Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.119 and 1.142

version 1.119, 2008/11/18 19:14:34	version 1.142, 2013/01/30 16:23:47
Line 87 store attempted access	Line 87 store attempted access

=back	=back

	=head1 NOTABLE SUBROUTINES

	=over

=cut	=cut


Line 101 use Apache::lonlocal;	Line 105 use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use Apache::blockedaccess();	use Apache::blockedaccess();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA qw(:DEFAULT :match);

sub cleanup {	sub cleanup {
my ($r)=@_;	my ($r)=@_;
Line 152 sub get_posted_cgi {	Line 156 sub get_posted_cgi {
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^--\Q$contentsep\E/) {	if ($lines[$i]=~/^--\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	chomp($value);
	if (($r->uri eq '/adm/portfolio') &&
	($name eq 'uploaddoc')) {
	if (length($value) == 1) {
	$value=~s/[\r\n]$//;
	}
	}
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
next if (!grep(/^\Q$name\E$/,@{$fields}));	next if (!grep(/^\Q$name\E$/,@{$fields}));
}	}
Line 218 sub get_posted_cgi {	Line 228 sub get_posted_cgi {
$r->headers_in->unset('Content-length');	$r->headers_in->unset('Content-length');
}	}

#	=pod
# Perform size checks for file uploads to essayresponse items in course context.
#	=item upload_size_allowed()
# Add form.HWFILESIZE.$part_$id to %env with file size (MB)
# If file exceeds maximum allowed size, add form.HWFILETOOBIG.$part_$id to %env.	Perform size checks for file uploads to essayresponse items in course context.
#
	Add form.HWFILESIZE.$part_$id to %env with file size (MB)
	If file exceeds maximum allowed size, add form.HWFILETOOBIG.$part_$id to %env.

	=cut

sub upload_size_allowed {	sub upload_size_allowed {
my ($name,$size,$fname) = @_;	my ($name,$size,$fname) = @_;
if ($name =~ /^HWFILE(\w+)$/) {	if ($name =~ /^HWFILE(\w+)$/) {
my $ident = $1;	my $ident = $1;
my $item = 'HWFILESIZE'.$ident;	my $item = 'HWFILESIZE'.$ident;
&Apache::loncommon::add_to_env("form.$item",$size);	my $savesize = sprintf("%.6f",$size);
	&Apache::loncommon::add_to_env("form.$item",$savesize);
my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize");	my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize");
if (!$maxsize) {	if (!$maxsize) {
$maxsize = 100.0;	$maxsize = 10.0; # FIXME This should become a domain configuration.
}	}
if ($size > $maxsize) {	if ($size > $maxsize) {
my $warn = 'HWFILETOOBIG'.$ident;	my $warn = 'HWFILETOOBIG'.$ident;
Line 244 sub upload_size_allowed {	Line 259 sub upload_size_allowed {
return 'ok';	return 'ok';
}	}

# handle the case of the single sign on user, at this point $r->user	=pod
# will be set and valid now need to find the loncapa user info and possibly
# balance them	=item sso_login()
# returns OK if it was a SSO and user was handled
# undef if not SSO or no means to hanle the user	handle the case of the single sign on user, at this point $r->user
	will be set and valid now need to find the loncapa user info and possibly
	balance them
	returns OK if it was a SSO and user was handled
	undef if not SSO or no means to hanle the user

	=cut

sub sso_login {	sub sso_login {
my ($r,$handle) = @_;	my ($r,$handle) = @_;
Line 263 sub sso_login {	Line 284 sub sso_login {

my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);	my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);

my $domain = $r->dir_config('lonDefDomain');	my $query = $r->args;
	my %form;
	if ($query) {
	my @items = ('role','symb');
	&Apache::loncommon::get_unprocessed_cgi($query,\@items);
	foreach my $item (@items) {
	if (defined($env{'form.'.$item})) {
	$form{$item} = $env{'form.'.$item};
	}
	}
	}

	my $domain = $r->dir_config('lonSSOUserDomain');
	if ($domain eq '') {
	$domain = $r->dir_config('lonDefDomain');
	}
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
&Apache::lonnet::logthis(" SSO authorized user $user ");	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	my ($is_balancer,$otherserver) =
# login but immeaditly go to switch server to find us a new	&Apache::lonnet::check_loadbalancing($user,$domain);
	if ($is_balancer) {
	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
Line 276 sub sso_login {	Line 314 sub sso_login {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
$r->dir_config('lonSSOReloginServer');	$r->dir_config('lonSSOReloginServer');
}	}
$r->internal_redirect('/adm/switchserver');	my $redirecturl = '/adm/switchserver';
	if ($otherserver ne '') {
	$redirecturl .= '?otherserver='.$otherserver;
	}
	$r->internal_redirect($redirecturl);
$r->set_handlers('PerlHandler'=> undef);	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
Line 287 sub sso_login {	Line 329 sub sso_login {
'server' => $r->dir_config('lonHostID'),	'server' => $r->dir_config('lonHostID'),
'sso.login' => 1	'sso.login' => 1
);	);
	foreach my $item ('role','symb') {
	if (exists($form{$item})) {
	$info{$item} = $form{$item};
	}
	}
if ($r->dir_config("ssodirecturl") == 1) {	if ($r->dir_config("ssodirecturl") == 1) {
$info{'origurl'} = $r->uri;	$info{'origurl'} = $r->uri;
}	}
Line 337 sub handler {	Line 384 sub handler {
return OK;	return OK;
}	}

	if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif\|png)$}) {
	return OK;
	}

my $handle = &Apache::lonnet::check_for_valid_session($r);	my $handle = &Apache::lonnet::check_for_valid_session($r);

my $result = &sso_login($r,$handle);	my $result = &sso_login($r,$handle);
Line 345 sub handler {	Line 395 sub handler {
return $result;	return $result;
}	}

	my ($is_balancer,$otherserver);

if ($r->dir_config("lonBalancer") eq 'yes') {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
	$r->log_reason("Cookie $handle not valid", $r->filename);
	}
} elsif ($handle ne '') {	} elsif ($handle ne '') {

# ------------------------------------------------------ Initialize Environment	# ------------------------------------------------------ Initialize Environment
Line 369 sub handler {	Line 417 sub handler {
if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {	if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {
# -------------------------------------------------------------- Resource State	# -------------------------------------------------------------- Resource State

	my ($cdom,$cnum);
	if ($env{'request.course.id'}) {
	$cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
	$cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
	}
if ($requrl=~/^\/+(res\|uploaded)\//) {	if ($requrl=~/^\/+(res\|uploaded)\//) {
$env{'request.state'} = "published";	$env{'request.state'} = "published";
} else {	} else {
Line 376 sub handler {	Line 429 sub handler {
}	}
$env{'request.filename'} = $r->filename;	$env{'request.filename'} = $r->filename;
$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
	my $suppext;
	if ($requrl =~ m{^/adm/wrapper/ext/}) {
	my $query = $r->args;
	if ($query) {
	my $preserved;
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	unless ($name eq 'symb') {
	$preserved .= $pair.'&';
	}
	if (($env{'request.course.id'}) && ($name eq 'folderpath')) {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
	}
	$preserved =~ s/\&$//;
	if ($preserved) {
	$env{'request.external.querystring'} = $preserved;
	}
	}
	} elsif ($env{'request.course.id'} &&
	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
	($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
	my $query = $r->args;
	if ($query) {
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	if ($name eq 'folderpath') {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
	}
	}
	}
# -------------------------------------------------------- Load POST parameters	# -------------------------------------------------------- Load POST parameters

&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);

	# ------------------------------------------------------ Check if load balancer

	my $checkexempt;
	if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {
	if ($env{'user.loadbalcheck.time'} + 600 > time) {
	$checkexempt = 1;
	}
	}
	unless ($checkexempt) {
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing($env{'user.name'},
	$env{'user.domain'});
	}
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}	if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}
Line 398 sub handler {	Line 508 sub handler {
return OK;	return OK;
}	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	if ($requrl =~ m{^/res/}) {
return HTTP_NOT_ACCEPTABLE;	$access = &Apache::lonnet::allowed('bro',$requrl);
	if ($access ne 'F') {
	if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
	$access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
	if ($access ne 'F') {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
}	}
}	}
if ($requrl =~ m\|^/prtspool/\|) {	if ($requrl =~ m\|^/prtspool/\|) {
Line 422 sub handler {	Line 548 sub handler {
$env{'user.domain'} eq 'public' &&	$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res\|public\|uploaded)/} &&	$requrl !~ m{^/+(res\|public\|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&	$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
	$requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {	$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;	$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;	$env{'request.firsturl'}=$requrl;
Line 431 sub handler {	Line 558 sub handler {
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);	&Apache::lonnet::countacc($requrl);
$requrl=~/\.(\w+)$/;	$requrl=~/\.(\w+)$/;
	my $query=$r->args;
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
($requrl=~/^\/adm\/.*\/(aboutme\|navmaps\|smppg\|bulletinboard)(\?\|$ )/x) \|\|	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
($requrl=~/^\/adm\/wrapper\//) \|\|	($requrl=~/^\/adm\/wrapper\//) \|\|
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/)) {	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $query=$r->args;
my $symb;	my $symb;
if ($query) {	if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);	&Apache::loncommon::get_unprocessed_cgi($query,['symb','folderpath']);
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
Line 452 sub handler {	Line 581 sub handler {
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1))) {	&Apache::lonnet::symbverify($symb,$1)) \|\|
	(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&
	&Apache::lonnet::symbverify($symb,$1))) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 464 sub handler {	Line 595 sub handler {
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
} else {	} else {
$symb=&Apache::lonnet::symbread($requrl);	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
if (&Apache::lonnet::is_on_map($requrl) && $symb &&	$requrl = $1;
!&Apache::lonnet::symbverify($symb,$requrl)) {	}
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	unless ($suppext) {
$env{'user.error.msg'}=	$symb=&Apache::lonnet::symbread($requrl);
"$requrl:bre:1:1:Invalid Access";	if (&Apache::lonnet::is_on_map($requrl) && $symb &&
return HTTP_NOT_ACCEPTABLE;	!&Apache::lonnet::symbverify($symb,$requrl)) {
}	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
if ($symb) {	$env{'user.error.msg'}=
my ($map,$mid,$murl)=	"$requrl:bre:1:1:Invalid Access";
&Apache::lonnet::decode_symb($symb);	return HTTP_NOT_ACCEPTABLE;
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	}
'last_known' =>[$murl,$mid]);	if ($symb) {
	my ($map,$mid,$murl)=
	&Apache::lonnet::decode_symb($symb);
	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
	'last_known' =>[$murl,$mid]);
	}
}	}
}	}
$env{'request.symb'}=$symb;	$env{'request.symb'}=$symb;
Line 485 sub handler {	Line 621 sub handler {
# ------------------------------------------------------- This is other content	# ------------------------------------------------------- This is other content
&Apache::lonnet::courseacclog($requrl);	&Apache::lonnet::courseacclog($requrl);
}	}
	if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/(docs\|supplemental)/.+\.html?$}) {
	if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
	if ($query) {
	&Apache::loncommon::get_unprocessed_cgi($query,['forceedit']);
	if ($env{'form.forceedit'}) {
	$env{'request.state'} = 'edit';
	}
	}
	}
	}
}	}
return OK;	return OK;
	} else {
	my $defdom=$r->dir_config('lonDefDomain');
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing(undef,$defdom);
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}
}	}
# -------------------------------------------- See if this is a public resource	# -------------------------------------------- See if this is a public resource
if ($requrl=~m\|^/+adm/+help/+\|) {	if ($requrl=~m\|^/+adm/+help/+\|) {
Line 522 sub handler {	Line 679 sub handler {

1;	1;
__END__	__END__

	=pod

	=back

	=cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.119
changed lines
	Added in v.1.142