loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.159.2.18 and 1.195

version 1.159.2.18, 2021/01/04 03:47:01	version 1.195, 2021/10/25 15:23:34
Line 102 use Apache::loncommon();	Line 102 use Apache::loncommon();
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use Apache::blockedaccess();	use Apache::blockedaccess();
	use Apache::lonprotected();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA qw(:DEFAULT :match);	use LONCAPA qw(:DEFAULT :match);

Line 202 sub get_posted_cgi {	Line 203 sub get_posted_cgi {
$fname='';	$fname='';
$fmime='';	$fmime='';
}	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-Type\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
	if ($i<$#lines && $lines[$i+1]=~/^Content\-transfer\-encoding\:\s*([\w\-\/]+)/i) {
	# TODO: something with $1 !
	$i++;
	}
$i++;	$i++;
}	}
} else {	} else {
Line 296 sub sso_login {	Line 305 sub sso_login {
my $query = $r->args;	my $query = $r->args;
my %form;	my %form;
if ($query) {	if ($query) {
my @items = ('role','symb','iptoken');	my @items = ('role','symb','iptoken','origurl','ltoken','linkkey');
&Apache::loncommon::get_unprocessed_cgi($query,\@items);	&Apache::loncommon::get_unprocessed_cgi($query,\@items);
foreach my $item (@items) {	foreach my $item (@items) {
if (defined($env{'form.'.$item})) {	if (defined($env{'form.'.$item})) {
Line 314 sub sso_login {	Line 323 sub sso_login {
}	}
}	}

	my ($linkprot,$linkkey);
	if ($form{'ltoken'}) {
	my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
	$linkprot = $link_info{'linkprot'};
	my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
	}
	if ($form{'linkkey'} ne '') {
	$linkkey = $form{'linkkey'};
	}

my $domain = $r->dir_config('lonSSOUserDomain');	my $domain = $r->dir_config('lonSSOUserDomain');
if ($domain eq '') {	if ($domain eq '') {
$domain = $r->dir_config('lonDefDomain');	$domain = $r->dir_config('lonDefDomain');
Line 340 sub sso_login {	Line 359 sub sso_login {
my $lowest_load;	my $lowest_load;
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain);	($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain);
if ($lowest_load > 100) {	if ($lowest_load > 100) {
$otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$domain);	$otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$domain);
}	}
if ($otherserver ne '') {	if ($otherserver ne '') {
my @hosts = &Apache::lonnet::current_machine_ids();	my @hosts = &Apache::lonnet::current_machine_ids();
Line 355 sub sso_login {	Line 374 sub sso_login {
# login but immediately go to switch server to find us a new	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
	foreach my $item (keys(%form)) {
	$env{'form.'.$item} = $form{$item};
	}
	unless (($form{'symb'}) \|\| ($form{'origurl'})) {
	unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {
	$env{'form.origurl'} = $r->uri;
	}
	}
	if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
	$env{'request.deeplink.login'} = $form{'origurl'};
	} elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
	$env{'request.deeplink.login'} = $r->uri;
	}
	if ($env{'request.deeplink.login'}) {
	if ($linkprot) {
	$env{'request.linkprot'} = $linkprot);
	} elsif ($linkkey ne '') {
	$env{'request.linkkey'} = $linkkey);
	}
	}
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {	if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
Line 369 sub sso_login {	Line 408 sub sso_login {
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
# migrate expects to do login	# migrate expects to do login
my $ip = &Apache::lonnet::get_requestor_ip($r);	my $ip = &Apache::lonnet::get_requestor_ip($r);
my %info=('ip' => $ip,	my %info=('ip' => $ip,
'domain' => $domain,	'domain' => $domain,
'username' => $user,	'username' => $user,
'server' => $r->dir_config('lonHostID'),	'server' => $r->dir_config('lonHostID'),
'sso.login' => 1	'sso.login' => 1
);	);
foreach my $item ('role','symb','iptoken') {	foreach my $item ('role','symb','iptoken','origurl') {
if (exists($form{$item})) {	if (exists($form{$item})) {
$info{$item} = $form{$item};	$info{$item} = $form{$item};
}	}
}	}
unless ($info{'symb'}) {	unless (($info{'symb'}) \|\| ($info{'origurl'})) {
unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {	unless (($r->uri eq '/adm/roles') \|\| ($r->uri eq '/adm/sso')) {
$info{'origurl'} = $r->uri;	$info{'origurl'} = $r->uri;
}	}
}	}
	if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
	$info{'deeplink.login'} = $form{'origurl'};
	} elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
	$info{'deeplink.login'} = $r->uri;
	}
	if ($info{'deeplink.login'}) {
	if ($linkprot) {
	$info{'linkprot'} = $linkprot;
	} elsif ($linkkey ne '') {
	$info{'linkkey'} = $linkkey;
	}
	}
if ($r->dir_config("ssodirecturl") == 1) {	if ($r->dir_config("ssodirecturl") == 1) {
$info{'origurl'} = $r->uri;	$info{'origurl'} = $r->uri;
}	}
Line 520 sub handler {	Line 571 sub handler {
}	}
} elsif ($env{'request.course.id'} &&	} elsif ($env{'request.course.id'} &&
(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {	($requrl eq "/public/$cdom/$cnum/syllabus") \|\|
	($requrl =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}))) {
my $query = $r->args;	my $query = $r->args;
if ($query) {	if ($query) {
foreach my $pair (split(/&/,$query)) {	foreach my $pair (split(/&/,$query)) {
Line 541 sub handler {	Line 593 sub handler {
my $hostname = $r->hostname();	my $hostname = $r->hostname();
my $lonhost = &Apache::lonnet::host_from_dns($hostname);	my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {	if ($lonhost) {
my $actual = &Apache::lonnet::absolute_url($hostname);	my $actual = &Apache::lonnet::absolute_url($hostname,1,1);
	my $exphostname = &Apache::lonnet::hostname($lonhost);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;	my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {	unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;	$env{'request.use_absolute'} = $expected;
Line 573 sub handler {	Line 626 sub handler {
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {	if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
$otherserver = $found_server;	$otherserver = $found_server;
}	}
unless ($requrl eq '/adm/switchserver') {	unless ($requrl eq '/adm/switchserver') {
$r->set_handlers('PerlResponseHandler'=>	$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);	[\&Apache::switchserver::handler]);
}	}
Line 586 sub handler {	Line 639 sub handler {
}	}
}	}
}	}
	if ($requrl=~m{^/+tiny/+$match_domain/+\w+$}) {
	if ($env{'user.name'} eq 'public' &&
	$env{'user.domain'} eq 'public') {
	$env{'request.firsturl'}=$requrl;
	return FORBIDDEN;
	} else {
	return OK;
	}
	}
# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
my ($check_symb,$check_access,$check_block,$access,$poss_symb);	my ($check_symb,$check_access,$check_block,$access,$poss_symb);
Line 598 sub handler {	Line 659 sub handler {
if (($requrl eq '/adm/viewclasslist') \|\|	if (($requrl eq '/adm/viewclasslist') \|\|
($requrl =~ m{^(/adm/wrapper\|)\Q/uploaded/$cdom/$cnum/docs/\E}) \|\|	($requrl =~ m{^(/adm/wrapper\|)\Q/uploaded/$cdom/$cnum/docs/\E}) \|\|
($requrl =~ m{^/adm/.*/aboutme$}) \|\|	($requrl =~ m{^/adm/.*/aboutme$}) \|\|
($requrl=~m{^/adm/coursedocs/showdoc/})) {	($requrl=~m{^/adm/coursedocs/showdoc/}) \|\|
	($requrl=~m{^(/adm/wrapper\|)/adm/$cdom/$cnum/\d+/ext\.tool$})) {
$check_block = 1;	$check_block = 1;
}	}
}	}
Line 611 sub handler {	Line 673 sub handler {
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/) \|\|	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/) \|\|
	($requrl=~m{^/adm/$cdom/$cnum/\d+/ext\.tool$})) {
$check_symb = 1;	$check_symb = 1;
}	}
}	}
Line 644 sub handler {	Line 707 sub handler {
if ((!$env{'request.role.adv'}) && ($env{'acc.randomout'}) &&	if ((!$env{'request.role.adv'}) && ($env{'acc.randomout'}) &&
($env{'acc.randomout'}=~/\&\Q$poss_symb\E\&/)) {	($env{'acc.randomout'}=~/\&\Q$poss_symb\E\&/)) {
undef($poss_symb);	undef($poss_symb);
	} elsif ((!$env{'request.role.adv'}) && ($env{'acc.deeplinkout'}) &&
	($env{'acc.deeplinkout'}=~/\&\Q$poss_symb\E\&/)) {
	undef($poss_symb);
}	}
}	}
}	}
Line 653 sub handler {	Line 719 sub handler {
$access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1);	$access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1);
}	}
} else {	} else {
$access=&Apache::lonnet::allowed('bre',$requrl);	my $nodeeplinkcheck;
	if (($check_access) && ($requrl =~ /\.(sequence\|page)$/)) {
	unless ($env{'form.navmap'}) {
	if ($r->args ne '') {
	&Apache::loncommon::get_unprocessed_cgi($r->args,['navmap']);
	unless ($env{'form.navmap'}) {
	$nodeeplinkcheck = 1;
	}
	}
	}
	}
	$access=&Apache::lonnet::allowed('bre',$requrl,'','','','','',$nodeeplinkcheck);
}	}
}	}
if ($check_block) {	if ($check_block) {
Line 666 sub handler {	Line 743 sub handler {
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
} elsif ($check_access) {	} elsif ($check_access) {
if ($handle eq '') {	if ($handle eq '') {
unless ($access eq 'F') {	unless ($access eq 'F') {
if ($requrl =~ m{^/res/$match_domain/$match_username/}) {	if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
Line 691 sub handler {	Line 768 sub handler {
&Apache::blockedaccess::setup_handler($r);	&Apache::blockedaccess::setup_handler($r);
return OK;	return OK;
}	}
	if ($access eq 'D') {
	&Apache::lonprotected::setup_handler($r);
	return OK;
	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
if ($requrl =~ m{^/res/}) {	if ($requrl =~ m{^/res/}) {
$access = &Apache::lonnet::allowed('bro',$requrl);	$access = &Apache::lonnet::allowed('bro',$requrl);
Line 707 sub handler {	Line 788 sub handler {
}	}
}	}
} elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {	} elsif (($handle =~ /^publicuser_\d+$/) && (&Apache::lonnet::is_portfolio_url($requrl))) {
my $clientip = &Apache::lonnet::get_requestor_ip($r);	my $clientip = &Apache::lonnet::get_requestor_ip($r);
if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {	if (&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip) ne 'F') {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
Line 756 sub handler {	Line 837 sub handler {
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
if ($requrl eq '/adm/navmaps') {	if (($requrl eq '/adm/navmaps') \|\|
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	($requrl =~ m{^/adm/wrapper/}) \|\|
&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);	($requrl =~ m{^/adm/coursedocs/showdoc/})) {
} elsif ($requrl =~ m\|^/adm/wrapper/\|	unless (&Apache::lonnet::symbverify($symb,$requrl)) {
\|\| $requrl =~ m\|^/adm/coursedocs/showdoc/\|) {	if (&Apache::lonnet::is_on_map($requrl)) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	$symb = &Apache::lonnet::symbread($requrl);
if ($map =~ /\.page$/) {	unless (&Apache::lonnet::symbverify($symb,$requrl)) {
my $mapsymb = &Apache::lonnet::symbread($map);	undef($symb);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	}
	}
	}
	if ($symb) {
	if ($requrl eq '/adm/navmaps') {
	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
	&Apache::lonnet::symblist($map,$murl => [$murl,$mid]);
	} elsif (($requrl =~ m{^/adm/wrapper/}) \|\|
	($requrl =~ m{^/adm/coursedocs/showdoc/})) {
	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
	if ($map =~ /\.page$/) {
	my $mapsymb = &Apache::lonnet::symbread($map);
	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
	}
	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
	'last_known' =>[$murl,$mid]);
	}
}	}
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1)) \|\|	&Apache::lonnet::symbverify($symb,$1)) \|\|
Line 827 sub handler {	Line 922 sub handler {
}	}
}	}
if ($invalidsymb) {	if ($invalidsymb) {
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	if ($requrl eq '/adm/navmaps') {
$env{'user.error.msg'}=	undef($symb);
"$requrl:bre:1:1:Invalid Access";	} else {
return HTTP_NOT_ACCEPTABLE;	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
	$env{'user.error.msg'}=
	"$requrl:bre:1:1:Invalid Access";
	return HTTP_NOT_ACCEPTABLE;
	}
}	}
}	}
}	}
Line 844 sub handler {	Line 943 sub handler {
my $mapsymb = &Apache::lonnet::symbread($map);	my $mapsymb = &Apache::lonnet::symbread($map);
($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);	($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb);
}	}
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
}	}
}	}
}	}
Line 898 sub handler {	Line 997 sub handler {
# ------------------------------------ See if this is a viewable portfolio file	# ------------------------------------ See if this is a viewable portfolio file
if (&Apache::lonnet::is_portfolio_url($requrl)) {	if (&Apache::lonnet::is_portfolio_url($requrl)) {
my $clientip = &Apache::lonnet::get_requestor_ip($r);	my $clientip = &Apache::lonnet::get_requestor_ip($r);
my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);	my $access=&Apache::lonnet::allowed('bre',$requrl,undef,undef,$clientip);
if ($access eq 'A') {	if ($access eq 'A') {
&Apache::restrictedaccess::setup_handler($r);	&Apache::restrictedaccess::setup_handler($r);
return OK;	return OK;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.159.2.18
changed lines
	Added in v.1.195