loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.571 and 1.582

-version 1.571, 2021/12/21 13:57:47
+version 1.582, 2024/12/27 01:04:00
  Line 259  my %trust = (
                 instidrules => {remote => 1, domroles => 1,},
                 instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},
                 instselfcreatecheck => {institutiononly => 1},
+                instunamemapcheck => {remote => 1,},
                 instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},
                 keys => {remote => 1,},
                 load => {anywhere => 1},
- Line 266  my %trust = (
+ Line 267  my %trust = (
                 ls => {remote => 1, enroll => 1, content => 1,},
                 ls2 => {remote => 1, enroll => 1, content => 1,},
                 ls3 => {remote => 1, enroll => 1, content => 1,},
+                lti => {institutiononly => 1},
                 makeuser => {remote => 1, enroll => 1, domroles => 1,},
                 mkdiruserfile => {remote => 1, enroll => 1,},
                 newput => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1,},
- Line 304  my %trust = (
+ Line 306  my %trust = (
                 servertimezone => {remote => 1, enroll => 1},
                 setannounce => {remote => 1, domroles => 1},
                 sethost => {anywhere => 1},
+                signlti => {remote => 1},
                 store => {remote => 1, enroll => 1, reqcrs => 1,},
                 studentphoto => {remote => 1, enroll => 1},
                 sub => {content => 1,},
- Line 311  my %trust = (
+ Line 314  my %trust = (
                 tmpget => {institutiononly => 1},
                 tmpput => {remote => 1, othcoau => 1},
                 tokenauthuserfile => {anywhere => 1},
+                unamemaprules => {remote => 1,},
                 unsub => {content => 1,},
                 update => {shared => 1},
                 updatebalcookie => {institutiononly => 1},
- Line 862  sub PushFile {
+ Line 866  sub PushFile {
      if($filename eq "host") {
  	$contents = AdjustHostContents($contents);
-     } elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') ||
+     } elsif (($filename eq 'dns_hosts') || ($filename eq 'dns_domain') ||
               ($filename eq 'loncapaCAcrl')) {
          if ($contents eq '') {
              &logthis('<font color="red"> Pushfile: unable to install '
- Line 2654  sub update_passwd_history {
+ Line 2658  sub update_passwd_history {
      return;
  }
+ sub inst_unamemap_check {
+     my ($cmd, $tail, $client)   = @_;
+     my $userinput               = "$cmd:$tail";
+     my %rulecheck;
+     my $outcome;
+     my ($udom,$uname,@rules) = split(/:/,$tail);
+     $udom = &unescape($udom);
+     $uname = &unescape($uname);
+     @rules = map {&unescape($_);} (@rules);
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck);
+     };
+     if (!$@) {
+         if ($outcome eq 'ok') {
+             my $result='';
+             foreach my $key (keys(%rulecheck)) {
+                 $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
+             }
+             &Reply($client,\$result,$userinput);
+         } else {
+             &Reply($client,"error\n", $userinput);
+         }
+     } else {
+         &Failure($client,"unknown_cmd\n",$userinput);
+     }
+ }
+ &register_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0);
  #
  #   Determines if this is the home server for a user.  The home server
  #   for a user will have his/her lon-capa passwd file.  Therefore all we need
- Line 5141  sub get_domain_handler {
+ Line 5175  sub get_domain_handler {
      my $userinput = "$cmd:$tail";
      my ($udom,$namespace,$what)=split(/:/,$tail,3);
-     if ($namespace =~ /^enc/) {
+     if (($namespace =~ /^enc/) || ($namespace eq 'private')) {
          &Failure( $client, "refused\n", $userinput);
      } else {
          my $res = LONCAPA::Lond::get_dom($userinput);
- Line 5156  sub get_domain_handler {
+ Line 5190  sub get_domain_handler {
  }
  &register_handler("getdom", \&get_domain_handler, 0, 1, 0);
+ #
+ # Encrypted get from the namespace database file at the domain level.
+ # This function retrieves a keyed item from a specific named database in the
+ # domain directory.
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (egetdom).
+ #   $tail            - Tail of the command.  This is a colon separated list
+ #                      consisting of the domain and the 'namespace'
+ #                      which selects the gdbm file to do the lookup in,
+ #                      & separated list of keys to lookup.  Note that
+ #                      the values are returned as an & separated list too.
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     reply is encrypted before being written to $client.
+ #
  sub encrypted_get_domain_handler {
      my ($cmd, $tail, $client) = @_;
      my $userinput = "$cmd:$tail";
-     my $res = LONCAPA::Lond::get_dom($userinput);
+     my ($udom,$namespace,$what) = split(/:/,$tail,3);
+     if ($namespace eq 'private') {
+         &Failure( $client, "refused\n", $userinput);
+     } else {
+         my $res = LONCAPA::Lond::get_dom($userinput);
+         if ($res =~ /^error:/) {
+             &Failure($client, \$res, $userinput);
+         } else {
+             if ($cipher) {
+                 my $cmdlength=length($res);
+                 $res.="         ";
+                 my $encres='';
+                 for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                     $encres.= unpack("H16",
+                                      $cipher->encrypt(substr($res,
+                                                              $encidx,
+)));
+                 }
+                 &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+             } else {
+                 &Failure( $client, "error:no_key\n",$userinput);
+             }
+         }
+     }
+     return 1;
+ }
+ &register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
+ #
+ # Encrypted get from the namespace database file at the domain level.
+ # This function retrieves a keyed item from a specific named database in the
+ # domain directory.
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (lti).
+ #   $tail            - Tail of the command.  This is a colon-separated list
+ #                      consisting of the domain, coursenum, if for LTI-
+ #                      enabled deep-linking to course content using
+ #                      link protection configured within a course,
+ #                      context (=deeplink) if for LTI-enabled deep-linking
+ #                      to course content using LTI Provider settings
+ #                      configured within a course's domain, the (escaped)
+ #                      launch URL, the (escaped) method (typically POST),
+ #                      and a frozen hash of the LTI launch parameters
+ #                      from the LTI payload.
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     The reply will contain an LTI itemID, if the signed LTI payload
+ #     could be verified using the consumer key and the shared secret
+ #     available for that key (for the itemID) for either the course or domain,
+ #     depending on values for cnum and context. The reply is encrypted before
+ #     being written to $client.
+ #
+ sub lti_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($cdom,$cnum,$context,$escurl,$escmethod,$items) = split(/:/,$tail);
+     my $url = &unescape($escurl);
+     my $method = &unescape($escmethod);
+     my $params = &Apache::lonnet::thaw_unescape($items);
+     my $res;
+     if ($cnum ne '') {
+         $res = &LONCAPA::Lond::crslti_itemid($cdom,$cnum,$url,$method,$params,$perlvar{'lonVersion'});
+     } else {
+         $res = &LONCAPA::Lond::domlti_itemid($cdom,$context,$url,$method,$params,$perlvar{'lonVersion'});
+     }
      if ($res =~ /^error:/) {
          &Failure($client, \$res, $userinput);
      } else {
- Line 5182  sub encrypted_get_domain_handler {
+ Line 5305  sub encrypted_get_domain_handler {
      }
      return 1;
  }
- &register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
+ &register_handler("lti", \&lti_handler, 1, 1, 0);
+ #
+ # Data for LTI payload (received encrypted) are unencrypted and
+ # then signed with the appropriate key and secret, before re-encrypting
+ # the signed payload which is sent to the client for unencryption by
+ # the caller: lonnet::sign_lti()) before dispatch either to a web browser
+ # (launch) or to a remote web service (roster, logout, or grade).
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (signlti).
+ #   $tail            - Tail of the command.  This is a colon-separated list
+ #                      consisting of the domain, coursenum (if for an External
+ #                      Tool defined in a course), crsdef (true if defined in
+ #                      a course), type (linkprot or lti)
+ #                      context (launch, roster, logout, or grade),
+ #                      escaped launch URL, numeric ID of external tool,
+ #                      version number for encryption key (if tool's LTI secret was
+ #                      encrypted before storing), a frozen hash of LTI launch
+ #                      parameters, and a frozen hash of LTI information,
+ #                      (e.g., method => 'HMAC-SHA1',
+ #                             respfmt => 'to_authorization_header').
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     The reply will contain the LTI payload, as & separated key=value pairs,
+ #     where value is itself a frozen hash, if the required key and secret
+ #     for the specific tool ID are available. The payload data are retrieved from
+ #     a call to Lond::sign_lti_payload(), and the reply is encrypted before being
+ #     written to $client.
+ #
+ sub sign_lti_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($cdom,$cnum,$crsdef,$type,$context,$escurl,
+         $ltinum,$keynum,$paramsref,$inforef) = split(/:/,$tail);
+     my $url = &unescape($escurl);
+     my $params = &Apache::lonnet::thaw_unescape($paramsref);
+     my $info = &Apache::lonnet::thaw_unescape($inforef);
+     my $res =
+         &LONCAPA::Lond::sign_lti_payload($cdom,$cnum,$crsdef,$type,$context,$url,$ltinum,
+                                          $keynum,$perlvar{'lonVersion'},$params,$info);
+     my $result;
+     if (ref($res) eq 'HASH') {
+         foreach my $key (keys(%{$res})) {
+             $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($res->{$key}).'&';
+         }
+         $result =~ s/\&$//;
+     } else {
+         $result = $res;
+     }
+     if ($result =~ /^error:/) {
+         &Failure($client, \$result, $userinput);
+     } else {
+         if ($cipher) {
+             my $cmdlength=length($result);
+             $result.="         ";
+             my $encres='';
+             for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                 $encres.= unpack("H16",
+                                  $cipher->encrypt(substr($result,
+                                                          $encidx,
+)));
+             }
+             &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+         } else {
+             &Failure( $client, "error:no_key\n",$userinput);
+         }
+     }
+     return 1;
+ }
+ &register_handler("signlti", \&sign_lti_handler, 1, 1, 0);
  #
  #  Puts an id to a domains id database.
- Line 5952  sub enrollment_enabled_handler {
+ Line 6150  sub enrollment_enabled_handler {
      my ($cmd, $tail, $client) = @_;
      my $userinput = $cmd.":".$tail; # For logging purposes.
      my ($cdom) = split(/:/, $tail, 2);   # Domain we're asking about.
+     my $outcome;
-     my $outcome  = &localenroll::run($cdom);
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::run($cdom);
+     };
      &Reply($client, \$outcome, $userinput);
      return 1;
  }
  &register_handler("autorun", \&enrollment_enabled_handler, 0, 1, 0);
- Line 5990  sub validate_instcode_handler {
+ Line 6189  sub validate_instcode_handler {
      my ($dom,$instcode,$owner) = split(/:/, $tail);
      $instcode = &unescape($instcode);
      $owner = &unescape($owner);
-     my ($outcome,$description,$credits) =
+     my ($outcome,$description,$credits);
-         &localenroll::validate_instcode($dom,$instcode,$owner);
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         ($outcome,$description,$credits) =
+             &localenroll::validate_instcode($dom,$instcode,$owner);
+     };
      my $result = &escape($outcome).'&'.&escape($description).'&'.
                   &escape($credits);
      &Reply($client, \$result, $userinput);
- Line 6025  sub validate_instcrosslist_handler  {
+ Line 6228  sub validate_instcrosslist_handler  {
      $instcode = &unescape($instcode);
      $inst_xlist = &unescape($inst_xlist);
      $coowner = &unescape($coowner);
-     my $outcome = &localenroll::validate_crosslist_access($dom,$instcode,
+     my $outcome;
-                                                           $inst_xlist,$coowner);
+     eval {
-     &Reply($client, \$outcome, $userinput);
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::validate_crosslist_access($dom,$instcode,
+                                                            $inst_xlist,$coowner);
+     };
+     &Reply($client, \$outcome, $userinput);
      return 1;
  }
  &register_handler("autovalidateinstcrosslist", \&validate_instcrosslist_handler, 0, 1, 0);
- Line 6051  sub get_sections_handler {
+ Line 6258  sub get_sections_handler {
      my $userinput = "$cmd:$tail";
      my ($coursecode, $cdom) = split(/:/, $tail);
-     my @secs = &localenroll::get_sections($coursecode,$cdom);
+     my $seclist;
-     my $seclist = &escape(join(':',@secs));
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         my @secs = &localenroll::get_sections($coursecode,$cdom);
+         $seclist = &escape(join(':',@secs));
+     };
      &Reply($client, \$seclist, $userinput);
      return 1;
  }
  &register_handler("autogetsections", \&get_sections_handler, 0, 1, 0);
- Line 6076  sub get_sections_handler {
+ Line 6284  sub get_sections_handler {
  # Returns:
  #   1        - Processing should continue.
  #
  sub validate_course_owner_handler {
      my ($cmd, $tail, $client)  = @_;
      my $userinput = "$cmd:$tail";
- Line 6083  sub validate_course_owner_handler {
+ Line 6292  sub validate_course_owner_handler {
      $owner = &unescape($owner);
      $coowners = &unescape($coowners);
-     my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom,$coowners);
+     my $outcome;
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom,$coowners);
+     };
      &Reply($client, \$outcome, $userinput);
      return 1;
  }
  &register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);
- Line 6113  sub validate_course_section_handler {
+ Line 6323  sub validate_course_section_handler {
      my ($cmd, $tail, $client) = @_;
      my $userinput = "$cmd:$tail";
      my ($inst_course_id, $cdom) = split(/:/, $tail);
+     my $outcome;
-     my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
+     };
      &Reply($client, \$outcome, $userinput);
      return 1;
  }
  &register_handler("autovalidatecourse", \&validate_course_section_handler, 0, 1, 0);
- Line 6151  sub validate_class_access_handler {
+ Line 6362  sub validate_class_access_handler {
  	$outcome=&localenroll::check_section($inst_class,$owners,$cdom);
      };
      &Reply($client,\$outcome, $userinput);
      return 1;
  }
  &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);
- Line 6284  sub create_auto_enroll_password_handler
+ Line 6494  sub create_auto_enroll_password_handler
      my ($authparam, $cdom) = split(/:/, $userinput);
      my ($create_passwd,$authchk);
-     ($authparam,
+     eval {
-      $create_passwd,
+         local($SIG{__DIE__})='DEFAULT';
-      $authchk) = &localenroll::create_password($authparam,$cdom);
+         ($authparam,$create_passwd,$create_passwd,$authchk) =
+             &localenroll::create_password($authparam,$cdom);
+     };
      &Reply($client, &escape($authparam.':'.$create_passwd.':'.$authchk)."\n",
  	   $userinput);
- Line 6523  sub get_institutional_code_format_handle
+ Line 6734  sub get_institutional_code_format_handle
  	my ($key,$value) = split/=/,$_;
  	$instcodes{&unescape($key)} = &unescape($value);
      }
-     my $formatreply = &localenroll::instcode_format($cdom,
+     my $formatreply;
- 						    \%instcodes,
+     eval {
- 						    \%codes,
+         local($SIG{__DIE__})='DEFAULT';
- 						    \@codetitles,
+         $formatreply = &localenroll::instcode_format($cdom,
- 						    \%cat_titles,
+ 	   					     \%instcodes,
- 						    \%cat_order);
+ 						     \%codes,
+ 						     \@codetitles,
+ 						     \%cat_titles,
+ 						     \%cat_order);
+     };
      if ($formatreply eq 'ok') {
  	my $codes_str = &Apache::lonnet::hash2str(%codes);
  	my $codetitles_str = &Apache::lonnet::array2str(@codetitles);
- Line 6588  sub get_possible_instcodes_handler {
+ Line 6803  sub get_possible_instcodes_handler {
      my $reply;
      my $cdom = $tail;
      my (@codetitles,%cat_titles,%cat_order,@code_order);
-     my $formatreply = &localenroll::possible_instcodes($cdom,
+     my $formatreply;
-                                                        \@codetitles,
+     eval {
-                                                        \%cat_titles,
+         local($SIG{__DIE__})='DEFAULT';
-                                                        \%cat_order,
+         $formatreply = &localenroll::possible_instcodes($cdom,
-                                                        \@code_order);
+                                                         \@codetitles,
+                                                         \%cat_titles,
+                                                         \%cat_order,
+                                                         \@code_order);
+     };
      if ($formatreply eq 'ok') {
          my $result = join('&',map {&escape($_);} (@codetitles)).':';
          $result .= join('&',map {&escape($_);} (@code_order)).':';
- Line 6716  sub get_institutional_selfcreate_rules {
+ Line 6935  sub get_institutional_selfcreate_rules {
  }
  &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);
+ sub get_unamemap_rules {
+     my ($cmd, $tail, $client)   = @_;
+     my $userinput               = "$cmd:$tail";
+     my $dom = &unescape($tail);
+     my (%rules_hash,@rules_order);
+     my $outcome;
+     eval {
+         local($SIG{__DIE__})='DEFAULT';
+         $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order);
+     };
+     if (!$@) {
+         if ($outcome eq 'ok') {
+             my $result;
+             foreach my $key (keys(%rules_hash)) {
+                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
+             }
+             $result =~ s/\&$//;
+             $result .= ':';
+             if (@rules_order > 0) {
+                 foreach my $item (@rules_order) {
+                     $result .= &escape($item).'&';
+                 }
+             }
+             $result =~ s/\&$//;
+             &Reply($client,\$result,$userinput);
+         } else {
+             &Reply($client,"error\n", $userinput);
+         }
+     } else {
+         &Failure($client,"unknown_cmd\n",$userinput);
+     }
+ }
+ &register_handler("unamemaprules",\&get_unamemap_rules,0,1,0);
  sub institutional_username_check {
      my ($cmd, $tail, $client)   = @_;
- Line 7294  undef $perlvarref;
+ Line 7546  undef $perlvarref;
  # ----------------------------- Make sure this process is running from user=www
  my $wwwid=getpwnam('www');
  if ($wwwid!=$<) {
-    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+    my $emailto="$perlvar{'lonAdmEMail'} $perlvar{'lonSysEMail'}";
     my $subj="LON: $currenthostid User ID mismatch";
     system("echo 'User ID mismatch.  lond must be run as user www.' |".
            " mail -s '$subj' $emailto > /dev/null");
- Line 8297  sub validate_user {
+ Line 8549  sub validate_user {
              } elsif ((($domdefaults{'auth_def'} eq 'krb4') ||
                        ($domdefaults{'auth_def'} eq 'krb5')) &&
                       ($domdefaults{'auth_arg_def'} ne '')) {
-                 $howpwd = $domdefaults{'auth_def'};
+                 #
-                 $contentpwd = $domdefaults{'auth_arg_def'};
+                 # Don't attempt authentication for username and password supplied
+                 # for user without an account if uername contains @ to avoid
+                 # call to &Authen::Krb5::parse_name() which will result in con_lost
+                 #
+                 unless ($user =~ /\@/) {
+                     $howpwd = $domdefaults{'auth_def'};
+                     $contentpwd = $domdefaults{'auth_arg_def'};
+                 }
              }
          }
      }
- Line 8642  sub currentversion {
+ Line 8901  sub currentversion {
      if (-e $ulsdir) {
  	if(-d $ulsdir) {
  	    if (opendir(LSDIR,$ulsdir)) {
+                 if (-e $fname) {
+                     $version=0;
+                 }
  		my $ulsfn;
  		while ($ulsfn=readdir(LSDIR)) {
  # see if this is a regular file (ignore links produced earlier)

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.571
changed lines
	Added in v.1.582