loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.8.2.6 and 1.179

version 1.159.2.8.2.6, 2020/10/06 19:36:07	version 1.179, 2020/09/28 00:10:27
Line 102 use Apache::loncommon();	Line 102 use Apache::loncommon();
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use Apache::blockedaccess();	use Apache::blockedaccess();
	use Apache::lonprotected();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA qw(:DEFAULT :match);	use LONCAPA qw(:DEFAULT :match);

Line 202 sub get_posted_cgi {	Line 203 sub get_posted_cgi {
$fname='';	$fname='';
$fmime='';	$fmime='';
}	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
$i++;	$i++;
}	}
} else {	} else {
Line 377 sub sso_login {	Line 386 sub sso_login {
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
my $ip = $r->get_remote_host();	my $ip = $r->get_remote_host();
my %info=('ip' => $ip,	my %info=('ip' => $ip,
'domain' => $domain,	'domain' => $domain,
'username' => $user,	'username' => $user,
Line 443 sub sso_login {	Line 452 sub sso_login {
return undef;	return undef;
}	}

	sub needs_symb_check {
	my ($requrl) = @_;
	$requrl=~/\.(\w+)$/;
	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
	($requrl=~/^\/adm\/wrapper\//) \|\|
	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
	($requrl=~m\|\.problem/smpedit$\|) \|\|
	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
	return 1;
	}
	return;
	}

sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $requrl=$r->uri;	my $requrl=$r->uri;
Line 528 sub handler {	Line 553 sub handler {
}	}
} elsif ($env{'request.course.id'} &&	} elsif ($env{'request.course.id'} &&
(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {	($requrl eq "/public/$cdom/$cnum/syllabus") \|\|
	($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
my $query = $r->args;	my $query = $r->args;
if ($query) {	if ($query) {
foreach my $pair (split(/&/,$query)) {	foreach my $pair (split(/&/,$query)) {
Line 537 sub handler {	Line 563 sub handler {
if ($value =~ /^supplemental/) {	if ($value =~ /^supplemental/) {
$suppext = 1;	$suppext = 1;
}	}
last;
}	}
}	}
}	}
Line 608 sub handler {	Line 633 sub handler {
return OK;	return OK;
}	}
}	}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
my $check_symb;
if ($requrl !~ m{^/(?:adm\|public\|(?:prt\|zip)spool)/}	if ($requrl !~ m{^/(?:adm\|public\|(?:prt\|zip)spool)/}
\|\| $requrl =~ /^\/adm\/.*\/(smppg\|bulletinboard)(\?\|$ )/x) {	\|\| $requrl =~ /^\/adm\/.*\/(smppg\|bulletinboard)(\?\|$ )/x) {
my ($access,$poss_symb);	my ($access,$poss_symb);
if (($env{'request.course.id'}) && (!$suppext)) {	if (($env{'request.course.id'}) && (!$suppext) && (&needs_symb_check($requrl))) {
$requrl=~/\.(\w+)$/;	unless ($env{'form.symb'}) {
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	if ($r->args) {
($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|	&Apache::loncommon::get_unprocessed_cgi($r->args,['symb']);
($requrl=~/^\/adm\/wrapper\//) \|\|	}
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/) \|\|
($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/) \|\|
($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
$check_symb = 1;
}	}
}
if ($check_symb) {
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});	$poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
} elsif (($env{'request.course.id'}) && ($r->args ne '')) {
my $query = $r->args;
foreach my $pair (split(/&/,$query)) {
my ($name, $value) = split(/=/,$pair);
$name = &unescape($name);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
if ($name eq 'symb') {
$poss_symb = &Apache::lonnet::symbclean($value);
last;
}
}
}	}
if ($poss_symb) {	if ($poss_symb) {
my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);	my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
Line 693 sub handler {	Line 695 sub handler {
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
	if ($access eq 'D') {
	&Apache::lonprotected::setup_handler($r);
	return OK;
	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
if ($requrl =~ m{^/res/}) {	if ($requrl =~ m{^/res/}) {
$access = &Apache::lonnet::allowed('bro',$requrl);	$access = &Apache::lonnet::allowed('bro',$requrl);
Line 740 sub handler {	Line 746 sub handler {
$env{'user.domain'} eq 'public' &&	$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res\|public\|uploaded)/} &&	$requrl !~ m{^/+(res\|public\|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&	$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
$requrl !~ m{^/adm/blockingstatus/.*$} &&	$requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {	$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;	$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;	$env{'request.firsturl'}=$requrl;
Line 750 sub handler {	Line 756 sub handler {
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);	&Apache::lonnet::countacc($requrl);
my $query=$r->args;	my $query=$r->args;
if ($check_symb) {	if (&needs_symb_check($requrl)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $symb;	my $symb;
if ($query) {	if ($query) {
Line 758 sub handler {	Line 764 sub handler {
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
if ($requrl eq '/adm/navmaps') {	if ($requrl eq '/adm/navmaps') {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);	&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
} elsif ($requrl =~ m\|^/adm/wrapper/\|	} elsif ($requrl =~ m\|^/adm/wrapper/\|
\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {	\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
if ($map =~ /\.page$/) {	if ($map =~ /\.page$/) {
my $mapsymb = &Apache::lonnet::symbread($map);	my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}	}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 793 sub handler {	Line 799 sub handler {
if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
$requrl = $1;	$requrl = $1;
}	}
$symb=&Apache::lonnet::symbread($requrl);	unless ($suppext) {
if (&Apache::lonnet::is_on_map($requrl) && $symb) {	$symb=&Apache::lonnet::symbread($requrl);
my ($encstate,$invalidsymb);	if (&Apache::lonnet::is_on_map($requrl) && $symb) {
unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {	my ($encstate,$invalidsymb);
$invalidsymb = 1;	unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
#	$invalidsymb = 1;
# If $env{'request.enc'} inconsistent with encryption expected for $symb	#
# retrieved by lonnet::symbread(), call again to check for an instance of	# If $env{'request.enc'} is true, but no encryption for $symb retrieved
# $requrl in the course for which expected encryption matches request.enc.	# by original lonnet::symbread() call, call again to check for an instance
# If symb for different instance passes lonnet::symbverify(), use that as	# of $requrl in the course which has encryption, and set that as the symb.
# the symb for $requrl and call &Apache::lonnet::allowed() for that symb.	# If there is no such symb, or symbverify() fails for the new symb proceed
# Report invalid symb if there is no other symb. Redirect to /adm/ambiguous	# to report invalid symb.
# if multiple possible symbs consistent with request.enc available for $requrl.	#
#	if ($env{'request.enc'} && !$encstate) {
if (($env{'request.enc'} && !$encstate) \|\| (!$env{'request.enc'} && $encstate)) {	my %possibles;
my %possibles;	my $nocache = 1;
my $nocache = 1;	$symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
my $oldsymb = $symb;	if ($symb) {
$symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);	if (&Apache::lonnet::symbverify($symb,$requrl)) {
if (($symb) && ($symb ne $oldsymb)) {
if (&Apache::lonnet::symbverify($symb,$requrl)) {
my $access=&Apache::lonnet::allowed('bre',$requrl,$symb);
if ($access eq 'B') {
$env{'request.symb'} = $symb;
&Apache::blockedaccess::setup_handler($r);
return OK;
} elsif (($access eq '2') \|\| ($access eq 'F')) {
$invalidsymb = '';	$invalidsymb = '';
}	}
	} elsif (keys(%possibles) > 1) {
	$r->internal_redirect('/adm/ambiguous');
	return OK;
}	}
} elsif (keys(%possibles) > 1) {
$r->internal_redirect('/adm/ambiguous');
return OK;
}	}
}	if ($invalidsymb) {
if ($invalidsymb) {	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	$env{'user.error.msg'}=
$env{'user.error.msg'}=	"$requrl:bre:1:1:Invalid Access";
"$requrl:bre:1:1:Invalid Access";	return HTTP_NOT_ACCEPTABLE;
return HTTP_NOT_ACCEPTABLE;	}
}	}
}	}
}	if ($symb) {
if ($symb) {	my ($map,$mid,$murl)=
my ($map,$mid,$murl)=	&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::decode_symb($symb);	if ($requrl eq '/adm/navmaps') {
if ($requrl eq '/adm/navmaps') {	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid]);
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid]);	} else {
} else {	if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {
if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {	my $mapsymb = &Apache::lonnet::symbread($map);
my $mapsymb = &Apache::lonnet::symbread($map);	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	}
	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
	'last_known' =>[$murl,$mid]);
}	}
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	}
'last_known' =>[$murl,$mid]);
}
}	}
}	}
$env{'request.symb'}=$symb;	$env{'request.symb'}=$symb;
Line 900 sub handler {	Line 898 sub handler {
# ------------------------------------ See if this is a viewable portfolio file	# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {	if (&Apache::lonnet::is_portfolio_url($requrl)) {
my $clientip = $r->get_remote_host();	my $clientip = $r->get_remote_host();
my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
if ($access eq 'A') {	if ($access eq 'A') {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.8.2.6
changed lines
	Added in v.1.179