loncom/auth/lonacc.pm - diff

Return to lonacc.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonacc.pm between versions 1.130.6.1 and 1.142

version 1.130.6.1, 2011/11/18 22:41:02	version 1.142, 2013/01/30 16:23:47
Line 105 use Apache::lonlocal;	Line 105 use Apache::lonlocal;
use Apache::restrictedaccess();	use Apache::restrictedaccess();
use Apache::blockedaccess();	use Apache::blockedaccess();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use LONCAPA;	use LONCAPA qw(:DEFAULT :match);

sub cleanup {	sub cleanup {
my ($r)=@_;	my ($r)=@_;
Line 156 sub get_posted_cgi {	Line 156 sub get_posted_cgi {
for ($i=0;$i<=$#lines;$i++) {	for ($i=0;$i<=$#lines;$i++) {
if ($lines[$i]=~/^--\Q$contentsep\E/) {	if ($lines[$i]=~/^--\Q$contentsep\E/) {
if ($name) {	if ($name) {
chomp($value);	chomp($value);
	if (($r->uri eq '/adm/portfolio') &&
	($name eq 'uploaddoc')) {
	if (length($value) == 1) {
	$value=~s/[\r\n]$//;
	}
	}
if (ref($fields) eq 'ARRAY') {	if (ref($fields) eq 'ARRAY') {
next if (!grep(/^\Q$name\E$/,@{$fields}));	next if (!grep(/^\Q$name\E$/,@{$fields}));
}	}
Line 290 sub sso_login {	Line 296 sub sso_login {
}	}
}	}

my $domain = $r->dir_config('lonDefDomain');	my $domain = $r->dir_config('lonSSOUserDomain');
	if ($domain eq '') {
	$domain = $r->dir_config('lonDefDomain');
	}
my $home=&Apache::lonnet::homeserver($user,$domain);	my $home=&Apache::lonnet::homeserver($user,$domain);
if ($home !~ /(con_lost\|no_host\|no_such_host)/) {	if ($home !~ /(con_lost\|no_host\|no_such_host)/) {
&Apache::lonnet::logthis(" SSO authorized user $user ");	&Apache::lonnet::logthis(" SSO authorized user $user ");
if ($r->dir_config("lonBalancer") eq 'yes') {	my ($is_balancer,$otherserver) =
# login but immeaditly go to switch server to find us a new	&Apache::lonnet::check_loadbalancing($user,$domain);
	if ($is_balancer) {
	# login but immediately go to switch server to find us a new
# machine	# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');	&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
$env{'request.sso.login'} = 1;	$env{'request.sso.login'} = 1;
Line 303 sub sso_login {	Line 314 sub sso_login {
$env{'request.sso.reloginserver'} =	$env{'request.sso.reloginserver'} =
$r->dir_config('lonSSOReloginServer');	$r->dir_config('lonSSOReloginServer');
}	}
$r->internal_redirect('/adm/switchserver');	my $redirecturl = '/adm/switchserver';
	if ($otherserver ne '') {
	$redirecturl .= '?otherserver='.$otherserver;
	}
	$r->internal_redirect($redirecturl);
$r->set_handlers('PerlHandler'=> undef);	$r->set_handlers('PerlHandler'=> undef);
} else {	} else {
# need to login them in, so generate the need data that	# need to login them in, so generate the need data that
Line 380 sub handler {	Line 395 sub handler {
return $result;	return $result;
}	}

	my ($is_balancer,$otherserver);

if ($r->dir_config("lonBalancer") eq 'yes') {
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}

if ($handle eq '') {	if ($handle eq '') {
$r->log_reason("Cookie $handle not valid", $r->filename);	unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
	$r->log_reason("Cookie $handle not valid", $r->filename);
	}
} elsif ($handle ne '') {	} elsif ($handle ne '') {

# ------------------------------------------------------ Initialize Environment	# ------------------------------------------------------ Initialize Environment
Line 404 sub handler {	Line 417 sub handler {
if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {	if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {
# -------------------------------------------------------------- Resource State	# -------------------------------------------------------------- Resource State

	my ($cdom,$cnum);
	if ($env{'request.course.id'}) {
	$cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
	$cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
	}
if ($requrl=~/^\/+(res\|uploaded)\//) {	if ($requrl=~/^\/+(res\|uploaded)\//) {
$env{'request.state'} = "published";	$env{'request.state'} = "published";
} else {	} else {
Line 411 sub handler {	Line 429 sub handler {
}	}
$env{'request.filename'} = $r->filename;	$env{'request.filename'} = $r->filename;
$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);	$env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
	my $suppext;
if ($requrl =~ m{^/adm/wrapper/ext/}) {	if ($requrl =~ m{^/adm/wrapper/ext/}) {
my $query = $r->args;	my $query = $r->args;
if ($query) {	if ($query) {
my $preserved;	my $preserved;
foreach my $pair (split(/&/,$query)) {	foreach my $pair (split(/&/,$query)) {
my ($name, $value) = split(/=/,$pair);	my ($name, $value) = split(/=/,$pair);
unless (($name eq 'symb') \|\| ($name eq 'wrapperdisplay')) {	unless ($name eq 'symb') {
$preserved .= $pair.'&';	$preserved .= $pair.'&';
}	}
	if (($env{'request.course.id'}) && ($name eq 'folderpath')) {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
}	}
$preserved =~ s/\&$//;	$preserved =~ s/\&$//;
if ($preserved) {	if ($preserved) {
$env{'request.external.querystring'} = $preserved;	$env{'request.external.querystring'} = $preserved;
}	}
}	}
	} elsif ($env{'request.course.id'} &&
	(($requrl =~ m{^/adm/$match_domain/$match_username/aboutme$}) \|\|
	($requrl =~ m{^/public/$cdom/$cnum/syllabus$}))) {
	my $query = $r->args;
	if ($query) {
	foreach my $pair (split(/&/,$query)) {
	my ($name, $value) = split(/=/,$pair);
	if ($name eq 'folderpath') {
	if ($value =~ /^supplemental/) {
	$suppext = 1;
	}
	}
	}
	}
}	}
# -------------------------------------------------------- Load POST parameters	# -------------------------------------------------------- Load POST parameters

&Apache::lonacc::get_posted_cgi($r);	&Apache::lonacc::get_posted_cgi($r);

	# ------------------------------------------------------ Check if load balancer

	my $checkexempt;
	if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) {
	if ($env{'user.loadbalcheck.time'} + 600 > time) {
	$checkexempt = 1;
	}
	}
	unless ($checkexempt) {
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing($env{'user.name'},
	$env{'user.domain'});
	}
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}

# ---------------------------------------------------------------- Check access	# ---------------------------------------------------------------- Check access
my $now = time;	my $now = time;
if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}	if ($requrl !~ m{^/(?:adm\|public\|prtspool)/}
Line 452 sub handler {	Line 511 sub handler {
if ($requrl =~ m{^/res/}) {	if ($requrl =~ m{^/res/}) {
$access = &Apache::lonnet::allowed('bro',$requrl);	$access = &Apache::lonnet::allowed('bro',$requrl);
if ($access ne 'F') {	if ($access ne 'F') {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') {
return HTTP_NOT_ACCEPTABLE;	$access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem');
	if ($access ne 'F') {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
	} else {
	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
	return HTTP_NOT_ACCEPTABLE;
	}
}	}
} else {	} else {
$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";	$env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
Line 489 sub handler {	Line 556 sub handler {
}	}
# ------------------------------------------------------------- This is allowed	# ------------------------------------------------------------- This is allowed
if ($env{'request.course.id'}) {	if ($env{'request.course.id'}) {
my $skiplogging;	&Apache::lonnet::countacc($requrl);
if ((!&Apache::loncommon::needs_gci_custom()) &&
($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} ne $env{'user.name'}.':'.$env{'user.domain'})) {
$skiplogging = 1;
}
unless ($skiplogging) {
&Apache::lonnet::countacc($requrl);
}
$requrl=~/\.(\w+)$/;	$requrl=~/\.(\w+)$/;
my $query=$r->args;	my $query=$r->args;
if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|	if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') \|\|
($requrl=~/^\/adm\/.*\/(aboutme\|navmaps\|smppg\|bulletinboard)(\?\|$ )/x) \|\|	($requrl=~/^\/adm\/.*\/(aboutme\|smppg\|bulletinboard)(\?\|$ )/x) \|\|
($requrl=~/^\/adm\/wrapper\//) \|\|	($requrl=~/^\/adm\/wrapper\//) \|\|
($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|	($requrl=~m\|^/adm/coursedocs/showdoc/\|) \|\|
($requrl=~m\|\.problem/smpedit$\|) \|\|	($requrl=~m\|\.problem/smpedit$\|) \|\|
($requrl=~/^\/public\/.*\/syllabus$/)) {	($requrl=~/^\/public\/.*\/syllabus$/) \|\|
	($requrl=~/^\/adm\/(viewclasslist\|navmaps)$/) \|\|
	($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?\|$)/)) {
# ------------------------------------- This is serious stuff, get symb and log	# ------------------------------------- This is serious stuff, get symb and log
my $symb;	my $symb;
if ($query) {	if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);	&Apache::loncommon::get_unprocessed_cgi($query,['symb','folderpath']);
}	}
if ($env{'form.symb'}) {	if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});	$symb=&Apache::lonnet::symbclean($env{'form.symb'});
Line 519 sub handler {	Line 581 sub handler {
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|	} elsif ((&Apache::lonnet::symbverify($symb,$requrl)) \|\|
(($requrl=~m\|(.*)/smpedit$\|) &&	(($requrl=~m\|(.*)/smpedit$\|) &&
&Apache::lonnet::symbverify($symb,$1))) {	&Apache::lonnet::symbverify($symb,$1)) \|\|
	(($requrl=~m\|(.*/aboutme)/portfolio$\|) &&
	&Apache::lonnet::symbverify($symb,$1))) {
my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);	my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl => [$murl,$mid],	&Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);	'last_known' =>[$murl,$mid]);
Line 531 sub handler {	Line 595 sub handler {
return HTTP_NOT_ACCEPTABLE;	return HTTP_NOT_ACCEPTABLE;
}	}
} else {	} else {
$symb=&Apache::lonnet::symbread($requrl);	if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
if (&Apache::lonnet::is_on_map($requrl) && $symb &&	$requrl = $1;
!&Apache::lonnet::symbverify($symb,$requrl)) {	}
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);	unless ($suppext) {
$env{'user.error.msg'}=	$symb=&Apache::lonnet::symbread($requrl);
"$requrl:bre:1:1:Invalid Access";	if (&Apache::lonnet::is_on_map($requrl) && $symb &&
return HTTP_NOT_ACCEPTABLE;	!&Apache::lonnet::symbverify($symb,$requrl)) {
}	$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
if ($symb) {	$env{'user.error.msg'}=
my ($map,$mid,$murl)=	"$requrl:bre:1:1:Invalid Access";
&Apache::lonnet::decode_symb($symb);	return HTTP_NOT_ACCEPTABLE;
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],	}
'last_known' =>[$murl,$mid]);	if ($symb) {
	my ($map,$mid,$murl)=
	&Apache::lonnet::decode_symb($symb);
	&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
	'last_known' =>[$murl,$mid]);
	}
}	}
}	}
$env{'request.symb'}=$symb;	$env{'request.symb'}=$symb;
unless ($skiplogging) {	&Apache::lonnet::courseacclog($symb);
&Apache::lonnet::courseacclog($symb);
}
} else {	} else {
# ------------------------------------------------------- This is other content	# ------------------------------------------------------- This is other content
unless ($skiplogging) {	&Apache::lonnet::courseacclog($requrl);
&Apache::lonnet::courseacclog($requrl);
}
}	}
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};;	if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/(docs\|supplemental)/.+\.html?$}) {
my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};;
if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/docs/.+\.html?$}) {
if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {	if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) {
if ($query) {	if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['forceedit']);	&Apache::loncommon::get_unprocessed_cgi($query,['forceedit']);
Line 570 sub handler {	Line 633 sub handler {
}	}
}	}
return OK;	return OK;
	} else {
	my $defdom=$r->dir_config('lonDefDomain');
	($is_balancer,$otherserver) =
	&Apache::lonnet::check_loadbalancing(undef,$defdom);
	if ($is_balancer) {
	$r->set_handlers('PerlResponseHandler'=>
	[\&Apache::switchserver::handler]);
	if ($otherserver ne '') {
	$env{'form.otherserver'} = $otherserver;
	}
	}
}	}
# -------------------------------------------- See if this is a public resource	# -------------------------------------------- See if this is a public resource
if ($requrl=~m\|^/+adm/+help/+\|) {	if ($requrl=~m\|^/+adm/+help/+\|) {

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.130.6.1
changed lines
	Added in v.1.142