loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.100 and 1.115

version 1.100, 2006/09/19 18:03:02	version 1.115, 2008/05/14 18:27:30
Line 36 use Apache::lonnet;	Line 36 use Apache::lonnet;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use CGI::Cookie();	use Apache::blockedaccess();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA;

Line 57 sub goodbye {	Line 57 sub goodbye {
###############################################	###############################################

sub get_posted_cgi {	sub get_posted_cgi {
my ($r) = @_;	my ($r,$fields) = @_;

my $buffer;	my $buffer;
if ($r->header_in('Content-length')) {	if ($r->header_in('Content-length')) {
$r->read($buffer,$r->header_in('Content-length'),0);	$r->read($buffer,$r->header_in('Content-length'),0);
}	}
unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {	my $content_type = $r->header_in('Content-type');
	if ($content_type !~ m{^multipart/form-data}) {
my @pairs=split(/&/,$buffer);	my @pairs=split(/&/,$buffer);
my $pair;	my $pair;
foreach $pair (@pairs) {	foreach $pair (@pairs) {
Line 72 sub get_posted_cgi {	Line 73 sub get_posted_cgi {
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;	$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$name =~ tr/+/ /;	$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;	$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
	if (ref($fields) eq 'ARRAY') {
	next if (!grep(/^\Q$name\E$/,@{$fields}));
	}
&Apache::loncommon::add_to_env("form.$name",$value);	&Apache::loncommon::add_to_env("form.$name",$value);
}	}
} else {	} else {
my $contentsep=$1;	my ($contentsep) = ($content_type =~ /boundary=\"?([^\";,]+)\"?/);
my @lines = split (/\n/,$buffer);	my @lines = split (/\n/,$buffer);
my $name='';	my $name='';
my $value='';	my $value='';
Line 83 sub get_posted_cgi {	Line 87 sub get_posted_cgi {
my $fmime='';	my $fmime='';
my $i;	my $i;
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^$contentsep/) {	if ($lines[$i]=~/^--\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	chomp($value);
if ($fname) {	if ($fname) {
Line 92 sub get_posted_cgi {	Line 96 sub get_posted_cgi {
} else {	} else {
$value=~s/\s+$//s;	$value=~s/\s+$//s;
}	}
	if (ref($fields) eq 'ARRAY') {
	next if (!grep(/^\Q$name\E$/,@{$fields}));
	}
&Apache::loncommon::add_to_env("form.$name",$value);	&Apache::loncommon::add_to_env("form.$name",$value);
}	}
if ($i<$#lines) {	if ($i<$#lines) {
Line 144 sub get_posted_cgi {	Line 151 sub get_posted_cgi {
# returns OK if it was a SSO and user was handled	# returns OK if it was a SSO and user was handled
# undef if not SSO or no means to hanle the user	# undef if not SSO or no means to hanle the user
sub sso_login {	sub sso_login {
my ($r,$lonid,$handle) = @_;	my ($r,$handle) = @_;

my $lonidsdir=$r->dir_config('lonIDsDir');	my $lonidsdir=$r->dir_config('lonIDsDir');
if (!($r->user	if (!($r->user
&& (!defined($env{'user.name'}) && !defined($env{'user.domain'}))	&& (!defined($env{'user.name'}) && !defined($env{'user.domain'}))
&& (!$lonid \|\| !-e "$lonidsdir/$handle.id" \|\| $handle eq ''))) {	&& ($handle eq ''))) {
# not an SSO case or already logged in	# not an SSO case or already logged in
return undef;	return undef;
}	}
Line 159 sub sso_login {	Line 166 sub sso_login {
my $domain = $r->dir_config('lonDefDomain');	my $domain = $r->dir_config('lonDefDomain');
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	if ($r->dir_config("lonBalancer") eq 'yes') {
# login but immeaditly go to switch server to find us a new	# login but immeaditly go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
	$env{'request.sso.login'} = 1;
	if (defined($r->dir_config("lonSSOReloginServer"))) {
	$env{'request.sso.reloginserver'} =
	$r->dir_config('lonSSOReloginServer');
	}
$r->internal_redirect('/adm/switchserver');	$r->internal_redirect('/adm/switchserver');
	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
Line 173 sub sso_login {	Line 187 sub sso_login {
'server' => $r->dir_config('lonHostID'),	'server' => $r->dir_config('lonHostID'),
'sso.login' => 1	'sso.login' => 1
);	);
	if (defined($r->dir_config("lonSSOReloginServer"))) {
	$info{'sso.reloginserver'} =
	$r->dir_config('lonSSOReloginServer');
	}
my $token =	my $token =
&Apache::lonnet::tmpput(\%info,	&Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'));	$r->dir_config('lonHostID'));
$env{'form.token'} = $token;	$env{'form.token'} = $token;
$r->internal_redirect('/adm/migrateuser');	$r->internal_redirect('/adm/migrateuser');
	$r->set_handlers('PerlHandler'=> undef);
}	}
return OK;	return OK;
} elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {	} elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {
$r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));	&Apache::lonnet::logthis(" SSO authorized unknown user $user ");
	$r->subprocess_env->set('SSOUserUnknown' => $user);
	$r->subprocess_env->set('SSOUserDomain' => $domain);
	my @cancreate;
	my %domconfig =
	&Apache::lonnet::get_dom('configuration',['usercreation'],$domain);
	if (ref($domconfig{'usercreation'}) eq 'HASH') {
	if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
	if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') {
	@cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}};
	} elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') &&
	($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) {
	@cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'});
	}
	}
	}
	if (grep(/^sso$/,@cancreate)) {
	$r->internal_redirect('/adm/createaccount');
	} else {
	$r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
	}
	$r->set_handlers('PerlHandler'=> undef);
return OK;	return OK;
}	}
return undef;	return undef;
Line 190 sub sso_login {	Line 230 sub sso_login {
sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requrl=$r->uri;	my $requrl=$r->uri;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));	if (&Apache::lonnet::is_domainimage($requrl)) {
my $lonid=$cookies{'lonID'};	return OK;
my $cookie;
my $lonidsdir=$r->dir_config('lonIDsDir');

my $handle;
if ($lonid) {
$handle=$lonid->value;
$handle=~s/\W//g;
}	}

my $result = &sso_login($r,$lonid,$handle);
	my $handle = &Apache::lonnet::check_for_valid_session($r);

	my $result = &sso_login($r,$handle);
if (defined($result)) {	if (defined($result)) {
return $result	return $result
}	}
Line 214 sub handler {	Line 250 sub handler {

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	$r->log_reason("Cookie $handle not valid", $r->filename);
} elsif ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {	} elsif ($handle ne '') {

# ------------------------------------------------------ Initialize Environment	# ------------------------------------------------------ Initialize Environment
	my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);

# --------------------------------------------------------- Initialize Language	# --------------------------------------------------------- Initialize Language
Line 254 sub handler {	Line 290 sub handler {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;
}	}
	if ($access eq 'B') {
	&Apache::blockedaccess::setup_handler($r);
	return OK;
	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
Line 264 sub handler {	Line 304 sub handler {
$env{'user.domain'};	$env{'user.domain'};
if ($requrl !~ /^\Q$start\E/) {	if ($requrl !~ /^\Q$start\E/) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	}
	if ($requrl =~ m\|^/zipspool/\|) {
	my $start='/zipspool/zipout/'.$env{'user.name'}.":".
	$env{'user.domain'};
	if ($requrl !~ /^\Q$start\E/) {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.100
changed lines
	Added in v.1.115