[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /auth checkauthen.pm lonacc.pm publiccheck.pm /lonnet/perl lonnet.pm

raeburn raeburn at source.lon-capa.org
Thu Dec 12 21:10:34 EST 2013


raeburn		Fri Dec 13 02:10:34 2013 EDT

  Modified files:              
    /loncom/auth	publiccheck.pm lonacc.pm checkauthen.pm 
    /loncom	loncapa_apache.conf 
    /loncom/lonnet/perl	lonnet.pm 
  Log:
  - Support Apache 2.4
    - PerlAuthenHandler needs to set $r->user() for requests for <Location> 
      directives which include Require valid-user
    - reverse changes in publiccheck.pm rev. 1.20 and 1.21
    - modify changes in lonacc.pm rev. 1.143 and 1.147
    - reverse changes in lonnet.pm rev. 1.1212 and 1.1213, and modify changes 
      in rev. 1.1244 (no longer treating 2.4 as a special case).
  - Apache access logs will now include username (or username:domain if user's
    domain is not server's default domain) for URLs requiring "valid-user",
  - Apache access logs will now include 'public' as requester for image
    files from /res/adm/pages and also domain logos etc. 
  
  
-------------- next part --------------
Index: loncom/auth/publiccheck.pm
diff -u loncom/auth/publiccheck.pm:1.22 loncom/auth/publiccheck.pm:1.23
--- loncom/auth/publiccheck.pm:1.22	Fri Dec 13 01:34:38 2013
+++ loncom/auth/publiccheck.pm	Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: publiccheck.pm,v 1.22 2013/12/13 01:34:38 raeburn Exp $
+# $Id: publiccheck.pm,v 1.23 2013/12/13 02:10:27 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -44,16 +44,10 @@
     my $requrl=$r->uri;
 
     if (&Apache::lonnet::is_domainimage($requrl)) {
-        if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) {
-            $r->user('public');
-        }
         return OK;
     }
 
     if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
-        if (($r->user() eq '') && ($Apache::lonnet::apache >= 2.4)) {
-            $r->user('public');
-        }
         return OK;
     }
 
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.148 loncom/auth/lonacc.pm:1.149
--- loncom/auth/lonacc.pm:1.148	Fri Dec 13 01:41:08 2013
+++ loncom/auth/lonacc.pm	Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.148 2013/12/13 01:41:08 raeburn Exp $
+# $Id: lonacc.pm,v 1.149 2013/12/13 02:10:27 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -264,19 +264,21 @@
 =item sso_login()
 
 	handle the case of the single sign on user, at this point $r->user 
-	will be set and valia;d now need to find the loncapa user info, and possibly
-	balance them. If Apache >= 2.4, $r->user() will also have been set so 
-        $curruser is checked, and if null, this is an SSO case.
-	returns OK if it was a SSO and user was handled
-        undef if not SSO or no means to hanle the user
+	will be set and valid now need to find the loncapa user info, and possibly
+	balance them. If $r->user() is set this means either it was either set by
+        SSO or by checkauthen.pm if a valid cookie was found. The latter case can
+        be identified by the third arg ($usename).
+
+	returns OK if it was SSO and user was handled.
+        returns undef if not SSO or no means to handle the user.
         
 =cut
 
 sub sso_login {
-    my ($r,$handle,$curruser) = @_;
+    my ($r,$handle,$username) = @_;
 
     my $lonidsdir=$r->dir_config('lonIDsDir');
-    if (($r->user eq '') || ($curruser ne '') ||
+    if (($r->user eq '') || ($username ne '') ||
         (defined($env{'user.name'}) && (defined($env{'user.domain'}))
 	  && ($handle ne ''))) {
 	# not an SSO case or already logged in
@@ -405,18 +407,19 @@
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
-    if (&Apache::lonnet::is_domainimage($requrl)) {
+
+    if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
         return OK;
     }
 
-    if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+    if (&Apache::lonnet::is_domainimage($requrl)) {
         return OK;
     }
 
-    my $curruser;
-    my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\$curruser);
+    my %user;
+    my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
 
-    my $result = &sso_login($r,$handle,$curruser);
+    my $result = &sso_login($r,$handle,$user{'name'});
     if (defined($result)) {
 	return $result;
     }
@@ -425,7 +428,7 @@
 
     if ($handle eq '') {
         unless (($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) {
-	    $r->log_reason("Cookie $handle not valid", $r->filename);
+	    $r->log_reason("Cookie not valid", $r->filename);
         }
     } elsif ($handle ne '') {
 
Index: loncom/auth/checkauthen.pm
diff -u loncom/auth/checkauthen.pm:1.13 loncom/auth/checkauthen.pm:1.14
--- loncom/auth/checkauthen.pm:1.13	Wed Apr 18 18:55:06 2012
+++ loncom/auth/checkauthen.pm	Fri Dec 13 02:10:27 2013
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # checks for a cokkie to authenticate a user
 #
-# $Id: checkauthen.pm,v 1.13 2012/04/18 18:55:06 raeburn Exp $
+# $Id: checkauthen.pm,v 1.14 2013/12/13 02:10:27 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -36,7 +36,17 @@
 sub handler {
     my ($r) = @_;
 
+    if ($r->uri() =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) {
+        if ($r->user() eq '') {
+            $r->user('public');
+        }
+        return OK;
+    }
+
     if (&Apache::lonnet::is_domainimage($r->uri)) {
+        if ($r->user() eq '') {
+            $r->user('public');
+        }
         return OK;
     }
 
@@ -55,18 +65,36 @@
     if ($env{'user.name'} eq 'public' 
 	&& $env{'user.domain'} eq 'public') {
 	if ($env{'request.publicaccess'} ) {
+            if ($r->user() eq '') {
+                $r->user('public');
+            }
 	    return OK;
 	} else {
 	    return $fail;
 	}
     }
 
-    my $handle = &Apache::lonnet::check_for_valid_session($r);
+    my %user;
+    my $handle = &Apache::lonnet::check_for_valid_session($r,undef,\%user);
     if ($handle eq '') {
         $handle = $env{'user.environment'};
+        if (($handle ne '') && ($r->user() eq '')) {
+            if ($env{'user.domain'} eq $r->dir_config('lonDefDomain')) {
+                $r->user($env{'user.name'});
+            } else {
+                $r->user($env{'user.name'}.':'.$env{'user.domain'});
+            }
+        }
     }
 
     if ($handle ne '') {
+        if ($r->user() eq '') {
+            if ($user{'domain'} eq $r->dir_config('lonDefDomain')) {
+                $r->user($user{'name'});
+            } else {
+                $r->user($user{'name'}.':'.$user{'domain'});
+            }
+        }
         return OK;
     }
     if (($fail == FORBIDDEN) && ($r->uri eq '/adm/email')) {
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.227 loncom/loncapa_apache.conf:1.228
--- loncom/loncapa_apache.conf:1.227	Sat Dec  7 22:13:27 2013
+++ loncom/loncapa_apache.conf	Fri Dec 13 02:10:30 2013
@@ -2,7 +2,7 @@
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
 
-# $Id: loncapa_apache.conf,v 1.227 2013/12/07 22:13:27 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.228 2013/12/13 02:10:30 raeburn Exp $
 
 #
 # LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -64,7 +64,7 @@
 
 #PerlWarn On
 <LocationMatch "^/+res/adm/pages/[^/]+\.(gif|png)$">
-PerlAuthenHandler	'sub { return OK }' 
+PerlAuthzHandler	'sub { return OK }' 
 </LocationMatch>
 
 # Send proper expires header to avoid unnecessary HTTP request for static content
@@ -416,8 +416,8 @@
 <LocationMatch "^/adm/bombs/">
 AuthType LONCAPA
 Require valid-user
-SetHandler perl-script
 PerlAuthzHandler Apache::lonacc
+SetHandler perl-script
 PerlHandler Apache::lonmeta
 </LocationMatch>
 
@@ -645,8 +645,8 @@
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
 Require valid-user
-SetHandler perl-script
 PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
 PerlHandler Apache::restrictedaccess
 ErrorDocument	  500 /adm/errorhandler
 </Location>
@@ -655,8 +655,8 @@
 PerlAccessHandler      Apache::publiccheck
 AuthType LONCAPA
 Require valid-user
-SetHandler perl-script
 PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
 PerlHandler Apache::blockedaccess
 ErrorDocument     500 /adm/errorhandler
 </Location>
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1244 loncom/lonnet/perl/lonnet.pm:1.1245
--- loncom/lonnet/perl/lonnet.pm:1.1244	Thu Dec  5 05:19:18 2013
+++ loncom/lonnet/perl/lonnet.pm	Fri Dec 13 02:10:33 2013
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1244 2013/12/05 05:19:18 raeburn Exp $
+# $Id: lonnet.pm,v 1.1245 2013/12/13 02:10:33 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -78,7 +78,7 @@
 
 use Encode;
 
-use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir $apache
+use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir
             $_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease
             %managerstab);
 
@@ -606,7 +606,7 @@
 
 # ---------------------------------------------------- Check for valid session 
 sub check_for_valid_session {
-    my ($r,$name,$userref) = @_;
+    my ($r,$name,$userhashref) = @_;
     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
     if ($name eq '') {
         $name = 'lonID';
@@ -637,18 +637,12 @@
 	|| !defined($disk_env{'user.domain'})) {
 	return undef;
     }
-    if ($apache >= 2.4) {
-        if ($r->user() eq '') {
-            if ($disk_env{'user.domain'} eq $r->dir_config('lonDefDomain')) {
-                $r->user($disk_env{'user.name'});
-            } else {
-                $r->user($disk_env{'user.name'}.':'.$disk_env{'user.domain'});
-            }
-        }
-        if (($r->user() ne '') && (ref($userref))) {
-            $$userref = $r->user();
-        }
+
+    if (ref($userhashref) eq 'HASH') {
+        $userhashref->{'name'} = $disk_env{'user.name'};
+        $userhashref->{'domain'} = $disk_env{'user.domain'};
     }
+
     return $handle;
 }
 
@@ -12316,17 +12310,6 @@
 	if ($test != 0) { $_64bit=1; } else { $_64bit=0; }
 	&logthis(" Detected 64bit platform ($_64bit)");
     }
-
-    {
-        eval {
-            ($apache) =
-                (Apache2::ServerUtil::get_server_version() =~ m{Apache/(\d+\.\d+)});
-        };
-        if ($@) {
-           $apache = 1.3;
-        }
-    }
-
 }
 }
 


More information about the LON-CAPA-cvs mailing list