--- loncom/auth/lonauth.pm 2021/12/12 01:48:40 1.121.2.22 +++ loncom/auth/lonauth.pm 2024/10/09 17:56:24 1.121.2.27 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.121.2.22 2021/12/12 01:48:40 raeburn Exp $ +# $Id: lonauth.pm,v 1.121.2.27 2024/10/09 17:56:24 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -29,7 +29,7 @@ package Apache::lonauth; use strict; -use LONCAPA; +use LONCAPA qw(:DEFAULT :match); use Apache::Constants qw(:common); use CGI qw(:standard); use Apache::loncommon(); @@ -41,6 +41,7 @@ use Apache::lonlocal; use Apache::File(); use HTML::Entities; use Digest::MD5; +use CGI::Cookie(); # ------------------------------------------------------------ Successful login sub success { @@ -148,6 +149,27 @@ sub success { } my $windowinfo=&Apache::lonmenu::open($env{'browser.os'}); + if ($env{'environment.remote'} eq 'on') { + my $checkexempt; + if ($env{'user.loadbalexempt'} eq $r->dir_config('lonHostID')) { + if ($env{'user.loadbalcheck.time'} + 600 > time) { + $checkexempt = 1; + } + } + if ($env{'user.noloadbalance'} eq $r->dir_config('lonHostID')) { + $checkexempt = 1; + } + unless (($checkexempt) || + (($destination =~ m{^/adm/switchserver}) && (!$r->is_initial_req()))) { + my ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($env{'user.name'}, + $env{'user.domain'}); + if (($is_balancer) && ($otherserver ne '') && + ($otherserver ne $r->dir_config('lonHostID'))) { + $env{'environment.remote'} = 'off'; + } + } + } my $startupremote=&Apache::lonmenu::startupremote($destination); my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl); my $setflags=&Apache::lonmenu::setflags(); @@ -250,13 +272,6 @@ sub failed { my $firsturl = &Apache::loncommon::cleanup_html($form->{firsturl}); if ($firsturl ne '') { $retry .= (($retry=~/\?/)?'&':'?').'firsturl='.$firsturl; - if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { - unless (exists($form->{linkprot})) { - if (exists($form->{linkkey})) { - $retry .= 'linkkey='.$form->{linkkey}; - } - } - } } } } elsif ($querystr ne '') { @@ -329,7 +344,7 @@ sub handler { $form{'serverid'}); unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || ($tmpinfo eq 'no_such_host')) { - my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo)l + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); $firsturl = &unescape($firsturl); my %info; foreach my $item (@rest) { @@ -406,7 +421,7 @@ sub handler { my ($key,$value) = split(/=/,$item); $form{$key} = &unescape($value); } - my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'}); + my $upass = &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); # ---------------------------------------------------------------- Authenticate @@ -427,9 +442,33 @@ sub handler { # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { - &failed($r,'Username and/or password could not be authenticated.', - \%form); - return OK; + my $pwdverify; + if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') { + my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'}); + if (keys(%possunames) > 0) { + foreach my $rulematch (keys(%possunames)) { + my $possuname = $possunames{$rulematch}; + if (($possuname ne '') && ($possuname =~ /^$match_username$/)) { + $authhost=Apache::lonnet::authenticate($possuname,$upass, + $form{'udom'},undef, + $clientcancheckhost); + if (($authhost eq 'no_host') || ($authhost eq 'no_account_on_host')) { + next; + } elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) { + $pwdverify = 1; + &Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}"); + $form{'uname'} = $possuname; + last; + } + } + } + } + } + unless ($pwdverify) { + &failed($r,'Username and/or password could not be authenticated.', + \%form); + return OK; + } } elsif ($authhost eq 'no_account_on_host') { if ($defaultauth) { my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); @@ -468,9 +507,9 @@ sub handler { $firsturl='/adm/roles'; } - my $hosthere; + my ($hosthere,%sessiondata); if ($form{'iptoken'}) { - my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); if (($sessiondata{'domain'} eq $form{'udom'}) && ($sessiondata{'username'} eq $form{'uname'})) { @@ -817,6 +856,20 @@ sub loginhelpdisplay { return; } +sub alternate_unames_check { + my ($uname,$udom) = @_; + my %possunames; + my %domdefs = &Apache::lonnet::get_domain_defaults($udom); + if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') { + if (@{$domdefs{'unamemap_rule'}} > 0) { + %possunames = + &Apache::lonnet::inst_rulecheck($udom,$uname,undef, + 'unamemap',$domdefs{'unamemap_rule'}); + } + } + return %possunames; +} + 1; __END__