loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.126 and 1.138

version 1.126, 2009/07/23 17:40:29	version 1.138, 2012/05/30 20:29:49
Line 156 sub get_posted_cgi {	Line 156 sub get_posted_cgi {
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^--\Q$contentsep\E/) {	if ($lines[$i]=~/^--\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	$value=~s/[\r\n]+$//;
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
next if (!grep(/^\Q$name\E$/,@{$fields}));	next if (!grep(/^\Q$name\E$/,@{$fields}));
}	}
Line 281 sub sso_login {	Line 281 sub sso_login {
my $query = $r->args;	my $query = $r->args;
my %form;	my %form;
if ($query) {	if ($query) {
foreach my $pair (split(/&/,$query)) {	my @items = ('role','symb');
my ($name, $value) = split(/=/,$pair);	&Apache::loncommon::get_unprocessed_cgi($query,\@items);
$name = &unescape($name);	foreach my $item (@items) {
if (($name eq 'role') \|\| ($name eq 'symb')) {	if (defined($env{'form.'.$item})) {
$value =~ tr/+/ /;	$form{$item} = $env{'form.'.$item};
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$form{$name} = $value;
}	}
}	}
}	}

my $domain = $r->dir_config('lonDefDomain');	my $domain = $r->dir_config('lonSSOUserDomain');
	if ($domain eq '') {
	$domain = $r->dir_config('lonDefDomain');
	}
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
&Apache::lonnet::logthis(" SSO authorized user $user ");	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	my ($is_balancer,$otherserver) =
# login but immeaditly go to switch server to find us a new	&Apache::lonnet::check_loadbalancing($user,$domain);
	if ($is_balancer) {
	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect','',\%form);	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {	if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
$r->dir_config('lonSSOReloginServer');	$r->dir_config('lonSSOReloginServer');
}	}
$r->internal_redirect('/adm/switchserver');	my $redirecturl = '/adm/switchserver';
	if ($otherserver ne '') {
	$redirecturl .= '?otherserver='.$otherserver;
	}
	$r->internal_redirect($redirecturl);
$r->set_handlers('PerlHandler'=> undef);	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
Line 382 sub handler {	Line 389 sub handler {
return $result;	return $result;
}	}

	my ($is_balancer,$otherserver);
if ($r->dir_config("lonBalancer") eq 'yes') {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	$r->log_reason("Cookie $handle not valid", $r->filename);
Line 413 sub handler {	Line 416 sub handler {
}	}
$env{'request.filename'} = $r->filename;	$env{'request.filename'} = $r->filename;
$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
	if ($requrl =~ m{^/adm/wrapper/ext/}) {
	my $query = $r->args;
	if ($query) {
	my $preserved;
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	unless ($name eq 'symb') {
	$preserved .= $pair.'&';
	}
	}
	$preserved =~ s/\&$//;
	if ($preserved) {
	$env{'request.external.querystring'} = $preserved;
	}
	}
	}
# -------------------------------------------------------- Load POST parameters	# -------------------------------------------------------- Load POST parameters

&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);

	# ------------------------------------------------------ Check if load balancer

	my $checkexempt;
	if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {
	if ($env{'user.loadbalcheck.time'} + 600 > time) {
	$checkexempt = 1;
	}
	}
	unless ($checkexempt) {
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing($env{'user.name'},
	$env{'user.domain'});
	}
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}	if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}
Line 435 sub handler {	Line 475 sub handler {
return OK;	return OK;
}	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	if ($requrl =~ m{^/res/}) {
return HTTP_NOT_ACCEPTABLE;	$access = &Apache::lonnet::allowed('bro',$requrl);
	if ($access ne 'F') {
	if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
	$access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
	if ($access ne 'F') {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
}	}
}	}
if ($requrl =~ m\|^/prtspool/\|) {	if ($requrl =~ m\|^/prtspool/\|) {
Line 459 sub handler {	Line 515 sub handler {
$env{'user.domain'} eq 'public' &&	$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res\|public\|uploaded)/} &&	$requrl !~ m{^/+(res\|public\|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&	$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
	$requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {	$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;	$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;	$env{'request.firsturl'}=$requrl;
Line 470 sub handler {	Line 527 sub handler {
$requrl=~/\.(\w+)$/;	$requrl=~/\.(\w+)$/;
my $query=$r->args;	my $query=$r->args;
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
($requrl=~/^\/adm\/.*\/(aboutme\|navmaps\|smppg\|bulletinboard)(\?\|$ )/x) \|\|	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
($requrl=~/^\/adm\/wrapper\//) \|\|	($requrl=~/^\/adm\/wrapper\//) \|\|
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/)) {	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $symb;	my $symb;
if ($query) {	if ($query) {
Line 489 sub handler {	Line 548 sub handler {
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1))) {	&Apache::lonnet::symbverify($symb,$1)) \|\|
	(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&
	&Apache::lonnet::symbverify($symb,$1))) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 501 sub handler {	Line 562 sub handler {
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
} else {	} else {
	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
	$requrl = $1;
	}
$symb=&Apache::lonnet::symbread($requrl);	$symb=&Apache::lonnet::symbread($requrl);
if (&Apache::lonnet::is_on_map($requrl) && $symb &&	if (&Apache::lonnet::is_on_map($requrl) && $symb &&
!&Apache::lonnet::symbverify($symb,$requrl)) {	!&Apache::lonnet::symbverify($symb,$requrl)) {
Line 536 sub handler {	Line 600 sub handler {
}	}
}	}
return OK;	return OK;
	} else {
	my $defdom=$r->dir_config('lonDefDomain');
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing(undef,$defdom);
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}
}	}
# -------------------------------------------- See if this is a public resource	# -------------------------------------------- See if this is a public resource
if ($requrl=~m\|^/+adm/+help/+\|) {	if ($requrl=~m\|^/+adm/+help/+\|) {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.126
changed lines
	Added in v.1.138