Diff for /loncom/lond between versions 1.559 and 1.577

version 1.559, 2019/07/02 19:40:18 version 1.577, 2023/05/22 21:10:56
Line 213  my %trust = ( Line 213  my %trust = (
                autovalidateclass_sec => {catalog => 1},                 autovalidateclass_sec => {catalog => 1},
                autovalidatecourse => {remote => 1, enroll => 1},                 autovalidatecourse => {remote => 1, enroll => 1},
                autovalidateinstcode => {domroles => 1, remote => 1, enroll => 1},                 autovalidateinstcode => {domroles => 1, remote => 1, enroll => 1},
                  autovalidateinstcrosslist => {remote => 1, enroll => 1},
                  autoinstsecreformat => {remote => 1, enroll => 1},
                changeuserauth => {remote => 1, domroles => 1},                 changeuserauth => {remote => 1, domroles => 1},
                chatretr => {remote => 1, enroll => 1},                 chatretr => {remote => 1, enroll => 1},
                chatsend => {remote => 1, enroll => 1},                 chatsend => {remote => 1, enroll => 1},
Line 220  my %trust = ( Line 222  my %trust = (
                courseidput => {remote => 1, domroles => 1, enroll => 1},                 courseidput => {remote => 1, domroles => 1, enroll => 1},
                courseidputhash => {remote => 1, domroles => 1, enroll => 1},                 courseidputhash => {remote => 1, domroles => 1, enroll => 1},
                courselastaccess => {remote => 1, domroles => 1, enroll => 1},                 courselastaccess => {remote => 1, domroles => 1, enroll => 1},
                  coursesessions => {institutiononly => 1},
                currentauth => {remote => 1, domroles => 1, enroll => 1},                 currentauth => {remote => 1, domroles => 1, enroll => 1},
                currentdump => {remote => 1, enroll => 1},                 currentdump => {remote => 1, enroll => 1},
                currentversion => {remote=> 1, content => 1},                 currentversion => {remote=> 1, content => 1},
Line 227  my %trust = ( Line 230  my %trust = (
                dcmailput => {remote => 1, domroles => 1},                 dcmailput => {remote => 1, domroles => 1},
                del => {remote => 1, domroles => 1, enroll => 1, content => 1},                 del => {remote => 1, domroles => 1, enroll => 1, content => 1},
                delbalcookie => {institutiononly => 1},                 delbalcookie => {institutiononly => 1},
                  delusersession => {institutiononly => 1},
                deldom => {remote => 1, domroles => 1}, # not currently used                 deldom => {remote => 1, domroles => 1}, # not currently used
                devalidatecache => {institutiononly => 1},                 devalidatecache => {institutiononly => 1},
                domroleput => {remote => 1, enroll => 1},                 domroleput => {remote => 1, enroll => 1},
Line 235  my %trust = ( Line 239  my %trust = (
                du2 => {remote => 1, enroll => 1},                 du2 => {remote => 1, enroll => 1},
                dump => {remote => 1, enroll => 1, domroles => 1},                 dump => {remote => 1, enroll => 1, domroles => 1},
                edit => {institutiononly => 1},  #not used currently                 edit => {institutiononly => 1},  #not used currently
                  edump => {remote => 1, enroll => 1, domroles => 1},
                eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently                 eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
                egetdom => {remote => 1, domroles => 1, enroll => 1, },                 egetdom => {remote => 1, domroles => 1, enroll => 1, },
                ekey => {anywhere => 1},                 ekey => {anywhere => 1},
Line 254  my %trust = ( Line 259  my %trust = (
                instidrules => {remote => 1, domroles => 1,},                 instidrules => {remote => 1, domroles => 1,},
                instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},                 instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},
                instselfcreatecheck => {institutiononly => 1},                 instselfcreatecheck => {institutiononly => 1},
                  instunamemapcheck => {remote => 1,},  
                instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},                 instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1},
                keys => {remote => 1,},                 keys => {remote => 1,},
                load => {anywhere => 1},                 load => {anywhere => 1},
Line 261  my %trust = ( Line 267  my %trust = (
                ls => {remote => 1, enroll => 1, content => 1,},                 ls => {remote => 1, enroll => 1, content => 1,},
                ls2 => {remote => 1, enroll => 1, content => 1,},                 ls2 => {remote => 1, enroll => 1, content => 1,},
                ls3 => {remote => 1, enroll => 1, content => 1,},                 ls3 => {remote => 1, enroll => 1, content => 1,},
                  lti => {institutiononly => 1},
                makeuser => {remote => 1, enroll => 1, domroles => 1,},                 makeuser => {remote => 1, enroll => 1, domroles => 1,},
                mkdiruserfile => {remote => 1, enroll => 1,},                 mkdiruserfile => {remote => 1, enroll => 1,},
                newput => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1,},                 newput => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1,},
Line 299  my %trust = ( Line 306  my %trust = (
                servertimezone => {remote => 1, enroll => 1},                 servertimezone => {remote => 1, enroll => 1},
                setannounce => {remote => 1, domroles => 1},                 setannounce => {remote => 1, domroles => 1},
                sethost => {anywhere => 1},                 sethost => {anywhere => 1},
                  signlti => {remote => 1},
                store => {remote => 1, enroll => 1, reqcrs => 1,},                 store => {remote => 1, enroll => 1, reqcrs => 1,},
                studentphoto => {remote => 1, enroll => 1},                 studentphoto => {remote => 1, enroll => 1},
                sub => {content => 1,},                 sub => {content => 1,},
Line 306  my %trust = ( Line 314  my %trust = (
                tmpget => {institutiononly => 1},                 tmpget => {institutiononly => 1},
                tmpput => {remote => 1, othcoau => 1},                 tmpput => {remote => 1, othcoau => 1},
                tokenauthuserfile => {anywhere => 1},                 tokenauthuserfile => {anywhere => 1},
                  unamemaprules => {remote => 1,},
                unsub => {content => 1,},                 unsub => {content => 1,},
                update => {shared => 1},                 update => {shared => 1},
                  updatebalcookie => {institutiononly => 1},
                updateclickers => {remote => 1},                 updateclickers => {remote => 1},
                userhassession => {anywhere => 1},                 userhassession => {anywhere => 1},
                userload => {anywhere => 1},                 userload => {anywhere => 1},
Line 856  sub PushFile { Line 866  sub PushFile {
   
     if($filename eq "host") {      if($filename eq "host") {
  $contents = AdjustHostContents($contents);   $contents = AdjustHostContents($contents);
     } elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') ||      } elsif (($filename eq 'dns_hosts') || ($filename eq 'dns_domain') ||
              ($filename eq 'loncapaCAcrl')) {               ($filename eq 'loncapaCAcrl')) {
         if ($contents eq '') {          if ($contents eq '') {
             &logthis('<font color="red"> Pushfile: unable to install '              &logthis('<font color="red"> Pushfile: unable to install '
Line 2030  sub read_lonnet_global { Line 2040  sub read_lonnet_global {
                 }                  }
                 if ($what eq 'perlvar') {                  if ($what eq 'perlvar') {
                     if (!exists($packagevars{$what}{'lonBalancer'})) {                      if (!exists($packagevars{$what}{'lonBalancer'})) {
                         if ($dist =~ /^(centos|rhes|fedora|scientific|oracle)/) {                          if ($dist =~ /^(centos|rhes|fedora|scientific|oracle|rocky|alma)/) {
                             my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');                              my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
                             if (ref($othervarref) eq 'HASH') {                              if (ref($othervarref) eq 'HASH') {
                                 $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};                                  $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
Line 2442  sub change_password_handler { Line 2452  sub change_password_handler {
     my $result = &change_unix_password($uname, $npass);      my $result = &change_unix_password($uname, $npass);
             if ($result eq 'ok') {              if ($result eq 'ok') {
                 &update_passwd_history($uname,$udom,$howpwd,$context);                  &update_passwd_history($uname,$udom,$howpwd,$context);
              }              }
     &logthis("Result of password change for $uname: ".      &logthis("Result of password change for $uname: ".
      $result);       $result);
     &Reply($client, \$result, $userinput);      &Reply($client, \$result, $userinput);
Line 2648  sub update_passwd_history { Line 2658  sub update_passwd_history {
     return;      return;
 }  }
   
   sub inst_unamemap_check {
       my ($cmd, $tail, $client)   = @_;
       my $userinput               = "$cmd:$tail";
       my %rulecheck;
       my $outcome;
       my ($udom,$uname,@rules) = split(/:/,$tail);
       $udom = &unescape($udom);
       $uname = &unescape($uname);
       @rules = map {&unescape($_);} (@rules);
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck);
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               my $result='';
               foreach my $key (keys(%rulecheck)) {
                   $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
               }
               &Reply($client,\$result,$userinput);
           } else {
               &Reply($client,"error\n", $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
   }
   &register_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0);
   
   
 #  #
 #   Determines if this is the home server for a user.  The home server  #   Determines if this is the home server for a user.  The home server
 #   for a user will have his/her lon-capa passwd file.  Therefore all we need  #   for a user will have his/her lon-capa passwd file.  Therefore all we need
Line 3033  sub user_has_session_handler { Line 3073  sub user_has_session_handler {
 }  }
 &register_handler("userhassession", \&user_has_session_handler, 0,1,0);  &register_handler("userhassession", \&user_has_session_handler, 0,1,0);
   
   sub del_usersession_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $result;
       my ($udom, $uname) = map { &unescape($_) } (split(/:/, $tail));
       if (($udom =~ /^$LONCAPA::match_domain$/) && ($uname =~ /^$LONCAPA::match_username$/)) {
           my $lonidsdir = $perlvar{'lonIDsDir'};
           if (-d $lonidsdir) {
               if (opendir(DIR,$lonidsdir)) {
                   my $filename;
                   while ($filename=readdir(DIR)) {
                       if ($filename=~/^\Q$uname\E_\d+_\Q$udom\E_/) {
                           if (tie(my %oldenv,'GDBM_File',"$lonidsdir/$filename",
                                   &GDBM_READER(),0640)) {
                               my $linkedfile;
                               if (exists($oldenv{'user.linkedenv'})) {
                                   $linkedfile = $oldenv{'user.linkedenv'};
                               }
                               untie(%oldenv);
                               $result = unlink("$lonidsdir/$filename");
                               if ($result) {
                                   if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
                                       if (-l "$lonidsdir/$linkedfile.id") {
                                           unlink("$lonidsdir/$linkedfile.id");
                                       }
                                   }
                               }
                           } else {
                               $result = unlink("$lonidsdir/$filename");
                           }
                           last;
                       }
                   }
               }
           }
           if ($result == 1) {
               &Reply($client, "$result\n", "$cmd:$tail");
           } else {
               &Reply($client, "not_found\n", "$cmd:$tail");
           }
       } else {
           &Failure($client, "invalid_user\n", "$cmd:$tail");
       }
       return 1;
   }
   
   &register_handler("delusersession", \&del_usersession_handler, 0,1,0);
   
 #  #
 #  Authenticate access to a user file by checking that the token the user's   #  Authenticate access to a user file by checking that the token the user's 
 #  passed also exists in their session file  #  passed also exists in their session file
Line 3776  sub dump_with_regexp { Line 3864  sub dump_with_regexp {
 }  }
 &register_handler("dump", \&dump_with_regexp, 0, 1, 0);  &register_handler("dump", \&dump_with_regexp, 0, 1, 0);
   
   #
   #  Process the encrypted dump request. Original call should
   #  be from lonnet::dump() with seventh arg ($encrypt) set to
   #  1, to ensure that both request and response are encrypted.
   #
   #  Parameters:
   #     $cmd               - Command keyword of request (edump).
   #     $tail              - Tail of the command.
   #                          See &dump_with_regexp for more
   #                          information about this.
   #     $client            - File open on the client.
   #  Returns:
   #     1      - Continue processing
   #     0      - server should exit.
   #
   
   sub encrypted_dump_with_regexp {
       my ($cmd, $tail, $client) = @_;
       my $res = LONCAPA::Lond::dump_with_regexp($tail, $clientversion);
   
       if ($res =~ /^error:/) {
           Failure($client, \$res, "$cmd:$tail");
       } else {
           if ($cipher) {
               my $cmdlength=length($res);
               $res.="         ";
               my $encres='';
               for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
                   $encres.= unpack("H16",
                                    $cipher->encrypt(substr($res,
                                                            $encidx,
                                                            8)));
               }
               &Reply( $client,"enc:$cmdlength:$encres\n","$cmd:$tail");
           } else {
               &Failure( $client, "error:no_key\n","$cmd:$tail");
           }
       }
   }
   &register_handler("edump", \&encrypted_dump_with_regexp, 0, 1, 0);
   
 #  Store a set of key=value pairs associated with a versioned name.  #  Store a set of key=value pairs associated with a versioned name.
 #  #
 #  Parameters:  #  Parameters:
Line 4824  sub course_lastaccess_handler { Line 4953  sub course_lastaccess_handler {
 }  }
 &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);  &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
   
   sub course_sessions_handler {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($cdom,$cnum,$lastactivity) = split(':',$tail);
       my $dbsuffix = '_'.$cdom.'_'.$cnum.'.db';
       my (%sessions,$qresult);
       my $now=time;
       if (opendir(DIR,$perlvar{'lonIDsDir'})) {
           my $filename;
           while ($filename=readdir(DIR)) {
               next if ($filename=~/^\./);
               next if ($filename=~/^publicuser_/);
               next if ($filename=~/^[a-f0-9]+_(linked|lti_\d+)\.id$/);
               if ($filename =~ /^($LONCAPA::match_username)_\d+_($LONCAPA::match_domain)_/) {
                   my ($uname,$udom) = ($1,$2);
                   next unless (-e "$perlvar{'lonDaemons'}/tmp/$uname$dbsuffix");
                   my $mtime = (stat("$perlvar{'lonIDsDir'}/$filename"))[9];
                   if ($lastactivity < 0) {
                       next if ($mtime-$now > $lastactivity);
                   } else {
                       next if ($now-$mtime > $lastactivity);
                   }
                   $sessions{$uname.':'.$udom} = $mtime;
               }
           }
           closedir(DIR); 
       }
       foreach my $user (keys(%sessions)) {
           $qresult.=&escape($user).'='.$sessions{$user}.'&';
       }
       if ($qresult) {
           chop($qresult);
       }
       &Reply($client, \$qresult, $userinput);
       return 1;
   }
   &register_handler("coursesessions",\&course_sessions_handler, 0, 1, 0);
   
 #  #
 # Puts an unencrypted entry in a namespace db file at the domain level   # Puts an unencrypted entry in a namespace db file at the domain level 
 #  #
Line 4988  sub del_domain_handler { Line 5155  sub del_domain_handler {
 # domain directory.  # domain directory.
 #  #
 # Parameters:  # Parameters:
 #   $cmd             - Command request keyword (get).  #   $cmd             - Command request keyword (getdom).
 #   $tail            - Tail of the command.  This is a colon separated list  #   $tail            - Tail of the command.  This is a colon separated list
 #                      consisting of the domain and the 'namespace'   #                      consisting of the domain and the 'namespace' 
 #                      which selects the gdbm file to do the lookup in,  #                      which selects the gdbm file to do the lookup in,
Line 5005  sub del_domain_handler { Line 5172  sub del_domain_handler {
 sub get_domain_handler {  sub get_domain_handler {
     my ($cmd, $tail, $client) = @_;      my ($cmd, $tail, $client) = @_;
   
   
     my $userinput = "$cmd:$tail";      my $userinput = "$cmd:$tail";
   
     my ($udom,$namespace,$what)=split(/:/,$tail,3);      my ($udom,$namespace,$what)=split(/:/,$tail,3);
     chomp($what);      if (($namespace =~ /^enc/) || ($namespace eq 'private')) {
     if ($namespace =~ /^enc/) {  
         &Failure( $client, "refused\n", $userinput);          &Failure( $client, "refused\n", $userinput);
     } else {      } else {
         my @queries=split(/\&/,$what);          my $res = LONCAPA::Lond::get_dom($userinput);
         my $qresult='';          if ($res =~ /^error:/) {
         my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());              &Failure($client, \$res, $userinput);
         if ($hashref) {  
             for (my $i=0;$i<=$#queries;$i++) {  
                 $qresult.="$hashref->{$queries[$i]}&";  
             }  
             if (&untie_domain_hash($hashref)) {  
                 $qresult=~s/\&$//;  
                 &Reply($client, \$qresult, $userinput);  
             } else {  
                 &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".  
                           "while attempting getdom\n",$userinput);  
             }  
         } else {          } else {
             &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".              &Reply($client, \$res, $userinput);
                      "while attempting getdom\n",$userinput);  
         }          }
     }      }
   
Line 5037  sub get_domain_handler { Line 5190  sub get_domain_handler {
 }  }
 &register_handler("getdom", \&get_domain_handler, 0, 1, 0);  &register_handler("getdom", \&get_domain_handler, 0, 1, 0);
   
   #
   # Encrypted get from the namespace database file at the domain level.
   # This function retrieves a keyed item from a specific named database in the
   # domain directory.
   #
   # Parameters:
   #   $cmd             - Command request keyword (egetdom).
   #   $tail            - Tail of the command.  This is a colon separated list
   #                      consisting of the domain and the 'namespace'
   #                      which selects the gdbm file to do the lookup in,
   #                      & separated list of keys to lookup.  Note that
   #                      the values are returned as an & separated list too.
   #   $client          - File descriptor open on the client.
   # Returns:
   #   1       - Continue processing.
   #   0       - Exit.
   #  Side effects:
   #     reply is encrypted before being written to $client.
   #
 sub encrypted_get_domain_handler {  sub encrypted_get_domain_handler {
     my ($cmd, $tail, $client) = @_;      my ($cmd, $tail, $client) = @_;
   
     my $userinput = "$cmd:$tail";      my $userinput = "$cmd:$tail";
   
     my ($udom,$namespace,$what)=split(/:/,$tail,3);      my ($udom,$namespace,$what) = split(/:/,$tail,3);
     chomp($what);      if ($namespace eq 'private') {
     my @queries=split(/\&/,$what);          &Failure( $client, "refused\n", $userinput);
     my $qresult='';      } else {
     my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());          my $res = LONCAPA::Lond::get_dom($userinput);
     if ($hashref) {          if ($res =~ /^error:/) {
         for (my $i=0;$i<=$#queries;$i++) {              &Failure($client, \$res, $userinput);
             $qresult.="$hashref->{$queries[$i]}&";          } else {
         }  
         if (&untie_domain_hash($hashref)) {  
             $qresult=~s/\&$//;  
             if ($cipher) {              if ($cipher) {
                 my $cmdlength=length($qresult);                  my $cmdlength=length($res);
                 $qresult.="         ";                  $res.="         ";
                 my $encqresult='';                  my $encres='';
                 for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {                  for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
                     $encqresult.= unpack("H16",                      $encres.= unpack("H16",
                                          $cipher->encrypt(substr($qresult,                                       $cipher->encrypt(substr($res,
                                                                  $encidx,                                                               $encidx,
                                                                  8)));                                                               8)));
                 }                  }
                 &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);                  &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
             } else {              } else {
                 &Failure( $client, "error:no_key\n", $userinput);                  &Failure( $client, "error:no_key\n",$userinput);
             }              }
           }
       }
       return 1;
   }
   &register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
   
   #
   # Encrypted get from the namespace database file at the domain level.
   # This function retrieves a keyed item from a specific named database in the
   # domain directory.
   #
   # Parameters:
   #   $cmd             - Command request keyword (lti).
   #   $tail            - Tail of the command.  This is a colon-separated list
   #                      consisting of the domain, coursenum, if for LTI-
   #                      enabled deep-linking to course content using
   #                      link protection configured within a course,
   #                      context (=deeplink) if for LTI-enabled deep-linking
   #                      to course content using LTI Provider settings
   #                      configured within a course's domain, the (escaped)
   #                      launch URL, the (escaped) method (typically POST),
   #                      and a frozen hash of the LTI launch parameters
   #                      from the LTI payload.
   #   $client          - File descriptor open on the client.
   # Returns:
   #   1       - Continue processing.
   #   0       - Exit.
   #  Side effects:
   #     The reply will contain an LTI itemID, if the signed LTI payload
   #     could be verified using the consumer key and the shared secret 
   #     available for that key (for the itemID) for either the course or domain, 
   #     depending on values for cnum and context. The reply is encrypted before 
   #     being written to $client.
   #
   sub lti_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $userinput = "$cmd:$tail";
   
       my ($cdom,$cnum,$context,$escurl,$escmethod,$items) = split(/:/,$tail);
       my $url = &unescape($escurl);
       my $method = &unescape($escmethod);
       my $params = &Apache::lonnet::thaw_unescape($items);
       my $res;
       if ($cnum ne '') {
           $res = &LONCAPA::Lond::crslti_itemid($cdom,$cnum,$url,$method,$params,$perlvar{'lonVersion'});
       } else {
           $res = &LONCAPA::Lond::domlti_itemid($cdom,$context,$url,$method,$params,$perlvar{'lonVersion'});
       }
       if ($res =~ /^error:/) {
           &Failure($client, \$res, $userinput);
       } else {
           if ($cipher) {
               my $cmdlength=length($res);
               $res.="         ";
               my $encres='';
               for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
                   $encres.= unpack("H16",
                                    $cipher->encrypt(substr($res,
                                                            $encidx,
                                                            8)));
               }
               &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
         } else {          } else {
             &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".              &Failure( $client, "error:no_key\n",$userinput);
                       "while attempting egetdom\n",$userinput);          }
       }
       return 1;
   }
   &register_handler("lti", \&lti_handler, 1, 1, 0);
   
   #
   # LTI data for launch payload (received encrypted) are unencrypted and
   # then signed with the appropriate key and secret, before re-encrypting
   # for sending as the signed payload to the client (caller lonnet::sign_lti()).
   #
   # Parameters:
   #   $cmd             - Command request keyword (signlti).
   #   $tail            - Tail of the command.  This is a colon-separated list
   #                      consisting of the domain, coursenum (if for an External
   #                      Tool defined in a course), crstool (true if defined in
   #                      a course), escaped launch URL, numeric ID of external tool
   #                      version number for encryption key (if tool's LTI secret was
   #                      encrypted before storing), post (true if signed data are
   #                      to be returned from Net::OAuth, as a post_body),
   #                      a frozen hash of LTI launch parameters, and a frozen hash
   #                      of LTI config data (i.e., method => signature method).
   #   $client          - File descriptor open on the client.
   # Returns:
   #   1       - Continue processing.
   #   0       - Exit.
   #  Side effects:
   #     The reply will contain the LTI payload, as & separated key=value pairs,
   #     where value is itself a frozen hash, if the required key and secret
   #     for the apecific tool ID are available. The payload data are retrived from
   #     a call to Lond::sign_params(), and the reply is encrypted before being
   #     written to $client.
   #
   sub sign_lti_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $userinput = "$cmd:$tail";
   
       my ($cdom,$cnum,$crstool,$escurl,$idx,$keynum,$post,$paramsref,$inforef) = split(/:/,$tail);
       my $url = &unescape($escurl);
       my $params = &Apache::lonnet::thaw_unescape($paramsref);
       my $info = &Apache::lonnet::thaw_unescape($inforef);
       my $res =
           &LONCAPA::Lond::sign_params($cdom,$cnum,$crstool,$url,$idx,$keynum,
                                       $post,$perlvar{'lonVersion'},$params,$info);
       my $result;
       if (ref($res) eq 'HASH') {
           foreach my $key (keys(%{$res})) {
               $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($res->{$key}).'&';
         }          }
           $result =~ s/\&$//;
     } else {      } else {
         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".          $result = $res;
                  "while attempting egetdom\n",$userinput);      }
       if ($result =~ /^error:/) {
           &Failure($client, \$result, $userinput);
       } else {
           if ($cipher) {
               my $cmdlength=length($result);
               $result.="         ";
               my $encres='';
               for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
                   $encres.= unpack("H16",
                                    $cipher->encrypt(substr($result,
                                                            $encidx,
                                                            8)));
               }
               &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
           } else {
               &Failure( $client, "error:no_key\n",$userinput);
           }
     }      }
     return 1;      return 1;
 }  }
 &register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);  &register_handler("signlti", \&sign_lti_handler, 1, 1, 0);
   
 #  #
 #  Puts an id to a domains id database.   #  Puts an id to a domains id database. 
Line 5504  sub tmp_put_handler { Line 5802  sub tmp_put_handler {
     }      }
     my ($id,$store);      my ($id,$store);
     $tmpsnum++;      $tmpsnum++;
     if (($context eq 'resetpw') || ($context eq 'createaccount')) {      my $numtries = 0;
         $id = &md5_hex(&md5_hex(time.{}.rand().$$));      my $execdir=$perlvar{'lonDaemons'};
       if (($context eq 'resetpw') || ($context eq 'createaccount') ||
           ($context eq 'sso') || ($context eq 'link') || ($context eq 'retry')) {
           $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
           while ((-e "$execdir/tmp/$id.tmp") && ($numtries <10)) {
               undef($id);
               $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
               $numtries ++;
           }
     } else {      } else {
         $id = $$.'_'.$clientip.'_'.$tmpsnum;          $id = $$.'_'.$clientip.'_'.$tmpsnum;
     }      }
     $id=~s/\W/\_/g;      $id=~s/\W/\_/g;
     $record=~s/\n//g;      $record=~s/\n//g;
     my $execdir=$perlvar{'lonDaemons'};      if (($id ne '') &&
     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {          ($store=IO::File->new(">$execdir/tmp/$id.tmp"))) {
  print $store $record;   print $store $record;
  close $store;   close $store;
  &Reply($client, \$id, $userinput);   &Reply($client, \$id, $userinput);
Line 5595  sub tmp_del_handler { Line 5901  sub tmp_del_handler {
 &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);  &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
   
 #  #
   #  Process the updatebalcookie command.  This command updates a
   #  cookie in the lonBalancedir directory on a load balancer node.
   #
   # Parameters:
   #   $cmd      - Command that got us here.
   #   $tail     - Tail of the request (escaped cookie: escaped current entry)
   #
   #   $client   - socket open on the client process.
   #
   # Returns:
   #   1     - Indicating processing should continue.
   # Side Effects:
   #   A cookie file is updated from the lonBalancedir directory
   #   A reply is sent to the client.
   #
   sub update_balcookie_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $userinput= "$cmd:$tail";
       chomp($tail);
       my ($cookie,$lastentry) = map { &unescape($_) } (split(/:/,$tail));
   
       my $updatedone;
       if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
           my $execdir=$perlvar{'lonBalanceDir'};
           if (-e "$execdir/$cookie.id") {
               my $doupdate;
               if (open(my $fh,'<',"$execdir/$cookie.id")) {
                   while (my $line = <$fh>) {
                       chomp($line);
                       if ($line eq $lastentry) {
                           $doupdate = 1;
                           last;
                       }
                   }
                   close($fh);
               }
               if ($doupdate) {
                   if (open(my $fh,'>',"$execdir/$cookie.id")) {
                       print $fh $clientname;
                       close($fh);
                       $updatedone = 1;
                   }
               }
           }
       }
       if ($updatedone) {
           &Reply($client, "ok\n", $userinput);
       } else {
           &Failure( $client, "error: ".($!+0)."file update failed ".
                     "while attempting updatebalcookie\n", $userinput);
       }
       return 1;
   }
   &register_handler("updatebalcookie", \&update_balcookie_handler, 0, 1, 0);
   
   #
 #  Process the delbalcookie command. This command deletes a balancer  #  Process the delbalcookie command. This command deletes a balancer
 #  cookie in the lonBalancedir directory created by switchserver  #  cookie in the lonBalancedir directory on a load balancer node.
 #  #
 # Parameters:  # Parameters:
 #   $cmd      - Command that got us here.  #   $cmd      - Command that got us here.
Line 5614  sub del_balcookie_handler { Line 5977  sub del_balcookie_handler {
     my $userinput= "$cmd:$cookie";      my $userinput= "$cmd:$cookie";
   
     chomp($cookie);      chomp($cookie);
       $cookie = &unescape($cookie);
     my $deleted = '';      my $deleted = '';
     if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {      if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
         my $execdir=$perlvar{'lonBalanceDir'};          my $execdir=$perlvar{'lonBalanceDir'};
Line 5829  sub validate_instcode_handler { Line 6193  sub validate_instcode_handler {
 }  }
 &register_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);  &register_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);
   
   #
   #  Validate co-owner for cross-listed institutional code and
   #  institutional course code itself used for a LON-CAPA course.
   #
   # Formal Parameters:
   #   $cmd          - The command request that got us dispatched.
   #   $tail         - The tail of the command.  In this case,
   #                   this is a colon separated string containing:
   #      $dom            - Course's LON-CAPA domain
   #      $instcode       - Institutional course code for the course
   #      $inst_xlist     - Institutional course Id for the crosslisting
   #      $coowner        - Username of co-owner
   #      (values for all but $dom have been escaped). 
   #
   #   $client       - Socket open on the client.
   # Returns:
   #    1           - Indicating processing should continue.
   #
   sub validate_instcrosslist_handler  {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($dom,$instcode,$inst_xlist,$coowner) = split(/:/,$tail);
       $instcode = &unescape($instcode);
       $inst_xlist = &unescape($inst_xlist);
       $coowner = &unescape($coowner);
       my $outcome = &localenroll::validate_crosslist_access($dom,$instcode,
                                                             $inst_xlist,$coowner);
       &Reply($client, \$outcome, $userinput);
   
       return 1;
   }
   &register_handler("autovalidateinstcrosslist", \&validate_instcrosslist_handler, 0, 1, 0);
   
 #   Get the official sections for which auto-enrollment is possible.  #   Get the official sections for which auto-enrollment is possible.
 #   Since the admin people won't know about 'unofficial sections'   #   Since the admin people won't know about 'unofficial sections' 
 #   we cannot auto-enroll on them.  #   we cannot auto-enroll on them.
Line 5953  sub validate_class_access_handler { Line 6350  sub validate_class_access_handler {
 &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);  &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);
   
 #  #
   #    Modify institutional sections (using customized &instsec_reformat()
   #    routine in localenroll.pm), to either clutter or declutter, for  
   #    purposes of ensuring an institutional course section (string) can
   #    be unambiguously separated into institutional course and section.
   #
   # Formal Parameters:
   #    $cmd     - The command request that got us dispatched.
   #    $tail    - The tail of the command.   In this case this is a colon separated
   #               set of values that will be split into:
   #               $cdom        - The LON-CAPA domain of the course.
   #               $action      - Either: clutter or declutter
   #                              clutter adds character(s) to eliminate ambiguity
   #                              declutter removes the added characters (e.g., for
   #                              display of the institutional course section string.
   #               $info        - A frozen hash in which keys are: 
   #                              LON-CAPA course number:Institutional course code
   #                              and values are a reference to an array of the
   #                              items to modify -- either institutional sections,
   #                              or institutional course sections (for crosslistings). 
   #    $client  - The socket open on the client.
   # Returns:
   #    1 - continue processing.
   #   
   
   sub instsec_reformat_handler {
       my ($cmd, $tail, $client) = @_;
       my $userinput = "$cmd:$tail";
       my ($cdom,$action,$info) = split(/:/,$tail);
       my $instsecref = &Apache::lonnet::thaw_unescape($info);
       my ($outcome,$result);
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome=&localenroll::instsec_reformat($cdom,$action,$instsecref);
           if ($outcome eq 'ok') {
               if (ref($instsecref) eq 'HASH') {
                   foreach my $key (keys(%{$instsecref})) {
                       $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($instsecref->{$key}).'&';
                   }
                   $result =~ s/\&$//;
               }
           }
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               &Reply( $client, \$result, $userinput);
           } else {
               &Reply($client,\$outcome, $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
       return 1;
   }
   &register_handler("autoinstsecreformat",\&instsec_reformat_handler, 0, 1, 0);
   
   #
 #   Validate course owner or co-owners(s) access to enrollment data for all sections  #   Validate course owner or co-owners(s) access to enrollment data for all sections
 #   and crosslistings for a particular course.  #   and crosslistings for a particular course.
 #  #
Line 6456  sub get_institutional_selfcreate_rules { Line 6909  sub get_institutional_selfcreate_rules {
 }  }
 &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);  &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);
   
   sub get_unamemap_rules {
       my ($cmd, $tail, $client)   = @_;
       my $userinput               = "$cmd:$tail";
       my $dom = &unescape($tail);
       my (%rules_hash,@rules_order);
       my $outcome;
       eval {
           local($SIG{__DIE__})='DEFAULT';
           $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order);
       };
       if (!$@) {
           if ($outcome eq 'ok') {
               my $result;
               foreach my $key (keys(%rules_hash)) {
                   $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
               }
               $result =~ s/\&$//;
               $result .= ':';
               if (@rules_order > 0) {
                   foreach my $item (@rules_order) {
                       $result .= &escape($item).'&';
                   }
               }
               $result =~ s/\&$//;
               &Reply($client,\$result,$userinput);
           } else {
               &Reply($client,"error\n", $userinput);
           }
       } else {
           &Failure($client,"unknown_cmd\n",$userinput);
       }
   }
   &register_handler("unamemaprules",\&get_unamemap_rules,0,1,0);
   
 sub institutional_username_check {  sub institutional_username_check {
     my ($cmd, $tail, $client)   = @_;      my ($cmd, $tail, $client)   = @_;
Line 7542  sub make_new_child { Line 8028  sub make_new_child {
         &Authen::Krb5::init_context();          &Authen::Krb5::init_context();
   
         my $no_ets;          my $no_ets;
         if ($dist =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) {          if ($dist =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) {
             if ($1 >= 7) {              if ($1 >= 7) {
                 $no_ets = 1;                  $no_ets = 1;
             }              }
Line 7731  sub make_new_child { Line 8217  sub make_new_child {
  Debug("Main: Got $user_input\n");   Debug("Main: Got $user_input\n");
  $keep_going = &process_request($user_input);   $keep_going = &process_request($user_input);
  alarm(0);   alarm(0);
  &status('Listening to '.$clientname." ($keymode)");      &status('Listening to '.$clientname." ($keymode)");
     }      }
   
 # --------------------------------------------- client unknown or fishy, refuse  # --------------------------------------------- client unknown or fishy, refuse
Line 7747  sub make_new_child { Line 8233  sub make_new_child {
           
     &logthis("<font color='red'>CRITICAL: "      &logthis("<font color='red'>CRITICAL: "
      ."Disconnect from $clientip ($clientname)</font>");           ."Disconnect from $clientip ($clientname)</font>");    
       
       
     # this exit is VERY important, otherwise the child will become      # this exit is VERY important, otherwise the child will become
     # a producer of more and more children, forking yourself into      # a producer of more and more children, forking yourself into
     # process death.      # process death.
Line 8037  sub validate_user { Line 8523  sub validate_user {
             } elsif ((($domdefaults{'auth_def'} eq 'krb4') ||               } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
                       ($domdefaults{'auth_def'} eq 'krb5')) &&                        ($domdefaults{'auth_def'} eq 'krb5')) &&
                      ($domdefaults{'auth_arg_def'} ne '')) {                       ($domdefaults{'auth_arg_def'} ne '')) {
                 $howpwd = $domdefaults{'auth_def'};                  #
                 $contentpwd = $domdefaults{'auth_arg_def'};                   # Don't attempt authentication for username and password supplied
                   # for user without an account if uername contains @ to avoid
                   # call to &Authen::Krb5::parse_name() which will result in con_lost
                   #
                   unless ($user =~ /\@/) {
                       $howpwd = $domdefaults{'auth_def'};
                       $contentpwd = $domdefaults{'auth_arg_def'};
                   }
             }              }
         }          }
     }      }

Removed from v.1.559  
changed lines
  Added in v.1.577


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>