loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.21.2.1 and 1.194

version 1.159.2.21.2.1, 2021/12/30 04:47:38	version 1.194, 2021/08/16 15:25:44
Line 160 sub get_posted_cgi {	Line 160 sub get_posted_cgi {
if (length($value) == 1) {	if (length($value) == 1) {
$value=~s/[\r\n]$//;	$value=~s/[\r\n]$//;
}	}
}	} elsif ($fname =~ /\.(xls\|doc\|ppt)(x\|m)$/i) {
if ($fname =~ /\.(xls\|doc\|ppt)(x\|m)$/i) {
$value=~s/[\r\n]$//;	$value=~s/[\r\n]$//;
}	}
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
Line 204 sub get_posted_cgi {	Line 203 sub get_posted_cgi {
$fname='';	$fname='';
$fmime='';	$fmime='';
}	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
$i++;	$i++;
}	}
} else {	} else {
Line 298 sub sso_login {	Line 305 sub sso_login {
my $query = $r->args;	my $query = $r->args;
my %form;	my %form;
if ($query) {	if ($query) {
	my @items = ('role','symb','iptoken','origurl','ltoken','linkkey');
my @items = ('role','symb','iptoken','origurl','ttoken',
'ltoken','linkkey','logtoken','sso');
&Apache::loncommon::get_unprocessed_cgi($query,\@items);	&Apache::loncommon::get_unprocessed_cgi($query,\@items);
foreach my $item (@items) {	foreach my $item (@items) {
if (defined($env{'form.'.$item})) {	if (defined($env{'form.'.$item})) {
Line 319 sub sso_login {	Line 324 sub sso_login {
}	}

my ($linkprot,$linkkey);	my ($linkprot,$linkkey);
	if ($form{'ltoken'}) {
#
# If Shibboleth auth is in use, and a dual SSO and non-SSO login page
# is in use, then the query string will contain the logtoken item with
# a value set to the name of a .tmp file in /home/httpd/perl/tmp
# containing the url to display after authentication, and also,
# optionally, role and symb, or linkprot or linkkey (deep-link access).
#
# If Shibboleth auth is in use, but a dual log-in page is not in use,
# and the originally requested URL was /tiny/$domain/$id (i.e.,
# for deeplinking), then the query string will contain the sso item
# with a value set to the name of a .tmp file in /home/httpd/perl/tmp
# containing the url to display after authentication, and also,
# optionally, linkprot or linkkey (deep-link access).
#
# Otherwise the query string may contain role and symb, or if the
# originally requested URL was /tiny/$domain/$id (i.e. for deeplinking)
# then the query string may contain a ttoken item with a value set
# to the name of a .tmp file in /home/httpd/perl/tmp containing either
# linkprot or linkkey (deep-link access).
#
# If deep-linked, i.e., the originally requested URL was /tiny/$domain/$id
# the linkkey may have originally been sent in POSTed data, which will
# have been processed in lontrans.pm
#

if ($form{'ttoken'}) {
my %info = &Apache::lonnet::tmpget($form{'ttoken'});
&Apache::lonnet::tmpdel($form{'ttoken'});
if ($info{'origurl'}) {
$form{'origurl'} = $info{'origurl'};
}
if ($info{'linkprot'}) {
$linkprot = $info{'linkprot'};
} elsif ($info{'linkkey'} ne '') {
$linkkey = $info{'linkkey'};
}
} elsif ($form{'logtoken'}) {
my ($firsturl,@rest);
my $lonhost = $r->dir_config('lonHostID');
my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},$lonhost);
my $delete = &Apache::lonnet::tmpdel($form{'logtoken'});
unless (($tmpinfo=~/^error/) \|\| ($tmpinfo eq 'con_lost') \|\|
($tmpinfo eq 'no_such_host')) {
(undef,$firsturl,@rest) = split(/&/,$tmpinfo);
if ($firsturl ne '') {
$firsturl = &unescape($firsturl);
}
foreach my $item (@rest) {
my ($key,$value) = split(/=/,$item);
$form{$key} = &unescape($value);
}
if ($firsturl =~ m{^/tiny/$match_domain/\w+$}) {
$form{'origurl'} = $firsturl;
}
if ($form{'linkprot'}) {
$linkprot = $form{'linkprot'};
} elsif ($form{'linkkey'} ne '') {
$linkkey = $form{'linkkey'};
}
if ($form{'iptoken'}) {
%sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
}
}
} elsif ($form{'sso'}) {
my $lonhost = $r->dir_config('lonHostID');
my $info = &Apache::lonnet::reply('tmpget:'.$form{'sso'},$lonhost);
&Apache::lonnet::tmpdel($form{'sso'});
unless (($info=~/^error/) \|\| ($info eq 'con_lost') \|\|
($info eq 'no_such_host')) {
my ($firsturl,@rest)=split(/\&/,$info);
if ($firsturl ne '') {
$form{'origurl'} = &unescape($firsturl);
}
foreach my $item (@rest) {
my ($key,$value) = split(/=/,$item);
$form{$key} = &unescape($value);
}
if ($form{'linkprot'}) {
$linkprot = $form{'linkprot'};
} elsif ($form{'linkkey'} ne '') {
$linkkey = $form{'linkkey'};
}
}
} elsif ($form{'ltoken'}) {
my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});	my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
$linkprot = $link_info{'linkprot'};	$linkprot = $link_info{'linkprot'};
my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});	my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
delete($form{'ltoken'});	}
} elsif ($form{'linkkey'} ne '') {	if ($form{'linkkey'} ne '') {
$linkkey = $form{'linkkey'};	$linkkey = $form{'linkkey'};
}	}

Line 468 sub sso_login {	Line 388 sub sso_login {
$env{'request.deeplink.login'} = $r->uri;	$env{'request.deeplink.login'} = $r->uri;
}	}
if ($env{'request.deeplink.login'}) {	if ($env{'request.deeplink.login'}) {
	&Apache::lonnet::appenv({'request.deeplink.login' => $r->uri});
if ($linkprot) {	if ($linkprot) {
$env{'request.linkprot'} = $linkprot;	&Apache::lonnet::appenv({'request.linkprot' => $linkprot});
} elsif ($linkkey ne '') {	} elsif ($linkkey ne '') {
$env{'request.linkkey'} = $linkkey;	&Apache::lonnet::appenv({'request.linkkey' => $linkkey});
}	}
}	}
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
Line 488 sub sso_login {	Line 409 sub sso_login {
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
my $ip = &Apache::lonnet::get_requestor_ip($r);	my $ip = &Apache::lonnet::get_requestor_ip($r);
my %info=('ip' => $ip,	my %info=('ip' => $ip,
'domain' => $domain,	'domain' => $domain,
'username' => $user,	'username' => $user,
Line 498 sub sso_login {	Line 419 sub sso_login {
foreach my $item ('role','symb','iptoken','origurl') {	foreach my $item ('role','symb','iptoken','origurl') {
if (exists($form{$item})) {	if (exists($form{$item})) {
$info{$item} = $form{$item};	$info{$item} = $form{$item};
} elsif ($sessiondata{$item} ne '') {
$info{$item} = $sessiondata{$item};
}	}
}	}
unless (($info{'symb'}) \|\| ($info{'origurl'})) {	unless (($info{'symb'}) \|\| ($info{'origurl'})) {
Line 556 sub sso_login {	Line 475 sub sso_login {
$r->subprocess_env->set('SSOUserUnknown' => $user);	$r->subprocess_env->set('SSOUserUnknown' => $user);
$r->subprocess_env->set('SSOUserDomain' => $domain);	$r->subprocess_env->set('SSOUserDomain' => $domain);
if (grep(/^sso$/,@cancreate)) {	if (grep(/^sso$/,@cancreate)) {
#FIXME - need to preserve origurl, role and symb, or linkprot or linkkey for use after account
# creation
$r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);	$r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);
$r->handler('perl-script');	$r->handler('perl-script');
} else {	} else {
Line 597 sub handler {	Line 514 sub handler {
if ($handle eq '') {	if ($handle eq '') {
unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) \|\|	unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) \|\|
($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) \|\|	($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) \|\|
($requrl =~ m{^/adm/help/}) \|\| ($requrl eq '/adm/sso') \|\|	($requrl =~ m{^/adm/help/}) \|\|
($requrl =~ m{^/res/$match_domain/$match_username/})) {	($requrl =~ m{^/res/$match_domain/$match_username/})) {
$r->log_reason("Cookie not valid", $r->filename);	$r->log_reason("Cookie not valid", $r->filename);
}	}
Line 655 sub handler {	Line 572 sub handler {
}	}
} elsif ($env{'request.course.id'} &&	} elsif ($env{'request.course.id'} &&
(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {	($requrl eq "/public/$cdom/$cnum/syllabus") \|\|
	($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
my $query = $r->args;	my $query = $r->args;
if ($query) {	if ($query) {
foreach my $pair (split(/&/,$query)) {	foreach my $pair (split(/&/,$query)) {
Line 677 sub handler {	Line 595 sub handler {
my $lonhost = &Apache::lonnet::host_from_dns($hostname);	my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {	if ($lonhost) {
my $actual = &Apache::lonnet::absolute_url($hostname,1,1);	my $actual = &Apache::lonnet::absolute_url($hostname,1,1);
	my $exphostname = &Apache::lonnet::hostname($lonhost);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;	my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {	unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;	$env{'request.use_absolute'} = $expected;
Line 708 sub handler {	Line 627 sub handler {
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {	if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
$otherserver = $found_server;	$otherserver = $found_server;
}	}
unless ($requrl eq '/adm/switchserver') {	unless ($requrl eq '/adm/switchserver') {
$r->set_handlers('PerlResponseHandler'=>	$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);	[\&Apache::switchserver::handler]);
}	}
Line 812 sub handler {	Line 731 sub handler {
}	}
}	}
}	}
my $clientip = &Apache::lonnet::get_requestor_ip($r);	$access=&Apache::lonnet::allowed('bre',$requrl,'','','','','',$nodeeplinkcheck);
$access=&Apache::lonnet::allowed('bre',$requrl,'','',$clientip,'','',$nodeeplinkcheck);
}	}
}	}
if ($check_block) {	if ($check_block) {
Line 826 sub handler {	Line 744 sub handler {
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
} elsif ($check_access) {	} elsif ($check_access) {
if ($handle eq '') {	if ($handle eq '') {
unless ($access eq 'F') {	unless ($access eq 'F') {
if ($requrl =~ m{^/res/$match_domain/$match_username/}) {	if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
Line 871 sub handler {	Line 789 sub handler {
}	}
}	}
} elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {	} elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
my $clientip = &Apache::lonnet::get_requestor_ip($r);	my $clientip = &Apache::lonnet::get_requestor_ip($r);
if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {	if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
Line 940 sub handler {	Line 858 sub handler {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
if ($map =~ /\.page$/) {	if ($map =~ /\.page$/) {
my $mapsymb = &Apache::lonnet::symbread($map);	my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}	}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 1026 sub handler {	Line 944 sub handler {
my $mapsymb = &Apache::lonnet::symbread($map);	my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}	}
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
}	}
}	}
}	}
Line 1080 sub handler {	Line 998 sub handler {
# ------------------------------------ See if this is a viewable portfolio file	# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {	if (&Apache::lonnet::is_portfolio_url($requrl)) {
my $clientip = &Apache::lonnet::get_requestor_ip($r);	my $clientip = &Apache::lonnet::get_requestor_ip($r);
my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
if ($access eq 'A') {	if ($access eq 'A') {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.21.2.1
changed lines
	Added in v.1.194