[LON-CAPA-cvs] cvs: loncom /auth migrateuser.pm

raeburn raeburn at source.lon-capa.org
Fri Dec 7 18:10:44 EST 2018


raeburn		Fri Dec  7 23:10:44 2018 EDT

  Modified files:              
    /loncom/auth	migrateuser.pm 
  Log:
  - Verify user can be hosted here.
  
  
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.38 loncom/auth/migrateuser.pm:1.39
--- loncom/auth/migrateuser.pm:1.38	Mon Dec  3 23:43:57 2018
+++ loncom/auth/migrateuser.pm	Fri Dec  7 23:10:44 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.38 2018/12/03 23:43:57 raeburn Exp $
+# $Id: migrateuser.pm,v 1.39 2018/12/07 23:10:44 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -119,6 +119,48 @@
     return \%lti_env;
 }
 
+sub canhost {
+    my ($uname,$udom,$lonhost,$loncaparev) = @_;
+    my $canhost;
+    if (&Apache::lonnet::is_library($lonhost)) {
+        my @possdoms = &Apache::lonnet::current_machine_domains();
+        my %roleshash = &Apache::lonnet::get_my_roles($uname,$udom,'userroles','',['ca','aa'],\@possdoms);
+        if (keys(%roleshash)) {
+            foreach my $key (keys(%roleshash)) {
+                my $audom = (split(/:/,$key))[1];    
+                if ((&Apache::lonnet::will_trust('othcoau',$udom,$audom)) &&
+                    (&Apache::lonnet::will_trust('coaurem',$audom,$udom))) {
+                    $canhost = 1;
+                    last;
+                }
+            }
+        }
+    }
+    unless ($canhost) {
+        my $uprimary_id = &Apache::lonnet::domain($udom,'primary');
+        my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
+        my @intdoms;
+        my $internet_names = &Apache::lonnet::get_internet_names($lonhost);
+        if (ref($internet_names) eq 'ARRAY') {
+            @intdoms = @{$internet_names};
+        }
+        if ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/, at intdoms)) {
+            $canhost = 1;
+        } else {
+            my $hostname = &Apache::lonnet::hostname($lonhost);
+            my $serverhomeID = &Apache::lonnet::get_server_homeID($hostname);
+            my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
+            my %defdomdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom);
+            my %udomdefaults = &Apache::lonnet::get_domain_defaults($udom);
+            $canhost =
+                &Apache::lonnet::can_host_session($udom,$lonhost,$loncaparev,
+                                                  $udomdefaults{'remotesessions'},
+                                                  $defdomdefaults{'hostedsessions'});
+        }
+    }
+    return $canhost;
+}
+
 sub ip_changed {
     my ($r,$udom,$camefrom,$idsref,$dataref) = @_;
     &Apache::loncommon::content_type($r,'text/html');
@@ -444,7 +486,7 @@
                 return $otherserver;
             } else {
                 #FIXME Contents of $data{'dom_balancers'} contains invalid hostID.
-            }  
+            }
         } else {
             if ($data{'loncfail'}) {
                 #FIXME Nowhere to go. 
@@ -577,6 +619,14 @@
     if ($home eq 'no_host') { return &goto_login($r,$udom,\%data); }
     if (&Apache::lonnet::hostname($home) eq '') { return &goto_login($r,$udom,\%data); }
 
+    unless (grep(/^\Q$home\E$/, at ids)) {
+        my $lonhost = $r->dir_config('lonHostID');
+        my $loncaparev = $r->dir_config('lonVersion');
+        unless (&canhost($data{'username'},$data{'domain'},$lonhost,$loncaparev)) {
+            return &goto_login($r,$udom,\%data);
+        }
+    }
+    
     my $rolemsg;
     if ($data{'role'}) {
         $rolemsg = "role: $data{'role'}";




More information about the LON-CAPA-cvs mailing list