loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.123 and 1.142

version 1.123, 2008/12/10 16:28:03	version 1.142, 2013/01/30 16:23:47
Line 105 use Apache::lonlocal;	Line 105 use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use Apache::blockedaccess();	use Apache::blockedaccess();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA qw(:DEFAULT :match);

sub cleanup {	sub cleanup {
my ($r)=@_;	my ($r)=@_;
Line 156 sub get_posted_cgi {	Line 156 sub get_posted_cgi {
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^--\Q$contentsep\E/) {	if ($lines[$i]=~/^--\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	chomp($value);
	if (($r->uri eq '/adm/portfolio') &&
	($name eq 'uploaddoc')) {
	if (length($value) == 1) {
	$value=~s/[\r\n]$//;
	}
	}
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
next if (!grep(/^\Q$name\E$/,@{$fields}));	next if (!grep(/^\Q$name\E$/,@{$fields}));
}	}
Line 278 sub sso_login {	Line 284 sub sso_login {

my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);	my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/);

my $domain = $r->dir_config('lonDefDomain');	my $query = $r->args;
	my %form;
	if ($query) {
	my @items = ('role','symb');
	&Apache::loncommon::get_unprocessed_cgi($query,\@items);
	foreach my $item (@items) {
	if (defined($env{'form.'.$item})) {
	$form{$item} = $env{'form.'.$item};
	}
	}
	}

	my $domain = $r->dir_config('lonSSOUserDomain');
	if ($domain eq '') {
	$domain = $r->dir_config('lonDefDomain');
	}
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
&Apache::lonnet::logthis(" SSO authorized user $user ");	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	my ($is_balancer,$otherserver) =
# login but immeaditly go to switch server to find us a new	&Apache::lonnet::check_loadbalancing($user,$domain);
	if ($is_balancer) {
	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
Line 291 sub sso_login {	Line 314 sub sso_login {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
$r->dir_config('lonSSOReloginServer');	$r->dir_config('lonSSOReloginServer');
}	}
$r->internal_redirect('/adm/switchserver');	my $redirecturl = '/adm/switchserver';
	if ($otherserver ne '') {
	$redirecturl .= '?otherserver='.$otherserver;
	}
	$r->internal_redirect($redirecturl);
$r->set_handlers('PerlHandler'=> undef);	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
Line 302 sub sso_login {	Line 329 sub sso_login {
'server' => $r->dir_config('lonHostID'),	'server' => $r->dir_config('lonHostID'),
'sso.login' => 1	'sso.login' => 1
);	);
	foreach my $item ('role','symb') {
	if (exists($form{$item})) {
	$info{$item} = $form{$item};
	}
	}
if ($r->dir_config("ssodirecturl") == 1) {	if ($r->dir_config("ssodirecturl") == 1) {
$info{'origurl'} = $r->uri;	$info{'origurl'} = $r->uri;
}	}
Line 352 sub handler {	Line 384 sub handler {
return OK;	return OK;
}	}

	if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif\|png)$}) {
	return OK;
	}

my $handle = &Apache::lonnet::check_for_valid_session($r);	my $handle = &Apache::lonnet::check_for_valid_session($r);

my $result = &sso_login($r,$handle);	my $result = &sso_login($r,$handle);
Line 359 sub handler {	Line 395 sub handler {
return $result;	return $result;
}	}

	my ($is_balancer,$otherserver);

if ($r->dir_config("lonBalancer") eq 'yes') {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
	$r->log_reason("Cookie $handle not valid", $r->filename);
	}
} elsif ($handle ne '') {	} elsif ($handle ne '') {

# ------------------------------------------------------ Initialize Environment	# ------------------------------------------------------ Initialize Environment
Line 383 sub handler {	Line 417 sub handler {
if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {	if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {
# -------------------------------------------------------------- Resource State	# -------------------------------------------------------------- Resource State

	my ($cdom,$cnum);
	if ($env{'request.course.id'}) {
	$cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
	$cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
	}
if ($requrl=~/^\/+(res\|uploaded)\//) {	if ($requrl=~/^\/+(res\|uploaded)\//) {
$env{'request.state'} = "published";	$env{'request.state'} = "published";
} else {	} else {
Line 390 sub handler {	Line 429 sub handler {
}	}
$env{'request.filename'} = $r->filename;	$env{'request.filename'} = $r->filename;
$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
	my $suppext;
	if ($requrl =~ m{^/adm/wrapper/ext/}) {
	my $query = $r->args;
	if ($query) {
	my $preserved;
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	unless ($name eq 'symb') {
	$preserved .= $pair.'&';
	}
	if (($env{'request.course.id'}) && ($name eq 'folderpath')) {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
	}
	$preserved =~ s/\&$//;
	if ($preserved) {
	$env{'request.external.querystring'} = $preserved;
	}
	}
	} elsif ($env{'request.course.id'} &&
	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
	($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
	my $query = $r->args;
	if ($query) {
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	if ($name eq 'folderpath') {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
	}
	}
	}
# -------------------------------------------------------- Load POST parameters	# -------------------------------------------------------- Load POST parameters

&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);

	# ------------------------------------------------------ Check if load balancer

	my $checkexempt;
	if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {
	if ($env{'user.loadbalcheck.time'} + 600 > time) {
	$checkexempt = 1;
	}
	}
	unless ($checkexempt) {
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing($env{'user.name'},
	$env{'user.domain'});
	}
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}	if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}
Line 412 sub handler {	Line 508 sub handler {
return OK;	return OK;
}	}
if (($access ne '2') && ($access ne 'F')) {	if (($access ne '2') && ($access ne 'F')) {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	if ($requrl =~ m{^/res/}) {
return HTTP_NOT_ACCEPTABLE;	$access = &Apache::lonnet::allowed('bro',$requrl);
	if ($access ne 'F') {
	if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
	$access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
	if ($access ne 'F') {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
}	}
}	}
if ($requrl =~ m\|^/prtspool/\|) {	if ($requrl =~ m\|^/prtspool/\|) {
Line 436 sub handler {	Line 548 sub handler {
$env{'user.domain'} eq 'public' &&	$env{'user.domain'} eq 'public' &&
$requrl !~ m{^/+(res\|public\|uploaded)/} &&	$requrl !~ m{^/+(res\|public\|uploaded)/} &&
$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&	$requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
	$requrl !~ m{^/adm/blockingstatus/.*$} &&
$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {	$requrl !~ m{^/+adm/(help\|logout\|restrictedaccess\|randomlabel\.png)}) {
$env{'request.querystring'}=$r->args;	$env{'request.querystring'}=$r->args;
$env{'request.firsturl'}=$requrl;	$env{'request.firsturl'}=$requrl;
Line 445 sub handler {	Line 558 sub handler {
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);	&Apache::lonnet::countacc($requrl);
$requrl=~/\.(\w+)$/;	$requrl=~/\.(\w+)$/;
	my $query=$r->args;
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
($requrl=~/^\/adm\/.*\/(aboutme\|navmaps\|smppg\|bulletinboard)(\?\|$ )/x) \|\|	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
($requrl=~/^\/adm\/wrapper\//) \|\|	($requrl=~/^\/adm\/wrapper\//) \|\|
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/)) {	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $query=$r->args;
my $symb;	my $symb;
if ($query) {	if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);	&Apache::loncommon::get_unprocessed_cgi($query,['symb','folderpath']);
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
Line 466 sub handler {	Line 581 sub handler {
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1))) {	&Apache::lonnet::symbverify($symb,$1)) \|\|
	(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&
	&Apache::lonnet::symbverify($symb,$1))) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 478 sub handler {	Line 595 sub handler {
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
} else {	} else {
$symb=&Apache::lonnet::symbread($requrl);	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
if (&Apache::lonnet::is_on_map($requrl) && $symb &&	$requrl = $1;
!&Apache::lonnet::symbverify($symb,$requrl)) {	}
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	unless ($suppext) {
$env{'user.error.msg'}=	$symb=&Apache::lonnet::symbread($requrl);
"$requrl:bre:1:1:Invalid Access";	if (&Apache::lonnet::is_on_map($requrl) && $symb &&
return HTTP_NOT_ACCEPTABLE;	!&Apache::lonnet::symbverify($symb,$requrl)) {
}	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
if ($symb) {	$env{'user.error.msg'}=
my ($map,$mid,$murl)=	"$requrl:bre:1:1:Invalid Access";
&Apache::lonnet::decode_symb($symb);	return HTTP_NOT_ACCEPTABLE;
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	}
'last_known' =>[$murl,$mid]);	if ($symb) {
	my ($map,$mid,$murl)=
	&Apache::lonnet::decode_symb($symb);
	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
	'last_known' =>[$murl,$mid]);
	}
}	}
}	}
$env{'request.symb'}=$symb;	$env{'request.symb'}=$symb;
Line 499 sub handler {	Line 621 sub handler {
# ------------------------------------------------------- This is other content	# ------------------------------------------------------- This is other content
&Apache::lonnet::courseacclog($requrl);	&Apache::lonnet::courseacclog($requrl);
}	}
	if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/(docs\|supplemental)/.+\.html?$}) {
	if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
	if ($query) {
	&Apache::loncommon::get_unprocessed_cgi($query,['forceedit']);
	if ($env{'form.forceedit'}) {
	$env{'request.state'} = 'edit';
	}
	}
	}
	}
}	}
return OK;	return OK;
	} else {
	my $defdom=$r->dir_config('lonDefDomain');
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing(undef,$defdom);
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}
}	}
# -------------------------------------------- See if this is a public resource	# -------------------------------------------- See if this is a public resource
if ($requrl=~m\|^/+adm/+help/+\|) {	if ($requrl=~m\|^/+adm/+help/+\|) {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.123
changed lines
	Added in v.1.142