version 1.574, 2022/02/25 09:38:47
|
version 1.577, 2023/05/22 21:10:56
|
Line 259 my %trust = (
|
Line 259 my %trust = (
|
instidrules => {remote => 1, domroles => 1,}, |
instidrules => {remote => 1, domroles => 1,}, |
instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, |
instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, |
instselfcreatecheck => {institutiononly => 1}, |
instselfcreatecheck => {institutiononly => 1}, |
|
instunamemapcheck => {remote => 1,}, |
instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, |
instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, |
keys => {remote => 1,}, |
keys => {remote => 1,}, |
load => {anywhere => 1}, |
load => {anywhere => 1}, |
Line 305 my %trust = (
|
Line 306 my %trust = (
|
servertimezone => {remote => 1, enroll => 1}, |
servertimezone => {remote => 1, enroll => 1}, |
setannounce => {remote => 1, domroles => 1}, |
setannounce => {remote => 1, domroles => 1}, |
sethost => {anywhere => 1}, |
sethost => {anywhere => 1}, |
|
signlti => {remote => 1}, |
store => {remote => 1, enroll => 1, reqcrs => 1,}, |
store => {remote => 1, enroll => 1, reqcrs => 1,}, |
studentphoto => {remote => 1, enroll => 1}, |
studentphoto => {remote => 1, enroll => 1}, |
sub => {content => 1,}, |
sub => {content => 1,}, |
Line 312 my %trust = (
|
Line 314 my %trust = (
|
tmpget => {institutiononly => 1}, |
tmpget => {institutiononly => 1}, |
tmpput => {remote => 1, othcoau => 1}, |
tmpput => {remote => 1, othcoau => 1}, |
tokenauthuserfile => {anywhere => 1}, |
tokenauthuserfile => {anywhere => 1}, |
|
unamemaprules => {remote => 1,}, |
unsub => {content => 1,}, |
unsub => {content => 1,}, |
update => {shared => 1}, |
update => {shared => 1}, |
updatebalcookie => {institutiononly => 1}, |
updatebalcookie => {institutiononly => 1}, |
Line 863 sub PushFile {
|
Line 866 sub PushFile {
|
|
|
if($filename eq "host") { |
if($filename eq "host") { |
$contents = AdjustHostContents($contents); |
$contents = AdjustHostContents($contents); |
} elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') || |
} elsif (($filename eq 'dns_hosts') || ($filename eq 'dns_domain') || |
($filename eq 'loncapaCAcrl')) { |
($filename eq 'loncapaCAcrl')) { |
if ($contents eq '') { |
if ($contents eq '') { |
&logthis('<font color="red"> Pushfile: unable to install ' |
&logthis('<font color="red"> Pushfile: unable to install ' |
Line 2655 sub update_passwd_history {
|
Line 2658 sub update_passwd_history {
|
return; |
return; |
} |
} |
|
|
|
sub inst_unamemap_check { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my %rulecheck; |
|
my $outcome; |
|
my ($udom,$uname,@rules) = split(/:/,$tail); |
|
$udom = &unescape($udom); |
|
$uname = &unescape($uname); |
|
@rules = map {&unescape($_);} (@rules); |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
$outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck); |
|
}; |
|
if (!$@) { |
|
if ($outcome eq 'ok') { |
|
my $result=''; |
|
foreach my $key (keys(%rulecheck)) { |
|
$result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&'; |
|
} |
|
&Reply($client,\$result,$userinput); |
|
} else { |
|
&Reply($client,"error\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client,"unknown_cmd\n",$userinput); |
|
} |
|
} |
|
®ister_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0); |
|
|
|
|
# |
# |
# Determines if this is the home server for a user. The home server |
# Determines if this is the home server for a user. The home server |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
Line 5275 sub lti_handler {
|
Line 5308 sub lti_handler {
|
®ister_handler("lti", \<i_handler, 1, 1, 0); |
®ister_handler("lti", \<i_handler, 1, 1, 0); |
|
|
# |
# |
|
# LTI data for launch payload (received encrypted) are unencrypted and |
|
# then signed with the appropriate key and secret, before re-encrypting |
|
# for sending as the signed payload to the client (caller lonnet::sign_lti()). |
|
# |
|
# Parameters: |
|
# $cmd - Command request keyword (signlti). |
|
# $tail - Tail of the command. This is a colon-separated list |
|
# consisting of the domain, coursenum (if for an External |
|
# Tool defined in a course), crstool (true if defined in |
|
# a course), escaped launch URL, numeric ID of external tool |
|
# version number for encryption key (if tool's LTI secret was |
|
# encrypted before storing), post (true if signed data are |
|
# to be returned from Net::OAuth, as a post_body), |
|
# a frozen hash of LTI launch parameters, and a frozen hash |
|
# of LTI config data (i.e., method => signature method). |
|
# $client - File descriptor open on the client. |
|
# Returns: |
|
# 1 - Continue processing. |
|
# 0 - Exit. |
|
# Side effects: |
|
# The reply will contain the LTI payload, as & separated key=value pairs, |
|
# where value is itself a frozen hash, if the required key and secret |
|
# for the apecific tool ID are available. The payload data are retrived from |
|
# a call to Lond::sign_params(), and the reply is encrypted before being |
|
# written to $client. |
|
# |
|
sub sign_lti_handler { |
|
my ($cmd, $tail, $client) = @_; |
|
|
|
my $userinput = "$cmd:$tail"; |
|
|
|
my ($cdom,$cnum,$crstool,$escurl,$idx,$keynum,$post,$paramsref,$inforef) = split(/:/,$tail); |
|
my $url = &unescape($escurl); |
|
my $params = &Apache::lonnet::thaw_unescape($paramsref); |
|
my $info = &Apache::lonnet::thaw_unescape($inforef); |
|
my $res = |
|
&LONCAPA::Lond::sign_params($cdom,$cnum,$crstool,$url,$idx,$keynum, |
|
$post,$perlvar{'lonVersion'},$params,$info); |
|
my $result; |
|
if (ref($res) eq 'HASH') { |
|
foreach my $key (keys(%{$res})) { |
|
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($res->{$key}).'&'; |
|
} |
|
$result =~ s/\&$//; |
|
} else { |
|
$result = $res; |
|
} |
|
if ($result =~ /^error:/) { |
|
&Failure($client, \$result, $userinput); |
|
} else { |
|
if ($cipher) { |
|
my $cmdlength=length($result); |
|
$result.=" "; |
|
my $encres=''; |
|
for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { |
|
$encres.= unpack("H16", |
|
$cipher->encrypt(substr($result, |
|
$encidx, |
|
8))); |
|
} |
|
&Reply( $client,"enc:$cmdlength:$encres\n",$userinput); |
|
} else { |
|
&Failure( $client, "error:no_key\n",$userinput); |
|
} |
|
} |
|
return 1; |
|
} |
|
®ister_handler("signlti", \&sign_lti_handler, 1, 1, 0); |
|
|
|
# |
# Puts an id to a domains id database. |
# Puts an id to a domains id database. |
# |
# |
# Parameters: |
# Parameters: |
Line 6806 sub get_institutional_selfcreate_rules {
|
Line 6909 sub get_institutional_selfcreate_rules {
|
} |
} |
®ister_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0); |
®ister_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0); |
|
|
|
sub get_unamemap_rules { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my $dom = &unescape($tail); |
|
my (%rules_hash,@rules_order); |
|
my $outcome; |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
$outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order); |
|
}; |
|
if (!$@) { |
|
if ($outcome eq 'ok') { |
|
my $result; |
|
foreach my $key (keys(%rules_hash)) { |
|
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&'; |
|
} |
|
$result =~ s/\&$//; |
|
$result .= ':'; |
|
if (@rules_order > 0) { |
|
foreach my $item (@rules_order) { |
|
$result .= &escape($item).'&'; |
|
} |
|
} |
|
$result =~ s/\&$//; |
|
&Reply($client,\$result,$userinput); |
|
} else { |
|
&Reply($client,"error\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client,"unknown_cmd\n",$userinput); |
|
} |
|
} |
|
®ister_handler("unamemaprules",\&get_unamemap_rules,0,1,0); |
|
|
sub institutional_username_check { |
sub institutional_username_check { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
Line 8390 sub validate_user {
|
Line 8526 sub validate_user {
|
# |
# |
# Don't attempt authentication for username and password supplied |
# Don't attempt authentication for username and password supplied |
# for user without an account if uername contains @ to avoid |
# for user without an account if uername contains @ to avoid |
# call to &Authen::Krb5::parse_name() which will result in con_lost |
# call to &Authen::Krb5::parse_name() which will result in con_lost |
# |
# |
unless ($user =~ /\@/) { |
unless ($user =~ /\@/) { |
$howpwd = $domdefaults{'auth_def'}; |
$howpwd = $domdefaults{'auth_def'}; |