loncom/lond - diff - 1.489.2.43.2.11

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.489.2.43.2.3 and 1.489.2.43.2.11

-version 1.489.2.43.2.3, 2022/02/20 20:58:26
+version 1.489.2.43.2.11, 2024/08/18 16:20:24
  Line 653  sub PushFile {
      if($filename eq "host") {
  	$contents = AdjustHostContents($contents);
-     } elsif ($filename eq 'dns_host' || $filename eq 'dns_domain') {
+     } elsif (($filename eq 'dns_hosts') || ($filename eq 'dns_domain')) {
          if ($contents eq '') {
              &logthis('<font color="red"> Pushfile: unable to install '
                      .$tablefile." - no data received from push. </font>");
  Line 2407  sub update_passwd_history {
      return;
  }
+ sub inst_unamemap_check {
+     my ($cmd, $tail, $client)   = @_;
+     my $userinput               = "$cmd:$tail";
+     my %rulecheck;
+     my $outcome;
+     my ($udom,$uname,@rules) = split(/:/,$tail);
+     $udom = &unescape($udom);
+     $uname = &unescape($uname);
+     @rules = map {&unescape($_);} (@rules);
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck);
+     };
+     if (!$@) {
+         if ($outcome eq 'ok') {
+             my $result='';
+             foreach my $key (keys(%rulecheck)) {
+                 $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
+             }
+             &Reply($client,\$result,$userinput);
+         } else {
+             &Reply($client,"error\n", $userinput);
+         }
+     } else {
+         &Failure($client,"unknown_cmd\n",$userinput);
+     }
+ }
+ &register_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0);
  #
  #   Determines if this is the home server for a user.  The home server
  #   for a user will have his/her lon-capa passwd file.  Therefore all we need
- Line 2804  sub user_has_session_handler {
+ Line 2834  sub user_has_session_handler {
  }
  &register_handler("userhassession", \&user_has_session_handler, 0,1,0);
+ sub del_usersession_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $result;
+     my ($udom, $uname) = map { &unescape($_) } (split(/:/, $tail));
+     if (($udom =~ /^$LONCAPA::match_domain$/) && ($uname =~ /^$LONCAPA::match_username$/)) {
+         my $lonidsdir = $perlvar{'lonIDsDir'};
+         if (-d $lonidsdir) {
+             if (opendir(DIR,$lonidsdir)) {
+                 my $filename;
+                 while ($filename=readdir(DIR)) {
+                     if ($filename=~/^\Q$uname\E_\d+_\Q$udom\E_/) {
+                         if (tie(my %oldenv,'GDBM_File',"$lonidsdir/$filename",
+                                 &GDBM_READER(),0640)) {
+                             my $linkedfile;
+                             if (exists($oldenv{'user.linkedenv'})) {
+                                 $linkedfile = $oldenv{'user.linkedenv'};
+                             }
+                             untie(%oldenv);
+                             $result = unlink("$lonidsdir/$filename");
+                             if ($result) {
+                                 if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
+                                     if (-l "$lonidsdir/$linkedfile.id") {
+                                         unlink("$lonidsdir/$linkedfile.id");
+                                     }
+                                 }
+                             }
+                         } else {
+                             $result = unlink("$lonidsdir/$filename");
+                         }
+                         last;
+                     }
+                 }
+             }
+         }
+         if ($result == 1) {
+             &Reply($client, "$result\n", "$cmd:$tail");
+         } else {
+             &Reply($client, "not_found\n", "$cmd:$tail");
+         }
+     } else {
+         &Failure($client, "invalid_user\n", "$cmd:$tail");
+     }
+     return 1;
+ }
+ &register_handler("delusersession", \&del_usersession_handler, 0,1,0);
  #
  #  Authenticate access to a user file by checking that the token the user's
  #  passed also exists in their session file
- Line 4837  sub lti_handler {
+ Line 4915  sub lti_handler {
  &register_handler("lti", \&lti_handler, 1, 1, 0);
  #
+ # Data for LTI payload (received encrypted) are unencrypted and
+ # then signed with the appropriate key and secret, before re-encrypting
+ # the signed payload which is sent to the client for unencryption by
+ # the caller: lonnet::sign_lti()) before dispatch either to a web browser
+ # (launch) or to a remote web service (roster, logout, or grade).
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (signlti).
+ #   $tail            - Tail of the command.  This is a colon-separated list
+ #                      consisting of the domain, coursenum (if for an External
+ #                      Tool defined in a course), crsdef (true if defined in
+ #                      a course), type (linkprot or lti),
+ #                      context (launch, roster, logout, or grade),
+ #                      escaped launch URL, numeric ID of external tool,
+ #                      version number for encryption key (if tool's LTI secret was
+ #                      encrypted before storing), a frozen hash of LTI launch
+ #                      parameters, and a frozen hash of LTI information,
+ #                      (e.g., method => 'HMAC-SHA1',
+ #                             respfmt => 'to_authorization_header').
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     The reply will contain the LTI payload, as & separated key=value pairs,
+ #     where value is itself a frozen hash, if the required key and secret
+ #     for the specific tool ID are available. The payload data are retrieved from
+ #     a call to Lond::sign_lti_payload(), and the reply is encrypted before being
+ #     written to $client.
+ #
+ sub sign_lti_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($cdom,$cnum,$crsdef,$type,$context,$escurl,
+         $ltinum,$keynum,$paramsref,$inforef) = split(/:/,$tail);
+     my $url = &unescape($escurl);
+     my $params = &Apache::lonnet::thaw_unescape($paramsref);
+     my $info = &Apache::lonnet::thaw_unescape($inforef);
+     my $res =
+         &LONCAPA::Lond::sign_lti_payload($cdom,$cnum,$crsdef,$type,$context,$url,$ltinum,
+                                          $keynum,$perlvar{'lonVersion'},$params,$info);
+     my $result;
+     if (ref($res) eq 'HASH') {
+         foreach my $key (keys(%{$res})) {
+             $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($res->{$key}).'&';
+         }
+         $result =~ s/\&$//;
+     } else {
+         $result = $res;
+     }
+     if ($result =~ /^error:/) {
+         &Failure($client, \$result, $userinput);
+     } else {
+         if ($cipher) {
+             my $cmdlength=length($result);
+             $result.="         ";
+             my $encres='';
+             for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                 $encres.= unpack("H16",
+                                  $cipher->encrypt(substr($result,
+                                                          $encidx,
+)));
+             }
+             &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+         } else {
+             &Failure( $client, "error:no_key\n",$userinput);
+         }
+     }
+     return 1;
+ }
+ &register_handler("signlti", \&sign_lti_handler, 1, 1, 0);
+ #
  #  Puts an id to a domains id database.
  #
  #  Parameters:
- Line 6368  sub get_institutional_selfcreate_rules {
+ Line 6521  sub get_institutional_selfcreate_rules {
  }
  &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);
+ sub get_unamemap_rules {
+     my ($cmd, $tail, $client)   = @_;
+     my $userinput               = "$cmd:$tail";
+     my $dom = &unescape($tail);
+     my (%rules_hash,@rules_order);
+     my $outcome;
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order);
+     };
+     if (!$@) {
+         if ($outcome eq 'ok') {
+             my $result;
+             foreach my $key (keys(%rules_hash)) {
+                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
+             }
+             $result =~ s/\&$//;
+             $result .= ':';
+             if (@rules_order > 0) {
+                 foreach my $item (@rules_order) {
+                     $result .= &escape($item).'&';
+                 }
+             }
+             $result =~ s/\&$//;
+             &Reply($client,\$result,$userinput);
+         } else {
+             &Reply($client,"error\n", $userinput);
+         }
+     } else {
+         &Failure($client,"unknown_cmd\n",$userinput);
+     }
+ }
+ &register_handler("unamemaprules",\&get_unamemap_rules,0,1,0);
  sub institutional_username_check {
      my ($cmd, $tail, $client)   = @_;
- Line 6890  undef $perlvarref;
+ Line 7076  undef $perlvarref;
  # ----------------------------- Make sure this process is running from user=www
  my $wwwid=getpwnam('www');
  if ($wwwid!=$<) {
-    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+    my $emailto="$perlvar{'lonAdmEMail'} $perlvar{'lonSysEMail'}";
     my $subj="LON: $currenthostid User ID mismatch";
     system("echo 'User ID mismatch.  lond must be run as user www.' |".
            " mail -s '$subj' $emailto > /dev/null");
- Line 7746  sub validate_user {
+ Line 7932  sub validate_user {
              } elsif ((($domdefaults{'auth_def'} eq 'krb4') ||
                        ($domdefaults{'auth_def'} eq 'krb5')) &&
                       ($domdefaults{'auth_arg_def'} ne '')) {
-                 $howpwd = $domdefaults{'auth_def'};
+                 #
-                 $contentpwd = $domdefaults{'auth_arg_def'};
+                 # Don't attempt authentication for username and password supplied
+                 # for user without an account if username contains @ to avoid
+                 # call to &Authen::Krb5::parse_name() which will result in con_lost
+                 #
+                 unless ($user =~ /\@/) {
+                     $howpwd = $domdefaults{'auth_def'};
+                     $contentpwd = $domdefaults{'auth_arg_def'};
+                 }
              }
          }
      }
- Line 8091  sub currentversion {
+ Line 8284  sub currentversion {
      if (-e $ulsdir) {
  	if(-d $ulsdir) {
  	    if (opendir(LSDIR,$ulsdir)) {
+                 if (-e $fname) {
+                     $version=0;
+                 }
  		my $ulsfn;
  		while ($ulsfn=readdir(LSDIR)) {
  # see if this is a regular file (ignore links produced earlier)

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.489.2.43.2.3
changed lines
	Added in v.1.489.2.43.2.11