--- loncom/lonnet/perl/lonnet.pm 2020/12/18 15:23:03 1.1434
+++ loncom/lonnet/perl/lonnet.pm 2021/01/17 01:58:56 1.1438
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1434 2020/12/18 15:23:03 raeburn Exp $
+# $Id: lonnet.pm,v 1.1438 2021/01/17 01:58:56 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2757,7 +2757,7 @@ sub get_domain_defaults {
}
}
if (ref($domconfig{'wafproxy'}) eq 'HASH') {
- foreach my $item ('ipheader','trusted','exempt') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext') {
if ($domconfig{'wafproxy'}{$item}) {
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item};
}
@@ -8082,7 +8082,7 @@ sub allowed {
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
# Free bre access to adm and meta resources
- if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$}))
+ if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$}))
|| (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) ))
&& ($priv eq 'bre')) {
return 'F';
@@ -10332,7 +10332,7 @@ sub modifyuserauth {
&log($udom,,$uname,$uhome,
'Authentication changed by '.$env{'user.domain'}.', '.
$env{'user.name'}.', '.$umode.
- '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply);
+ '(Remote '.$ip.'): '.$reply);
unless ($reply eq 'ok') {
&logthis('Authentication mode error: '.$reply);
return 'error: '.$reply;
@@ -14288,8 +14288,8 @@ sub get_requestor_ip {
my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'};
my $proxyinfo = &get_proxy_settings($dom_in_use);
if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) {
- if ($proxyinfo->{'exempt'}) {
- if (&ip_match($from_ip,$proxyinfo->{'exempt'})) {
+ if ($proxyinfo->{'vpnint'}) {
+ if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) {
return $from_ip;
}
}
@@ -14309,10 +14309,10 @@ sub get_requestor_ip {
$xfor = $ENV{'HTTP_X_FORWARDED_FOR'};
}
if (($ip eq '') && ($xfor ne '')) {
- my @ips = reverse(split(/\s*,\s*/,$xfor));
foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) {
unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) {
$ip = $poss_ip;
+ last;
}
}
}
@@ -14331,7 +14331,8 @@ sub get_proxy_settings {
my $proxyinfo = {
ipheader => $domdefaults{'waf_ipheader'},
trusted => $domdefaults{'waf_trusted'},
- exempt => $domdefaults{'waf_exempt'},
+ vpnint => $domdefaults{'waf_vpnint'},
+ vpnext => $domdefaults{'waf_vpnext'},
};
return $proxyinfo;
}
@@ -14356,11 +14357,11 @@ sub get_proxy_alias {
if ($dom ne '') {
my $cachetime = 60*60*24;
my %domconfig =
- &Apache::lonnet::get_dom('configuration',['proxy'],$dom);
+ &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom);
my $alias;
- if (ref($domconfig{'proxy'}) eq 'HASH') {
- if (ref($domconfig{'proxy'}{'alias'}) eq 'HASH') {
- $alias = $domconfig{'proxy'}{'alias'}{$lonhost};
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ $alias = $domconfig{'wafproxy'}{'alias'}{$lonhost};
}
}
return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime);