version 1.1434, 2020/12/18 15:23:03
|
version 1.1442, 2021/02/08 14:50:53
|
Line 1445 sub spare_can_host {
|
Line 1445 sub spare_can_host {
|
$canhost = 0; |
$canhost = 0; |
} |
} |
} |
} |
|
if ($canhost) { |
|
if (ref($defdomdefaults{'offloadoth'}) eq 'HASH') { |
|
if ($defdomdefaults{'offloadoth'}{$try_server}) { |
|
unless (&shared_institution($udom,$try_server)) { |
|
$canhost = 0; |
|
} |
|
} |
|
} |
|
} |
if (($canhost) && ($uint_dom)) { |
if (($canhost) && ($uint_dom)) { |
my @intdoms; |
my @intdoms; |
my $internet_names = &get_internet_names($try_server); |
my $internet_names = &get_internet_names($try_server); |
Line 2155 sub get_dom {
|
Line 2164 sub get_dom {
|
} |
} |
if ($udom && $uhome && ($uhome ne 'no_host')) { |
if ($udom && $uhome && ($uhome ne 'no_host')) { |
my $rep; |
my $rep; |
if ($namespace =~ /^enc/) { |
if (grep { $_ eq $uhome } ¤t_machine_ids()) { |
$rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); |
# domain information is hosted on this machine |
|
my $cmd = 'getdom'; |
|
if ($namespace =~ /^enc/) { |
|
$cmd = 'egetdom'; |
|
} |
|
$rep = &LONCAPA::Lond::get_dom("$cmd:$udom:$namespace:$items"); |
} else { |
} else { |
$rep=&reply("getdom:$udom:$namespace:$items",$uhome); |
if ($namespace =~ /^enc/) { |
|
$rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); |
|
} else { |
|
$rep=&reply("getdom:$udom:$namespace:$items",$uhome); |
|
} |
} |
} |
my %returnhash; |
my %returnhash; |
if ($rep eq '' || $rep =~ /^error: 2 /) { |
if ($rep eq '' || $rep =~ /^error: 2 /) { |
Line 2689 sub get_domain_defaults {
|
Line 2707 sub get_domain_defaults {
|
if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') { |
if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') { |
$domdefaults{'offloadnow'} = $domconfig{'usersessions'}{'offloadnow'}; |
$domdefaults{'offloadnow'} = $domconfig{'usersessions'}{'offloadnow'}; |
} |
} |
|
if (ref($domconfig{'usersessions'}{'offloadoth'}) eq 'HASH') { |
|
$domdefaults{'offloadoth'} = $domconfig{'usersessions'}{'offloadoth'}; |
|
} |
} |
} |
if (ref($domconfig{'selfenrollment'}) eq 'HASH') { |
if (ref($domconfig{'selfenrollment'}) eq 'HASH') { |
if (ref($domconfig{'selfenrollment'}{'admin'}) eq 'HASH') { |
if (ref($domconfig{'selfenrollment'}{'admin'}) eq 'HASH') { |
Line 2757 sub get_domain_defaults {
|
Line 2778 sub get_domain_defaults {
|
} |
} |
} |
} |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
foreach my $item ('ipheader','trusted','exempt') { |
foreach my $item ('ipheader','trusted','vpnint','vpnext') { |
if ($domconfig{'wafproxy'}{$item}) { |
if ($domconfig{'wafproxy'}{$item}) { |
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; |
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; |
} |
} |
Line 8082 sub allowed {
|
Line 8103 sub allowed {
|
|
|
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; } |
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; } |
# Free bre access to adm and meta resources |
# Free bre access to adm and meta resources |
if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$})) |
if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$})) |
|| (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) |
|| (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) |
&& ($priv eq 'bre')) { |
&& ($priv eq 'bre')) { |
return 'F'; |
return 'F'; |
Line 10332 sub modifyuserauth {
|
Line 10353 sub modifyuserauth {
|
&log($udom,,$uname,$uhome, |
&log($udom,,$uname,$uhome, |
'Authentication changed by '.$env{'user.domain'}.', '. |
'Authentication changed by '.$env{'user.domain'}.', '. |
$env{'user.name'}.', '.$umode. |
$env{'user.name'}.', '.$umode. |
'(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply); |
'(Remote '.$ip.'): '.$reply); |
unless ($reply eq 'ok') { |
unless ($reply eq 'ok') { |
&logthis('Authentication mode error: '.$reply); |
&logthis('Authentication mode error: '.$reply); |
return 'error: '.$reply; |
return 'error: '.$reply; |
Line 12407 sub EXT {
|
Line 12428 sub EXT {
|
} |
} |
} elsif ($realm eq 'client') { |
} elsif ($realm eq 'client') { |
if ($space eq 'remote_addr') { |
if ($space eq 'remote_addr') { |
return $ENV{'REMOTE_ADDR'}; |
return &get_requestor_ip(); |
} |
} |
} |
} |
return ''; |
return ''; |
Line 14217 sub default_login_domain {
|
Line 14238 sub default_login_domain {
|
} |
} |
|
|
sub shared_institution { |
sub shared_institution { |
my ($dom) = @_; |
my ($dom,$lonhost) = @_; |
|
if ($lonhost eq '') { |
|
$lonhost = $perlvar{'lonHostID'}; |
|
} |
my $same_intdom; |
my $same_intdom; |
my $hostintdom = &internet_dom($perlvar{'lonHostID'}); |
my $hostintdom = &internet_dom($lonhost); |
if ($hostintdom ne '') { |
if ($hostintdom ne '') { |
my %iphost = &get_iphost(); |
my %iphost = &get_iphost(); |
my $primary_id = &domain($dom,'primary'); |
my $primary_id = &domain($dom,'primary'); |
Line 14288 sub get_requestor_ip {
|
Line 14312 sub get_requestor_ip {
|
my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'}; |
my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'}; |
my $proxyinfo = &get_proxy_settings($dom_in_use); |
my $proxyinfo = &get_proxy_settings($dom_in_use); |
if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) { |
if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) { |
if ($proxyinfo->{'exempt'}) { |
if ($proxyinfo->{'vpnint'}) { |
if (&ip_match($from_ip,$proxyinfo->{'exempt'})) { |
if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) { |
return $from_ip; |
return $from_ip; |
} |
} |
} |
} |
Line 14309 sub get_requestor_ip {
|
Line 14333 sub get_requestor_ip {
|
$xfor = $ENV{'HTTP_X_FORWARDED_FOR'}; |
$xfor = $ENV{'HTTP_X_FORWARDED_FOR'}; |
} |
} |
if (($ip eq '') && ($xfor ne '')) { |
if (($ip eq '') && ($xfor ne '')) { |
my @ips = reverse(split(/\s*,\s*/,$xfor)); |
|
foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) { |
foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) { |
unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) { |
unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) { |
$ip = $poss_ip; |
$ip = $poss_ip; |
|
last; |
} |
} |
} |
} |
} |
} |
Line 14331 sub get_proxy_settings {
|
Line 14355 sub get_proxy_settings {
|
my $proxyinfo = { |
my $proxyinfo = { |
ipheader => $domdefaults{'waf_ipheader'}, |
ipheader => $domdefaults{'waf_ipheader'}, |
trusted => $domdefaults{'waf_trusted'}, |
trusted => $domdefaults{'waf_trusted'}, |
exempt => $domdefaults{'waf_exempt'}, |
vpnint => $domdefaults{'waf_vpnint'}, |
|
vpnext => $domdefaults{'waf_vpnext'}, |
}; |
}; |
return $proxyinfo; |
return $proxyinfo; |
} |
} |
Line 14356 sub get_proxy_alias {
|
Line 14381 sub get_proxy_alias {
|
if ($dom ne '') { |
if ($dom ne '') { |
my $cachetime = 60*60*24; |
my $cachetime = 60*60*24; |
my %domconfig = |
my %domconfig = |
&Apache::lonnet::get_dom('configuration',['proxy'],$dom); |
&Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); |
my $alias; |
my $alias; |
if (ref($domconfig{'proxy'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
if (ref($domconfig{'proxy'}{'alias'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
$alias = $domconfig{'proxy'}{'alias'}{$lonhost}; |
$alias = $domconfig{'wafproxy'}{'alias'}{$lonhost}; |
} |
} |
} |
} |
return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime); |
return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime); |