loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.8.2.11 and 1.159.2.18

version 1.159.2.8.2.11, 2021/02/10 11:37:49	version 1.159.2.18, 2021/01/04 03:47:01
Line 355 sub sso_login {	Line 355 sub sso_login {
# login but immediately go to switch server to find us a new	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
foreach my $item (keys(%form)) {
$env{'form.'.$item} = $form{$item};
}
unless ($form{'symb'}) {
unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {
$env{'form.origurl'} = $r->uri;
}
}
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {	if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
Line 550 sub handler {	Line 542 sub handler {
my $lonhost = &Apache::lonnet::host_from_dns($hostname);	my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {	if ($lonhost) {
my $actual = &Apache::lonnet::absolute_url($hostname);	my $actual = &Apache::lonnet::absolute_url($hostname);
my $exphostname = &Apache::lonnet::hostname($lonhost);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;	my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {	unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;	$env{'request.use_absolute'} = $expected;
Line 595 sub handler {	Line 586 sub handler {
}	}
}	}
}	}
if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
if ($env{'user.name'} eq 'public' &&
$env{'user.domain'} eq 'public') {
$env{'request.firsturl'}=$requrl;
return FORBIDDEN;
} else {
return OK;
}
}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
Line 616 sub handler {	Line 598 sub handler {
if (($requrl eq '/adm/viewclasslist') \|\|	if (($requrl eq '/adm/viewclasslist') \|\|
($requrl =~ m{^(/adm/wrapper\|)\Q/uploaded/$cdom/$cnum/docs/\E}) \|\|	($requrl =~ m{^(/adm/wrapper\|)\Q/uploaded/$cdom/$cnum/docs/\E}) \|\|
($requrl =~ m{^/adm/.*/aboutme$}) \|\|	($requrl =~ m{^/adm/.*/aboutme$}) \|\|
($requrl=~m{^/adm/coursedocs/showdoc/}) \|\|	($requrl=~m{^/adm/coursedocs/showdoc/})) {
($requrl=~m{^(/adm/wrapper\|)/adm/$cdom/$cnum/\d+/ext\.tool$})) {
$check_block = 1;	$check_block = 1;
}	}
}	}
Line 630 sub handler {	Line 611 sub handler {
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/) \|\|	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/) \|\|	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
$check_symb = 1;	$check_symb = 1;
}	}
}	}
Line 686 sub handler {	Line 666 sub handler {
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
} elsif ($check_access) {	} elsif ($check_access) {
if ($handle eq '') {	if ($handle eq '') {
unless ($access eq 'F') {	unless ($access eq 'F') {
if ($requrl =~ m{^/res/$match_domain/$match_username/}) {	if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
Line 776 sub handler {	Line 756 sub handler {
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
if (($requrl eq '/adm/navmaps') \|\|	if ($requrl eq '/adm/navmaps') {
($requrl =~ m{^/adm/wrapper/}) \|\|	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
($requrl =~ m{^/adm/coursedocs/showdoc/})) {	&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
unless (&Apache::lonnet::symbverify($symb,$requrl)) {	} elsif ($requrl =~ m\|^/adm/wrapper/\|
if (&Apache::lonnet::is_on_map($requrl)) {	\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {
$symb = &Apache::lonnet::symbread($requrl);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
unless (&Apache::lonnet::symbverify($symb,$requrl)) {	if ($map =~ /\.page$/) {
undef($symb);	my $mapsymb = &Apache::lonnet::symbread($map);
}	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
}
if ($symb) {
if ($requrl eq '/adm/navmaps') {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
} elsif (($requrl =~ m{^/adm/wrapper/}) \|\|
($requrl =~ m{^/adm/coursedocs/showdoc/})) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
if ($map =~ /\.page$/) {
my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);
}
}	}
	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1)) \|\|	&Apache::lonnet::symbverify($symb,$1)) \|\|
Line 861 sub handler {	Line 827 sub handler {
}	}
}	}
if ($invalidsymb) {	if ($invalidsymb) {
if ($requrl eq '/adm/navmaps') {	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
undef($symb);	$env{'user.error.msg'}=
} else {	"$requrl:bre:1:1:Invalid Access";
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	return HTTP_NOT_ACCEPTABLE;
$env{'user.error.msg'}=
"$requrl:bre:1:1:Invalid Access";
return HTTP_NOT_ACCEPTABLE;
}
}	}
}	}
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.8.2.11
changed lines
	Added in v.1.159.2.18