--- loncom/lond 2022/02/01 23:13:21 1.572 +++ loncom/lond 2022/02/27 01:43:13 1.575 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.572 2022/02/01 23:13:21 raeburn Exp $ +# $Id: lond,v 1.575 2022/02/27 01:43:13 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -65,7 +65,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.572 $'; #' stupid emacs +my $VERSION='$Revision: 1.575 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -259,6 +259,7 @@ my %trust = ( instidrules => {remote => 1, domroles => 1,}, instrulecheck => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, instselfcreatecheck => {institutiononly => 1}, + instunamemapcheck => {remote => 1,}, instuserrules => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1}, keys => {remote => 1,}, load => {anywhere => 1}, @@ -312,6 +313,7 @@ my %trust = ( tmpget => {institutiononly => 1}, tmpput => {remote => 1, othcoau => 1}, tokenauthuserfile => {anywhere => 1}, + unamemaprules => {remote => 1,}, unsub => {content => 1,}, update => {shared => 1}, updatebalcookie => {institutiononly => 1}, @@ -2655,6 +2657,36 @@ sub update_passwd_history { return; } +sub inst_unamemap_check { + my ($cmd, $tail, $client) = @_; + my $userinput = "$cmd:$tail"; + my %rulecheck; + my $outcome; + my ($udom,$uname,@rules) = split(/:/,$tail); + $udom = &unescape($udom); + $uname = &unescape($uname); + @rules = map {&unescape($_);} (@rules); + eval { + local($SIG{__DIE__})='DEFAULT'; + $outcome = &localenroll::unamemap_check($udom,$uname,\@rules,\%rulecheck); + }; + if (!$@) { + if ($outcome eq 'ok') { + my $result=''; + foreach my $key (keys(%rulecheck)) { + $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&'; + } + &Reply($client,\$result,$userinput); + } else { + &Reply($client,"error\n", $userinput); + } + } else { + &Failure($client,"unknown_cmd\n",$userinput); + } +} +®ister_handler("instunamemapcheck",\&inst_unamemap_check,0,1,0); + + # # Determines if this is the home server for a user. The home server # for a user will have his/her lon-capa passwd file. Therefore all we need @@ -5142,7 +5174,7 @@ sub get_domain_handler { my $userinput = "$cmd:$tail"; my ($udom,$namespace,$what)=split(/:/,$tail,3); - if ($namespace =~ /^enc/) { + if (($namespace =~ /^enc/) || ($namespace eq 'private')) { &Failure( $client, "refused\n", $userinput); } else { my $res = LONCAPA::Lond::get_dom($userinput); @@ -5181,23 +5213,28 @@ sub encrypted_get_domain_handler { my $userinput = "$cmd:$tail"; - my $res = LONCAPA::Lond::get_dom($userinput); - if ($res =~ /^error:/) { - &Failure($client, \$res, $userinput); + my ($udom,$namespace,$what) = split(/:/,$tail,3); + if ($namespace eq 'private') { + &Failure( $client, "refused\n", $userinput); } else { - if ($cipher) { - my $cmdlength=length($res); - $res.=" "; - my $encres=''; - for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { - $encres.= unpack("H16", - $cipher->encrypt(substr($res, - $encidx, - 8))); - } - &Reply( $client,"enc:$cmdlength:$encres\n",$userinput); + my $res = LONCAPA::Lond::get_dom($userinput); + if ($res =~ /^error:/) { + &Failure($client, \$res, $userinput); } else { - &Failure( $client, "error:no_key\n",$userinput); + if ($cipher) { + my $cmdlength=length($res); + $res.=" "; + my $encres=''; + for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { + $encres.= unpack("H16", + $cipher->encrypt(substr($res, + $encidx, + 8))); + } + &Reply( $client,"enc:$cmdlength:$encres\n",$userinput); + } else { + &Failure( $client, "error:no_key\n",$userinput); + } } } return 1; @@ -6801,6 +6838,39 @@ sub get_institutional_selfcreate_rules { } ®ister_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0); +sub get_unamemap_rules { + my ($cmd, $tail, $client) = @_; + my $userinput = "$cmd:$tail"; + my $dom = &unescape($tail); + my (%rules_hash,@rules_order); + my $outcome; + eval { + local($SIG{__DIE__})='DEFAULT'; + $outcome = &localenroll::unamemap_rules($dom,\%rules_hash,\@rules_order); + }; + if (!$@) { + if ($outcome eq 'ok') { + my $result; + foreach my $key (keys(%rules_hash)) { + $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&'; + } + $result =~ s/\&$//; + $result .= ':'; + if (@rules_order > 0) { + foreach my $item (@rules_order) { + $result .= &escape($item).'&'; + } + } + $result =~ s/\&$//; + &Reply($client,\$result,$userinput); + } else { + &Reply($client,"error\n", $userinput); + } + } else { + &Failure($client,"unknown_cmd\n",$userinput); + } +} +®ister_handler("unamemaprules",\&get_unamemap_rules,0,1,0); sub institutional_username_check { my ($cmd, $tail, $client) = @_; @@ -8382,8 +8452,15 @@ sub validate_user { } elsif ((($domdefaults{'auth_def'} eq 'krb4') || ($domdefaults{'auth_def'} eq 'krb5')) && ($domdefaults{'auth_arg_def'} ne '')) { - $howpwd = $domdefaults{'auth_def'}; - $contentpwd = $domdefaults{'auth_arg_def'}; + # + # Don't attempt authentication for username and password supplied + # for user without an account if uername contains @ to avoid + # call to &Authen::Krb5::parse_name() which will result in con_lost + # + unless ($user =~ /\@/) { + $howpwd = $domdefaults{'auth_def'}; + $contentpwd = $domdefaults{'auth_arg_def'}; + } } } }