--- loncom/auth/lonauth.pm 2004/01/13 16:29:40 1.61 +++ loncom/auth/lonauth.pm 2006/10/06 14:28:45 1.84 @@ -1,7 +1,7 @@ # The LearningOnline Network # User Authentication Module # -# $Id: lonauth.pm,v 1.61 2004/01/13 16:29:40 www Exp $ +# $Id: lonauth.pm,v 1.84 2006/10/06 14:28:45 albertel Exp $ # # Copyright Michigan State University Board of Trustees # @@ -25,58 +25,71 @@ # # http://www.lon-capa.org/ # -# 5/21/99,5/22,5/25,5/26,5/27,5/29,6/2,6/11,6/14,6/15 -# 16/11,12/16, -# 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5,6/29, -# 7/1,7/10,10/2,10/5,10/9,10/26,10/30,11/10, -# 05/28,05/29 Gerd Kortemeyer -# 07/28,08/03 Gerd Kortemeyer -# 8/20 Gerd Kortemeyer package Apache::lonauth; use strict; +use LONCAPA; use Apache::Constants qw(:common); -use Apache::File; use CGI qw(:standard); use CGI::Cookie(); use DynaLoader; # for Crypt::DES version use Crypt::DES; use Apache::loncommon(); -use Apache::lonnet(); +use Apache::lonnet; use Apache::lonmenu(); use Fcntl qw(:flock); use Apache::lonlocal; - +use GDBM_File; my %FORM; # ------------------------------------------------------------ Successful login sub success { - my ($r, $username, $domain, $authhost,$lowerurl) = @_; + my ($r, $username, $domain, $authhost, $lowerurl, $extra_env) = @_; my $lonids=$r->dir_config('lonIDsDir'); + my $public=($username eq 'public' && $domain eq 'public'); + # See if old ID present, if so, remove - my $filename; - opendir(DIR,$lonids); - while ($filename=readdir(DIR)) { - if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) { - unlink($lonids.'/'.$filename); - } - } - closedir(DIR); + my ($filename,$cookie,$userroles); + my $now=time; -# Give them a new cookie + if ($public) { + my $max_public=100; + my $oldest; + my $oldest_time=0; + for(my $next=1;$next<=$max_public;$next++) { + if (-e $lonids."/publicuser_$next.id") { + my $mtime=(stat($lonids."/publicuser_$next.id"))[9]; + if ($mtime<$oldest_time || !$oldest_time) { + $oldest_time=$mtime; + $oldest=$next; + } + } else { + $cookie="publicuser_$next"; + last; + } + } + if (!$cookie) { $cookie="publicuser_$oldest"; } + } else { + opendir(DIR,$lonids); + while ($filename=readdir(DIR)) { + if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) { + unlink($lonids.'/'.$filename); + } + } + closedir(DIR); - my $cookie; - my $now=time; - $cookie="$username\_$now\_$domain\_$authhost"; +# Give them a new cookie + $cookie="$username\_$now\_$domain\_$authhost"; + # Initialize roles - my $userroles=Apache::lonnet::rolesinit($domain,$username,$authhost); - + $userroles=&Apache::lonnet::rolesinit($domain,$username,$authhost); + } # ------------------------------------ Check browser type and MathML capability my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml, @@ -96,18 +109,20 @@ sub success { } # ------------------------------------------------------------- Get environment - my $userenv; my %userenv=Apache::lonnet::dump('environment',$domain,$username); my ($tmp) = keys(%userenv); if ($tmp !~ /^(con_lost|error|no_such_host)/i) { - foreach my $key (keys(%userenv)) { - $userenv.="environment.$key=$userenv{$key}\n"; - } + # default remote control to off + if ($userenv{'remote'} ne 'on') { $userenv{'remote'} = 'off'; } + } else { + undef(%userenv); } if (($userenv{'interface'}) && (!$FORM{'interface'})) { $FORM{'interface'}=$userenv{'interface'}; } - $ENV{'environment.remote'}=$userenv{'remote'}; + $env{'environment.remote'}=$userenv{'remote'}; + if ($userenv{'texengine'} eq 'ttm') { $clientmathml=1; } + # --------------- Do not trust query string to be put directly into environment foreach ('imagesuppress','appletsuppress', 'embedsuppress','fontenhance','blackwhite', @@ -117,50 +132,62 @@ sub success { # --------------------------------------------------------- Write first profile { - my $idf=Apache::File->new(">$lonids/$cookie.id"); - unless (flock($idf,LOCK_EX)) { - &Apache::lonnet::logthis("WARNING: ". - 'Could not obtain exclusive lock in lonauth: '.$!); - $idf->close(); - return 'error: '.$!; - } - if ($userenv ne '') { print $idf "$userenv\n"; } - print $idf "user.name=$username\n"; - print $idf "user.domain=$domain\n"; - print $idf "user.home=$authhost\n"; - print $idf "browser.type=$clientbrowser\n"; - print $idf "browser.version=$clientversion\n"; - print $idf "browser.mathml=$clientmathml\n"; - print $idf "browser.unicode=$clientunicode\n"; - print $idf "browser.os=$clientos\n"; + my %initial_env = + ("user.name" => $username, + "user.domain" => $domain, + "user.home" => $authhost, + "browser.type" => $clientbrowser, + "browser.version" => $clientversion, + "browser.mathml" => $clientmathml, + "browser.unicode" => $clientunicode, + "browser.os" => $clientos, + "server.domain" => $r->dir_config('lonDefDomain'), + "request.course.fn" => '', + "request.course.uri" => '', + "request.course.sec" => '', + "request.role" => 'cm', + "request.role.adv" => $env{'user.adv'}, + "request.host" => $ENV{'REMOTE_ADDR'},); + if ($FORM{'localpath'}) { - print $idf "browser.localpath=$FORM{'localpath'}\n"; - print $idf "browser.localres=$FORM{'localres'}\n"; + $initial_env{"browser.localpath"} = $FORM{'localpath'}; + $initial_env{"browser.localres"} = $FORM{'localres'}; } - print $idf "request.course.fn=\n"; - print $idf "request.course.uri=\n"; - print $idf "request.course.sec=\n"; - print $idf "request.role=cm\n"; - print $idf "request.role.adv=$ENV{'user.adv'}\n"; - print $idf "request.host=$ENV{'REMOTE_ADDR'}\n"; + + if ($public) { + $initial_env{"environment.remote"} = "off"; + } if ($FORM{'interface'}) { $FORM{'interface'}=~s/\W//gs; - print $idf "browser.interface=$FORM{'interface'}\n"; - $ENV{'browser.interface'}=$FORM{'interface'}; - foreach ('imagesuppress','appletsuppress', - 'embedsuppress','fontenhance','blackwhite') { - if (($FORM{$_} eq 'true') || - ($userenv{$_} eq 'on')) { - print $idf "browser.$_=on\n"; + $initial_env{"browser.interface"} = $FORM{'interface'}; + $env{'browser.interface'}=$FORM{'interface'}; + foreach my $option ('imagesuppress','appletsuppress', + 'embedsuppress','fontenhance','blackwhite') { + if (($FORM{$option} eq 'true') || + ($userenv{$option} eq 'on')) { + $initial_env{"browser.$option"} = "on"; } } } - if ($userroles ne '') { print $idf "$userroles"; } - $idf->close(); + + $env{'user.environment'} = "$lonids/$cookie.id"; + + if (tie(my %disk_env,'GDBM_File',"$lonids/$cookie.id", + &GDBM_WRCREAT(),0640)) { + &add_to_env(\%disk_env,\%initial_env); + &add_to_env(\%disk_env,\%userenv,'environment.'); + &add_to_env(\%disk_env,$userroles); + &add_to_env(\%disk_env,$extra_env); + untie(%disk_env); + } else { + &Apache::lonnet::logthis("WARNING: ". + 'Could not create environment storage in lonauth: '.$!); + return 'error: '.$!; + } } - $ENV{'request.role'}='cm'; - $ENV{'request.role.adv'}=$ENV{'user.adv'}; - $ENV{'browser.type'}=$clientbrowser; + $env{'request.role'}='cm'; + $env{'request.role.adv'}=$env{'user.adv'}; + $env{'browser.type'}=$clientbrowser; # -------------------------------------------------------------------- Log this &Apache::lonnet::log($domain,$username,$authhost, @@ -177,21 +204,31 @@ sub success { # ------------------------------------------------------------ Get cookie ready + if ($public or $lowerurl eq 'noredirect') { return $cookie; } + $cookie="lonID=$cookie; path=/"; # -------------------------------------------------------- Menu script and info my $windowinfo=&Apache::lonmenu::open($clientos); my $startupremote=&Apache::lonmenu::startupremote($lowerurl); + my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl); my $setflags=&Apache::lonmenu::setflags(); my $maincall=&Apache::lonmenu::maincall(); - my $bodytag=&Apache::loncommon::bodytag('Successful Login'); - my $add=&addcontent(); + my $start_page=&Apache::loncommon::start_page('Successful Login', + $startupremote, + {'no_inline_link' => 1,}); + my $end_page =&Apache::loncommon::end_page(); + + my $continuelink; + if (($env{'browser.interface'} eq 'textual') || + ($env{'environment.remote'} eq 'off')) { + $continuelink="".&mt('Continue').""; + } # ------------------------------------------------- Output for successful login - $r->send_cgi_header(<header_out('Set-cookie' => $cookie); + $r->send_http_header; -ENDHEADER my %lt=&Apache::lonlocal::texthash( 'wel' => 'Welcome', 'mes' => 'Welcome to the LearningOnline Network with CAPA. Please wait while your session is being set up', @@ -199,82 +236,66 @@ ENDHEADER 'log' => 'loginproblems.html', ); $r->print(< - -Successful Login to the LearningOnline Network with CAPA -$startupremote - -$bodytag +$start_page $setflags $windowinfo

$lt{'wel'}

$lt{'mes'}.

$lt{'pro'}?

+$remoteinfo $maincall - - +$continuelink +$end_page ENDSUCCESS } +sub add_to_env { + my ($idf,$env_data,$prefix) = @_; + while (my ($key,$value) = each(%$env_data)) { + $idf->{$prefix.$key} = $value; + $env{$prefix.$key} = $value; + } +} + # --------------------------------------------------------------- Failed login! sub failed { my ($r,$message) = @_; - my $bodytag=&Apache::loncommon::bodytag('Unsuccessful Login'); - my $add=&addcontent(); - $r->send_cgi_header(< 1,}); + my $end_page = &Apache::loncommon::end_page(); + + my %lt=('sorry' => &mt('Sorry ...'), + 'please' => + &mt('Please [_1]log in again[_2].', + "", + ''), + 'problemspage' => &mt('loginproblems.html'), + 'problems' => 'Problems', + ); + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; -ENDFHEADER $r->print(< - -Unsuccessful Login to the LearningOnline Network with CAPA - - -$bodytag -

Sorry ...

+$start_page +

$lt{'sorry'}

$message

-

Please log in again.

+

$lt{'please'}

-Problems?

- - +$lt{'problems'}

+$end_page ENDFAILED } -# --------------------------------------------------------------------- Charset - -sub addcontent { - my $encoding=&Apache::lonlocal::current_encoding; - if ($encoding) { - return '; charset='.$encoding; - } else { - return ''; - } -} - # ------------------------------------------------------------------ Rerouting! sub reroute { - my $r=shift; - my $bodytag=&Apache::loncommon::bodytag('Rerouting'); - $r->send_cgi_header(<print(< - -Rerouting Login to the LearningOnline Network with CAPA - - -$bodytag -

Sorry ...

-Please log in again. - - -ENDRFAILED + my ($r) = @_; + &Apache::loncommon::content_type($r,'text/html'); + $r->send_http_header; + my $msg='

Sorry ...

+ Please log in again.'; + &Apache::loncommon::simple_error_page($r,'Rerouting',$msg); } # ---------------------------------------------------------------- Main handler @@ -300,25 +321,20 @@ sub handler { my $lonidsdir=$r->dir_config('lonIDsDir'); if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) { # Indeed, a valid token is found - $r->send_cgi_header(<send_http_header; + my $start_page = + &Apache::loncommon::start_page('Already logged in'); + my $end_page = + &Apache::loncommon::end_page(); $r->print(< - -Already logged in - - -$bodytag +$start_page

You are already logged in

Please either continue the current session or logout.

Problems?

- - +$end_page ENDFAILED return OK; } @@ -328,7 +344,9 @@ ENDFAILED my $buffer; - $r->read($buffer,$r->header_in('Content-length'),0); + if ($r->header_in('Content-length') > 0) { + $r->read($buffer,$r->header_in('Content-length'),0); + } my @pairs=split(/&/,$buffer); my $pair; my $name; my $value; undef %FORM; @@ -340,7 +358,7 @@ ENDFAILED $FORM{$name}=$value; } - if ((!$FORM{'uname'}) || (!$FORM{'upass'}) || (!$FORM{'udom'})) { + if ((!$FORM{'uname'}) || (!$FORM{'upass0'}) || (!$FORM{'udom'})) { failed($r,'Username, password and domain need to be specified.'); return OK; } @@ -365,9 +383,12 @@ ENDFAILED failed($r,'Information needed to verify your login information is missing, inaccessible or expired.'); return OK; } else { - unless (&Apache::lonnet::reply('tmpdel:'.$FORM{'logtoken'}, - $FORM{'serverid'}) eq 'ok') { + my $reply = &Apache::lonnet::reply('tmpdel:'.$FORM{'logtoken'}, + $FORM{'serverid'}); + if ( $reply ne 'ok' ) { &failed($r,'Session could not be opened.'); + &Apache::lonnet::logthis("ERROR got a reply of $reply when trying to contact ". $FORM{'serverid'}." to get login token"); + return OK; } } my ($key,$firsturl)=split(/&/,$tmpinfo); @@ -381,14 +402,17 @@ ENDFAILED else { $cipher=new DES $keybin; } + my $upass=''; + for (my $i=0;$i<=2;$i++) { + my $chunk= + $cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},0,16)))); - my $upass=$cipher->decrypt( - unpack("a8",pack("H16",substr($FORM{'upass'},0,16)))); - - $upass.=$cipher->decrypt( - unpack("a8",pack("H16",substr($FORM{'upass'},16,16)))); + $chunk.= + $cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},16,16)))); - $upass=substr($upass,1,ord(substr($upass,0,1))); + $chunk=substr($chunk,1,ord(substr($chunk,0,1))); + $upass.=$chunk; + } # ---------------------------------------------------------------- Authenticate my $authhost=Apache::lonnet::authenticate($FORM{'uname'}, @@ -428,7 +452,12 @@ ENDFAILED &Apache::lonnet::logthis('Non-privileged user attempting switch user'); } } - &success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl); + if ($r->dir_config("lonBalancer") eq 'yes') { + &success($r,$FORM{'uname'},$FORM{'udom'},$authhost,'noredirect'); + $r->internal_redirect('/adm/switchserver'); + } else { + &success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl); + } return OK; } 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.