[LON-CAPA-cvs] cvs: loncom /auth lonwebdavacc.pm lonwebdavauth.pm

[raeburn]

raeburn		Fri May 29 18:42:02 2015 EDT

  Modified files:              
    /loncom/auth	lonwebdavauth.pm lonwebdavacc.pm 
  Log:
  - Update documentation to reflect changes in Apache config.
  - Logging of initial log-in (i.e., creation of session file in
    webdav/sessionIDs). 
  
  
Index: loncom/auth/lonwebdavauth.pm
diff -u loncom/auth/lonwebdavauth.pm:1.2 loncom/auth/lonwebdavauth.pm:1.3
--- loncom/auth/lonwebdavauth.pm:1.2	Fri Jun  1 11:39:29 2012
+++ loncom/auth/lonwebdavauth.pm	Fri May 29 18:42:01 2015
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Authentication Handler for webDAV access to Authoring Space.
 #
-# $Id: lonwebdavauth.pm,v 1.2 2012/06/01 11:39:29 raeburn Exp $
+# $Id: lonwebdavauth.pm,v 1.3 2015/05/29 18:42:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -32,7 +32,7 @@
 
 =head1 SYNOPSIS
 
-Invoked for /+webdav/[\w\-]+/[\w\-]+/ by 
+Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by 
 /etc/httpd/conf/loncapa_apache.conf:
 
 PerlAuthenHandler	Apache::lonwebdavauth
@@ -208,8 +208,9 @@
             my $uhome = &Apache::lonnet::authenticate($uname,$upass,$udom);
             if (($uhome ne 'no_host') && 
                 (&Apache::lonnet::hostname($uhome) ne '')) {
-                $handle = &init_webdav_env($sessiondir,$uname,$udom,
-                                           $uhome,$now,$timetolive);
+                my ($author) = ($r->uri =~ m{^/webdav/($match_domain/$match_username)/});
+                $handle = &init_webdav_env($r,$sessiondir,$uname,$udom,
+                                           $uhome,$now,$timetolive,$author);
                 if ($handle ne '') {
                     if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
                         my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
@@ -228,7 +229,7 @@
 }
 
 sub init_webdav_env {
-    my ($sessiondir,$uname,$udom,$uhome,$now,$timetolive) = @_;
+    my ($r,$sessiondir,$uname,$udom,$uhome,$now,$timetolive,$author) = @_;
     my $handle;
     my $currnewest = 0;
     if ($sessiondir ne '') {
@@ -297,6 +298,13 @@
                                                   \%userenv,\%domdef,\%is_adv);
             @env{keys(%disk_env)} = @disk_env{keys(%disk_env)};
             untie(%disk_env);
+            my $ip;
+            my $c = $r->connection;
+            if (ref($c)) {
+                $ip = $c->remote_ip;
+            }
+            &Apache::lonnet::log($udom,$uname,$uhome,
+                                 "Login webdav/$author $ip");
         }
         return $handle;
     }
Index: loncom/auth/lonwebdavacc.pm
diff -u loncom/auth/lonwebdavacc.pm:1.3 loncom/auth/lonwebdavacc.pm:1.4
--- loncom/auth/lonwebdavacc.pm:1.3	Mon Mar 16 12:13:34 2015
+++ loncom/auth/lonwebdavacc.pm	Fri May 29 18:42:01 2015
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Authorization Handler for webDAV access to Authoring Space. 
 #
-# $Id: lonwebdavacc.pm,v 1.3 2015/03/16 12:13:34 raeburn Exp $
+# $Id: lonwebdavacc.pm,v 1.4 2015/05/29 18:42:01 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -34,7 +34,7 @@
 
 =head1 SYNOPSIS
 
-Invoked for /+webdav/[\w\-]+/[\w\-]+/ by
+Invoked for ^/+webdav/[\w\-.]+/\w[\w.\-\@]+/ by
 /etc/httpd/conf/loncapa_apache.conf:
 
 PerlAccessHandler       Apache::lonwebdavacc
@@ -44,7 +44,7 @@
 This module enables authorization for authoring space
 and is used to control access for the following type of URI:
 
- <LocationMatch "^/webdav/[\w\-]+/[\w\-]+>
+ <LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/">
 
 This module is only called following successful authentication. 
 Unless lonOtherAuthen has been set, so Single Sign On can be used,
@@ -133,11 +133,12 @@
     my $now = time;
     my $sessiondir=$r->dir_config('lonDAVsessDir');
 
-    my ($adom,$aname);
+    my ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
+    my $author = "$aname:$adom";
     unless ($env{'user.environment'}) {
         my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
         if ($handle eq '') {
-            $handle = &sso_login($r,$sessiondir,$now,$timetolive);
+            $handle = &sso_login($r,$sessiondir,$now,$timetolive,$author);
             if ($handle eq '') {
                 return FORBIDDEN;
             }
@@ -150,7 +151,6 @@
         return FORBIDDEN;
     }
 
-    ($adom,$aname) = ($r->uri =~ m{^/webdav/($match_domain)/($match_username)/});
     my $docroot = $r->dir_config('lonDocRoot');
     if ($adom eq '' || $aname eq '') {
         return FORBIDDEN;
@@ -217,7 +217,7 @@
 }
 
 sub sso_login {
-    my ($r,$sessiondir,$now,$timetolive) = @_;
+    my ($r,$sessiondir,$now,$timetolive,$author) = @_;
     my ($uname,$udom);
     my ($uname) = ($r->user =~ m/([a-zA-Z0-9_\- at .]*)/);
     unless ($uname =~ /^$match_username$/) {
@@ -235,12 +235,18 @@
         return;
     }
     my $handle = 
-        &Apache::lonwebdavauth::init_webdav_env($sessiondir,$uname,$udom,
-                                                $uhome,$now,$timetolive);
+        &Apache::lonwebdavauth::init_webdav_env($r,$sessiondir,$uname,$udom,
+                                                $uhome,$now,$timetolive,$author);
     if ($handle ne '') {
-        my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
-        $r->header_out('Set-cookie' => $cookie);
-        $r->send_http_header;
+        if (&Apache::lonnet::usertools_access($uname,$udom,'webdav')) {
+            my ($webdav) =
+                ($r->uri =~ m{^(/webdav/$match_domain/$match_username/)});
+            &Apache::lonnet::log($udom,$uname,$uhome,
+                                 "SSO log-in to $webdav from $ENV{'REMOTE_ADDR'}");
+            my $cookie = "lonDAV=$handle; path=/webdav/; secure; HttpOnly;";
+            $r->header_out('Set-cookie' => $cookie);
+            $r->send_http_header;
+        }
     }
     return ($handle);
 }