--- loncom/lonnet/perl/lonnet.pm 2021/06/20 19:53:37 1.1172.2.118.2.21 +++ loncom/lonnet/perl/lonnet.pm 2020/01/20 17:48:49 1.1172.2.119 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1172.2.118.2.21 2021/06/20 19:53:37 raeburn Exp $ +# $Id: lonnet.pm,v 1.1172.2.119 2020/01/20 17:48:49 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -125,13 +125,12 @@ our @EXPORT = qw(%env); $logid ++; my $now = time(); my $id=$now.'00000'.$$.'00000'.$logid; - my $ip = &get_requestor_ip(); my $logentry = { $id => { 'exe_uname' => $env{'user.name'}, 'exe_udom' => $env{'user.domain'}, 'exe_time' => $now, - 'exe_ip' => $ip, + 'exe_ip' => $ENV{'REMOTE_ADDR'}, 'delflag' => $delflag, 'logentry' => $storehash, 'uname' => $uname, @@ -264,10 +263,9 @@ sub get_server_loncaparev { if ($caller eq 'loncron') { my $ua=new LWP::UserAgent; $ua->timeout(4); - my $hostname = &hostname($lonhost); my $protocol = $protocol{$lonhost}; $protocol = 'http' if ($protocol ne 'https'); - my $url = $protocol.'://'.$hostname.'/adm/about.html'; + my $url = $protocol.'://'.&hostname($lonhost).'/adm/about.html'; my $request=new HTTP::Request('GET',$url); my $response=$ua->request($request); unless ($response->is_error()) { @@ -955,13 +953,13 @@ sub spareserver { } if (!$want_server_name) { + my $protocol = 'http'; + if ($protocol{$spare_server} eq 'https') { + $protocol = $protocol{$spare_server}; + } if (defined($spare_server)) { my $hostname = &hostname($spare_server); if (defined($hostname)) { - my $protocol = 'http'; - if ($protocol{$spare_server} eq 'https') { - $protocol = $protocol{$spare_server}; - } $spare_server = $protocol.'://'.$hostname; } } @@ -1083,21 +1081,6 @@ sub check_for_balancer_cookie { return ($otherserver,$cookie); } -sub updatebalcookie { - my ($cookie,$balancer,$lastentry)=@_; - if ($cookie =~ /^($match_domain)\_($match_username)\_[a-f0-9]{32}$/) { - my ($udom,$uname) = ($1,$2); - my $uprimary_id = &domain($udom,'primary'); - my $uintdom = &internet_dom($uprimary_id); - my $intdom = &internet_dom($balancer); - my $serverhomedom = &host_domain($balancer); - if (($uintdom ne '') && ($uintdom eq $intdom)) { - return &reply('updatebalcookie:'.&escape($cookie).':'.&escape($lastentry),$balancer); - } - } - return; -} - sub delbalcookie { my ($cookie,$balancer) =@_; if ($cookie =~ /^($match_domain)\_($match_username)\_[a-f0-9]{32}$/) { @@ -1107,7 +1090,7 @@ sub delbalcookie { my $intdom = &internet_dom($balancer); my $serverhomedom = &host_domain($balancer); if (($uintdom ne '') && ($uintdom eq $intdom)) { - return &reply('delbalcookie:'.&escape($cookie),$balancer); + return &reply("delbalcookie:$cookie",$balancer); } } } @@ -1178,28 +1161,6 @@ sub choose_server { return ($login_host,$hostname,$portal_path,$isredirect,$lowest_load); } -sub get_course_sessions { - my ($cnum,$cdom,$lastactivity) = @_; - my %servers = &internet_dom_servers($cdom); - my %returnhash; - foreach my $server (sort(keys(%servers))) { - my $rep = &reply("coursesessions:$cdom:$cnum:$lastactivity",$server); - my @pairs=split(/\&/,$rep); - unless (($rep eq 'unknown_cmd') || ($rep =~ /^error/)) { - foreach my $item (@pairs) { - my ($key,$value)=split(/=/,$item,2); - $key = &unescape($key); - next if ($key =~ /^error: 2 /); - if (exists($returnhash{$key})) { - next if ($value < $returnhash{$key}); - } - $returnhash{$key}=$value; - } - } - } - return %returnhash; -} - # --------------------------------------------- Try to change a user's password sub changepass { @@ -1376,15 +1337,6 @@ sub spare_can_host { $canhost = 0; } } - if ($canhost) { - if (ref($defdomdefaults{'offloadoth'}) eq 'HASH') { - if ($defdomdefaults{'offloadoth'}{$try_server}) { - unless (&shared_institution($udom,$try_server)) { - $canhost = 0; - } - } - } - } if (($canhost) && ($uint_dom)) { my @intdoms; my $internet_names = &get_internet_names($try_server); @@ -1603,7 +1555,7 @@ sub check_loadbalancing { if ($domneedscache) { &do_cache_new('loadbalancing',$domneedscache,$is_balancer,$cachetime); } - if (($is_balancer) && ($caller ne 'switchserver')) { + if ($is_balancer) { my $lowest_load = 30000; if (ref($offloadto) eq 'HASH') { if (ref($offloadto->{'primary'}) eq 'ARRAY') { @@ -1643,9 +1595,9 @@ sub check_loadbalancing { } } } - } - if (($is_balancer) && (!$homeintdom)) { - undef($setcookie); + unless ($homeintdom) { + undef($setcookie); + } } return ($is_balancer,$otherserver,$setcookie); } @@ -1898,21 +1850,7 @@ sub get_dom { } } if ($udom && $uhome && ($uhome ne 'no_host')) { - my $rep; - if (grep { $_ eq $uhome } ¤t_machine_ids()) { - # domain information is hosted on this machine - my $cmd = 'getdom'; - if ($namespace =~ /^enc/) { - $cmd = 'egetdom'; - } - $rep = &LONCAPA::Lond::get_dom("$cmd:$udom:$namespace:$items"); - } else { - if ($namespace =~ /^enc/) { - $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); - } else { - $rep=&reply("getdom:$udom:$namespace:$items",$uhome); - } - } + my $rep=&reply("getdom:$udom:$namespace:$items",$uhome); my %returnhash; if ($rep eq '' || $rep =~ /^error: 2 /) { return %returnhash; @@ -1956,11 +1894,7 @@ sub put_dom { $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&'; } $items=~s/\&$//; - if ($namespace =~ /^enc/) { - return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome); - } else { - return &reply("putdom:$udom:$namespace:$items",$uhome); - } + return &reply("putdom:$udom:$namespace:$items",$uhome); } else { &logthis("put_dom failed - no homeserver and/or domain"); } @@ -2443,9 +2377,6 @@ sub get_domain_defaults { if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') { $domdefaults{'offloadnow'} = $domconfig{'usersessions'}{'offloadnow'}; } - if (ref($domconfig{'usersessions'}{'offloadoth'}) eq 'HASH') { - $domdefaults{'offloadoth'} = $domconfig{'usersessions'}{'offloadoth'}; - } } if (ref($domconfig{'selfenrollment'}) eq 'HASH') { if (ref($domconfig{'selfenrollment'}{'admin'}) eq 'HASH') { @@ -2580,22 +2511,6 @@ sub get_passwdconf { return %passwdconf; } -sub course_portal_url { - my ($cnum,$cdom) = @_; - my $chome = &homeserver($cnum,$cdom); - my $hostname = &hostname($chome); - my $protocol = $protocol{$chome}; - $protocol = 'http' if ($protocol ne 'https'); - my %domdefaults = &get_domain_defaults($cdom); - my $firsturl; - if ($domdefaults{'portal_def'}) { - $firsturl = $domdefaults{'portal_def'}; - } else { - $firsturl = $protocol.'://'.$hostname; - } - return $firsturl; -} - # --------------------------------------------------- Assign a key to a student sub assign_access_key { @@ -3131,27 +3046,6 @@ sub repcopy { } } -# ------------------------------------------------- Unsubscribe from a resource - -sub unsubscribe { - my ($fname) = @_; - my $answer; - if ($fname=~/\/(aboutme|syllabus|bulletinboard|smppg)$/) { return $answer; } - $fname=~s/[\n\r]//g; - my $author=$fname; - $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/; - my ($udom,$uname)=split(/\//,$author); - my $home=homeserver($uname,$udom); - if ($home eq 'no_host') { - $answer = 'no_host'; - } elsif (grep { $_ eq $home } ¤t_machine_ids()) { - $answer = 'home'; - } else { - $answer = reply("unsub:$fname",$home); - } - return $answer; -} - # ------------------------------------------------ Get server side include body sub ssi_body { my ($filelink,%form)=@_; @@ -3278,13 +3172,13 @@ sub remove_stale_resfile { (grep { $_ eq $homeserver } ¤t_machine_ids())) { my $fname = &filelocation('',$url); if (-e $fname) { + my $ua=new LWP::UserAgent; + $ua->timeout(5); + my $protocol = $protocol{$homeserver}; + $protocol = 'http' if ($protocol ne 'https'); my $hostname = &hostname($homeserver); if ($hostname) { - my $protocol = $protocol{$homeserver}; - $protocol = 'http' if ($protocol ne 'https'); my $uri = $protocol.'://'.$hostname.'/raw/'.&declutter($url); - my $ua=new LWP::UserAgent; - $ua->timeout(5); my $request=new HTTP::Request('HEAD',$uri); my $response=$ua->request($request); if ($response->is_success()) { @@ -3310,18 +3204,12 @@ sub remove_stale_resfile { $stale = 1; } if ($stale) { - if (unlink($fname)) { - if ($uri!~/\.meta$/) { - if (-e $fname.'.meta') { - unlink($fname.'.meta'); - } - } - my $unsubresult = &unsubscribe($fname); - unless ($unsubresult eq 'ok') { - &logthis("no unsub of $fname from $homeserver, reason: $unsubresult"); - } - $removed = 1; + unlink($fname); + if ($uri!~/\.meta$/) { + unlink($fname.'.meta'); } + &reply("unsub:$fname",$homeserver); + $removed = 1; } } } @@ -3471,26 +3359,6 @@ sub can_edit_resource { $forceedit = 1; } $cfile = $resurl; - } elsif (($resurl =~ m{^/ext/}) && ($symb ne '')) { - my ($map,$id,$res) = &decode_symb($symb); - if ($map =~ /\.page$/) { - $incourse = 1; - if ($env{'form.forceedit'}) { - $forceview = 1; - $cfile = $map; - } else { - $forceedit = 1; - $cfile = '/adm/wrapper'.$resurl; - } - } - } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) { - $incourse = 1; - if ($env{'form.forceedit'}) { - $forceview = 1; - } else { - $forceedit = 1; - } - $cfile = $resurl; } elsif ($resurl =~ m{^/?adm/viewclasslist$}) { $incourse = 1; if ($env{'form.forceedit'}) { @@ -3515,14 +3383,6 @@ sub can_edit_resource { $forceedit = 1; } $cfile = $resurl; - } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) && ($env{'form.folderpath'} =~ /^supplemental/)) { - $incourse = 1; - if ($env{'form.forceedit'}) { - $forceview = 1; - } else { - $forceedit = 1; - } - $cfile = $resurl; } elsif (($resurl eq '/adm/extresedit') && ($symb || $env{'form.folderpath'})) { $incourse = 1; $forceview = 1; @@ -3532,13 +3392,8 @@ sub can_edit_resource { $cfile = &clutter($res); } else { $cfile = $env{'form.suppurl'}; - my $escfile = &unescape($cfile); - if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}) { - $cfile = '/adm/wrapper'.$escfile; - } else { - $escfile =~ s{^http://}{}; - $cfile = &escape("/adm/wrapper/ext/$escfile"); - } + $cfile =~ s{^http://}{}; + $cfile = '/adm/wrapper/ext/'.$cfile; } } elsif ($resurl =~ m{^/?adm/viewclasslist$}) { if ($env{'form.forceedit'}) { @@ -3785,10 +3640,6 @@ sub clean_filename { # Replace all .\d. sequences with _\d. so they no longer look like version # numbers $fname=~s/\.(\d+)(?=\.)/_$1/g; -# Replace three or more adjacent underscores with one for consistency -# with loncfile::filename_check() so complete url can be extracted by -# lonnet::decode_symb() - $fname=~s/_{3,}/_/g; return $fname; } @@ -4759,11 +4610,7 @@ sub courseacclog { if ($formitem =~ /^HWFILE(?:SIZE|TOOBIG)/) { $what.=':'.$formitem.'='.$env{$key}; } elsif ($formitem !~ /^HWFILE(?:[^.]+)$/) { - if ($formitem eq 'proctorpassword') { - $what.=':'.$formitem.'=' . '*' x length($env{$key}); - } else { - $what.=':'.$formitem.'='.$env{$key}; - } + $what.=':'.$formitem.'='.$env{$key}; } } } @@ -5519,10 +5366,9 @@ my %cachedtimes=(); my $cachedtime=''; sub load_all_first_access { - my ($uname,$udom,$ignorecache)=@_; + my ($uname,$udom)=@_; if (($cachedkey eq $uname.':'.$udom) && - (abs($cachedtime-time)<5) && (!$env{'form.markaccess'}) && - (!$ignorecache)) { + (abs($cachedtime-time)<5) && (!$env{'form.markaccess'})) { return; } $cachedtime=time; @@ -5531,7 +5377,7 @@ sub load_all_first_access { } sub get_first_access { - my ($type,$argsymb,$argmap,$ignorecache)=@_; + my ($type,$argsymb,$argmap)=@_; my ($symb,$courseid,$udom,$uname)=&whichuser(); if ($argsymb) { $symb=$argsymb; } my ($map,$id,$res)=&decode_symb($symb); @@ -5543,7 +5389,7 @@ sub get_first_access { } else { $res=$symb; } - &load_all_first_access($uname,$udom,$ignorecache); + &load_all_first_access($uname,$udom); return $cachedtimes{"$courseid\0$res"}; } @@ -5595,14 +5441,13 @@ sub checkout { my ($symb,$tuname,$tudom,$tcrsid)=@_; my $now=time; my $lonhost=$perlvar{'lonHostID'}; - my $ip = &get_requestor_ip(); my $infostr=&escape( 'CHECKOUTTOKEN&'. $tuname.'&'. $tudom.'&'. $tcrsid.'&'. $symb.'&'. - $now.'&'.$ip); + $now.'&'.$ENV{'REMOTE_ADDR'}); my $token=&reply('tmpput:'.$infostr,$lonhost); if ($token=~/^error\:/) { &logthis("WARNING: ". @@ -5616,7 +5461,7 @@ sub checkout { my %infohash=('resource.0.outtoken' => $token, 'resource.0.checkouttime' => $now, - 'resource.0.outremote' => $ip); + 'resource.0.outremote' => $ENV{'REMOTE_ADDR'}); unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') { return ''; @@ -5647,7 +5492,6 @@ sub checkin { $lonhost=~tr/A-Z/a-z/; my $dtoken=$ta.'_'.&hostname($lonhost).'_'.$tb; $dtoken=~s/\W/\_/g; - my $ip = &get_requestor_ip(); my ($dummy,$tuname,$tudom,$tcrsid,$symb,$chtim,$rmaddr)= split(/\&/,&unescape(&reply('tmpget:'.$dtoken,$lonhost))); @@ -5664,7 +5508,7 @@ sub checkin { my %infohash=('resource.0.intoken' => $token, 'resource.0.checkintime' => $now, - 'resource.0.inremote' => $ip); + 'resource.0.inremote' => $ENV{'REMOTE_ADDR'}); unless (&cstore(\%infohash,$symb,$tcrsid,$tudom,$tuname) eq 'ok') { return ''; @@ -5932,7 +5776,7 @@ sub tmpreset { if (!$domain) { $domain=$env{'user.domain'}; } if (!$stuname) { $stuname=$env{'user.name'}; } if ($domain eq 'public' && $stuname eq 'public') { - $stuname=&get_requestor_ip(); + $stuname=$ENV{'REMOTE_ADDR'}; } my $path=LONCAPA::tempdir(); my %hash; @@ -5969,7 +5813,7 @@ sub tmpstore { if (!$domain) { $domain=$env{'user.domain'}; } if (!$stuname) { $stuname=$env{'user.name'}; } if ($domain eq 'public' && $stuname eq 'public') { - $stuname=&get_requestor_ip(); + $stuname=$ENV{'REMOTE_ADDR'}; } my $now=time; my %hash; @@ -6013,7 +5857,7 @@ sub tmprestore { if (!$domain) { $domain=$env{'user.domain'}; } if (!$stuname) { $stuname=$env{'user.name'}; } if ($domain eq 'public' && $stuname eq 'public') { - $stuname=&get_requestor_ip(); + $stuname=$ENV{'REMOTE_ADDR'}; } my %returnhash; $namespace=~s/\//\_/g; @@ -6069,7 +5913,7 @@ sub store { } if (!$home) { $home=$env{'user.home'}; } - $$storehash{'ip'}=&get_requestor_ip(); + $$storehash{'ip'}=$ENV{'REMOTE_ADDR'}; $$storehash{'host'}=$perlvar{'lonHostID'}; my $namevalue=''; @@ -6105,7 +5949,7 @@ sub cstore { } if (!$home) { $home=$env{'user.home'}; } - $$storehash{'ip'}=&get_requestor_ip(); + $$storehash{'ip'}=$ENV{'REMOTE_ADDR'}; $$storehash{'host'}=$perlvar{'lonHostID'}; my $namevalue=''; @@ -6962,7 +6806,7 @@ sub currentdump { # my %returnhash=(); # - if ($rep eq 'unknown_cmd') { + if ($rep eq "unknown_cmd") { # an old lond will not know currentdump # Do a dump and make it look like a currentdump my @tmp = &dumpstore($courseid,$sdom,$sname,'.'); @@ -7097,8 +6941,7 @@ sub putstore { foreach my $key (keys(%{$storehash})) { $namevalue.=&escape($key).'='.&freeze_escape($storehash->{$key}).'&'; } - my $ip = &get_requestor_ip(); - $namevalue .= 'ip='.&escape($ip). + $namevalue .= 'ip='.&escape($ENV{'REMOTE_ADDR'}). '&host='.&escape($perlvar{'lonHostID'}). '&version='.$esc_v. '&by='.&escape($env{'user.name'}.':'.$env{'user.domain'}); @@ -7879,7 +7722,7 @@ sub customaccess { # ------------------------------------------------- Check for a user privilege sub allowed { - my ($priv,$uri,$symb,$role,$clientip,$noblockcheck,$ignorecache)=@_; + my ($priv,$uri,$symb,$role,$clientip,$noblockcheck)=@_; my $ver_orguri=$uri; $uri=&deversion($uri); my $orguri=$uri; @@ -7896,7 +7739,7 @@ sub allowed { if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; } # Free bre access to adm and meta resources - if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$})) + if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard)$})) || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) && ($priv eq 'bre')) { return 'F'; @@ -8002,8 +7845,8 @@ sub allowed { my $adom = $1; foreach my $key (keys(%env)) { if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { - my ($start,$end) = split(/\./,$env{$key}); - if (($now >= $start) && (!$end || $end > $now)) { + my ($start,$end) = split('.',$env{$key}); + if (($now >= $start) && (!$end || $end < $now)) { $ownaccess = 1; last; } @@ -8015,8 +7858,8 @@ sub allowed { foreach my $role ('ca','aa') { if ($env{"user.role.$role./$adom/$aname"}) { my ($start,$end) = - split(/\./,$env{"user.role.$role./$adom/$aname"}); - if (($now >= $start) && (!$end || $end > $now)) { + split('.',$env{"user.role.$role./$adom/$aname"}); + if (($now >= $start) && (!$end || $end < $now)) { $ownaccess = 1; last; } @@ -8104,7 +7947,7 @@ sub allowed { if ($noblockcheck) { $thisallowed.=$value; } else { - my @blockers = &has_comm_blocking($priv,$symb,$uri,$ignorecache); + my @blockers = &has_comm_blocking($priv,$symb,$uri); if (@blockers > 0) { $thisallowed = 'B'; } else { @@ -8124,7 +7967,7 @@ sub allowed { if ($noblockcheck) { $thisallowed='F'; } else { - my @blockers = &has_comm_blocking($priv,'',$refuri,'',1); + my @blockers = &has_comm_blocking($priv,$symb,$refuri); if (@blockers > 0) { $thisallowed = 'B'; } else { @@ -8143,7 +7986,7 @@ sub allowed { && &is_portfolio_url($uri)) { $thisallowed = &portfolio_access($uri,$clientip); } - + # Full access at system, domain or course-wide level? Exit. if ($thisallowed=~/F/) { return 'F'; @@ -8197,7 +8040,7 @@ sub allowed { if ($noblockcheck) { $thisallowed.=$value; } else { - my @blockers = &has_comm_blocking($priv,$symb,$uri,$ignorecache); + my @blockers = &has_comm_blocking($priv,$symb,$uri); if (@blockers > 0) { $thisallowed = 'B'; } else { @@ -8210,7 +8053,7 @@ sub allowed { $checkreferer=0; } } - + if ($checkreferer) { my $refuri=$env{'httpref.'.$orguri}; unless ($refuri) { @@ -8239,7 +8082,7 @@ sub allowed { if ($noblockcheck) { $thisallowed.=$value; } else { - my @blockers = &has_comm_blocking($priv,'',$refuri,'',1); + my @blockers = &has_comm_blocking($priv,$symb,$refuri); if (@blockers > 0) { $thisallowed = 'B'; } else { @@ -8281,48 +8124,16 @@ sub allowed { # # Possibly locked functionality, check all courses -# In roles.tab, L (unless locked) available for bre, pch, plc, pac and sma. # Locks might take effect only after 10 minutes cache expiration for other -# courses, and 2 minutes for current course, in which user has st or ta role -# which is neither expired nor a future role (unless current course). +# courses, and 2 minutes for current course - my ($needlockcheck,$now,$crsonly); + my $envkey; if ($thisallowed=~/L/) { - $now = time; - if ($priv eq 'bre') { - if ($uri ne '') { - if ($orguri =~ m{^/+res/}) { - if ($uri =~ m{^lib/templates/}) { - if ($env{'request.course.id'}) { - $crsonly = 1; - $needlockcheck = 1; - } - } else { - $needlockcheck = 1; - } - } elsif ($env{'request.course.id'}) { - my ($crsdom,$crsnum) = split('_',$env{'request.course.id'}); - if (($uri =~ m{^(adm|uploaded|public)/$crsdom/$crsnum/}) || - ($uri =~ m{^adm/$match_domain/$match_username/\d+/(smppg|bulletinboard)$})) { - $crsonly = 1; - } - $needlockcheck = 1; - } - } - } elsif (($priv eq 'pch') || ($priv eq 'plc') || ($priv eq 'pac') || ($priv eq 'sma')) { - $needlockcheck = 1; - } - } - if ($needlockcheck) { - foreach my $envkey (keys(%env)) { + foreach $envkey (keys(%env)) { if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { my $courseid=$2; my $roleid=$1.'.'.$2; $courseid=~s/^\///; - unless ($env{'request.role'} eq $roleid) { - my ($start,$end) = split(/\./,$env{$envkey}); - next unless (($now >= $start) && (!$end || $end > $now)); - } my $expiretime=600; if ($env{'request.role'} eq $roleid) { $expiretime=120; @@ -8345,7 +8156,7 @@ sub allowed { } if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) || ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { - if ($env{$prefix.'priv.'.$priv.'.lock.expire'}>time) { + if ($env{'priv.'.$priv.'.lock.expire'}>time) { &log($env{'user.domain'},$env{'user.name'}, $env{'user.home'}, 'Locked by priv: '.$priv.' for '.$uri.' due to '. @@ -8357,7 +8168,7 @@ sub allowed { } } } - + # # Rest of the restrictions depend on selected course # @@ -8515,27 +8326,22 @@ sub constructaccess { # # User for whom data are being temporarily cached. my $cacheduser=''; -# Course for which data are being temporarily cached. -my $cachedcid=''; # Cached blockers for this user (a hash of blocking items). my %cachedblockers=(); # When the data were last cached. my $cachedlast=''; sub load_all_blockers { - my ($uname,$udom)=@_; + my ($uname,$udom,$blocks)=@_; if (($uname ne '') && ($udom ne '')) { if (($cacheduser eq $uname.':'.$udom) && - ($cachedcid eq $env{'request.course.id'}) && (abs($cachedlast-time)<5)) { return; } } $cachedlast=time; $cacheduser=$uname.':'.$udom; - $cachedcid=$env{'request.course.id'}; - %cachedblockers = &get_commblock_resources(); - return; + %cachedblockers = &get_commblock_resources($blocks); } sub get_comm_blocks { @@ -8615,23 +8421,14 @@ sub get_commblock_resources { if ($mapsymb) { if (ref($navmap)) { my $mapres = $navmap->getBySymb($mapsymb); - if (ref($mapres)) { - my $first = $mapres->map_start(); - my $finish = $mapres->map_finish(); - my $it = $navmap->getIterator($first,$finish,undef,0,0); - if (ref($it)) { - my $res; - while ($res = $it->next(undef,1)) { - next unless (ref($res)); - my $symb = $res->symb(); - next if (($symb eq $mapsymb) || ($symb eq '')); - @interval=&EXT("resource.0.interval",$symb); - if ($interval[1] eq 'map') { - if ($res->answerable()) { - push(@to_test,$res); - last; - } - } + @to_test = $mapres->retrieveResources($mapres,undef,0,0,0,1); + foreach my $res (@to_test) { + my $symb = $res->symb(); + next if ($symb eq $mapsymb); + if ($symb ne '') { + @interval=&EXT("resource.0.interval",$symb); + if ($interval[1] eq 'map') { + last; } } } @@ -8639,8 +8436,7 @@ sub get_commblock_resources { } } } - if ($interval[0] =~ /^(\d+)/) { - my $timelimit = $1; + if ($interval[0] =~ /^\d+$/) { my $first_access; if ($type eq 'resource') { $first_access=&get_first_access($interval[1],$item); @@ -8650,7 +8446,7 @@ sub get_commblock_resources { $first_access=&get_first_access($interval[1]); } if ($first_access) { - my $timesup = $first_access+$timelimit; + my $timesup = $first_access+$interval[0]; if ($timesup > $now) { my $activeblock; foreach my $res (@to_test) { @@ -8682,23 +8478,17 @@ sub get_commblock_resources { } sub has_comm_blocking { - my ($priv,$symb,$uri,$ignoresymbdb,$noenccheck,$blocked,$blocks) = @_; + my ($priv,$symb,$uri,$blocks) = @_; my @blockers; return unless ($env{'request.course.id'}); return unless ($priv eq 'bre'); return if ($env{'user.priv.'.$env{'request.role'}} =~/evb\&([^\:]*)/); return if ($env{'request.state'} eq 'construct'); - my %blockinfo; - if (ref($blocks) eq 'HASH') { - %blockinfo = &get_commblock_resources($blocks); - } else { - &load_all_blockers($env{'user.name'},$env{'user.domain'}); - %blockinfo = %cachedblockers; - } - return unless (keys(%blockinfo) > 0); + &load_all_blockers($env{'user.name'},$env{'user.domain'},$blocks); + return unless (keys(%cachedblockers) > 0); my (%possibles,@symbs); if (!$symb) { - $symb = &symbread($uri,1,1,1,\%possibles,$ignoresymbdb,$noenccheck); + $symb = &symbread($uri,1,1,1,\%possibles); } if ($symb) { @symbs = ($symb); @@ -8709,38 +8499,34 @@ sub has_comm_blocking { foreach my $symb (@symbs) { last if ($noblock); my ($map,$resid,$resurl)=&decode_symb($symb); - foreach my $block (keys(%blockinfo)) { + foreach my $block (keys(%cachedblockers)) { if ($block =~ /^firstaccess____(.+)$/) { my $item = $1; - unless ($blocked) { - if (($item eq $map) || ($item eq $symb)) { - $noblock = 1; - last; - } + if (($item eq $map) || ($item eq $symb)) { + $noblock = 1; + last; } } - if (ref($blockinfo{$block}) eq 'HASH') { - if (ref($blockinfo{$block}{'resources'}) eq 'HASH') { - if ($blockinfo{$block}{'resources'}{$symb}) { + if (ref($cachedblockers{$block}) eq 'HASH') { + if (ref($cachedblockers{$block}{'resources'}) eq 'HASH') { + if ($cachedblockers{$block}{'resources'}{$symb}) { unless (grep(/^\Q$block\E$/,@blockers)) { push(@blockers,$block); } } } - if (ref($blockinfo{$block}{'maps'}) eq 'HASH') { - if ($blockinfo{$block}{'maps'}{$map}) { - unless (grep(/^\Q$block\E$/,@blockers)) { - push(@blockers,$block); - } + } + if (ref($cachedblockers{$block}{'maps'}) eq 'HASH') { + if ($cachedblockers{$block}{'maps'}{$map}) { + unless (grep(/^\Q$block\E$/,@blockers)) { + push(@blockers,$block); } } } } } - unless ($noblock) { - return @blockers; - } - return; + return if ($noblock); + return @blockers; } } @@ -9138,25 +8924,6 @@ sub auto_validate_instcode { return ($outcome,$description,$defaultcredits); } -sub auto_validate_inst_crosslist { - my ($cnum,$cdom,$instcode,$inst_xlist,$coowner) = @_; - my ($homeserver,$response); - if (($cdom =~ /^$match_domain$/) && ($cnum =~ /^$match_courseid$/)) { - $homeserver = &homeserver($cnum,$cdom); - } - if (!defined($homeserver)) { - if ($cdom =~ /^$match_domain$/) { - $homeserver = &domain($cdom,'primary'); - } - } - unless (($homeserver eq '') || ($homeserver eq 'no_host')) { - $response=&reply('autovalidateinstcrosslist:'.$cdom.':'. - &escape($instcode).':'.&escape($inst_xlist).':'. - &escape($coowner),$homeserver); - } - return $response; -} - sub auto_create_password { my ($cnum,$cdom,$authparam,$udom) = @_; my ($homeserver,$response); @@ -9428,38 +9195,6 @@ sub auto_validate_class_sec { return $response; } -sub auto_instsec_reformat { - my ($cdom,$action,$instsecref) = @_; - return unless(($action eq 'clutter') || ($action eq 'declutter')); - my @homeservers; - if (defined(&domain($cdom,'primary'))) { - push(@homeservers,&domain($cdom,'primary')); - } else { - my %servers = &get_servers($cdom,'library'); - foreach my $tryserver (keys(%servers)) { - if (!grep(/^\Q$tryserver\E$/,@homeservers)) { - push(@homeservers,$tryserver); - } - } - } - my $response; - my %reformatted = %{$instsecref}; - foreach my $server (@homeservers) { - if (ref($instsecref) eq 'HASH') { - my $info = &freeze_escape($instsecref); - my $response=&reply('autoinstsecreformat:'.$cdom.':'. - $action.':'.$info,$server); - next if ($response =~ /(con_lost|error|no_such_host|refused|unknown_command)/); - my @items = split(/&/,$response); - foreach my $item (@items) { - my ($key,$value) = split(/=/,$item); - $reformatted{&unescape($key)} = &thaw_unescape($value); - } - } - } - return %reformatted; -} - sub auto_validate_instclasses { my ($cdom,$cnum,$owners,$classesref) = @_; my ($homeserver,%validations); @@ -10004,23 +9739,11 @@ sub autoupdate_coowners { if ($domdesign{$cdom.'.autoassign.co-owners'}) { my %coursehash = &coursedescription($cdom.'_'.$cnum); my $instcode = $coursehash{'internal.coursecode'}; - my $xlists = $coursehash{'internal.crosslistings'}; if ($instcode ne '') { if (($start && $start <= $now) && ($end == 0) || ($end > $now)) { unless ($coursehash{'internal.courseowner'} eq $uname.':'.$udom) { my ($delcoowners,@newcoowners,$putresult,$delresult,$coowners); my ($result,$desc) = &auto_validate_instcode($cnum,$cdom,$instcode,$uname.':'.$udom); - unless ($result eq 'valid') { - if ($xlists ne '') { - foreach my $xlist (split(',',$xlists)) { - my ($inst_crosslist,$lcsec) = split(':',$xlist); - $result = - &auto_validate_inst_crosslist($cnum,$cdom,$instcode, - $inst_crosslist,$uname.':'.$udom); - last if ($result eq 'valid'); - } - } - } if ($result eq 'valid') { if ($coursehash{'internal.co-owners'}) { foreach my $coowner (split(',',$coursehash{'internal.co-owners'})) { @@ -10033,15 +9756,17 @@ sub autoupdate_coowners { } else { push(@newcoowners,$uname.':'.$udom); } - } elsif ($coursehash{'internal.co-owners'}) { - foreach my $coowner (split(',',$coursehash{'internal.co-owners'})) { - unless ($coowner eq $uname.':'.$udom) { - push(@newcoowners,$coowner); + } else { + if ($coursehash{'internal.co-owners'}) { + foreach my $coowner (split(',',$coursehash{'internal.co-owners'})) { + unless ($coowner eq $uname.':'.$udom) { + push(@newcoowners,$coowner); + } + } + unless (@newcoowners > 0) { + $delcoowners = 1; + $coowners = ''; } - } - unless (@newcoowners > 0) { - $delcoowners = 1; - $coowners = ''; } } if (@newcoowners || $delcoowners) { @@ -10116,14 +9841,13 @@ sub modifyuserauth { ' in domain '.$env{'request.role.domain'}); my $reply=&reply('encrypt:changeuserauth:'.$udom.':'.$uname.':'.$umode.':'. &escape($upass),$uhome); - my $ip = &get_requestor_ip(); &log($env{'user.domain'},$env{'user.name'},$env{'user.home'}, 'Authentication changed for '.$udom.', '.$uname.', '.$umode. - '(Remote '.$ip.'): '.$reply); + '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply); &log($udom,,$uname,$uhome, 'Authentication changed by '.$env{'user.domain'}.', '. $env{'user.name'}.', '.$umode. - '(Remote '.$ip.'): '.$reply); + '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply); unless ($reply eq 'ok') { &logthis('Authentication mode error: '.$reply); return 'error: '.$reply; @@ -10448,19 +10172,14 @@ sub writecoursepref { sub createcourse { my ($udom,$description,$url,$course_server,$nonstandard,$inst_code, - $course_owner,$crstype,$cnum,$context,$category,$callercontext)=@_; + $course_owner,$crstype,$cnum,$context,$category)=@_; $url=&declutter($url); my $cid=''; if ($context eq 'requestcourses') { my $can_create = 0; my ($ownername,$ownerdom) = split(':',$course_owner); if ($udom eq $ownerdom) { - my $reload; - if (($callercontext eq 'auto') && - ($ownerdom eq $env{'user.domain'}) && ($ownername eq $env{'user.name'})) { - $reload = 'reload'; - } - if (&usertools_access($ownername,$ownerdom,$category,$reload, + if (&usertools_access($ownername,$ownerdom,$category,undef, $context)) { $can_create = 1; } @@ -10644,7 +10363,7 @@ sub store_userdata { if (($uhome eq '') || ($uhome eq 'no_host')) { $result = 'error: no_host'; } else { - $storehash->{'ip'} = &get_requestor_ip(); + $storehash->{'ip'} = $ENV{'REMOTE_ADDR'}; $storehash->{'host'} = $perlvar{'lonHostID'}; my $namevalue=''; @@ -11469,7 +11188,7 @@ sub get_userresdata { # Parameters: # $name - Course/user name. # $domain - Name of the domain the user/course is registered on. -# $type - Type of thing $name is (must be 'course' or 'user') +# $type - Type of thing $name is (must be 'course' or 'user' # @which - Array of names of resources desired. # Returns: # The value of the first reasource in @which that is found in the @@ -11490,47 +11209,11 @@ sub resdata { foreach my $item (@which) { if (defined($result->{$item->[0]})) { return [$result->{$item->[0]},$item->[1]]; - } + } } return undef; } -sub get_domain_lti { - my ($cdom,$context) = @_; - my ($name,%lti); - if ($context eq 'consumer') { - $name = 'ltitools'; - } elsif ($context eq 'provider') { - $name = 'lti'; - } else { - return %lti; - } - my ($result,$cached)=&is_cached_new($name,$cdom); - if (defined($cached)) { - if (ref($result) eq 'HASH') { - %lti = %{$result}; - } - } else { - my %domconfig = &get_dom('configuration',[$name],$cdom); - if (ref($domconfig{$name}) eq 'HASH') { - %lti = %{$domconfig{$name}}; - my %encdomconfig = &get_dom('encconfig',[$name],$cdom); - if (ref($encdomconfig{$name}) eq 'HASH') { - foreach my $id (keys(%lti)) { - if (ref($encdomconfig{$name}{$id}) eq 'HASH') { - foreach my $item ('key','secret') { - $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item}; - } - } - } - } - } - my $cachetime = 24*60*60; - &do_cache_new($name,$cdom,\%lti,$cachetime); - } - return %lti; -} - sub get_numsuppfiles { my ($cnum,$cdom,$ignorecache)=@_; my $hashid=$cnum.':'.$cdom; @@ -11986,7 +11669,7 @@ sub metadata { # if it is a non metadata possible uri return quickly if (($uri eq '') || (($uri =~ m|^/*adm/|) && - ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard|ext\.tool)$})) || + ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard)$})) || ($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ m{^/*uploaded/.+\.sequence$})) { return undef; } @@ -12573,16 +12256,18 @@ sub symbverify { if (tie(%bighash,'GDBM_File',$env{'request.course.fn'}.'.db', &GDBM_READER(),0640)) { + my $noclutter; if (($thisurl =~ m{^/adm/wrapper/ext/}) || ($thisurl =~ m{^ext/})) { $thisurl =~ s/\?.+$//; if ($map =~ m{^uploaded/.+\.page$}) { $thisurl =~ s{^(/adm/wrapper|)/ext/}{http://}; $thisurl =~ s{^\Qhttp://https://\E}{https://}; + $noclutter = 1; } } my $ids; - if ($map =~ m{^uploaded/.+\.page$}) { - $ids=$bighash{'ids_'.&clutter_with_no_wrapper($thisurl)}; + if ($noclutter) { + $ids=$bighash{'ids_'.$thisurl}; } else { $ids=$bighash{'ids_'.&clutter($thisurl)}; } @@ -12682,16 +12367,13 @@ sub deversion { # ------------------------------------------------------ Return symb list entry sub symbread { - my ($thisfn,$donotrecurse,$ignorecachednull,$checkforblock,$possibles, - $ignoresymbdb,$noenccheck)=@_; + my ($thisfn,$donotrecurse,$ignorecachednull,$checkforblock,$possibles)=@_; my $cache_str='request.symbread.cached.'.$thisfn; if (defined($env{$cache_str})) { - unless (ref($possibles) eq 'HASH') { - if ($ignorecachednull) { - return $env{$cache_str} unless ($env{$cache_str} eq ''); - } else { - return $env{$cache_str}; - } + if ($ignorecachednull) { + return $env{$cache_str} unless ($env{$cache_str} eq ''); + } else { + return $env{$cache_str}; } } # no filename provided? try from environment @@ -12720,18 +12402,10 @@ sub symbread { if ($targetfn =~ m|^adm/wrapper/(ext/.*)|) { $targetfn=$1; } - unless ($ignoresymbdb) { - if (tie(%hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db', - &GDBM_READER(),0640)) { - $syval=$hash{$targetfn}; - untie(%hash); - } - if ($syval && $checkforblock) { - my @blockers = &has_comm_blocking('bre',$syval,$thisfn,$ignoresymbdb,$noenccheck); - if (@blockers) { - $syval=''; - } - } + if (tie(%hash,'GDBM_File',$env{'request.course.fn'}.'_symb.db', + &GDBM_READER(),0640)) { + $syval=$hash{$targetfn}; + untie(%hash); } # ---------------------------------------------------------- There was an entry if ($syval) { @@ -12764,18 +12438,13 @@ sub symbread { $syval=&encode_symb($bighash{'map_id_'.$mapid}, $resid,$thisfn); if (ref($possibles) eq 'HASH') { - unless ($bighash{'randomout_'.$ids} || $env{'request.role.adv'}) { - $possibles->{$syval} = 1; - } + $possibles->{$syval} = 1; } if ($checkforblock) { - unless ($bighash{'randomout_'.$ids} || $env{'request.role.adv'}) { - my @blockers = &has_comm_blocking('bre',$syval,$bighash{'src_'.$ids},'',$noenccheck); - if (@blockers) { - $syval = ''; - untie(%bighash); - return $env{$cache_str}=''; - } + my @blockers = &has_comm_blocking('bre',$syval,$bighash{'src_'.$ids}); + if (@blockers) { + $syval = ''; + return; } } } elsif ((!$donotrecurse) || ($checkforblock) || (ref($possibles) eq 'HASH')) { @@ -12794,13 +12463,12 @@ sub symbread { if ($bighash{'map_type_'.$mapid} ne 'page') { my $poss_syval=&encode_symb($bighash{'map_id_'.$mapid}, $resid,$thisfn); - next if ($bighash{'randomout_'.$id} && !$env{'request.role.adv'}); - next unless (($noenccheck) || ($bighash{'encrypted_'.$id} eq $env{'request.enc'})); + if (ref($possibles) eq 'HASH') { + $possibles->{$syval} = 1; + } if ($checkforblock) { - my @blockers = &has_comm_blocking('bre',$poss_syval,$file,'',$noenccheck); - if (@blockers > 0) { - $syval = ''; - } else { + my @blockers = &has_comm_blocking('bre',$poss_syval,$file); + unless (@blockers > 0) { $syval = $poss_syval; $realpossible++; } @@ -12808,11 +12476,6 @@ sub symbread { $syval = $poss_syval; $realpossible++; } - if ($syval) { - if (ref($possibles) eq 'HASH') { - $possibles->{$syval} = 1; - } - } } } } @@ -13350,10 +13013,9 @@ sub repcopy_userfile { my $request; $uri=~s/^\///; my $homeserver = &homeserver($cnum,$cdom); - my $hostname = &hostname($homeserver); my $protocol = $protocol{$homeserver}; $protocol = 'http' if ($protocol ne 'https'); - $request=new HTTP::Request('GET',$protocol.'://'.$hostname.'/raw/'.$uri); + $request=new HTTP::Request('GET',$protocol.'://'.&hostname($homeserver).'/raw/'.$uri); my $response=$ua->request($request,$transferfile); # did it work? if ($response->is_error()) { @@ -13377,10 +13039,9 @@ sub tokenwrapper { $file=~s|(\?\.*)*$||; &appenv({"userfile.$udom/$uname/$file" => $env{'request.course.id'}}); my $homeserver = &homeserver($uname,$udom); - my $hostname = &hostname($homeserver); my $protocol = $protocol{$homeserver}; $protocol = 'http' if ($protocol ne 'https'); - return $protocol.'://'.$hostname.'/'.$uri. + return $protocol.'://'.&hostname($homeserver).'/'.$uri. (($uri=~/\?/)?'&':'?').'token='.$token. '&tokenissued='.$perlvar{'lonHostID'}; } else { @@ -13396,10 +13057,9 @@ sub getuploaded { my ($reqtype,$uri,$cdom,$cnum,$info,$rtncode) = @_; $uri=~s/^\///; my $homeserver = &homeserver($cnum,$cdom); - my $hostname = &hostname($homeserver); my $protocol = $protocol{$homeserver}; $protocol = 'http' if ($protocol ne 'https'); - $uri = $protocol.'://'.$hostname.'/raw/'.$uri; + $uri = $protocol.'://'.&hostname($homeserver).'/raw/'.$uri; my $ua=new LWP::UserAgent; my $request=new HTTP::Request($reqtype,$uri); my $response=$ua->request($request); @@ -13554,12 +13214,9 @@ sub default_login_domain { } sub shared_institution { - my ($dom,$lonhost) = @_; - if ($lonhost eq '') { - $lonhost = $perlvar{'lonHostID'}; - } + my ($dom) = @_; my $same_intdom; - my $hostintdom = &internet_dom($lonhost); + my $hostintdom = &internet_dom($perlvar{'lonHostID'}); if ($hostintdom ne '') { my %iphost = &get_iphost(); my $primary_id = &domain($dom,'primary'); @@ -13577,56 +13234,6 @@ sub shared_institution { return $same_intdom; } -sub uses_sts { - my ($ignore_cache) = @_; - my $lonhost = $perlvar{'lonHostID'}; - my $hostname = &hostname($lonhost); - my $sts_on; - if ($protocol{$lonhost} eq 'https') { - my $cachetime = 12*3600; - if (!$ignore_cache) { - ($sts_on,my $cached)=&is_cached_new('stspolicy',$lonhost); - if (defined($cached)) { - return $sts_on; - } - } - my $ua=new LWP::UserAgent; - my $url = $protocol{$lonhost}.'://'.$hostname.'/index.html'; - my $request=new HTTP::Request('HEAD',$url); - my $response=$ua->request($request); - if ($response->is_success) { - my $has_sts = $response->header('Strict-Transport-Security'); - if ($has_sts eq '') { - $sts_on = 0; - } else { - if ($has_sts =~ /\Qmax-age=\E(\d+)/) { - my $maxage = $1; - if ($maxage) { - $sts_on = 1; - } else { - $sts_on = 0; - } - } else { - $sts_on = 0; - } - } - return &do_cache_new('stspolicy',$lonhost,$sts_on,$cachetime); - } - } - return; -} - -sub get_requestor_ip { - my ($r,$nolookup,$noproxy) = @_; - my $from_ip; - if (ref($r)) { - $from_ip = $r->get_remote_host($nolookup); - } else { - $from_ip = $ENV{'REMOTE_ADDR'}; - } - return $from_ip; -} - # ------------------------------------------------------------- Declutters URLs sub declutter { @@ -13677,8 +13284,6 @@ sub clutter { # &logthis("Got a blank emb style"); } } - } elsif ($thisfn =~ m{^/adm/$match_domain/$match_courseid/\d+/ext\.tool$}) { - $thisfn='/adm/wrapper'.$thisfn; } return $thisfn; }