[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /auth lonipcheck.pm /homework lonhomework.pm /publisher packages.tab doc/loncapafiles loncapafiles.lpml
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Fri, 05 Sep 2008 17:43:35 -0000
This is a MIME encoded message
--raeburn1220636615
Content-Type: text/plain
raeburn Fri Sep 5 13:43:35 2008 EDT
Added files:
/loncom/auth lonipcheck.pm
Modified files:
/loncom loncapa_apache.conf
/doc/loncapafiles loncapafiles.lpml
/loncom/homework lonhomework.pm
/loncom/publisher packages.tab
Log:
Bug 5777
- IP-based access control extending to encompass additional resources (i.e., HTML files, Bulletin Boards, External Resources, Simpe Pages), beyond existing support for problem/exam/survey files.
- New lonipcheck.pm added as a chained content handler, called after londatecheck.
- &check_ip_acc() moved form lonhomework.pm to loncommon.pm to be more widely available.
--raeburn1220636615
Content-Type: text/plain
Content-Disposition: attachment; filename="raeburn-20080905134335.txt"
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.177 loncom/loncapa_apache.conf:1.178
--- loncom/loncapa_apache.conf:1.177 Tue Jul 8 13:52:32 2008
+++ loncom/loncapa_apache.conf Fri Sep 5 13:43:31 2008
@@ -1,7 +1,7 @@
##
## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
##
-## $Id: loncapa_apache.conf,v 1.177 2008/07/08 17:52:32 raeburn Exp $
+## $Id: loncapa_apache.conf,v 1.178 2008/09/05 17:43:31 raeburn Exp $
##
#
@@ -105,7 +105,8 @@
AuthType LONCAPA
Require valid-user
PerlAuthzHandler Apache::lonacc
-PerlHandler Apache::londatecheck
+PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
PerlHeaderParserHandler Apache::lonuploadrep
ErrorDocument 403 /adm/login
ErrorDocument 404 /adm/notfound.html
@@ -203,6 +204,7 @@
PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
PerlHandler Apache::lonsimplepage
ErrorDocument 404 /adm/notfound.html
ErrorDocument 406 /adm/notinit.html
@@ -215,6 +217,7 @@
PerlAuthzHandler Apache::lonacc
SetHandler perl-script
PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
PerlHandler Apache::lonbulletin
ErrorDocument 404 /adm/notfound.html
ErrorDocument 406 /adm/notinit.html
@@ -372,6 +375,7 @@
<LocationMatch "^/+(uploaded|res|\~).*\.(xml|html|htm|xhtml|xhtm|sty)$">
SetHandler perl-script
PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
PerlHandler Apache::lonxml
</LocationMatch>
@@ -385,6 +389,7 @@
Require valid-user
PerlAuthzHandler Apache::lonacc
PerlHandler Apache::londatecheck
+PerlHandler Apache::lonipcheck
SetHandler perl-script
PerlHandler Apache::lonwrapper
ErrorDocument 403 /adm/login
Index: doc/loncapafiles/loncapafiles.lpml
diff -u doc/loncapafiles/loncapafiles.lpml:1.609 doc/loncapafiles/loncapafiles.lpml:1.610
--- doc/loncapafiles/loncapafiles.lpml:1.609 Thu Sep 4 09:57:09 2008
+++ doc/loncapafiles/loncapafiles.lpml Fri Sep 5 13:43:32 2008
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/lpml.dtd">
<!-- loncapafiles.lpml -->
-<!-- $Id: loncapafiles.lpml,v 1.609 2008/09/04 13:57:09 riegler Exp $ -->
+<!-- $Id: loncapafiles.lpml,v 1.610 2008/09/05 17:43:32 raeburn Exp $ -->
<!--
@@ -5010,6 +5010,13 @@
<status>works/unverified</status>
</file>
<file>
+<source>loncom/auth/lonipcheck.pm</source>
+<target dist='default'>home/httpd/lib/perl/Apache/lonipcheck.pm</target>
+<categoryname>handler</categoryname>
+<description>Checks IP-based access control settings - disable subsequent PerlHandlers if client's IP is blocked</description>
+<status>works/unverified</status>
+</file>
+<file>
<source>loncom/auth/londatecheck.pm</source>
<target dist='default'>home/httpd/lib/perl/Apache/londatecheck.pm</target>
<categoryname>handler</categoryname>
Index: loncom/homework/lonhomework.pm
diff -u loncom/homework/lonhomework.pm:1.296 loncom/homework/lonhomework.pm:1.297
--- loncom/homework/lonhomework.pm:1.296 Mon Jul 28 01:26:00 2008
+++ loncom/homework/lonhomework.pm Fri Sep 5 13:43:32 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# The LON-CAPA Homework handler
#
-# $Id: lonhomework.pm,v 1.296 2008/07/28 05:26:00 raeburn Exp $
+# $Id: lonhomework.pm,v 1.297 2008/09/05 17:43:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -209,58 +209,6 @@
return 0;
}
-sub check_ip_acc {
- my ($acc)=@_;
- &Apache::lonxml::debug("acc is $acc");
- if (!defined($acc) || $acc =~ /^\s*$/ || $acc =~/^\s*no\s*$/i) {
- return 1;
- }
- my $allowed=0;
- my $ip=$env{'request.host'} || $ENV{'REMOTE_ADDR'};
-
- my $name;
- foreach my $pattern (split(',',$acc)) {
- $pattern =~ s/^\s*//;
- $pattern =~ s/\s*$//;
- if ($pattern =~ /\*$/) {
- #35.8.*
- $pattern=~s/\*//;
- if ($ip =~ /^\Q$pattern\E/) { $allowed=1; }
- } elsif ($pattern =~ /(\d+\.\d+\.\d+)\.\[(\d+)-(\d+)\]$/) {
- #35.8.3.[34-56]
- my $low=$2;
- my $high=$3;
- $pattern=$1;
- if ($ip =~ /^\Q$pattern\E/) {
- my $last=(split(/\./,$ip))[3];
- if ($last <=$high && $last >=$low) { $allowed=1; }
- }
- } elsif ($pattern =~ /^\*/) {
- #*.msu.edu
- $pattern=~s/\*//;
- if (!defined($name)) {
- use Socket;
- my $netaddr=inet_aton($ip);
- ($name)=gethostbyaddr($netaddr,AF_INET);
- }
- if ($name =~ /\Q$pattern\E$/i) { $allowed=1; }
- } elsif ($pattern =~ /\d+\.\d+\.\d+\.\d+/) {
- #127.0.0.1
- if ($ip =~ /^\Q$pattern\E/) { $allowed=1; }
- } else {
- #some.name.com
- if (!defined($name)) {
- use Socket;
- my $netaddr=inet_aton($ip);
- ($name)=gethostbyaddr($netaddr,AF_INET);
- }
- if ($name =~ /\Q$pattern\E$/i) { $allowed=1; }
- }
- if ($allowed) { last; }
- }
- return $allowed;
-}
-
sub check_slot_access {
my ($id,$type)=@_;
@@ -307,7 +255,7 @@
&Apache::lonhomework::showhash(%slot);
if ($slot{'starttime'} < time &&
$slot{'endtime'} > time &&
- &check_ip_acc($slot{'ip'})) {
+ &Apache::loncommon::check_ip_acc($slot{'ip'})) {
&Apache::lonxml::debug("$slot is good");
$slotstatus='NEEDS_CHECKIN';
$returned_slot=\%slot;
@@ -421,7 +369,7 @@
#if ($env{'request.state'} ne "construct" && $symb ne '') {
if ($env{'request.state'} ne "construct") {
my $idacc = &Apache::lonnet::EXT("resource.$id.acc");
- my $allowed=&check_ip_acc($idacc);
+ my $allowed=&Apache::loncommon::check_ip_acc($idacc);
if (!$allowed && ($Apache::lonhomework::browse ne 'F')) {
$status='INVALID_ACCESS';
$date=&mt("can not be accessed from your location.");
Index: loncom/publisher/packages.tab
diff -u loncom/publisher/packages.tab:1.54 loncom/publisher/packages.tab:1.55
--- loncom/publisher/packages.tab:1.54 Sat Dec 1 14:57:15 2007
+++ loncom/publisher/packages.tab Fri Sep 5 13:43:33 2008
@@ -144,6 +144,8 @@
default&hiddenresource&type:string_yesno
default&buttonshide&display:Hide buttons from students
default&buttonshide&type:string_yesno
+default&acc&display:Client IP/Name Access Control
+default&acc&type:string_ip
#default&hiddenresource&hidden:parm
#bridge tasks
Index: loncom/auth/lonipcheck.pm
+++ loncom/auth/lonipcheck.pm
# Checks IP access settings - disable subsequent PerlHandlers if client IP blocked
# $Id: lonipcheck.pm,v 1.1 2008/09/05 17:43:31 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
use strict;
package Apache::lonipcheck;
use Apache::lonnet;
use Apache::lonlocal;
use Apache::loncommon();
use Apache::Constants qw(:common :http :methods);
sub ip_access_check {
my $symb=$env{'request.symb'};
if ($env{'request.state'} ne "construct") {
my $idacc = &Apache::lonnet::EXT('resource.0.acc',$symb);
my $allowed=&Apache::loncommon::check_ip_acc($idacc);
if (!$allowed) {
return('INVALID_ACCESS',
'<h1>'.&mt('Not open to be viewed').'</h1>'.
&mt("This resource can not be accessed from your location."));
}
}
return ('OPEN');
}
sub handler {
my ($r)=@_;
if (&Apache::lonnet::allowed('bre',$r->uri) eq 'F') {
return DECLINED;
}
my ($status,$msg)=&ip_access_check();
if ($status ne 'OPEN') {
$r->set_handlers('PerlHandler'=>undef);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
return OK if $r->header_only;
my $start_page =
&Apache::loncommon::start_page('Not Open',undef,
{'bgcolor' => '#FFFFFF',
'force_register' => 1,});
my $end_page = &Apache::loncommon::end_page();
$r->print($start_page.$msg.$end_page);
return OK;
}
return DECLINED;
}
1;
--raeburn1220636615--