--- loncom/auth/lonauth.pm 2000/06/05 20:28:17 1.7 +++ loncom/auth/lonauth.pm 2003/03/10 20:21:45 1.45 @@ -1,16 +1,53 @@ # The LearningOnline Network # User Authentication Module +# +# $Id: lonauth.pm,v 1.45 2003/03/10 20:21:45 matthew Exp $ +# +# Copyright Michigan State University Board of Trustees +# +# This file is part of the LearningOnline Network with CAPA (LON-CAPA). +# +# LON-CAPA is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# LON-CAPA is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with LON-CAPA; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# /home/httpd/html/adm/gpl.txt +# +# http://www.lon-capa.org/ +# # 5/21/99,5/22,5/25,5/26,5/27,5/29,6/2,6/11,6/14,6/15 # 16/11,12/16, -# 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5 Gerd Kortemeyer +# 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5,6/29, +# 7/1,7/10,10/2,10/5,10/9,10/26,10/30,11/10, +# 05/28,05/29 Gerd Kortemeyer +# 07/28,08/03 Gerd Kortemeyer +# 8/20 Gerd Kortemeyer package Apache::lonauth; +use strict; use Apache::Constants qw(:common); use Apache::File; use CGI qw(:standard); use CGI::Cookie(); +use DynaLoader; # for Crypt::DES version +use Crypt::DES; +use Apache::loncommon(); use Apache::lonnet(); +use Apache::lonmenu(); +use Fcntl qw(:flock); + +my %FORM; # ------------------------------------------------------------ Successful login @@ -19,13 +56,19 @@ sub success { my $lonids=$r->dir_config('lonIDsDir'); # See if old ID present, if so, remove - my $cookie; - while ($cookie=<$lonids/$username\_*\_$domain\_$authhost.id>) { - unlink($cookie); + + my $filename; + opendir(DIR,$lonids); + while ($filename=readdir(DIR)) { + if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) { + unlink($lonids.'/'.$filename); + } } + closedir(DIR); # Give them a new cookie + my $cookie; my $now=time; $cookie="$username\_$now\_$domain\_$authhost"; @@ -35,56 +78,98 @@ sub success { # ------------------------------------ Check browser type and MathML capability - my @browsertype=split(/\&/,$r->dir_config("lonBrowsDet")); - my %mathcap=split(/\&/,$r->dir_config("lonMathML")); - my $httpbrowser=$ENV{"HTTP_USER_AGENT"}; - my $i; - my $clientbrowser='unknown'; - my $clientversion='0'; - my $clientmathml=''; - for ($i=0;$i<=$#browsertype;$i++) { - my ($bname,$match,$notmatch,$vreg,$minv)=split(/\:/,$browsertype[$i]); - if (($httpbrowser=~/$match/i) && ($httpbrowser!~/$notmatch/i)) { - $clientbrowser=$bname; - $httpbrowser=~/$vreg/i; - $clientversion=$1; - $clientmathml=($clientversion>=$minv); - } + my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml, + $clientunicode,$clientos) = &Apache::loncommon::decode_user_agent($r); + +# -------------------------------------- Any accessibility options to remember? + if (($FORM{'interface'}) && ($FORM{'remember'} eq 'true')) { + foreach ('imagesuppress','appletsuppress', + 'embedsuppress','fontenhance','blackwhite') { + if ($FORM{$_} eq 'true') { + &Apache::lonnet::put('environment',{$_ => 'on'}, + $domain,$username); + } else { + &Apache::lonnet::del('environment',[$_],$domain,$username); + } + } } - my $clientos='unknown'; - if (($httpbrowser=~/linux/i) || - ($httpbrowser=~/unix/i) || - ($httpbrowser=~/ux/i) || - ($httpbrowser=~/solaris/i)) { $clientos='unix'; } - if (($httpbrowser=~/vax/i) || - ($httpbrowser=~/vms/i)) { $clientos='vms'; } - if ($httpbrowser=~/next/i) { $clientos='next'; } - if (($httpbrowser=~/mac/i) || - ($httpbrowser=~/powerpc/i)) { $clientos='mac'; } - if ($httpbrowser=~/win/) { $clientos='win'; } +# ------------------------------------------------------------- Get environment + my $userenv; + my %userenv=Apache::lonnet::dump('environment',$domain,$username); + my ($tmp) = keys(%userenv); + if ($tmp !~ /^(con_lost|error|no_such_host)/i) { + foreach my $key (keys(%userenv)) { + $userenv.="environment.$key=$userenv{$key}\n"; + } + } + if (($userenv{'interface'}) && (!$FORM{'interface'})) { + $FORM{'interface'}=$userenv{'interface'}; + } # --------------------------------------------------------- Write first profile - { - my $idf=Apache::File->new(">$lonids/$cookie.id"); - print $idf "user.name=$username\n"; - print $idf "user.domain=$domain\n"; - print $idf "user.home=$authhost\n"; - print $idf "browser.type=$clientbrowser\n"; - print $idf "browser.version=$clientversion\n"; - print $idf "browser.mathml=$clientmathml\n"; - print $idf "browser.os=$clientos\n"; - if ($userroles ne '') { print $idf "$userroles" }; - } + { + my $idf=Apache::File->new(">$lonids/$cookie.id"); + unless (flock($idf,LOCK_EX)) { + &Apache::lonnet::logthis("WARNING: ". + 'Could not obtain exclusive lock in lonauth: '.$!); + $idf->close(); + return 'error: '.$!; + } + if ($userenv ne '') { print $idf "$userenv\n"; } + print $idf "user.name=$username\n"; + print $idf "user.domain=$domain\n"; + print $idf "user.home=$authhost\n"; + print $idf "browser.type=$clientbrowser\n"; + print $idf "browser.version=$clientversion\n"; + print $idf "browser.mathml=$clientmathml\n"; + print $idf "browser.unicode=$clientunicode\n"; + print $idf "browser.os=$clientos\n"; + print $idf "request.course.fn=\n"; + print $idf "request.course.uri=\n"; + print $idf "request.course.sec=\n"; + print $idf "request.role=cm\n"; + print $idf "request.host=$ENV{'REMOTE_ADDR'}\n"; + if ($FORM{'interface'}) { + $FORM{'interface'}=~s/\W//gs; + print $idf "browser.interface=$FORM{'interface'}\n"; + $ENV{'browser.interface'}=$FORM{'interface'}; + foreach ('imagesuppress','appletsuppress', + 'embedsuppress','fontenhance','blackwhite') { + if (($FORM{$_} eq 'true') || + ($userenv{$_} eq 'on')) { + print $idf "browser.$_=on\n"; + } + } + } + if ($userroles ne '') { print $idf "$userroles"; } + $idf->close(); + } + $ENV{'request.role'}='cm'; + $ENV{'browser.type'}=$clientbrowser; # -------------------------------------------------------------------- Log this &Apache::lonnet::log($domain,$username,$authhost, "Login $ENV{'REMOTE_ADDR'}"); +# ------------------------------------------------- Check for critical messages + + my @what=&Apache::lonnet::dump('critical',$domain,$username); + if ($what[0]) { + if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) { + $lowerurl='/adm/email?critical=display'; + } + } + # ------------------------------------------------------------ Get cookie ready $cookie="lonID=$cookie; path=/"; - +# -------------------------------------------------------- Menu script and info + my $windowinfo=&Apache::lonmenu::open($clientos); + my $startupremote=&Apache::lonmenu::startupremote($lowerurl); + my $setflags=&Apache::lonmenu::setflags(); + my $maincall=&Apache::lonmenu::maincall(); + my $bodytag=&Apache::loncommon::bodytag('Successful Login'); # ------------------------------------------------- Output for successful login $r->send_cgi_header(< Successful Login to the LearningOnline Network with CAPA - +$startupremote - - +$bodytag +$setflags +$windowinfo

Welcome!

+Welcome to the LearningOnline Network with CAPA. +Please wait while your session +is being set up.

+Problems?

+$maincall ENDSUCCESS @@ -113,6 +201,7 @@ ENDSUCCESS sub failed { my ($r,$message) = @_; + my $bodytag=&Apache::loncommon::bodytag('Unsuccessful Login'); $r->send_cgi_header(<Unsuccessful Login to the LearningOnline Network with CAPA - +$bodytag

Sorry ...

-

$message to use the LearningOnline Network with CAPA

+

$message

+

Please login again.

+

+Problems?

ENDFAILED @@ -139,7 +231,9 @@ sub handler { my $buffer; $r->read($buffer,$r->header_in('Content-length')); my @pairs=split(/&/,$buffer); - my $pair; my $name; my $value; my %FORM; + my $pair; my $name; my $value; + undef %FORM; + %FORM=(); foreach $pair (@pairs) { ($name,$value) = split(/=/,$pair); $value =~ tr/+/ /; @@ -148,7 +242,7 @@ sub handler { } if ((!$FORM{'uname'}) || (!$FORM{'upass'}) || (!$FORM{'udom'})) { - failed($r,'Username, password and domain need to be specified'); + failed($r,'Username, password and domain need to be specified.'); return OK; } $FORM{'uname'} =~ s/\W//g; @@ -158,23 +252,57 @@ sub handler { my $domain = $r->dir_config('lonDefDomain'); my $prodir = $r->dir_config('lonUsersDir'); +# ---------------------------------------- Get the information from login token + + my $tmpinfo=Apache::lonnet::reply('tmpget:'.$FORM{'logtoken'}, + $FORM{'serverid'}); + + if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) { + failed($r,'Information needed to verify your login information is missing, inaccessible or expired.'); + return OK; + } else { + unless (&Apache::lonnet::reply('tmpdel:'.$FORM{'logtoken'}, + $FORM{'serverid'}) eq 'ok') { + &failed($r,'Session could not be opened.'); + } + } + my ($key,$firsturl)=split(/&/,$tmpinfo); + + my $keybin=pack("H16",$key); + + my $cipher; + if ($Crypt::DES::VERSION>=2.03) { + $cipher=new Crypt::DES $keybin; + } + else { + $cipher=new DES $keybin; + } + + my $upass=$cipher->decrypt( + unpack("a8",pack("H16",substr($FORM{'upass'},0,16)))); + + $upass.=$cipher->decrypt( + unpack("a8",pack("H16",substr($FORM{'upass'},16,16)))); + + $upass=substr($upass,1,ord(substr($upass,0,1))); + # ---------------------------------------------------------------- Authenticate my $authhost=Apache::lonnet::authenticate($FORM{'uname'}, - $FORM{'upass'}, + $upass, $FORM{'udom'}); # --------------------------------------------------------------------- Failed? if ($authhost eq 'no_host') { - failed($r,'Username and/or password could not be authenticated'); + failed($r,'Username and/or password could not be authenticated.'); return OK; } - if ($FORM{'firsturl'} eq '') { - $FORM{'firsturl'}='/res/index.html'; + if (($firsturl eq '') || ($firsturl eq '/adm/logout')) { + $firsturl='/adm/roles'; } - success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$FORM{'firsturl'}); + success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl); return OK; } 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.