[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm /lonnet/perl lonnet.pm
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Mon, 24 Mar 2008 05:23:19 -0000
raeburn Mon Mar 24 01:23:19 2008 EDT
Modified files:
/loncom/auth lonauth.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Authentication will be attempted for users attempting to log-in with usernames for which there is no user account, if account creation is permitted for the 'login' type.
- If supplied credentials are authenticated, the user will be able to create an account in the domain. (Requires default authentication in the domain to be Kerberos or localauth -- see lond 1.396).
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.89 loncom/auth/lonauth.pm:1.90
--- loncom/auth/lonauth.pm:1.89 Mon Oct 1 19:56:14 2007
+++ loncom/auth/lonauth.pm Mon Mar 24 01:23:10 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.89 2007/10/01 23:56:14 albertel Exp $
+# $Id: lonauth.pm,v 1.90 2008/03/24 05:23:10 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -37,6 +37,7 @@
use Apache::loncommon();
use Apache::lonnet;
use Apache::lonmenu();
+use Apache::createaccount;
use Fcntl qw(:flock);
use Apache::lonlocal;
@@ -263,9 +264,21 @@
}
# ---------------------------------------------------------------- Authenticate
- my $authhost=Apache::lonnet::authenticate($form{'uname'},
- $upass,
- $form{'udom'});
+ my $cancreate;
+ my %domconfig = &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'});
+ if (ref($domconfig{'usercreation'}) eq 'HASH') {
+ if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+ if ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') {
+ $cancreate = $domconfig{'usercreation'}{'cancreate'}{'selfcreate'};
+ }
+ }
+ }
+ my $defaultauth;
+ if ($cancreate eq 'any' || $cancreate eq 'login') {
+ $defaultauth = 1;
+ }
+ my $authhost=Apache::lonnet::authenticate($form{'uname'},$upass,
+ $form{'udom'},$defaultauth);
# --------------------------------------------------------------------- Failed?
@@ -273,6 +286,34 @@
&failed($r,'Username and/or password could not be authenticated.',
\%form);
return OK;
+ } elsif ($authhost eq 'no_account_on_host') {
+ my $cancreate;
+ my %domconfig =
+ &Apache::lonnet::get_dom('configuration',['usercreation'],$form{'udom'});
+ if (ref($domconfig{'usercreation'}) eq 'HASH') {
+ if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+ if ($domconfig{'usercreation'}{'cancreate'}{'selfcreate'} ne 'none') {
+ $cancreate = $domconfig{'usercreation'}{'cancreate'}{'selfcreate'};
+ }
+ }
+ }
+ if ($cancreate eq 'any' || $cancreate eq 'login') {
+ my $start_page =
+ &Apache::loncommon::start_page('Create a user account in LON-CAPA',
+ '',{'no_inline_link' => 1,});
+ my $domdesc = &Apache::lonnet::domain($form{'udom'},'description');
+ my $output = &Apache::createaccount::username_check($form{'uname'},
+ $form{'udom'},$domdesc);
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->send_http_header;
+ &Apache::createaccount::print_header($r,$start_page);
+ $r->print($output);
+ $r->print(&Apache::loncommon::end_page());
+ return OK;
+ } else {
+ &failed($r,'Although your username and password were authenticated, you do not currently have a LON-CAPA account in this domain, and you are not permitted to create one.',\%form);
+ return OK;
+ }
}
if (($firsturl eq '') ||
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.951 loncom/lonnet/perl/lonnet.pm:1.952
--- loncom/lonnet/perl/lonnet.pm:1.951 Mon Mar 24 00:55:54 2008
+++ loncom/lonnet/perl/lonnet.pm Mon Mar 24 01:23:19 2008
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.951 2008/03/24 04:55:54 raeburn Exp $
+# $Id: lonnet.pm,v 1.952 2008/03/24 05:23:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -705,24 +705,38 @@
# --------- Try to authenticate user from domain's lib servers (first this one)
sub authenticate {
- my ($uname,$upass,$udom)=@_;
+ my ($uname,$upass,$udom,$checkdefauth)=@_;
$upass=&escape($upass);
$uname= &LONCAPA::clean_username($uname);
my $uhome=&homeserver($uname,$udom,1);
+ my $newhome;
if ((!$uhome) || ($uhome eq 'no_host')) {
# Maybe the machine was offline and only re-appeared again recently?
&reconlonc();
# One more
- my $uhome=&homeserver($uname,$udom,1);
+ $uhome=&homeserver($uname,$udom,1);
+ if (($uhome eq 'no_host') && $checkdefauth) {
+ if (defined(&domain($udom,'primary'))) {
+ $newhome=&domain($udom,'primary');
+ }
+ if ($newhome ne '') {
+ $uhome = $newhome;
+ }
+ }
if ((!$uhome) || ($uhome eq 'no_host')) {
&logthis("User $uname at $udom is unknown in authenticate");
- }
- return 'no_host';
+ return 'no_host';
+ }
}
- my $answer=reply("encrypt:auth:$udom:$uname:$upass",$uhome);
+ my $answer=reply("encrypt:auth:$udom:$uname:$upass:$checkdefauth",$uhome);
if ($answer eq 'authorized') {
- &logthis("User $uname at $udom authorized by $uhome");
- return $uhome;
+ if ($newhome) {
+ &logthis("User $uname at $udom authorized by $uhome, but needs account");
+ return 'no_account_on_host';
+ } else {
+ &logthis("User $uname at $udom authorized by $uhome");
+ return $uhome;
+ }
}
if ($answer eq 'non_authorized') {
&logthis("User $uname at $udom rejected by $uhome");