|
version 1.1172.2.141, 2021/06/20 16:39:27
|
version 1.1172.2.142, 2021/12/14 20:23:40
|
|
Line 95 use Cache::Memcached;
|
Line 95 use Cache::Memcached;
|
| use Digest::MD5; |
use Digest::MD5; |
| use Math::Random; |
use Math::Random; |
| use File::MMagic; |
use File::MMagic; |
| |
use Net::CIDR; |
| |
use Sys::Hostname::FQDN(); |
| use LONCAPA qw(:DEFAULT :match); |
use LONCAPA qw(:DEFAULT :match); |
| use LONCAPA::Configuration; |
use LONCAPA::Configuration; |
| use LONCAPA::lonmetadata; |
use LONCAPA::lonmetadata; |
|
Line 689 sub check_for_valid_session {
|
Line 691 sub check_for_valid_session {
|
| if (ref($userhashref) eq 'HASH') { |
if (ref($userhashref) eq 'HASH') { |
| $userhashref->{'name'} = $disk_env{'user.name'}; |
$userhashref->{'name'} = $disk_env{'user.name'}; |
| $userhashref->{'domain'} = $disk_env{'user.domain'}; |
$userhashref->{'domain'} = $disk_env{'user.domain'}; |
| |
if ($disk_env{'request.role'}) { |
| |
$userhashref->{'role'} = $disk_env{'request.role'}; |
| |
} |
| } |
} |
| untie(%disk_env); |
untie(%disk_env); |
| |
|
|
Line 917 sub userload {
|
Line 922 sub userload {
|
| # ------------------------------ Find server with least workload from spare.tab |
# ------------------------------ Find server with least workload from spare.tab |
| |
|
| sub spareserver { |
sub spareserver { |
| my ($loadpercent,$userloadpercent,$want_server_name,$udom) = @_; |
my ($r,$loadpercent,$userloadpercent,$want_server_name,$udom) = @_; |
| my $spare_server; |
my $spare_server; |
| if ($userloadpercent !~ /\d/) { $userloadpercent=0; } |
if ($userloadpercent !~ /\d/) { $userloadpercent=0; } |
| my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent |
my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent |
|
Line 962 sub spareserver {
|
Line 967 sub spareserver {
|
| if ($protocol{$spare_server} eq 'https') { |
if ($protocol{$spare_server} eq 'https') { |
| $protocol = $protocol{$spare_server}; |
$protocol = $protocol{$spare_server}; |
| } |
} |
| |
my $alias = &Apache::lonnet::use_proxy_alias($r,$spare_server); |
| |
$hostname = $alias if ($alias ne ''); |
| $spare_server = $protocol.'://'.$hostname; |
$spare_server = $protocol.'://'.$hostname; |
| } |
} |
| } |
} |
|
Line 2024 sub retrieve_inst_usertypes {
|
Line 2031 sub retrieve_inst_usertypes {
|
| |
|
| sub is_domainimage { |
sub is_domainimage { |
| my ($url) = @_; |
my ($url) = @_; |
| if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo)/+[^/]-) { |
if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo|login)/+[^/]-) { |
| if (&domain($1) ne '') { |
if (&domain($1) ne '') { |
| return '1'; |
return '1'; |
| } |
} |
|
Line 2482 sub get_domain_defaults {
|
Line 2489 sub get_domain_defaults {
|
| $domdefaults{'adhocroles'} = $domconfig{'helpsettings'}{'adhoc'}; |
$domdefaults{'adhocroles'} = $domconfig{'helpsettings'}{'adhoc'}; |
| } |
} |
| } |
} |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') { |
| |
if ($domconfig{'wafproxy'}{$item}) { |
| |
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; |
| |
} |
| |
} |
| |
} |
| &do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime); |
&do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime); |
| return %domdefaults; |
return %domdefaults; |
| } |
} |
|
Line 4601 sub flushcourselogs {
|
Line 4615 sub flushcourselogs {
|
| if (! defined($dom) || $dom eq '' || |
if (! defined($dom) || $dom eq '' || |
| ! defined($name) || $name eq '') { |
! defined($name) || $name eq '') { |
| my $cid = $env{'request.course.id'}; |
my $cid = $env{'request.course.id'}; |
| |
# |
| |
# FIXME 11/29/2021 |
| |
# Typo in rev. 1.458 (2003/12/09)?? |
| |
# These should likely by $env{'course.'.$cid.'.domain'} and $env{'course.'.$cid.'.num'} |
| |
# |
| |
# While these ramain as $env{'request.'.$cid.'.domain'} and $env{'request.'.$cid.'.num'} |
| |
# $dom and $name will always be null, so the &inc() call will default to storing this data |
| |
# in a nohist_accesscount.db file for the user rather than the course. |
| |
# |
| |
# That said there is a lot of noise in the data being stored. |
| |
# So counts for prtspool/ and adm/ etc. are recorded. |
| |
# |
| |
# A review of which items ending '___count' are written to %accesshash should likely be |
| |
# made before deciding whether to set these to 'course.' instead of 'request.' |
| |
# |
| |
# Under the current scheme each user receives a nohist_accesscount.db file listing |
| |
# accesses for things which are not published resources, regardless of course, and |
| |
# there is not a nohist_accesscount.db file in a course, which might log accesses from |
| |
# anyone in the course for things which are not published resources. |
| |
# |
| |
# For an author, nohist_accesscount.db ends up having records for other items |
| |
# mixed up with the legitimate access counts for the author's published resources. |
| |
# |
| $dom = $env{'request.'.$cid.'.domain'}; |
$dom = $env{'request.'.$cid.'.domain'}; |
| $name = $env{'request.'.$cid.'.num'}; |
$name = $env{'request.'.$cid.'.num'}; |
| } |
} |
|
Line 7272 sub portfolio_access {
|
Line 7309 sub portfolio_access {
|
| if ($result) { |
if ($result) { |
| my %setters; |
my %setters; |
| if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') { |
if ($env{'user.name'} eq 'public' && $env{'user.domain'} eq 'public') { |
| my ($startblock,$endblock) = |
my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = |
| &Apache::loncommon::blockcheck(\%setters,'port',$unum,$udom); |
&Apache::loncommon::blockcheck(\%setters,'port',$clientip,$unum,$udom); |
| if ($startblock && $endblock) { |
if (($startblock && $endblock) || ($by_ip)) { |
| return 'B'; |
return 'B'; |
| } |
} |
| } else { |
} else { |
| my ($startblock,$endblock) = |
my ($startblock,$endblock,$triggerblock,$by_ip,$blockdo) = |
| &Apache::loncommon::blockcheck(\%setters,'port'); |
&Apache::loncommon::blockcheck(\%setters,'port',$clientip); |
| if ($startblock && $endblock) { |
if (($startblock && $endblock) || ($by_ip)) { |
| return 'B'; |
return 'B'; |
| } |
} |
| } |
} |
|
Line 7857 sub allowed {
|
Line 7894 sub allowed {
|
| if (($space=~/^(uploaded|editupload)$/) && ($env{'user.name'} eq $name) && |
if (($space=~/^(uploaded|editupload)$/) && ($env{'user.name'} eq $name) && |
| ($env{'user.domain'} eq $domain) && ('portfolio' eq $dir[0])) { |
($env{'user.domain'} eq $domain) && ('portfolio' eq $dir[0])) { |
| my %setters; |
my %setters; |
| my ($startblock,$endblock) = |
my ($startblock,$endblock,$triggerblock,$by_ip,$blockdom) = |
| &Apache::loncommon::blockcheck(\%setters,'port'); |
&Apache::loncommon::blockcheck(\%setters,'port',$clientip); |
| if ($startblock && $endblock) { |
if (($startblock && $endblock) || ($by_ip)) { |
| return 'B'; |
return 'B'; |
| } else { |
} else { |
| return 'F'; |
return 'F'; |
|
Line 7952 sub allowed {
|
Line 7989 sub allowed {
|
| my $adom = $1; |
my $adom = $1; |
| foreach my $key (keys(%env)) { |
foreach my $key (keys(%env)) { |
| if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { |
if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { |
| my ($start,$end) = split('.',$env{$key}); |
my ($start,$end) = split(/\./,$env{$key}); |
| if (($now >= $start) && (!$end || $end < $now)) { |
if (($now >= $start) && (!$end || $end > $now)) { |
| $ownaccess = 1; |
$ownaccess = 1; |
| last; |
last; |
| } |
} |
|
Line 7965 sub allowed {
|
Line 8002 sub allowed {
|
| foreach my $role ('ca','aa') { |
foreach my $role ('ca','aa') { |
| if ($env{"user.role.$role./$adom/$aname"}) { |
if ($env{"user.role.$role./$adom/$aname"}) { |
| my ($start,$end) = |
my ($start,$end) = |
| split('.',$env{"user.role.$role./$adom/$aname"}); |
split(/\./,$env{"user.role.$role./$adom/$aname"}); |
| if (($now >= $start) && (!$end || $end < $now)) { |
if (($now >= $start) && (!$end || $end > $now)) { |
| $ownaccess = 1; |
$ownaccess = 1; |
| last; |
last; |
| } |
} |
|
Line 8231 sub allowed {
|
Line 8268 sub allowed {
|
| # |
# |
| |
|
| # Possibly locked functionality, check all courses |
# Possibly locked functionality, check all courses |
| |
# In roles.tab, L (unless locked) available for bre, pch, plc, pac and sma. |
| # Locks might take effect only after 10 minutes cache expiration for other |
# Locks might take effect only after 10 minutes cache expiration for other |
| # courses, and 2 minutes for current course |
# courses, and 2 minutes for current course, in which user has st or ta role |
| |
# which is neither expired nor a future role (unless current course). |
| |
|
| my $envkey; |
my ($needlockcheck,$now,$crsonly); |
| if ($thisallowed=~/L/) { |
if ($thisallowed=~/L/) { |
| foreach $envkey (keys(%env)) { |
$now = time; |
| |
if ($priv eq 'bre') { |
| |
if ($uri ne '') { |
| |
if ($orguri =~ m{^/+res/}) { |
| |
if ($uri =~ m{^lib/templates/}) { |
| |
if ($env{'request.course.id'}) { |
| |
$crsonly = 1; |
| |
$needlockcheck = 1; |
| |
} |
| |
} else { |
| |
$needlockcheck = 1; |
| |
} |
| |
} elsif ($env{'request.course.id'}) { |
| |
my ($crsdom,$crsnum) = split('_',$env{'request.course.id'}); |
| |
if (($uri =~ m{^(adm|uploaded|public)/$crsdom/$crsnum/}) || |
| |
($uri =~ m{^adm/$match_domain/$match_username/\d+/(smppg|bulletinboard)$})) { |
| |
$crsonly = 1; |
| |
} |
| |
$needlockcheck = 1; |
| |
} |
| |
} |
| |
} elsif (($priv eq 'pch') || ($priv eq 'plc') || ($priv eq 'pac') || ($priv eq 'sma')) { |
| |
$needlockcheck = 1; |
| |
} |
| |
} |
| |
if ($needlockcheck) { |
| |
foreach my $envkey (keys(%env)) { |
| if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { |
if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { |
| my $courseid=$2; |
my $courseid=$2; |
| my $roleid=$1.'.'.$2; |
my $roleid=$1.'.'.$2; |
| $courseid=~s/^\///; |
$courseid=~s/^\///; |
| |
unless ($env{'request.role'} eq $roleid) { |
| |
my ($start,$end) = split(/\./,$env{$envkey}); |
| |
next unless (($now >= $start) && (!$end || $end > $now)); |
| |
} |
| my $expiretime=600; |
my $expiretime=600; |
| if ($env{'request.role'} eq $roleid) { |
if ($env{'request.role'} eq $roleid) { |
| $expiretime=120; |
$expiretime=120; |
|
Line 8263 sub allowed {
|
Line 8332 sub allowed {
|
| } |
} |
| if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) |
if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) |
| || ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { |
|| ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { |
| if ($env{'priv.'.$priv.'.lock.expire'}>time) { |
if ($env{$prefix.'priv.'.$priv.'.lock.expire'}>time) { |
| &log($env{'user.domain'},$env{'user.name'}, |
&log($env{'user.domain'},$env{'user.name'}, |
| $env{'user.home'}, |
$env{'user.home'}, |
| 'Locked by priv: '.$priv.' for '.$uri.' due to '. |
'Locked by priv: '.$priv.' for '.$uri.' due to '. |
|
Line 8480 sub get_commblock_resources {
|
Line 8549 sub get_commblock_resources {
|
| my ($blocks) = @_; |
my ($blocks) = @_; |
| my %blockers = (); |
my %blockers = (); |
| return %blockers unless ($env{'request.course.id'}); |
return %blockers unless ($env{'request.course.id'}); |
| return %blockers if ($env{'user.priv.'.$env{'request.role'}} =~/evb\&([^\:]*)/); |
my $courseurl = &courseid_to_courseurl($env{'request.course.id'}); |
| |
if ($env{'request.course.sec'}) { |
| |
$courseurl .= '/'.$env{'request.course.sec'}; |
| |
} |
| |
return %blockers if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseurl} =~/evb\&([^\:]*)/); |
| my %commblocks; |
my %commblocks; |
| if (ref($blocks) eq 'HASH') { |
if (ref($blocks) eq 'HASH') { |
| %commblocks = %{$blocks}; |
%commblocks = %{$blocks}; |
|
Line 8512 sub get_commblock_resources {
|
Line 8585 sub get_commblock_resources {
|
| } |
} |
| } elsif ($block =~ /^firstaccess____(.+)$/) { |
} elsif ($block =~ /^firstaccess____(.+)$/) { |
| my $item = $1; |
my $item = $1; |
| my @to_test; |
|
| if (ref($commblocks{$block}{'blocks'}) eq 'HASH') { |
if (ref($commblocks{$block}{'blocks'}) eq 'HASH') { |
| if (ref($commblocks{$block}{'blocks'}{'docs'}) eq 'HASH') { |
if (ref($commblocks{$block}{'blocks'}{'docs'}) eq 'HASH') { |
| my @interval; |
my (@interval,$mapname); |
| my $type = 'map'; |
my $type = 'map'; |
| if ($item eq 'course') { |
if ($item eq 'course') { |
| $type = 'course'; |
$type = 'course'; |
|
Line 8524 sub get_commblock_resources {
|
Line 8596 sub get_commblock_resources {
|
| if ($item =~ /___\d+___/) { |
if ($item =~ /___\d+___/) { |
| $type = 'resource'; |
$type = 'resource'; |
| @interval=&EXT("resource.0.interval",$item); |
@interval=&EXT("resource.0.interval",$item); |
| if (ref($navmap)) { |
|
| my $res = $navmap->getBySymb($item); |
|
| push(@to_test,$res); |
|
| } |
|
| } else { |
} else { |
| my $mapsymb = &symbread($item,1); |
$mapname = &deversion($item); |
| if ($mapsymb) { |
if (ref($navmap)) { |
| if (ref($navmap)) { |
my $timelimit = $navmap->get_mapparam(undef,$mapname,'0.interval'); |
| my $mapres = $navmap->getBySymb($mapsymb); |
@interval = ($timelimit,'map'); |
| if (ref($mapres)) { |
|
| my $first = $mapres->map_start(); |
|
| my $finish = $mapres->map_finish(); |
|
| my $it = $navmap->getIterator($first,$finish,undef,0,0); |
|
| if (ref($it)) { |
|
| my $res; |
|
| while ($res = $it->next(undef,1)) { |
|
| next unless (ref($res)); |
|
| my $symb = $res->symb(); |
|
| next if (($symb eq $mapsymb) || ($symb eq '')); |
|
| @interval=&EXT("resource.0.interval",$symb); |
|
| if ($interval[1] eq 'map') { |
|
| if ($res->answerable()) { |
|
| push(@to_test,$res); |
|
| last; |
|
| } |
|
| } |
|
| } |
|
| } |
|
| } |
|
| } |
|
| } |
} |
| } |
} |
| } |
} |
|
Line 8570 sub get_commblock_resources {
|
Line 8617 sub get_commblock_resources {
|
| my $timesup = $first_access+$interval[0]; |
my $timesup = $first_access+$interval[0]; |
| if ($timesup > $now) { |
if ($timesup > $now) { |
| my $activeblock; |
my $activeblock; |
| foreach my $res (@to_test) { |
if ($type eq 'resource') { |
| if ($res->answerable()) { |
if (ref($navmap)) { |
| $activeblock = 1; |
my $res = $navmap->getBySymb($item); |
| last; |
if ($res->answerable()) { |
| |
$activeblock = 1; |
| |
} |
| |
} |
| |
} elsif ($type eq 'map') { |
| |
my $mapsymb = &symbread($mapname,1); |
| |
if (($mapsymb) && (ref($navmap))) { |
| |
my $mapres = $navmap->getBySymb($mapsymb); |
| |
if (ref($mapres)) { |
| |
my $first = $mapres->map_start(); |
| |
my $finish = $mapres->map_finish(); |
| |
my $it = $navmap->getIterator($first,$finish,undef,0,0); |
| |
if (ref($it)) { |
| |
my $res; |
| |
while ($res = $it->next(undef,1)) { |
| |
next unless (ref($res)); |
| |
my $symb = $res->symb(); |
| |
next if (($symb eq $mapsymb) || ($symb eq '')); |
| |
@interval=&EXT("resource.0.interval",$symb); |
| |
if ($interval[1] eq 'map') { |
| |
if ($res->answerable()) { |
| |
$activeblock = 1; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| } |
} |
| } |
} |
| if ($activeblock) { |
if ($activeblock) { |
|
Line 8603 sub has_comm_blocking {
|
Line 8677 sub has_comm_blocking {
|
| my @blockers; |
my @blockers; |
| return unless ($env{'request.course.id'}); |
return unless ($env{'request.course.id'}); |
| return unless ($priv eq 'bre'); |
return unless ($priv eq 'bre'); |
| return if ($env{'user.priv.'.$env{'request.role'}} =~/evb\&([^\:]*)/); |
|
| return if ($env{'request.state'} eq 'construct'); |
return if ($env{'request.state'} eq 'construct'); |
| |
my $courseurl = &courseid_to_courseurl($env{'request.course.id'}); |
| |
if ($env{'request.course.sec'}) { |
| |
$courseurl .= '/'.$env{'request.course.sec'}; |
| |
} |
| |
return if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseurl} =~/evb\&([^\:]*)/); |
| my %blockinfo; |
my %blockinfo; |
| if (ref($blocks) eq 'HASH') { |
if (ref($blocks) eq 'HASH') { |
| %blockinfo = &get_commblock_resources($blocks); |
%blockinfo = &get_commblock_resources($blocks); |
|
Line 11487 sub EXT {
|
Line 11565 sub EXT {
|
| if ( (defined($Apache::lonhomework::parsing_a_problem) |
if ( (defined($Apache::lonhomework::parsing_a_problem) |
| || defined($Apache::lonhomework::parsing_a_task)) |
|| defined($Apache::lonhomework::parsing_a_task)) |
| && |
&& |
| ($symbparm eq &symbread()) ) { |
($symbparm eq &symbread()) ) { |
| # if we are in the middle of processing the resource the |
# if we are in the middle of processing the resource the |
| # get the value we are planning on committing |
# get the value we are planning on committing |
| if (defined($Apache::lonhomework::results{$qualifierrest})) { |
if (defined($Apache::lonhomework::results{$qualifierrest})) { |
|
Line 13408 sub machine_ids {
|
Line 13486 sub machine_ids {
|
| |
|
| sub additional_machine_domains { |
sub additional_machine_domains { |
| my @domains; |
my @domains; |
| open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab"); |
if (-e "$perlvar{'lonTabDir'}/expected_domains.tab") { |
| while( my $line = <$fh>) { |
if (open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab")) { |
| $line =~ s/\s//g; |
while( my $line = <$fh>) { |
| push(@domains,$line); |
chomp($line); |
| |
$line =~ s/\s//g; |
| |
push(@domains,$line); |
| |
} |
| |
close($fh); |
| |
} |
| } |
} |
| return @domains; |
return @domains; |
| } |
} |
|
Line 13492 sub uses_sts {
|
Line 13575 sub uses_sts {
|
| return; |
return; |
| } |
} |
| |
|
| |
sub waf_allssl { |
| |
my ($host_name) = @_; |
| |
my $alias = &get_proxy_alias(); |
| |
if ($host_name eq '') { |
| |
$host_name = $ENV{'SERVER_NAME'}; |
| |
} |
| |
if (($host_name ne '') && ($alias eq $host_name)) { |
| |
my $serverhomedom = &host_domain($perlvar{'lonHostID'}); |
| |
my %defdomdefaults = &get_domain_defaults($serverhomedom); |
| |
if ($defdomdefaults{'waf_sslopt'}) { |
| |
return $defdomdefaults{'waf_sslopt'}; |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| sub get_requestor_ip { |
sub get_requestor_ip { |
| my ($r,$nolookup,$noproxy) = @_; |
my ($r,$nolookup,$noproxy) = @_; |
| my $from_ip; |
my $from_ip; |
| if (ref($r)) { |
if (ref($r)) { |
| $from_ip = $r->get_remote_host($nolookup); |
if ($r->can('useragent_ip')) { |
| |
if ($noproxy && $r->can('client_ip')) { |
| |
$from_ip = $r->client_ip(); |
| |
} else { |
| |
$from_ip = $r->useragent_ip(); |
| |
} |
| |
} elsif ($r->connection->can('remote_ip')) { |
| |
$from_ip = $r->connection->remote_ip(); |
| |
} else { |
| |
$from_ip = $r->get_remote_host($nolookup); |
| |
} |
| } else { |
} else { |
| $from_ip = $ENV{'REMOTE_ADDR'}; |
$from_ip = $ENV{'REMOTE_ADDR'}; |
| } |
} |
| |
return $from_ip if ($noproxy); |
| |
# Who controls proxy settings for server |
| |
my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'}; |
| |
my $proxyinfo = &get_proxy_settings($dom_in_use); |
| |
if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) { |
| |
if ($proxyinfo->{'vpnint'}) { |
| |
if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) { |
| |
return $from_ip; |
| |
} |
| |
} |
| |
if ($proxyinfo->{'trusted'}) { |
| |
if (&ip_match($from_ip,$proxyinfo->{'trusted'})) { |
| |
my $ipheader = $proxyinfo->{'ipheader'}; |
| |
my ($ip,$xfor); |
| |
if (ref($r)) { |
| |
if ($ipheader) { |
| |
$ip = $r->headers_in->{$ipheader}; |
| |
} |
| |
$xfor = $r->headers_in->{'X-Forwarded-For'}; |
| |
} else { |
| |
if ($ipheader) { |
| |
$ip = $ENV{'HTTP_'.uc($ipheader)}; |
| |
} |
| |
$xfor = $ENV{'HTTP_X_FORWARDED_FOR'}; |
| |
} |
| |
if (($ip eq '') && ($xfor ne '')) { |
| |
foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) { |
| |
unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) { |
| |
$ip = $poss_ip; |
| |
last; |
| |
} |
| |
} |
| |
} |
| |
if ($ip ne '') { |
| |
return $ip; |
| |
} |
| |
} |
| |
} |
| |
} |
| return $from_ip; |
return $from_ip; |
| } |
} |
| |
|
| |
sub get_proxy_settings { |
| |
my ($dom_in_use) = @_; |
| |
my %domdefaults = &Apache::lonnet::get_domain_defaults($dom_in_use); |
| |
my $proxyinfo = { |
| |
ipheader => $domdefaults{'waf_ipheader'}, |
| |
trusted => $domdefaults{'waf_trusted'}, |
| |
vpnint => $domdefaults{'waf_vpnint'}, |
| |
vpnext => $domdefaults{'waf_vpnext'}, |
| |
sslopt => $domdefaults{'waf_sslopt'}, |
| |
}; |
| |
return $proxyinfo; |
| |
} |
| |
|
| |
sub ip_match { |
| |
my ($ip,$pattern_str) = @_; |
| |
$ip=Net::CIDR::cidrvalidate($ip); |
| |
if ($ip) { |
| |
return Net::CIDR::cidrlookup($ip,split(/\s*,\s*/,$pattern_str)); |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub get_proxy_alias { |
| |
my ($lonid) = @_; |
| |
if ($lonid eq '') { |
| |
$lonid = $perlvar{'lonHostID'}; |
| |
} |
| |
if (!defined(&hostname($lonid))) { |
| |
return; |
| |
} |
| |
if ($lonid ne '') { |
| |
my ($alias,$cached) = &is_cached_new('proxyalias',$lonid); |
| |
if ($cached) { |
| |
return $alias; |
| |
} |
| |
my $dom = &Apache::lonnet::host_domain($lonid); |
| |
if ($dom ne '') { |
| |
my $cachetime = 60*60*24; |
| |
my %domconfig = |
| |
&Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
| |
$alias = $domconfig{'wafproxy'}{'alias'}{$lonid}; |
| |
} |
| |
} |
| |
return &do_cache_new('proxyalias',$lonid,$alias,$cachetime); |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub use_proxy_alias { |
| |
my ($r,$lonid) = @_; |
| |
my $alias = &get_proxy_alias($lonid); |
| |
if ($alias) { |
| |
my $dom = &host_domain($lonid); |
| |
if ($dom ne '') { |
| |
my $proxyinfo = &get_proxy_settings($dom); |
| |
my ($vpnint,$remote_ip); |
| |
if (ref($proxyinfo) eq 'HASH') { |
| |
$vpnint = $proxyinfo->{'vpnint'}; |
| |
if ($vpnint) { |
| |
$remote_ip = &get_requestor_ip($r,1,1); |
| |
} |
| |
} |
| |
unless ($vpnint && &ip_match($remote_ip,$vpnint)) { |
| |
return $alias; |
| |
} |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub alias_sso { |
| |
my ($lonid) = @_; |
| |
if ($lonid eq '') { |
| |
$lonid = $perlvar{'lonHostID'}; |
| |
} |
| |
if (!defined(&hostname($lonid))) { |
| |
return; |
| |
} |
| |
if ($lonid ne '') { |
| |
my ($use_alias,$cached) = &is_cached_new('proxysaml',$lonid); |
| |
if ($cached) { |
| |
return $use_alias; |
| |
} |
| |
my $dom = &Apache::lonnet::host_domain($lonid); |
| |
if ($dom ne '') { |
| |
my $cachetime = 60*60*24; |
| |
my %domconfig = |
| |
&Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') { |
| |
$use_alias = $domconfig{'wafproxy'}{'saml'}{$lonid}; |
| |
} |
| |
} |
| |
return &do_cache_new('proxysaml',$lonid,$use_alias,$cachetime); |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub get_saml_landing { |
| |
my ($lonid) = @_; |
| |
if ($lonid eq '') { |
| |
my $defdom = &default_login_domain(); |
| |
my @hosts = ¤t_machine_ids(); |
| |
if (@hosts > 1) { |
| |
foreach my $hostid (@hosts) { |
| |
if (&host_domain($hostid) eq $defdom) { |
| |
$lonid = $hostid; |
| |
last; |
| |
} |
| |
} |
| |
} else { |
| |
$lonid = $perlvar{'lonHostID'}; |
| |
} |
| |
if ($lonid) { |
| |
unless (&Apache::lonnet::host_domain($lonid) eq $defdom) { |
| |
return; |
| |
} |
| |
} else { |
| |
return; |
| |
} |
| |
} elsif (!defined(&hostname($lonid))) { |
| |
return; |
| |
} |
| |
my ($landing,$cached) = &is_cached_new('samllanding',$lonid); |
| |
if ($cached) { |
| |
return $landing; |
| |
} |
| |
my $dom = &Apache::lonnet::host_domain($lonid); |
| |
if ($dom ne '') { |
| |
my $cachetime = 60*60*24; |
| |
my %domconfig = |
| |
&Apache::lonnet::get_dom('configuration',['login'],$dom); |
| |
if (ref($domconfig{'login'}) eq 'HASH') { |
| |
if (ref($domconfig{'login'}{'saml'}) eq 'HASH') { |
| |
if (ref($domconfig{'login'}{'saml'}{$lonid}) eq 'HASH') { |
| |
$landing = 1; |
| |
} |
| |
} |
| |
} |
| |
return &do_cache_new('samllanding',$lonid,$landing,$cachetime); |
| |
} |
| |
return; |
| |
} |
| |
|
| # ------------------------------------------------------------- Declutters URLs |
# ------------------------------------------------------------- Declutters URLs |
| |
|
| sub declutter { |
sub declutter { |
|
Line 13640 sub get_dns {
|
Line 13936 sub get_dns {
|
| } |
} |
| while (%alldns) { |
while (%alldns) { |
| my ($dns) = sort { $b cmp $a } keys(%alldns); |
my ($dns) = sort { $b cmp $a } keys(%alldns); |
| my $ua=new LWP::UserAgent; |
my @content; |
| $ua->timeout(30); |
if ($dns eq Sys::Hostname::FQDN::fqdn()) { |
| my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); |
my $command = (split('/',$url))[3]; |
| my $response=$ua->request($request); |
my ($dir,$file) = &parse_getdns_url($command,$url); |
| delete($alldns{$dns}); |
delete($alldns{$dns}); |
| next if ($response->is_error()); |
next if (($dir eq '') || ($file eq '')); |
| my @content = split("\n",$response->content); |
if (open(my $config,'<',"$dir/$file")) { |
| |
@content = <$config>; |
| |
close($config); |
| |
} |
| |
} else { |
| |
my $ua=new LWP::UserAgent; |
| |
$ua->timeout(30); |
| |
my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); |
| |
my $response=$ua->request($request); |
| |
delete($alldns{$dns}); |
| |
next if ($response->is_error()); |
| |
@content = split("\n",$response->content); |
| |
} |
| unless ($nocache) { |
unless ($nocache) { |
| &do_cache_new('dns',$url,\@content,30*24*60*60); |
&do_cache_new('dns',$url,\@content,30*24*60*60); |
| } |
} |
|
Line 13718 sub fetch_dns_checksums {
|
Line 14026 sub fetch_dns_checksums {
|
| return \%checksums; |
return \%checksums; |
| } |
} |
| |
|
| |
sub parse_getdns_url { |
| |
my ($command,$url) = @_; |
| |
my $dir = $perlvar{'lonTabDir'}; |
| |
my $file; |
| |
if ($command eq 'hosts') { |
| |
$file = 'dns_hosts.tab'; |
| |
} elsif ($command eq 'domain') { |
| |
$file = 'dns_domain.tab'; |
| |
} elsif ($command eq 'checksums') { |
| |
my $version = (split('/',$url))[4]; |
| |
$file = "dns_checksums/$version.tab", |
| |
} |
| |
return ($dir,$file); |
| |
} |
| |
|
| # ------------------------------------------------------------ Read domain file |
# ------------------------------------------------------------ Read domain file |
| { |
{ |
| my $loaded; |
my $loaded; |
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl