--- loncom/lond 2019/02/11 17:01:34 1.557
+++ loncom/lond 2020/05/05 20:24:41 1.563
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.557 2019/02/11 17:01:34 raeburn Exp $
+# $Id: lond,v 1.563 2020/05/05 20:24:41 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -65,7 +65,7 @@ my $DEBUG = 0; # Non zero to ena
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.557 $'; #' stupid emacs
+my $VERSION='$Revision: 1.563 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -220,6 +220,7 @@ my %trust = (
courseidput => {remote => 1, domroles => 1, enroll => 1},
courseidputhash => {remote => 1, domroles => 1, enroll => 1},
courselastaccess => {remote => 1, domroles => 1, enroll => 1},
+ coursesessions => {institutiononly => 1},
currentauth => {remote => 1, domroles => 1, enroll => 1},
currentdump => {remote => 1, enroll => 1},
currentversion => {remote=> 1, content => 1},
@@ -227,6 +228,7 @@ my %trust = (
dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},
delbalcookie => {institutiononly => 1},
+ delusersession => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},
@@ -2030,7 +2032,7 @@ sub read_lonnet_global {
}
if ($what eq 'perlvar') {
if (!exists($packagevars{$what}{'lonBalancer'})) {
- if ($dist =~ /^(centos|rhes|fedora|scientific)/) {
+ if ($dist =~ /^(centos|rhes|fedora|scientific|oracle)/) {
my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
if (ref($othervarref) eq 'HASH') {
$items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
@@ -2348,12 +2350,84 @@ sub change_password_handler {
}
if($validated) {
my $realpasswd = &get_auth_type($udom, $uname); # Defined since authd.
-
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+ my $notunique;
if ($howpwd eq 'internal') {
&Debug("internal auth");
my $ncpass = &hash_passwd($udom,$npass);
- if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
+ my (undef,$method,@rest) = split(/!/,$contentpwd);
+ if ($method eq 'bcrypt') {
+ my %passwdconf = &Apache::lonnet::get_passwdconf($udom);
+ if (($passwdconf{'numsaved'}) && ($passwdconf{'numsaved'} =~ /^\d+$/)) {
+ my @oldpasswds;
+ my $userpath = &propath($udom,$uname);
+ my $fullpath = $userpath.'/oldpasswds';
+ if (-d $userpath) {
+ my @oldfiles;
+ if (-e $fullpath) {
+ if (opendir(my $dir,$fullpath)) {
+ (@oldfiles) = grep(/^\d+$/,readdir($dir));
+ closedir($dir);
+ }
+ if (@oldfiles) {
+ @oldfiles = sort { $b <=> $a } (@oldfiles);
+ my $numremoved = 0;
+ for (my $i=0; $i<@oldfiles; $i++) {
+ if ($i>=$passwdconf{'numsaved'}) {
+ if (-f "$fullpath/$oldfiles[$i]") {
+ if (unlink("$fullpath/$oldfiles[$i]")) {
+ $numremoved ++;
+ }
+ }
+ } elsif (open(my $fh,'<',"$fullpath/$oldfiles[$i]")) {
+ while (my $line = <$fh>) {
+ push(@oldpasswds,$line);
+ }
+ close($fh);
+ }
+ }
+ if ($numremoved) {
+ &logthis("unlinked $numremoved old password files for $uname:$udom");
+ }
+ }
+ }
+ push(@oldpasswds,$contentpwd);
+ foreach my $item (@oldpasswds) {
+ my (undef,$method,@rest) = split(/!/,$item);
+ if ($method eq 'bcrypt') {
+ my $result = &hash_passwd($udom,$npass,@rest);
+ if ($result eq $item) {
+ $notunique = 1;
+ last;
+ }
+ }
+ }
+ unless ($notunique) {
+ unless (-e $fullpath) {
+ if (&mkpath("$fullpath/")) {
+ chmod(0700,$fullpath);
+ }
+ }
+ if (-d $fullpath) {
+ my $now = time;
+ if (open(my $fh,'>',"$fullpath/$now")) {
+ print $fh $contentpwd;
+ close($fh);
+ chmod(0400,"$fullpath/$now");
+ }
+ }
+ }
+ }
+ }
+ }
+ if ($notunique) {
+ my $msg="Result of password change for $uname:$udom - password matches one used before";
+ if ($lonhost) {
+ $msg .= " - request originated from: $lonhost";
+ }
+ &logthis($msg);
+ &Reply($client, "prioruse\n", $userinput);
+ } elsif (&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
my $msg="Result of password change for $uname: pwchange_success";
if ($lonhost) {
$msg .= " - request originated from: $lonhost";
@@ -2370,7 +2444,7 @@ sub change_password_handler {
my $result = &change_unix_password($uname, $npass);
if ($result eq 'ok') {
&update_passwd_history($uname,$udom,$howpwd,$context);
- }
+ }
&logthis("Result of password change for $uname: ".
$result);
&Reply($client, \$result, $userinput);
@@ -2381,7 +2455,6 @@ sub change_password_handler {
#
&Failure( $client, "auth_mode_error\n", $userinput);
}
-
} else {
if ($failure eq '') {
$failure = 'non_authorized';
@@ -2962,6 +3035,54 @@ sub user_has_session_handler {
}
®ister_handler("userhassession", \&user_has_session_handler, 0,1,0);
+sub del_usersession_handler {
+ my ($cmd, $tail, $client) = @_;
+
+ my $result;
+ my ($udom, $uname) = map { &unescape($_) } (split(/:/, $tail));
+ if (($udom =~ /^$LONCAPA::match_domain$/) && ($uname =~ /^$LONCAPA::match_username$/)) {
+ my $lonidsdir = $perlvar{'lonIDsDir'};
+ if (-d $lonidsdir) {
+ if (opendir(DIR,$lonidsdir)) {
+ my $filename;
+ while ($filename=readdir(DIR)) {
+ if ($filename=~/^\Q$uname\E_\d+_\Q$udom\E_/) {
+ if (tie(my %oldenv,'GDBM_File',"$lonidsdir/$filename",
+ &GDBM_READER(),0640)) {
+ my $linkedfile;
+ if (exists($oldenv{'user.linkedenv'})) {
+ $linkedfile = $oldenv{'user.linkedenv'};
+ }
+ untie(%oldenv);
+ $result = unlink("$lonidsdir/$filename");
+ if ($result) {
+ if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
+ if (-l "$lonidsdir/$linkedfile.id") {
+ unlink("$lonidsdir/$linkedfile.id");
+ }
+ }
+ }
+ } else {
+ $result = unlink("$lonidsdir/$filename");
+ }
+ last;
+ }
+ }
+ }
+ }
+ if ($result == 1) {
+ &Reply($client, "$result\n", "$cmd:$tail");
+ } else {
+ &Reply($client, "not_found\n", "$cmd:$tail");
+ }
+ } else {
+ &Failure($client, "invalid_user\n", "$cmd:$tail");
+ }
+ return 1;
+}
+
+®ister_handler("delusersession", \&del_usersession_handler, 0,1,0);
+
#
# Authenticate access to a user file by checking that the token the user's
# passed also exists in their session file
@@ -4753,6 +4874,44 @@ sub course_lastaccess_handler {
}
®ister_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
+sub course_sessions_handler {
+ my ($cmd, $tail, $client) = @_;
+ my $userinput = "$cmd:$tail";
+ my ($cdom,$cnum,$lastactivity) = split(':',$tail);
+ my $dbsuffix = '_'.$cdom.'_'.$cnum.'.db';
+ my (%sessions,$qresult);
+ my $now=time;
+ if (opendir(DIR,$perlvar{'lonIDsDir'})) {
+ my $filename;
+ while ($filename=readdir(DIR)) {
+ next if ($filename=~/^\./);
+ next if ($filename=~/^publicuser_/);
+ next if ($filename=~/^[a-f0-9]+_(linked|lti_\d+)\.id$/);
+ if ($filename =~ /^($LONCAPA::match_username)_\d+_($LONCAPA::match_domain)_/) {
+ my ($uname,$udom) = ($1,$2);
+ next unless (-e "$perlvar{'lonDaemons'}/tmp/$uname$dbsuffix");
+ my $mtime = (stat("$perlvar{'lonIDsDir'}/$filename"))[9];
+ if ($lastactivity < 0) {
+ next if ($mtime-$now > $lastactivity);
+ } else {
+ next if ($now-$mtime > $lastactivity);
+ }
+ $sessions{$uname.':'.$udom} = $mtime;
+ }
+ }
+ closedir(DIR);
+ }
+ foreach my $user (keys(%sessions)) {
+ $qresult.=&escape($user).'='.$sessions{$user}.'&';
+ }
+ if ($qresult) {
+ chop($qresult);
+ }
+ &Reply($client, \$qresult, $userinput);
+ return 1;
+}
+®ister_handler("coursesessions",\&course_sessions_handler, 0, 1, 0);
+
#
# Puts an unencrypted entry in a namespace db file at the domain level
#
@@ -7471,7 +7630,7 @@ sub make_new_child {
&Authen::Krb5::init_context();
my $no_ets;
- if ($dist =~ /^(?:centos|rhes|scientific)(\d+)$/) {
+ if ($dist =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) {
if ($1 >= 7) {
$no_ets = 1;
}
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.