--- loncom/lonnet/perl/lonnet.pm 2019/08/17 17:42:08 1.1172.2.109
+++ loncom/lonnet/perl/lonnet.pm 2020/07/20 12:45:31 1.1172.2.118.2.6
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1172.2.109 2019/08/17 17:42:08 raeburn Exp $
+# $Id: lonnet.pm,v 1.1172.2.118.2.6 2020/07/20 12:45:31 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -78,7 +78,7 @@ use CGI::Cookie;
use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir $deftex
$_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease
- %managerstab);
+ %managerstab $passwdmin);
my (%badServerCache, $memcache, %courselogs, %accesshash, %domainrolehash,
%userrolehash, $processmarker, $dumpcount, %coursedombuf,
@@ -99,6 +99,7 @@ use LONCAPA qw(:DEFAULT :match);
use LONCAPA::Configuration;
use LONCAPA::lonmetadata;
use LONCAPA::Lond;
+use LONCAPA::transliterate;
use File::Copy;
@@ -262,9 +263,10 @@ sub get_server_loncaparev {
if ($caller eq 'loncron') {
my $ua=new LWP::UserAgent;
$ua->timeout(4);
+ my $hostname = &hostname($lonhost);
my $protocol = $protocol{$lonhost};
$protocol = 'http' if ($protocol ne 'https');
- my $url = $protocol.'://'.&hostname($lonhost).'/adm/about.html';
+ my $url = $protocol.'://'.$hostname.'/adm/about.html';
my $request=new HTTP::Request('GET',$url);
my $response=$ua->request($request);
unless ($response->is_error()) {
@@ -408,8 +410,26 @@ sub reply {
unless (defined(&hostname($server))) { return 'no_such_host'; }
my $answer=subreply($cmd,$server);
if (($answer=~/^refused/) || ($answer=~/^rejected/)) {
- &logthis("WARNING:".
- " $cmd to $server returned $answer");
+ my $logged = $cmd;
+ if ($cmd =~ /^encrypt:([^:]+):/) {
+ my $subcmd = $1;
+ if (($subcmd eq 'auth') || ($subcmd eq 'passwd') ||
+ ($subcmd eq 'changeuserauth') || ($subcmd eq 'makeuser') ||
+ ($subcmd eq 'putdom') || ($subcmd eq 'autoexportgrades')) {
+ (undef,undef,my @rest) = split(/:/,$cmd);
+ if (($subcmd eq 'auth') || ($subcmd eq 'putdom')) {
+ splice(@rest,2,1,'Hidden');
+ } elsif ($subcmd eq 'passwd') {
+ splice(@rest,2,2,('Hidden','Hidden'));
+ } elsif (($subcmd eq 'changeuserauth') || ($subcmd eq 'makeuser') ||
+ ($subcmd eq 'autoexportgrades')) {
+ splice(@rest,3,1,'Hidden');
+ }
+ $logged = join(':',('encrypt:'.$subcmd,@rest));
+ }
+ }
+ &logthis("WARNING:".
+ " $logged to $server returned $answer");
}
return $answer;
}
@@ -878,6 +898,7 @@ sub userload {
while ($filename=readdir(LONIDS)) {
next if ($filename eq '.' || $filename eq '..');
next if ($filename =~ /publicuser_\d+\.id/);
+ next if ($filename =~ /^[a-f0-9]+_linked\.id$/);
my ($mtime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[9];
if ($curtime-$mtime < 1800) { $numusers++; }
}
@@ -933,13 +954,13 @@ sub spareserver {
}
if (!$want_server_name) {
- my $protocol = 'http';
- if ($protocol{$spare_server} eq 'https') {
- $protocol = $protocol{$spare_server};
- }
if (defined($spare_server)) {
my $hostname = &hostname($spare_server);
if (defined($hostname)) {
+ my $protocol = 'http';
+ if ($protocol{$spare_server} eq 'https') {
+ $protocol = $protocol{$spare_server};
+ }
$spare_server = $protocol.'://'.$hostname;
}
}
@@ -1141,6 +1162,28 @@ sub choose_server {
return ($login_host,$hostname,$portal_path,$isredirect,$lowest_load);
}
+sub get_course_sessions {
+ my ($cnum,$cdom,$lastactivity) = @_;
+ my %servers = &internet_dom_servers($cdom);
+ my %returnhash;
+ foreach my $server (sort(keys(%servers))) {
+ my $rep = &reply("coursesessions:$cdom:$cnum:$lastactivity",$server);
+ my @pairs=split(/\&/,$rep);
+ unless (($rep eq 'unknown_cmd') || ($rep =~ /^error/)) {
+ foreach my $item (@pairs) {
+ my ($key,$value)=split(/=/,$item,2);
+ $key = &unescape($key);
+ next if ($key =~ /^error: 2 /);
+ if (exists($returnhash{$key})) {
+ next if ($value < $returnhash{$key});
+ }
+ $returnhash{$key}=$value;
+ }
+ }
+ }
+ return %returnhash;
+}
+
# --------------------------------------------- Try to change a user's password
sub changepass {
@@ -1176,6 +1219,9 @@ sub changepass {
} elsif ($answer =~ "invalid_client") {
&logthis("$server refused to change $uname in $udom password because ".
"it was a reset by e-mail originating from an invalid server.");
+ } elsif ($answer =~ "^prioruse") {
+ &logthis("$server refused to change $uname in $udom password because ".
+ "the password had been used before");
}
return $answer;
}
@@ -1827,7 +1873,12 @@ sub get_dom {
}
}
if ($udom && $uhome && ($uhome ne 'no_host')) {
- my $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ my $rep;
+ if ($namespace =~ /^enc/) {
+ $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome);
+ } else {
+ $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ }
my %returnhash;
if ($rep eq '' || $rep =~ /^error: 2 /) {
return %returnhash;
@@ -1871,7 +1922,11 @@ sub put_dom {
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
- return &reply("putdom:$udom:$namespace:$items",$uhome);
+ if ($namespace =~ /^enc/) {
+ return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome);
+ } else {
+ return &reply("putdom:$udom:$namespace:$items",$uhome);
+ }
} else {
&logthis("put_dom failed - no homeserver and/or domain");
}
@@ -1962,6 +2017,17 @@ sub inst_directory_query {
my $homeserver = &domain($udom,'primary');
my $outcome;
if ($homeserver ne '') {
+ unless ($homeserver eq $perlvar{'lonHostID'}) {
+ if ($srch->{'srchby'} eq 'email') {
+ my $lcrev = &get_server_loncaparev($udom,$homeserver);
+ my ($major,$minor,$subver) = ($lcrev =~ /^\'?(\d+)\.(\d+)\.(\d+)[\w.\-]+\'?$/);
+ if (($major eq '' && $minor eq '') || ($major < 2) ||
+ (($major == 2) && ($minor < 11)) ||
+ (($major == 2) && ($minor == 11) && ($subver < 3))) {
+ return;
+ }
+ }
+ }
my $queryid=&reply("querysend:instdirsearch:".
&escape($srch->{'srchby'}).':'.
&escape($srch->{'srchterm'}).':'.
@@ -2003,6 +2069,15 @@ sub usersearch {
my $query = 'usersearch';
foreach my $tryserver (keys(%libserv)) {
if (&host_domain($tryserver) eq $dom) {
+ unless ($tryserver eq $perlvar{'lonHostID'}) {
+ if ($srch->{'srchby'} eq 'email') {
+ my $lcrev = &get_server_loncaparev($dom,$tryserver);
+ my ($major,$minor,$subver) = ($lcrev =~ /^\'?(\d+)\.(\d+)\.(\d+)[\w.\-]+\'?$/);
+ next if (($major eq '' && $minor eq '') || ($major < 2) ||
+ (($major == 2) && ($minor < 11)) ||
+ (($major == 2) && ($minor == 11) && ($subver < 3)));
+ }
+ }
my $host=&hostname($tryserver);
my $queryid=
&reply("querysend:".&escape($query).':'.
@@ -2445,6 +2520,45 @@ sub retrieve_instcodes {
return $totcodes;
}
+# --------------------------------------------- Get domain config for passwords
+
+sub get_passwdconf {
+ my ($dom) = @_;
+ my (%passwdconf,$gotconf,$lookup);
+ my ($result,$cached)=&is_cached_new('passwdconf',$dom);
+ if (defined($cached)) {
+ if (ref($result) eq 'HASH') {
+ %passwdconf = %{$result};
+ $gotconf = 1;
+ }
+ }
+ unless ($gotconf) {
+ my %domconfig = &get_dom('configuration',['passwords'],$dom);
+ if (ref($domconfig{'passwords'}) eq 'HASH') {
+ %passwdconf = %{$domconfig{'passwords'}};
+ }
+ my $cachetime = 24*60*60;
+ &do_cache_new('passwdconf',$dom,\%passwdconf,$cachetime);
+ }
+ return %passwdconf;
+}
+
+sub course_portal_url {
+ my ($cnum,$cdom) = @_;
+ my $chome = &homeserver($cnum,$cdom);
+ my $hostname = &hostname($chome);
+ my $protocol = $protocol{$chome};
+ $protocol = 'http' if ($protocol ne 'https');
+ my %domdefaults = &get_domain_defaults($cdom);
+ my $firsturl;
+ if ($domdefaults{'portal_def'}) {
+ $firsturl = $domdefaults{'portal_def'};
+ } else {
+ $firsturl = $protocol.'://'.$hostname;
+ }
+ return $firsturl;
+}
+
# --------------------------------------------------- Assign a key to a student
sub assign_access_key {
@@ -2980,6 +3094,32 @@ sub repcopy {
}
}
+# ------------------------------------------------- Unsubscribe from a resource
+
+sub unsubscribe {
+ my ($fname) = @_;
+ my $answer;
+ if ($fname=~/\/(aboutme|syllabus|bulletinboard|smppg)$/) { return $answer; }
+ $fname=~s/[\n\r]//g;
+ my $author=$fname;
+ $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
+ my ($udom,$uname)=split(/\//,$author);
+ my $home=homeserver($uname,$udom);
+ if ($home eq 'no_host') {
+ $answer = 'no_host';
+ } elsif (grep { $_ eq $home } ¤t_machine_ids()) {
+ $answer = 'home';
+ } else {
+ my $defdom = $perlvar{'lonDefDomain'};
+ if (&will_trust('content',$defdom,$udom)) {
+ $answer = reply("unsub:$fname",$home);
+ } else {
+ $answer = 'untrusted';
+ }
+ }
+ return $answer;
+}
+
# ------------------------------------------------ Get server side include body
sub ssi_body {
my ($filelink,%form)=@_;
@@ -3106,13 +3246,13 @@ sub remove_stale_resfile {
(grep { $_ eq $homeserver } ¤t_machine_ids())) {
my $fname = &filelocation('',$url);
if (-e $fname) {
- my $ua=new LWP::UserAgent;
- $ua->timeout(5);
- my $protocol = $protocol{$homeserver};
- $protocol = 'http' if ($protocol ne 'https');
my $hostname = &hostname($homeserver);
if ($hostname) {
+ my $protocol = $protocol{$homeserver};
+ $protocol = 'http' if ($protocol ne 'https');
my $uri = $protocol.'://'.$hostname.'/raw/'.&declutter($url);
+ my $ua=new LWP::UserAgent;
+ $ua->timeout(5);
my $request=new HTTP::Request('HEAD',$uri);
my $response=$ua->request($request);
if ($response->is_success()) {
@@ -3138,12 +3278,18 @@ sub remove_stale_resfile {
$stale = 1;
}
if ($stale) {
- unlink($fname);
- if ($uri!~/\.meta$/) {
- unlink($fname.'.meta');
+ if (unlink($fname)) {
+ if ($uri!~/\.meta$/) {
+ if (-e $fname.'.meta') {
+ unlink($fname.'.meta');
+ }
+ }
+ my $unsubresult = &unsubscribe($fname);
+ unless ($unsubresult eq 'ok') {
+ &logthis("no unsub of $fname from $homeserver, reason: $unsubresult");
+ }
+ $removed = 1;
}
- &reply("unsub:$fname",$homeserver);
- $removed = 1;
}
}
}
@@ -3293,6 +3439,26 @@ sub can_edit_resource {
$forceedit = 1;
}
$cfile = $resurl;
+ } elsif (($resurl =~ m{^/ext/}) && ($symb ne '')) {
+ my ($map,$id,$res) = &decode_symb($symb);
+ if ($map =~ /\.page$/) {
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ $cfile = $map;
+ } else {
+ $forceedit = 1;
+ $cfile = '/adm/wrapper'.$resurl;
+ }
+ }
+ } elsif ($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) {
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ } else {
+ $forceedit = 1;
+ }
+ $cfile = $resurl;
} elsif ($resurl =~ m{^/?adm/viewclasslist$}) {
$incourse = 1;
if ($env{'form.forceedit'}) {
@@ -3310,13 +3476,21 @@ sub can_edit_resource {
$cfile = $template;
}
} elsif (($resurl =~ m{^/adm/wrapper/ext/}) && ($env{'form.folderpath'} =~ /^supplemental/)) {
- $incourse = 1;
- if ($env{'form.forceedit'}) {
- $forceview = 1;
- } else {
- $forceedit = 1;
- }
- $cfile = $resurl;
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ } else {
+ $forceedit = 1;
+ }
+ $cfile = $resurl;
+ } elsif (($resurl =~ m{^/adm/wrapper/adm/$cdom/$cnum/\d+/ext\.tool$}) && ($env{'form.folderpath'} =~ /^supplemental/)) {
+ $incourse = 1;
+ if ($env{'form.forceedit'}) {
+ $forceview = 1;
+ } else {
+ $forceedit = 1;
+ }
+ $cfile = $resurl;
} elsif (($resurl eq '/adm/extresedit') && ($symb || $env{'form.folderpath'})) {
$incourse = 1;
$forceview = 1;
@@ -3326,8 +3500,13 @@ sub can_edit_resource {
$cfile = &clutter($res);
} else {
$cfile = $env{'form.suppurl'};
- $cfile =~ s{^http://}{};
- $cfile = '/adm/wrapper/ext/'.$cfile;
+ my $escfile = &unescape($cfile);
+ if ($escfile =~ m{^/adm/$cdom/$cnum/\d+/ext\.tool$}) {
+ $cfile = '/adm/wrapper'.$escfile;
+ } else {
+ $escfile =~ s{^http://}{};
+ $cfile = &escape("/adm/wrapper/ext/$escfile");
+ }
}
} elsif ($resurl =~ m{^/?adm/viewclasslist$}) {
if ($env{'form.forceedit'}) {
@@ -3566,6 +3745,9 @@ sub clean_filename {
}
# Replace spaces by underscores
$fname=~s/\s+/\_/g;
+# Transliterate non-ascii text to ascii
+ my $lang = &Apache::lonlocal::current_language();
+ $fname = &LONCAPA::transliterate::fname_to_ascii($fname,$lang);
# Replace all other weird characters by nothing
$fname=~s{[^/\w\.\-]}{}g;
# Replace all .\d. sequences with _\d. so they no longer look like version
@@ -3573,6 +3755,7 @@ sub clean_filename {
$fname=~s/\.(\d+)(?=\.)/_$1/g;
return $fname;
}
+
# This Function checks if an Image's dimensions exceed either $resizewidth (width)
# or $resizeheight (height) - both pixels. If so, the image is scaled to produce an
# image with the same aspect ratio as the original, but with dimensions which do
@@ -3647,6 +3830,14 @@ sub userfileupload {
$fname=&clean_filename($fname);
# See if there is anything left
unless ($fname) { return 'error: no uploaded file'; }
+ # If filename now begins with a . prepend unix timestamp _ milliseconds
+ if ($fname =~ /^\./) {
+ my ($s,$usec) = &gettimeofday();
+ while (length($usec) < 6) {
+ $usec = '0'.$usec;
+ }
+ $fname = $s.'_'.substr($usec,0,3).$fname;
+ }
# Files uploaded to help request form, or uploaded to "create course" page are handled differently
if ((($formname eq 'screenshot') && ($subdir eq 'helprequests')) ||
(($formname eq 'coursecreatorxml') && ($subdir eq 'batchupload')) ||
@@ -5288,9 +5479,10 @@ my %cachedtimes=();
my $cachedtime='';
sub load_all_first_access {
- my ($uname,$udom)=@_;
+ my ($uname,$udom,$ignorecache)=@_;
if (($cachedkey eq $uname.':'.$udom) &&
- (abs($cachedtime-time)<5) && (!$env{'form.markaccess'})) {
+ (abs($cachedtime-time)<5) && (!$env{'form.markaccess'}) &&
+ (!$ignorecache)) {
return;
}
$cachedtime=time;
@@ -5299,7 +5491,7 @@ sub load_all_first_access {
}
sub get_first_access {
- my ($type,$argsymb,$argmap)=@_;
+ my ($type,$argsymb,$argmap,$ignorecache)=@_;
my ($symb,$courseid,$udom,$uname)=&whichuser();
if ($argsymb) { $symb=$argsymb; }
my ($map,$id,$res)=&decode_symb($symb);
@@ -5311,7 +5503,7 @@ sub get_first_access {
} else {
$res=$symb;
}
- &load_all_first_access($uname,$udom);
+ &load_all_first_access($uname,$udom,$ignorecache);
return $cachedtimes{"$courseid\0$res"};
}
@@ -6728,7 +6920,7 @@ sub currentdump {
#
my %returnhash=();
#
- if ($rep eq "unknown_cmd") {
+ if ($rep eq 'unknown_cmd') {
# an old lond will not know currentdump
# Do a dump and make it look like a currentdump
my @tmp = &dumpstore($courseid,$sdom,$sname,'.');
@@ -7661,7 +7853,7 @@ sub allowed {
if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; }
# Free bre access to adm and meta resources
- if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard)$}))
+ if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$}))
|| (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) ))
&& ($priv eq 'bre')) {
return 'F';
@@ -7826,8 +8018,34 @@ sub allowed {
if ($env{'user.priv.'.$env{'request.role'}.'.'.$courseuri}
=~/\Q$priv\E\&([^\:]*)/) {
- unless (($priv eq 'bro') && (!$ownaccess)) {
- $thisallowed.=$1;
+ if ($priv eq 'mip') {
+ my $rem = $1;
+ if (($uri ne '') && ($env{'request.course.id'} eq $uri) &&
+ ($env{'course.'.$env{'request.course.id'}.'.internal.courseowner'} eq $env{'user.name'}.':'.$env{'user.domain'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ if ($cdom ne '') {
+ my %passwdconf = &get_passwdconf($cdom);
+ if (ref($passwdconf{'crsownerchg'}) eq 'HASH') {
+ if (ref($passwdconf{'crsownerchg'}{'by'}) eq 'ARRAY') {
+ if (@{$passwdconf{'crsownerchg'}{'by'}}) {
+ my @inststatuses = split(':',$env{'environment.inststatus'});
+ unless (@inststatuses) {
+ @inststatuses = ('default');
+ }
+ foreach my $status (@inststatuses) {
+ if (grep(/^\Q$status\E$/,@{$passwdconf{'crsownerchg'}{'by'}})) {
+ $thisallowed.=$rem;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ } else {
+ unless (($priv eq 'bro') && (!$ownaccess)) {
+ $thisallowed.=$1;
+ }
}
}
@@ -7910,6 +8128,16 @@ sub allowed {
if ($env{'request.course.id'}) {
+# If this is modifying password (internal auth) domains must match for user and user's role.
+
+ if ($priv eq 'mip') {
+ if ($env{'user.domain'} eq $env{'request.role.domain'}) {
+ return $thisallowed;
+ } else {
+ return '';
+ }
+ }
+
$courseprivid=$env{'request.course.id'};
if ($env{'request.course.sec'}) {
$courseprivid.='/'.$env{'request.course.sec'};
@@ -8322,7 +8550,8 @@ sub get_commblock_resources {
}
}
}
- if ($interval[0] =~ /^\d+$/) {
+ if ($interval[0] =~ /^(\d+)/) {
+ my $timelimit = $1;
my $first_access;
if ($type eq 'resource') {
$first_access=&get_first_access($interval[1],$item);
@@ -8332,7 +8561,7 @@ sub get_commblock_resources {
$first_access=&get_first_access($interval[1]);
}
if ($first_access) {
- my $timesup = $first_access+$interval[0];
+ my $timesup = $first_access+$timelimit;
if ($timesup > $now) {
my $activeblock;
foreach my $res (@to_test) {
@@ -9706,7 +9935,22 @@ sub store_coowners {
sub modifyuserauth {
my ($udom,$uname,$umode,$upass)=@_;
my $uhome=&homeserver($uname,$udom);
- unless (&allowed('mau',$udom)) { return 'refused'; }
+ my $allowed;
+ if (&allowed('mau',$udom)) {
+ $allowed = 1;
+ } elsif (($umode eq 'internal') && ($udom eq $env{'user.domain'}) &&
+ ($env{'request.course.id'}) && (&allowed('mip',$env{'request.course.id'})) &&
+ (!$env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'})) {
+ my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
+ my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
+ if (($cdom ne '') && ($cnum ne '')) {
+ my $is_owner = &is_course_owner($cdom,$cnum);
+ if ($is_owner) {
+ $allowed = 1;
+ }
+ }
+ }
+ unless ($allowed) { return 'refused'; }
&logthis('Call to modify user authentication '.$udom.', '.$uname.', '.
$umode.' by '.$env{'user.name'}.' at '.$env{'user.domain'}.
' in domain '.$env{'request.role.domain'});
@@ -10043,14 +10287,19 @@ sub writecoursepref {
sub createcourse {
my ($udom,$description,$url,$course_server,$nonstandard,$inst_code,
- $course_owner,$crstype,$cnum,$context,$category)=@_;
+ $course_owner,$crstype,$cnum,$context,$category,$callercontext)=@_;
$url=&declutter($url);
my $cid='';
if ($context eq 'requestcourses') {
my $can_create = 0;
my ($ownername,$ownerdom) = split(':',$course_owner);
if ($udom eq $ownerdom) {
- if (&usertools_access($ownername,$ownerdom,$category,undef,
+ my $reload;
+ if (($callercontext eq 'auto') &&
+ ($ownerdom eq $env{'user.domain'}) && ($ownername eq $env{'user.name'})) {
+ $reload = 'reload';
+ }
+ if (&usertools_access($ownername,$ownerdom,$category,$reload,
$context)) {
$can_create = 1;
}
@@ -11059,7 +11308,7 @@ sub get_userresdata {
# Parameters:
# $name - Course/user name.
# $domain - Name of the domain the user/course is registered on.
-# $type - Type of thing $name is (must be 'course' or 'user'
+# $type - Type of thing $name is (must be 'course' or 'user')
# @which - Array of names of resources desired.
# Returns:
# The value of the first reasource in @which that is found in the
@@ -11078,13 +11327,44 @@ sub resdata {
}
if (!ref($result)) { return $result; }
foreach my $item (@which) {
- if (defined($result->{$item->[0]})) {
- return [$result->{$item->[0]},$item->[1]];
- }
+ if (ref($item) eq 'ARRAY') {
+ if (defined($result->{$item->[0]})) {
+ return [$result->{$item->[0]},$item->[1]];
+ }
+ }
}
return undef;
}
+sub get_domain_ltitools {
+ my ($cdom) = @_;
+ my %ltitools;
+ my ($result,$cached)=&is_cached_new('ltitools',$cdom);
+ if (defined($cached)) {
+ if (ref($result) eq 'HASH') {
+ %ltitools = %{$result};
+ }
+ } else {
+ my %domconfig = &get_dom('configuration',['ltitools'],$cdom);
+ if (ref($domconfig{'ltitools'}) eq 'HASH') {
+ %ltitools = %{$domconfig{'ltitools'}};
+ my %encdomconfig = &get_dom('encconfig',['ltitools'],$cdom);
+ if (ref($encdomconfig{'ltitools'}) eq 'HASH') {
+ foreach my $id (keys(%ltitools)) {
+ if (ref($encdomconfig{'ltitools'}{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $ltitools{$id}{$item} = $encdomconfig{'ltitools'}{$id}{$item};
+ }
+ }
+ }
+ }
+ }
+ my $cachetime = 24*60*60;
+ &do_cache_new('ltitools',$cdom,\%ltitools,$cachetime);
+ }
+ return %ltitools;
+}
+
sub get_numsuppfiles {
my ($cnum,$cdom,$ignorecache)=@_;
my $hashid=$cnum.':'.$cdom;
@@ -11540,7 +11820,7 @@ sub metadata {
# if it is a non metadata possible uri return quickly
if (($uri eq '') ||
(($uri =~ m|^/*adm/|) &&
- ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard)$})) ||
+ ($uri !~ m|^adm/includes|) && ($uri !~ m{/(smppg|bulletinboard|ext\.tool)$})) ||
($uri =~ m|/$|) || ($uri =~ m|/.meta$|) || ($uri =~ m{^/*uploaded/.+\.sequence$})) {
return undef;
}
@@ -12127,18 +12407,16 @@ sub symbverify {
if (tie(%bighash,'GDBM_File',$env{'request.course.fn'}.'.db',
&GDBM_READER(),0640)) {
- my $noclutter;
if (($thisurl =~ m{^/adm/wrapper/ext/}) || ($thisurl =~ m{^ext/})) {
$thisurl =~ s/\?.+$//;
if ($map =~ m{^uploaded/.+\.page$}) {
$thisurl =~ s{^(/adm/wrapper|)/ext/}{http://};
$thisurl =~ s{^\Qhttp://https://\E}{https://};
- $noclutter = 1;
}
}
my $ids;
- if ($noclutter) {
- $ids=$bighash{'ids_'.$thisurl};
+ if ($map =~ m{^uploaded/.+\.page$}) {
+ $ids=$bighash{'ids_'.&clutter_with_no_wrapper($thisurl)};
} else {
$ids=$bighash{'ids_'.&clutter($thisurl)};
}
@@ -12884,9 +13162,10 @@ sub repcopy_userfile {
my $request;
$uri=~s/^\///;
my $homeserver = &homeserver($cnum,$cdom);
+ my $hostname = &hostname($homeserver);
my $protocol = $protocol{$homeserver};
$protocol = 'http' if ($protocol ne 'https');
- $request=new HTTP::Request('GET',$protocol.'://'.&hostname($homeserver).'/raw/'.$uri);
+ $request=new HTTP::Request('GET',$protocol.'://'.$hostname.'/raw/'.$uri);
my $response=$ua->request($request,$transferfile);
# did it work?
if ($response->is_error()) {
@@ -12910,9 +13189,10 @@ sub tokenwrapper {
$file=~s|(\?\.*)*$||;
&appenv({"userfile.$udom/$uname/$file" => $env{'request.course.id'}});
my $homeserver = &homeserver($uname,$udom);
+ my $hostname = &hostname($homeserver);
my $protocol = $protocol{$homeserver};
$protocol = 'http' if ($protocol ne 'https');
- return $protocol.'://'.&hostname($homeserver).'/'.$uri.
+ return $protocol.'://'.$hostname.'/'.$uri.
(($uri=~/\?/)?'&':'?').'token='.$token.
'&tokenissued='.$perlvar{'lonHostID'};
} else {
@@ -12928,9 +13208,10 @@ sub getuploaded {
my ($reqtype,$uri,$cdom,$cnum,$info,$rtncode) = @_;
$uri=~s/^\///;
my $homeserver = &homeserver($cnum,$cdom);
+ my $hostname = &hostname($homeserver);
my $protocol = $protocol{$homeserver};
$protocol = 'http' if ($protocol ne 'https');
- $uri = $protocol.'://'.&hostname($homeserver).'/raw/'.$uri;
+ $uri = $protocol.'://'.$hostname.'/raw/'.$uri;
my $ua=new LWP::UserAgent;
my $request=new HTTP::Request($reqtype,$uri);
my $response=$ua->request($request);
@@ -13105,6 +13386,45 @@ sub shared_institution {
return $same_intdom;
}
+sub uses_sts {
+ my ($ignore_cache) = @_;
+ my $lonhost = $perlvar{'lonHostID'};
+ my $hostname = &hostname($lonhost);
+ my $sts_on;
+ if ($protocol{$lonhost} eq 'https') {
+ my $cachetime = 12*3600;
+ if (!$ignore_cache) {
+ ($sts_on,my $cached)=&is_cached_new('stspolicy',$lonhost);
+ if (defined($cached)) {
+ return $sts_on;
+ }
+ }
+ my $ua=new LWP::UserAgent;
+ my $url = $protocol{$lonhost}.'://'.$hostname.'/index.html';
+ my $request=new HTTP::Request('HEAD',$url);
+ my $response=$ua->request($request);
+ if ($response->is_success) {
+ my $has_sts = $response->header('Strict-Transport-Security');
+ if ($has_sts eq '') {
+ $sts_on = 0;
+ } else {
+ if ($has_sts =~ /\Qmax-age=\E(\d+)/) {
+ my $maxage = $1;
+ if ($maxage) {
+ $sts_on = 1;
+ } else {
+ $sts_on = 0;
+ }
+ } else {
+ $sts_on = 0;
+ }
+ }
+ return &do_cache_new('stspolicy',$lonhost,$sts_on,$cachetime);
+ }
+ }
+ return;
+}
+
# ------------------------------------------------------------- Declutters URLs
sub declutter {
@@ -13155,6 +13475,8 @@ sub clutter {
# &logthis("Got a blank emb style");
}
}
+ } elsif ($thisfn =~ m{^/adm/$match_domain/$match_courseid/\d+/ext\.tool$}) {
+ $thisfn='/adm/wrapper'.$thisfn;
}
return $thisfn;
}
@@ -13877,6 +14199,11 @@ BEGIN {
$deftex = LONCAPA::texengine();
}
+# ------------- set default minimum length for passwords for internal auth users
+{
+ $passwdmin = LONCAPA::passwd_min();
+}
+
$memcache=new Cache::Memcached({'servers' => ['127.0.0.1:11211'],
'compress_threshold'=> 20_000,
});