loncom/auth/lonauth.pm - diff

Return to lonauth.pm CVS log

Up to [LON-CAPA] / loncom / auth

Diff for /loncom/auth/lonauth.pm between versions 1.57 and 1.73

version 1.57, 2003/09/20 17:44:22	version 1.73, 2006/01/19 22:14:38
Line 25	Line 25
#	#
# http://www.lon-capa.org/	# http://www.lon-capa.org/
#	#
# 5/21/99,5/22,5/25,5/26,5/27,5/29,6/2,6/11,6/14,6/15
# 16/11,12/16,
# 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5,6/29,
# 7/1,7/10,10/2,10/5,10/9,10/26,10/30,11/10,
# 05/28,05/29 Gerd Kortemeyer
# 07/28,08/03 Gerd Kortemeyer
# 8/20 Gerd Kortemeyer

package Apache::lonauth;	package Apache::lonauth;

Line 43 use CGI::Cookie();	Line 36 use CGI::Cookie();
use DynaLoader; # for Crypt::DES version	use DynaLoader; # for Crypt::DES version
use Crypt::DES;	use Crypt::DES;
use Apache::loncommon();	use Apache::loncommon();
use Apache::lonnet();	use Apache::lonnet;
use Apache::lonmenu();	use Apache::lonmenu();
use Fcntl qw(:flock);	use Fcntl qw(:flock);
use Apache::lonlocal;	use Apache::lonlocal;
	use POSIX qw(strftime);

my %FORM;	my %FORM;

Line 56 sub success {	Line 50 sub success {
my ($r, $username, $domain, $authhost,$lowerurl) = @_;	my ($r, $username, $domain, $authhost,$lowerurl) = @_;
my $lonids=$r->dir_config('lonIDsDir');	my $lonids=$r->dir_config('lonIDsDir');

	my $public=($username eq 'public' && $domain eq 'public');

# See if old ID present, if so, remove	# See if old ID present, if so, remove

my $filename;	my ($filename,$cookie,$userroles);
opendir(DIR,$lonids);	my $now=time;
while ($filename=readdir(DIR)) {
if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
unlink($lonids.'/'.$filename);
}
}
closedir(DIR);

# Give them a new cookie	if ($public) {
	my $max_public=100;
	my $oldest;
	my $oldest_time=0;
	for(my $next=1;$next<=$max_public;$next++) {
	if (-e $lonids."/publicuser_$next.id") {
	my $mtime=(stat($lonids."/publicuser_$next.id"))[9];
	if ($mtime<$oldest_time \|\| !$oldest_time) {
	$oldest_time=$mtime;
	$oldest=$next;
	}
	} else {
	$cookie="publicuser_$next";
	last;
	}
	}
	if (!$cookie) { $cookie="publicuser_$oldest"; }
	} else {
	opendir(DIR,$lonids);
	while ($filename=readdir(DIR)) {
	if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
	unlink($lonids.'/'.$filename);
	}
	}
	closedir(DIR);

my $cookie;	# Give them a new cookie
my $now=time;
$cookie="$username\_$now\_$domain\_$authhost";

	$cookie="$username\_$now\_$domain\_$authhost";

# Initialize roles	# Initialize roles

my $userroles=Apache::lonnet::rolesinit($domain,$username,$authhost);	$userroles=Apache::lonnet::rolesinit($domain,$username,$authhost);
	}
# ------------------------------------ Check browser type and MathML capability	# ------------------------------------ Check browser type and MathML capability

my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml,	my ($httpbrowser,$clientbrowser,$clientversion,$clientmathml,
Line 100 sub success {	Line 114 sub success {
my %userenv=Apache::lonnet::dump('environment',$domain,$username);	my %userenv=Apache::lonnet::dump('environment',$domain,$username);
my ($tmp) = keys(%userenv);	my ($tmp) = keys(%userenv);
if ($tmp !~ /^(con_lost\|error\|no_such_host)/i) {	if ($tmp !~ /^(con_lost\|error\|no_such_host)/i) {
	# default remote control to off
	if ($userenv{'remote'} ne 'on') { $userenv{'remote'} = 'off'; }
foreach my $key (keys(%userenv)) {	foreach my $key (keys(%userenv)) {
$userenv.="environment.$key=$userenv{$key}\n";	$userenv.="environment.$key=$userenv{$key}\n";
}	}
Line 107 sub success {	Line 123 sub success {
if (($userenv{'interface'}) && (!$FORM{'interface'})) {	if (($userenv{'interface'}) && (!$FORM{'interface'})) {
$FORM{'interface'}=$userenv{'interface'};	$FORM{'interface'}=$userenv{'interface'};
}	}
$ENV{'environment.remote'}=$userenv{'remote'};	$env{'environment.remote'}=$userenv{'remote'};
	if ($userenv{'texengine'} eq 'ttm') { $clientmathml=1; }

# --------------- Do not trust query string to be put directly into environment	# --------------- Do not trust query string to be put directly into environment
foreach ('imagesuppress','appletsuppress',	foreach ('imagesuppress','appletsuppress',
'embedsuppress','fontenhance','blackwhite',	'embedsuppress','fontenhance','blackwhite',
Line 137 sub success {	Line 155 sub success {
print $idf "browser.localpath=$FORM{'localpath'}\n";	print $idf "browser.localpath=$FORM{'localpath'}\n";
print $idf "browser.localres=$FORM{'localres'}\n";	print $idf "browser.localres=$FORM{'localres'}\n";
}	}
	print $idf "server.domain=".$r->dir_config('lonDefDomain')."\n";
	my $timezone=POSIX::strftime("%Z",localtime(time));
	print $idf "server.timezone=$timezone\n";
print $idf "request.course.fn=\n";	print $idf "request.course.fn=\n";
print $idf "request.course.uri=\n";	print $idf "request.course.uri=\n";
print $idf "request.course.sec=\n";	print $idf "request.course.sec=\n";
print $idf "request.role=cm\n";	print $idf "request.role=cm\n";
print $idf "request.role.adv=$ENV{'user.adv'}\n";	print $idf "request.role.adv=$env{'user.adv'}\n";
print $idf "request.host=$ENV{'REMOTE_ADDR'}\n";	print $idf "request.host=$ENV{'REMOTE_ADDR'}\n";
	if ($public) {
	print $idf "environment.remote=off\n";
	}
if ($FORM{'interface'}) {	if ($FORM{'interface'}) {
$FORM{'interface'}=~s/\W//gs;	$FORM{'interface'}=~s/\W//gs;
print $idf "browser.interface=$FORM{'interface'}\n";	print $idf "browser.interface=$FORM{'interface'}\n";
$ENV{'browser.interface'}=$FORM{'interface'};	$env{'browser.interface'}=$FORM{'interface'};
foreach ('imagesuppress','appletsuppress',	foreach ('imagesuppress','appletsuppress',
'embedsuppress','fontenhance','blackwhite') {	'embedsuppress','fontenhance','blackwhite') {
if (($FORM{$_} eq 'true') \|\|	if (($FORM{$_} eq 'true') \|\|
Line 158 sub success {	Line 182 sub success {
if ($userroles ne '') { print $idf "$userroles"; }	if ($userroles ne '') { print $idf "$userroles"; }
$idf->close();	$idf->close();
}	}
$ENV{'request.role'}='cm';	$env{'request.role'}='cm';
$ENV{'request.role.adv'}=$ENV{'user.adv'};	$env{'request.role.adv'}=$env{'user.adv'};
$ENV{'browser.type'}=$clientbrowser;	$env{'browser.type'}=$clientbrowser;
# -------------------------------------------------------------------- Log this	# -------------------------------------------------------------------- Log this

&Apache::lonnet::log($domain,$username,$authhost,	&Apache::lonnet::log($domain,$username,$authhost,
Line 177 sub success {	Line 201 sub success {

# ------------------------------------------------------------ Get cookie ready	# ------------------------------------------------------------ Get cookie ready

	if ($public or $lowerurl eq 'noredirect') { return $cookie; }

$cookie="lonID=$cookie; path=/";	$cookie="lonID=$cookie; path=/";
# -------------------------------------------------------- Menu script and info	# -------------------------------------------------------- Menu script and info
my $windowinfo=&Apache::lonmenu::open($clientos);	my $windowinfo=&Apache::lonmenu::open($clientos);
my $startupremote=&Apache::lonmenu::startupremote($lowerurl);	my $startupremote=&Apache::lonmenu::startupremote($lowerurl);
	my $remoteinfo=&Apache::lonmenu::load_remote_msg($lowerurl);
my $setflags=&Apache::lonmenu::setflags();	my $setflags=&Apache::lonmenu::setflags();
my $maincall=&Apache::lonmenu::maincall();	my $maincall=&Apache::lonmenu::maincall();
my $bodytag=&Apache::loncommon::bodytag('Successful Login');	my $bodytag=&Apache::loncommon::bodytag('Successful Login');
	my $add=&addcontent();
	my $continuelink;
	if (($env{'browser.interface'} eq 'textual') \|\|
	($env{'environment.remote'} eq 'off')) {
	$continuelink="<a href=\"$lowerurl\">".&mt('Continue')."</a>";
	}
# ------------------------------------------------- Output for successful login	# ------------------------------------------------- Output for successful login

$r->send_cgi_header(<<ENDHEADER);	$r->send_cgi_header(<<ENDHEADER);
Content-type: text/html	Content-type: text/html$add
Set-cookie: $cookie	Set-cookie: $cookie

ENDHEADER	ENDHEADER
	my %lt=&Apache::lonlocal::texthash(
	'wel' => 'Welcome',
	'mes' => 'Welcome to the Learning<i>Online</i> Network with CAPA. Please wait while your session is being set up',
	'pro' => 'Problems',
	'log' => 'loginproblems.html',
	);
$r->print(<<ENDSUCCESS);	$r->print(<<ENDSUCCESS);
<html>	<html>
<head>	<head>
Line 200 $startupremote	Line 239 $startupremote
$bodytag	$bodytag
$setflags	$setflags
$windowinfo	$windowinfo
<h1>Welcome!</h1>	<h1>$lt{'wel'}</h1>
Welcome to the Learning<i>Online</i> Network with CAPA.	$lt{'mes'}.<p>
Please wait while your session	<a href="/adm/$lt{'log'}">$lt{'pro'}?</a></p>
is being set up.<p>	$remoteinfo
<a href="/adm/loginproblems.html">Problems?</a></p>
$maincall	$maincall
	$continuelink
</body>	</body>
</html>	</html>
ENDSUCCESS	ENDSUCCESS
Line 216 ENDSUCCESS	Line 255 ENDSUCCESS
sub failed {	sub failed {
my ($r,$message) = @_;	my ($r,$message) = @_;
my $bodytag=&Apache::loncommon::bodytag('Unsuccessful Login');	my $bodytag=&Apache::loncommon::bodytag('Unsuccessful Login');
	my $add=&addcontent();
$r->send_cgi_header(<<ENDFHEADER);	$r->send_cgi_header(<<ENDFHEADER);
Content-type: text/html	Content-type: text/html$add

ENDFHEADER	ENDFHEADER
$r->print(<<ENDFAILED);	$r->print(<<ENDFAILED);
Line 225 ENDFHEADER	Line 265 ENDFHEADER
<head>	<head>
<title>Unsuccessful Login to the LearningOnline Network with CAPA</title>	<title>Unsuccessful Login to the LearningOnline Network with CAPA</title>
</head>	</head>
<html>
$bodytag	$bodytag
<h1>Sorry ...</h1>	<h1>Sorry ...</h1>
<p><b>$message</b></p>	<p><b>$message</b></p>
Line 237 $bodytag	Line 276 $bodytag
ENDFAILED	ENDFAILED
}	}

	# --------------------------------------------------------------------- Charset

	sub addcontent {
	my $encoding=&Apache::lonlocal::current_encoding;
	if ($encoding) {
	return '; charset='.$encoding;
	} else {
	return '';
	}
	}

# ------------------------------------------------------------------ Rerouting!	# ------------------------------------------------------------------ Rerouting!

sub reroute {	sub reroute {
Line 251 ENDRFHEADER	Line 301 ENDRFHEADER
<head>	<head>
<title>Rerouting Login to the LearningOnline Network with CAPA</title>	<title>Rerouting Login to the LearningOnline Network with CAPA</title>
</head>	</head>
<html>
$bodytag	$bodytag
<h1>Sorry ...</h1>	<h1>Sorry ...</h1>
Please <a href="/">log in again</a>.	Please <a href="/">log in again</a>.
Line 273 sub handler {	Line 322 sub handler {

&Apache::lonlocal::get_language_handle($r);	&Apache::lonlocal::get_language_handle($r);

	# -------------------------------- Prevent users from attempting to login twice
	my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
	my $lonid=$cookies{'lonID'};
	my $cookie;
	if ($lonid) {
	my $handle=$lonid->value;
	$handle=~s/\W//g;
	my $lonidsdir=$r->dir_config('lonIDsDir');
	if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
	# Indeed, a valid token is found
	$r->send_cgi_header(<<ENDFHEADER);
	Content-type: text/html

	ENDFHEADER
	my $bodytag=&Apache::loncommon::bodytag('Already logged in');
	$r->print(<<ENDFAILED);
	<html>
	<head>
	<title>Already logged in</title>
	</head>
	$bodytag
	<h1>You are already logged in</h1>
	<p>Please either <a href="/adm/roles">continue the current session</a> or
	<a href="/adm/logout">logout</a>.</p>
	<p>
	<a href="/adm/loginproblems.html">Problems?</a></p>
	</body>
	</html>
	ENDFAILED
	return OK;
	}
	}

	# ---------------------------------------------------- No valid token, continue


my $buffer;	my $buffer;
$r->read($buffer,$r->header_in('Content-length'),0);	$r->read($buffer,$r->header_in('Content-length'),0);
my @pairs=split(/&/,$buffer);	my @pairs=split(/&/,$buffer);
Line 286 sub handler {	Line 371 sub handler {
$FORM{$name}=$value;	$FORM{$name}=$value;
}	}

if ((!$FORM{'uname'}) \|\| (!$FORM{'upass'}) \|\| (!$FORM{'udom'})) {	if ((!$FORM{'uname'}) \|\| (!$FORM{'upass0'}) \|\| (!$FORM{'udom'})) {
failed($r,'Username, password and domain need to be specified.');	failed($r,'Username, password and domain need to be specified.');
return OK;	return OK;
}	}

	# split user logging in and "su"-user

	($FORM{'uname'},$FORM{'suname'})=split(/\:/,$FORM{'uname'});
$FORM{'uname'} =~ s/\W//g;	$FORM{'uname'} =~ s/\W//g;
	$FORM{'suname'} =~ s/\W//g;
$FORM{'udom'} =~ s/\W//g;	$FORM{'udom'} =~ s/\W//g;

my $role = $r->dir_config('lonRole');	my $role = $r->dir_config('lonRole');
Line 322 sub handler {	Line 412 sub handler {
else {	else {
$cipher=new DES $keybin;	$cipher=new DES $keybin;
}	}
	my $upass='';
	for (my $i=0;$i<=2;$i++) {
	my $chunk=
	$cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},0,16))));

my $upass=$cipher->decrypt(	$chunk.=
unpack("a8",pack("H16",substr($FORM{'upass'},0,16))));	$cipher->decrypt(unpack("a8",pack("H16",substr($FORM{'upass'.$i},16,16))));

$upass.=$cipher->decrypt(	$chunk=substr($chunk,1,ord(substr($chunk,0,1)));
unpack("a8",pack("H16",substr($FORM{'upass'},16,16))));	$upass.=$chunk;
	}
$upass=substr($upass,1,ord(substr($upass,0,1)));

# ---------------------------------------------------------------- Authenticate	# ---------------------------------------------------------------- Authenticate
my $authhost=Apache::lonnet::authenticate($FORM{'uname'},	my $authhost=Apache::lonnet::authenticate($FORM{'uname'},
Line 343 sub handler {	Line 436 sub handler {
return OK;	return OK;
}	}

if (($firsturl eq '') \|\| ($firsturl eq '/adm/logout')) {	if (($firsturl eq '') \|\|
	($firsturl=~/^\/adm\/(logout\|remote)/)) {
$firsturl='/adm/roles';	$firsturl='/adm/roles';
}	}
	# --------------------------------- Are we attempting to login as somebody else?
success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl);	if ($FORM{'suname'}) {
	# ------------ see if the original user has enough privileges to pull this stunt
	if (&Apache::lonnet::privileged($FORM{'uname'},$FORM{'udom'})) {
	# ---------------------------------------------------- see if the su-user exists
	unless (&Apache::lonnet::homeserver($FORM{'suname'},$FORM{'udom'})
	eq 'no_host') {
	&Apache::lonnet::logthis(&Apache::lonnet::homeserver($FORM{'suname'},$FORM{'udom'}));
	# ------------------------------ see if the su-user is not too highly privileged
	unless (&Apache::lonnet::privileged($FORM{'suname'},$FORM{'udom'})) {
	# -------------------------------------------------------- actually switch users
	&Apache::lonnet::logperm('User '.$FORM{'uname'}.' at '.$FORM{'udom'}.
	' logging in as '.$FORM{'suname'});
	$FORM{'uname'}=$FORM{'suname'};
	} else {
	&Apache::lonnet::logthis('Attempted switch user to privileged user');
	}
	}
	} else {
	&Apache::lonnet::logthis('Non-privileged user attempting switch user');
	}
	}
	&success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl);
return OK;	return OK;
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.57
changed lines
	Added in v.1.73