[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm

raeburn raeburn at source.lon-capa.org
Sun Sep 27 21:31:42 EDT 2020


raeburn		Mon Sep 28 01:31:42 2020 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/auth	lonacc.pm 
  Log:
  - For 2.11
    Backport 1.179
  
  
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.10 loncom/auth/lonacc.pm:1.159.2.11
--- loncom/auth/lonacc.pm:1.159.2.10	Sat May  2 20:39:07 2020
+++ loncom/auth/lonacc.pm	Mon Sep 28 01:31:42 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.10 2020/05/02 20:39:07 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.11 2020/09/28 01:31:42 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -435,6 +435,22 @@
     return undef;
 }
 
+sub needs_symb_check {
+    my ($requrl) = @_;
+    $requrl=~/\.(\w+)$/;
+    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+        ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
+        ($requrl=~/^\/adm\/wrapper\//) ||
+        ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
+        ($requrl=~m|\.problem/smpedit$|) ||
+        ($requrl=~/^\/public\/.*\/syllabus$/) ||
+        ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
+        ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
+        return 1;
+    }
+    return;
+}
+
 sub handler {
     my $r = shift;
     my $requrl=$r->uri;
@@ -594,7 +610,37 @@
 	my $now = time;
 	if ($requrl !~ m{^/(?:adm|public|(?:prt|zip)spool)/}
 	    || $requrl =~ /^\/adm\/.*\/(smppg|bulletinboard)(\?|$ )/x) {
-	    my $access=&Apache::lonnet::allowed('bre',$requrl);
+            my ($access,$poss_symb);
+            if (($env{'request.course.id'}) && (!$suppext) && (&needs_symb_check($requrl))) {
+                unless ($env{'form.symb'}) {
+                    if ($r->args) {
+                        &Apache::loncommon::get_unprocessed_cgi($r->args,['symb']);
+                    }
+                }
+                if ($env{'form.symb'}) {
+                    $poss_symb=&Apache::lonnet::symbclean($env{'form.symb'});
+                }
+                if ($poss_symb) {
+                    my ($possmap,$resid,$url)=&Apache::lonnet::decode_symb($poss_symb);
+                    $url = &Apache::lonnet::clutter($url);
+                    unless (($url eq $requrl) && (&Apache::lonnet::is_on_map($possmap))) {
+                        undef($poss_symb);
+                    }
+                    if ($poss_symb) {
+                        if ((!$env{'request.role.adv'}) && ($env{'acc.randomout'}) &&
+                            ($env{'acc.randomout'}=~/\&\Q$poss_symb\E\&/)) {
+                            undef($poss_symb);
+                        }
+                    }
+                }
+                if ($poss_symb) {
+                    $access=&Apache::lonnet::allowed('bre',$requrl,$poss_symb);
+                } else {
+                    $access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1);
+                }
+            } else {
+                $access=&Apache::lonnet::allowed('bre',$requrl);
+            }
             if ($handle eq '') {
                 unless ($access eq 'F') {
                     if ($requrl =~ m{^/res/$match_domain/$match_username/}) {
@@ -611,6 +657,14 @@
 		return OK;
 	    }
             if ($access eq 'B') {
+                if ($poss_symb) {
+                    if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) {
+                        $requrl = $1;
+                    }
+                    if (&Apache::lonnet::symbverify($poss_symb,$requrl)) {
+                        $env{'request.symb'} = $poss_symb;
+                    }
+                }
                 &Apache::blockedaccess::setup_handler($r);
                 return OK;
             }
@@ -670,16 +724,8 @@
 # ------------------------------------------------------------- This is allowed
 	if ($env{'request.course.id'}) {
 	    &Apache::lonnet::countacc($requrl);
-	    $requrl=~/\.(\w+)$/;
             my $query=$r->args;
-	    if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
-		($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) ||
-		($requrl=~/^\/adm\/wrapper\//) ||
-		($requrl=~m|^/adm/coursedocs/showdoc/|) ||
-		($requrl=~m|\.problem/smpedit$|) ||
-		($requrl=~/^\/public\/.*\/syllabus$/) ||
-                ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) ||
-                ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) {
+            if (&needs_symb_check($requrl)) {
 # ------------------------------------- This is serious stuff, get symb and log
 		my $symb;
 		if ($query) {
@@ -724,13 +770,38 @@
                     }
                     unless ($suppext) {
 		        $symb=&Apache::lonnet::symbread($requrl);
-		        if (&Apache::lonnet::is_on_map($requrl) && $symb &&
-			    !&Apache::lonnet::symbverify($symb,$requrl)) {
-			    $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
-			    $env{'user.error.msg'}=
-			        "$requrl:bre:1:1:Invalid Access";
-			    return HTTP_NOT_ACCEPTABLE; 
-		        }
+                        if (&Apache::lonnet::is_on_map($requrl) && $symb) {
+                            my ($encstate,$invalidsymb);
+                            unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
+                                $invalidsymb = 1;
+                                #
+                                # If $env{'request.enc'} is true, but no encryption for $symb retrieved
+                                # by original lonnet::symbread() call, call again to check for an instance
+                                # of $requrl in the course which has encryption, and set that as the symb.
+                                # If there is no such symb, or symbverify() fails for the new symb proceed
+                                # to report invalid symb.
+                                #
+                                if ($env{'request.enc'} && !$encstate) {
+                                    my %possibles;
+                                    my $nocache = 1;
+                                    $symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
+                                    if ($symb) {
+                                        if (&Apache::lonnet::symbverify($symb,$requrl)) {
+                                            $invalidsymb = '';
+                                        }
+                                    } elsif (keys(%possibles) > 1) {
+                                        $r->internal_redirect('/adm/ambiguous');
+                                        return OK;
+                                    }
+                                }
+                                if ($invalidsymb) {
+                                    $r->log_reason('Invalid symb for '.$requrl.': '.$symb);
+                                    $env{'user.error.msg'}=
+                                        "$requrl:bre:1:1:Invalid Access";
+                                    return HTTP_NOT_ACCEPTABLE;
+                                }
+                            }
+                        }
 		        if ($symb) {
 			    my ($map,$mid,$murl)=
 			        &Apache::lonnet::decode_symb($symb);
@@ -748,6 +819,9 @@
 		    }
 		}
 		$env{'request.symb'}=$symb;
+                if (($env{'request.symbread.cached.'}) && ($env{'request.symbread.cached.'} ne $symb)) {
+                    $env{'request.symbread.cached.'} = $symb;
+                }
 		&Apache::lonnet::courseacclog($symb);
 	    } else {
 # ------------------------------------------------------- This is other content




More information about the LON-CAPA-cvs mailing list