--- loncom/lonnet/perl/lonnet.pm 2022/02/14 02:48:53 1.1481 +++ loncom/lonnet/perl/lonnet.pm 2022/05/26 02:07:36 1.1485 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1481 2022/02/14 02:48:53 raeburn Exp $ +# $Id: lonnet.pm,v 1.1485 2022/05/26 02:07:36 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -1323,7 +1323,7 @@ sub changepass { sub queryauthenticate { my ($uname,$udom)=@_; my $uhome=&homeserver($uname,$udom); - if (!$uhome) { + if ((!$uhome) || ($uhome eq 'no_host')) { &logthis("User $uname at $udom is unknown when looking for authentication mechanism"); return 'no_host'; } @@ -1372,7 +1372,7 @@ sub authenticate { } if ($answer eq 'non_authorized') { &logthis("User $uname at $udom rejected by $uhome"); - return 'no_host'; + return 'no_host'; } &logthis("User $uname at $udom threw error $answer when checking authentication mechanism"); return 'no_host'; @@ -2263,7 +2263,7 @@ sub del_dom { } sub store_dom { - my ($storehash,$id,$namespace,$dom,$home) = @_; + my ($storehash,$id,$namespace,$dom,$home,$encrypt) = @_; $$storehash{'ip'}=&get_requestor_ip(); $$storehash{'host'}=$perlvar{'lonHostID'}; my $namevalue=''; @@ -2276,12 +2276,43 @@ sub store_dom { } else { if ($namespace eq 'private') { return 'refused'; + } elsif ($encrypt) { + return reply("encrypt:storedom:$dom:$namespace:$id:$namevalue",$home); } else { - return reply("storedom:$dom:$namespace:$id:$namevalue","$home"); + return reply("storedom:$dom:$namespace:$id:$namevalue",$home); } } } +sub restore_dom { + my ($id,$namespace,$dom,$home,$encrypt) = @_; + my $answer; + if (grep { $_ eq $home } current_machine_ids()) { + $answer = LONCAPA::Lond::restore_dom("restoredom:$dom:$namespace:$id"); + } elsif ($namespace ne 'private') { + if ($encrypt) { + $answer=&reply("encrypt:restoredom:$dom:$namespace:$id",$home); + } else { + $answer=&reply("restoredom:$dom:$namespace:$id",$home); + } + } + my %returnhash=(); + unless (($answer eq '') || ($answer eq 'con_lost') || ($answer eq 'refused') || + ($answer eq 'unknown_cmd') || ($answer eq 'rejected')) { + foreach my $line (split(/\&/,$answer)) { + my ($name,$value)=split(/\=/,$line); + $returnhash{&unescape($name)}=&thaw_unescape($value); + } + my $version; + for ($version=1;$version<=$returnhash{'version'};$version++) { + foreach my $item (split(/\:/,$returnhash{$version.':keys'})) { + $returnhash{$item}=$returnhash{$version.':'.$item}; + } + } + } + return %returnhash; +} + # ----------------------------------construct domainconfig user for a domain sub get_domainconfiguser { my ($udom) = @_; @@ -2562,6 +2593,10 @@ sub inst_rulecheck { $response=&unescape(&reply('instselfcreatecheck:'. &escape($udom).':'.&escape($uname). ':'.$rulestr,$homeserver)); + } elsif ($item eq 'unamemap') { + $response=&unescape(&reply('instunamemapcheck:'. + &escape($udom).':'.&escape($uname). + ':'.$rulestr,$homeserver)); } if ($response ne 'refused') { my @pairs=split(/\&/,$response); @@ -2591,6 +2626,9 @@ sub inst_userrules { } elsif ($check eq 'email') { $response=&reply('instemailrules:'.&escape($udom), $homeserver); + } elsif ($check eq 'unamemap') { + $response=&reply('unamemaprules:'.&escape($udom), + $homeserver); } else { $response=&reply('instuserrules:'.&escape($udom), $homeserver); @@ -2637,7 +2675,7 @@ sub get_domain_defaults { 'coursedefaults','usersessions', 'requestauthor','selfenrollment', 'coursecategories','ssl','autoenroll', - 'trust','helpsettings','wafproxy'],$domain); + 'trust','helpsettings','wafproxy','ltisec'],$domain); my @coursetypes = ('official','unofficial','community','textbook','placement'); if (ref($domconfig{'defaults'}) eq 'HASH') { $domdefaults{'lang_def'} = $domconfig{'defaults'}{'lang_def'}; @@ -2649,6 +2687,7 @@ sub get_domain_defaults { $domdefaults{'intauth_cost'} = $domconfig{'defaults'}{'intauth_cost'}; $domdefaults{'intauth_switch'} = $domconfig{'defaults'}{'intauth_switch'}; $domdefaults{'intauth_check'} = $domconfig{'defaults'}{'intauth_check'}; + $domdefaults{'unamemap_rule'} = $domconfig{'defaults'}{'unamemap_rule'}; } else { $domdefaults{'lang_def'} = &domain($domain,'lang_def'); $domdefaults{'auth_def'} = &domain($domain,'auth_def'); @@ -2811,7 +2850,19 @@ sub get_domain_defaults { $domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; } } - } + } + if (ref($domconfig{'ltisec'}) eq 'HASH') { + if (ref($domconfig{'ltisec'}{'encrypt'}) eq 'HASH') { + $domdefaults{'linkprotenc_crs'} = $domconfig{'ltisec'}{'encrypt'}{'crs'}; + $domdefaults{'linkprotenc_dom'} = $domconfig{'ltisec'}{'encrypt'}{'dom'}; + $domdefaults{'ltienc_consumers'} = $domconfig{'ltisec'}{'encrypt'}{'consumers'}; + } + if (ref($domconfig{'ltisec'}{'private'}) eq 'HASH') { + if (ref($domconfig{'ltisec'}{'private'}{'keys'}) eq 'ARRAY') { + $domdefaults{'privhosts'} = $domconfig{'ltisec'}{'private'}{'keys'}; + } + } + } &do_cache_new('domdefaults',$domain,\%domdefaults,$cachetime); return %domdefaults; } @@ -12238,15 +12289,24 @@ sub resdata { sub get_domain_lti { my ($cdom,$context) = @_; - my ($name,%lti); + my ($name,$cachename,%lti); if ($context eq 'consumer') { $name = 'ltitools'; } elsif ($context eq 'provider') { $name = 'lti'; + } elsif ($context eq 'linkprot') { + $name = 'ltisec'; } else { return %lti; } - my ($result,$cached)=&is_cached_new($name,$cdom); + + if ($context eq 'linkprot') { + $cachename = $context; + } else { + $cachename = $name; + } + + my ($result,$cached)=&is_cached_new($cachename,$cdom); if (defined($cached)) { if (ref($result) eq 'HASH') { %lti = %{$result}; @@ -12254,20 +12314,28 @@ sub get_domain_lti { } else { my %domconfig = &get_dom('configuration',[$name],$cdom); if (ref($domconfig{$name}) eq 'HASH') { - %lti = %{$domconfig{$name}}; - my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1); - if (ref($encdomconfig{$name}) eq 'HASH') { - foreach my $id (keys(%lti)) { - if (ref($encdomconfig{$name}{$id}) eq 'HASH') { - foreach my $item ('key','secret') { - $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item}; + if ($context eq 'linkprot') { + if (ref($domconfig{$name}{'linkprot'}) eq 'HASH') { + %lti = %{$domconfig{$name}{'linkprot'}}; + } + } else { + %lti = %{$domconfig{$name}}; + } + if (($context eq 'consumer') && (keys(%lti))) { + my %encdomconfig = &get_dom('encconfig',[$name],$cdom,undef,1); + if (ref($encdomconfig{$name}) eq 'HASH') { + foreach my $id (keys(%lti)) { + if (ref($encdomconfig{$name}{$id}) eq 'HASH') { + foreach my $item ('key','secret') { + $lti{$id}{$item} = $encdomconfig{$name}{$id}{$item}; + } } } } } } my $cachetime = 24*60*60; - &do_cache_new($name,$cdom,\%lti,$cachetime); + &do_cache_new($cachename,$cdom,\%lti,$cachetime); } return %lti; } @@ -13676,9 +13744,6 @@ sub symbread { my $syval=''; if (($env{'request.course.fn'}) && ($thisfn)) { my $targetfn = $thisfn; - if ( ($thisfn =~ m/^(uploaded|editupload)\//) && ($thisfn !~ m/\.(page|sequence)$/) ) { - $targetfn = 'adm/wrapper/'.$thisfn; - } if ($targetfn =~ m|^adm/wrapper/(ext/.*)|) { $targetfn=$1; }