loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.100 and 1.112

version 1.100, 2006/09/19 18:03:02	version 1.112, 2007/11/06 02:26:07
Line 36 use Apache::lonnet;	Line 36 use Apache::lonnet;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use CGI::Cookie();	use Apache::blockedaccess();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA;

Line 63 sub get_posted_cgi {	Line 63 sub get_posted_cgi {
if ($r->header_in('Content-length')) {	if ($r->header_in('Content-length')) {
$r->read($buffer,$r->header_in('Content-length'),0);	$r->read($buffer,$r->header_in('Content-length'),0);
}	}
unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) {	unless ($buffer=~/^(\-+[\+\w]+)\s+Content\-Disposition\:\s*form\-data/si) {
my @pairs=split(/&/,$buffer);	my @pairs=split(/&/,$buffer);
my $pair;	my $pair;
foreach $pair (@pairs) {	foreach $pair (@pairs) {
Line 83 sub get_posted_cgi {	Line 83 sub get_posted_cgi {
my $fmime='';	my $fmime='';
my $i;	my $i;
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^$contentsep/) {	if ($lines[$i]=~/^\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	chomp($value);
if ($fname) {	if ($fname) {
Line 144 sub get_posted_cgi {	Line 144 sub get_posted_cgi {
# returns OK if it was a SSO and user was handled	# returns OK if it was a SSO and user was handled
# undef if not SSO or no means to hanle the user	# undef if not SSO or no means to hanle the user
sub sso_login {	sub sso_login {
my ($r,$lonid,$handle) = @_;	my ($r,$handle) = @_;

my $lonidsdir=$r->dir_config('lonIDsDir');	my $lonidsdir=$r->dir_config('lonIDsDir');
if (!($r->user	if (!($r->user
&& (!defined($env{'user.name'}) && !defined($env{'user.domain'}))	&& (!defined($env{'user.name'}) && !defined($env{'user.domain'}))
&& (!$lonid \|\| !-e "$lonidsdir/$handle.id" \|\| $handle eq ''))) {	&& ($handle eq ''))) {
# not an SSO case or already logged in	# not an SSO case or already logged in
return undef;	return undef;
}	}
Line 159 sub sso_login {	Line 159 sub sso_login {
my $domain = $r->dir_config('lonDefDomain');	my $domain = $r->dir_config('lonDefDomain');
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	if ($r->dir_config("lonBalancer") eq 'yes') {
# login but immeaditly go to switch server to find us a new	# login but immeaditly go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
	$env{'request.sso.login'} = 1;
	if (defined($r->dir_config("lonSSOReloginServer"))) {
	$env{'request.sso.reloginserver'} =
	$r->dir_config('lonSSOReloginServer');
	}
$r->internal_redirect('/adm/switchserver');	$r->internal_redirect('/adm/switchserver');
	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
Line 173 sub sso_login {	Line 180 sub sso_login {
'server' => $r->dir_config('lonHostID'),	'server' => $r->dir_config('lonHostID'),
'sso.login' => 1	'sso.login' => 1
);	);
	if (defined($r->dir_config("lonSSOReloginServer"))) {
	$info{'sso.reloginserver'} =
	$r->dir_config('lonSSOReloginServer');
	}
my $token =	my $token =
&Apache::lonnet::tmpput(\%info,	&Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'));	$r->dir_config('lonHostID'));
$env{'form.token'} = $token;	$env{'form.token'} = $token;
$r->internal_redirect('/adm/migrateuser');	$r->internal_redirect('/adm/migrateuser');
	$r->set_handlers('PerlHandler'=> undef);
}	}
return OK;	return OK;
} elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {	} elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) {
	&Apache::lonnet::logthis(" SSO authorized unknown user $user ");
	$r->subprocess_env->set('SSOUserUnknown' => $user);
	$r->subprocess_env->set('SSOUserDomain' => $domain);
$r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));	$r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect'));
	$r->set_handlers('PerlHandler'=> undef);
return OK;	return OK;
}	}
return undef;	return undef;
Line 190 sub sso_login {	Line 206 sub sso_login {
sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requrl=$r->uri;	my $requrl=$r->uri;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));	if (&Apache::lonnet::is_domainimage($requrl)) {
my $lonid=$cookies{'lonID'};	return OK;
my $cookie;
my $lonidsdir=$r->dir_config('lonIDsDir');

my $handle;
if ($lonid) {
$handle=$lonid->value;
$handle=~s/\W//g;
}	}

my $result = &sso_login($r,$lonid,$handle);
	my $handle = &Apache::lonnet::check_for_valid_session($r);

	my $result = &sso_login($r,$handle);
if (defined($result)) {	if (defined($result)) {
return $result	return $result
}	}
Line 214 sub handler {	Line 226 sub handler {

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	$r->log_reason("Cookie $handle not valid", $r->filename);
} elsif ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {	} elsif ($handle ne '') {

# ------------------------------------------------------ Initialize Environment	# ------------------------------------------------------ Initialize Environment
	my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);	&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);

# --------------------------------------------------------- Initialize Language	# --------------------------------------------------------- Initialize Language
Line 254 sub handler {	Line 266 sub handler {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;
}	}
	if ($access eq 'B') {
	&Apache::blockedaccess::setup_handler($r);
	return OK;
	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
Line 264 sub handler {	Line 280 sub handler {
$env{'user.domain'};	$env{'user.domain'};
if ($requrl !~ /^\Q$start\E/) {	if ($requrl !~ /^\Q$start\E/) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	}
	if ($requrl =~ m\|^/zipspool/\|) {
	my $start='/zipspool/zipout/'.$env{'user.name'}.":".
	$env{'user.domain'};
	if ($requrl !~ /^\Q$start\E/) {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.100
changed lines
	Added in v.1.112