--- loncom/lonnet/perl/lonnet.pm 2021/04/09 00:57:31 1.1445 +++ loncom/lonnet/perl/lonnet.pm 2021/05/03 15:27:45 1.1450 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1445 2021/04/09 00:57:31 raeburn Exp $ +# $Id: lonnet.pm,v 1.1450 2021/05/03 15:27:45 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -740,6 +740,9 @@ sub check_for_valid_session { if (ref($userhashref) eq 'HASH') { $userhashref->{'name'} = $disk_env{'user.name'}; $userhashref->{'domain'} = $disk_env{'user.domain'}; + if ($disk_env{'request.role'}) { + $userhashref->{'role'} = $disk_env{'request.role'}; + } $userhashref->{'lti'} = $disk_env{'request.lti.login'}; if ($userhashref->{'lti'}) { $userhashref->{'ltitarget'} = $disk_env{'request.lti.target'}; @@ -2778,7 +2781,7 @@ sub get_domain_defaults { } } if (ref($domconfig{'wafproxy'}) eq 'HASH') { - foreach my $item ('ipheader','trusted','vpnint','vpnext') { + foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { if ($domconfig{'wafproxy'}{$item}) { $domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; } @@ -3482,11 +3485,29 @@ sub ssi_body { # --------------------------------------------------------- Server Side Include sub absolute_url { - my ($host_name) = @_; + my ($host_name,$unalias,$keep_proto) = @_; my $protocol = ($ENV{'SERVER_PORT'} == 443?'https://':'http://'); if ($host_name eq '') { $host_name = $ENV{'SERVER_NAME'}; } + if ($unalias) { + my $alias = &get_proxy_alias(); + if ($alias eq $host_name) { + my $lonhost = $perlvar{'lonHostID'}; + my $hostname = &hostname($lonhost); + my $lcproto; + if (($keep_proto) || ($hostname eq '')) { + $lcproto = $protocol; + } else { + $lcproto = $protocol{$lonhost}; + $lcproto = 'http' if ($lcproto ne 'https'); + $lcproto .= '://'; + } + unless ($hostname eq '') { + return $lcproto.$hostname; + } + } + } return $protocol.$host_name; } @@ -3503,12 +3524,13 @@ sub absolute_url { sub ssi { my ($fn,%form)=@_; - my $request; + my ($host,$request,$response); + $host = &absolute_url('',1); $form{'no_update_last_known'}=1; &Apache::lonenc::check_encrypt(\$fn); if (%form) { - $request=new HTTP::Request('POST',&absolute_url().$fn); + $request=new HTTP::Request('POST',$host.$fn); $request->content(join('&',map { my $name = escape($_); "$name=" . ( ref($form{$_}) eq 'ARRAY' @@ -3516,7 +3538,7 @@ sub ssi { : &escape($form{$_}) ); } keys(%form))); } else { - $request=new HTTP::Request('GET',&absolute_url().$fn); + $request=new HTTP::Request('GET',$host.$fn); } $request->header(Cookie => $ENV{'HTTP_COOKIE'}); @@ -3530,8 +3552,8 @@ sub ssi { ($env{'request.course.sec'}?'/'.$env{'request.course.sec'}:'')))) { $islocal = 1; } - my $response= &LONCAPA::LWPReq::makerequest($lonhost,$request,'',\%perlvar, - '','','',$islocal); + $response= &LONCAPA::LWPReq::makerequest($lonhost,$request,'',\%perlvar, + '','','',$islocal); if (wantarray) { return ($response->content, $response); @@ -10278,10 +10300,9 @@ sub autoupdate_coowners { foreach my $xlist (split(',',$xlists)) { my ($inst_crosslist,$lcsec) = split(':',$xlist); $result = - &Apache::lonnet::auto_validate_inst_crosslist($cnum,$cdom,$instcode, - $inst_crosslist,$uname.':'.$udom); - last if ($result eq 'valid'); - } + &auto_validate_inst_crosslist($cnum,$cdom,$instcode, + $inst_crosslist,$uname.':'.$udom); + last if ($result eq 'valid'); } } } @@ -14333,11 +14354,37 @@ sub uses_sts { return; } +sub waf_allssl { + my ($host_name) = @_; + my $alias = &get_proxy_alias(); + if ($host_name eq '') { + $host_name = $ENV{'SERVER_NAME'}; + } + if (($host_name ne '') && ($alias eq $host_name)) { + my $serverhomedom = &host_domain($perlvar{'lonHostID'}); + my %defdomdefaults = &get_domain_defaults($serverhomedom); + if ($defdomdefaults{'waf_sslopt'}) { + return $defdomdefaults{'waf_sslopt'}; + } + } + return; +} + sub get_requestor_ip { my ($r,$nolookup,$noproxy) = @_; my $from_ip; if (ref($r)) { - $from_ip = $r->get_remote_host($nolookup); + if ($r->can('useragent_ip')) { + if ($noproxy && $r->can('client_ip')) { + $from_ip = $r->client_ip(); + } else { + $from_ip = $r->useragent_ip(); + } + } elsif ($r->connection->can('remote_ip')) { + $from_ip = $r->connection->remote_ip(); + } else { + $from_ip = $r->get_remote_host($nolookup); + } } else { $from_ip = $ENV{'REMOTE_ADDR'}; } @@ -14391,6 +14438,7 @@ sub get_proxy_settings { trusted => $domdefaults{'waf_trusted'}, vpnint => $domdefaults{'waf_vpnint'}, vpnext => $domdefaults{'waf_vpnext'}, + sslopt => $domdefaults{'waf_sslopt'}, }; return $proxyinfo; } @@ -14405,13 +14453,19 @@ sub ip_match { } sub get_proxy_alias { - my $lonhost = $perlvar{'lonHostID'}; - if ($lonhost ne '') { - my ($alias,$cached) = &is_cached_new('proxyalias',$lonhost); + my ($lonid) = @_; + if ($lonid eq '') { + $lonid = $perlvar{'lonHostID'}; + } + if (!defined(&hostname($lonid))) { + return; + } + if ($lonid ne '') { + my ($alias,$cached) = &is_cached_new('proxyalias',$lonid); if ($cached) { return $alias; } - my $dom = &Apache::lonnet::host_domain($lonhost); + my $dom = &Apache::lonnet::host_domain($lonid); if ($dom ne '') { my $cachetime = 60*60*24; my %domconfig = @@ -14419,10 +14473,32 @@ sub get_proxy_alias { my $alias; if (ref($domconfig{'wafproxy'}) eq 'HASH') { if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { - $alias = $domconfig{'wafproxy'}{'alias'}{$lonhost}; + $alias = $domconfig{'wafproxy'}{'alias'}{$lonid}; } } - return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime); + return &do_cache_new('proxyalias',$lonid,$alias,$cachetime); + } + } + return; +} + +sub use_proxy_alias { + my ($r,$lonid) = @_; + my $alias = &get_proxy_alias($lonid); + if ($alias) { + my $dom = &host_domain($lonid); + if ($dom ne '') { + my $proxyinfo = &get_proxy_settings($dom ); + my ($vpnint,$remote_ip); + if (ref($proxyinfo) eq 'HASH') { + $vpnint = $proxyinfo->{'vpnint'}; + if ($vpnint) { + $remote_ip = &get_requestor_ip($r,1,1); + } + } + unless ($vpnint && &ip_match($remote_ip,$vpnint)) { + return $alias; + } } } return;