--- loncom/auth/lonacc.pm 2021/01/02 19:31:11 1.186 +++ loncom/auth/lonacc.pm 2021/07/19 15:48:26 1.192 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.186 2021/01/02 19:31:11 raeburn Exp $ +# $Id: lonacc.pm,v 1.192 2021/07/19 15:48:26 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -305,7 +305,7 @@ sub sso_login { my $query = $r->args; my %form; if ($query) { - my @items = ('role','symb','iptoken'); + my @items = ('role','symb','iptoken','origurl'); &Apache::loncommon::get_unprocessed_cgi($query,\@items); foreach my $item (@items) { if (defined($env{'form.'.$item})) { @@ -349,7 +349,7 @@ sub sso_login { my $lowest_load; ($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain); if ($lowest_load > 100) { - $otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$domain); + $otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$domain); } if ($otherserver ne '') { my @hosts = &Apache::lonnet::current_machine_ids(); @@ -367,7 +367,7 @@ sub sso_login { foreach my $item (keys(%form)) { $env{'form.'.$item} = $form{$item}; } - unless ($form{'symb'}) { + unless (($form{'symb'}) || ($form{'origurl'})) { unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) { $env{'form.origurl'} = $r->uri; } @@ -393,12 +393,12 @@ sub sso_login { 'server' => $r->dir_config('lonHostID'), 'sso.login' => 1 ); - foreach my $item ('role','symb','iptoken') { + foreach my $item ('role','symb','iptoken','origurl') { if (exists($form{$item})) { $info{$item} = $form{$item}; } } - unless ($info{'symb'}) { + unless (($info{'symb'}) || ($info{'origurl'})) { unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) { $info{'origurl'} = $r->uri; } @@ -559,7 +559,7 @@ sub handler { my $hostname = $r->hostname(); my $lonhost = &Apache::lonnet::host_from_dns($hostname); if ($lonhost) { - my $actual = &Apache::lonnet::absolute_url($hostname); + my $actual = &Apache::lonnet::absolute_url($hostname,1,1); my $exphostname = &Apache::lonnet::hostname($lonhost); my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname; unless ($actual eq $expected) { @@ -673,6 +673,9 @@ sub handler { if ((!$env{'request.role.adv'}) && ($env{'acc.randomout'}) && ($env{'acc.randomout'}=~/\&\Q$poss_symb\E\&/)) { undef($poss_symb); + } elsif ((!$env{'request.role.adv'}) && ($env{'acc.deeplinkout'}) && + ($env{'acc.deeplinkout'}=~/\&\Q$poss_symb\E\&/)) { + undef($poss_symb); } } } @@ -682,7 +685,18 @@ sub handler { $access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1); } } else { - $access=&Apache::lonnet::allowed('bre',$requrl); + my $nodeeplinkcheck; + if (($check_access) && ($requrl =~ /\.(sequence|page)$/)) { + unless ($env{'form.navmap'}) { + if ($r->args ne '') { + &Apache::loncommon::get_unprocessed_cgi($r->args,['navmap']); + unless ($env{'form.navmap'}) { + $nodeeplinkcheck = 1; + } + } + } + } + $access=&Apache::lonnet::allowed('bre',$requrl,'','','','','',$nodeeplinkcheck) } } if ($check_block) { @@ -789,18 +803,32 @@ sub handler { } if ($env{'form.symb'}) { $symb=&Apache::lonnet::symbclean($env{'form.symb'}); - if ($requrl eq '/adm/navmaps') { - my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); - &Apache::lonnet::symblist($map,$murl => [$murl,$mid]); - } elsif ($requrl =~ m|^/adm/wrapper/| - || $requrl =~ m|^/adm/coursedocs/showdoc/|) { - my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); - if ($map =~ /\.page$/) { - my $mapsymb = &Apache::lonnet::symbread($map); - ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb); + if (($requrl eq '/adm/navmaps') || + ($requrl =~ m{^/adm/wrapper/}) || + ($requrl =~ m{^/adm/coursedocs/showdoc/})) { + unless (&Apache::lonnet::symbverify($symb,$requrl)) { + if (&Apache::lonnet::is_on_map($requrl)) { + $symb = &Apache::lonnet::symbread($requrl); + unless (&Apache::lonnet::symbverify($symb,$requrl)) { + undef($symb); + } + } + } + if ($symb) { + if ($requrl eq '/adm/navmaps') { + my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); + &Apache::lonnet::symblist($map,$murl => [$murl,$mid]); + } elsif (($requrl =~ m{^/adm/wrapper/}) || + ($requrl =~ m{^/adm/coursedocs/showdoc/})) { + my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); + if ($map =~ /\.page$/) { + my $mapsymb = &Apache::lonnet::symbread($map); + ($map,$mid,$murl)=&Apache::lonnet::decode_symb($mapsymb); + } + &Apache::lonnet::symblist($map,$murl => [$murl,$mid], + 'last_known' =>[$murl,$mid]); + } } - &Apache::lonnet::symblist($map,$murl => [$murl,$mid], - 'last_known' =>[$murl,$mid]); } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) || (($requrl=~m|(.*)/smpedit$|) && &Apache::lonnet::symbverify($symb,$1)) || @@ -860,10 +888,14 @@ sub handler { } } if ($invalidsymb) { - $r->log_reason('Invalid symb for '.$requrl.': '.$symb); - $env{'user.error.msg'}= - "$requrl:bre:1:1:Invalid Access"; - return HTTP_NOT_ACCEPTABLE; + if ($requrl eq '/adm/navmaps') { + undef($symb); + } else { + $r->log_reason('Invalid symb for '.$requrl.': '.$symb); + $env{'user.error.msg'}= + "$requrl:bre:1:1:Invalid Access"; + return HTTP_NOT_ACCEPTABLE; + } } } }