[LON-CAPA-cvs] cvs: loncom / lond /interface domainprefs.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Mon May 8 23:04:33 EDT 2017
raeburn Tue May 9 03:04:33 2017 EDT
Modified files:
/loncom lond
/loncom/interface domainprefs.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Key and Secret for LTI Tools are stored in a separate GDBM file
(encconfig.db) on primary library server in domain so more specific domain
trust settings can apply than is the case for regular domain configuration
(in configuration.db).
- Storage and retrieval of data from GDBM files for domain, with namespaces
beginning 'enc' use encryption when data are transferred.
-------------- next part --------------
Index: loncom/lond
diff -u loncom/lond:1.535 loncom/lond:1.536
--- loncom/lond:1.535 Mon Mar 20 13:53:22 2017
+++ loncom/lond Tue May 9 03:04:21 2017
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.535 2017/03/20 13:53:22 raeburn Exp $
+# $Id: lond,v 1.536 2017/05/09 03:04:21 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -65,7 +65,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.535 $'; #' stupid emacs
+my $VERSION='$Revision: 1.536 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -229,6 +229,7 @@
dump => {remote => 1, enroll => 1, domroles => 1},
edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
+ egetdom => {remote => 1, domroles => 1, enroll => 1, },
ekey => {}, #not used currently
exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},
@@ -3393,7 +3394,8 @@
#
# Parameters:
# $cmd - Command keyword of request (eget).
-# $tail - Tail of the command. See GetProfileEntry# for more information about this.
+# $tail - Tail of the command. See GetProfileEntry
+# for more information about this.
# $client - File open on the client.
# Returns:
# 1 - Continue processing
@@ -4876,7 +4878,41 @@
my ($cmd, $tail, $client) = @_;
- my $userinput = "$client:$tail";
+ my $userinput = "$cmd:$tail";
+
+ my ($udom,$namespace,$what)=split(/:/,$tail,3);
+ chomp($what);
+ if ($namespace =~ /^enc/) {
+ &Failure( $client, "refused\n", $userinput);
+ } else {
+ my @queries=split(/\&/,$what);
+ my $qresult='';
+ my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
+ if ($hashref) {
+ for (my $i=0;$i<=$#queries;$i++) {
+ $qresult.="$hashref->{$queries[$i]}&";
+ }
+ if (&untie_domain_hash($hashref)) {
+ $qresult=~s/\&$//;
+ &Reply($client, \$qresult, $userinput);
+ } else {
+ &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ "while attempting getdom\n",$userinput);
+ }
+ } else {
+ &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ "while attempting getdom\n",$userinput);
+ }
+ }
+
+ return 1;
+}
+®ister_handler("getdom", \&get_domain_handler, 0, 1, 0);
+
+sub encrypted_get_domain_handler {
+ my ($cmd, $tail, $client) = @_;
+
+ my $userinput = "$cmd:$tail";
my ($udom,$namespace,$what)=split(/:/,$tail,3);
chomp($what);
@@ -4889,19 +4925,31 @@
}
if (&untie_domain_hash($hashref)) {
$qresult=~s/\&$//;
- &Reply($client, \$qresult, $userinput);
+ if ($cipher) {
+ my $cmdlength=length($qresult);
+ $qresult.=" ";
+ my $encqresult='';
+ for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+ $encqresult.= unpack("H16",
+ $cipher->encrypt(substr($qresult,
+ $encidx,
+ 8)));
+ }
+ &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
+ } else {
+ &Failure( $client, "error:no_key\n", $userinput);
+ }
} else {
&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
- "while attempting getdom\n",$userinput);
+ "while attempting egetdom\n",$userinput);
}
} else {
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- "while attempting getdom\n",$userinput);
+ "while attempting egetdom\n",$userinput);
}
-
return 1;
}
-®ister_handler("getdom", \&get_domain_handler, 0, 1, 0);
+®ister_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
#
# Puts an id to a domains id database.
@@ -5801,7 +5849,7 @@
return 1;
}
®ister_handler("autoexportgrades", \&auto_export_grades_handler,
- 0, 1, 0);
+ 1, 1, 0);
# Retrieve and remove temporary files created by/during autoenrollment.
#
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.296 loncom/interface/domainprefs.pm:1.297
--- loncom/interface/domainprefs.pm:1.296 Tue Apr 25 22:18:59 2017
+++ loncom/interface/domainprefs.pm Tue May 9 03:04:26 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.296 2017/04/25 22:18:59 raeburn Exp $
+# $Id: domainprefs.pm,v 1.297 2017/05/09 03:04:26 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -27,7 +27,7 @@
#
#
###############################################################
-##############################################################
+###############################################################
=pod
@@ -220,6 +220,19 @@
'coursedefaults','usersessions','loadbalancing',
'requestauthor','selfenrollment','inststatus',
'ltitools','ssl','trust'],$dom);
+ if (ref($domconfig{'ltitools'}) eq 'HASH') {
+ my %encconfig =
+ &Apache::lonnet::get_dom('encconfig',['ltitools'],$dom);
+ if (ref($encconfig{'ltitools'}) eq 'HASH') {
+ foreach my $id (keys(%{$domconfig{'ltitools'}})) {
+ if (ref($domconfig{'ltitools'}{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $domconfig{'ltitools'}{$id}{$item} = $encconfig{'ltitools'}{$id}{$item};
+ }
+ }
+ }
+ }
+ }
my @prefs_order = ('rolecolors','login','defaults','quotas','autoenroll',
'autoupdate','autocreate','directorysrch','contacts',
'usercreation','selfcreation','usermodification','scantron',
@@ -9466,7 +9479,7 @@
sub modify_ltitools {
my ($r,$dom,$action,$lastactref,%domconfig) = @_;
my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
- my ($newid, at allpos,%changes,%confhash,$errors,$resulttext);
+ my ($newid, at allpos,%changes,%confhash,%encconfig,$errors,$resulttext);
my $confname = $dom.'-domainconfig';
my $servadm = $r->dir_config('lonAdmEMail');
my ($configuserok,$author_ok,$switchserver) = &config_check($dom,$confname,$servadm);
@@ -9491,7 +9504,11 @@
foreach my $item ('title','url','key','secret') {
$env{'form.ltitools_add_'.$item} =~ s/(`)/'/g;
if ($env{'form.ltitools_add_'.$item}) {
- $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item};
+ if (($item eq 'key') || ($item eq 'secret')) {
+ $encconfig{$newid}{$item} = $env{'form.ltitools_add_'.$item};
+ } else {
+ $confhash{$newid}{$item} = $env{'form.ltitools_add_'.$item};
+ }
}
}
if ($env{'form.ltitools_add_version'} eq 'LTI-1p0') {
@@ -9598,12 +9615,18 @@
} else {
my $newpos = $env{'form.ltitools_'.$itemid};
$newpos =~ s/\D+//g;
- foreach my $item ('title','url','key','secret') {
+ foreach my $item ('title','url') {
$confhash{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) {
$changes{$itemid} = 1;
}
}
+ foreach my $item ('key','secret') {
+ $encconfig{$itemid}{$item} = $env{'form.ltitools_'.$item.'_'.$i};
+ if ($domconfig{$action}{$itemid}{$item} ne $encconfig{$itemid}{$item}) {
+ $changes{$itemid} = 1;
+ }
+ }
if ($env{'form.ltitools_version_'.$i} eq 'LTI-1p0') {
$confhash{$itemid}{'version'} = $env{'form.ltitools_version_'.$i};
}
@@ -9806,9 +9829,21 @@
my $putresult = &Apache::lonnet::put_dom('configuration',\%ltitoolshash,
$dom);
if ($putresult eq 'ok') {
+ my %ltienchash = (
+ $action => { %encconfig }
+ );
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom);
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
- &Apache::lonnet::do_cache_new('ltitools',$dom,\%confhash,$cachetime);
+ my %ltiall = %confhash;
+ foreach my $id (keys(%ltiall)) {
+ if (ref($encconfig{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $ltiall{$id}{$item} = $encconfig{$id}{$item};
+ }
+ }
+ }
+ &Apache::lonnet::do_cache_new('ltitools',$dom,\%ltiall,$cachetime);
if (ref($lastactref) eq 'HASH') {
$lastactref->{'ltitools'} = 1;
}
@@ -9832,14 +9867,17 @@
$resulttext .= '</li><ul>';
my $position = $pos + 1;
$resulttext .= '<li>'.&mt('Order: [_1]',$position).'</li>';
- foreach my $item ('version','msgtype','url','key') {
+ foreach my $item ('version','msgtype','url') {
if ($confhash{$itemid}{$item} ne '') {
$resulttext .= '<li>'.$lt{$item}.': '.$confhash{$itemid}{$item}.'</li>';
}
}
- if ($confhash{$itemid}{'secret'} ne '') {
+ if ($encconfig{$itemid}{'key'} ne '') {
+ $resulttext .= '<li>'.$lt{'key'}.': '.$encconfig{$itemid}{'key'}.'</li>';
+ }
+ if ($encconfig{$itemid}{'secret'} ne '') {
$resulttext .= '<li>'.$lt{'secret'}.': ';
- my $num = length($confhash{$itemid}{'secret'});
+ my $num = length($encconfig{$itemid}{'secret'});
$resulttext .= ('*'x$num).'</li>';
}
$resulttext .= '<li>'.&mt('Configurable in course:');
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1343 loncom/lonnet/perl/lonnet.pm:1.1344
--- loncom/lonnet/perl/lonnet.pm:1.1343 Mon May 8 14:20:26 2017
+++ loncom/lonnet/perl/lonnet.pm Tue May 9 03:04:32 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1343 2017/05/08 14:20:26 raeburn Exp $
+# $Id: lonnet.pm,v 1.1344 2017/05/09 03:04:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1845,7 +1845,12 @@
}
}
if ($udom && $uhome && ($uhome ne 'no_host')) {
- my $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ my $rep;
+ if ($namespace =~ /^enc/) {
+ $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome);
+ } else {
+ $rep=&reply("getdom:$udom:$namespace:$items",$uhome);
+ }
my %returnhash;
if ($rep eq '' || $rep =~ /^error: 2 /) {
return %returnhash;
@@ -1889,7 +1894,11 @@
$items.=&escape($item).'='.&freeze_escape($$storehash{$item}).'&';
}
$items=~s/\&$//;
- return &reply("putdom:$udom:$namespace:$items",$uhome);
+ if ($namespace =~ /^enc/) {
+ return &reply("encrypt:putdom:$udom:$namespace:$items",$uhome);
+ } else {
+ return &reply("putdom:$udom:$namespace:$items",$uhome);
+ }
} else {
&logthis("put_dom failed - no homeserver and/or domain");
}
@@ -10956,6 +10965,16 @@
my %domconfig = &get_dom('configuration',['ltitools'],$cdom);
if (ref($domconfig{'ltitools'}) eq 'HASH') {
%ltitools = %{$domconfig{'ltitools'}};
+ my %encdomconfig = &get_dom('encconfig',['ltitools'],$cdom);
+ if (ref($encdomconfig{'ltitools'}) eq 'HASH') {
+ foreach my $id (keys(%ltitools)) {
+ if (ref($encdomconfig{'ltitools'}{$id}) eq 'HASH') {
+ foreach my $item ('key','secret') {
+ $ltitools{$id}{$item} = $encdomconfig{'ltitools'}{$id}{$item};
+ }
+ }
+ }
+ }
}
my $cachetime = 24*60*60;
&do_cache_new('ltitools',$cdom,\%ltitools,$cachetime);
More information about the LON-CAPA-cvs
mailing list