[LON-CAPA-cvs] cvs: loncom /auth migrateuser.pm
raeburn
raeburn at source.lon-capa.org
Fri Dec 7 18:10:44 EST 2018
raeburn Fri Dec 7 23:10:44 2018 EDT
Modified files:
/loncom/auth migrateuser.pm
Log:
- Verify user can be hosted here.
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.38 loncom/auth/migrateuser.pm:1.39
--- loncom/auth/migrateuser.pm:1.38 Mon Dec 3 23:43:57 2018
+++ loncom/auth/migrateuser.pm Fri Dec 7 23:10:44 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.38 2018/12/03 23:43:57 raeburn Exp $
+# $Id: migrateuser.pm,v 1.39 2018/12/07 23:10:44 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -119,6 +119,48 @@
return \%lti_env;
}
+sub canhost {
+ my ($uname,$udom,$lonhost,$loncaparev) = @_;
+ my $canhost;
+ if (&Apache::lonnet::is_library($lonhost)) {
+ my @possdoms = &Apache::lonnet::current_machine_domains();
+ my %roleshash = &Apache::lonnet::get_my_roles($uname,$udom,'userroles','',['ca','aa'],\@possdoms);
+ if (keys(%roleshash)) {
+ foreach my $key (keys(%roleshash)) {
+ my $audom = (split(/:/,$key))[1];
+ if ((&Apache::lonnet::will_trust('othcoau',$udom,$audom)) &&
+ (&Apache::lonnet::will_trust('coaurem',$audom,$udom))) {
+ $canhost = 1;
+ last;
+ }
+ }
+ }
+ }
+ unless ($canhost) {
+ my $uprimary_id = &Apache::lonnet::domain($udom,'primary');
+ my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
+ my @intdoms;
+ my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
+ if (ref($internet_names) eq 'ARRAY') {
+ @intdoms = @{$internet_names};
+ }
+ if ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/, at intdoms)) {
+ $canhost = 1;
+ } else {
+ my $hostname = &Apache::lonnet::hostname($lonhost);
+ my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname);
+ my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
+ my %defdomdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom);
+ my %udomdefaults = &Apache::lonnet::get_domain_defaults($udom);
+ $canhost =
+ &Apache::lonnet::can_host_session($udom,$lonhost,$loncaparev,
+ $udomdefaults{'remotesessions'},
+ $defdomdefaults{'hostedsessions'});
+ }
+ }
+ return $canhost;
+}
+
sub ip_changed {
my ($r,$udom,$camefrom,$idsref,$dataref) = @_;
&Apache::loncommon::content_type($r,'text/html');
@@ -444,7 +486,7 @@
return $otherserver;
} else {
#FIXME Contents of $data{'dom_balancers'} contains invalid hostID.
- }
+ }
} else {
if ($data{'loncfail'}) {
#FIXME Nowhere to go.
@@ -577,6 +619,14 @@
if ($home eq 'no_host') { return &goto_login($r,$udom,\%data); }
if (&Apache::lonnet::hostname($home) eq '') { return &goto_login($r,$udom,\%data); }
+ unless (grep(/^\Q$home\E$/, at ids)) {
+ my $lonhost = $r->dir_config('lonHostID');
+ my $loncaparev = $r->dir_config('lonVersion');
+ unless (&canhost($data{'username'},$data{'domain'},$lonhost,$loncaparev)) {
+ return &goto_login($r,$udom,\%data);
+ }
+ }
+
my $rolemsg;
if ($data{'role'}) {
$rolemsg = "role: $data{'role'}";
More information about the LON-CAPA-cvs
mailing list