--- loncom/lond 2022/02/25 09:46:25 1.489.2.44
+++ loncom/lond 2015/06/14 00:43:51 1.516
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.489.2.44 2022/02/25 09:46:25 raeburn Exp $
+# $Id: lond,v 1.516 2015/06/14 00:43:51 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -15,6 +15,7 @@
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
@@ -54,16 +55,13 @@ use LONCAPA::lonssl;
use Fcntl qw(:flock);
use Apache::lonnet;
use Mail::Send;
-use Crypt::Eksblowfish::Bcrypt;
-use Digest::SHA;
-use Encode;
my $DEBUG = 0; # Non zero to enable debug log entries.
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.489.2.44 $'; #' stupid emacs
+my $VERSION='$Revision: 1.516 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -1424,22 +1422,6 @@ sub du2_handler {
# selected directory the filename followed by the full output of
# the stat function is returned. The returned info for each
# file are separated by ':'. The stat fields are separated by &'s.
-#
-# If the requested path contains /../ or is:
-#
-# 1. for a directory, and the path does not begin with one of:
-# (a) /home/httpd/html/res/<domain>
-# (b) /home/httpd/html/userfiles/
-# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
-# or is:
-#
-# 2. for a file, and the path (after prepending) does not begin with one of:
-# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
-# (b) /home/httpd/html/res/<domain>/<username>/
-# (c) /home/httpd/html/userfiles/<domain>/<username>/
-#
-# the response will be "refused".
-#
# Parameters:
# $cmd - The command that dispatched us (ls).
# $ulsdir - The directory path to list... I'm not sure what this
@@ -1461,17 +1443,8 @@ sub ls_handler {
my $rights;
my $ulsout='';
my $ulsfn;
- if ($ulsdir =~m{/\.\./}) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
if (-e $ulsdir) {
if(-d $ulsdir) {
- unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
- ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
if (opendir(LSDIR,$ulsdir)) {
while ($ulsfn=readdir(LSDIR)) {
undef($obs);
@@ -1495,11 +1468,6 @@ sub ls_handler {
closedir(LSDIR);
}
} else {
- unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
- ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
my @ulsstats=stat($ulsdir);
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
}
@@ -1524,22 +1492,6 @@ sub ls_handler {
# selected directory the filename followed by the full output of
# the stat function is returned. The returned info for each
# file are separated by ':'. The stat fields are separated by &'s.
-#
-# If the requested path contains /../ or is:
-#
-# 1. for a directory, and the path does not begin with one of:
-# (a) /home/httpd/html/res/<domain>
-# (b) /home/httpd/html/userfiles/
-# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
-# or is:
-#
-# 2. for a file, and the path (after prepending) does not begin with one of:
-# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
-# (b) /home/httpd/html/res/<domain>/<username>/
-# (c) /home/httpd/html/userfiles/<domain>/<username>/
-#
-# the response will be "refused".
-#
# Parameters:
# $cmd - The command that dispatched us (ls).
# $ulsdir - The directory path to list... I'm not sure what this
@@ -1560,17 +1512,8 @@ sub ls2_handler {
my $rights;
my $ulsout='';
my $ulsfn;
- if ($ulsdir =~m{/\.\./}) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
if (-e $ulsdir) {
if(-d $ulsdir) {
- unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
- ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
- &Failure($client,"refused\n","$userinput");
- return 1;
- }
if (opendir(LSDIR,$ulsdir)) {
while ($ulsfn=readdir(LSDIR)) {
undef($obs);
@@ -1595,11 +1538,6 @@ sub ls2_handler {
closedir(LSDIR);
}
} else {
- unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
- ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
my @ulsstats=stat($ulsdir);
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
}
@@ -1616,25 +1554,6 @@ sub ls2_handler {
# selected directory the filename followed by the full output of
# the stat function is returned. The returned info for each
# file are separated by ':'. The stat fields are separated by &'s.
-#
-# If the requested path (after prepending) contains /../ or is:
-#
-# 1. for a directory, and the path does not begin with one of:
-# (a) /home/httpd/html/res/<domain>
-# (b) /home/httpd/html/userfiles/
-# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
-# (d) /home/httpd/html/priv/<domain> and client is the homeserver
-#
-# or is:
-#
-# 2. for a file, and the path (after prepending) does not begin with one of:
-# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
-# (b) /home/httpd/html/res/<domain>/<username>/
-# (c) /home/httpd/html/userfiles/<domain>/<username>/
-# (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver
-#
-# the response will be "refused".
-#
# Parameters:
# $cmd - The command that dispatched us (ls).
# $tail - The tail of the request that invoked us.
@@ -1674,12 +1593,22 @@ sub ls3_handler {
}
my $dir_root = $perlvar{'lonDocRoot'};
- if (($getpropath) || ($getuserdir)) {
+ if ($getpropath) {
if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) {
$dir_root = &propath($udom,$uname);
$dir_root =~ s/\/$//;
} else {
- &Failure($client,"refused\n",$userinput);
+ &Failure($client,"refused\n","$cmd:$tail");
+ return 1;
+ }
+ } elsif ($getuserdir) {
+ if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) {
+ my $subdir=$uname.'__';
+ $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
+ $dir_root = $Apache::lonnet::perlvar{'lonUsersDir'}
+ ."/$udom/$subdir/$uname";
+ } else {
+ &Failure($client,"refused\n","$cmd:$tail");
return 1;
}
} elsif ($alternate_root ne '') {
@@ -1692,28 +1621,12 @@ sub ls3_handler {
$ulsdir = $dir_root.'/'.$ulsdir;
}
}
- if ($ulsdir =~m{/\.\./}) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
- my $islocal;
- my @machine_ids = &Apache::lonnet::current_machine_ids();
- if (grep(/^\Q$clientname\E$/,@machine_ids)) {
- $islocal = 1;
- }
my $obs;
my $rights;
my $ulsout='';
my $ulsfn;
if (-e $ulsdir) {
if(-d $ulsdir) {
- unless (($getpropath) || ($getuserdir) ||
- ($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
- ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) ||
- (($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
if (opendir(LSDIR,$ulsdir)) {
while ($ulsfn=readdir(LSDIR)) {
undef($obs);
@@ -1738,13 +1651,6 @@ sub ls3_handler {
closedir(LSDIR);
}
} else {
- unless (($getpropath) || ($getuserdir) ||
- ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
- ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) ||
- (($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) {
- &Failure($client,"refused\n",$userinput);
- return 1;
- }
my @ulsstats=stat($ulsdir);
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
}
@@ -1795,7 +1701,7 @@ sub read_lonnet_global {
}
if ($what eq 'perlvar') {
if (!exists($packagevars{$what}{'lonBalancer'})) {
- if ($dist =~ /^(centos|rhes|fedora|scientific|oracle|rocky|alma)/) {
+ if ($dist =~ /^(centos|rhes|fedora|scientific)/) {
my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
if (ref($othervarref) eq 'HASH') {
$items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
@@ -2020,18 +1926,14 @@ sub authenticate_handler {
my ($remote,$hosted);
my $remotesession = &get_usersession_config($udom,'remotesession');
if (ref($remotesession) eq 'HASH') {
- $remote = $remotesession->{'remote'};
+ $remote = $remotesession->{'remote'}
}
my $hostedsession = &get_usersession_config($clienthomedom,'hostedsession');
if (ref($hostedsession) eq 'HASH') {
$hosted = $hostedsession->{'hosted'};
}
- my $loncaparev = $clientversion;
- if ($loncaparev eq '') {
- $loncaparev = $Apache::lonnet::loncaparevs{$clientname};
- }
$canhost = &Apache::lonnet::can_host_session($udom,$clientname,
- $loncaparev,
+ $clientversion,
$remote,$hosted);
}
}
@@ -2107,90 +2009,19 @@ sub change_password_handler {
}
if($validated) {
my $realpasswd = &get_auth_type($udom, $uname); # Defined since authd.
+
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
- my $notunique;
if ($howpwd eq 'internal') {
&Debug("internal auth");
- my $ncpass = &hash_passwd($udom,$npass);
- my (undef,$method,@rest) = split(/!/,$contentpwd);
- if ($method eq 'bcrypt') {
- my %passwdconf = &Apache::lonnet::get_passwdconf($udom);
- if (($passwdconf{'numsaved'}) && ($passwdconf{'numsaved'} =~ /^\d+$/)) {
- my @oldpasswds;
- my $userpath = &propath($udom,$uname);
- my $fullpath = $userpath.'/oldpasswds';
- if (-d $userpath) {
- my @oldfiles;
- if (-e $fullpath) {
- if (opendir(my $dir,$fullpath)) {
- (@oldfiles) = grep(/^\d+$/,readdir($dir));
- closedir($dir);
- }
- if (@oldfiles) {
- @oldfiles = sort { $b <=> $a } (@oldfiles);
- my $numremoved = 0;
- for (my $i=0; $i<@oldfiles; $i++) {
- if ($i>=$passwdconf{'numsaved'}) {
- if (-f "$fullpath/$oldfiles[$i]") {
- if (unlink("$fullpath/$oldfiles[$i]")) {
- $numremoved ++;
- }
- }
- } elsif (open(my $fh,'<',"$fullpath/$oldfiles[$i]")) {
- while (my $line = <$fh>) {
- push(@oldpasswds,$line);
- }
- close($fh);
- }
- }
- if ($numremoved) {
- &logthis("unlinked $numremoved old password files for $uname:$udom");
- }
- }
- }
- push(@oldpasswds,$contentpwd);
- foreach my $item (@oldpasswds) {
- my (undef,$method,@rest) = split(/!/,$item);
- if ($method eq 'bcrypt') {
- my $result = &hash_passwd($udom,$npass,@rest);
- if ($result eq $item) {
- $notunique = 1;
- last;
- }
- }
- }
- unless ($notunique) {
- unless (-e $fullpath) {
- if (&mkpath("$fullpath/")) {
- chmod(0700,$fullpath);
- }
- }
- if (-d $fullpath) {
- my $now = time;
- if (open(my $fh,'>',"$fullpath/$now")) {
- print $fh $contentpwd;
- close($fh);
- chmod(0400,"$fullpath/$now");
- }
- }
- }
- }
- }
- }
- if ($notunique) {
- my $msg="Result of password change for $uname:$udom - password matches one used before";
- if ($lonhost) {
- $msg .= " - request originated from: $lonhost";
- }
- &logthis($msg);
- &Reply($client, "prioruse\n", $userinput);
- } elsif (&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
+ my $salt=time;
+ $salt=substr($salt,6,2);
+ my $ncpass=crypt($npass,$salt);
+ if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
my $msg="Result of password change for $uname: pwchange_success";
if ($lonhost) {
$msg .= " - request originated from: $lonhost";
}
&logthis($msg);
- &update_passwd_history($uname,$udom,$howpwd,$context);
&Reply($client, "ok\n", $userinput);
} else {
&logthis("Unable to open $uname passwd "
@@ -2199,9 +2030,6 @@ sub change_password_handler {
}
} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') {
my $result = &change_unix_password($uname, $npass);
- if ($result eq 'ok') {
- &update_passwd_history($uname,$udom,$howpwd,$context);
- }
&logthis("Result of password change for $uname: ".
$result);
&Reply($client, \$result, $userinput);
@@ -2212,6 +2040,7 @@ sub change_password_handler {
#
&Failure( $client, "auth_mode_error\n", $userinput);
}
+
} else {
if ($failure eq '') {
$failure = 'non_authorized';
@@ -2223,38 +2052,6 @@ sub change_password_handler {
}
®ister_handler("passwd", \&change_password_handler, 1, 1, 0);
-sub hash_passwd {
- my ($domain,$plainpass,@rest) = @_;
- my ($salt,$cost);
- if (@rest) {
- $cost = $rest[0];
- # salt is first 22 characters, base-64 encoded by bcrypt
- my $plainsalt = substr($rest[1],0,22);
- $salt = Crypt::Eksblowfish::Bcrypt::de_base64($plainsalt);
- } else {
- my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
- my $defaultcost = $domdefaults{'intauth_cost'};
- if (($defaultcost eq '') || ($defaultcost =~ /D/)) {
- $cost = 10;
- } else {
- $cost = $defaultcost;
- }
- # Generate random 16-octet base64 salt
- $salt = "";
- $salt .= pack("C", int rand(256)) for 1..16;
- }
- my $hash = &Crypt::Eksblowfish::Bcrypt::bcrypt_hash({
- key_nul => 1,
- cost => $cost,
- salt => $salt,
- }, Digest::SHA::sha512(Encode::encode('UTF-8',$plainpass)));
-
- my $result = join("!", "", "bcrypt", sprintf("%02d",$cost),
- &Crypt::Eksblowfish::Bcrypt::en_base64($salt).
- &Crypt::Eksblowfish::Bcrypt::en_base64($hash));
- return $result;
-}
-
#
# Create a new user. User in this case means a lon-capa user.
# The user must either already exist in some authentication realm
@@ -2298,8 +2095,7 @@ sub add_user_handler {
."makeuser";
}
unless ($fperror) {
- my $result=&make_passwd_file($uname,$udom,$umode,$npass,
- $passfilename,'makeuser');
+ my $result=&make_passwd_file($uname,$udom,$umode,$npass, $passfilename);
&Reply($client,\$result, $userinput); #BUGBUG - could be fail
} else {
&Failure($client, \$fperror, $userinput);
@@ -2368,14 +2164,12 @@ sub change_authentication_handler {
my $result = &change_unix_password($uname, $npass);
&logthis("Result of password change for $uname: ".$result);
if ($result eq "ok") {
- &update_passwd_history($uname,$udom,$umode,'changeuserauth');
&Reply($client, \$result);
} else {
&Failure($client, \$result);
}
} else {
- my $result=&make_passwd_file($uname,$udom,$umode,$npass,
- $passfilename,'changeuserauth');
+ my $result=&make_passwd_file($uname,$udom,$umode,$npass,$passfilename);
#
# If the current auth mode is internal, and the old auth mode was
# unix, or krb*, and the user is an author for this domain,
@@ -2396,17 +2190,6 @@ sub change_authentication_handler {
}
®ister_handler("changeuserauth", \&change_authentication_handler, 1,1, 0);
-sub update_passwd_history {
- my ($uname,$udom,$umode,$context) = @_;
- my $proname=&propath($udom,$uname);
- my $now = time;
- if (open(my $fh,">>$proname/passwd.log")) {
- print $fh "$now:$umode:$context\n";
- close($fh);
- }
- return;
-}
-
#
# Determines if this is the home server for a user. The home server
# for a user will have his/her lon-capa passwd file. Therefore all we need
@@ -2499,12 +2282,8 @@ sub update_resource_handler {
}
alarm(0);
if ($response->is_error()) {
- my $reply=&Apache::lonnet::reply("unsub:$fname","$clientname");
- &devalidate_meta_cache($fname);
- if (-e $transname) {
- unlink($transname);
- }
- unlink($fname);
+# FIXME: we should probably clean up here instead of just whine
+ unlink($transname);
my $message=$response->status_line;
&logthis("LWP GET: $message for $fname ($remoteurl)");
} else {
@@ -2662,20 +2441,11 @@ sub remove_user_file_handler {
if (-e $file) {
#
# If the file is a regular file unlink is fine...
- # However it's possible the client wants a dir
- # removed, in which case rmdir is more appropriate
- # Note: rmdir will only remove an empty directory.
+ # However it's possible the client wants a dir.
+ # removed, in which case rmdir is more approprate:
#
if (-f $file){
unlink($file);
- # for html files remove the associated .bak file
- # which may have been created by the editor.
- if ($ufile =~ m{^((docs|supplemental)/(?:\d+|default)/\d+(?:|/.+)/)[^/]+\.x?html?$}i) {
- my $path = $1;
- if (-e $file.'.bak') {
- unlink($file.'.bak');
- }
- }
} elsif(-d $file) {
rmdir($file);
}
@@ -3042,8 +2812,8 @@ sub newput_user_profile_entry {
&logthis("error: ".($!+0)." untie (GDBM) failed ".
"while attempting newput - early out as key exists");
}
- &Failure($client, "key_exists: ".$key."\n",$userinput);
- return 1;
+ &Failure($client, "key_exists: ".$key."\n",$userinput);
+ return 1;
}
}
@@ -3293,8 +3063,7 @@ sub get_profile_entry {
#
# Parameters:
# $cmd - Command keyword of request (eget).
-# $tail - Tail of the command. See GetProfileEntry
-# for more information about this.
+# $tail - Tail of the command. See GetProfileEntry
# for more information about this.
# $client - File open on the client.
# Returns:
# 1 - Continue processing
@@ -3446,6 +3215,17 @@ sub get_profile_keys {
sub dump_profile_database {
my ($cmd, $tail, $client) = @_;
+ my $res = LONCAPA::Lond::dump_profile_database($tail);
+
+ if ($res =~ /^error:/) {
+ Failure($client, \$res, "$cmd:$tail");
+ } else {
+ Reply($client, \$res, "$cmd:$tail");
+ }
+
+ return 1;
+
+ #TODO remove
my $userinput = "$cmd:$tail";
my ($udom,$uname,$namespace) = split(/:/,$tail);
@@ -3525,11 +3305,11 @@ sub dump_with_regexp {
my ($cmd, $tail, $client) = @_;
my $res = LONCAPA::Lond::dump_with_regexp($tail, $clientversion);
-
+
if ($res =~ /^error:/) {
- &Failure($client, \$res, "$cmd:$tail");
+ Failure($client, \$res, "$cmd:$tail");
} else {
- &Reply($client, \$res, "$cmd:$tail");
+ Reply($client, \$res, "$cmd:$tail");
}
return 1;
@@ -3567,7 +3347,6 @@ sub store_handler {
my ($cmd, $tail, $client) = @_;
my $userinput = "$cmd:$tail";
-
chomp($tail);
my ($udom,$uname,$namespace,$rid,$what,$laststore) =split(/:/,$tail);
if ($namespace ne 'roles') {
@@ -3597,7 +3376,6 @@ sub store_handler {
$numtrans =~ s/D//g;
}
}
-
$hashref->{"version:$rid"}++;
my $version=$hashref->{"version:$rid"};
my $allkeys='';
@@ -3614,7 +3392,7 @@ sub store_handler {
if ($numtrans) {
$msg = 'delay:'.$numtrans;
}
- &Reply($client, "$msg\n", $userinput);
+ &Reply($client, "$msg\n", $userinput);
} else {
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
"while attempting store\n", $userinput);
@@ -3876,37 +3654,6 @@ sub send_query_handler {
my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
$query=~s/\n*$//g;
- if (($query eq 'usersearch') || ($query eq 'instdirsearch')) {
- my $usersearchconf = &get_usersearch_config($currentdomainid,'directorysrch');
- my $earlyout;
- if (ref($usersearchconf) eq 'HASH') {
- if ($currentdomainid eq $clienthomedom) {
- if ($query eq 'usersearch') {
- if ($usersearchconf->{'lcavailable'} eq '0') {
- $earlyout = 1;
- }
- } else {
- if ($usersearchconf->{'available'} eq '0') {
- $earlyout = 1;
- }
- }
- } else {
- if ($query eq 'usersearch') {
- if ($usersearchconf->{'lclocalonly'}) {
- $earlyout = 1;
- }
- } else {
- if ($usersearchconf->{'localonly'}) {
- $earlyout = 1;
- }
- }
- }
- }
- if ($earlyout) {
- &Reply($client, "query_not_authorized\n");
- return 1;
- }
- }
&Reply($client, "". &sql_reply("$clientname\&$query".
"\&$arg1"."\&$arg2"."\&$arg3")."\n",
$userinput);
@@ -4162,7 +3909,7 @@ sub put_course_id_hash_handler {
#
# domcloner - flag to indicate if user can create CCs in course's domain.
# If so, ability to clone course is automatic.
-# hasuniquecode - filter by courses for which a six character unique code has
+# hasuniquecode - filter by courses for which a six character unique code has
# been set.
#
# $client - The socket open on the client.
@@ -4172,6 +3919,17 @@ sub put_course_id_hash_handler {
# a reply is written to $client.
sub dump_course_id_handler {
my ($cmd, $tail, $client) = @_;
+
+ my $res = LONCAPA::Lond::dump_course_id_handler($tail);
+ if ($res =~ /^error:/) {
+ Failure($client, \$res, "$cmd:$tail");
+ } else {
+ Reply($client, \$res, "$cmd:$tail");
+ }
+
+ return 1;
+
+ #TODO remove
my $userinput = "$cmd:$tail";
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter,
@@ -4576,44 +4334,6 @@ sub course_lastaccess_handler {
}
®ister_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
-sub course_sessions_handler {
- my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
- my ($cdom,$cnum,$lastactivity) = split(':',$tail);
- my $dbsuffix = '_'.$cdom.'_'.$cnum.'.db';
- my (%sessions,$qresult);
- my $now=time;
- if (opendir(DIR,$perlvar{'lonIDsDir'})) {
- my $filename;
- while ($filename=readdir(DIR)) {
- next if ($filename=~/^\./);
- next if ($filename=~/^publicuser_/);
- next if ($filename=~/^[a-f0-9]+_(linked|lti_\d+)\.id$/);
- if ($filename =~ /^($LONCAPA::match_username)_\d+_($LONCAPA::match_domain)_/) {
- my ($uname,$udom) = ($1,$2);
- next unless (-e "$perlvar{'lonDaemons'}/tmp/$uname$dbsuffix");
- my $mtime = (stat("$perlvar{'lonIDsDir'}/$filename"))[9];
- if ($lastactivity < 0) {
- next if ($mtime-$now > $lastactivity);
- } else {
- next if ($now-$mtime > $lastactivity);
- }
- $sessions{$uname.':'.$udom} = $mtime;
- }
- }
- closedir(DIR);
- }
- foreach my $user (keys(%sessions)) {
- $qresult.=&escape($user).'='.$sessions{$user}.'&';
- }
- if ($qresult) {
- chop($qresult);
- }
- &Reply($client, \$qresult, $userinput);
- return 1;
-}
-®ister_handler("coursesessions",\&course_sessions_handler, 0, 1, 0);
-
#
# Puts an unencrypted entry in a namespace db file at the domain level
#
@@ -4662,7 +4382,7 @@ sub put_domain_handler {
# domain directory.
#
# Parameters:
-# $cmd - Command request keyword (getdom).
+# $cmd - Command request keyword (get).
# $tail - Tail of the command. This is a colon separated list
# consisting of the domain and the 'namespace'
# which selects the gdbm file to do the lookup in,
@@ -4679,14 +4399,28 @@ sub put_domain_handler {
sub get_domain_handler {
my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
+
+ my $userinput = "$client:$tail";
my ($udom,$namespace,$what)=split(/:/,$tail,3);
- my $res = LONCAPA::Lond::get_dom($userinput);
- if ($res =~ /^error:/) {
- &Failure($client, \$res, $userinput);
+ chomp($what);
+ my @queries=split(/\&/,$what);
+ my $qresult='';
+ my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
+ if ($hashref) {
+ for (my $i=0;$i<=$#queries;$i++) {
+ $qresult.="$hashref->{$queries[$i]}&";
+ }
+ if (&untie_domain_hash($hashref)) {
+ $qresult=~s/\&$//;
+ &Reply($client, \$qresult, $userinput);
+ } else {
+ &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ "while attempting getdom\n",$userinput);
+ }
} else {
- &Reply($client, \$res, $userinput);
+ &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ "while attempting getdom\n",$userinput);
}
return 1;
@@ -4802,7 +4536,7 @@ sub get_id_handler {
# Returns:
# 1 - Continue processing
# 0 - Exit server.
-#
+#
#
sub del_id_handler {
@@ -5118,23 +4852,15 @@ sub tmp_put_handler {
}
my ($id,$store);
$tmpsnum++;
- my $numtries = 0;
- my $execdir=$perlvar{'lonDaemons'};
- if (($context eq 'resetpw') || ($context eq 'createaccount') ||
- ($context eq 'sso') || ($context eq 'link') || ($context eq 'retry')) {
- $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
- while ((-e "$execdir/tmp/$id.tmp") && ($numtries <10)) {
- undef($id);
- $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
- $numtries ++;
- }
+ if (($context eq 'resetpw') || ($context eq 'createaccount')) {
+ $id = &md5_hex(&md5_hex(time.{}.rand().$$));
} else {
$id = $$.'_'.$clientip.'_'.$tmpsnum;
}
$id=~s/\W/\_/g;
$record=~s/\n//g;
- if (($id ne '') &&
- ($store=IO::File->new(">$execdir/tmp/$id.tmp"))) {
+ my $execdir=$perlvar{'lonDaemons'};
+ if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
print $store $record;
close $store;
&Reply($client, \$id, $userinput);
@@ -5217,116 +4943,6 @@ sub tmp_del_handler {
®ister_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
#
-# Process the updatebalcookie command. This command updates a
-# cookie in the lonBalancedir directory on a load balancer node.
-#
-# Parameters:
-# $cmd - Command that got us here.
-# $tail - Tail of the request (escaped cookie: escaped current entry)
-#
-# $client - socket open on the client process.
-#
-# Returns:
-# 1 - Indicating processing should continue.
-# Side Effects:
-# A cookie file is updated from the lonBalancedir directory
-# A reply is sent to the client.
-#
-sub update_balcookie_handler {
- my ($cmd, $tail, $client) = @_;
-
- my $userinput= "$cmd:$tail";
- chomp($tail);
- my ($cookie,$lastentry) = map { &unescape($_) } (split(/:/,$tail));
-
- my $updatedone;
- if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
- my $execdir=$perlvar{'lonBalanceDir'};
- if (-e "$execdir/$cookie.id") {
- my $doupdate;
- if (open(my $fh,'<',"$execdir/$cookie.id")) {
- while (my $line = <$fh>) {
- chomp($line);
- if ($line eq $lastentry) {
- $doupdate = 1;
- last;
- }
- }
- close($fh);
- }
- if ($doupdate) {
- if (open(my $fh,'>',"$execdir/$cookie.id")) {
- print $fh $clientname;
- close($fh);
- $updatedone = 1;
- }
- }
- }
- }
- if ($updatedone) {
- &Reply($client, "ok\n", $userinput);
- } else {
- &Failure( $client, "error: ".($!+0)."file update failed ".
- "while attempting updatebalcookie\n", $userinput);
- }
- return 1;
-}
-®ister_handler("updatebalcookie", \&update_balcookie_handler, 0, 1, 0);
-
-#
-# Process the delbalcookie command. This command deletes a balancer
-# cookie in the lonBalancedir directory on a load balancer node.
-#
-# Parameters:
-# $cmd - Command that got us here.
-# $cookie - Cookie to be deleted.
-# $client - socket open on the client process.
-#
-# Returns:
-# 1 - Indicating processing should continue.
-# Side Effects:
-# A cookie file is deleted from the lonBalancedir directory
-# A reply is sent to the client.
-sub del_balcookie_handler {
- my ($cmd, $cookie, $client) = @_;
-
- my $userinput= "$cmd:$cookie";
-
- chomp($cookie);
- $cookie = &unescape($cookie);
- my $deleted = '';
- if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
- my $execdir=$perlvar{'lonBalanceDir'};
- if (-e "$execdir/$cookie.id") {
- if (open(my $fh,'<',"$execdir/$cookie.id")) {
- my $dodelete;
- while (my $line = <$fh>) {
- chomp($line);
- if ($line eq $clientname) {
- $dodelete = 1;
- last;
- }
- }
- close($fh);
- if ($dodelete) {
- if (unlink("$execdir/$cookie.id")) {
- $deleted = 1;
- }
- }
- }
- }
- }
- if ($deleted) {
- &Reply($client, "ok\n", $userinput);
- } else {
- &Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
- "while attempting delbalcookie\n", $userinput);
- }
- return 1;
-}
-®ister_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);
-
-#
# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is
@@ -5509,39 +5125,6 @@ sub validate_instcode_handler {
}
®ister_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);
-#
-# Validate co-owner for cross-listed institutional code and
-# institutional course code itself used for a LON-CAPA course.
-#
-# Formal Parameters:
-# $cmd - The command request that got us dispatched.
-# $tail - The tail of the command. In this case,
-# this is a colon separated string containing:
-# $dom - Course's LON-CAPA domain
-# $instcode - Institutional course code for the course
-# $inst_xlist - Institutional course Id for the crosslisting
-# $coowner - Username of co-owner
-# (values for all but $dom have been escaped).
-#
-# $client - Socket open on the client.
-# Returns:
-# 1 - Indicating processing should continue.
-#
-sub validate_instcrosslist_handler {
- my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
- my ($dom,$instcode,$inst_xlist,$coowner) = split(/:/,$tail);
- $instcode = &unescape($instcode);
- $inst_xlist = &unescape($inst_xlist);
- $coowner = &unescape($coowner);
- my $outcome = &localenroll::validate_crosslist_access($dom,$instcode,
- $inst_xlist,$coowner);
- &Reply($client, \$outcome, $userinput);
-
- return 1;
-}
-®ister_handler("autovalidateinstcrosslist", \&validate_instcrosslist_handler, 0, 1, 0);
-
# Get the official sections for which auto-enrollment is possible.
# Since the admin people won't know about 'unofficial sections'
# we cannot auto-enroll on them.
@@ -5638,10 +5221,9 @@ sub validate_course_section_handler {
# Formal Parameters:
# $cmd - The command request that got us dispatched.
# $tail - The tail of the command. In this case this is a colon separated
-# set of values that will be split into:
+# set of words that will be split into:
# $inst_class - Institutional code for the specific class section
-# $ownerlist - An escaped comma-separated list of username:domain
-# of the course owner, and co-owner(s).
+# $courseowner - The escaped username:domain of the course owner
# $cdom - The domain of the course from the institution's
# point of view.
# $client - The socket open on the client.
@@ -5666,112 +5248,6 @@ sub validate_class_access_handler {
®ister_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);
#
-# Modify institutional sections (using customized &instsec_reformat()
-# routine in localenroll.pm), to either clutter or declutter, for
-# purposes of ensuring an institutional course section (string) can
-# be unambiguously separated into institutional course and section.
-#
-# Formal Parameters:
-# $cmd - The command request that got us dispatched.
-# $tail - The tail of the command. In this case this is a colon separated
-# set of values that will be split into:
-# $cdom - The LON-CAPA domain of the course.
-# $action - Either: clutter or declutter
-# clutter adds character(s) to eliminate ambiguity
-# declutter removes the added characters (e.g., for
-# display of the institutional course section string.
-# $info - A frozen hash in which keys are:
-# LON-CAPA course number:Institutional course code
-# and values are a reference to an array of the
-# items to modify -- either institutional sections,
-# or institutional course sections (for crosslistings).
-# $client - The socket open on the client.
-# Returns:
-# 1 - continue processing.
-#
-
-sub instsec_reformat_handler {
- my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
- my ($cdom,$action,$info) = split(/:/,$tail);
- my $instsecref = &Apache::lonnet::thaw_unescape($info);
- my ($outcome,$result);
- eval {
- local($SIG{__DIE__})='DEFAULT';
- $outcome=&localenroll::instsec_reformat($cdom,$action,$instsecref);
- if ($outcome eq 'ok') {
- if (ref($instsecref) eq 'HASH') {
- foreach my $key (keys(%{$instsecref})) {
- $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($instsecref->{$key}).'&';
- }
- $result =~ s/\&$//;
- }
- }
- };
- if (!$@) {
- if ($outcome eq 'ok') {
- &Reply( $client, \$result, $userinput);
- } else {
- &Reply($client,\$outcome, $userinput);
- }
- } else {
- &Failure($client,"unknown_cmd\n",$userinput);
- }
- return 1;
-}
-®ister_handler("autoinstsecreformat",\&instsec_reformat_handler, 0, 1, 0);
-
-#
-# Validate course owner or co-owners(s) access to enrollment data for all sections
-# and crosslistings for a particular course.
-#
-#
-# Formal Parameters:
-# $cmd - The command request that got us dispatched.
-# $tail - The tail of the command. In this case this is a colon separated
-# set of values that will be split into:
-# $ownerlist - An escaped comma-separated list of username:domain
-# of the course owner, and co-owner(s).
-# $cdom - The domain of the course from the institution's
-# point of view.
-# $classes - Frozen hash of institutional course sections and
-# crosslistings.
-# $client - The socket open on the client.
-# Returns:
-# 1 - continue processing.
-#
-
-sub validate_classes_handler {
- my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
- my ($ownerlist,$cdom,$classes) = split(/:/, $tail);
- my $classesref = &Apache::lonnet::thaw_unescape($classes);
- my $owners = &unescape($ownerlist);
- my $result;
- eval {
- local($SIG{__DIE__})='DEFAULT';
- my %validations;
- my $response = &localenroll::check_instclasses($owners,$cdom,$classesref,
- \%validations);
- if ($response eq 'ok') {
- foreach my $key (keys(%validations)) {
- $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&';
- }
- $result =~ s/\&$//;
- } else {
- $result = 'error';
- }
- };
- if (!$@) {
- &Reply($client, \$result, $userinput);
- } else {
- &Failure($client,"unknown_cmd\n",$userinput);
- }
- return 1;
-}
-®ister_handler("autovalidateinstclasses", \&validate_classes_handler, 0, 1, 0);
-
-#
# Create a password for a new LON-CAPA user added by auto-enrollment.
# Only used for case where authentication method for new user is localauth
#
@@ -5806,59 +5282,13 @@ sub create_auto_enroll_password_handler
®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler,
0, 1, 0);
-sub auto_export_grades_handler {
- my ($cmd, $tail, $client) = @_;
- my $userinput = "$cmd:$tail";
- my ($cdom,$cnum,$info,$data) = split(/:/,$tail);
- my $inforef = &Apache::lonnet::thaw_unescape($info);
- my $dataref = &Apache::lonnet::thaw_unescape($data);
- my ($outcome,$result);;
- eval {
- local($SIG{__DIE__})='DEFAULT';
- my %rtnhash;
- $outcome=&localenroll::export_grades($cdom,$cnum,$inforef,$dataref,\%rtnhash);
- if ($outcome eq 'ok') {
- foreach my $key (keys(%rtnhash)) {
- $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&';
- }
- $result =~ s/\&$//;
- }
- };
- if (!$@) {
- if ($outcome eq 'ok') {
- if ($cipher) {
- my $cmdlength=length($result);
- $result.=" ";
- my $encresult='';
- for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
- $encresult.= unpack("H16",
- $cipher->encrypt(substr($result,
- $encidx,
- 8)));
- }
- &Reply( $client, "enc:$cmdlength:$encresult\n", $userinput);
- } else {
- &Failure( $client, "error:no_key\n", $userinput);
- }
- } else {
- &Reply($client, "$outcome\n", $userinput);
- }
- } else {
- &Failure($client,"export_error\n",$userinput);
- }
- return 1;
-}
-®ister_handler("autoexportgrades", \&auto_export_grades_handler,
- 1, 1, 0);
-
-
# Retrieve and remove temporary files created by/during autoenrollment.
#
# Formal Parameters:
# $cmd - The command that got us dispatched.
# $tail - The tail of the command. In our case this is a colon
# separated list that will be split into:
-# $filename - The name of the file to retrieve.
+# $filename - The name of the file to remove.
# The filename is given as a path relative to
# the LonCAPA temp file directory.
# $client - Socket open on the client.
@@ -5872,11 +5302,7 @@ sub retrieve_auto_file_handler {
my ($filename) = split(/:/, $tail);
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
- if ($filename =~m{/\.\./}) {
- &Failure($client, "refused\n", $userinput);
- } elsif ($filename !~ /^$LONCAPA::match_domain\_$LONCAPA::match_courseid\_.+_classlist\.xml$/) {
- &Failure($client, "refused\n", $userinput);
- } elsif ( (-e $source) && ($filename ne '') ) {
+ if ( (-e $source) && ($filename ne '') ) {
my $reply = '';
if (open(my $fh,$source)) {
while (<$fh>) {
@@ -6749,8 +6175,8 @@ my $wwwid=getpwnam('www');
if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";
- system("echo 'User ID mismatch. lond must be run as user www.' |".
- " mail -s '$subj' $emailto > /dev/null");
+ system("echo 'User ID mismatch. lond must be run as user www.' |\
+ mailto $emailto -s '$subj' > /dev/null");
exit 1;
}
@@ -6953,6 +6379,9 @@ sub Debug {
# reply - Text to send to client.
# request - Original request from client.
#
+#NOTE $reply must be terminated by exactly *one* \n. If $reply is a reference
+#this is done automatically ($$reply must not contain any \n in this case).
+#If $reply is a string the caller has to ensure this.
sub Reply {
my ($fd, $reply, $request) = @_;
if (ref($reply)) {
@@ -7200,13 +6629,13 @@ sub make_new_child {
&Authen::Krb5::init_context();
my $no_ets;
- if ($dist =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) {
+ if ($dist =~ /^(?:centos|rhes|scientific)(\d+)$/) {
if ($1 >= 7) {
$no_ets = 1;
}
} elsif ($dist =~ /^suse(\d+\.\d+)$/) {
if (($1 eq '9.3') || ($1 >= 12.2)) {
- $no_ets = 1;
+ $no_ets = 1;
}
} elsif ($dist =~ /^sles(\d+)$/) {
if ($1 > 11) {
@@ -7218,8 +6647,8 @@ sub make_new_child {
}
}
unless ($no_ets) {
- &Authen::Krb5::init_ets();
- }
+ &Authen::Krb5::init_ets();
+ }
&status('Accepted connection');
# =============================================================================
@@ -7263,12 +6692,12 @@ sub make_new_child {
# If the remote is attempting a local init... give that a try:
#
(my $i, my $inittype, $clientversion) = split(/:/, $remotereq);
- # For LON-CAPA 2.9, the client session will have sent its LON-CAPA
- # version when initiating the connection. For LON-CAPA 2.8 and older,
- # the version is retrieved from the global %loncaparevs in lonnet.pm.
- # $clientversion contains path to keyfile if $inittype eq 'local'
- # it's overridden below in this case
- $clientversion ||= $Apache::lonnet::loncaparevs{$clientname};
+ # For LON-CAPA 2.9, the client session will have sent its LON-CAPA
+ # version when initiating the connection. For LON-CAPA 2.8 and older,
+ # the version is retrieved from the global %loncaparevs in lonnet.pm.
+ # $clientversion contains path to keyfile if $inittype eq 'local'
+ # it's overridden below in this case
+ $clientversion ||= $Apache::lonnet::loncaparevs{$clientname};
# If the connection type is ssl, but I didn't get my
# certificate files yet, then I'll drop back to
@@ -7333,6 +6762,7 @@ sub make_new_child {
."Attempted insecure connection disallowed </font>");
close $client;
$clientok = 0;
+
}
}
} else {
@@ -7341,6 +6771,7 @@ sub make_new_child {
."$clientip failed to initialize: >$remotereq< </font>");
&status('No init '.$clientip);
}
+
} else {
&logthis(
"<font color='blue'>WARNING: Unknown client $clientip</font>");
@@ -7366,7 +6797,7 @@ sub make_new_child {
Debug("Main: Got $user_input\n");
$keep_going = &process_request($user_input);
alarm(0);
- &status('Listening to '.$clientname." ($keymode)");
+ &status('Listening to '.$clientname." ($keymode)");
}
# --------------------------------------------- client unknown or fishy, refuse
@@ -7382,8 +6813,8 @@ sub make_new_child {
&logthis("<font color='red'>CRITICAL: "
."Disconnect from $clientip ($clientname)</font>");
-
-
+
+
# this exit is VERY important, otherwise the child will become
# a producer of more and more children, forking yourself into
# process death.
@@ -7498,25 +6929,15 @@ sub password_filename {
# domain - domain of the user.
# name - User's name.
# contents - New contents of the file.
-# saveold - (optional). If true save old file in a passwd.bak file.
# Returns:
# 0 - Failed.
# 1 - Success.
#
sub rewrite_password_file {
- my ($domain, $user, $contents, $saveold) = @_;
+ my ($domain, $user, $contents) = @_;
my $file = &password_filename($domain, $user);
if (defined $file) {
- if ($saveold) {
- my $bakfile = $file.'.bak';
- if (CopyFile($file,$bakfile)) {
- chmod(0400,$bakfile);
- &logthis("Old password saved in passwd.bak for internally authenticated user: $user:$domain");
- } else {
- &logthis("Failed to save old password in passwd.bak for internally authenticated user: $user:$domain");
- }
- }
my $pf = IO::File->new(">$file");
if($pf) {
print $pf "$contents\n";
@@ -7603,39 +7024,14 @@ sub validate_user {
} elsif ((($domdefaults{'auth_def'} eq 'krb4') ||
($domdefaults{'auth_def'} eq 'krb5')) &&
($domdefaults{'auth_arg_def'} ne '')) {
- #
- # Don't attempt authentication for username and password supplied
- # for user without an account if uername contains @ to avoid
- # call to &Authen::Krb5::parse_name() which will result in con_lost
- #
- unless ($user =~ /\@/) {
- $howpwd = $domdefaults{'auth_def'};
- $contentpwd = $domdefaults{'auth_arg_def'};
- }
+ $howpwd = $domdefaults{'auth_def'};
+ $contentpwd = $domdefaults{'auth_arg_def'};
}
}
- }
+ }
if ($howpwd ne 'nouser') {
if($howpwd eq "internal") { # Encrypted is in local password file.
- if (length($contentpwd) == 13) {
- $validated = (crypt($password,$contentpwd) eq $contentpwd);
- if ($validated) {
- my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
- if ($domdefaults{'intauth_switch'}) {
- my $ncpass = &hash_passwd($domain,$password);
- my $saveold;
- if ($domdefaults{'intauth_switch'} == 2) {
- $saveold = 1;
- }
- if (&rewrite_password_file($domain,$user,"$howpwd:$ncpass",$saveold)) {
- &update_passwd_history($user,$domain,$howpwd,'conversion');
- &logthis("Validated password hashed with bcrypt for $user:$domain");
- }
- }
- }
- } else {
- $validated = &check_internal_passwd($password,$contentpwd,$domain,$user);
- }
+ $validated = (crypt($password, $contentpwd) eq $contentpwd);
}
elsif ($howpwd eq "unix") { # User is a normal unix user.
$contentpwd = (getpwnam($user))[1];
@@ -7703,50 +7099,6 @@ sub validate_user {
return $validated;
}
-sub check_internal_passwd {
- my ($plainpass,$stored,$domain,$user) = @_;
- my (undef,$method,@rest) = split(/!/,$stored);
- if ($method eq 'bcrypt') {
- my $result = &hash_passwd($domain,$plainpass,@rest);
- if ($result ne $stored) {
- return 0;
- }
- my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
- if ($domdefaults{'intauth_check'}) {
- # Upgrade to a larger number of rounds if necessary
- my $defaultcost = $domdefaults{'intauth_cost'};
- if (($defaultcost eq '') || ($defaultcost =~ /D/)) {
- $defaultcost = 10;
- }
- if (int($rest[0])<int($defaultcost)) {
- if ($domdefaults{'intauth_check'} == 1) {
- my $ncpass = &hash_passwd($domain,$plainpass);
- if (&rewrite_password_file($domain,$user,"internal:$ncpass")) {
- &update_passwd_history($user,$domain,'internal','update cost');
- &logthis("Validated password hashed with bcrypt for $user:$domain");
- }
- return 1;
- } elsif ($domdefaults{'intauth_check'} == 2) {
- return 0;
- }
- }
- } else {
- return 1;
- }
- }
- return 0;
-}
-
-sub get_last_authchg {
- my ($domain,$user) = @_;
- my $lastmod;
- my $logname = &propath($domain,$user).'/passwd.log';
- if (-e "$logname") {
- $lastmod = (stat("$logname"))[9];
- }
- return $lastmod;
-}
-
sub krb4_authen {
my ($password,$null,$user,$contentpwd) = @_;
my $validated = 0;
@@ -8062,26 +7414,26 @@ sub change_unix_password {
sub make_passwd_file {
- my ($uname,$udom,$umode,$npass,$passfilename,$action)=@_;
+ my ($uname,$udom,$umode,$npass,$passfilename)=@_;
my $result="ok";
if ($umode eq 'krb4' or $umode eq 'krb5') {
{
my $pf = IO::File->new(">$passfilename");
if ($pf) {
print $pf "$umode:$npass\n";
- &update_passwd_history($uname,$udom,$umode,$action);
} else {
$result = "pass_file_failed_error";
}
}
} elsif ($umode eq 'internal') {
- my $ncpass = &hash_passwd($udom,$npass);
+ my $salt=time;
+ $salt=substr($salt,6,2);
+ my $ncpass=crypt($npass,$salt);
{
&Debug("Creating internal auth");
my $pf = IO::File->new(">$passfilename");
if($pf) {
print $pf "internal:$ncpass\n";
- &update_passwd_history($uname,$udom,$umode,$action);
} else {
$result = "pass_file_failed_error";
}
@@ -8091,7 +7443,6 @@ sub make_passwd_file {
my $pf = IO::File->new(">$passfilename");
if($pf) {
print $pf "localauth:$npass\n";
- &update_passwd_history($uname,$udom,$umode,$action);
} else {
$result = "pass_file_failed_error";
}
@@ -8162,18 +7513,8 @@ sub get_usersession_config {
return;
}
-sub get_usersearch_config {
- my ($dom,$name) = @_;
- my ($usersearchconf,$cached)=&Apache::lonnet::is_cached_new($name,$dom);
- if (defined($cached)) {
- return $usersearchconf;
- } else {
- my %domconfig = &Apache::lonnet::get_dom('configuration',['directorysrch'],$dom);
- &Apache::lonnet::do_cache_new($name,$dom,$domconfig{'directorysrch'},3600);
- return $domconfig{'directorysrch'};
- }
- return;
-}
+
+
sub distro_and_arch {
return $dist.':'.$arch;
@@ -8503,6 +7844,8 @@ Authen::Krb5
=head1 COREQUISITES
+none
+
=head1 OSNAMES
linux
@@ -8590,9 +7933,9 @@ or the CA's certificate in the call to l
<error> is the textual reason this failed. Usual reasons:
=over 2
-
+
=item Apache config file for loncapa incorrect:
-
+
one of the variables
lonCertificateDirectory, lonnetCertificateAuthority, or lonnetCertificate
undefined or incorrect
@@ -8711,7 +8054,7 @@ Could not rewrite the
internal password file for a user
=item Result of password change for <user> : <result>
-
+
A unix password change for <user> was attempted
and the pipe returned <result>
@@ -8740,7 +8083,7 @@ lond has been asked to exit by its clien
client systemand <input> is the full exit command sent to the server.
=item Red CRITICAL: ABNORMAL EXIT. child <pid> for server <hostname> died through a crass with this error->[<message>].
-
+
A lond child terminated. NOte that this termination can also occur when the
child receives the QUIT or DIE signals. <pid> is the process id of the child,
<hostname> the host lond is working for, and <message> the reason the child died
@@ -8824,7 +8167,7 @@ file when sent it's USR1 signal. That p
assumed to be hung in some un-fixable way.
=item Finished checking children
-
+
Master processs's USR1 processing is cojmplete.
=item (Red) CRITICAL: ------- Starting ------
@@ -8838,7 +8181,7 @@ Started a new child process for <client>
connected to the child. This was as a result of a TCP/IP connection from a client.
=item Unable to determine who caller was, getpeername returned nothing
-
+
In child process initialization. either getpeername returned undef or
a zero sized object was returned. Processing continues, but in my opinion,
this should be cause for the child to exit.
@@ -8849,7 +8192,7 @@ In child process initialization. The pe
The client address is stored as "Unavailable" and processing continues.
=item (Yellow) INFO: Connection <ip> <name> connection type = <type>
-
+
In child initialization. A good connectionw as received from <ip>.
=over 2
@@ -8899,7 +8242,7 @@ The client (<client> is the peer's name
negotiated an SSL connection with this child process.
=item (Green) Successful insecure authentication with <client>
-
+
The client has successfully negotiated an insecure connection withthe child process.