--- loncom/lonnet/perl/lonnet.pm 2021/07/19 15:48:27 1.1461 +++ loncom/lonnet/perl/lonnet.pm 2021/11/02 20:46:56 1.1469 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1461 2021/07/19 15:48:27 raeburn Exp $ +# $Id: lonnet.pm,v 1.1469 2021/11/02 20:46:56 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -468,14 +468,15 @@ sub reply { my $subcmd = $1; if (($subcmd eq 'auth') || ($subcmd eq 'passwd') || ($subcmd eq 'changeuserauth') || ($subcmd eq 'makeuser') || - ($subcmd eq 'putdom') || ($subcmd eq 'autoexportgrades')) { + ($subcmd eq 'putdom') || ($subcmd eq 'autoexportgrades') || + ($subcmd eq 'put')) { (undef,undef,my @rest) = split(/:/,$cmd); if (($subcmd eq 'auth') || ($subcmd eq 'putdom')) { splice(@rest,2,1,'Hidden'); } elsif ($subcmd eq 'passwd') { splice(@rest,2,2,('Hidden','Hidden')); } elsif (($subcmd eq 'changeuserauth') || ($subcmd eq 'makeuser') || - ($subcmd eq 'autoexportgrades')) { + ($subcmd eq 'autoexportgrades') || ($subcmd eq 'put')) { splice(@rest,3,1,'Hidden'); } $logged = join(':',('encrypt:'.$subcmd,@rest)); @@ -2146,7 +2147,7 @@ sub dump_dom { # ------------------------------------------ get items from domain db files sub get_dom { - my ($namespace,$storearr,$udom,$uhome)=@_; + my ($namespace,$storearr,$udom,$uhome,$encrypt)=@_; return if ($udom eq 'public'); my $items=''; foreach my $item (@$storearr) { @@ -2172,13 +2173,9 @@ sub get_dom { my $rep; if (grep { $_ eq $uhome } ¤t_machine_ids()) { # domain information is hosted on this machine - my $cmd = 'getdom'; - if ($namespace =~ /^enc/) { - $cmd = 'egetdom'; - } - $rep = &LONCAPA::Lond::get_dom("$cmd:$udom:$namespace:$items"); + $rep = &LONCAPA::Lond::get_dom("getdom:$udom:$namespace:$items"); } else { - if ($namespace =~ /^enc/) { + if ($encrypt) { $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); } else { $rep=&reply("getdom:$udom:$namespace:$items",$uhome); @@ -2206,7 +2203,7 @@ sub get_dom { # -------------------------------------------- put items in domain db files sub put_dom { - my ($namespace,$storehash,$udom,$uhome)=@_; + my ($namespace,$storehash,$udom,$uhome,$encrypt)=@_; if (!$udom) { $udom=$env{'user.domain'}; if (defined(&domain($udom,'primary'))) { @@ -2227,7 +2224,7 @@ sub put_dom { $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&'; } $items=~s/\&$//; - if ($namespace =~ /^enc/) { + if ($encrypt) { return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome); } else { return &reply("putdom:$udom:$namespace:$items",$uhome); @@ -2307,7 +2304,7 @@ sub retrieve_inst_usertypes { sub is_domainimage { my ($url) = @_; - if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo)/+[^/]-) { + if ($url=~m-^/+res/+($match_domain)/+\1\-domainconfig/+(img|logo|domlogo|login)/+[^/]-) { if (&domain($1) ne '') { return '1'; } @@ -7117,7 +7114,7 @@ sub unserialize { # see Lond::dump_with_regexp # if $escapedkeys hash keys won't get unescaped. sub dump { - my ($namespace,$udomain,$uname,$regexp,$range,$escapedkeys)=@_; + my ($namespace,$udomain,$uname,$regexp,$range,$escapedkeys,$encrypt)=@_; if (!$udomain) { $udomain=$env{'user.domain'}; } if (!$uname) { $uname=$env{'user.name'}; } my $uhome=&homeserver($uname,$udomain); @@ -7133,7 +7130,12 @@ sub dump { $uname, $namespace, $regexp, $range)), $perlvar{'lonVersion'}); return %{unserialize($reply, $escapedkeys)}; } - my $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome); + my $rep; + if ($encrypt) { + $rep=&reply("encrypt:edump:$udomain:$uname:$namespace:$regexp:$range",$uhome); + } else { + $rep=&reply("dump:$udomain:$uname:$namespace:$regexp:$range",$uhome); + } my @pairs=split(/\&/,$rep); my %returnhash=(); if (!($rep =~ /^error/ )) { @@ -7280,7 +7282,7 @@ sub inc { # --------------------------------------------------------------- put interface sub put { - my ($namespace,$storehash,$udomain,$uname)=@_; + my ($namespace,$storehash,$udomain,$uname,$encrypt)=@_; if (!$udomain) { $udomain=$env{'user.domain'}; } if (!$uname) { $uname=$env{'user.name'}; } my $uhome=&homeserver($uname,$udomain); @@ -7289,7 +7291,11 @@ sub put { $items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&'; } $items=~s/\&$//; - return &reply("put:$udomain:$uname:$namespace:$items",$uhome); + if ($encrypt) { + return &reply("encrypt:put:$udomain:$uname:$namespace:$items",$uhome); + } else { + return &reply("put:$udomain:$uname:$namespace:$items",$uhome); + } } # ------------------------------------------------------------ newput interface @@ -9059,17 +9065,34 @@ sub deeplink_check { if ($deeplink eq '') { $allow = 1; } else { - my ($listed,$scope,$access) = split(/,/,$deeplink); - if ($access eq 'any') { + my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink); + if ($state ne 'only') { $allow = 1; - } elsif ($deeplink_symb) { - if ($access eq 'only') { + } else { + my $check_deeplink_entry; + if ($protect ne 'none') { + my ($acctype,$item) = split(/:/,$protect); + if (($acctype eq 'ltic') && ($env{'user.linkprotector'})) { + if (grep(/^\Q$item\Ec$/,split(/,/,$env{'user.linkprotector'}))) { + $check_deeplink_entry = 1 + } + } elsif (($acctype eq 'ltid') && ($env{'user.linkprotector'})) { + if (grep(/^\Q$item\Ed$/,split(/,/,$env{'user.linkprotector'}))) { + $check_deeplink_entry = 1; + } + } elsif (($acctype eq 'key') && ($env{'user.deeplinkkey'})) { + if (grep(/^\Q$item\E$/,split(/,/,$env{'user.deeplinkkey'}))) { + $check_deeplink_entry = 1; + } + } + } + if (($protect eq 'none') || ($check_deeplink_entry)) { if ($scope eq 'res') { if ($symb eq $deeplink_symb) { $allow = 1; } } elsif (($scope eq 'map') || ($scope eq 'rec')) { - my ($map_from_symb,$map_from_login); + my ($map_from_symb,$map_from_login); $map_from_symb = &deversion((&decode_symb($symb))[0]); if ($deeplink_symb =~ /\.(page|sequence)$/) { $map_from_login = &deversion((&decode_symb($deeplink_symb))[2]); @@ -9087,23 +9110,6 @@ sub deeplink_check { } } } - } else { - my ($acctype,$item) = split(/:/,$access); - if (($acctype eq 'lti') && ($env{'user.linkprotector'})) { - if (grep(/^\Q$item\E$/,split(/,/,$env{'user.linkprotector'}))) { - my %tinyurls = &get('tiny',[$symb],$cdom,$cnum); - if (grep(/\Q$tinyurls{$symb}\E$/,split(/,/,$env{'user.linkproturis'}))) { - $allow = 1; - } - } - } elsif (($acctype eq 'key') && ($env{'user.deeplinkkey'})) { - if (grep(/^\Q$item\E$/,split(/,/,$env{'user.deeplinkkey'}))) { - my %tinyurls = &get('tiny',[$symb],$cdom,$cnum); - if (grep(/\Q$tinyurls{$symb}\E$/,split(/,/,$env{'user.keyedlinkuri'}))) { - $allow = 1; - } - } - } } } } @@ -12192,7 +12198,7 @@ sub get_domain_lti { my %domconfig = &get_dom('configuration',[$name],$cdom); if (ref($domconfig{$name}) eq 'HASH') { %lti = %{$domconfig{$name}}; - my %encdomconfig = &get_dom('encconfig',[$name],$cdom); + my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1); if (ref($encdomconfig{$name}) eq 'HASH') { foreach my $id (keys(%lti)) { if (ref($encdomconfig{$name}{$id}) eq 'HASH') { @@ -12209,6 +12215,23 @@ sub get_domain_lti { return %lti; } +sub get_course_lti { + my ($cnum,$cdom) = @_; + my $hashid=$cdom.'_'.$cnum; + my %courselti; + my ($result,$cached)=&is_cached_new('courselti',$hashid); + if (defined($cached)) { + if (ref($result) eq 'HASH') { + %courselti = %{$result}; + } + } else { + %courselti = &dump('lti',$cdom,$cnum,undef,undef,undef,1); + my $cachetime = 24*60*60; + &do_cache_new('courselti',$hashid,\%courselti,$cachetime); + } + return %courselti; +} + sub get_numsuppfiles { my ($cnum,$cdom,$ignorecache)=@_; my $hashid=$cnum.':'.$cdom; @@ -12300,7 +12323,7 @@ sub EXT { if ( (defined($Apache::lonhomework::parsing_a_problem) || defined($Apache::lonhomework::parsing_a_task)) && - ($symbparm eq &symbread()) ) { + ($symbparm eq &symbread()) ) { # if we are in the middle of processing the resource the # get the value we are planning on committing if (defined($Apache::lonhomework::results{$qualifierrest})) { @@ -14364,10 +14387,15 @@ sub machine_ids { sub additional_machine_domains { my @domains; - open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab"); - while( my $line = <$fh>) { - $line =~ s/\s//g; - push(@domains,$line); + if (-e "$perlvar{'lonTabDir'}/expected_domains.tab") { + if (open(my $fh,"<","$perlvar{'lonTabDir'}/expected_domains.tab")) { + while (my $line = <$fh>) { + chomp($line); + $line =~ s/\s//g; + push(@domains,$line); + } + close($fh); + } } return @domains; } @@ -14563,7 +14591,6 @@ sub get_proxy_alias { my $cachetime = 60*60*24; my %domconfig = &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); - my $alias; if (ref($domconfig{'wafproxy'}) eq 'HASH') { if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { $alias = $domconfig{'wafproxy'}{'alias'}{$lonid}; @@ -14581,7 +14608,7 @@ sub use_proxy_alias { if ($alias) { my $dom = &host_domain($lonid); if ($dom ne '') { - my $proxyinfo = &get_proxy_settings($dom ); + my $proxyinfo = &get_proxy_settings($dom); my ($vpnint,$remote_ip); if (ref($proxyinfo) eq 'HASH') { $vpnint = $proxyinfo->{'vpnint'}; @@ -14596,6 +14623,81 @@ sub use_proxy_alias { } return; } + +sub alias_shibboleth { + my ($lonid) = @_; + if ($lonid eq '') { + $lonid = $perlvar{'lonHostID'}; + } + if (!defined(&hostname($lonid))) { + return; + } + if ($lonid ne '') { + my ($use_alias,$cached) = &is_cached_new('proxysaml',$lonid); + if ($cached) { + return $use_alias; + } + my $dom = &Apache::lonnet::host_domain($lonid); + if ($dom ne '') { + my $cachetime = 60*60*24; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') { + $use_alias = $domconfig{'wafproxy'}{'saml'}{$lonid}; + } + } + return &do_cache_new('proxysaml',$lonid,$use_alias,$cachetime); + } + } + return; +} + +sub get_saml_landing { + my ($lonid) = @_; + if ($lonid eq '') { + my $defdom = &default_login_domain(); + my @hosts = ¤t_machine_ids(); + if (@hosts > 1) { + foreach my $hostid (@hosts) { + if (&host_domain($hostid) eq $defdom) { + $lonid = $hostid; + last; + } + } + } else { + $lonid = $perlvar{'lonHostID'}; + } + if ($lonid) { + unless (&Apache::lonnet::host_domain($lonid) eq $defdom) { + return; + } + } else { + return; + } + } elsif (!defined(&hostname($lonid))) { + return; + } + my ($landing,$cached) = &is_cached_new('samllanding',$lonid); + if ($cached) { + return $landing; + } + my $dom = &Apache::lonnet::host_domain($lonid); + if ($dom ne '') { + my $cachetime = 60*60*24; + my %domconfig = + &Apache::lonnet::get_dom('configuration',['login'],$dom); + if (ref($domconfig{'login'}) eq 'HASH') { + if (ref($domconfig{'login'}{'saml'}) eq 'HASH') { + if (ref($domconfig{'login'}{'saml'}{$lonid}) eq 'HASH') { + $landing = 1; + } + } + } + return &do_cache_new('samllanding',$lonid,$landing,$cachetime); + } + return; +} # ------------------------------------------------------------- Declutters URLs