Diff for /loncom/lond between versions 1.489.2.27 and 1.489.2.45

version 1.489.2.27, 2017/03/20 03:21:08 version 1.489.2.45, 2022/02/27 02:13:24
Line 15 Line 15
 #  #
 # LON-CAPA is distributed in the hope that it will be useful,  # LON-CAPA is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of  # but WITHOUT ANY WARRANTY; without even the implied warranty of
   
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.  # GNU General Public License for more details.
 #  #
Line 1430  sub du2_handler { Line 1429  sub du2_handler {
 #  #
 #    1. for a directory, and the path does not begin with one of:  #    1. for a directory, and the path does not begin with one of:
 #        (a) /home/httpd/html/res/<domain>  #        (a) /home/httpd/html/res/<domain>
 #        (b) /home/httpd/html/res/userfiles/  #        (b) /home/httpd/html/userfiles/
 #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles  #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
 #    or is:  #    or is:
 #  #
 #    2. for a file, and the path (after prepending) does not begin with:  #    2. for a file, and the path (after prepending) does not begin with one of:
 #    /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/  #        (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
   #        (b) /home/httpd/html/res/<domain>/<username>/
   #        (c) /home/httpd/html/userfiles/<domain>/<username>/
 #  #
 #    the response will be "refused".  #    the response will be "refused".
 #  #
Line 1466  sub ls_handler { Line 1467  sub ls_handler {
     }      }
     if (-e $ulsdir) {      if (-e $ulsdir) {
  if(-d $ulsdir) {   if(-d $ulsdir) {
             unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||              unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
                     ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {                      ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
                 &Failure($client,"refused\n",$userinput);                  &Failure($client,"refused\n",$userinput);
                 return 1;                  return 1;
             }              }
Line 1494  sub ls_handler { Line 1495  sub ls_handler {
  closedir(LSDIR);   closedir(LSDIR);
     }      }
  } else {   } else {
             unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {              unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
                       ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) { 
                 &Failure($client,"refused\n",$userinput);                  &Failure($client,"refused\n",$userinput);
                 return 1;                  return 1;
             }              }
Line 1527  sub ls_handler { Line 1529  sub ls_handler {
 #  #
 #    1. for a directory, and the path does not begin with one of:  #    1. for a directory, and the path does not begin with one of:
 #        (a) /home/httpd/html/res/<domain>  #        (a) /home/httpd/html/res/<domain>
 #        (b) /home/httpd/html/res/userfiles/  #        (b) /home/httpd/html/userfiles/
 #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles  #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
 #    or is:  #    or is:
 #  #
 #    2. for a file, and the path (after prepending) does not begin with:  #    2. for a file, and the path (after prepending) does not begin with one of:
 #    /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/  #        (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
   #        (b) /home/httpd/html/res/<domain>/<username>/
   #        (c) /home/httpd/html/userfiles/<domain>/<username>/
 #  #
 #    the response will be "refused".  #    the response will be "refused".
 #  #
Line 1562  sub ls2_handler { Line 1566  sub ls2_handler {
     }      }
     if (-e $ulsdir) {      if (-e $ulsdir) {
         if(-d $ulsdir) {          if(-d $ulsdir) {
             unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||              unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
                     ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {                      ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
                 &Failure($client,"refused\n","$userinput");                  &Failure($client,"refused\n","$userinput");
                 return 1;                  return 1;
             }              }
Line 1591  sub ls2_handler { Line 1595  sub ls2_handler {
                 closedir(LSDIR);                  closedir(LSDIR);
             }              }
         } else {          } else {
             unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {              unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
                       ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
                 &Failure($client,"refused\n",$userinput);                  &Failure($client,"refused\n",$userinput);
                 return 1;                  return 1;
             }              }
Line 1616  sub ls2_handler { Line 1621  sub ls2_handler {
 #  #
 #    1. for a directory, and the path does not begin with one of:  #    1. for a directory, and the path does not begin with one of:
 #        (a) /home/httpd/html/res/<domain>  #        (a) /home/httpd/html/res/<domain>
 #        (b) /home/httpd/html/res/userfiles/  #        (b) /home/httpd/html/userfiles/
 #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles  #        (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
 #        (d) /home/httpd/html/priv/<domain>/ and client is the homeserver  #        (d) /home/httpd/html/priv/<domain> and client is the homeserver
 #  #
 #    or is:  #    or is:
 #  #
 #    2. for a file, and the path (after prepending) does not begin with:  #    2. for a file, and the path (after prepending) does not begin with one of:
 #    /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/  #        (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
   #        (b) /home/httpd/html/res/<domain>/<username>/
   #        (c) /home/httpd/html/userfiles/<domain>/<username>/
   #        (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver
 #  #
 #    the response will be "refused".  #    the response will be "refused".
 #  #
Line 1700  sub ls3_handler { Line 1708  sub ls3_handler {
     if (-e $ulsdir) {      if (-e $ulsdir) {
         if(-d $ulsdir) {          if(-d $ulsdir) {
             unless (($getpropath) || ($getuserdir) ||              unless (($getpropath) || ($getuserdir) ||
                     ($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||                      ($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain|userfiles/)}) ||
                     ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) ||                      ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) ||
                     (($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) {                      (($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) {
                 &Failure($client,"refused\n",$userinput);                  &Failure($client,"refused\n",$userinput);
                 return 1;                  return 1;
             }              }
Line 1731  sub ls3_handler { Line 1739  sub ls3_handler {
             }              }
         } else {          } else {
             unless (($getpropath) || ($getuserdir) ||              unless (($getpropath) || ($getuserdir) ||
                     ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/})) {                      ($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) ||
                       ($ulsdir =~ m{^/home/httpd/html/(?:res|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) ||
                       (($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) {
                 &Failure($client,"refused\n",$userinput);                  &Failure($client,"refused\n",$userinput);
                 return 1;                  return 1;
             }              }
Line 1785  sub read_lonnet_global { Line 1795  sub read_lonnet_global {
                 }                  }
                 if ($what eq 'perlvar') {                  if ($what eq 'perlvar') {
                     if (!exists($packagevars{$what}{'lonBalancer'})) {                      if (!exists($packagevars{$what}{'lonBalancer'})) {
                         if ($dist =~ /^(centos|rhes|fedora|scientific)/) {                          if ($dist =~ /^(centos|rhes|fedora|scientific|oracle|rocky|alma)/) {
                             my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');                              my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
                             if (ref($othervarref) eq 'HASH') {                              if (ref($othervarref) eq 'HASH') {
                                 $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};                                  $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
Line 2010  sub authenticate_handler { Line 2020  sub authenticate_handler {
                 my ($remote,$hosted);                  my ($remote,$hosted);
                 my $remotesession = &get_usersession_config($udom,'remotesession');                  my $remotesession = &get_usersession_config($udom,'remotesession');
                 if (ref($remotesession) eq 'HASH') {                  if (ref($remotesession) eq 'HASH') {
                     $remote = $remotesession->{'remote'}                      $remote = $remotesession->{'remote'};
                 }                  }
                 my $hostedsession = &get_usersession_config($clienthomedom,'hostedsession');                  my $hostedsession = &get_usersession_config($clienthomedom,'hostedsession');
                 if (ref($hostedsession) eq 'HASH') {                  if (ref($hostedsession) eq 'HASH') {
Line 2097  sub change_password_handler { Line 2107  sub change_password_handler {
     }      }
     if($validated) {      if($validated) {
  my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.   my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.
   
  my ($howpwd,$contentpwd)=split(/:/,$realpasswd);   my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
           my $notunique;
  if ($howpwd eq 'internal') {   if ($howpwd eq 'internal') {
     &Debug("internal auth");      &Debug("internal auth");
             my $ncpass = &hash_passwd($udom,$npass);              my $ncpass = &hash_passwd($udom,$npass);
     if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {              my (undef,$method,@rest) = split(/!/,$contentpwd);
               if ($method eq 'bcrypt') {
                   my %passwdconf = &Apache::lonnet::get_passwdconf($udom);
                   if (($passwdconf{'numsaved'}) && ($passwdconf{'numsaved'} =~ /^\d+$/)) {
                       my @oldpasswds;
                       my $userpath = &propath($udom,$uname);
                       my $fullpath = $userpath.'/oldpasswds';
                       if (-d $userpath) {
                           my @oldfiles;
                           if (-e $fullpath) {
                               if (opendir(my $dir,$fullpath)) {
                                   (@oldfiles) = grep(/^\d+$/,readdir($dir));
                                   closedir($dir);
                               }
                               if (@oldfiles) {
                                   @oldfiles = sort { $b <=> $a } (@oldfiles);
                                   my $numremoved = 0;
                                   for (my $i=0; $i<@oldfiles; $i++) {
                                       if ($i>=$passwdconf{'numsaved'}) {
                                           if (-f "$fullpath/$oldfiles[$i]") {
                                               if (unlink("$fullpath/$oldfiles[$i]")) {
                                                   $numremoved ++;
                                               }
                                           }
                                       } elsif (open(my $fh,'<',"$fullpath/$oldfiles[$i]")) {
                                           while (my $line = <$fh>) {
                                               push(@oldpasswds,$line);
                                           }
                                           close($fh);
                                       }
                                   }
                                   if ($numremoved) {
                                       &logthis("unlinked $numremoved old password files for $uname:$udom");
                                   }
                               }
                           }
                           push(@oldpasswds,$contentpwd);
                           foreach my $item (@oldpasswds) {
                               my (undef,$method,@rest) = split(/!/,$item);
                               if ($method eq 'bcrypt') {
                                   my $result = &hash_passwd($udom,$npass,@rest);
                                   if ($result eq $item) {
                                       $notunique = 1;
                                       last;
                                   }
                               }
                           }
                           unless ($notunique) {
                               unless (-e $fullpath) {
                                   if (&mkpath("$fullpath/")) {
                                       chmod(0700,$fullpath);
                                   }
                               }
                               if (-d $fullpath) {
                                   my $now = time;
                                   if (open(my $fh,'>',"$fullpath/$now")) {
                                       print $fh $contentpwd;
                                       close($fh);
                                       chmod(0400,"$fullpath/$now");
                                   }
                               }
                           }
                       }
                   }
               }
               if ($notunique) {
                   my $msg="Result of password change for $uname:$udom - password matches one used before";
                   if ($lonhost) {
                       $msg .= " - request originated from: $lonhost";
                   }
                   &logthis($msg);
                   &Reply($client, "prioruse\n", $userinput);
       } elsif (&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
  my $msg="Result of password change for $uname: pwchange_success";   my $msg="Result of password change for $uname: pwchange_success";
                 if ($lonhost) {                  if ($lonhost) {
                     $msg .= " - request originated from: $lonhost";                      $msg .= " - request originated from: $lonhost";
Line 2130  sub change_password_handler { Line 2212  sub change_password_handler {
     #      #
     &Failure( $client, "auth_mode_error\n", $userinput);      &Failure( $client, "auth_mode_error\n", $userinput);
  }     }  
   
     } else {      } else {
  if ($failure eq '') {   if ($failure eq '') {
     $failure = 'non_authorized';      $failure = 'non_authorized';
Line 2326  sub update_passwd_history { Line 2407  sub update_passwd_history {
     return;      return;
 }  }
   
   sub inst_unamemap_check {
       my ($cmd, $tail, $client)   = @_;
       my $userinput               = "$cmd:$tail";
       my %rulecheck;
       my $outcome;
       my ($udom,$uname,@rules) = split(/:/,$tail);
       $udom = &unescape($udom);
       $uname = &unescape($uname);
       @rules = map {&unescape($_);} (@rules);
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck);
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               my $result='';
               foreach my $key (keys(%rulecheck)) {
                   $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
               }
               &Reply($client,\$result,$userinput);
           } else {
               &Reply($client,"error\n", $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
   }
   &register_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0);
   
   
 #  #
 #   Determines if this is the home server for a user.  The home server  #   Determines if this is the home server for a user.  The home server
 #   for a user will have his/her lon-capa passwd file.  Therefore all we need  #   for a user will have his/her lon-capa passwd file.  Therefore all we need
Line 2418  sub update_resource_handler { Line 2529  sub update_resource_handler {
  }   }
  alarm(0);   alarm(0);
  if ($response->is_error()) {   if ($response->is_error()) {
 # FIXME: we should probably clean up here instead of just whine                      my $reply=&Apache::lonnet::reply("unsub:$fname","$clientname");
     unlink($transname);                      &devalidate_meta_cache($fname);
                       if (-e $transname) {
                           unlink($transname);
                       }
                       unlink($fname);
     my $message=$response->status_line;      my $message=$response->status_line;
     &logthis("LWP GET: $message for $fname ($remoteurl)");      &logthis("LWP GET: $message for $fname ($remoteurl)");
  } else {   } else {
Line 3208  sub get_profile_entry { Line 3323  sub get_profile_entry {
 #  #
 #  Parameters:  #  Parameters:
 #     $cmd               - Command keyword of request (eget).  #     $cmd               - Command keyword of request (eget).
 #     $tail              - Tail of the command.  See GetProfileEntry #                          for more information about this.  #     $tail              - Tail of the command.  See GetProfileEntry
   #                          for more information about this.
 #     $client            - File open on the client.  #     $client            - File open on the client.
 #  Returns:  #  Returns:
 #     1      - Continue processing  #     1      - Continue processing
Line 4490  sub course_lastaccess_handler { Line 4606  sub course_lastaccess_handler {
 }  }
 &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);  &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
   
   sub course_sessions_handler {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($cdom,$cnum,$lastactivity) = split(':',$tail);
       my $dbsuffix = '_'.$cdom.'_'.$cnum.'.db';
       my (%sessions,$qresult);
       my $now=time;
       if (opendir(DIR,$perlvar{'lonIDsDir'})) {
           my $filename;
           while ($filename=readdir(DIR)) {
               next if ($filename=~/^\./);
               next if ($filename=~/^publicuser_/);
               next if ($filename=~/^[a-f0-9]+_(linked|lti_\d+)\.id$/);
               if ($filename =~ /^($LONCAPA::match_username)_\d+_($LONCAPA::match_domain)_/) {
                   my ($uname,$udom) = ($1,$2);
                   next unless (-e "$perlvar{'lonDaemons'}/tmp/$uname$dbsuffix");
                   my $mtime = (stat("$perlvar{'lonIDsDir'}/$filename"))[9];
                   if ($lastactivity < 0) {
                       next if ($mtime-$now > $lastactivity);
                   } else {
                       next if ($now-$mtime > $lastactivity);
                   }
                   $sessions{$uname.':'.$udom} = $mtime;
               }
           }
           closedir(DIR);
       }
       foreach my $user (keys(%sessions)) {
           $qresult.=&escape($user).'='.$sessions{$user}.'&';
       }
       if ($qresult) {
           chop($qresult);
       }
       &Reply($client, \$qresult, $userinput);
       return 1;
   }
   &register_handler("coursesessions",\&course_sessions_handler, 0, 1, 0);
   
 #  #
 # Puts an unencrypted entry in a namespace db file at the domain level   # Puts an unencrypted entry in a namespace db file at the domain level 
 #  #
Line 4538  sub put_domain_handler { Line 4692  sub put_domain_handler {
 # domain directory.  # domain directory.
 #  #
 # Parameters:  # Parameters:
 #   $cmd             - Command request keyword (get).  #   $cmd             - Command request keyword (getdom).
 #   $tail            - Tail of the command.  This is a colon separated list  #   $tail            - Tail of the command.  This is a colon separated list
 #                      consisting of the domain and the 'namespace'   #                      consisting of the domain and the 'namespace' 
 #                      which selects the gdbm file to do the lookup in,  #                      which selects the gdbm file to do the lookup in,
Line 4555  sub put_domain_handler { Line 4709  sub put_domain_handler {
 sub get_domain_handler {  sub get_domain_handler {
     my ($cmd, $tail, $client) = @_;      my ($cmd, $tail, $client) = @_;
   
       my $userinput = "$cmd:$tail";
     my $userinput = "$client:$tail";  
   
     my ($udom,$namespace,$what)=split(/:/,$tail,3);      my ($udom,$namespace,$what)=split(/:/,$tail,3);
     chomp($what);      my $res = LONCAPA::Lond::get_dom($userinput);
     my @queries=split(/\&/,$what);      if ($res =~ /^error:/) {
     my $qresult='';          &Failure($client, \$res, $userinput);
     my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());  
     if ($hashref) {  
         for (my $i=0;$i<=$#queries;$i++) {  
             $qresult.="$hashref->{$queries[$i]}&";  
         }  
         if (&untie_domain_hash($hashref)) {  
             $qresult=~s/\&$//;  
             &Reply($client, \$qresult, $userinput);  
         } else {  
             &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".  
                       "while attempting getdom\n",$userinput);  
         }  
     } else {      } else {
         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".          &Reply($client, \$res, $userinput);
                  "while attempting getdom\n",$userinput);  
     }      }
   
     return 1;      return 1;
Line 5008  sub tmp_put_handler { Line 5148  sub tmp_put_handler {
     }      }
     my ($id,$store);      my ($id,$store);
     $tmpsnum++;      $tmpsnum++;
     if (($context eq 'resetpw') || ($context eq 'createaccount')) {      my $numtries = 0;
         $id = &md5_hex(&md5_hex(time.{}.rand().$$));      my $execdir=$perlvar{'lonDaemons'};
       if (($context eq 'resetpw') || ($context eq 'createaccount') ||
           ($context eq 'sso') || ($context eq 'link') || ($context eq 'retry')) {
           $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
           while ((-e "$execdir/tmp/$id.tmp") && ($numtries <10)) {
               undef($id);
               $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
               $numtries ++;
           }
     } else {      } else {
         $id = $$.'_'.$clientip.'_'.$tmpsnum;          $id = $$.'_'.$clientip.'_'.$tmpsnum;
     }      }
     $id=~s/\W/\_/g;      $id=~s/\W/\_/g;
     $record=~s/\n//g;      $record=~s/\n//g;
     my $execdir=$perlvar{'lonDaemons'};      if (($id ne '') &&
     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {          ($store=IO::File->new(">$execdir/tmp/$id.tmp"))) {
  print $store $record;   print $store $record;
  close $store;   close $store;
  &Reply($client, \$id, $userinput);   &Reply($client, \$id, $userinput);
Line 5099  sub tmp_del_handler { Line 5247  sub tmp_del_handler {
 &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);  &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
   
 #  #
   #  Process the updatebalcookie command.  This command updates a
   #  cookie in the lonBalancedir directory on a load balancer node.
   #
   # Parameters:
   #   $cmd      - Command that got us here.
   #   $tail     - Tail of the request (escaped cookie: escaped current entry)
   #
   #   $client   - socket open on the client process.
   #
   # Returns:
   #   1     - Indicating processing should continue.
   # Side Effects:
   #   A cookie file is updated from the lonBalancedir directory
   #   A reply is sent to the client.
   #
   sub update_balcookie_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $userinput= "$cmd:$tail";
       chomp($tail);
       my ($cookie,$lastentry) = map { &unescape($_) } (split(/:/,$tail));
   
       my $updatedone;
       if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
           my $execdir=$perlvar{'lonBalanceDir'};
           if (-e "$execdir/$cookie.id") {
               my $doupdate;
               if (open(my $fh,'<',"$execdir/$cookie.id")) {
                   while (my $line = <$fh>) {
                       chomp($line);
                       if ($line eq $lastentry) {
                           $doupdate = 1;
                           last;
                       }
                   }
                   close($fh);
               }
               if ($doupdate) {
                   if (open(my $fh,'>',"$execdir/$cookie.id")) {
                       print $fh $clientname;
                       close($fh);
                       $updatedone = 1;
                   }
               }
           }
       }
       if ($updatedone) {
           &Reply($client, "ok\n", $userinput);
       } else {
           &Failure( $client, "error: ".($!+0)."file update failed ".
                     "while attempting updatebalcookie\n", $userinput);
       }
       return 1;
   }
   &register_handler("updatebalcookie", \&update_balcookie_handler, 0, 1, 0);
   
   #
   #  Process the delbalcookie command. This command deletes a balancer
   #  cookie in the lonBalancedir directory on a load balancer node.
   #
   # Parameters:
   #   $cmd      - Command that got us here.
   #   $cookie   - Cookie to be deleted.
   #   $client   - socket open on the client process.
   #
   # Returns:
   #   1     - Indicating processing should continue.
   # Side Effects:
   #   A cookie file is deleted from the lonBalancedir directory
   #   A reply is sent to the client.
   sub del_balcookie_handler {
       my ($cmd, $cookie, $client) = @_;
   
       my $userinput= "$cmd:$cookie";
   
       chomp($cookie);
       $cookie = &unescape($cookie);
       my $deleted = '';
       if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
           my $execdir=$perlvar{'lonBalanceDir'};
           if (-e "$execdir/$cookie.id") {
               if (open(my $fh,'<',"$execdir/$cookie.id")) {
                   my $dodelete;
                   while (my $line = <$fh>) {
                       chomp($line);
                       if ($line eq $clientname) {
                           $dodelete = 1;
                           last;
                       }
                   }
                   close($fh);
                   if ($dodelete) {
                       if (unlink("$execdir/$cookie.id")) {
                           $deleted = 1;
                       }
                   }
               }
           }
       }
       if ($deleted) {
           &Reply($client, "ok\n", $userinput);
       } else {
           &Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
                     "while attempting delbalcookie\n", $userinput);
       }
       return 1;
   }
   &register_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);
   
   #
 #   Processes the setannounce command.  This command  #   Processes the setannounce command.  This command
 #   creates a file named announce.txt in the top directory of  #   creates a file named announce.txt in the top directory of
 #   the documentn root and sets its contents.  The announce.txt file is  #   the documentn root and sets its contents.  The announce.txt file is
Line 5281  sub validate_instcode_handler { Line 5539  sub validate_instcode_handler {
 }  }
 &register_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);  &register_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);
   
   #
   #  Validate co-owner for cross-listed institutional code and
   #  institutional course code itself used for a LON-CAPA course.
   #
   # Formal Parameters:
   #   $cmd          - The command request that got us dispatched.
   #   $tail         - The tail of the command.  In this case,
   #                   this is a colon separated string containing:
   #      $dom            - Course's LON-CAPA domain
   #      $instcode       - Institutional course code for the course
   #      $inst_xlist     - Institutional course Id for the crosslisting
   #      $coowner        - Username of co-owner
   #      (values for all but $dom have been escaped).
   #
   #   $client       - Socket open on the client.
   # Returns:
   #    1           - Indicating processing should continue.
   #
   sub validate_instcrosslist_handler  {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($dom,$instcode,$inst_xlist,$coowner) = split(/:/,$tail);
       $instcode = &unescape($instcode);
       $inst_xlist = &unescape($inst_xlist);
       $coowner = &unescape($coowner);
       my $outcome = &localenroll::validate_crosslist_access($dom,$instcode,
                                                             $inst_xlist,$coowner);
       &Reply($client, \$outcome, $userinput);
   
       return 1;
   }
   &register_handler("autovalidateinstcrosslist", \&validate_instcrosslist_handler, 0, 1, 0);
   
 #   Get the official sections for which auto-enrollment is possible.  #   Get the official sections for which auto-enrollment is possible.
 #   Since the admin people won't know about 'unofficial sections'   #   Since the admin people won't know about 'unofficial sections' 
 #   we cannot auto-enroll on them.  #   we cannot auto-enroll on them.
Line 5377  sub validate_course_section_handler { Line 5668  sub validate_course_section_handler {
 # Formal Parameters:  # Formal Parameters:
 #    $cmd     - The command request that got us dispatched.  #    $cmd     - The command request that got us dispatched.
 #    $tail    - The tail of the command.   In this case this is a colon separated  #    $tail    - The tail of the command.   In this case this is a colon separated
 #               set of words that will be split into:  #               set of values that will be split into:
 #               $inst_class  - Institutional code for the specific class section     #               $inst_class  - Institutional code for the specific class section   
 #               $courseowner - The escaped username:domain of the course owner   #               $ownerlist   - An escaped comma-separated list of username:domain
   #                              of the course owner, and co-owner(s).
 #               $cdom        - The domain of the course from the institution's  #               $cdom        - The domain of the course from the institution's
 #                              point of view.  #                              point of view.
 #    $client  - The socket open on the client.  #    $client  - The socket open on the client.
Line 5404  sub validate_class_access_handler { Line 5696  sub validate_class_access_handler {
 &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);  &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);
   
 #  #
   #    Modify institutional sections (using customized &instsec_reformat()
   #    routine in localenroll.pm), to either clutter or declutter, for
   #    purposes of ensuring an institutional course section (string) can
   #    be unambiguously separated into institutional course and section.
   #
   # Formal Parameters:
   #    $cmd     - The command request that got us dispatched.
   #    $tail    - The tail of the command.   In this case this is a colon separated
   #               set of values that will be split into:
   #               $cdom        - The LON-CAPA domain of the course.
   #               $action      - Either: clutter or declutter
   #                              clutter adds character(s) to eliminate ambiguity
   #                              declutter removes the added characters (e.g., for
   #                              display of the institutional course section string.
   #               $info        - A frozen hash in which keys are:
   #                              LON-CAPA course number:Institutional course code
   #                              and values are a reference to an array of the
   #                              items to modify -- either institutional sections,
   #                              or institutional course sections (for crosslistings).
   #    $client  - The socket open on the client.
   # Returns:
   #    1 - continue processing.
   #
   
   sub instsec_reformat_handler {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($cdom,$action,$info) = split(/:/,$tail);
       my $instsecref = &Apache::lonnet::thaw_unescape($info);
       my ($outcome,$result);
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome=&localenroll::instsec_reformat($cdom,$action,$instsecref);
           if ($outcome eq 'ok') {
               if (ref($instsecref) eq 'HASH') {
                   foreach my $key (keys(%{$instsecref})) {
                       $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($instsecref->{$key}).'&';
                   }
                   $result =~ s/\&$//;
               }
           }
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               &Reply( $client, \$result, $userinput);
           } else {
               &Reply($client,\$outcome, $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
       return 1;
   }
   &register_handler("autoinstsecreformat",\&instsec_reformat_handler, 0, 1, 0);
   
   #
   #   Validate course owner or co-owners(s) access to enrollment data for all sections
   #   and crosslistings for a particular course.
   #
   #
   # Formal Parameters:
   #    $cmd     - The command request that got us dispatched.
   #    $tail    - The tail of the command.   In this case this is a colon separated
   #               set of values that will be split into:
   #               $ownerlist   - An escaped comma-separated list of username:domain
   #                              of the course owner, and co-owner(s).
   #               $cdom        - The domain of the course from the institution's
   #                              point of view.
   #               $classes     - Frozen hash of institutional course sections and
   #                              crosslistings.
   #    $client  - The socket open on the client.
   # Returns:
   #    1 - continue processing.
   #
   
   sub validate_classes_handler {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($ownerlist,$cdom,$classes) = split(/:/, $tail);
       my $classesref = &Apache::lonnet::thaw_unescape($classes);
       my $owners = &unescape($ownerlist);
       my $result;
       eval {
           local($SIG{__DIE__})='DEFAULT';
           my %validations;
           my $response = &localenroll::check_instclasses($owners,$cdom,$classesref,
                                                          \%validations);
           if ($response eq 'ok') {
               foreach my $key (keys(%validations)) {
                   $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&';
               }
               $result =~ s/\&$//;
           } else {
               $result = 'error';
           }
       };
       if (!$@) {
           &Reply($client, \$result, $userinput);
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
       return 1;
   }
   &register_handler("autovalidateinstclasses", \&validate_classes_handler, 0, 1, 0);
   
   #
 #   Create a password for a new LON-CAPA user added by auto-enrollment.  #   Create a password for a new LON-CAPA user added by auto-enrollment.
 #   Only used for case where authentication method for new user is localauth  #   Only used for case where authentication method for new user is localauth
 #  #
Line 5481  sub auto_export_grades_handler { Line 5879  sub auto_export_grades_handler {
     return 1;      return 1;
 }  }
 &register_handler("autoexportgrades", \&auto_export_grades_handler,  &register_handler("autoexportgrades", \&auto_export_grades_handler,
                   0, 1, 0);                    1, 1, 0);
   
   
 #   Retrieve and remove temporary files created by/during autoenrollment.  #   Retrieve and remove temporary files created by/during autoenrollment.
Line 5857  sub get_institutional_selfcreate_rules { Line 6255  sub get_institutional_selfcreate_rules {
 }  }
 &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);  &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);
   
   sub get_unamemap_rules {
       my ($cmd, $tail, $client)   = @_;
       my $userinput               = "$cmd:$tail";
       my $dom = &unescape($tail);
       my (%rules_hash,@rules_order);
       my $outcome;
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order);
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               my $result;
               foreach my $key (keys(%rules_hash)) {
                   $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
               }
               $result =~ s/\&$//;
               $result .= ':';
               if (@rules_order > 0) {
                   foreach my $item (@rules_order) {
                       $result .= &escape($item).'&';
                   }
               }
               $result =~ s/\&$//;
               &Reply($client,\$result,$userinput);
           } else {
               &Reply($client,"error\n", $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
   }
   &register_handler("unamemaprules",\&get_unamemap_rules,0,1,0);
   
 sub institutional_username_check {  sub institutional_username_check {
     my ($cmd, $tail, $client)   = @_;      my ($cmd, $tail, $client)   = @_;
Line 6381  my $wwwid=getpwnam('www'); Line 6812  my $wwwid=getpwnam('www');
 if ($wwwid!=$<) {  if ($wwwid!=$<) {
    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";     my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
    my $subj="LON: $currenthostid User ID mismatch";     my $subj="LON: $currenthostid User ID mismatch";
    system("echo 'User ID mismatch.  lond must be run as user www.' |\     system("echo 'User ID mismatch.  lond must be run as user www.' |".
  mailto $emailto -s '$subj' > /dev/null");            " mail -s '$subj' $emailto > /dev/null");
    exit 1;     exit 1;
 }  }
   
Line 6832  sub make_new_child { Line 7263  sub make_new_child {
         &Authen::Krb5::init_context();          &Authen::Krb5::init_context();
   
         my $no_ets;          my $no_ets;
         if ($dist =~ /^(?:centos|rhes|scientific)(\d+)$/) {          if ($dist =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) {
             if ($1 >= 7) {              if ($1 >= 7) {
                 $no_ets = 1;                  $no_ets = 1;
             }              }
Line 6998  sub make_new_child { Line 7429  sub make_new_child {
  Debug("Main: Got $user_input\n");   Debug("Main: Got $user_input\n");
  $keep_going = &process_request($user_input);   $keep_going = &process_request($user_input);
  alarm(0);   alarm(0);
  &status('Listening to '.$clientname." ($keymode)");      &status('Listening to '.$clientname." ($keymode)");
     }      }
   
 # --------------------------------------------- client unknown or fishy, refuse  # --------------------------------------------- client unknown or fishy, refuse
Line 7014  sub make_new_child { Line 7445  sub make_new_child {
           
     &logthis("<font color='red'>CRITICAL: "      &logthis("<font color='red'>CRITICAL: "
      ."Disconnect from $clientip ($clientname)</font>");           ."Disconnect from $clientip ($clientname)</font>");    
       
       
     # this exit is VERY important, otherwise the child will become      # this exit is VERY important, otherwise the child will become
     # a producer of more and more children, forking yourself into      # a producer of more and more children, forking yourself into
     # process death.      # process death.
Line 7235  sub validate_user { Line 7666  sub validate_user {
             } elsif ((($domdefaults{'auth_def'} eq 'krb4') ||               } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
                       ($domdefaults{'auth_def'} eq 'krb5')) &&                        ($domdefaults{'auth_def'} eq 'krb5')) &&
                      ($domdefaults{'auth_arg_def'} ne '')) {                       ($domdefaults{'auth_arg_def'} ne '')) {
                 $howpwd = $domdefaults{'auth_def'};                  #
                 $contentpwd = $domdefaults{'auth_arg_def'};                   # Don't attempt authentication for username and password supplied
                   # for user without an account if uername contains @ to avoid
                   # call to &Authen::Krb5::parse_name() which will result in con_lost
                   #
                   unless ($user =~ /\@/) {
                       $howpwd = $domdefaults{'auth_def'};
                       $contentpwd = $domdefaults{'auth_arg_def'};
                   }
             }              }
         }          }
     }      }

Removed from v.1.489.2.27  
changed lines
  Added in v.1.489.2.45


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>