed=~/F/) {
! 626: return 'F';
! 627: }
! 628:
! 629: # Course level access control
! 630:
! 631: # uri itself refering to a course?
! 632:
! 633: if ($uri=~/\.course$/) {
! 634: if ($ENV{'user.priv./'.$uri}=~/$priv\&([^\:]*)/) {
! 635: $thisallowed.=$1;
! 636: }
! 637: if ($thisallowed=~/F/) {
! 638: return 'F';
! 639: }
! 640:
! 641: # uri is refering to an individual resource; user needs to be in a course
! 642:
! 643: } else {
! 644:
! 645: unless(defined($ENV{'request.course.uri'})) {
! 646: return '1';
! 647: }
! 648:
! 649: # Get access priviledges for course
! 650:
! 651: if ($ENV{'user.priv./'.$ENV{'request.course.uri'}}=~/$priv\&([^\:]*)/) {
! 652: $thisallowed.=$1;
! 653: }
! 654:
! 655: # See if resource or referer is part of this course
! 656:
! 657: my @uriparts=split(/\//,$uri);
! 658: my $urifile=$uriparts[$#uriparts];
! 659: $urifile=~/\.(\w+)$/;
! 660: my $uritype=$1;
! 661: $#uriparts--;
! 662: my $uripath=join('/',@uriparts);
! 663: my $uricond=-1;
! 664: if ($ENV{'acc.res.'.$ENV{'request.course'}.'.'.$uripath}=~
! 665: /\&$urifile\:(\d+)\&/) {
! 666: $uricond=$1;
! 667: } elsif (($fe{$uritype} eq 'emb') || ($fe{$uritype} eq 'img')) {
! 668:
! 669: }
! 670:
1.12 www 671: }
672: return $thisallowed;
673: }
674:
1.29 ! www 675: # ---------------------------------------------------------- Refresh State Info
! 676:
! 677: sub refreshstate {
! 678: }
! 679:
1.12 www 680: # ----------------------------------------------------------------- Define Role
681:
682: sub definerole {
683: if (allowed('mcr','/')) {
684: my ($rolename,$sysrole,$domrole,$courole)=@_;
1.21 www 685: map {
686: my ($crole,$cqual)=split(/\&/,$_);
687: if ($pr{'cr:s'}!~/$crole/) { return "refused:s:$crole"; }
688: if ($pr{'cr:s'}=~/$crole\&/) {
689: if ($pr{'cr:s'}!~/$crole\&\w*$cqual/) {
690: return "refused:s:$crole&$cqual";
691: }
692: }
693: } split('/',$sysrole);
694: map {
695: my ($crole,$cqual)=split(/\&/,$_);
696: if ($pr{'cr:d'}!~/$crole/) { return "refused:d:$crole"; }
697: if ($pr{'cr:d'}=~/$crole\&/) {
698: if ($pr{'cr:d'}!~/$crole\&\w*$cqual/) {
699: return "refused:d:$crole&$cqual";
700: }
701: }
702: } split('/',$domrole);
703: map {
704: my ($crole,$cqual)=split(/\&/,$_);
705: if ($pr{'cr:c'}!~/$crole/) { return "refused:c:$crole"; }
706: if ($pr{'cr:c'}=~/$crole\&/) {
707: if ($pr{'cr:c'}!~/$crole\&\w*$cqual/) {
708: return "refused:c:$crole&$cqual";
709: }
710: }
711: } split('/',$courole);
1.12 www 712: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
713: "$ENV{'user.domain'}:$ENV{'user.name'}:".
1.21 www 714: "rolesdef_$rolename=".
715: escape($sysrole.'_'.$domrole.'_'.$courole);
1.12 www 716: return reply($command,$ENV{'user.home'});
717: } else {
718: return 'refused';
719: }
720: }
721:
722: # ------------------------------------------------------------------ Plain Text
723:
724: sub plaintext {
1.22 www 725: my $short=shift;
726: return $prp{$short};
1.12 www 727: }
728:
1.25 www 729: # ------------------------------------------------------------------ Plain Text
730:
731: sub fileembstyle {
732: my $ending=shift;
733: return $fe{$ending};
734: }
735:
736: # ------------------------------------------------------------ Description Text
737:
738: sub filedecription {
739: my $ending=shift;
740: return $fd{$ending};
741: }
742:
1.12 www 743: # ----------------------------------------------------------------- Assign Role
744:
745: sub assignrole {
1.21 www 746: my ($udom,$uname,$url,$role,$end,$start)=@_;
747: my $mrole;
1.29 ! www 748: $url=~s/^\///;
! 749: $url=~s/^res\///;
1.21 www 750: if ($role =~ /^cr\//) {
751: unless ($url=~/\.course$/) { return 'invalid'; }
752: unless (allowed('ccr',$url)) { return 'refused'; }
753: $mrole='cr';
754: } else {
755: unless (($url=~/\.course$/) || ($url=~/\/$/)) { return 'invalid'; }
756: unless (allowed('c'+$role)) { return 'refused'; }
757: $mrole=$role;
758: }
759: my $command="encrypt:rolesput:$ENV{'user.domain'}:$ENV{'user.name'}:".
760: "$udom:$uname:$url".'_'."$mrole=$role";
761: if ($end) { $command.='_$end'; }
762: if ($start) {
763: if ($end) {
764: $command.='_$start';
765: } else {
766: $command.='_0_$start';
767: }
768: }
769: return &reply($command,&homeserver($uname,$udom));
770: }
771:
772: # ---------------------------------------------------------- Assign Custom Role
773:
774: sub assigncustomrole {
775: my ($udom,$uname,$url,$rdom,$rnam,$rolename,$end,$start)=@_;
776: return &assignrole($udom,$uname,$url,'cr/'.$rdom.'/'.$rnam.'/'.$rolename,
777: $end,$start);
778: }
779:
780: # ----------------------------------------------------------------- Revoke Role
781:
782: sub revokerole {
783: my ($udom,$uname,$url,$role)=@_;
784: my $now=time;
785: return &assignrole($udom,$uname,$url,$role,$now);
786: }
787:
788: # ---------------------------------------------------------- Revoke Custom Role
789:
790: sub revokecustomrole {
791: my ($udom,$uname,$url,$rdom,$rnam,$rolename)=@_;
792: my $now=time;
793: return &assigncustomrole($udom,$uname,$url,$rdom,$rnam,$rolename,$now);
1.17 www 794: }
795:
796: # ------------------------------------------------------------ Directory lister
797:
798: sub dirlist {
799: my $uri=shift;
1.18 www 800: $uri=~s/^\///;
801: $uri=~s/\/$//;
1.19 www 802: my ($res,$udom,$uname,@rest)=split(/\//,$uri);
803: if ($udom) {
804: if ($uname) {
805: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/'.$uri,
806: homeserver($uname,$udom));
807: return split(/:/,$listing);
808: } else {
809: my $tryserver;
810: my %allusers=();
811: foreach $tryserver (keys %libserv) {
812: if ($hostdom{$tryserver} eq $udom) {
813: my $listing=reply('ls:'.$perlvar{'lonDocRoot'}.'/res/'.$udom,
814: $tryserver);
815: if (($listing ne 'no_such_dir') && ($listing ne 'empty')
816: && ($listing ne 'con_lost')) {
817: map {
818: my ($entry,@stat)=split(/&/,$_);
819: $allusers{$entry}=1;
820: } split(/:/,$listing);
821: }
822: }
823: }
824: my $alluserstr='';
825: map {
826: $alluserstr.=$_.'&user:';
827: } sort keys %allusers;
828: $alluserstr=~s/:$//;
829: return split(/:/,$alluserstr);
830: }
831: } else {
832: my $tryserver;
833: my %alldom=();
834: foreach $tryserver (keys %libserv) {
835: $alldom{$hostdom{$tryserver}}=1;
836: }
837: my $alldomstr='';
838: map {
839: $alldomstr.=$perlvar{'lonDocRoot'}.'/res/'.$_.'&domain:';
840: } sort keys %alldom;
841: $alldomstr=~s/:$//;
842: return split(/:/,$alldomstr);
843: }
1.26 www 844: }
845:
846: # -------------------------------------------------------- Value of a Condition
847:
848: sub condval {
849: my $condidx=shift;
850: my $result=0;
851: if ($ENV{'request.course'}) {
1.28 www 852: if (defined($ENV{'acc.cond.'.$ENV{'request.course'}.'.'.$condidx})) {
1.26 www 853: my $operand='|';
854: my @stack;
855: map {
856: if ($_ eq '(') {
857: push @stack,($operand,$result)
858: } elsif ($_ eq ')') {
859: my $before=pop @stack;
860: if (pop @stack eq '&') {
861: $result=$result>$before?$before:$result;
862: } else {
863: $result=$result>$before?$result:$before;
864: }
865: } elsif (($_ eq '&') || ($_ eq '|')) {
866: $operand=$_;
867: } else {
868: my $new=
869: substr($ENV{'user.state.'.$ENV{'request.course'}},$_,1);
870: if ($operand eq '&') {
871: $result=$result>$new?$new:$result;
872: } else {
873: $result=$result>$new?$result:$new;
874: }
875: }
876: } ($ENV{'acc.cond.'.$ENV{'request.course'}.'.'.$condidx}=~
877: /(\d+|\(|\)|\&|\|)/g);
878: }
879: }
880: return $result;
1.28 www 881: }
882:
883: # --------------------------------------------------------- Value of a Variable
884:
885: sub varval {
886: my ($realm,$space,@components)=split(/\./,shift);
887: my $value='';
888: if ($realm eq 'user') {
1.29 ! www 889: if ($space=~/^resource/) {
! 890: $space=~s/^resource\[//;
! 891: $space=~s/\]$//;
! 892:
! 893: } else {
! 894: }
1.28 www 895: } elsif ($realm eq 'course') {
896: } elsif ($realm eq 'session') {
897: } elsif ($realm eq 'system') {
898: }
899: return $value;
1.12 www 900: }
901:
902: # -------------------------------------------------------- Escape Special Chars
903:
904: sub escape {
905: my $str=shift;
906: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
907: return $str;
908: }
909:
910: # ----------------------------------------------------- Un-Escape Special Chars
911:
912: sub unescape {
913: my $str=shift;
914: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
915: return $str;
916: }
1.11 www 917:
1.1 albertel 918: # ================================================================ Main Program
919:
920: sub BEGIN {
921: if ($readit ne 'done') {
922: # ------------------------------------------------------------ Read access.conf
923: {
924: my $config=Apache::File->new("/etc/httpd/conf/access.conf");
925:
926: while (my $configline=<$config>) {
927: if ($configline =~ /PerlSetVar/) {
928: my ($dummy,$varname,$varvalue)=split(/\s+/,$configline);
1.8 www 929: chomp($varvalue);
1.1 albertel 930: $perlvar{$varname}=$varvalue;
931: }
932: }
933: }
934:
935: # ------------------------------------------------------------- Read hosts file
936: {
937: my $config=Apache::File->new("$perlvar{'lonTabDir'}/hosts.tab");
938:
939: while (my $configline=<$config>) {
940: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
941: $hostname{$id}=$name;
942: $hostdom{$id}=$domain;
943: if ($role eq 'library') { $libserv{$id}=$name; }
944: }
945: }
946:
947: # ------------------------------------------------------ Read spare server file
948: {
949: my $config=Apache::File->new("$perlvar{'lonTabDir'}/spare.tab");
950:
951: while (my $configline=<$config>) {
952: chomp($configline);
953: if (($configline) && ($configline ne $perlvar{'lonHostID'})) {
954: $spareid{$configline}=1;
955: }
956: }
957: }
1.11 www 958: # ------------------------------------------------------------ Read permissions
959: {
960: my $config=Apache::File->new("$perlvar{'lonTabDir'}/roles.tab");
961:
962: while (my $configline=<$config>) {
963: chomp($configline);
964: my ($role,$perm)=split(/ /,$configline);
965: if ($perm ne '') { $pr{$role}=$perm; }
966: }
967: }
968:
969: # -------------------------------------------- Read plain texts for permissions
970: {
971: my $config=Apache::File->new("$perlvar{'lonTabDir'}/rolesplain.tab");
972:
973: while (my $configline=<$config>) {
974: chomp($configline);
975: my ($short,$plain)=split(/:/,$configline);
976: if ($plain ne '') { $prp{$short}=$plain; }
1.25 www 977: }
978: }
979:
980: # ------------------------------------------------------------- Read file types
981: {
982: my $config=Apache::File->new("$perlvar{'lonTabDir'}/filetypes.tab");
983:
984: while (my $configline=<$config>) {
985: chomp($configline);
986: my ($ending,$emb,@descr)=split(/\s+/,$configline);
987: if ($descr[0] ne '') {
988: $fe{$ending}=$emb;
989: $fd{$ending}=join(' ',@descr);
990: }
1.11 www 991: }
992: }
993:
1.22 www 994:
1.1 albertel 995: $readit='done';
1.12 www 996: &logthis('<font color=yellow>INFO: Read configuration</font>');
1.1 albertel 997: }
998: }
999: 1;
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl