--- loncom/lonnet/perl/lonnet.pm 2017/01/28 03:49:00 1.1334 +++ loncom/lonnet/perl/lonnet.pm 2017/05/09 03:04:32 1.1344 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1334 2017/01/28 03:49:00 raeburn Exp $ +# $Id: lonnet.pm,v 1.1344 2017/05/09 03:04:32 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -650,10 +650,23 @@ sub transfer_profile_to_env { sub check_for_valid_session { my ($r,$name,$userhashref) = @_; my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); + my ($linkname,$pubname); if ($name eq '') { $name = 'lonID'; + $linkname = 'lonLinkID'; + $pubname = 'lonPubID'; } my $lonid=$cookies{$name}; + if (!$lonid) { + if (($name eq 'lonID') && ($ENV{'SERVER_PORT'} != 443) && ($linkname)) { + $lonid=$cookies{$linkname}; + } + if (!$lonid) { + if (($name eq 'lonID') && ($pubname)) { + $lonid=$cookies{$pubname}; + } + } + } return undef if (!$lonid); my $handle=&LONCAPA::clean_handle($lonid->value); @@ -1832,7 +1845,12 @@ sub get_dom { } } if ($udom && $uhome && ($uhome ne 'no_host')) { - my $rep=&reply("getdom:$udom:$namespace:$items",$uhome); + my $rep; + if ($namespace =~ /^enc/) { + $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); + } else { + $rep=&reply("getdom:$udom:$namespace:$items",$uhome); + } my %returnhash; if ($rep eq '' || $rep =~ /^error: 2 /) { return %returnhash; @@ -1876,7 +1894,11 @@ sub put_dom { $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&'; } $items=~s/\&$//; - return &reply("putdom:$udom:$namespace:$items",$uhome); + if ($namespace =~ /^enc/) { + return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome); + } else { + return &reply("putdom:$udom:$namespace:$items",$uhome); + } } else { &logthis("put_dom failed - no homeserver and/or domain"); } @@ -1973,7 +1995,7 @@ sub inst_directory_query { &escape($srch->{'srchtype'}),$homeserver); my $host=&hostname($homeserver); if ($queryid !~/^\Q$host\E\_/) { - &logthis('instituional directory search invalid queryid: '.$queryid.' for host: '.$homeserver.'in domain '.$udom); + &logthis('institutional directory search invalid queryid: '.$queryid.' for host: '.$homeserver.' in domain '.$udom); return; } my $response = &get_query_reply($queryid); @@ -2256,6 +2278,9 @@ sub get_domain_defaults { $domdefaults{'timezone_def'} = $domconfig{'defaults'}{'timezone_def'}; $domdefaults{'datelocale_def'} = $domconfig{'defaults'}{'datelocale_def'}; $domdefaults{'portal_def'} = $domconfig{'defaults'}{'portal_def'}; + $domdefaults{'intauth_cost'} = $domconfig{'defaults'}{'intauth_cost'}; + $domdefaults{'intauth_switch'} = $domconfig{'defaults'}{'intauth_switch'}; + $domdefaults{'intauth_check'} = $domconfig{'defaults'}{'intauth_check'}; } else { $domdefaults{'lang_def'} = &domain($domain,'lang_def'); $domdefaults{'auth_def'} = &domain($domain,'auth_def'); @@ -2377,8 +2402,11 @@ sub get_domain_defaults { if (ref($domconfig{'ssl'}{'replication'}) eq 'HASH') { $domdefaults{'replication'} = $domconfig{'ssl'}{'replication'}; } - if (ref($domconfig{'ssl'}{'connect'}) eq 'HASH') { - $domdefaults{'connect'} = $domconfig{'ssl'}{'connect'}; + if (ref($domconfig{'ssl'}{'connto'}) eq 'HASH') { + $domdefaults{'connect'} = $domconfig{'ssl'}{'connto'}; + } + if (ref($domconfig{'ssl'}{'connfrom'}) eq 'HASH') { + $domdefaults{'connect'} = $domconfig{'ssl'}{'connfrom'}; } } if (ref($domconfig{'trust'}) eq 'HASH') { @@ -3179,7 +3207,7 @@ sub can_edit_resource { $forceedit = 1; } $cfile = $resurl; - } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/exttools?$}) { + } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) { $incourse = 1; if ($env{'form.forceedit'}) { $forceview = 1; @@ -3211,7 +3239,7 @@ sub can_edit_resource { $forceedit = 1; } $cfile = $resurl; - } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/exttools?$}) && ($env{'form.folderpath'} =~ /^supplemental/)) { + } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) && ($env{'form.folderpath'} =~ /^supplemental/)) { $incourse = 1; if ($env{'form.forceedit'}) { $forceview = 1; @@ -3229,7 +3257,7 @@ sub can_edit_resource { } else { $cfile = $env{'form.suppurl'}; my $escfile = &unescape($cfile); - if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/exttools?$}) { + if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}) { $cfile = '/adm/wrapper'.$escfile; } else { $escfile =~ s{^http://}{}; @@ -4550,20 +4578,26 @@ sub get_my_adhocroles { if (($env{"user.role.dh./$cdom/"}) || ($env{"user.role.da./$cdom/"})) { my $then=$env{'user.login.time'}; my $update=$env{'user.update.time'}; - my $liverole = 1; + if (!$update) { + $update = $then; + } + my @liveroles; foreach my $role ('dh','da') { if ($env{"user.role.$role./$cdom/"}) { - my ($tstart,$tend)=split(/\./,$env{"user.role.$role./$cdom"}); + my ($tstart,$tend)=split(/\./,$env{"user.role.$role./$cdom/"}); my $limit = $update; if ($env{'request.role'} eq "$role./$cdom/") { $limit = $then; } - if ($tstart && $tstart>$limit) { $liverole = 0; } - if ($tend && $tend <$limit) { $liverole = 0; } - last if ($liverole); + my $activerole = 1; + if ($tstart && $tstart>$limit) { $activerole = 0; } + if ($tend && $tend <$limit) { $activerole = 0; } + if ($activerole) { + push(@liveroles,$role); + } } } - if ($liverole) { + if (@liveroles) { if (&homeserver($cnum,$cdom) ne 'no_host') { my ($accessref,$accessinfo,%access_in_dom); ($roles_by_num,$description,$accessref,$accessinfo) = &get_all_adhocroles($cdom); @@ -4618,6 +4652,18 @@ sub get_my_adhocroles { next; } elsif ($curraccess eq 'all') { push(@possroles,$role); + } elsif ($curraccess eq 'dh') { + if (grep(/^dh$/,@liveroles)) { + push(@possroles,$role); + } else { + next; + } + } elsif ($curraccess eq 'da') { + if (grep(/^da$/,@liveroles)) { + push(@possroles,$role); + } else { + next; + } } elsif ($curraccess eq 'status') { if (@okstatus) { if (!@statuses) { @@ -5770,9 +5816,10 @@ sub rolesinit { } } - @userroles{'user.author', 'user.adv'} = &set_userprivs(\%userroles, - \%allroles, \%allgroups); + @userroles{'user.author','user.adv','user.rar'} = &set_userprivs(\%userroles, + \%allroles, \%allgroups); $env{'user.adv'} = $userroles{'user.adv'}; + $env{'user.rar'} = $userroles{'user.rar'}; return (\%userroles,\%firstaccenv,\%timerintenv); } @@ -5896,6 +5943,7 @@ sub set_userprivs { my ($userroles,$allroles,$allgroups,$groups_roles) = @_; my $author=0; my $adv=0; + my $rar=0; my %grouproles = (); if (keys(%{$allgroups}) > 0) { my @groupkeys; @@ -5943,6 +5991,7 @@ sub set_userprivs { $thesepriv{$privilege}.=$restrictions; } if ($thesepriv{'adv'} eq 'F') { $adv=1; } + if ($thesepriv{'rar'} eq 'F') { $rar=1; } } } my $thesestr=''; @@ -5951,7 +6000,7 @@ sub set_userprivs { } $userroles->{'user.priv.'.$role} = $thesestr; } - return ($author,$adv); + return ($author,$adv,$rar); } sub role_status { @@ -5996,9 +6045,10 @@ sub role_status { push(@rolecodes,$$role); &standard_roleprivs(\%allroles,$$role,$tdomain,$spec,$trest,$$where); } - my ($author,$adv)= &set_userprivs(\%userroles,\%allroles,\%allgroups,\%groups_roles); + my ($author,$adv,$rar)= &set_userprivs(\%userroles,\%allroles,\%allgroups, + \%groups_roles); &appenv(\%userroles,\@rolecodes); - &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$role); + &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$spec); } } $$tstatus = 'is'; @@ -6117,9 +6167,9 @@ sub set_adhoc_privileges { } else { &standard_roleprivs(\%rolehash,$role,$dcdom,$spec,$pickedcourse,$area); } - my ($author,$adv)= &set_userprivs(\%userroles,\%rolehash); + my ($author,$adv,$rar)= &set_userprivs(\%userroles,\%rolehash); &appenv(\%userroles,[$role,'cm']); - &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$role); + &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$spec); unless ($caller eq 'constructaccess' && $env{'request.course.id'}) { &appenv( {'request.role' => $spec, 'request.role.domain' => $dcdom, @@ -6273,7 +6323,7 @@ sub currentdump { # my %returnhash=(); # - if ($rep eq "unknown_cmd") { + if ($rep eq 'unknown_cmd') { # an old lond will not know currentdump # Do a dump and make it look like a currentdump my @tmp = &dumpstore($courseid,$sdom,$sname,'.'); @@ -7207,7 +7257,7 @@ sub allowed { if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; } # Free bre access to adm and meta resources - if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard)$})) + if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$})) || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) && ($priv eq 'bre')) { return 'F'; @@ -10915,6 +10965,16 @@ sub get_domain_ltitools { my %domconfig = &get_dom('configuration',['ltitools'],$cdom); if (ref($domconfig{'ltitools'}) eq 'HASH') { %ltitools = %{$domconfig{'ltitools'}}; + my %encdomconfig = &get_dom('encconfig',['ltitools'],$cdom); + if (ref($encdomconfig{'ltitools'}) eq 'HASH') { + foreach my $id (keys(%ltitools)) { + if (ref($encdomconfig{'ltitools'}{$id}) eq 'HASH') { + foreach my $item ('key','secret') { + $ltitools{$id}{$item} = $encdomconfig{'ltitools'}{$id}{$item}; + } + } + } + } } my $cachetime = 24*60*60; &do_cache_new('ltitools',$cdom,\%ltitools,$cachetime); @@ -11424,7 +11484,7 @@ sub metadata { # if it is a non metadata possible uri return quickly if (($uri eq '') || (($uri =~ m|^/*adm/|) && - ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard|exttools?)$})) || + ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard|ext\.tool)$})) || ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ m{^/*uploaded/.+\.sequence$})) { return undef; } @@ -12957,7 +13017,7 @@ sub clutter { # &logthis("Got a blank emb style"); } } - } elsif ($thisfn =~ m{^/adm/$match_domain/$match_courseid/\d+/exttools?$}) { + } elsif ($thisfn =~ m{^/adm/$match_domain/$match_courseid/\d+/ext\.tool$}) { $thisfn='/adm/wrapper'.$thisfn; } return $thisfn; @@ -13229,6 +13289,7 @@ sub fetch_dns_checksums { &purge_remembered(); &reset_domain_info(); &reset_hosts_ip_info(); + undef(%internetdom); undef(%name_to_host); undef(%hostname); undef(%hostdom); @@ -13271,6 +13332,11 @@ sub fetch_dns_checksums { return %hostdom; } + sub all_host_intdom { + &load_hosts_tab() if (!$loaded); + return %internetdom; + } + sub is_library { &load_hosts_tab() if (!$loaded);