|
version 1.489.2.21, 2016/08/11 16:37:54
|
version 1.489.2.28.2.1, 2017/06/22 02:11:23
|
|
Line 1425 sub du2_handler {
|
Line 1425 sub du2_handler {
|
| # selected directory the filename followed by the full output of |
# selected directory the filename followed by the full output of |
| # the stat function is returned. The returned info for each |
# the stat function is returned. The returned info for each |
| # file are separated by ':'. The stat fields are separated by &'s. |
# file are separated by ':'. The stat fields are separated by &'s. |
| |
# |
| |
# If the requested path contains /../ or is: |
| |
# |
| |
# 1. for a directory, and the path does not begin with one of: |
| |
# (a) /home/httpd/html/res/<domain> |
| |
# (b) /home/httpd/html/userfiles/ |
| |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
| |
# or is: |
| |
# |
| |
# 2. for a file, and the path (after prepending) does not begin with one of: |
| |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
| |
# (b) /home/httpd/html/res/<domain>/<username>/ |
| |
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
| |
# |
| |
# the response will be "refused". |
| |
# |
| # Parameters: |
# Parameters: |
| # $cmd - The command that dispatched us (ls). |
# $cmd - The command that dispatched us (ls). |
| # $ulsdir - The directory path to list... I'm not sure what this |
# $ulsdir - The directory path to list... I'm not sure what this |
|
Line 1446 sub ls_handler {
|
Line 1462 sub ls_handler {
|
| my $rights; |
my $rights; |
| my $ulsout=''; |
my $ulsout=''; |
| my $ulsfn; |
my $ulsfn; |
| |
if ($ulsdir =~m{/\.\./}) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| if (-e $ulsdir) { |
if (-e $ulsdir) { |
| if(-d $ulsdir) { |
if(-d $ulsdir) { |
| |
unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
| |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| if (opendir(LSDIR,$ulsdir)) { |
if (opendir(LSDIR,$ulsdir)) { |
| while ($ulsfn=readdir(LSDIR)) { |
while ($ulsfn=readdir(LSDIR)) { |
| undef($obs); |
undef($obs); |
|
Line 1471 sub ls_handler {
|
Line 1496 sub ls_handler {
|
| closedir(LSDIR); |
closedir(LSDIR); |
| } |
} |
| } else { |
} else { |
| |
unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
| |
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| my @ulsstats=stat($ulsdir); |
my @ulsstats=stat($ulsdir); |
| $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
| } |
} |
|
Line 1495 sub ls_handler {
|
Line 1525 sub ls_handler {
|
| # selected directory the filename followed by the full output of |
# selected directory the filename followed by the full output of |
| # the stat function is returned. The returned info for each |
# the stat function is returned. The returned info for each |
| # file are separated by ':'. The stat fields are separated by &'s. |
# file are separated by ':'. The stat fields are separated by &'s. |
| |
# |
| |
# If the requested path contains /../ or is: |
| |
# |
| |
# 1. for a directory, and the path does not begin with one of: |
| |
# (a) /home/httpd/html/res/<domain> |
| |
# (b) /home/httpd/html/userfiles/ |
| |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
| |
# or is: |
| |
# |
| |
# 2. for a file, and the path (after prepending) does not begin with one of: |
| |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
| |
# (b) /home/httpd/html/res/<domain>/<username>/ |
| |
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
| |
# |
| |
# the response will be "refused". |
| |
# |
| # Parameters: |
# Parameters: |
| # $cmd - The command that dispatched us (ls). |
# $cmd - The command that dispatched us (ls). |
| # $ulsdir - The directory path to list... I'm not sure what this |
# $ulsdir - The directory path to list... I'm not sure what this |
|
Line 1515 sub ls2_handler {
|
Line 1561 sub ls2_handler {
|
| my $rights; |
my $rights; |
| my $ulsout=''; |
my $ulsout=''; |
| my $ulsfn; |
my $ulsfn; |
| |
if ($ulsdir =~m{/\.\./}) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| if (-e $ulsdir) { |
if (-e $ulsdir) { |
| if(-d $ulsdir) { |
if(-d $ulsdir) { |
| |
unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
| |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) { |
| |
&Failure($client,"refused\n","$userinput"); |
| |
return 1; |
| |
} |
| if (opendir(LSDIR,$ulsdir)) { |
if (opendir(LSDIR,$ulsdir)) { |
| while ($ulsfn=readdir(LSDIR)) { |
while ($ulsfn=readdir(LSDIR)) { |
| undef($obs); |
undef($obs); |
|
Line 1541 sub ls2_handler {
|
Line 1596 sub ls2_handler {
|
| closedir(LSDIR); |
closedir(LSDIR); |
| } |
} |
| } else { |
} else { |
| |
unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
| |
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| my @ulsstats=stat($ulsdir); |
my @ulsstats=stat($ulsdir); |
| $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
| } |
} |
|
Line 1557 sub ls2_handler {
|
Line 1617 sub ls2_handler {
|
| # selected directory the filename followed by the full output of |
# selected directory the filename followed by the full output of |
| # the stat function is returned. The returned info for each |
# the stat function is returned. The returned info for each |
| # file are separated by ':'. The stat fields are separated by &'s. |
# file are separated by ':'. The stat fields are separated by &'s. |
| |
# |
| |
# If the requested path (after prepending) contains /../ or is: |
| |
# |
| |
# 1. for a directory, and the path does not begin with one of: |
| |
# (a) /home/httpd/html/res/<domain> |
| |
# (b) /home/httpd/html/userfiles/ |
| |
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles |
| |
# (d) /home/httpd/html/priv/<domain> and client is the homeserver |
| |
# |
| |
# or is: |
| |
# |
| |
# 2. for a file, and the path (after prepending) does not begin with one of: |
| |
# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/ |
| |
# (b) /home/httpd/html/res/<domain>/<username>/ |
| |
# (c) /home/httpd/html/userfiles/<domain>/<username>/ |
| |
# (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver |
| |
# |
| |
# the response will be "refused". |
| |
# |
| # Parameters: |
# Parameters: |
| # $cmd - The command that dispatched us (ls). |
# $cmd - The command that dispatched us (ls). |
| # $tail - The tail of the request that invoked us. |
# $tail - The tail of the request that invoked us. |
|
Line 1596 sub ls3_handler {
|
Line 1675 sub ls3_handler {
|
| } |
} |
| |
|
| my $dir_root = $perlvar{'lonDocRoot'}; |
my $dir_root = $perlvar{'lonDocRoot'}; |
| if ($getpropath) { |
if (($getpropath) || ($getuserdir)) { |
| if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) { |
if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) { |
| $dir_root = &propath($udom,$uname); |
$dir_root = &propath($udom,$uname); |
| $dir_root =~ s/\/$//; |
$dir_root =~ s/\/$//; |
| } else { |
} else { |
| &Failure($client,"refused\n","$cmd:$tail"); |
&Failure($client,"refused\n",$userinput); |
| return 1; |
|
| } |
|
| } elsif ($getuserdir) { |
|
| if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) { |
|
| my $subdir=$uname.'__'; |
|
| $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/; |
|
| $dir_root = $Apache::lonnet::perlvar{'lonUsersDir'} |
|
| ."/$udom/$subdir/$uname"; |
|
| } else { |
|
| &Failure($client,"refused\n","$cmd:$tail"); |
|
| return 1; |
return 1; |
| } |
} |
| } elsif ($alternate_root ne '') { |
} elsif ($alternate_root ne '') { |
|
Line 1624 sub ls3_handler {
|
Line 1693 sub ls3_handler {
|
| $ulsdir = $dir_root.'/'.$ulsdir; |
$ulsdir = $dir_root.'/'.$ulsdir; |
| } |
} |
| } |
} |
| |
if ($ulsdir =~m{/\.\./}) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| |
my $islocal; |
| |
my @machine_ids = &Apache::lonnet::current_machine_ids(); |
| |
if (grep(/^\Q$clientname\E$/,@machine_ids)) { |
| |
$islocal = 1; |
| |
} |
| my $obs; |
my $obs; |
| my $rights; |
my $rights; |
| my $ulsout=''; |
my $ulsout=''; |
| my $ulsfn; |
my $ulsfn; |
| if (-e $ulsdir) { |
if (-e $ulsdir) { |
| if(-d $ulsdir) { |
if(-d $ulsdir) { |
| |
unless (($getpropath) || ($getuserdir) || |
| |
($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) || |
| |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) || |
| |
(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| if (opendir(LSDIR,$ulsdir)) { |
if (opendir(LSDIR,$ulsdir)) { |
| while ($ulsfn=readdir(LSDIR)) { |
while ($ulsfn=readdir(LSDIR)) { |
| undef($obs); |
undef($obs); |
|
Line 1654 sub ls3_handler {
|
Line 1739 sub ls3_handler {
|
| closedir(LSDIR); |
closedir(LSDIR); |
| } |
} |
| } else { |
} else { |
| |
unless (($getpropath) || ($getuserdir) || |
| |
($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) || |
| |
($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) || |
| |
(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) { |
| |
&Failure($client,"refused\n",$userinput); |
| |
return 1; |
| |
} |
| my @ulsstats=stat($ulsdir); |
my @ulsstats=stat($ulsdir); |
| $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':'; |
| } |
} |
|
Line 2070 sub hash_passwd {
|
Line 2162 sub hash_passwd {
|
| my $plainsalt = substr($rest[1],0,22); |
my $plainsalt = substr($rest[1],0,22); |
| $salt = Crypt::Eksblowfish::Bcrypt::de_base64($plainsalt); |
$salt = Crypt::Eksblowfish::Bcrypt::de_base64($plainsalt); |
| } else { |
} else { |
| my $defaultcost; |
my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); |
| my %domconfig = |
my $defaultcost = $domdefaults{'intauth_cost'}; |
| &Apache::lonnet::get_dom('configuration',['password'],$domain); |
|
| if (ref($domconfig{'password'}) eq 'HASH') { |
|
| $defaultcost = $domconfig{'password'}{'cost'}; |
|
| } |
|
| if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
| $cost = 10; |
$cost = 10; |
| } else { |
} else { |
|
Line 3131 sub get_profile_entry {
|
Line 3219 sub get_profile_entry {
|
| # |
# |
| # Parameters: |
# Parameters: |
| # $cmd - Command keyword of request (eget). |
# $cmd - Command keyword of request (eget). |
| # $tail - Tail of the command. See GetProfileEntry
# for more information about this. |
# $tail - Tail of the command. See GetProfileEntry |
| |
# for more information about this. |
| # $client - File open on the client. |
# $client - File open on the client. |
| # Returns: |
# Returns: |
| # 1 - Continue processing |
# 1 - Continue processing |
|
Line 3713 sub send_query_handler {
|
Line 3802 sub send_query_handler {
|
| |
|
| my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail); |
my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail); |
| $query=~s/\n*$//g; |
$query=~s/\n*$//g; |
| |
if (($query eq 'usersearch') || ($query eq 'instdirsearch')) { |
| |
my $usersearchconf = &get_usersearch_config($currentdomainid,'directorysrch'); |
| |
my $earlyout; |
| |
if (ref($usersearchconf) eq 'HASH') { |
| |
if ($currentdomainid eq $clienthomedom) { |
| |
if ($query eq 'usersearch') { |
| |
if ($usersearchconf->{'lcavailable'} eq '0') { |
| |
$earlyout = 1; |
| |
} |
| |
} else { |
| |
if ($usersearchconf->{'available'} eq '0') { |
| |
$earlyout = 1; |
| |
} |
| |
} |
| |
} else { |
| |
if ($query eq 'usersearch') { |
| |
if ($usersearchconf->{'lclocalonly'}) { |
| |
$earlyout = 1; |
| |
} |
| |
} else { |
| |
if ($usersearchconf->{'localonly'}) { |
| |
$earlyout = 1; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if ($earlyout) { |
| |
&Reply($client, "query_not_authorized\n"); |
| |
return 1; |
| |
} |
| |
} |
| &Reply($client, "". &sql_reply("$clientname\&$query". |
&Reply($client, "". &sql_reply("$clientname\&$query". |
| "\&$arg1"."\&$arg2"."\&$arg3")."\n", |
"\&$arg1"."\&$arg2"."\&$arg3")."\n", |
| $userinput); |
$userinput); |
|
Line 4448 sub get_domain_handler {
|
Line 4568 sub get_domain_handler {
|
| my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
| |
|
| |
|
| my $userinput = "$client:$tail"; |
my $userinput = "$cmd:$tail"; |
| |
|
| |
my ($udom,$namespace,$what)=split(/:/,$tail,3); |
| |
chomp($what); |
| |
if ($namespace =~ /^enc/) { |
| |
&Failure( $client, "refused\n", $userinput); |
| |
} else { |
| |
my @queries=split(/\&/,$what); |
| |
my $qresult=''; |
| |
my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER()); |
| |
if ($hashref) { |
| |
for (my $i=0;$i<=$#queries;$i++) { |
| |
$qresult.="$hashref->{$queries[$i]}&"; |
| |
} |
| |
if (&untie_domain_hash($hashref)) { |
| |
$qresult=~s/\&$//; |
| |
&Reply($client, \$qresult, $userinput); |
| |
} else { |
| |
&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ". |
| |
"while attempting getdom\n",$userinput); |
| |
} |
| |
} else { |
| |
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ". |
| |
"while attempting getdom\n",$userinput); |
| |
} |
| |
} |
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("getdom", \&get_domain_handler, 0, 1, 0); |
| |
|
| |
sub encrypted_get_domain_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
|
| |
my $userinput = "$cmd:$tail"; |
| |
|
| my ($udom,$namespace,$what)=split(/:/,$tail,3); |
my ($udom,$namespace,$what)=split(/:/,$tail,3); |
| chomp($what); |
chomp($what); |
|
Line 4461 sub get_domain_handler {
|
Line 4615 sub get_domain_handler {
|
| } |
} |
| if (&untie_domain_hash($hashref)) { |
if (&untie_domain_hash($hashref)) { |
| $qresult=~s/\&$//; |
$qresult=~s/\&$//; |
| &Reply($client, \$qresult, $userinput); |
if ($cipher) { |
| |
my $cmdlength=length($qresult); |
| |
$qresult.=" "; |
| |
my $encqresult=''; |
| |
for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { |
| |
$encqresult.= unpack("H16", |
| |
$cipher->encrypt(substr($qresult, |
| |
$encidx, |
| |
8))); |
| |
} |
| |
&Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput); |
| |
} else { |
| |
&Failure( $client, "error:no_key\n", $userinput); |
| |
} |
| } else { |
} else { |
| &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ". |
&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ". |
| "while attempting getdom\n",$userinput); |
"while attempting egetdom\n",$userinput); |
| } |
} |
| } else { |
} else { |
| &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ". |
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ". |
| "while attempting getdom\n",$userinput); |
"while attempting egetdom\n",$userinput); |
| } |
} |
| |
|
| return 1; |
return 1; |
| } |
} |
| ®ister_handler("getdom", \&get_domain_handler, 0, 1, 0); |
®ister_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0); |
| |
|
| # |
# |
| # Puts an id to a domains id database. |
# Puts an id to a domains id database. |
|
Line 5330 sub create_auto_enroll_password_handler
|
Line 5496 sub create_auto_enroll_password_handler
|
| ®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler, |
®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler, |
| 0, 1, 0); |
0, 1, 0); |
| |
|
| |
sub auto_export_grades_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
my ($cdom,$cnum,$info,$data) = split(/:/,$tail); |
| |
my $inforef = &Apache::lonnet::thaw_unescape($info); |
| |
my $dataref = &Apache::lonnet::thaw_unescape($data); |
| |
my ($outcome,$result);; |
| |
eval { |
| |
local($SIG{__DIE__})='DEFAULT'; |
| |
my %rtnhash; |
| |
$outcome=&localenroll::export_grades($cdom,$cnum,$inforef,$dataref,\%rtnhash); |
| |
if ($outcome eq 'ok') { |
| |
foreach my $key (keys(%rtnhash)) { |
| |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
| |
} |
| |
$result =~ s/\&$//; |
| |
} |
| |
}; |
| |
if (!$@) { |
| |
if ($outcome eq 'ok') { |
| |
if ($cipher) { |
| |
my $cmdlength=length($result); |
| |
$result.=" "; |
| |
my $encresult=''; |
| |
for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { |
| |
$encresult.= unpack("H16", |
| |
$cipher->encrypt(substr($result, |
| |
$encidx, |
| |
8))); |
| |
} |
| |
&Reply( $client, "enc:$cmdlength:$encresult\n", $userinput); |
| |
} else { |
| |
&Failure( $client, "error:no_key\n", $userinput); |
| |
} |
| |
} else { |
| |
&Reply($client, "$outcome\n", $userinput); |
| |
} |
| |
} else { |
| |
&Failure($client,"export_error\n",$userinput); |
| |
} |
| |
return 1; |
| |
} |
| |
®ister_handler("autoexportgrades", \&auto_export_grades_handler, |
| |
1, 1, 0); |
| |
|
| |
|
| # Retrieve and remove temporary files created by/during autoenrollment. |
# Retrieve and remove temporary files created by/during autoenrollment. |
| # |
# |
| # Formal Parameters: |
# Formal Parameters: |
| # $cmd - The command that got us dispatched. |
# $cmd - The command that got us dispatched. |
| # $tail - The tail of the command. In our case this is a colon |
# $tail - The tail of the command. In our case this is a colon |
| # separated list that will be split into: |
# separated list that will be split into: |
| # $filename - The name of the file to remove. |
# $filename - The name of the file to retrieve. |
| # The filename is given as a path relative to |
# The filename is given as a path relative to |
| # the LonCAPA temp file directory. |
# the LonCAPA temp file directory. |
| # $client - Socket open on the client. |
# $client - Socket open on the client. |
|
Line 5352 sub retrieve_auto_file_handler {
|
Line 5564 sub retrieve_auto_file_handler {
|
| my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
| if ($filename =~m{/\.\./}) { |
if ($filename =~m{/\.\./}) { |
| &Failure($client, "refused\n", $userinput); |
&Failure($client, "refused\n", $userinput); |
| |
} elsif ($filename !~ /^$LONCAPA::match_domain\_$LONCAPA::match_courseid\_.+_classlist\.xml$/) { |
| |
&Failure($client, "refused\n", $userinput); |
| } elsif ( (-e $source) && ($filename ne '') ) { |
} elsif ( (-e $source) && ($filename ne '') ) { |
| my $reply = ''; |
my $reply = ''; |
| if (open(my $fh,$source)) { |
if (open(my $fh,$source)) { |
|
Line 6809 sub make_new_child {
|
Line 7023 sub make_new_child {
|
| ."Attempted insecure connection disallowed </font>"); |
."Attempted insecure connection disallowed </font>"); |
| close $client; |
close $client; |
| $clientok = 0; |
$clientok = 0; |
| |
|
| } |
} |
| } |
} |
| } else { |
} else { |
|
Line 6818 sub make_new_child {
|
Line 7031 sub make_new_child {
|
| ."$clientip failed to initialize: >$remotereq< </font>"); |
."$clientip failed to initialize: >$remotereq< </font>"); |
| &status('No init '.$clientip); |
&status('No init '.$clientip); |
| } |
} |
| |
|
| } else { |
} else { |
| &logthis( |
&logthis( |
| "<font color='blue'>WARNING: Unknown client $clientip</font>"); |
"<font color='blue'>WARNING: Unknown client $clientip</font>"); |
|
Line 6976 sub password_filename {
|
Line 7188 sub password_filename {
|
| # domain - domain of the user. |
# domain - domain of the user. |
| # name - User's name. |
# name - User's name. |
| # contents - New contents of the file. |
# contents - New contents of the file. |
| |
# saveold - (optional). If true save old file in a passwd.bak file. |
| # Returns: |
# Returns: |
| # 0 - Failed. |
# 0 - Failed. |
| # 1 - Success. |
# 1 - Success. |
| # |
# |
| sub rewrite_password_file { |
sub rewrite_password_file { |
| my ($domain, $user, $contents) = @_; |
my ($domain, $user, $contents, $saveold) = @_; |
| |
|
| my $file = &password_filename($domain, $user); |
my $file = &password_filename($domain, $user); |
| if (defined $file) { |
if (defined $file) { |
| |
if ($saveold) { |
| |
my $bakfile = $file.'.bak'; |
| |
if (CopyFile($file,$bakfile)) { |
| |
chmod(0400,$bakfile); |
| |
&logthis("Old password saved in passwd.bak for internally authenticated user: $user:$domain"); |
| |
} else { |
| |
&logthis("Failed to save old password in passwd.bak for internally authenticated user: $user:$domain"); |
| |
} |
| |
} |
| my $pf = IO::File->new(">$file"); |
my $pf = IO::File->new(">$file"); |
| if($pf) { |
if($pf) { |
| print $pf "$contents\n"; |
print $pf "$contents\n"; |
|
Line 7075 sub validate_user {
|
Line 7297 sub validate_user {
|
| $contentpwd = $domdefaults{'auth_arg_def'}; |
$contentpwd = $domdefaults{'auth_arg_def'}; |
| } |
} |
| } |
} |
| } |
} |
| if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
| if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
| if (length($contentpwd) == 13) { |
if (length($contentpwd) == 13) { |
| $validated = (crypt($password,$contentpwd) eq $contentpwd); |
$validated = (crypt($password,$contentpwd) eq $contentpwd); |
| if ($validated) { |
if ($validated) { |
| my $ncpass = &hash_passwd($domain,$password); |
my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); |
| if (&rewrite_password_file($domain,$user,"$howpwd:$ncpass")) { |
if ($domdefaults{'intauth_switch'}) { |
| &update_passwd_history($user,$domain,$howpwd,'conversion'); |
my $ncpass = &hash_passwd($domain,$password); |
| &logthis("Validated password hashed with bcrypt for $user:$domain"); |
my $saveold; |
| |
if ($domdefaults{'intauth_switch'} == 2) { |
| |
$saveold = 1; |
| |
} |
| |
if (&rewrite_password_file($domain,$user,"$howpwd:$ncpass",$saveold)) { |
| |
&update_passwd_history($user,$domain,$howpwd,'conversion'); |
| |
&logthis("Validated password hashed with bcrypt for $user:$domain"); |
| |
} |
| } |
} |
| } |
} |
| } else { |
} else { |
| $validated = &check_internal_passwd($password,$contentpwd,$domain); |
$validated = &check_internal_passwd($password,$contentpwd,$domain,$user); |
| } |
} |
| } |
} |
| elsif ($howpwd eq "unix") { # User is a normal unix user. |
elsif ($howpwd eq "unix") { # User is a normal unix user. |
|
Line 7158 sub validate_user {
|
Line 7387 sub validate_user {
|
| } |
} |
| |
|
| sub check_internal_passwd { |
sub check_internal_passwd { |
| my ($plainpass,$stored,$domain) = @_; |
my ($plainpass,$stored,$domain,$user) = @_; |
| my (undef,$method,@rest) = split(/!/,$stored); |
my (undef,$method,@rest) = split(/!/,$stored); |
| if ($method eq "bcrypt") { |
if ($method eq 'bcrypt') { |
| my $result = &hash_passwd($domain,$plainpass,@rest); |
my $result = &hash_passwd($domain,$plainpass,@rest); |
| if ($result ne $stored) { |
if ($result ne $stored) { |
| return 0; |
return 0; |
| } |
} |
| # Upgrade to a larger number of rounds if necessary |
my %domdefaults = &Apache::lonnet::get_domain_defaults($domain); |
| my $defaultcost; |
if ($domdefaults{'intauth_check'}) { |
| my %domconfig = |
# Upgrade to a larger number of rounds if necessary |
| &Apache::lonnet::get_dom('configuration',['password'],$domain); |
my $defaultcost = $domdefaults{'intauth_cost'}; |
| if (ref($domconfig{'password'}) eq 'HASH') { |
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
| $defaultcost = $domconfig{'password'}{'cost'}; |
$defaultcost = 10; |
| } |
} |
| if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
if (int($rest[0])<int($defaultcost)) { |
| $defaultcost = 10; |
if ($domdefaults{'intauth_check'} == 1) { |
| |
my $ncpass = &hash_passwd($domain,$plainpass); |
| |
if (&rewrite_password_file($domain,$user,"internal:$ncpass")) { |
| |
&update_passwd_history($user,$domain,'internal','update cost'); |
| |
&logthis("Validated password hashed with bcrypt for $user:$domain"); |
| |
} |
| |
return 1; |
| |
} elsif ($domdefaults{'intauth_check'} == 2) { |
| |
return 0; |
| |
} |
| |
} |
| |
} else { |
| |
return 1; |
| } |
} |
| return 1 unless($rest[0]<$defaultcost); |
|
| } |
} |
| return 0; |
return 0; |
| } |
} |
|
Line 7605 sub get_usersession_config {
|
Line 7845 sub get_usersession_config {
|
| return; |
return; |
| } |
} |
| |
|
| |
sub get_usersearch_config { |
| |
my ($dom,$name) = @_; |
| |
my ($usersearchconf,$cached)=&Apache::lonnet::is_cached_new($name,$dom); |
| |
if (defined($cached)) { |
| |
return $usersearchconf; |
| |
} else { |
| |
my %domconfig = &Apache::lonnet::get_dom('configuration',['directorysrch'],$dom); |
| |
&Apache::lonnet::do_cache_new($name,$dom,$domconfig{'directorysrch'},3600); |
| |
return $domconfig{'directorysrch'}; |
| |
} |
| |
return; |
| |
} |
| |
|
| sub distro_and_arch { |
sub distro_and_arch { |
| return $dist.':'.$arch; |
return $dist.':'.$arch; |
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom