version 1.391, 2007/12/25 04:01:57
|
version 1.397, 2008/02/29 21:01:03
|
Line 1514 sub authenticate_handler {
|
Line 1514 sub authenticate_handler {
|
# udom - User's domain. |
# udom - User's domain. |
# uname - Username. |
# uname - Username. |
# upass - User's password. |
# upass - User's password. |
|
# checkdefauth - Pass to validate_user() to try authentication |
|
# with default auth type(s) if no user account. |
|
|
my ($udom,$uname,$upass)=split(/:/,$tail); |
my ($udom, $uname, $upass, $checkdefauth)=split(/:/,$tail); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
chomp($upass); |
chomp($upass); |
$upass=&unescape($upass); |
$upass=&unescape($upass); |
|
|
my $pwdcorrect = &validate_user($udom, $uname, $upass); |
my $pwdcorrect = &validate_user($udom,$uname,$upass,$checkdefauth); |
if($pwdcorrect) { |
if($pwdcorrect) { |
&Reply( $client, "authorized\n", $userinput); |
&Reply( $client, "authorized\n", $userinput); |
# |
# |
Line 2141 sub token_auth_user_file_handler {
|
Line 2143 sub token_auth_user_file_handler {
|
my ($fname, $session) = split(/:/, $tail); |
my ($fname, $session) = split(/:/, $tail); |
|
|
chomp($session); |
chomp($session); |
my $reply="non_auth\n"; |
my $reply="non_auth"; |
my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id'; |
my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id'; |
if (open(ENVIN,"$file")) { |
if (open(ENVIN,"$file")) { |
flock(ENVIN,LOCK_SH); |
flock(ENVIN,LOCK_SH); |
tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640); |
tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640); |
if (exists($disk_env{"userfile.$fname"})) { |
if (exists($disk_env{"userfile.$fname"})) { |
$reply="ok\n"; |
$reply="ok"; |
} else { |
} else { |
foreach my $envname (keys(%disk_env)) { |
foreach my $envname (keys(%disk_env)) { |
if ($envname=~ m|^userfile\.\Q$fname\E|) { |
if ($envname=~ m|^userfile\.\Q$fname\E|) { |
$reply="ok\n"; |
$reply="ok"; |
last; |
last; |
} |
} |
} |
} |
Line 3444 sub dump_course_id_handler {
|
Line 3446 sub dump_course_id_handler {
|
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
|
|
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter, |
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter, |
$typefilter,$regexp_ok,$rtn_as_hash) =split(/:/,$tail); |
$typefilter,$regexp_ok,$rtn_as_hash,$selfenrollonly) =split(/:/,$tail); |
|
my $now = time; |
if (defined($description)) { |
if (defined($description)) { |
$description=&unescape($description); |
$description=&unescape($description); |
} else { |
} else { |
Line 3494 sub dump_course_id_handler {
|
Line 3497 sub dump_course_id_handler {
|
my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT()); |
my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT()); |
if ($hashref) { |
if ($hashref) { |
while (my ($key,$value) = each(%$hashref)) { |
while (my ($key,$value) = each(%$hashref)) { |
my ($unesc_key,$lasttime_key,$lasttime,$is_hash,%val,%unesc_val); |
my ($unesc_key,$lasttime_key,$lasttime,$is_hash,%val, |
|
%unesc_val,$selfenroll_start,$selfenroll_end, |
|
$selfenroll_types); |
$unesc_key = &unescape($key); |
$unesc_key = &unescape($key); |
if ($unesc_key =~ /^lasttime:/) { |
if ($unesc_key =~ /^lasttime:/) { |
next; |
next; |
Line 3513 sub dump_course_id_handler {
|
Line 3518 sub dump_course_id_handler {
|
$unesc_val{'inst_code'} = $items->{'inst_code'}; |
$unesc_val{'inst_code'} = $items->{'inst_code'}; |
$unesc_val{'owner'} = $items->{'owner'}; |
$unesc_val{'owner'} = $items->{'owner'}; |
$unesc_val{'type'} = $items->{'type'}; |
$unesc_val{'type'} = $items->{'type'}; |
|
$selfenroll_types = $items->{'selfenroll_types'}; |
|
$selfenroll_start = $items->{'selfenroll_start_date'}; |
|
$selfenroll_end = $items->{'selfenroll_end_date'}; |
|
if ($selfenrollonly) { |
|
next if (!$selfenroll_types); |
|
if (($selfenroll_start > 0) && ($selfenroll_start > $now)) { |
|
next; |
|
} |
|
if (($selfenroll_end > 0) && ($selfenroll_end <= $now)) { |
|
next; |
|
} |
|
} |
} |
} |
} else { |
} else { |
$is_hash = 0; |
$is_hash = 0; |
Line 4455 sub validate_class_access_handler {
|
Line 4472 sub validate_class_access_handler {
|
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail); |
my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail); |
my @owners = split(/,/,&unescape($ownerlist)); |
my $owners = &unescape($ownerlist); |
my $outcome; |
my $outcome; |
eval { |
eval { |
local($SIG{__DIE__})='DEFAULT'; |
local($SIG{__DIE__})='DEFAULT'; |
$outcome=&localenroll::check_section($inst_class,\@owners,$cdom); |
$outcome=&localenroll::check_section($inst_class,$owners,$cdom); |
}; |
}; |
&Reply($client,\$outcome, $userinput); |
&Reply($client,\$outcome, $userinput); |
|
|
Line 4701 sub get_institutional_id_rules {
|
Line 4718 sub get_institutional_id_rules {
|
} |
} |
®ister_handler("instidrules",\&get_institutional_id_rules,0,1,0); |
®ister_handler("instidrules",\&get_institutional_id_rules,0,1,0); |
|
|
|
sub get_institutional_selfcreate_rules { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my $dom = &unescape($tail); |
|
my (%rules_hash,@rules_order); |
|
my $outcome; |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
$outcome = &localenroll::selfcreate_rules($dom,\%rules_hash,\@rules_order); |
|
}; |
|
if (!$@) { |
|
if ($outcome eq 'ok') { |
|
my $result; |
|
foreach my $key (keys(%rules_hash)) { |
|
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&'; |
|
} |
|
$result =~ s/\&$//; |
|
$result .= ':'; |
|
if (@rules_order > 0) { |
|
foreach my $item (@rules_order) { |
|
$result .= &escape($item).'&'; |
|
} |
|
} |
|
$result =~ s/\&$//; |
|
&Reply($client,\$result,$userinput); |
|
} else { |
|
&Reply($client,"error\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client,"unknown_cmd\n",$userinput); |
|
} |
|
} |
|
®ister_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0); |
|
|
|
|
sub institutional_username_check { |
sub institutional_username_check { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
Line 4760 sub institutional_id_check {
|
Line 4811 sub institutional_id_check {
|
} |
} |
®ister_handler("instidrulecheck",\&institutional_id_check,0,1,0); |
®ister_handler("instidrulecheck",\&institutional_id_check,0,1,0); |
|
|
|
sub institutional_selfcreate_check { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my %rulecheck; |
|
my $outcome; |
|
my ($udom,$email,@rules) = split(/:/,$tail); |
|
$udom = &unescape($udom); |
|
$email = &unescape($email); |
|
@rules = map {&unescape($_);} (@rules); |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
$outcome = &localenroll::selfcreate_check($udom,$email,\@rules,\%rulecheck); |
|
}; |
|
if (!$@) { |
|
if ($outcome eq 'ok') { |
|
my $result=''; |
|
foreach my $key (keys(%rulecheck)) { |
|
$result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&'; |
|
} |
|
&Reply($client,\$result,$userinput); |
|
} else { |
|
&Reply($client,"error\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client,"unknown_cmd\n",$userinput); |
|
} |
|
} |
|
®ister_handler("instselfcreatecheck",\&institutional_selfcreate_check,0,1,0); |
|
|
# Get domain specific conditions for import of student photographs to a course |
# Get domain specific conditions for import of student photographs to a course |
# |
# |
# Retrieves information from photo_permission subroutine in localenroll. |
# Retrieves information from photo_permission subroutine in localenroll. |
Line 5970 sub get_auth_type
|
Line 6050 sub get_auth_type
|
# 0 - The domain,user,password triplet is not a valid user. |
# 0 - The domain,user,password triplet is not a valid user. |
# |
# |
sub validate_user { |
sub validate_user { |
my ($domain, $user, $password) = @_; |
my ($domain, $user, $password, $checkdefauth) = @_; |
|
|
|
|
# Why negative ~pi you may well ask? Well this function is about |
# Why negative ~pi you may well ask? Well this function is about |
# authentication, and therefore very important to get right. |
# authentication, and therefore very important to get right. |
Line 5994 sub validate_user {
|
Line 6073 sub validate_user {
|
|
|
my $null = pack("C",0); # Used by kerberos auth types. |
my $null = pack("C",0); # Used by kerberos auth types. |
|
|
|
if ($howpwd eq 'nouser') { |
|
if ($checkdefauth) { |
|
my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); |
|
if ($domdefaults{'auth_def'} eq 'localauth') { |
|
$howpwd = $domdefaults{'auth_def'}; |
|
$contentpwd = $domdefaults{'auth_arg_def'}; |
|
} elsif ((($domdefaults{'auth_def'} eq 'krb4') || |
|
($domdefaults{'auth_def'} eq 'krb5')) && |
|
($domdefaults{'auth_arg_def'} ne '')) { |
|
$howpwd = $domdefaults{'auth_def'}; |
|
$contentpwd = $domdefaults{'auth_arg_def'}; |
|
} |
|
} |
|
} |
if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
|
|
if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
} |
} |
Line 6046 sub validate_user {
|
Line 6138 sub validate_user {
|
my $credentials= &Authen::Krb5::cc_default(); |
my $credentials= &Authen::Krb5::cc_default(); |
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
.$contentpwd)); |
.$contentpwd)); |
my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient, |
my $krbreturn; |
$krbserver, |
if (exists(&Authen::Krb5::get_init_creds_password)) { |
$password, |
$krbreturn = |
$credentials); |
&Authen::Krb5::get_init_creds_password($krbclient,$password, |
$validated = ($krbreturn == 1); |
$krbservice); |
|
$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); |
|
} else { |
|
$krbreturn = |
|
&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
|
$password,$credentials); |
|
$validated = ($krbreturn == 1); |
|
} |
if (!$validated) { |
if (!$validated) { |
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
&Authen::Krb5::error()); |
&Authen::Krb5::error()); |