--- loncom/auth/lonauth.pm 2021/12/12 01:48:40 1.121.2.22 +++ loncom/auth/lonauth.pm 2022/02/27 02:06:20 1.121.2.25 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.121.2.22 2021/12/12 01:48:40 raeburn Exp $ +# $Id: lonauth.pm,v 1.121.2.25 2022/02/27 02:06:20 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -41,6 +41,7 @@ use Apache::lonlocal; use Apache::File(); use HTML::Entities; use Digest::MD5; +use CGI::Cookie(); # ------------------------------------------------------------ Successful login sub success { @@ -250,13 +251,6 @@ sub failed { my $firsturl = &Apache::loncommon::cleanup_html($form->{firsturl}); if ($firsturl ne '') { $retry .= (($retry=~/\?/)?'&':'?').'firsturl='.$firsturl; - if ($form->{firsturl} =~ m{^/tiny/$match_domain/\w+$}) { - unless (exists($form->{linkprot})) { - if (exists($form->{linkkey})) { - $retry .= 'linkkey='.$form->{linkkey}; - } - } - } } } } elsif ($querystr ne '') { @@ -329,7 +323,7 @@ sub handler { $form{'serverid'}); unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') || ($tmpinfo eq 'no_such_host')) { - my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo)l + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); $firsturl = &unescape($firsturl); my %info; foreach my $item (@rest) { @@ -406,7 +400,7 @@ sub handler { my ($key,$value) = split(/=/,$item); $form{$key} = &unescape($value); } - my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'}); + my $upass = &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); # ---------------------------------------------------------------- Authenticate @@ -427,9 +421,33 @@ sub handler { # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { - &failed($r,'Username and/or password could not be authenticated.', - \%form); - return OK; + my $pwdverify; + if (&Apache::lonnet::homeserver($form{'uname'},$form{'udom'}) eq 'no_host') { + my %possunames = &alternate_unames_check($form{'uname'},$form{'udom'}); + if (keys(%possunames) > 0) { + foreach my $rulematch (keys(%possunames)) { + my $possuname = $possunames{$rulematch}; + if (($possuname ne '') && ($possuname =~ /^$match_username$/)) { + $authhost=Apache::lonnet::authenticate($possuname,$upass, + $form{'udom'},undef, + $clientcancheckhost); + if (($authhost eq 'no_host') || ($authhost eq 'no_account_on_host')) { + next; + } elsif (($authhost ne '') && (&Apache::lonnet::hostname($authhost) ne '')) { + $pwdverify = 1; + &Apache::lonnet::logthis("Authenticated user: $possuname was submitted as: $form{'uname'}"); + $form{'uname'} = $possuname; + last; + } + } + } + } + } + unless ($pwdverify) { + &failed($r,'Username and/or password could not be authenticated.', + \%form); + return OK; + } } elsif ($authhost eq 'no_account_on_host') { if ($defaultauth) { my $domdesc = &Apache::lonnet::domain($form{'udom'},'description'); @@ -468,9 +486,9 @@ sub handler { $firsturl='/adm/roles'; } - my $hosthere; + my ($hosthere,%sessiondata); if ($form{'iptoken'}) { - my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); if (($sessiondata{'domain'} eq $form{'udom'}) && ($sessiondata{'username'} eq $form{'uname'})) { @@ -817,6 +835,20 @@ sub loginhelpdisplay { return; } +sub alternate_unames_check { + my ($uname,$udom) = @_; + my %possunames; + my %domdefs = &Apache::lonnet::get_domain_defaults($udom); + if (ref($domdefs{'unamemap_rule'}) eq 'ARRAY') { + if (@{$domdefs{'unamemap_rule'}} > 0) { + %possunames = + &Apache::lonnet::inst_rulecheck($udom,$uname,undef, + 'unamemap',$domdefs{'unamemap_rule'}); + } + } + return %possunames; +} + 1; __END__