loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.8.2.5 and 1.162

version 1.159.2.8.2.5, 2020/10/01 12:43:10	version 1.162, 2015/12/03 20:40:21
Line 109 sub cleanup {	Line 109 sub cleanup {
my ($r)=@_;	my ($r)=@_;
if (! $r->is_initial_req()) { return DECLINED; }	if (! $r->is_initial_req()) { return DECLINED; }
&Apache::lonnet::save_cache();	&Apache::lonnet::save_cache();
	&Apache::lontexconvert::jsMath_reset();
return OK;	return OK;
}	}

Line 159 sub get_posted_cgi {	Line 160 sub get_posted_cgi {
if (length($value) == 1) {	if (length($value) == 1) {
$value=~s/[\r\n]$//;	$value=~s/[\r\n]$//;
}	}
} elsif ($fname =~ /\.(xls\|doc\|ppt)(x\|m)$/i) {	} elsif ($fname =~ /\.(xls\|doc\|ppt)x$/i) {
$value=~s/[\r\n]$//;	$value=~s/[\r\n]$//;
}	}
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
Line 202 sub get_posted_cgi {	Line 203 sub get_posted_cgi {
$fname='';	$fname='';
$fmime='';	$fmime='';
}	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
$i++;	$i++;
}	}
} else {	} else {
Line 281 sub upload_size_allowed {	Line 290 sub upload_size_allowed {
sub sso_login {	sub sso_login {
my ($r,$handle,$username) = @_;	my ($r,$handle,$username) = @_;

	my $lonidsdir=$r->dir_config('lonIDsDir');
if (($r->user eq '') \|\| ($username ne '') \|\| ($r->user eq 'public:public') \|\|	if (($r->user eq '') \|\| ($username ne '') \|\| ($r->user eq 'public:public') \|\|
(defined($env{'user.name'}) && (defined($env{'user.domain'}))	(defined($env{'user.name'}) && (defined($env{'user.domain'}))
&& ($handle ne ''))) {	&& ($handle ne ''))) {
Line 330 sub sso_login {	Line 340 sub sso_login {
}	}
unless ($hosthere) {	unless ($hosthere) {
($is_balancer,$otherserver) =	($is_balancer,$otherserver) =
&Apache::lonnet::check_loadbalancing($user,$domain,'login');	&Apache::lonnet::check_loadbalancing($user,$domain);
if ($is_balancer) {
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
if (($found_server) && ($balancer_cookie =~ /^\Q$domain\E_\Q$user\E_/)) {
$otherserver = $found_server;
} elsif ($otherserver eq '') {
my $lowest_load;
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain);
if ($lowest_load > 100) {
$otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$domain);
}
if ($otherserver ne '') {
my @hosts = &Apache::lonnet::current_machine_ids();
if (grep(/^\Q$otherserver\E$/,@hosts)) {
$hosthere = $otherserver;
}
}
}
}
}	}
if (($is_balancer) && (!$hosthere)) {
	if ($is_balancer) {
# login but immediately go to switch server to find us a new	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
foreach my $item (keys(%form)) {
$env{'form.'.$item} = $form{$item};
}
unless ($form{'symb'}) {
unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {
$env{'form.origurl'} = $r->uri;
}
}
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {	if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
Line 377 sub sso_login {	Line 361 sub sso_login {
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
my $ip = $r->get_remote_host();	my $ip;
	my $c = $r->connection;
	eval {
	$ip = $c->remote_ip();
	};
	if ($@) {
	$ip = $c->client_ip();
	}
my %info=('ip' => $ip,	my %info=('ip' => $ip,
'domain' => $domain,	'domain' => $domain,
'username' => $user,	'username' => $user,
Line 401 sub sso_login {	Line 392 sub sso_login {
$info{'sso.reloginserver'} =	$info{'sso.reloginserver'} =
$r->dir_config('lonSSOReloginServer');	$r->dir_config('lonSSOReloginServer');
}	}
if (($is_balancer) && ($hosthere)) {
$info{'noloadbalance'} = $hosthere;
}
my $token =	my $token =
&Apache::lonnet::tmpput(\%info,	&Apache::lonnet::tmpput(\%info,
$r->dir_config('lonHostID'));	$r->dir_config('lonHostID'));
Line 509 sub handler {	Line 497 sub handler {
my $preserved;	my $preserved;
foreach my $pair (split(/&/,$query)) {	foreach my $pair (split(/&/,$query)) {
my ($name, $value) = split(/=/,$pair);	my ($name, $value) = split(/=/,$pair);
unless (($name eq 'symb') \|\| ($name eq 'usehttp')) {	unless ($name eq 'symb') {
$preserved .= $pair.'&';	$preserved .= $pair.'&';
}	}
if (($env{'request.course.id'}) && ($name eq 'folderpath')) {	if (($env{'request.course.id'}) && ($name eq 'folderpath')) {
Line 537 sub handler {	Line 525 sub handler {
if ($value =~ /^supplemental/) {	if ($value =~ /^supplemental/) {
$suppext = 1;	$suppext = 1;
}	}
last;
}	}
}	}
}	}
Line 550 sub handler {	Line 537 sub handler {
my $lonhost = &Apache::lonnet::host_from_dns($hostname);	my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {	if ($lonhost) {
my $actual = &Apache::lonnet::absolute_url($hostname);	my $actual = &Apache::lonnet::absolute_url($hostname);
my $exphostname = &Apache::lonnet::hostname($lonhost);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;	my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {	unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;	$env{'request.use_absolute'} = $expected;
Line 566 sub handler {	Line 552 sub handler {
my $checkexempt;	my $checkexempt;
if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {	if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {
if ($env{'user.loadbalcheck.time'} + 600 > time) {	if ($env{'user.loadbalcheck.time'} + 600 > time) {
$checkexempt = 1;	$checkexempt = 1;
}	}
}	}
if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) {	if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) {
Line 576 sub handler {	Line 562 sub handler {
($is_balancer,$otherserver) =	($is_balancer,$otherserver) =
&Apache::lonnet::check_loadbalancing($env{'user.name'},	&Apache::lonnet::check_loadbalancing($env{'user.name'},
$env{'user.domain'});	$env{'user.domain'});
if ($is_balancer) {
unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
$otherserver = $found_server;
}
}
}
}	}
if ($is_balancer) {	if ($is_balancer) {
unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {	$r->set_handlers('PerlResponseHandler'=>
$r->set_handlers('PerlResponseHandler'=>	[\&Apache::switchserver::handler]);
[\&Apache::switchserver::handler]);	if ($otherserver ne '') {
if ($otherserver ne '') {	$env{'form.otherserver'} = $otherserver;
$env{'form.otherserver'} = $otherserver;
}
}	}
unless (($env{'form.origurl'}) \|\| ($r->uri eq '/adm/roles') \|\|	unless (($env{'form.origurl'}) \|\| ($r->uri eq '/adm/roles') \|\|
($r->uri eq '/adm/switchserver') \|\| ($r->uri eq '/adm/sso')) {	($r->uri eq '/adm/switchserver') \|\| ($r->uri eq '/adm/sso')) {
$env{'form.origurl'} = $r->uri;	$env{'form.origurl'} = $r->uri;
}	}
}	}
if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
if ($env{'user.name'} eq 'public' &&
$env{'user.domain'} eq 'public') {
$env{'request.firsturl'}=$requrl;
return FORBIDDEN;
} else {
return OK;
}
}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
my $check_symb;	if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}
if ($requrl !~ m{^/(?:adm\|public\|(?:prt\|zip)spool)/}
\|\| $requrl =~ /^\/adm\/.*\/(smppg\|bulletinboard)(\?\|$ )/x) {	\|\| $requrl =~ /^\/adm\/.*\/(smppg\|bulletinboard)(\?\|$ )/x) {
my ($access,$poss_symb);	my $access=&Apache::lonnet::allowed('bre',$requrl);
if (($env{'request.course.id'}) && (!$suppext)) {
$requrl=~/\.(\w+)$/;
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
($requrl=~/^\/adm\/wrapper\//) \|\|
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/) \|\|
($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
$check_symb = 1;
}
}
if ($check_symb) {
if ($env{'form.symb'}) {
$poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
} elsif (($env{'request.course.id'}) && ($r->args ne '')) {
my $query = $r->args;
foreach my $pair (split(/&/,$query)) {
my ($name, $value) = split(/=/,$pair);
$name = &unescape($name);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
if ($name eq 'symb') {
$poss_symb = &Apache::lonnet::symbclean($value);
last;
}
}
}
if ($poss_symb) {
my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
$url = &Apache::lonnet::clutter($url);
unless (($url eq $requrl) && (&Apache::lonnet::is_on_map($possmap))) {
undef($poss_symb);
}
if ($poss_symb) {
if ((!$env{'request.role.adv'}) && ($env{'acc.randomout'}) &&
($env{'acc.randomout'}=~/\&\Q$poss_symb\E\&/)) {
undef($poss_symb);
}
}
}
if ($poss_symb) {
$access=&Apache::lonnet::allowed('bre',$requrl,$poss_symb);
} else {
$access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1);
}
} else {
$access=&Apache::lonnet::allowed('bre',$requrl);
}
if ($handle eq '') {	if ($handle eq '') {
unless ($access eq 'F') {	unless ($access eq 'F') {
if ($requrl =~ m{^/res/$match_domain/$match_username/}) {	if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
Line 681 sub handler {	Line 596 sub handler {
return OK;	return OK;
}	}
if ($access eq 'B') {	if ($access eq 'B') {
if ($poss_symb) {
if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
$requrl = $1;
}
if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
$env{'request.symb'} = $poss_symb;
}
}
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
Line 739 sub handler {	Line 646 sub handler {
$env{'user.domain'} eq 'public' &&	$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res\|public\|uploaded)/} &&	$requrl !~ m{^/+(res\|public\|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&	$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
$requrl !~ m{^/adm/blockingstatus/.*$} &&	$requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {	$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;	$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;	$env{'request.firsturl'}=$requrl;
Line 748 sub handler {	Line 655 sub handler {
# ------------------------------------------------------------- This is allowed	# ------------------------------------------------------------- This is allowed
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);	&Apache::lonnet::countacc($requrl);
	$requrl=~/\.(\w+)$/;
my $query=$r->args;	my $query=$r->args;
if ($check_symb) {	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
	($requrl=~/^\/adm\/wrapper\//) \|\|
	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
	($requrl=~m\|\.problem/smpedit$\|) \|\|
	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $symb;	my $symb;
if ($query) {	if ($query) {
Line 757 sub handler {	Line 672 sub handler {
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
if ($requrl eq '/adm/navmaps') {	if ($requrl =~ m\|^/adm/wrapper/\|
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
} elsif ($requrl =~ m\|^/adm/wrapper/\|
\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {	\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
if ($map =~ /\.page$/) {
my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
Line 775 sub handler {	Line 683 sub handler {
(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&	(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&
&Apache::lonnet::symbverify($symb,$1))) {	&Apache::lonnet::symbverify($symb,$1))) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {
my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} else {	} else {
Line 792 sub handler {	Line 696 sub handler {
if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
$requrl = $1;	$requrl = $1;
}	}
$symb=&Apache::lonnet::symbread($requrl);	unless ($suppext) {
if (&Apache::lonnet::is_on_map($requrl) && $symb) {	$symb=&Apache::lonnet::symbread($requrl);
my ($encstate,$invalidsymb);	if (&Apache::lonnet::is_on_map($requrl) && $symb &&
unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {	!&Apache::lonnet::symbverify($symb,$requrl)) {
$invalidsymb = 1;	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
#	$env{'user.error.msg'}=
# If $env{'request.enc'} is true, but no encryption for $symb retrieved	"$requrl:bre:1:1:Invalid Access";
# by original lonnet::symbread() call, call again to check for an instance	return HTTP_NOT_ACCEPTABLE;
# of $requrl in the course which has encryption, and set that as the symb.	}
# If there is no such symb, or symbverify() fails for the new symb proceed	if ($symb) {
# to report invalid symb.	my ($map,$mid,$murl)=
#	&Apache::lonnet::decode_symb($symb);
if ($env{'request.enc'} && !$encstate) {	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
my %possibles;	'last_known' =>[$murl,$mid]);
my $nocache = 1;	}
$symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
if ($symb) {
if (&Apache::lonnet::symbverify($symb,$requrl)) {
$invalidsymb = '';
}
} elsif (keys(%possibles) > 1) {
$r->internal_redirect('/adm/ambiguous');
return OK;
}
}
if ($invalidsymb) {
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
$env{'user.error.msg'}=
"$requrl:bre:1:1:Invalid Access";
return HTTP_NOT_ACCEPTABLE;
}
}
}
if ($symb) {
my ($map,$mid,$murl)=
&Apache::lonnet::decode_symb($symb);
if ($requrl eq '/adm/navmaps') {
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid]);
} else {
if (($map =~ /\.page$/) && ($requrl !~ /\.page$/)) {
my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
'last_known' =>[$murl,$mid]);
}
}	}
}	}
$env{'request.symb'}=$symb;	$env{'request.symb'}=$symb;
if (($env{'request.symbread.cached.'}) && ($env{'request.symbread.cached.'} ne $symb)) {
$env{'request.symbread.cached.'} = $symb;
}
&Apache::lonnet::courseacclog($symb);	&Apache::lonnet::courseacclog($symb);
} else {	} else {
# ------------------------------------------------------- This is other content	# ------------------------------------------------------- This is other content
Line 889 sub handler {	Line 759 sub handler {
# ------------------------------------ See if this is a viewable portfolio file	# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {	if (&Apache::lonnet::is_portfolio_url($requrl)) {
my $clientip = $r->get_remote_host();	my $clientip = $r->get_remote_host();
my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
if ($access eq 'A') {	if ($access eq 'A') {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.8.2.5
changed lines
	Added in v.1.162