--- loncom/auth/lonacc.pm 2006/08/30 21:48:51 1.95 +++ loncom/auth/lonacc.pm 2008/12/10 16:42:51 1.116.2.1 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.95 2006/08/30 21:48:51 albertel Exp $ +# $Id: lonacc.pm,v 1.116.2.1 2008/12/10 16:42:51 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -36,7 +36,7 @@ use Apache::lonnet; use Apache::loncommon(); use Apache::lonlocal; use Apache::restrictedaccess(); -use CGI::Cookie(); +use Apache::blockedaccess(); use Fcntl qw(:flock); use LONCAPA; @@ -44,6 +44,7 @@ sub cleanup { my ($r)=@_; if (! $r->is_initial_req()) { return DECLINED; } &Apache::lonnet::save_cache(); + &Apache::lontexconvert::jsMath_reset(); return OK; } @@ -56,13 +57,14 @@ sub goodbye { ############################################### sub get_posted_cgi { - my ($r) = @_; + my ($r,$fields) = @_; my $buffer; if ($r->header_in('Content-length')) { $r->read($buffer,$r->header_in('Content-length'),0); } - unless ($buffer=~/^(\-+\w+)\s+Content\-Disposition\:\s*form\-data/si) { + my $content_type = $r->header_in('Content-type'); + if ($content_type !~ m{^multipart/form-data}) { my @pairs=split(/&/,$buffer); my $pair; foreach $pair (@pairs) { @@ -71,10 +73,13 @@ sub get_posted_cgi { $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; $name =~ tr/+/ /; $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + if (ref($fields) eq 'ARRAY') { + next if (!grep(/^\Q$name\E$/,@{$fields})); + } &Apache::loncommon::add_to_env("form.$name",$value); } } else { - my $contentsep=$1; + my ($contentsep) = ($content_type =~ /boundary=\"?([^\";,]+)\"?/); my @lines = split (/\n/,$buffer); my $name=''; my $value=''; @@ -82,16 +87,29 @@ sub get_posted_cgi { my $fmime=''; my $i; for ($i=0;$i<=$#lines;$i++) { - if ($lines[$i]=~/^$contentsep/) { + if ($lines[$i]=~/^--\Q$contentsep\E/) { if ($name) { chomp($value); + if (ref($fields) eq 'ARRAY') { + next if (!grep(/^\Q$name\E$/,@{$fields})); + } if ($fname) { - $env{"form.$name.filename"}=$fname; - $env{"form.$name.mimetype"}=$fmime; + if ($env{'form.symb'} ne '') { + my $size = (length($value))/(1024.0 * 1024.0); + if (&upload_size_allowed($name,$size,$fname) eq 'ok') { + $env{"form.$name.filename"}=$fname; + $env{"form.$name.mimetype"}=$fmime; + &Apache::loncommon::add_to_env("form.$name",$value); + } + } else { + $env{"form.$name.filename"}=$fname; + $env{"form.$name.mimetype"}=$fmime; + &Apache::loncommon::add_to_env("form.$name",$value); + } } else { $value=~s/\s+$//s; + &Apache::loncommon::add_to_env("form.$name",$value); } - &Apache::loncommon::add_to_env("form.$name",$value); } if ($i<$#lines) { $i++; @@ -137,48 +155,114 @@ sub get_posted_cgi { $r->headers_in->unset('Content-length'); } +# +# Perform size checks for file uploads to essayresponse items in course context. +# +# Add form.HWFILESIZE.$part_$id to %env with file size (MB) +# If file exceeds maximum allowed size, add form.HWFILETOOBIG.$part_$id to %env. +# + +sub upload_size_allowed { + my ($name,$size,$fname) = @_; + if ($name =~ /^HWFILE(\w+)$/) { + my $ident = $1; + my $item = 'HWFILESIZE'.$ident; + my $savesize = sprintf("%.6f",$size); + &Apache::loncommon::add_to_env("form.$item",$savesize); + my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize"); + if (!$maxsize) { + $maxsize = 10.0; # FIXME This should become a domain configuration. + } + if ($size > $maxsize) { + my $warn = 'HWFILETOOBIG'.$ident; + &Apache::loncommon::add_to_env("form.$warn",$fname); + return; + } + } + return 'ok'; +} + + # handle the case of the single sign on user, at this point $r->user # will be set and valid now need to find the loncapa user info and possibly # balance them # returns OK if it was a SSO and user was handled # undef if not SSO or no means to hanle the user sub sso_login { - my ($r,$lonid,$handle) = @_; + my ($r,$handle) = @_; my $lonidsdir=$r->dir_config('lonIDsDir'); if (!($r->user && (!defined($env{'user.name'}) && !defined($env{'user.domain'})) - && (!$lonid || !-e "$lonidsdir/$handle.id" || $handle eq ''))) { + && ($handle eq ''))) { # not an SSO case or already logged in return undef; } + my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); + my $domain = $r->dir_config('lonDefDomain'); - my $home=&Apache::lonnet::homeserver($r->user,$domain); + my $home=&Apache::lonnet::homeserver($user,$domain); if ($home !~ /(con_lost|no_host|no_such_host)/) { + &Apache::lonnet::logthis(" SSO authorized user $user "); if ($r->dir_config("lonBalancer") eq 'yes') { # login but immeaditly go to switch server to find us a new # machine - &Apache::lonauth::success($r,$r->user,$domain,$home,'noredirect'); + &Apache::lonauth::success($r,$user,$domain,$home,'noredirect'); + $env{'request.sso.login'} = 1; + if (defined($r->dir_config("lonSSOReloginServer"))) { + $env{'request.sso.reloginserver'} = + $r->dir_config('lonSSOReloginServer'); + } $r->internal_redirect('/adm/switchserver'); + $r->set_handlers('PerlHandler'=> undef); } else { # need to login them in, so generate the need data that # migrate expects to do login my %info=('ip' => $r->connection->remote_ip(), 'domain' => $domain, - 'username' => $r->user, + 'username' => $user, 'server' => $r->dir_config('lonHostID'), 'sso.login' => 1 ); + if ($r->dir_config("ssodirecturl") == 1) { + $info{'origurl'} = $r->uri; + } + if (defined($r->dir_config("lonSSOReloginServer"))) { + $info{'sso.reloginserver'} = + $r->dir_config('lonSSOReloginServer'); + } my $token = &Apache::lonnet::tmpput(\%info, $r->dir_config('lonHostID')); $env{'form.token'} = $token; $r->internal_redirect('/adm/migrateuser'); + $r->set_handlers('PerlHandler'=> undef); } return OK; - } elsif (defined($r->dir_config('lonSSOUserUnkownRedirect'))) { - $r->internal_redirect($r->dir_config('lonSSOUserUnkownRedirect')); + } elsif (defined($r->dir_config('lonSSOUserUnknownRedirect'))) { + &Apache::lonnet::logthis(" SSO authorized unknown user $user "); + $r->subprocess_env->set('SSOUserUnknown' => $user); + $r->subprocess_env->set('SSOUserDomain' => $domain); + my @cancreate; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['usercreation'],$domain); + if (ref($domconfig{'usercreation'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') { + if (ref($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}) eq 'ARRAY') { + @cancreate = @{$domconfig{'usercreation'}{'cancreate'}{'selfcreate'}}; + } elsif (($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') && + ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne '')) { + @cancreate = ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'}); + } + } + } + if (grep(/^sso$/,@cancreate)) { + $r->internal_redirect('/adm/createaccount'); + } else { + $r->internal_redirect($r->dir_config('lonSSOUserUnknownRedirect')); + } + $r->set_handlers('PerlHandler'=> undef); return OK; } return undef; @@ -187,19 +271,16 @@ sub sso_login { sub handler { my $r = shift; my $requrl=$r->uri; - my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); - my $lonid=$cookies{'lonID'}; - my $cookie; - my $lonidsdir=$r->dir_config('lonIDsDir'); - - my $handle; - if ($lonid) { - $handle=$lonid->value; - $handle=~s/\W//g; + if (&Apache::lonnet::is_domainimage($requrl)) { + return OK; } - if (my $result = &sso_login($r,$lonid,$handle)) { - return $result + + my $handle = &Apache::lonnet::check_for_valid_session($r); + + my $result = &sso_login($r,$handle); + if (defined($result)) { + return $result; } @@ -210,10 +291,10 @@ sub handler { if ($handle eq '') { $r->log_reason("Cookie $handle not valid", $r->filename); - } elsif ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { + } elsif ($handle ne '') { # ------------------------------------------------------ Initialize Environment - + my $lonidsdir=$r->dir_config('lonIDsDir'); &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); # --------------------------------------------------------- Initialize Language @@ -250,6 +331,10 @@ sub handler { &Apache::restrictedaccess::setup_handler($r); return OK; } + if ($access eq 'B') { + &Apache::blockedaccess::setup_handler($r); + return OK; + } if (($access ne '2') && ($access ne 'F')) { $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; return HTTP_NOT_ACCEPTABLE; @@ -260,6 +345,14 @@ sub handler { $env{'user.domain'}; if ($requrl !~ /^\Q$start\E/) { $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; + return HTTP_NOT_ACCEPTABLE; + } + } + if ($requrl =~ m|^/zipspool/|) { + my $start='/zipspool/zipout/'.$env{'user.name'}.":". + $env{'user.domain'}; + if ($requrl !~ /^\Q$start\E/) { + $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; return HTTP_NOT_ACCEPTABLE; } }