--- loncom/lond	2008/02/21 16:04:19	1.395
+++ loncom/lond	2008/02/24 22:59:06	1.396
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.395 2008/02/21 16:04:19 raeburn Exp $
+# $Id: lond,v 1.396 2008/02/24 22:59:06 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -59,7 +59,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.395 $'; #' stupid emacs
+my $VERSION='$Revision: 1.396 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1514,16 +1514,15 @@ sub authenticate_handler {
     #  udom    - User's domain.
     #  uname   - Username.
     #  upass   - User's password.
-    #  defauthtype - Default authentication types for the domain
-    #  defautharg - Default authentication arg for the domain
+    #  checkdefauth - Pass to validate_user() to try authentication
+    #                 with default auth type(s) if no user account.
     
-    my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail);
+    my ($udom, $uname, $upass, $checkdefauth)=split(/:/,$tail);
     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
     chomp($upass);
     $upass=&unescape($upass);
 
-    my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype,
-                                    $defautharg);
+    my $pwdcorrect = &validate_user($udom,$uname,$upass,$checkdefauth);
     if($pwdcorrect) {
 	&Reply( $client, "authorized\n", $userinput);
 	#
@@ -4704,6 +4703,40 @@ sub get_institutional_id_rules {
 }
 &register_handler("instidrules",\&get_institutional_id_rules,0,1,0);
 
+sub get_institutional_selfenroll_rules {
+    my ($cmd, $tail, $client)   = @_;
+    my $userinput               = "$cmd:$tail";
+    my $dom = &unescape($tail);
+    my (%rules_hash,@rules_order);
+    my $outcome;
+    eval {
+        local($SIG{__DIE__})='DEFAULT';
+        $outcome = &localenroll::selfenroll_rules($dom,\%rules_hash,\@rules_order);
+    };
+    if (!$@) {
+        if ($outcome eq 'ok') {
+            my $result;
+            foreach my $key (keys(%rules_hash)) {
+                $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
+            }
+            $result =~ s/\&$//;
+            $result .= ':';
+            if (@rules_order > 0) {
+                foreach my $item (@rules_order) {
+                    $result .= &escape($item).'&';
+                }
+            }
+            $result =~ s/\&$//;
+            &Reply($client,\$result,$userinput);
+        } else {
+            &Reply($client,"error\n", $userinput);
+        }
+    } else {
+        &Failure($client,"unknown_cmd\n",$userinput);
+    }
+}
+&register_handler("instemailrules",\&get_institutional_selfenroll_rules,0,1,0);
+
 
 sub institutional_username_check {
     my ($cmd, $tail, $client)   = @_;
@@ -4763,6 +4796,35 @@ sub institutional_id_check {
 }
 &register_handler("instidrulecheck",\&institutional_id_check,0,1,0);
 
+sub institutional_selfenroll_check {
+    my ($cmd, $tail, $client)   = @_;
+    my $userinput               = "$cmd:$tail";
+    my %rulecheck;
+    my $outcome;
+    my ($udom,$email,@rules) = split(/:/,$tail);
+    $udom = &unescape($udom);
+    $email = &unescape($email);
+    @rules = map {&unescape($_);} (@rules);
+    eval {
+        local($SIG{__DIE__})='DEFAULT';
+        $outcome = &localenroll::selfenroll_check($udom,$email,\@rules,\%rulecheck);
+    };
+    if (!$@) {
+        if ($outcome eq 'ok') {
+            my $result='';
+            foreach my $key (keys(%rulecheck)) {
+                $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
+            }
+            &Reply($client,\$result,$userinput);
+        } else {
+            &Reply($client,"error\n", $userinput);
+        }
+    } else {
+        &Failure($client,"unknown_cmd\n",$userinput);
+    }
+}
+&register_handler("instselfenrollcheck",\&institutional_selfenroll_check,0,1,0);
+
 # Get domain specific conditions for import of student photographs to a course
 #
 # Retrieves information from photo_permission subroutine in localenroll.
@@ -5973,7 +6035,7 @@ sub get_auth_type
 #     0        - The domain,user,password triplet is not a valid user.
 #
 sub validate_user {
-    my ($domain, $user, $password, $defauthtype, $defautharg) = @_;
+    my ($domain, $user, $password, $checkdefauth) = @_;
 
     # Why negative ~pi you may well ask?  Well this function is about
     # authentication, and therefore very important to get right.
@@ -5997,13 +6059,17 @@ sub validate_user {
     my $null = pack("C",0);	# Used by kerberos auth types.
 
     if ($howpwd eq 'nouser') {
-        if ($defauthtype eq 'localauth') {
-            $howpwd = $defauthtype;
-            $contentpwd = $defautharg;
-        } elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) &&
-             ($defautharg ne '')) {
-            $howpwd = $defauthtype;
-            $contentpwd = $defautharg; 
+        if ($checkdefauth) {
+            my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
+            if ($domdefaults{'auth_def'} eq 'localauth') {
+                $howpwd = $domdefaults{'auth_def'};
+                $contentpwd = $domdefaults{'auth_arg_def'};
+            } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
+                      ($domdefaults{'auth_def'} eq 'krb5')) &&
+                     ($domdefaults{'auth_arg_def'} ne '')) {
+                $howpwd = $domdefaults{'auth_def'};
+                $contentpwd = $domdefaults{'auth_arg_def'}; 
+            }
         }
     } 
     if ($howpwd ne 'nouser') {