version 1.435, 2010/01/02 23:56:06
|
version 1.461, 2010/10/26 09:46:23
|
Line 42 use Crypt::IDEA;
|
Line 42 use Crypt::IDEA;
|
use LWP::UserAgent(); |
use LWP::UserAgent(); |
use Digest::MD5 qw(md5_hex); |
use Digest::MD5 qw(md5_hex); |
use GDBM_File; |
use GDBM_File; |
use Authen::Krb4; |
|
use Authen::Krb5; |
use Authen::Krb5; |
use localauth; |
use localauth; |
use localenroll; |
use localenroll; |
Line 54 use LONCAPA::lonssl;
|
Line 53 use LONCAPA::lonssl;
|
use Fcntl qw(:flock); |
use Fcntl qw(:flock); |
use Apache::lonnet; |
use Apache::lonnet; |
|
|
my $DEBUG = 0; # Non zero to enable debug log entries. |
my $DEBUG = 1; # Non zero to enable debug log entries. |
|
|
my $status=''; |
my $status=''; |
my $lastlog=''; |
my $lastlog=''; |
Line 67 my $currentdomainid;
|
Line 66 my $currentdomainid;
|
my $client; |
my $client; |
my $clientip; # IP address of client. |
my $clientip; # IP address of client. |
my $clientname; # LonCAPA name of client. |
my $clientname; # LonCAPA name of client. |
my $clientversion; # LonCAPA version running on client |
my $clientversion; # LonCAPA version running on client. |
|
my $clienthomedom; # LonCAPA domain of homeID for client. |
|
# primary library server. |
|
|
my $server; |
my $server; |
|
|
Line 976 sub read_profile {
|
Line 977 sub read_profile {
|
&GDBM_READER()); |
&GDBM_READER()); |
if ($hashref) { |
if ($hashref) { |
my @queries=split(/\&/,$what); |
my @queries=split(/\&/,$what); |
|
if ($namespace eq 'roles') { |
|
@queries = map { &unescape($_); } @queries; |
|
} |
my $qresult=''; |
my $qresult=''; |
|
|
for (my $i=0;$i<=$#queries;$i++) { |
for (my $i=0;$i<=$#queries;$i++) { |
Line 1069 sub pong_handler {
|
Line 1073 sub pong_handler {
|
# Implicit Inputs: |
# Implicit Inputs: |
# $currenthostid - Global variable that carries the name of the host |
# $currenthostid - Global variable that carries the name of the host |
# known as. |
# known as. |
# $clientname - Global variable that carries the name of the hsot we're connected to. |
# $clientname - Global variable that carries the name of the host we're connected to. |
# Returns: |
# Returns: |
# 1 - Ok to continue processing. |
# 1 - Ok to continue processing. |
# 0 - Program should exit. |
# 0 - Program should exit. |
Line 1108 sub establish_key_handler {
|
Line 1112 sub establish_key_handler {
|
# Implicit Inputs: |
# Implicit Inputs: |
# $currenthostid - Global variable that carries the name of the host |
# $currenthostid - Global variable that carries the name of the host |
# known as. |
# known as. |
# $clientname - Global variable that carries the name of the hsot we're connected to. |
# $clientname - Global variable that carries the name of the host we're connected to. |
# Returns: |
# Returns: |
# 1 - Ok to continue processing. |
# 1 - Ok to continue processing. |
# 0 - Program should exit. |
# 0 - Program should exit. |
Line 1145 sub load_handler {
|
Line 1149 sub load_handler {
|
# Implicit Inputs: |
# Implicit Inputs: |
# $currenthostid - Global variable that carries the name of the host |
# $currenthostid - Global variable that carries the name of the host |
# known as. |
# known as. |
# $clientname - Global variable that carries the name of the hsot we're connected to. |
# $clientname - Global variable that carries the name of the host we're connected to. |
# Returns: |
# Returns: |
# 1 - Ok to continue processing. |
# 1 - Ok to continue processing. |
# 0 - Program should exit |
# 0 - Program should exit |
Line 1654 sub server_loncaparev_handler {
|
Line 1658 sub server_loncaparev_handler {
|
} |
} |
®ister_handler("serverloncaparev", \&server_loncaparev_handler, 0, 1, 0); |
®ister_handler("serverloncaparev", \&server_loncaparev_handler, 0, 1, 0); |
|
|
|
sub server_homeID_handler { |
|
my ($cmd,$tail,$client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
&Reply($client,\$perlvar{'lonHostID'},$userinput); |
|
return 1; |
|
} |
|
®ister_handler("serverhomeID", \&server_homeID_handler, 0, 1, 0); |
|
|
# Process a reinit request. Reinit requests that either |
# Process a reinit request. Reinit requests that either |
# lonc or lond be reinitialized so that an updated |
# lonc or lond be reinitialized so that an updated |
# host.tab or domain.tab can be processed. |
# host.tab or domain.tab can be processed. |
Line 1763 sub authenticate_handler {
|
Line 1775 sub authenticate_handler {
|
# upass - User's password. |
# upass - User's password. |
# checkdefauth - Pass to validate_user() to try authentication |
# checkdefauth - Pass to validate_user() to try authentication |
# with default auth type(s) if no user account. |
# with default auth type(s) if no user account. |
|
# clientcancheckhost - Passed by clients with functionality in lonauth.pm |
|
# to check if session can be hosted. |
|
|
my ($udom, $uname, $upass, $checkdefauth)=split(/:/,$tail); |
my ($udom, $uname, $upass, $checkdefauth, $clientcancheckhost)=split(/:/,$tail); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass, checkdefauth = $checkdefauth"); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass, checkdefauth = $checkdefauth"); |
chomp($upass); |
chomp($upass); |
$upass=&unescape($upass); |
$upass=&unescape($upass); |
|
|
my $pwdcorrect = &validate_user($udom,$uname,$upass,$checkdefauth); |
my $pwdcorrect = &validate_user($udom,$uname,$upass,$checkdefauth); |
if($pwdcorrect) { |
if($pwdcorrect) { |
&Reply( $client, "authorized\n", $userinput); |
my $canhost = 1; |
|
unless ($clientcancheckhost) { |
|
my $uprimary_id = &Apache::lonnet::domain($udom,'primary'); |
|
my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id); |
|
my @intdoms; |
|
my $internet_names = &Apache::lonnet::get_internet_names($clientname); |
|
if (ref($internet_names) eq 'ARRAY') { |
|
@intdoms = @{$internet_names}; |
|
} |
|
unless ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/,@intdoms)) { |
|
my ($remote,$hosted); |
|
my $remotesession = &get_usersession_config($udom,'remotesession'); |
|
if (ref($remotesession) eq 'HASH') { |
|
$remote = $remotesession->{'remote'} |
|
} |
|
my $hostedsession = &get_usersession_config($clienthomedom,'hostedsession'); |
|
if (ref($hostedsession) eq 'HASH') { |
|
$hosted = $hostedsession->{'hosted'}; |
|
} |
|
my $loncaparev = $clientversion; |
|
if ($loncaparev eq '') { |
|
$loncaparev = $Apache::lonnet::loncaparevs{$clientname}; |
|
} |
|
$canhost = &Apache::lonnet::can_host_session($udom,$clientname, |
|
$loncaparev, |
|
$remote,$hosted); |
|
} |
|
} |
|
if ($canhost) { |
|
&Reply( $client, "authorized\n", $userinput); |
|
} else { |
|
&Reply( $client, "not_allowed_to_host\n", $userinput); |
|
} |
# |
# |
# Bad credentials: Failed to authorize |
# Bad credentials: Failed to authorize |
# |
# |
Line 2109 sub update_resource_handler {
|
Line 2155 sub update_resource_handler {
|
my $transname="$fname.in.transfer"; |
my $transname="$fname.in.transfer"; |
my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname"); |
my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname"); |
my $response; |
my $response; |
alarm(120); |
# FIXME: cannot replicate files that take more than two minutes to transfer? |
|
# alarm(120); |
|
# FIXME: this should use the LWP mechanism, not internal alarms. |
|
alarm(1200); |
{ |
{ |
my $ua=new LWP::UserAgent; |
my $ua=new LWP::UserAgent; |
my $request=new HTTP::Request('GET',"$remoteurl"); |
my $request=new HTTP::Request('GET',"$remoteurl"); |
Line 2117 sub update_resource_handler {
|
Line 2166 sub update_resource_handler {
|
} |
} |
alarm(0); |
alarm(0); |
if ($response->is_error()) { |
if ($response->is_error()) { |
|
# FIXME: we should probably clean up here instead of just whine |
unlink($transname); |
unlink($transname); |
my $message=$response->status_line; |
my $message=$response->status_line; |
&logthis("LWP GET: $message for $fname ($remoteurl)"); |
&logthis("LWP GET: $message for $fname ($remoteurl)"); |
} else { |
} else { |
if ($remoteurl!~/\.meta$/) { |
if ($remoteurl!~/\.meta$/) { |
|
# FIXME: isn't there an internal LWP mechanism for this? |
alarm(120); |
alarm(120); |
{ |
{ |
my $ua=new LWP::UserAgent; |
my $ua=new LWP::UserAgent; |
Line 3102 sub dump_with_regexp {
|
Line 3153 sub dump_with_regexp {
|
|
|
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
|
|
my ($udom,$uname,$namespace,$regexp,$range)=split(/:/,$tail); |
my ($udom,$uname,$namespace,$regexp,$range,$extra)=split(/:/,$tail); |
if (defined($regexp)) { |
if (defined($regexp)) { |
$regexp=&unescape($regexp); |
$regexp=&unescape($regexp); |
} else { |
} else { |
Line 3120 sub dump_with_regexp {
|
Line 3171 sub dump_with_regexp {
|
} |
} |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
&GDBM_READER()); |
&GDBM_READER()); |
|
my $skipcheck; |
if ($hashref) { |
if ($hashref) { |
my $qresult=''; |
my $qresult=''; |
my $count=0; |
my $count=0; |
|
if ($extra ne '') { |
|
$extra = &Apache::lonnet::thaw_unescape($extra); |
|
$skipcheck = $extra->{'skipcheck'}; |
|
} |
|
my @ids = &Apache::lonnet::current_machine_ids(); |
|
my (%homecourses,$major,$minor,$now); |
|
if (($namespace eq 'roles') && (!$skipcheck)) { |
|
my $loncaparev = $clientversion; |
|
if ($loncaparev eq '') { |
|
$loncaparev = $Apache::lonnet::loncaparevs{$clientname}; |
|
} |
|
if ($loncaparev =~ /^\'?(\d+)\.(\d+)\.[\w.\-]+\'?/) { |
|
$major = $1; |
|
$minor = $2; |
|
} |
|
$now = time; |
|
} |
while (my ($key,$value) = each(%$hashref)) { |
while (my ($key,$value) = each(%$hashref)) { |
if ($namespace eq 'roles') { |
if ($namespace eq 'roles') { |
if ($key =~ /^($LONCAPA::match_domain)_($LONCAPA::match_community)_(cc|co|in|ta|ep|ad|st|cr)/) { |
if ($key =~ m{^/($LONCAPA::match_domain)/($LONCAPA::match_courseid)(/?[^_]*)_(cc|co|in|ta|ep|ad|st|cr)$}) { |
if ($clientversion =~ /^(\d+)\.(\d+)$/) { |
my $cdom = $1; |
my $major = $1; |
my $cnum = $2; |
my $minor = $2; |
unless ($skipcheck) { |
next if (($major < 2) || (($major == 2) && ($minor < 9))); |
my ($role,$end,$start) = split(/\_/,$value); |
|
if (!$end || $end > $now) { |
|
next unless (&releasereqd_check($cnum,$cdom,$key,$value,$major, |
|
$minor,\%homecourses,\@ids)); |
|
} |
} |
} |
} |
} |
} |
} |
Line 3149 sub dump_with_regexp {
|
Line 3222 sub dump_with_regexp {
|
} |
} |
} |
} |
if (&untie_user_hash($hashref)) { |
if (&untie_user_hash($hashref)) { |
|
if (($namespace eq 'roles') && (!$skipcheck)) { |
|
if (keys(%homecourses) > 0) { |
|
$qresult .= &check_homecourses(\%homecourses,$udom,$regexp,$count, |
|
$range,$start,$end,$major,$minor); |
|
} |
|
} |
chop($qresult); |
chop($qresult); |
&Reply($client, \$qresult, $userinput); |
&Reply($client, \$qresult, $userinput); |
} else { |
} else { |
Line 3726 sub put_course_id_hash_handler {
|
Line 3805 sub put_course_id_hash_handler {
|
# createdafter - include courses for which creation date followed this date. |
# createdafter - include courses for which creation date followed this date. |
# creationcontext - include courses created in specified context |
# creationcontext - include courses created in specified context |
# |
# |
|
# domcloner - flag to indicate if user can create CCs in course's domain. |
|
# If so, ability to clone course is automatic. |
|
# |
# $client - The socket open on the client. |
# $client - The socket open on the client. |
# Returns: |
# Returns: |
# 1 - Continue processing. |
# 1 - Continue processing. |
Line 3738 sub dump_course_id_handler {
|
Line 3820 sub dump_course_id_handler {
|
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter, |
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter, |
$typefilter,$regexp_ok,$rtn_as_hash,$selfenrollonly,$catfilter,$showhidden, |
$typefilter,$regexp_ok,$rtn_as_hash,$selfenrollonly,$catfilter,$showhidden, |
$caller,$cloner,$cc_clone_list,$cloneonly,$createdbefore,$createdafter, |
$caller,$cloner,$cc_clone_list,$cloneonly,$createdbefore,$createdafter, |
$creationcontext) =split(/:/,$tail); |
$creationcontext,$domcloner) =split(/:/,$tail); |
my $now = time; |
my $now = time; |
my ($cloneruname,$clonerudom,%cc_clone); |
my ($cloneruname,$clonerudom,%cc_clone); |
if (defined($description)) { |
if (defined($description)) { |
Line 3811 sub dump_course_id_handler {
|
Line 3893 sub dump_course_id_handler {
|
} else { |
} else { |
$creationcontext = '.'; |
$creationcontext = '.'; |
} |
} |
|
|
my $unpack = 1; |
my $unpack = 1; |
if ($description eq '.' && $instcodefilter eq '.' && $coursefilter eq '.' && |
if ($description eq '.' && $instcodefilter eq '.' && $coursefilter eq '.' && |
$typefilter eq '.') { |
$typefilter eq '.') { |
Line 3842 sub dump_course_id_handler {
|
Line 3923 sub dump_course_id_handler {
|
next if ($since > 1); |
next if ($since > 1); |
} |
} |
$is_hash = 1; |
$is_hash = 1; |
if (defined($clonerudom)) { |
if ($domcloner) { |
|
$canclone = 1; |
|
} elsif (defined($clonerudom)) { |
if ($items->{'cloners'}) { |
if ($items->{'cloners'}) { |
my @cloneable = split(',',$items->{'cloners'}); |
my @cloneable = split(',',$items->{'cloners'}); |
if (@cloneable) { |
if (@cloneable) { |
Line 3870 sub dump_course_id_handler {
|
Line 3953 sub dump_course_id_handler {
|
$items->{'cloners'} = $cloneruname.':'.$clonerudom; |
$items->{'cloners'} = $cloneruname.':'.$clonerudom; |
$valchange = 1; |
$valchange = 1; |
} |
} |
|
unless ($canclone) { |
|
if ($items->{'owner'} =~ /:/) { |
|
if ($items->{'owner'} eq $cloner) { |
|
$canclone = 1; |
|
} |
|
} elsif ($cloner eq $items->{'owner'}.':'.$udom) { |
|
$canclone = 1; |
|
} |
|
if ($canclone) { |
|
$items->{'cloners'} = $cloneruname.':'.$clonerudom; |
|
$valchange = 1; |
|
} |
|
} |
} |
} |
} |
} |
if ($unpack || !$rtn_as_hash) { |
if ($unpack || !$rtn_as_hash) { |
Line 4070 sub dump_course_id_handler {
|
Line 4166 sub dump_course_id_handler {
|
} |
} |
®ister_handler("courseiddump", \&dump_course_id_handler, 0, 1, 0); |
®ister_handler("courseiddump", \&dump_course_id_handler, 0, 1, 0); |
|
|
|
sub course_lastaccess_handler { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my ($cdom,$cnum) = split(':',$tail); |
|
my (%lastaccess,$qresult); |
|
my $hashref = &tie_domain_hash($cdom, "nohist_courseids", &GDBM_WRCREAT()); |
|
if ($hashref) { |
|
while (my ($key,$value) = each(%$hashref)) { |
|
my ($unesc_key,$lasttime); |
|
$unesc_key = &unescape($key); |
|
if ($cnum) { |
|
next unless ($unesc_key =~ /\Q$cdom\E_\Q$cnum\E$/); |
|
} |
|
if ($unesc_key =~ /^lasttime:($LONCAPA::match_domain\_$LONCAPA::match_courseid)/) { |
|
$lastaccess{$1} = $value; |
|
} else { |
|
my $items = &Apache::lonnet::thaw_unescape($value); |
|
if (ref($items) eq 'HASH') { |
|
unless ($lastaccess{$unesc_key}) { |
|
$lastaccess{$unesc_key} = ''; |
|
} |
|
} else { |
|
my @courseitems = split(':',$value); |
|
$lastaccess{$unesc_key} = pop(@courseitems); |
|
} |
|
} |
|
} |
|
foreach my $cid (sort(keys(%lastaccess))) { |
|
$qresult.=&escape($cid).'='.$lastaccess{$cid}.'&'; |
|
} |
|
if (&untie_domain_hash($hashref)) { |
|
if ($qresult) { |
|
chop($qresult); |
|
} |
|
&Reply($client, \$qresult, $userinput); |
|
} else { |
|
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
|
"while attempting lastacourseaccess\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ". |
|
"while attempting lastcourseaccess\n", $userinput); |
|
} |
|
return 1; |
|
} |
|
®ister_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0); |
|
|
# |
# |
# Puts an unencrypted entry in a namespace db file at the domain level |
# Puts an unencrypted entry in a namespace db file at the domain level |
# |
# |
Line 4135 sub put_domain_handler {
|
Line 4278 sub put_domain_handler {
|
sub get_domain_handler { |
sub get_domain_handler { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
|
|
|
|
my $userinput = "$client:$tail"; |
my $userinput = "$client:$tail"; |
|
|
my ($udom,$namespace,$what)=split(/:/,$tail,3); |
my ($udom,$namespace,$what)=split(/:/,$tail,3); |
Line 4543 sub tmp_put_handler {
|
Line 4687 sub tmp_put_handler {
|
} |
} |
my ($id,$store); |
my ($id,$store); |
$tmpsnum++; |
$tmpsnum++; |
if ($context eq 'resetpw') { |
if (($context eq 'resetpw') || ($context eq 'createaccount')) { |
$id = &md5_hex(&md5_hex(time.{}.rand().$$)); |
$id = &md5_hex(&md5_hex(time.{}.rand().$$)); |
} else { |
} else { |
$id = $$.'_'.$clientip.'_'.$tmpsnum; |
$id = $$.'_'.$clientip.'_'.$tmpsnum; |
Line 6090 sub logstatus {
|
Line 6234 sub logstatus {
|
sub initnewstatus { |
sub initnewstatus { |
my $docdir=$perlvar{'lonDocRoot'}; |
my $docdir=$perlvar{'lonDocRoot'}; |
my $fh=IO::File->new(">$docdir/lon-status/londstatus.txt"); |
my $fh=IO::File->new(">$docdir/lon-status/londstatus.txt"); |
my $now=time; |
my $now=time(); |
my $local=localtime($now); |
my $local=localtime($now); |
print $fh "LOND status $local - parent $$\n\n"; |
print $fh "LOND status $local - parent $$\n\n"; |
opendir(DIR,"$docdir/lon-status/londchld"); |
opendir(DIR,"$docdir/lon-status/londchld"); |
Line 6179 $SIG{USR2} = \&UpdateHosts;
|
Line 6323 $SIG{USR2} = \&UpdateHosts;
|
|
|
# Read the host hashes: |
# Read the host hashes: |
&Apache::lonnet::load_hosts_tab(); |
&Apache::lonnet::load_hosts_tab(); |
|
my %iphost = &Apache::lonnet::get_iphost(1); |
|
|
my $dist=`$perlvar{'lonDaemons'}/distprobe`; |
my $dist=`$perlvar{'lonDaemons'}/distprobe`; |
|
|
Line 6331 sub make_new_child {
|
Line 6476 sub make_new_child {
|
my $cipherkey = pack("H32", $key); |
my $cipherkey = pack("H32", $key); |
$cipher = new IDEA($cipherkey); |
$cipher = new IDEA($cipherkey); |
print $client "ok:local\n"; |
print $client "ok:local\n"; |
&logthis('<font color="green"' |
&logthis('<font color="green">' |
. "Successful local authentication </font>"); |
. "Successful local authentication </font>"); |
$keymode = "local" |
$keymode = "local" |
} else { |
} else { |
Line 6395 sub make_new_child {
|
Line 6540 sub make_new_child {
|
# ------------------------------------------------------------ Process requests |
# ------------------------------------------------------------ Process requests |
my $keep_going = 1; |
my $keep_going = 1; |
my $user_input; |
my $user_input; |
|
my $clienthost = &Apache::lonnet::hostname($clientname); |
|
my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost); |
|
$clienthomedom = &Apache::lonnet::host_domain($clientserverhomeID); |
while(($user_input = get_request) && $keep_going) { |
while(($user_input = get_request) && $keep_going) { |
alarm(120); |
alarm(120); |
Debug("Main: Got $user_input\n"); |
Debug("Main: Got $user_input\n"); |
Line 6553 sub rewrite_password_file {
|
Line 6701 sub rewrite_password_file {
|
|
|
# Returns the authorization type or nouser if there is no such user. |
# Returns the authorization type or nouser if there is no such user. |
# |
# |
sub get_auth_type |
sub get_auth_type { |
{ |
|
|
|
my ($domain, $user) = @_; |
my ($domain, $user) = @_; |
|
|
Debug("get_auth_type( $domain, $user ) \n"); |
Debug("get_auth_type( $domain, $user ) \n"); |
Line 6650 sub validate_user {
|
Line 6796 sub validate_user {
|
} else { |
} else { |
$validated = 0; |
$validated = 0; |
} |
} |
} |
} elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain. |
elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain. |
my $checkwithkrb5 = 0; |
if(! ($password =~ /$null/) ) { |
if ($dist =~/^fedora(\d+)$/) { |
my $k4error = &Authen::Krb4::get_pw_in_tkt($user, |
if ($1 > 11) { |
"", |
$checkwithkrb5 = 1; |
$contentpwd,, |
} |
'krbtgt', |
} elsif ($dist =~ /^suse([\d.]+)$/) { |
$contentpwd, |
if ($1 > 11.1) { |
1, |
$checkwithkrb5 = 1; |
$password); |
} |
if(!$k4error) { |
} |
$validated = 1; |
if ($checkwithkrb5) { |
} else { |
$validated = &krb5_authen($password,$null,$user,$contentpwd); |
$validated = 0; |
} else { |
&logthis('krb4: '.$user.', '.$contentpwd.', '. |
$validated = &krb4_authen($password,$null,$user,$contentpwd); |
&Authen::Krb4::get_err_txt($Authen::Krb4::error)); |
} |
} |
|
} else { |
|
$validated = 0; # Password has a match with null. |
|
} |
|
} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain. |
} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain. |
if(!($password =~ /$null/)) { # Null password not allowed. |
$validated = &krb5_authen($password,$null,$user,$contentpwd); |
my $krbclient = &Authen::Krb5::parse_name($user.'@' |
|
.$contentpwd); |
|
my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd; |
|
my $krbserver = &Authen::Krb5::parse_name($krbservice); |
|
my $credentials= &Authen::Krb5::cc_default(); |
|
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
|
.$contentpwd)); |
|
my $krbreturn; |
|
if (exists(&Authen::Krb5::get_init_creds_password)) { |
|
$krbreturn = |
|
&Authen::Krb5::get_init_creds_password($krbclient,$password, |
|
$krbservice); |
|
$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); |
|
} else { |
|
$krbreturn = |
|
&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
|
$password,$credentials); |
|
$validated = ($krbreturn == 1); |
|
} |
|
if (!$validated) { |
|
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
|
&Authen::Krb5::error()); |
|
} |
|
} else { |
|
$validated = 0; |
|
} |
|
} elsif ($howpwd eq "localauth") { |
} elsif ($howpwd eq "localauth") { |
# Authenticate via installation specific authentcation method: |
# Authenticate via installation specific authentcation method: |
$validated = &localauth::localauth($user, |
$validated = &localauth::localauth($user, |
Line 6728 sub validate_user {
|
Line 6844 sub validate_user {
|
return $validated; |
return $validated; |
} |
} |
|
|
|
sub krb4_authen { |
|
my ($password,$null,$user,$contentpwd) = @_; |
|
my $validated = 0; |
|
if (!($password =~ /$null/) ) { # Null password not allowed. |
|
eval { |
|
require Authen::Krb4; |
|
}; |
|
if (!$@) { |
|
my $k4error = &Authen::Krb4::get_pw_in_tkt($user, |
|
"", |
|
$contentpwd,, |
|
'krbtgt', |
|
$contentpwd, |
|
1, |
|
$password); |
|
if(!$k4error) { |
|
$validated = 1; |
|
} else { |
|
$validated = 0; |
|
&logthis('krb4: '.$user.', '.$contentpwd.', '. |
|
&Authen::Krb4::get_err_txt($Authen::Krb4::error)); |
|
} |
|
} else { |
|
$validated = krb5_authen($password,$null,$user,$contentpwd); |
|
} |
|
} |
|
return $validated; |
|
} |
|
|
|
sub krb5_authen { |
|
my ($password,$null,$user,$contentpwd) = @_; |
|
my $validated = 0; |
|
if(!($password =~ /$null/)) { # Null password not allowed. |
|
my $krbclient = &Authen::Krb5::parse_name($user.'@' |
|
.$contentpwd); |
|
my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd; |
|
my $krbserver = &Authen::Krb5::parse_name($krbservice); |
|
my $credentials= &Authen::Krb5::cc_default(); |
|
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
|
.$contentpwd)); |
|
my $krbreturn; |
|
if (exists(&Authen::Krb5::get_init_creds_password)) { |
|
$krbreturn = |
|
&Authen::Krb5::get_init_creds_password($krbclient,$password, |
|
$krbservice); |
|
$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); |
|
} else { |
|
$krbreturn = |
|
&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
|
$password,$credentials); |
|
$validated = ($krbreturn == 1); |
|
} |
|
if (!$validated) { |
|
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
|
&Authen::Krb5::error()); |
|
} |
|
} |
|
return $validated; |
|
} |
|
|
sub addline { |
sub addline { |
my ($fname,$hostid,$ip,$newline)=@_; |
my ($fname,$hostid,$ip,$newline)=@_; |
Line 7098 sub sethost {
|
Line 7273 sub sethost {
|
eq &Apache::lonnet::get_host_ip($hostid)) { |
eq &Apache::lonnet::get_host_ip($hostid)) { |
$currenthostid =$hostid; |
$currenthostid =$hostid; |
$currentdomainid=&Apache::lonnet::host_domain($hostid); |
$currentdomainid=&Apache::lonnet::host_domain($hostid); |
&logthis("Setting hostid to $hostid, and domain to $currentdomainid"); |
# &logthis("Setting hostid to $hostid, and domain to $currentdomainid"); |
} else { |
} else { |
&logthis("Requested host id $hostid not an alias of ". |
&logthis("Requested host id $hostid not an alias of ". |
$perlvar{'lonHostID'}." refusing connection"); |
$perlvar{'lonHostID'}." refusing connection"); |
Line 7113 sub version {
|
Line 7288 sub version {
|
return "version:$VERSION"; |
return "version:$VERSION"; |
} |
} |
|
|
|
sub get_usersession_config { |
|
my ($dom,$name) = @_; |
|
my ($usersessionconf,$cached)=&Apache::lonnet::is_cached_new($name,$dom); |
|
if (defined($cached)) { |
|
return $usersessionconf; |
|
} else { |
|
my %domconfig = &Apache::lonnet::get_dom('configuration',['usersessions'],$dom); |
|
if (ref($domconfig{'usersessions'}) eq 'HASH') { |
|
&Apache::lonnet::do_cache_new($name,$dom,$domconfig{'usersessions'},3600); |
|
return $domconfig{'usersessions'}; |
|
} |
|
} |
|
return; |
|
} |
|
|
|
sub releasereqd_check { |
|
my ($cnum,$cdom,$key,$value,$major,$minor,$homecourses,$ids) = @_; |
|
my $home = &Apache::lonnet::homeserver($cnum,$cdom); |
|
return if ($home eq 'no_host'); |
|
my ($reqdmajor,$reqdminor,$displayrole); |
|
if ($cnum =~ /$LONCAPA::match_community/) { |
|
if ($major eq '' && $minor eq '') { |
|
return unless ((ref($ids) eq 'ARRAY') && |
|
(grep(/^\Q$home\E$/,@{$ids}))); |
|
} else { |
|
$reqdmajor = 2; |
|
$reqdminor = 9; |
|
return unless (&useable_role($reqdmajor,$reqdminor,$major,$minor)); |
|
} |
|
} |
|
my $hashid = $cdom.':'.$cnum; |
|
my ($courseinfo,$cached) = |
|
&Apache::lonnet::is_cached_new('courseinfo',$hashid); |
|
if (defined($cached)) { |
|
if (ref($courseinfo) eq 'HASH') { |
|
if (exists($courseinfo->{'releaserequired'})) { |
|
my ($reqdmajor,$reqdminor) = split(/\./,$courseinfo->{'releaserequired'}); |
|
return unless (&useable_role($reqdmajor,$reqdminor,$major,$minor)); |
|
} |
|
} |
|
} else { |
|
if (ref($ids) eq 'ARRAY') { |
|
if (grep(/^\Q$home\E$/,@{$ids})) { |
|
if (ref($homecourses) eq 'HASH') { |
|
if (ref($homecourses->{$hashid}) eq 'ARRAY') { |
|
push(@{$homecourses->{$hashid}},{$key=>$value}); |
|
} else { |
|
$homecourses->{$hashid} = [{$key=>$value}]; |
|
} |
|
} |
|
return; |
|
} |
|
} |
|
my $courseinfo = &get_courseinfo_hash($cnum,$cdom,$home); |
|
if (ref($courseinfo) eq 'HASH') { |
|
if (exists($courseinfo->{'releaserequired'})) { |
|
my ($reqdmajor,$reqdminor) = split(/\./,$courseinfo->{'releaserequired'}); |
|
return unless (&useable_role($reqdmajor,$reqdminor,$major,$minor)); |
|
} |
|
} |
|
} |
|
return 1; |
|
} |
|
|
|
sub get_courseinfo_hash { |
|
my ($cnum,$cdom,$home) = @_; |
|
my $hashid = $cdom.':'.$cnum; |
|
my %info = &Apache::lonnet::courseiddump($cdom,'.',1,'.','.',$cnum,1,[$home],'.'); |
|
if (ref($info{$cdom.'_'.$cnum}) eq 'HASH') { |
|
return &Apache::lonnet::do_cache_new('courseinfo',$hashid,$info{$cdom.'_'.$cnum},600); |
|
} |
|
return; |
|
} |
|
|
|
sub check_homecourses { |
|
my ($homecourses,$udom,$regexp,$count,$range,$start,$end,$major,$minor) = @_; |
|
my ($result,%addtocache); |
|
my $yesterday = time - 24*3600; |
|
if (ref($homecourses) eq 'HASH') { |
|
my (%okcourses,%courseinfo,%recent); |
|
my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT()); |
|
if ($hashref) { |
|
while (my ($key,$value) = each(%$hashref)) { |
|
my $unesc_key = &unescape($key); |
|
if ($unesc_key =~ /^lasttime:(\w+)$/) { |
|
my $cid = $1; |
|
$cid =~ s/_/:/; |
|
if ($value > $yesterday ) { |
|
$recent{$cid} = 1; |
|
} |
|
next; |
|
} |
|
my $items = &Apache::lonnet::thaw_unescape($value); |
|
if (ref($items) eq 'HASH') { |
|
my $hashid = $unesc_key; |
|
$hashid =~ s/_/:/; |
|
$courseinfo{$hashid} = $items; |
|
if (ref($homecourses->{$hashid}) eq 'ARRAY') { |
|
my ($reqdmajor,$reqdminor) = split(/\./,$items->{'releaserequired'}); |
|
if (&useable_role($reqdmajor,$reqdminor,$major,$minor)) { |
|
$okcourses{$hashid} = 1; |
|
} |
|
} |
|
} |
|
} |
|
unless (&untie_domain_hash($hashref)) { |
|
&logthis('Failed to untie tied hash for nohist_courseids.db'); |
|
} |
|
} else { |
|
&logthis('Failed to tie hash for nohist_courseids.db'); |
|
return; |
|
} |
|
foreach my $hashid (keys(%recent)) { |
|
&Apache::lonnet::do_cache_new('courseinfo',$hashid,$courseinfo{$hashid},600); |
|
} |
|
foreach my $hashid (keys(%{$homecourses})) { |
|
next if ($recent{$hashid}); |
|
&Apache::lonnet::do_cache_new('courseinfo',$hashid,$courseinfo{$hashid},600); |
|
} |
|
foreach my $hashid (keys(%okcourses)) { |
|
if (ref($homecourses->{$hashid}) eq 'ARRAY') { |
|
foreach my $role (@{$homecourses->{$hashid}}) { |
|
if (ref($role) eq 'HASH') { |
|
while (my ($key,$value) = each(%{$role})) { |
|
if ($regexp eq '.') { |
|
$count++; |
|
if (defined($range) && $count >= $end) { last; } |
|
if (defined($range) && $count < $start) { next; } |
|
$result.=$key.'='.$value.'&'; |
|
} else { |
|
my $unescapeKey = &unescape($key); |
|
if (eval('$unescapeKey=~/$regexp/')) { |
|
$count++; |
|
if (defined($range) && $count >= $end) { last; } |
|
if (defined($range) && $count < $start) { next; } |
|
$result.="$key=$value&"; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
return $result; |
|
} |
|
|
|
sub useable_role { |
|
my ($reqdmajor,$reqdminor,$major,$minor) = @_; |
|
if ($reqdmajor ne '' && $reqdminor ne '') { |
|
return if (($major eq '' && $minor eq '') || |
|
($major < $reqdmajor) || |
|
(($major == $reqdmajor) && ($minor < $reqdminor))); |
|
} |
|
return 1; |
|
} |
|
|
# ----------------------------------- POD (plain old documentation, CPAN style) |
# ----------------------------------- POD (plain old documentation, CPAN style) |
|
|
Line 7848 string.
|
Line 8179 string.
|
|
|
=back |
=back |
|
|
|
=back |
|
|
|
|
=cut |
=cut |