loncom/auth/lonauth.pm - diff

Return to lonauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonauth.pm between versions 1.64 and 1.81

version 1.64, 2005/02/07 20:33:04	version 1.81, 2006/08/30 16:50:23
Line 25	Line 25
#	#
# http://www.lon-capa.org/	# http://www.lon-capa.org/
#	#
# 5/21/99,5/22,5/25,5/26,5/27,5/29,6/2,6/11,6/14,6/15
# 16/11,12/16,
# 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5,6/29,
# 7/1,7/10,10/2,10/5,10/9,10/26,10/30,11/10,
# 05/28,05/29 Gerd Kortemeyer
# 07/28,08/03 Gerd Kortemeyer
# 8/20 Gerd Kortemeyer

package Apache::lonauth;	package Apache::lonauth;

use strict;	use strict;
	use LONCAPA;
use Apache::Constants qw(:common);	use Apache::Constants qw(:common);
use Apache::File;
use CGI qw(:standard);	use CGI qw(:standard);
use CGI::Cookie();	use CGI::Cookie();
use DynaLoader; # for Crypt::DES version	use DynaLoader; # for Crypt::DES version
use Crypt::DES;	use Crypt::DES;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonnet();	use Apache::lonnet;
use Apache::lonmenu();	use Apache::lonmenu();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use Apache::lonlocal;	use Apache::lonlocal;
Line 53 my %FORM;	Line 46 my %FORM;
# ------------------------------------------------------------ Successful login	# ------------------------------------------------------------ Successful login

sub success {	sub success {
my ($r, $username, $domain, $authhost,$lowerurl) = @_;	my ($r, $username, $domain, $authhost, $lowerurl, $extra_env) = @_;
my $lonids=$r->dir_config('lonIDsDir');	my $lonids=$r->dir_config('lonIDsDir');

	my $public=($username eq 'public' && $domain eq 'public');

# See if old ID present, if so, remove	# See if old ID present, if so, remove

my $filename;	my ($filename,$cookie,$userroles);
opendir(DIR,$lonids);	my $now=time;
while ($filename=readdir(DIR)) {
if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
unlink($lonids.'/'.$filename);
}
}
closedir(DIR);

# Give them a new cookie	if ($public) {
	my $max_public=100;
	my $oldest;
	my $oldest_time=0;
	for(my $next=1;$next<=$max_public;$next++) {
	if (-e $lonids."/publicuser_$next.id") {
	my $mtime=(stat($lonids."/publicuser_$next.id"))[9];
	if ($mtime<$oldest_time \|\| !$oldest_time) {
	$oldest_time=$mtime;
	$oldest=$next;
	}
	} else {
	$cookie="publicuser_$next";
	last;
	}
	}
	if (!$cookie) { $cookie="publicuser_$oldest"; }
	} else {
	opendir(DIR,$lonids);
	while ($filename=readdir(DIR)) {
	if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
	unlink($lonids.'/'.$filename);
	}
	}
	closedir(DIR);

my $cookie;	# Give them a new cookie
my $now=time;
$cookie="$username\_$now\_$domain\_$authhost";

	$cookie="$username\_$now\_$domain\_$authhost";

# Initialize roles	# Initialize roles

my $userroles=Apache::lonnet::rolesinit($domain,$username,$authhost);	$userroles=&Apache::lonnet::rolesinit($domain,$username,$authhost);
	}
# ------------------------------------ Check browser type and MathML capability	# ------------------------------------ Check browser type and MathML capability

my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml,	my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml,
Line 96 sub success {	Line 109 sub success {
}	}
# ------------------------------------------------------------- Get environment	# ------------------------------------------------------------- Get environment

my $userenv;
my %userenv=Apache::lonnet::dump('environment',$domain,$username);	my %userenv=Apache::lonnet::dump('environment',$domain,$username);
my ($tmp) = keys(%userenv);	my ($tmp) = keys(%userenv);
if ($tmp !~ /^(con_lost\|error\|no_such_host)/i) {	if ($tmp !~ /^(con_lost\|error\|no_such_host)/i) {
foreach my $key (keys(%userenv)) {	# default remote control to off
$userenv.="environment.$key=$userenv{$key}\n";	if ($userenv{'remote'} ne 'on') { $userenv{'remote'} = 'off'; }
}	} else {
	undef(%userenv);
}	}
if (($userenv{'interface'}) && (!$FORM{'interface'})) {	if (($userenv{'interface'}) && (!$FORM{'interface'})) {
$FORM{'interface'}=$userenv{'interface'};	$FORM{'interface'}=$userenv{'interface'};
}	}
$ENV{'environment.remote'}=$userenv{'remote'};	$env{'environment.remote'}=$userenv{'remote'};
	if ($userenv{'texengine'} eq 'ttm') { $clientmathml=1; }

# --------------- Do not trust query string to be put directly into environment	# --------------- Do not trust query string to be put directly into environment
foreach ('imagesuppress','appletsuppress',	foreach ('imagesuppress','appletsuppress',
'embedsuppress','fontenhance','blackwhite',	'embedsuppress','fontenhance','blackwhite',
Line 117 sub success {	Line 132 sub success {
# --------------------------------------------------------- Write first profile	# --------------------------------------------------------- Write first profile

{	{
my $idf=Apache::File->new(">$lonids/$cookie.id");	my %initial_env =
unless (flock($idf,LOCK_EX)) {	("user.name" => $username,
&Apache::lonnet::logthis("<font color=blue>WARNING: ".	"user.domain" => $domain,
'Could not obtain exclusive lock in lonauth: '.$!);	"user.home" => $authhost,
$idf->close();	"browser.type" => $clientbrowser,
return 'error: '.$!;	"browser.version" => $clientversion,
}	"browser.mathml" => $clientmathml,
if ($userenv ne '') { print $idf "$userenv\n"; }	"browser.unicode" => $clientunicode,
print $idf "user.name=$username\n";	"browser.os" => $clientos,
print $idf "user.domain=$domain\n";	"server.domain" => $r->dir_config('lonDefDomain'),
print $idf "user.home=$authhost\n";	"request.course.fn" => '',
print $idf "browser.type=$clientbrowser\n";	"request.course.uri" => '',
print $idf "browser.version=$clientversion\n";	"request.course.sec" => '',
print $idf "browser.mathml=$clientmathml\n";	"request.role" => 'cm',
print $idf "browser.unicode=$clientunicode\n";	"request.role.adv" => $env{'user.adv'},
print $idf "browser.os=$clientos\n";	"request.host" => $ENV{'REMOTE_ADDR'},);

if ($FORM{'localpath'}) {	if ($FORM{'localpath'}) {
print $idf "browser.localpath=$FORM{'localpath'}\n";	$initial_env{"browser.localpath"} = $FORM{'localpath'};
print $idf "browser.localres=$FORM{'localres'}\n";	$initial_env{"browser.localres"} = $FORM{'localres'};
}	}
print $idf "request.course.fn=\n";
print $idf "request.course.uri=\n";	if ($public) {
print $idf "request.course.sec=\n";	$initial_env{"environment.remote"} = "off";
print $idf "request.role=cm\n";	}
print $idf "request.role.adv=$ENV{'user.adv'}\n";
print $idf "request.host=$ENV{'REMOTE_ADDR'}\n";
if ($FORM{'interface'}) {	if ($FORM{'interface'}) {
$FORM{'interface'}=~s/\W//gs;	$FORM{'interface'}=~s/\W//gs;
print $idf "browser.interface=$FORM{'interface'}\n";	$initial_env{"browser.interface"} = $FORM{'interface'};
$ENV{'browser.interface'}=$FORM{'interface'};	$env{'browser.interface'}=$FORM{'interface'};
foreach ('imagesuppress','appletsuppress',	foreach my $option ('imagesuppress','appletsuppress',
'embedsuppress','fontenhance','blackwhite') {	'embedsuppress','fontenhance','blackwhite') {
if (($FORM{$_} eq 'true') \|\|	if (($FORM{$option} eq 'true') \|\|
($userenv{$_} eq 'on')) {	($userenv{$option} eq 'on')) {
print $idf "browser.$_=on\n";	$initial_env{"browser.$option"} = "on";
}	}
}	}
}	}
if ($userroles ne '') { print $idf "$userroles"; }
$idf->close();	$env{'user.environment'} = "$lonids/$cookie.id";
}	open(my $idf,">$lonids/$cookie.id");
$ENV{'request.role'}='cm';	unless (flock($idf,LOCK_EX)) {
$ENV{'request.role.adv'}=$ENV{'user.adv'};	&Apache::lonnet::logthis("<font color=blue>WARNING: ".
$ENV{'browser.type'}=$clientbrowser;	'Could not obtain exclusive lock in lonauth: '.$!);
	close($idf);
	return 'error: '.$!;
	}

	&add_to_env($idf,\%initial_env);
	&add_to_env($idf,\%userenv);
	&add_to_env($idf,$userroles);
	&add_to_env($idf,$extra_env);
	close($idf);
	}
	$env{'request.role'}='cm';
	$env{'request.role.adv'}=$env{'user.adv'};
	$env{'browser.type'}=$clientbrowser;
# -------------------------------------------------------------------- Log this	# -------------------------------------------------------------------- Log this

&Apache::lonnet::log($domain,$username,$authhost,	&Apache::lonnet::log($domain,$username,$authhost,
Line 177 sub success {	Line 204 sub success {

# ------------------------------------------------------------ Get cookie ready	# ------------------------------------------------------------ Get cookie ready

	if ($public or $lowerurl eq 'noredirect') { return $cookie; }

$cookie="lonID=$cookie; path=/";	$cookie="lonID=$cookie; path=/";
# -------------------------------------------------------- Menu script and info	# -------------------------------------------------------- Menu script and info
my $windowinfo=&Apache::lonmenu::open($clientos);	my $windowinfo=&Apache::lonmenu::open($clientos);
Line 184 sub success {	Line 213 sub success {
my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);	my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
my $setflags=&Apache::lonmenu::setflags();	my $setflags=&Apache::lonmenu::setflags();
my $maincall=&Apache::lonmenu::maincall();	my $maincall=&Apache::lonmenu::maincall();
my $bodytag=&Apache::loncommon::bodytag('Successful Login');	my $start_page=&Apache::loncommon::start_page('Successful Login',
my $add=&addcontent();	$startupremote,
	{'no_inline_link' => 1,});
	my $end_page =&Apache::loncommon::end_page();

my $continuelink;	my $continuelink;
if (($ENV{'browser.interface'} eq 'textual') \|\|	if (($env{'browser.interface'} eq 'textual') \|\|
($ENV{'environment.remote'} eq 'off')) {	($env{'environment.remote'} eq 'off')) {
$continuelink="<a href=\"$lowerurl\">".&mt('Continue')."</a>";	$continuelink="<a href=\"$lowerurl\">".&mt('Continue')."</a>";
}	}
# ------------------------------------------------- Output for successful login	# ------------------------------------------------- Output for successful login

$r->send_cgi_header(<<ENDHEADER);	&Apache::loncommon::content_type($r,'text/html');
Content-type: text/html$add	$r->header_out('Set-cookie' => $cookie);
Set-cookie: $cookie	$r->send_http_header;

ENDHEADER
my %lt=&Apache::lonlocal::texthash(	my %lt=&Apache::lonlocal::texthash(
'wel' => 'Welcome',	'wel' => 'Welcome',
'mes' => 'Welcome to the Learning<i>Online</i> Network with CAPA. Please wait while your session is being set up',	'mes' => 'Welcome to the Learning<i>Online</i> Network with CAPA. Please wait while your session is being set up',
Line 205 ENDHEADER	Line 236 ENDHEADER
'log' => 'loginproblems.html',	'log' => 'loginproblems.html',
);	);
$r->print(<<ENDSUCCESS);	$r->print(<<ENDSUCCESS);
<html>	$start_page
<head>
<title>Successful Login to the LearningOnline Network with CAPA</title>
$startupremote
</head>
$bodytag
$setflags	$setflags
$windowinfo	$windowinfo
<h1>$lt{'wel'}</h1>	<h1>$lt{'wel'}</h1>
Line 219 $lt{'mes'}.<p>	Line 245 $lt{'mes'}.<p>
$remoteinfo	$remoteinfo
$maincall	$maincall
$continuelink	$continuelink
</body>	$end_page
</html>
ENDSUCCESS	ENDSUCCESS
}	}

	sub add_to_env {
	my ($idf,$env_data) = @_;
	@env{keys(%$env_data)} = @$env_data{keys(%$env_data)};
	while (my ($key,$value) = each(%$env_data)) {
	print $idf (&escape($key).'='.&escape($value)."\n");
	}
	}

# --------------------------------------------------------------- Failed login!	# --------------------------------------------------------------- Failed login!

sub failed {	sub failed {
my ($r,$message) = @_;	my ($r,$message) = @_;
my $bodytag=&Apache::loncommon::bodytag('Unsuccessful Login');	my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,
my $add=&addcontent();	{'no_inline_link' => 1,});
$r->send_cgi_header(<<ENDFHEADER);	my $end_page = &Apache::loncommon::end_page();
Content-type: text/html$add
	my %lt=('sorry' => &mt('Sorry ...'),
	'please' =>
	&mt('Please [_1]log in again[_2].',
	"<a href=\"/adm/login?username=$FORM{'uname'}&domain=$FORM{'udom'}\">",
	'</a>'),
	'problemspage' => &mt('loginproblems.html'),
	'problems' => 'Problems',
	);
	&Apache::loncommon::content_type($r,'text/html');
	$r->send_http_header;

ENDFHEADER
$r->print(<<ENDFAILED);	$r->print(<<ENDFAILED);
<html>	$start_page
<head>	<h1>$lt{'sorry'}</h1>
<title>Unsuccessful Login to the LearningOnline Network with CAPA</title>
</head>
$bodytag
<h1>Sorry ...</h1>
<p><b>$message</b></p>	<p><b>$message</b></p>
<p>Please <a href="/adm/login?username=$FORM{'uname'}&domain=$FORM{'udom'}">log in again</a>.</p>	<p>$lt{'please'}</p>
<p>	<p>
<a href="/adm/loginproblems.html">Problems?</a></p>	<a href="/adm/$lt{'problemspage'}">$lt{'problems'}</a></p>
</body>	$end_page
</html>
ENDFAILED	ENDFAILED
}	}

# --------------------------------------------------------------------- Charset

sub addcontent {
my $encoding=&Apache::lonlocal::current_encoding;
if ($encoding) {
return '; charset='.$encoding;
} else {
return '';
}
}

# ------------------------------------------------------------------ Rerouting!	# ------------------------------------------------------------------ Rerouting!

sub reroute {	sub reroute {
my $r=shift;	my ($r) = @_;
my $bodytag=&Apache::loncommon::bodytag('Rerouting');	&Apache::loncommon::content_type($r,'text/html');
$r->send_cgi_header(<<ENDRFHEADER);	$r->send_http_header;
Content-type: text/html	my $msg='<h1>Sorry ...</h1>
	Please <a href="/">log in again</a>.';
ENDRFHEADER	&Apache::loncommon::simple_error_page($r,'Rerouting',$msg);
$r->print(<<ENDRFAILED);
<html>
<head>
<title>Rerouting Login to the LearningOnline Network with CAPA</title>
</head>
$bodytag
<h1>Sorry ...</h1>
Please <a href="/">log in again</a>.
</body>
</html>
ENDRFAILED
}	}

# ---------------------------------------------------------------- Main handler	# ---------------------------------------------------------------- Main handler
Line 306 sub handler {	Line 321 sub handler {
my $lonidsdir=$r->dir_config('lonIDsDir');	my $lonidsdir=$r->dir_config('lonIDsDir');
if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {	if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
# Indeed, a valid token is found	# Indeed, a valid token is found
$r->send_cgi_header(<<ENDFHEADER);	&Apache::loncommon::content_type($r,'text/html');
Content-type: text/html	$r->send_http_header;
	my $start_page =
ENDFHEADER	&Apache::loncommon::start_page('Already logged in');
my $bodytag=&Apache::loncommon::bodytag('Already logged in');	my $end_page =
	&Apache::loncommon::end_page();
$r->print(<<ENDFAILED);	$r->print(<<ENDFAILED);
<html>	$start_page
<head>
<title>Already logged in</title>
</head>
$bodytag
<h1>You are already logged in</h1>	<h1>You are already logged in</h1>
<p>Please either <a href="/adm/roles">continue the current session</a> or	<p>Please either <a href="/adm/roles">continue the current session</a> or
<a href="/adm/logout">logout</a>.</p>	<a href="/adm/logout">logout</a>.</p>
<p>	<p>
<a href="/adm/loginproblems.html">Problems?</a></p>	<a href="/adm/loginproblems.html">Problems?</a></p>
</body>	$end_page
</html>
ENDFAILED	ENDFAILED
return OK;	return OK;
}	}
Line 345 ENDFAILED	Line 356 ENDFAILED
$FORM{$name}=$value;	$FORM{$name}=$value;
}	}

if ((!$FORM{'uname'}) \|\| (!$FORM{'upass'}) \|\| (!$FORM{'udom'})) {	if ((!$FORM{'uname'}) \|\| (!$FORM{'upass0'}) \|\| (!$FORM{'udom'})) {
failed($r,'Username, password and domain need to be specified.');	failed($r,'Username, password and domain need to be specified.');
return OK;	return OK;
}	}
Line 370 ENDFAILED	Line 381 ENDFAILED
failed($r,'Information needed to verify your login information is missing, inaccessible or expired.');	failed($r,'Information needed to verify your login information is missing, inaccessible or expired.');
return OK;	return OK;
} else {	} else {
unless (&Apache::lonnet::reply('tmpdel:'.$FORM{'logtoken'},	my $reply = &Apache::lonnet::reply('tmpdel:'.$FORM{'logtoken'},
$FORM{'serverid'}) eq 'ok') {	$FORM{'serverid'});
	if ( $reply ne 'ok' ) {
&failed($r,'Session could not be opened.');	&failed($r,'Session could not be opened.');
	&Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $FORM{'serverid'}." to get login token");
	return OK;
}	}
}	}
my ($key,$firsturl)=split(/&/,$tmpinfo);	my ($key,$firsturl)=split(/&/,$tmpinfo);
Line 386 ENDFAILED	Line 400 ENDFAILED
else {	else {
$cipher=new DES $keybin;	$cipher=new DES $keybin;
}	}
	my $upass='';
	for (my $i=0;$i<=2;$i++) {
	my $chunk=
	$cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},0,16))));

my $upass=$cipher->decrypt(	$chunk.=
unpack("a8",pack("H16",substr($FORM{'upass'},0,16))));	$cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},16,16))));

$upass.=$cipher->decrypt(
unpack("a8",pack("H16",substr($FORM{'upass'},16,16))));

$upass=substr($upass,1,ord(substr($upass,0,1)));	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
	$upass.=$chunk;
	}

# ---------------------------------------------------------------- Authenticate	# ---------------------------------------------------------------- Authenticate
my $authhost=Apache::lonnet::authenticate($FORM{'uname'},	my $authhost=Apache::lonnet::authenticate($FORM{'uname'},
Line 433 ENDFAILED	Line 450 ENDFAILED
&Apache::lonnet::logthis('Non-privileged user attempting switch user');	&Apache::lonnet::logthis('Non-privileged user attempting switch user');
}	}
}	}
&success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl);	if ($r->dir_config("lonBalancer") eq 'yes') {
	&success($r,$FORM{'uname'},$FORM{'udom'},$authhost,'noredirect');
	$r->internal_redirect('/adm/switchserver');
	} else {
	&success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl);
	}
return OK;	return OK;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.64
changed lines
	Added in v.1.81