Return to lonauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonauth.pm between versions 1.121.2.20 and 1.129

version 1.121.2.20, 2020/10/23 21:21:44	version 1.129, 2013/12/20 14:54:34
Line 32 use strict;	Line 32 use strict;
use LONCAPA;	use LONCAPA;
use Apache::Constants qw(:common);	use Apache::Constants qw(:common);
use CGI qw(:standard);	use CGI qw(:standard);
	use DynaLoader; # for Crypt::DES version
	use Crypt::DES;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonnet;	use Apache::lonnet;
use Apache::lonmenu();	use Apache::lonmenu();
Line 40 use Fcntl qw(:flock);	Line 42 use Fcntl qw(:flock);
use Apache::lonlocal;	use Apache::lonlocal;
use Apache::File();	use Apache::File();
use HTML::Entities;	use HTML::Entities;
use Digest::MD5;

# ------------------------------------------------------------ Successful login	# ------------------------------------------------------------ Successful login
sub success {	sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,	my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
$form,$cid) = @_;	$form) = @_;

# ------------------------------------------------------------ Get cookie ready	# ------------------------------------------------------------ Get cookie ready
my $cookie =	my $cookie =
Line 71 sub success {	Line 72 sub success {
}	}
}	}

# ------------------------------------------------------------ Get cookies ready	# ------------------------------------------------------------ Get cookie ready
my ($securecookie,$defaultcookie);	$cookie="lonID=$cookie; path=/";
my $ssl = $r->subprocess_env('https');
if ($ssl) {
$securecookie="lonSID=$cookie; path=/; HttpOnly; secure";
my $lonidsdir=$r->dir_config('lonIDsDir');
if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
if (-e "$lonidsdir/$linkname.id") {
unlink("$lonidsdir/$linkname.id");
}
my $made_symlink = eval { symlink("$lonidsdir/$cookie.id",
"$lonidsdir/$linkname.id"); 1 };
if ($made_symlink) {
$defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
&Apache::lonnet::appenv({'user.linkedenv' => $linkname});
}
}
} else {
$defaultcookie = "lonID=$cookie; path=/; HttpOnly;";
}
# -------------------------------------------------------- Menu script and info	# -------------------------------------------------------- Menu script and info
my $destination = $lowerurl;	my $destination = $lowerurl;

Line 117 sub success {	Line 99 sub success {
}	}
if (defined($form->{symb})) {	if (defined($form->{symb})) {
my $destsymb = $form->{symb};	my $destsymb = $form->{symb};
my $encrypted;
if ($destsymb =~ m{^/enc/}) {
$encrypted = 1;
if ($cid) {
$destsymb = &Apache::lonenc::unencrypted($destsymb,$cid);
}
}
$destination .= ($destination =~ /\?/) ? '&' : '?';	$destination .= ($destination =~ /\?/) ? '&' : '?';
if ($destsymb =~ /___/) {	if ($destsymb =~ /___/) {
	# FIXME Need to deal with encrypted symbs and urls as needed.
my ($map,$resid,$desturl)=split(/___/,$destsymb);	my ($map,$resid,$desturl)=split(/___/,$destsymb);
$desturl = &Apache::lonnet::clutter($desturl);	unless ($desturl=~/^(adm\|editupload\|public)/) {
if ($encrypted) {	$desturl = &Apache::lonnet::clutter($desturl);
$desturl = &Apache::lonenc::encrypted($desturl,1,$cid);
$destsymb = $form->{symb};
}	}
$desturl = &HTML::Entities::encode($desturl,'"<>&');	$desturl = &HTML::Entities::encode($desturl,'"<>&');
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');	$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
$destination .= 'destinationurl='.$desturl.	$destination .= '&destinationurl='.$desturl.
'&destsymb='.$destsymb;	'&destsymb='.$destsymb;
} elsif (!$encrypted) {	} else {
$destsymb = &HTML::Entities::encode($destsymb,'"<>&');	$destsymb = &HTML::Entities::encode($destsymb,'"<>&');
$destination .= 'destinationurl='.$destsymb;	$destination .= '&destinationurl='.$destsymb;
}	}
}	}
if ($destination =~ m{^/adm/roles}) {	if ($destination =~ m{^/adm/roles}) {
Line 146 sub success {	Line 120 sub success {
$destination .= 'source=login';	$destination .= 'source=login';
}	}

my $windowinfo=&Apache::lonmenu::open($env{'browser.os'});	my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="loncapaclient";');
my $startupremote=&Apache::lonmenu::startupremote($destination);	my $header = '<meta HTTP-EQUIV="Refresh" CONTENT="0; url='.$destination.'" />';
my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
my $setflags=&Apache::lonmenu::setflags();
my $maincall=&Apache::lonmenu::maincall();
my $brcrum = [{'href' => '',	my $brcrum = [{'href' => '',
'text' => 'Successful Login'},];	'text' => 'Successful Login'},];
my $start_page=&Apache::loncommon::start_page('Successful Login',	my $start_page=&Apache::loncommon::start_page('Successful Login',
$startupremote,	$header,
{'no_inline_link' => 1,	{'bread_crumbs' => $brcrum,});
'bread_crumbs' => $brcrum,});
my $end_page =&Apache::loncommon::end_page();	my $end_page =&Apache::loncommon::end_page();

my $continuelink;	my $continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
if ($env{'environment.remote'} eq 'off') {
$continuelink='<a href="'.$destination.'">'.&mt('Continue').'</a>';
}
# ------------------------------------------------- Output for successful login	# ------------------------------------------------- Output for successful login

&Apache::loncommon::content_type($r,'text/html');	&Apache::loncommon::content_type($r,'text/html');
if ($securecookie) {	$r->header_out('Set-cookie' => $cookie);
$r->headers_out->add('Set-cookie' => $securecookie);
}
if ($defaultcookie) {
$r->headers_out->add('Set-cookie' => $defaultcookie);
}
$r->send_http_header;	$r->send_http_header;

my %lt=&Apache::lonlocal::texthash(	my %lt=&Apache::lonlocal::texthash(
Line 186 sub success {	Line 148 sub success {
my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>');	my $welcome = &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','<i>','</i>');
$r->print(<<ENDSUCCESS);	$r->print(<<ENDSUCCESS);
$start_page	$start_page
$setflags
$windowinfo	$windowinfo
<h1>$lt{'wel'}</h1>	<h1>$lt{'wel'}</h1>
$welcome	$welcome
$loginhelp	$loginhelp
$remoteinfo
$maincall
$continuelink	$continuelink
$end_page	$end_page
ENDSUCCESS	ENDSUCCESS
return;
}	}

# --------------------------------------------------------------- Failed login!	# --------------------------------------------------------------- Failed login!
Line 215 sub failed {	Line 173 sub failed {
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});	my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {	if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);	undef($udom);
}	}
my $retry = '/adm/login';	my $retry = '/adm/login';
if ($uname eq $form->{'uname'}) {	if ($uname eq $form->{'uname'}) {
$retry .= '?username='.$uname;	$retry .= '?username='.$uname;
Line 225 sub failed {	Line 183 sub failed {
}	}
if (exists($form->{role})) {	if (exists($form->{role})) {
my $role = &Apache::loncommon::cleanup_html($form->{role});	my $role = &Apache::loncommon::cleanup_html($form->{role});
if ($role ne '') {	if ($role ne '') {
$retry .= (($retry=~/\?/)?'&':'?').'role='.$role;	$retry .= (($retry=~/\?/)?'&':'?').'role='.$role;
}	}
}	}
Line 238 sub failed {	Line 196 sub failed {
my $end_page = &Apache::loncommon::end_page();	my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');	&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;	$r->send_http_header;
my @actions =
(&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>'));
my $loginhelp = &loginhelpdisplay($udom);	my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {	if ($loginhelp) {
push(@actions, '<a href="'.$loginhelp.'">'.&mt('Login problems?').'</a>');	$loginhelp = '<p><a href="'.$loginhelp.'">'.&mt('Login problems?').'</a></p>';
}	}
#FIXME: link to helpdesk might be added here

$r->print(	$r->print(
$start_page	$start_page
.'<h2>'.&mt('Sorry ...').'</h2>'	.'<h1>'.&mt('Sorry ...').'</h1>'
.&Apache::lonhtmlcommon::confirm_success(&mt($message),1).'<br /><br />'	.'<p class="LC_warning">'.&mt($message).'</p>'
.&Apache::lonhtmlcommon::actionbox(\@actions)	.'<p>'.&mt('Please [_1]log in again[_2].','<a href="'.$retry.'">','</a>')
	.'</p>'
	.$loginhelp
.$end_page	.$end_page
);	);
}	}
Line 271 sub reroute {	Line 228 sub reroute {
sub handler {	sub handler {
my $r = shift;	my $r = shift;
my $londocroot = $r->dir_config('lonDocRoot');	my $londocroot = $r->dir_config('lonDocRoot');
	my $form;
# Are we re-routing?	# Are we re-routing?
if (-e "$londocroot/lon-status/reroute.txt") {	if (-e "$londocroot/lon-status/reroute.txt") {
&reroute($r);	&reroute($r);
Line 334 sub handler {	Line 292 sub handler {

# split user logging in and "su"-user	# split user logging in and "su"-user

($form{'uname'},$form{'suname'},$form{'sudom'})=split(/\:/,$form{'uname'});	($form{'uname'},$form{'suname'})=split(/\:/,$form{'uname'});
$form{'uname'} = &LONCAPA::clean_username($form{'uname'});	$form{'uname'} = &LONCAPA::clean_username($form{'uname'});
$form{'suname'}= &LONCAPA::clean_username($form{'suname'});	$form{'suname'}= &LONCAPA::clean_username($form{'suname'});
$form{'udom'} = &LONCAPA::clean_domain($form{'udom'});	$form{'udom'} = &LONCAPA::clean_domain( $form{'udom'});
$form{'sudom'} = &LONCAPA::clean_domain($form{'sudom'});

my $role = $r->dir_config('lonRole');	my $role = $r->dir_config('lonRole');
my $domain = $r->dir_config('lonDefDomain');	my $domain = $r->dir_config('lonDefDomain');
Line 350 sub handler {	Line 307 sub handler {
my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},	my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
$form{'serverid'});	$form{'serverid'});

	my %sessiondata;
	if ($form{'iptoken'}) {
	%sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
	my $delete = &Apache::lonnet::tmpdel($form{'token'});
	}

if (($tmpinfo=~/^error/) \|\| ($tmpinfo eq 'con_lost') \|\|	if (($tmpinfo=~/^error/) \|\| ($tmpinfo eq 'con_lost') \|\|
($tmpinfo eq 'no_such_host')) {	($tmpinfo eq 'no_such_host')) {
&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);	&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
Line 369 sub handler {	Line 332 sub handler {
return OK;	return OK;
}	}

my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);	my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
if ($rolestr) {	if ($rolestr) {
$rolestr = &unescape($rolestr);	$rolestr = &unescape($rolestr);
}	}
if ($symbstr) {	if ($symbstr) {
$symbstr= &unescape($symbstr);	$symbstr= &unescape($symbstr);
}	}
if ($iptokenstr) {
$iptokenstr = &unescape($iptokenstr);
}
if ($rolestr =~ /^role=/) {	if ($rolestr =~ /^role=/) {
(undef,$form{'role'}) = split('=',$rolestr);	(undef,$form{'role'}) = split('=',$rolestr);
}	}
if ($symbstr =~ /^symb=/) {	if ($symbstr =~ /^symb=/) {
(undef,$form{'symb'}) = split('=',$symbstr);	(undef,$form{'symb'}) = split('=',$symbstr);
}	}
if ($iptokenstr =~ /^iptoken=/) {
(undef,$form{'iptoken'}) = split('=',$iptokenstr);	my $keybin=pack("H16",$key);

	my $cipher;
	if ($Crypt::DES::VERSION>=2.03) {
	$cipher=new Crypt::DES $keybin;
	}
	else {
	$cipher=new DES $keybin;
}	}
	my $upass='';
	for (my $i=0;$i<=2;$i++) {
	my $chunk=
	$cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},0,16))));

my $upass = &Apache::loncommon::des_decrypt($key,$form{'upass0'});	$chunk.=
	$cipher->decrypt(unpack("a8",pack("H16",substr($form{'upass'.$i},16,16))));

	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
	$upass.=$chunk;
	}

# ---------------------------------------------------------------- Authenticate	# ---------------------------------------------------------------- Authenticate

Line 420 sub handler {	Line 396 sub handler {
return OK;	return OK;
}	}
my $start_page =	my $start_page =
&Apache::loncommon::start_page('Create a user account in LON-CAPA',	&Apache::loncommon::start_page('Create a user account in LON-CAPA');
'',{'no_inline_link' => 1,});
my $lonhost = $r->dir_config('lonHostID');	my $lonhost = $r->dir_config('lonHostID');
my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};	my $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
my $contacts =	my $contacts =
Line 453 sub handler {	Line 428 sub handler {

my $hosthere;	my $hosthere;
if ($form{'iptoken'}) {	if ($form{'iptoken'}) {
my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
if (($sessiondata{'domain'} eq $form{'udom'}) &&	if (($sessiondata{'domain'} eq $form{'udom'}) &&
($sessiondata{'username'} eq $form{'uname'})) {	($sessiondata{'username'} eq $form{'uname'})) {
$hosthere = 1;	$hosthere = 1;
Line 463 sub handler {	Line 436 sub handler {

# --------------------------------- Are we attempting to login as somebody else?	# --------------------------------- Are we attempting to login as somebody else?
if ($form{'suname'}) {	if ($form{'suname'}) {
my ($suname,$sudom,$sudomref);
$suname = $form{'suname'};
$sudom = $form{'udom'};
if ($form{'sudom'}) {
unless ($sudom eq $form{'sudom'}) {
if (&Apache::lonnet::domain($form{'sudom'})) {
$sudomref = [$form{'sudom'}];
$sudom = $form{'sudom'};
}
}
}
# ------------ see if the original user has enough privileges to pull this stunt	# ------------ see if the original user has enough privileges to pull this stunt
if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'},$sudomref)) {	if (&Apache::lonnet::privileged($form{'uname'},$form{'udom'})) {
# ---------------------------------------------------- see if the su-user exists	# ---------------------------------------------------- see if the su-user exists
unless (&Apache::lonnet::homeserver($suname,$sudom) eq 'no_host') {	unless (&Apache::lonnet::homeserver($form{'suname'},$form{'udom'})
	eq 'no_host') {
	&Apache::lonnet::logthis(&Apache::lonnet::homeserver($form{'suname'},$form{'udom'}));
# ------------------------------ see if the su-user is not too highly privileged	# ------------------------------ see if the su-user is not too highly privileged
if (&Apache::lonnet::privileged($suname,$sudom)) {	unless (&Apache::lonnet::privileged($form{'suname'},$form{'udom'})) {
&Apache::lonnet::logthis('Attempted switch user to privileged user');
} else {
my $noprivswitch;
#
# su-user's home server and user's home server must have one of:
# (a) same domain
# (b) same primary library server for the two domains
# (c) same "internet domain" for primary library server(s) for home servers' domains
#
my $suprim = &Apache::lonnet::domain($sudom,'primary');
my $suintdom = &Apache::lonnet::internet_dom($suprim);
unless ($sudom eq $form{'udom'}) {
my $uprim = &Apache::lonnet::domain($form{'udom'},'primary');
my $uintdom = &Apache::lonnet::internet_dom($uprim);
unless ($suprim eq $uprim) {
unless ($suintdom eq $uintdom) {
&Apache::lonnet::logthis('Attempted switch user '
.'to user with different "internet domain".');
$noprivswitch = 1;
}
}
}

unless ($noprivswitch) {
#
# server where log-in occurs must have same "internet domain" as su-user's home
# server
#
my $lonhost = $r->dir_config('lonHostID');
my $hostintdom = &Apache::lonnet::internet_dom($lonhost);
if ($hostintdom ne $suintdom) {
&Apache::lonnet::logthis('Attempted switch user on a '
.'server with a different "internet domain".');
} else {

# -------------------------------------------------------- actually switch users	# -------------------------------------------------------- actually switch users
	&Apache::lonnet::logperm('User '.$form{'uname'}.' at '.$form{'udom'}.
&Apache::lonnet::logperm('User '.$form{'uname'}.' at '.	' logging in as '.$form{'suname'});
$form{'udom'}.' logging in as '.$suname.':'.$sudom);	$form{'uname'}=$form{'suname'};
$form{'uname'}=$suname;	} else {
if ($form{'udom'} ne $sudom) {	&Apache::lonnet::logthis('Attempted switch user to privileged user');
$form{'udom'}=$sudom;
}
}
}
}	}
}	}
} else {	} else {
Line 536 sub handler {	Line 461 sub handler {

unless ($hosthere) {	unless ($hosthere) {
($is_balancer,$otherserver) =	($is_balancer,$otherserver) =
&Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'},'login');	&Apache::lonnet::check_loadbalancing($form{'uname'},$form{'udom'});
if ($is_balancer) {
# Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r);
if (($found_server) && ($balancer_cookie =~ /^\Q$env{'user.domain'}\E_\Q$env{'user.name'}\E_/)) {
$otherserver = $found_server;
}
if ($otherserver eq '') {
my $lowest_load;
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($form{'udom'});
if ($lowest_load > 100) {
$otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$form{'udom'});
}
}
if ($otherserver ne '') {
my @hosts = &Apache::lonnet::current_machine_ids();
if (grep(/^\Q$otherserver\E$/,@hosts)) {
$hosthere = $otherserver;
}
}
}
}	}

if (($is_balancer) && (!$hosthere)) {	if ($is_balancer) {
	if (!$otherserver) {
	($otherserver) = &Apache::lonnet::choose_server($form{'udom'});
	}
if ($otherserver) {	if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,	&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);	\%form);
my $switchto = '/adm/switchserver?otherserver='.$otherserver;	$r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
$switchto .= '&origurl='.$firsturl;
}
if ($form{'role'}) {
$switchto .= '&role='.$form{'role'};
}
if ($form{'symb'}) {
$switchto .= '&symb='.$form{'symb'};
}
$r->internal_redirect($switchto);
} else {	} else {
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
$r->print(&noswitch());	$r->print(&noswitch());
}	}
return OK;	return OK;
Line 586 sub handler {	Line 482 sub handler {
if ($otherserver) {	if ($otherserver) {
&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,	&success($r,$form{'uname'},$form{'udom'},$authhost,'noredirect',undef,
\%form);	\%form);
my $switchto = '/adm/switchserver?otherserver='.$otherserver;	$r->internal_redirect('/adm/switchserver?otherserver='.$otherserver.'&origurl='.$firsturl);
if (($firsturl) && ($firsturl ne '/adm/switchserver') && ($firsturl ne '/adm/roles')) {
$switchto .= '&origurl='.$firsturl;
}
if ($form{'role'}) {
$switchto .= '&role='.$form{'role'};
}
if ($form{'symb'}) {
$switchto .= '&symb='.$form{'symb'};
}
$r->internal_redirect($switchto);
} else {	} else {
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
$r->print(&noswitch());	$r->print(&noswitch());
}	}
return OK;	return OK;
Line 631 sub handler {	Line 515 sub handler {
return OK;	return OK;
}	}
}	}
if (($is_balancer) && ($hosthere)) {
$form{'noloadbalance'} = $hosthere;
}
&success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef,	&success($r,$form{'uname'},$form{'udom'},$authhost,$firsturl,undef,
\%form);	\%form);
return OK;	return OK;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.121.2.20
changed lines
	Added in v.1.129