[BACK]Return to lonauth.pm CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / auth
File:  [LON-CAPA] / loncom / auth / lonauth.pm
Revision 1.8: download - view: text, annotated - select for diffs
Thu Jun 29 20:43:03 2000 UTC (23 years, 10 months ago) by www
Branches: MAIN
CVS tags: HEAD
Login mechanism now uses encryption
lond has new routines for temporary entries tmpget, tmpput

    1: # The LearningOnline Network
    2: # User Authentication Module
    3: # 5/21/99,5/22,5/25,5/26,5/27,5/29,6/2,6/11,6/14,6/15
    4: # 16/11,12/16,
    5: # 1/14,2/24,2/28,2/29,3/7,5/29,5/30,5/31,6/1,6/5,6/29 Gerd Kortemeyer
    6: 
    7: package Apache::lonauth;
    8: 
    9: use Apache::Constants qw(:common);
   10: use Apache::File;
   11: use CGI qw(:standard);
   12: use CGI::Cookie();
   13: use Crypt::DES;
   14: use Apache::lonnet();
   15: 
   16: # ------------------------------------------------------------ Successful login
   17: 
   18: sub success {
   19:     my ($r, $username, $domain, $authhost,$lowerurl) = @_;
   20:     my $lonids=$r->dir_config('lonIDsDir');
   21: 
   22: # See if old ID present, if so, remove
   23:     my $cookie;
   24:     while ($cookie=<$lonids/$username\_*\_$domain\_$authhost.id>) {
   25: 	unlink($cookie);
   26:     }
   27: 
   28: # Give them a new cookie
   29: 
   30:     my $now=time;
   31:     $cookie="$username\_$now\_$domain\_$authhost";
   32: 
   33: # Initialize roles
   34: 
   35:     my $userroles=Apache::lonnet::rolesinit($domain,$username,$authhost);
   36: 
   37: # ------------------------------------ Check browser type and MathML capability
   38: 
   39:     my @browsertype=split(/\&/,$r->dir_config("lonBrowsDet"));
   40:     my %mathcap=split(/\&/,$r->dir_config("lonMathML"));
   41:     my $httpbrowser=$ENV{"HTTP_USER_AGENT"};
   42:     my $i;
   43:     my $clientbrowser='unknown';
   44:     my $clientversion='0';
   45:     my $clientmathml='';
   46:     for ($i=0;$i<=$#browsertype;$i++) {
   47:         my ($bname,$match,$notmatch,$vreg,$minv)=split(/\:/,$browsertype[$i]);
   48: 	if (($httpbrowser=~/$match/i)  && ($httpbrowser!~/$notmatch/i)) {
   49: 	    $clientbrowser=$bname;
   50:             $httpbrowser=~/$vreg/i;
   51: 	    $clientversion=$1;
   52:             $clientmathml=($clientversion>=$minv);
   53:         }
   54:     }
   55:     my $clientos='unknown';
   56:     if (($httpbrowser=~/linux/i) ||
   57:         ($httpbrowser=~/unix/i) ||
   58:         ($httpbrowser=~/ux/i) ||
   59:         ($httpbrowser=~/solaris/i)) { $clientos='unix'; }
   60:     if (($httpbrowser=~/vax/i) ||
   61:         ($httpbrowser=~/vms/i)) { $clientos='vms'; }
   62:     if ($httpbrowser=~/next/i) { $clientos='next'; }
   63:     if (($httpbrowser=~/mac/i) ||
   64:         ($httpbrowser=~/powerpc/i)) { $clientos='mac'; }
   65:     if ($httpbrowser=~/win/) { $clientos='win'; }
   66: 
   67: # --------------------------------------------------------- Write first profile
   68: 
   69:        {
   70: 	    my $idf=Apache::File->new(">$lonids/$cookie.id");
   71:             print $idf "user.name=$username\n";
   72:             print $idf "user.domain=$domain\n";
   73:             print $idf "user.home=$authhost\n";
   74:             print $idf "browser.type=$clientbrowser\n";
   75:             print $idf "browser.version=$clientversion\n";
   76:             print $idf "browser.mathml=$clientmathml\n";
   77:             print $idf "browser.os=$clientos\n";
   78:             if ($userroles ne '') { print $idf "$userroles" };
   79:         }
   80: # -------------------------------------------------------------------- Log this
   81: 
   82:     &Apache::lonnet::log($domain,$username,$authhost,
   83:                          "Login $ENV{'REMOTE_ADDR'}");
   84: 
   85: # ------------------------------------------------------------ Get cookie ready
   86: 
   87:     $cookie="lonID=$cookie; path=/";
   88: 
   89: # ------------------------------------------------- Output for successful login
   90: 
   91:     $r->send_cgi_header(<<ENDHEADER);
   92: Content-type: text/html
   93: Set-cookie: $cookie
   94: 
   95: ENDHEADER
   96:     $r->print(<<ENDSUCCESS);
   97: <html>
   98: <head>
   99: <title>Successful Login to the LearningOnline Network with CAPA</title>
  100: <meta HTTP-EQUIV="Refresh" CONTENT="1; url=$lowerurl">
  101: </head>
  102: <body bgcolor="#FFFFFF">
  103: <script>
  104: menu=window.open("/res/adm/pages/menu.html","LONCAPAmenu",
  105:                  "height=350,width=150,scrollbars=no,menubar=no");
  106: </script>
  107: <h1>Welcome!</h1>
  108: </body>
  109: </html>
  110: ENDSUCCESS
  111: }
  112: 
  113: # --------------------------------------------------------------- Failed login!
  114: 
  115: sub failed {
  116:     my ($r,$message) = @_;
  117:     $r->send_cgi_header(<<ENDFHEADER);
  118: Content-type: text/html
  119: 
  120: ENDFHEADER
  121:     $r->print(<<ENDFAILED);
  122: <html>
  123: <head>
  124: <title>Unsuccessful Login to the LearningOnline Network with CAPA</title>
  125: </head>
  126: <html>
  127: <body bgcolor="#FFFFFF">
  128: <h1>Sorry ...</h1>
  129: <h2>$message to use the Learning<i>Online</i> Network with CAPA</h2>
  130: </body>
  131: </html>
  132: ENDFAILED
  133: }
  134: 
  135: # ---------------------------------------------------------------- Main handler
  136: 
  137: sub handler {
  138:     my $r = shift;
  139: 
  140:     my $buffer;
  141:     $r->read($buffer,$r->header_in('Content-length'));
  142:     my @pairs=split(/&/,$buffer);
  143:     my $pair; my $name; my $value; my %FORM;
  144:     foreach $pair (@pairs) {
  145:        ($name,$value) = split(/=/,$pair);
  146:        $value =~ tr/+/ /;
  147:        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
  148:        $FORM{$name}=$value;
  149:     } 
  150: 
  151:     if ((!$FORM{'uname'}) || (!$FORM{'upass'}) || (!$FORM{'udom'})) {
  152: 	failed($r,'Username, password and domain need to be specified');
  153:         return OK;
  154:     }
  155:     $FORM{'uname'} =~ s/\W//g;
  156:     $FORM{'udom'}  =~ s/\W//g;
  157: 
  158:     my $role   = $r->dir_config('lonRole');
  159:     my $domain = $r->dir_config('lonDefDomain');
  160:     my $prodir = $r->dir_config('lonUsersDir');
  161: 
  162: # ---------------------------------------- Get the information from login token
  163: 
  164:     my $tmpinfo=Apache::lonnet::reply('tmpget:'.$FORM{'logtoken'},
  165:                                       $FORM{'serverid'});
  166: 
  167:     if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost')) {
  168: 	failed($r,'Login token missing, inaccessible or expired');
  169:         return OK;
  170:     }
  171:     
  172:     my ($key,$firsturl)=split(/:/,$tmpinfo);
  173: 
  174:     my $keybin=pack("H16",$key);
  175: 
  176:     my $cipher=new DES $keybin;
  177: 
  178:     my $upass=$cipher->decrypt(
  179:        unpack("a8",pack("H16",substr($FORM{'upass'},0,16))));
  180: 
  181:     $upass.=$cipher->decrypt(
  182:        unpack("a8",pack("H16",substr($FORM{'upass'},16,16))));
  183: 
  184:     $upass=substr($upass,1,ord(substr($upass,0,1)));
  185: 
  186: # ---------------------------------------------------------------- Authenticate
  187:     my $authhost=Apache::lonnet::authenticate($FORM{'uname'},
  188:                                               $upass,
  189:                                               $FORM{'udom'});
  190:     
  191: # --------------------------------------------------------------------- Failed?
  192: 
  193:     if ($authhost eq 'no_host') {
  194: 	failed($r,'Username and/or password could not be authenticated');
  195:         return OK;
  196:     }
  197: 
  198:     if ($firsturl eq '') {
  199: 	$firsturl='/res/adm/pages/index.html';
  200:     }
  201: 
  202:     success($r,$FORM{'uname'},$FORM{'udom'},$authhost,$firsturl);
  203:     return OK;
  204: }
  205: 
  206: 1;
  207: __END__
  208: 
  209:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>