[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /auth checkauthen.pm lonacc.pm publiccheck.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Thu Dec 12 21:10:34 EST 2013
raeburn Fri Dec 13 02:10:34 2013 EDT
Modified files:
/loncom/auth publiccheck.pm lonacc.pm checkauthen.pm
/loncom loncapa_apache.conf
/loncom/lonnet/perl lonnet.pm
Log:
- Support Apache 2.4
- PerlAuthenHandler needs to set $r->user() for requests for <Location>
directives which include Require valid-user
- reverse changes in publiccheck.pm rev. 1.20 and 1.21
- modify changes in lonacc.pm rev. 1.143 and 1.147
- reverse changes in lonnet.pm rev. 1.1212 and 1.1213, and modify changes
in rev. 1.1244 (no longer treating 2.4 as a special case).
- Apache access logs will now include username (or username:domain if user's
domain is not server's default domain) for URLs requiring "valid-user",
- Apache access logs will now include 'public' as requester for image
files from /res/adm/pages and also domain logos etc.
-------------- next part --------------
Index: loncom/auth/publiccheck.pm
diff -u loncom/auth/publiccheck.pm:1.22 loncom/auth/publiccheck.pm:1.23
--- loncom/auth/publiccheck.pm:1.22 Fri Dec 13 01:34:38 2013
+++ loncom/auth/publiccheck.pm Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: publiccheck.pm,v 1.22 2013/12/13 01:34:38 raeburn Exp $
+# $Id: publiccheck.pm,v 1.23 2013/12/13 02:10:27 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -44,16 +44,10 @@
my $requrl=$r->uri;
if (&Apache::lonnet::is_domainimage($requrl)) {
- if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) {
- $r->user('public');
- }
return OK;
}
if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
- if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) {
- $r->user('public');
- }
return OK;
}
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.148 loncom/auth/lonacc.pm:1.149
--- loncom/auth/lonacc.pm:1.148 Fri Dec 13 01:41:08 2013
+++ loncom/auth/lonacc.pm Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.148 2013/12/13 01:41:08 raeburn Exp $
+# $Id: lonacc.pm,v 1.149 2013/12/13 02:10:27 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -264,19 +264,21 @@
=item sso_login()
handle the case of the single sign on user, at this point $r->user
- will be set and valia;d now need to find the loncapa user info, and possibly
- balance them. If Apache >= 2.4, $r->user() will also have been set so
- $curruser is checked, and if null, this is an SSO case.
- returns OK if it was a SSO and user was handled
- undef if not SSO or no means to hanle the user
+ will be set and valid now need to find the loncapa user info, and possibly
+ balance them. If $r->user() is set this means either it was either set by
+ SSO or by checkauthen.pm if a valid cookie was found. The latter case can
+ be identified by the third arg ($usename).
+
+ returns OK if it was SSO and user was handled.
+ returns undef if not SSO or no means to handle the user.
=cut
sub sso_login {
- my ($r,$handle,$curruser) = @_;
+ my ($r,$handle,$username) = @_;
my $lonidsdir=$r->dir_config('lonIDsDir');
- if (($r->user eq '') || ($curruser ne '') ||
+ if (($r->user eq '') || ($username ne '') ||
(defined($env{'user.name'}) && (defined($env{'user.domain'}))
&& ($handle ne ''))) {
# not an SSO case or already logged in
@@ -405,18 +407,19 @@
sub handler {
my $r = shift;
my $requrl=$r->uri;
- if (&Apache::lonnet::is_domainimage($requrl)) {
+
+ if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
return OK;
}
- if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+ if (&Apache::lonnet::is_domainimage($requrl)) {
return OK;
}
- my $curruser;
- my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\$curruser);
+ my %user;
+ my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
- my $result = &sso_login($r,$handle,$curruser);
+ my $result = &sso_login($r,$handle,$user{'name'});
if (defined($result)) {
return $result;
}
@@ -425,7 +428,7 @@
if ($handle eq '') {
unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
- $r->log_reason("Cookie $handle not valid", $r->filename);
+ $r->log_reason("Cookie not valid", $r->filename);
}
} elsif ($handle ne '') {
Index: loncom/auth/checkauthen.pm
diff -u loncom/auth/checkauthen.pm:1.13 loncom/auth/checkauthen.pm:1.14
--- loncom/auth/checkauthen.pm:1.13 Wed Apr 18 18:55:06 2012
+++ loncom/auth/checkauthen.pm Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
# The LearningOnline Network
# checks for a cokkie to authenticate a user
#
-# $Id: checkauthen.pm,v 1.13 2012/04/18 18:55:06 raeburn Exp $
+# $Id: checkauthen.pm,v 1.14 2013/12/13 02:10:27 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -36,7 +36,17 @@
sub handler {
my ($r) = @_;
+ if ($r->uri() =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+ if ($r->user() eq '') {
+ $r->user('public');
+ }
+ return OK;
+ }
+
if (&Apache::lonnet::is_domainimage($r->uri)) {
+ if ($r->user() eq '') {
+ $r->user('public');
+ }
return OK;
}
@@ -55,18 +65,36 @@
if ($env{'user.name'} eq 'public'
&& $env{'user.domain'} eq 'public') {
if ($env{'request.publicaccess'} ) {
+ if ($r->user() eq '') {
+ $r->user('public');
+ }
return OK;
} else {
return $fail;
}
}
- my $handle = &Apache::lonnet::check_for_valid_session($r);
+ my %user;
+ my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
if ($handle eq '') {
$handle = $env{'user.environment'};
+ if (($handle ne '') && ($r->user() eq '')) {
+ if ($env{'user.domain'} eq $r->dir_config('lonDefDomain')) {
+ $r->user($env{'user.name'});
+ } else {
+ $r->user($env{'user.name'}.':'.$env{'user.domain'});
+ }
+ }
}
if ($handle ne '') {
+ if ($r->user() eq '') {
+ if ($user{'domain'} eq $r->dir_config('lonDefDomain')) {
+ $r->user($user{'name'});
+ } else {
+ $r->user($user{'name'}.':'.$user{'domain'});
+ }
+ }
return OK;
}
if (($fail == FORBIDDEN) && ($r->uri eq '/adm/email')) {
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.227 loncom/loncapa_apache.conf:1.228
--- loncom/loncapa_apache.conf:1.227 Sat Dec 7 22:13:27 2013
+++ loncom/loncapa_apache.conf Fri Dec 13 02:10:30 2013
@@ -2,7 +2,7 @@
## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
##
-# $Id: loncapa_apache.conf,v 1.227 2013/12/07 22:13:27 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.228 2013/12/13 02:10:30 raeburn Exp $
#
# LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -64,7 +64,7 @@
#PerlWarn On
<LocationMatch "^/+res/adm/pages/[^/]+\.(gif|png)$">
-PerlAuthenHandler 'sub { return OK }'
+PerlAuthzHandler 'sub { return OK }'
</LocationMatch>
# Send proper expires header to avoid unnecessary HTTP request for static content
@@ -416,8 +416,8 @@
<LocationMatch "^/adm/bombs/">
AuthType LONCAPA
Require valid-user
-SetHandler perl-script
PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
PerlHandler Apache::lonmeta
</LocationMatch>
@@ -645,8 +645,8 @@
PerlAccessHandler Apache::publiccheck
AuthType LONCAPA
Require valid-user
-SetHandler perl-script
PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
PerlHandler Apache::restrictedaccess
ErrorDocument 500 /adm/errorhandler
</Location>
@@ -655,8 +655,8 @@
PerlAccessHandler Apache::publiccheck
AuthType LONCAPA
Require valid-user
-SetHandler perl-script
PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
PerlHandler Apache::blockedaccess
ErrorDocument 500 /adm/errorhandler
</Location>
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1244 loncom/lonnet/perl/lonnet.pm:1.1245
--- loncom/lonnet/perl/lonnet.pm:1.1244 Thu Dec 5 05:19:18 2013
+++ loncom/lonnet/perl/lonnet.pm Fri Dec 13 02:10:33 2013
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1244 2013/12/05 05:19:18 raeburn Exp $
+# $Id: lonnet.pm,v 1.1245 2013/12/13 02:10:33 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -78,7 +78,7 @@
use Encode;
-use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir $apache
+use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir
$_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease
%managerstab);
@@ -606,7 +606,7 @@
# ---------------------------------------------------- Check for valid session
sub check_for_valid_session {
- my ($r,$name,$userref) = @_;
+ my ($r,$name,$userhashref) = @_;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
if ($name eq '') {
$name = 'lonID';
@@ -637,18 +637,12 @@
|| !defined($disk_env{'user.domain'})) {
return undef;
}
- if ($apache >= 2.4) {
- if ($r->user() eq '') {
- if ($disk_env{'user.domain'} eq $r->dir_config('lonDefDomain')) {
- $r->user($disk_env{'user.name'});
- } else {
- $r->user($disk_env{'user.name'}.':'.$disk_env{'user.domain'});
- }
- }
- if (($r->user() ne '') && (ref($userref))) {
- $$userref = $r->user();
- }
+
+ if (ref($userhashref) eq 'HASH') {
+ $userhashref->{'name'} = $disk_env{'user.name'};
+ $userhashref->{'domain'} = $disk_env{'user.domain'};
}
+
return $handle;
}
@@ -12316,17 +12310,6 @@
if ($test != 0) { $_64bit=1; } else { $_64bit=0; }
&logthis(" Detected 64bit platform ($_64bit)");
}
-
- {
- eval {
- ($apache) =
- (Apache2::ServerUtil::get_server_version() =~ m{Apache/(\d+\.\d+)});
- };
- if ($@) {
- $apache = 1.3;
- }
- }
-
}
}
More information about the LON-CAPA-cvs
mailing list