--- loncom/auth/lonacc.pm 2021/02/10 11:37:49 1.159.2.8.2.11
+++ loncom/auth/lonacc.pm 2020/12/18 15:23:03 1.184
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.159.2.8.2.11 2021/02/10 11:37:49 raeburn Exp $
+# $Id: lonacc.pm,v 1.184 2020/12/18 15:23:03 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -102,6 +102,7 @@ use Apache::loncommon();
use Apache::lonlocal;
use Apache::restrictedaccess();
use Apache::blockedaccess();
+use Apache::lonprotected();
use Fcntl qw(:flock);
use LONCAPA qw(:DEFAULT :match);
@@ -202,6 +203,14 @@ sub get_posted_cgi {
$fname='';
$fmime='';
}
+ if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
+ # TODO: something with $1 !
+ $i++;
+ }
+ if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
+ # TODO: something with $1 !
+ $i++;
+ }
$i++;
}
} else {
@@ -377,7 +386,7 @@ sub sso_login {
} else {
# need to login them in, so generate the need data that
# migrate expects to do login
- my $ip = &Apache::lonnet::get_requestor_ip($r);
+ my $ip = &Apache::lonnet::get_requestor_ip($r);
my %info=('ip' => $ip,
'domain' => $domain,
'username' => $user,
@@ -528,7 +537,8 @@ sub handler {
}
} elsif ($env{'request.course.id'} &&
(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) ||
- ($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
+ ($requrl eq "/public/$cdom/$cnum/syllabus") ||
+ ($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
my $query = $r->args;
if ($query) {
foreach my $pair (split(/&/,$query)) {
@@ -582,7 +592,7 @@ sub handler {
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
$otherserver = $found_server;
}
- unless ($requrl eq '/adm/switchserver') {
+ unless ($requrl eq '/adm/switchserver') {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}
@@ -604,38 +614,26 @@ sub handler {
return OK;
}
}
-
# ---------------------------------------------------------------- Check access
my $now = time;
- my ($check_symb,$check_access,$check_block,$access,$poss_symb);
+ my $check_symb;
if ($requrl !~ m{^/(?:adm|public|(?:prt|zip)spool)/}
|| $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
- $check_access = 1;
- }
- if ((!$check_access) && ($env{'request.course.id'})) {
- if (($requrl eq '/adm/viewclasslist') ||
- ($requrl =~ m{^(/adm/wrapper|)\Q/uploaded/$cdom/$cnum/docs/\E}) ||
- ($requrl =~ m{^/adm/.*/aboutme$}) ||
- ($requrl=~m{^/adm/coursedocs/showdoc/}) ||
- ($requrl=~m{^(/adm/wrapper|)/adm/$cdom/$cnum/\d+/ext\.tool$})) {
- $check_block = 1;
- }
- }
- if (($env{'request.course.id'}) && (!$suppext)) {
- $requrl=~/\.(\w+)$/;
- if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
- ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
- ($requrl=~/^\/adm\/wrapper\//) ||
- ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
- ($requrl=~m|\.problem/smpedit$|) ||
- ($requrl=~/^\/public\/.*\/syllabus$/) ||
- ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
- ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/) ||
- ($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
- $check_symb = 1;
+ my ($access,$poss_symb);
+ if (($env{'request.course.id'}) && (!$suppext)) {
+ $requrl=~/\.(\w+)$/;
+ if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+ ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
+ ($requrl=~/^\/adm\/wrapper\//) ||
+ ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
+ ($requrl=~m|\.problem/smpedit$|) ||
+ ($requrl=~/^\/public\/.*\/syllabus$/) ||
+ ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
+ ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/) ||
+ ($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
+ $check_symb = 1;
+ }
}
- }
- if (($check_access) || ($check_block)) {
if ($check_symb) {
if ($env{'form.symb'}) {
$poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
@@ -655,9 +653,7 @@ sub handler {
if ($poss_symb) {
my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
$url = &Apache::lonnet::clutter($url);
- my $toplevelmap = $env{'course.'.$env{'request.course.id'}.'.url'};
- unless (($url eq $requrl) && (($possmap eq $toplevelmap) ||
- (&Apache::lonnet::is_on_map($possmap)))) {
+ unless (($url eq $requrl) && (&Apache::lonnet::is_on_map($possmap))) {
undef($poss_symb);
}
if ($poss_symb) {
@@ -675,18 +671,6 @@ sub handler {
} else {
$access=&Apache::lonnet::allowed('bre',$requrl);
}
- }
- if ($check_block) {
- if ($access eq 'B') {
- if ($poss_symb) {
- if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
- $env{'request.symb'} = $poss_symb;
- }
- }
- &Apache::blockedaccess::setup_handler($r);
- return OK;
- }
- } elsif ($check_access) {
if ($handle eq '') {
unless ($access eq 'F') {
if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
@@ -704,6 +688,9 @@ sub handler {
}
if ($access eq 'B') {
if ($poss_symb) {
+ if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
+ $requrl = $1;
+ }
if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
$env{'request.symb'} = $poss_symb;
}
@@ -711,6 +698,10 @@ sub handler {
&Apache::blockedaccess::setup_handler($r);
return OK;
}
+ if ($access eq 'D') {
+ &Apache::lonprotected::setup_handler($r);
+ return OK;
+ }
if (($access ne '2') && ($access ne 'F')) {
if ($requrl =~ m{^/res/}) {
$access = &Apache::lonnet::allowed('bro',$requrl);
@@ -727,7 +718,7 @@ sub handler {
}
}
} elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
- my $clientip = &Apache::lonnet::get_requestor_ip($r);
+ my $clientip = &Apache::lonnet::get_requestor_ip($r);
if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;
@@ -776,32 +767,18 @@ sub handler {
}
if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});
- if (($requrl eq '/adm/navmaps') ||
- ($requrl =~ m{^/adm/wrapper/}) ||
- ($requrl =~ m{^/adm/coursedocs/showdoc/})) {
- unless (&Apache::lonnet::symbverify($symb,$requrl)) {
- if (&Apache::lonnet::is_on_map($requrl)) {
- $symb = &Apache::lonnet::symbread($requrl);
- unless (&Apache::lonnet::symbverify($symb,$requrl)) {
- undef($symb);
- }
- }
- }
- if ($symb) {
- if ($requrl eq '/adm/navmaps') {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
- } elsif (($requrl =~ m{^/adm/wrapper/}) ||
- ($requrl =~ m{^/adm/coursedocs/showdoc/})) {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- if ($map =~ /\.page$/) {
- my $mapsymb = &Apache::lonnet::symbread($map);
- ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
- }
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
- 'last_known' =>[$murl,$mid]);
- }
+ if ($requrl eq '/adm/navmaps') {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
+ } elsif ($requrl =~ m|^/adm/wrapper/|
+ || $requrl =~ m|^/adm/coursedocs/showdoc/|) {
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ if ($map =~ /\.page$/) {
+ my $mapsymb = &Apache::lonnet::symbread($map);
+ ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
(($requrl=~m|(.*)/smpedit$|) &&
&Apache::lonnet::symbverify($symb,$1)) ||
@@ -861,14 +838,10 @@ sub handler {
}
}
if ($invalidsymb) {
- if ($requrl eq '/adm/navmaps') {
- undef($symb);
- } else {
- $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
- $env{'user.error.msg'}=
- "$requrl:bre:1:1:Invalid Access";
- return HTTP_NOT_ACCEPTABLE;
- }
+ $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
}
}
}
@@ -882,8 +855,8 @@ sub handler {
my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
- &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
- 'last_known' =>[$murl,$mid]);
+ &Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
}
}
}
@@ -936,7 +909,7 @@ sub handler {
# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {
my $clientip = &Apache::lonnet::get_requestor_ip($r);
- my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
+ my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
if ($access eq 'A') {
&Apache::restrictedaccess::setup_handler($r);
return OK;
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.