loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.8.2.5 and 1.159.2.15

version 1.159.2.8.2.5, 2020/10/01 12:43:10	version 1.159.2.15, 2020/10/23 21:33:46
Line 355 sub sso_login {	Line 355 sub sso_login {
# login but immediately go to switch server to find us a new	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
foreach my $item (keys(%form)) {
$env{'form.'.$item} = $form{$item};
}
unless ($form{'symb'}) {
unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {
$env{'form.origurl'} = $r->uri;
}
}
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {	if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
Line 550 sub handler {	Line 542 sub handler {
my $lonhost = &Apache::lonnet::host_from_dns($hostname);	my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {	if ($lonhost) {
my $actual = &Apache::lonnet::absolute_url($hostname);	my $actual = &Apache::lonnet::absolute_url($hostname);
my $exphostname = &Apache::lonnet::hostname($lonhost);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;	my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {	unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;	$env{'request.use_absolute'} = $expected;
Line 572 sub handler {	Line 563 sub handler {
if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) {	if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) {
$checkexempt = 1;	$checkexempt = 1;
}	}
unless ($checkexempt) {	unless (($checkexempt) \|\| (($requrl eq '/adm/switchserver') && (!$r->is_initial_req()))) {
($is_balancer,$otherserver) =	($is_balancer,$otherserver) =
&Apache::lonnet::check_loadbalancing($env{'user.name'},	&Apache::lonnet::check_loadbalancing($env{'user.name'},
$env{'user.domain'});	$env{'user.domain'});
if ($is_balancer) {	if ($is_balancer) {
unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {	# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)	my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);	if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {	$otherserver = $found_server;
$otherserver = $found_server;	}
}	unless ($requrl eq '/adm/switchserver') {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
}	}
}
}
if ($is_balancer) {
unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
if ($otherserver ne '') {	if ($otherserver ne '') {
$env{'form.otherserver'} = $otherserver;	$env{'form.otherserver'} = $otherserver;
}	}
}	unless (($env{'form.origurl'}) \|\| ($r->uri eq '/adm/roles') \|\|
unless (($env{'form.origurl'}) \|\| ($r->uri eq '/adm/roles') \|\|	($r->uri eq '/adm/switchserver') \|\| ($r->uri eq '/adm/sso')) {
($r->uri eq '/adm/switchserver') \|\| ($r->uri eq '/adm/sso')) {	$env{'form.origurl'} = $r->uri;
$env{'form.origurl'} = $r->uri;	}
}
}
if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
if ($env{'user.name'} eq 'public' &&
$env{'user.domain'} eq 'public') {
$env{'request.firsturl'}=$requrl;
return FORBIDDEN;
} else {
return OK;
}	}
}	}

Line 798 sub handler {	Line 776 sub handler {
unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {	unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
$invalidsymb = 1;	$invalidsymb = 1;
#	#
# If $env{'request.enc'} is true, but no encryption for $symb retrieved	# If $env{'request.enc'} inconsistent with encryption expected for $symb
# by original lonnet::symbread() call, call again to check for an instance	# retrieved by lonnet::symbread(), call again to check for an instance of
# of $requrl in the course which has encryption, and set that as the symb.	# $requrl in the course for which expected encryption matches request.enc.
# If there is no such symb, or symbverify() fails for the new symb proceed	# If symb for different instance passes lonnet::symbverify(), use that as
# to report invalid symb.	# the symb for $requrl and call &Apache::lonnet::allowed() for that symb.
	# Report invalid symb if there is no other symb. Redirect to /adm/ambiguous
	# if multiple possible symbs consistent with request.enc available for $requrl.
#	#
if ($env{'request.enc'} && !$encstate) {	if (($env{'request.enc'} && !$encstate) \|\| (!$env{'request.enc'} && $encstate)) {
my %possibles;	my %possibles;
my $nocache = 1;	my $nocache = 1;
	my $oldsymb = $symb;
$symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);	$symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
if ($symb) {	if (($symb) && ($symb ne $oldsymb)) {
if (&Apache::lonnet::symbverify($symb,$requrl)) {	if (&Apache::lonnet::symbverify($symb,$requrl)) {
$invalidsymb = '';	my $access=&Apache::lonnet::allowed('bre',$requrl,$symb);
	if ($access eq 'B') {
	$env{'request.symb'} = $symb;
	&Apache::blockedaccess::setup_handler($r);
	return OK;
	} elsif (($access eq '2') \|\| ($access eq 'F')) {
	$invalidsymb = '';
	}
}	}
} elsif (keys(%possibles) > 1) {	} elsif (keys(%possibles) > 1) {
$r->internal_redirect('/adm/ambiguous');	$r->internal_redirect('/adm/ambiguous');

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.8.2.5
changed lines
	Added in v.1.159.2.15