--- loncom/lond 2021/12/14 14:16:13 1.489.2.42 +++ loncom/lond 2022/02/27 02:13:24 1.489.2.45 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.489.2.42 2021/12/14 14:16:13 raeburn Exp $ +# $Id: lond,v 1.489.2.45 2022/02/27 02:13:24 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -63,7 +63,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.489.2.42 $'; #' stupid emacs +my $VERSION='$Revision: 1.489.2.45 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -1795,7 +1795,7 @@ sub read_lonnet_global { } if ($what eq 'perlvar') { if (!exists($packagevars{$what}{'lonBalancer'})) { - if ($dist =~ /^(centos|rhes|fedora|scientific|oracle)/) { + if ($dist =~ /^(centos|rhes|fedora|scientific|oracle|rocky|alma)/) { my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf'); if (ref($othervarref) eq 'HASH') { $items->{'lonBalancer'} = $othervarref->{'lonBalancer'}; @@ -2407,6 +2407,36 @@ sub update_passwd_history { return; } +sub inst_unamemap_check { + my ($cmd, $tail, $client) = @_; + my $userinput = "$cmd:$tail"; + my %rulecheck; + my $outcome; + my ($udom,$uname,@rules) = split(/:/,$tail); + $udom = &unescape($udom); + $uname = &unescape($uname); + @rules = map {&unescape($_);} (@rules); + eval { + local($SIG{__DIE__})='DEFAULT'; + $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck); + }; + if (!$@) { + if ($outcome eq 'ok') { + my $result=''; + foreach my $key (keys(%rulecheck)) { + $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&'; + } + &Reply($client,\$result,$userinput); + } else { + &Reply($client,"error\n", $userinput); + } + } else { + &Failure($client,"unknown_cmd\n",$userinput); + } +} +®ister_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0); + + # # Determines if this is the home server for a user. The home server # for a user will have his/her lon-capa passwd file. Therefore all we need @@ -6225,6 +6255,39 @@ sub get_institutional_selfcreate_rules { } ®ister_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0); +sub get_unamemap_rules { + my ($cmd, $tail, $client) = @_; + my $userinput = "$cmd:$tail"; + my $dom = &unescape($tail); + my (%rules_hash,@rules_order); + my $outcome; + eval { + local($SIG{__DIE__})='DEFAULT'; + $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order); + }; + if (!$@) { + if ($outcome eq 'ok') { + my $result; + foreach my $key (keys(%rules_hash)) { + $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&'; + } + $result =~ s/\&$//; + $result .= ':'; + if (@rules_order > 0) { + foreach my $item (@rules_order) { + $result .= &escape($item).'&'; + } + } + $result =~ s/\&$//; + &Reply($client,\$result,$userinput); + } else { + &Reply($client,"error\n", $userinput); + } + } else { + &Failure($client,"unknown_cmd\n",$userinput); + } +} +®ister_handler("unamemaprules",\&get_unamemap_rules,0,1,0); sub institutional_username_check { my ($cmd, $tail, $client) = @_; @@ -7200,7 +7263,7 @@ sub make_new_child { &Authen::Krb5::init_context(); my $no_ets; - if ($dist =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) { + if ($dist =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) { if ($1 >= 7) { $no_ets = 1; } @@ -7603,8 +7666,15 @@ sub validate_user { } elsif ((($domdefaults{'auth_def'} eq 'krb4') || ($domdefaults{'auth_def'} eq 'krb5')) && ($domdefaults{'auth_arg_def'} ne '')) { - $howpwd = $domdefaults{'auth_def'}; - $contentpwd = $domdefaults{'auth_arg_def'}; + # + # Don't attempt authentication for username and password supplied + # for user without an account if uername contains @ to avoid + # call to &Authen::Krb5::parse_name() which will result in con_lost + # + unless ($user =~ /\@/) { + $howpwd = $domdefaults{'auth_def'}; + $contentpwd = $domdefaults{'auth_arg_def'}; + } } } }