version 1.258, 2004/09/14 20:18:41
|
version 1.261, 2004/10/18 10:13:46
|
Line 1806 sub change_authentication_handler {
|
Line 1806 sub change_authentication_handler {
|
chomp($npass); |
chomp($npass); |
|
|
$npass=&unescape($npass); |
$npass=&unescape($npass); |
|
my $oldauth = &get_auth_type($udom, $uname); # Get old auth info. |
my $passfilename = &password_path($udom, $uname); |
my $passfilename = &password_path($udom, $uname); |
if ($passfilename) { # Not allowed to create a new user!! |
if ($passfilename) { # Not allowed to create a new user!! |
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
|
# |
|
# If the current auth mode is internal, and the old auth mode was |
|
# unix, or krb*, and the user is an author for this domain, |
|
# re-run manage_permissions for that role in order to be able |
|
# to take ownership of the construction space back to www:www |
|
# |
|
|
|
if( ($oldauth =~ /^unix/) && ($umode eq "internal")) { # unix -> internal |
|
if(&is_author($udom, $uname)) { |
|
&Debug(" Need to manage author permissions..."); |
|
&manage_permissions("/$udom/_au", $udom, $uname, "internal:"); |
|
} |
|
} |
|
|
|
|
&Reply($client, $result, $userinput); |
&Reply($client, $result, $userinput); |
} else { |
} else { |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
Line 2445 sub roles_put_handler {
|
Line 2461 sub roles_put_handler {
|
# is done on close this improves the chances the log will be an un- |
# is done on close this improves the chances the log will be an un- |
# corrupted ordered thing. |
# corrupted ordered thing. |
if ($hashref) { |
if ($hashref) { |
|
my $pass_entry = &get_auth_type($udom, $uname); |
|
my ($auth_type,$pwd) = split(/:/, $pass_entry); |
|
$auth_type = $auth_type.":"; |
my @pairs=split(/\&/,$what); |
my @pairs=split(/\&/,$what); |
foreach my $pair (@pairs) { |
foreach my $pair (@pairs) { |
my ($key,$value)=split(/=/,$pair); |
my ($key,$value)=split(/=/,$pair); |
&manage_permissions($key, $udom, $uname, |
&manage_permissions($key, $udom, $uname, |
&get_auth_type( $udom, $uname)); |
$auth_type); |
$hashref->{$key}=$value; |
$hashref->{$key}=$value; |
} |
} |
if (untie($hashref)) { |
if (untie($hashref)) { |
Line 4922 sub make_new_child {
|
Line 4941 sub make_new_child {
|
exit; |
exit; |
|
|
} |
} |
|
# |
|
# Determine if a user is an author for the indicated domain. |
|
# |
|
# Parameters: |
|
# domain - domain to check in . |
|
# user - Name of user to check. |
|
# |
|
# Return: |
|
# 1 - User is an author for domain. |
|
# 0 - User is not an author for domain. |
|
sub is_author { |
|
my ($domain, $user) = @_; |
|
|
|
&Debug("is_author: $user @ $domain"); |
|
|
|
my $hashref = &tie_user_hash($domain, $user, "roles", |
|
&GDBM_READER()); |
|
|
|
# Author role should show up as a key /domain/_au |
|
|
|
my $key = "/$domain/_au"; |
|
my $value = $hashref->{$key}; |
|
|
|
if(defined($value)) { |
|
&Debug("$user @ $domain is an author"); |
|
} |
|
|
|
return defined($value); |
|
} |
# |
# |
# Checks to see if the input roleput request was to set |
# Checks to see if the input roleput request was to set |
# an author role. If so, invokes the lchtmldir script to set |
# an author role. If so, invokes the lchtmldir script to set |
Line 4938 sub make_new_child {
|
Line 4984 sub make_new_child {
|
sub manage_permissions |
sub manage_permissions |
{ |
{ |
|
|
|
|
my ($request, $domain, $user, $authtype) = @_; |
my ($request, $domain, $user, $authtype) = @_; |
|
|
|
&Debug("manage_permissions: $request $domain $user $authtype"); |
|
|
# See if the request is of the form /$domain/_au |
# See if the request is of the form /$domain/_au |
if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput... |
if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput... |
my $execdir = $perlvar{'lonDaemons'}; |
my $execdir = $perlvar{'lonDaemons'}; |
my $userhome= "/home/$user" ; |
my $userhome= "/home/$user" ; |
&logthis("system $execdir/lchtmldir $userhome $user $authtype"); |
&logthis("system $execdir/lchtmldir $userhome $user $authtype"); |
|
&Debug("Setting homedir permissions for $userhome"); |
system("$execdir/lchtmldir $userhome $user $authtype"); |
system("$execdir/lchtmldir $userhome $user $authtype"); |
} |
} |
} |
} |
Line 5040 sub get_auth_type
|
Line 5090 sub get_auth_type
|
Debug("Password info = $realpassword\n"); |
Debug("Password info = $realpassword\n"); |
my ($authtype, $contentpwd) = split(/:/, $realpassword); |
my ($authtype, $contentpwd) = split(/:/, $realpassword); |
Debug("Authtype = $authtype, content = $contentpwd\n"); |
Debug("Authtype = $authtype, content = $contentpwd\n"); |
my $availinfo = ''; |
return "$authtype:$contentpwd"; |
if($authtype eq 'krb4' or $authtype eq 'krb5') { |
|
$availinfo = $contentpwd; |
|
} |
|
|
|
return "$authtype:$availinfo"; |
|
} else { |
} else { |
Debug("Returning nouser"); |
Debug("Returning nouser"); |
return "nouser"; |
return "nouser"; |
Line 5394 sub make_passwd_file {
|
Line 5439 sub make_passwd_file {
|
if ($umode eq 'krb4' or $umode eq 'krb5') { |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
{ |
{ |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
print $pf "$umode:$npass\n"; |
if ($pf) { |
|
print $pf "$umode:$npass\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
} elsif ($umode eq 'internal') { |
} elsif ($umode eq 'internal') { |
my $salt=time; |
my $salt=time; |
Line 5403 sub make_passwd_file {
|
Line 5452 sub make_passwd_file {
|
{ |
{ |
&Debug("Creating internal auth"); |
&Debug("Creating internal auth"); |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
print $pf "internal:$ncpass\n"; |
if($pf) { |
|
print $pf "internal:$ncpass\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
} elsif ($umode eq 'localauth') { |
} elsif ($umode eq 'localauth') { |
{ |
{ |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
print $pf "localauth:$npass\n"; |
if($pf) { |
|
print $pf "localauth:$npass\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
} elsif ($umode eq 'unix') { |
} elsif ($umode eq 'unix') { |
{ |
{ |
Line 5447 sub make_passwd_file {
|
Line 5504 sub make_passwd_file {
|
$result = "lcuseradd_failed:$error_text\n"; |
$result = "lcuseradd_failed:$error_text\n"; |
} else { |
} else { |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
print $pf "unix:\n"; |
if($pf) { |
|
print $pf "unix:\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
} |
} |
} elsif ($umode eq 'none') { |
} elsif ($umode eq 'none') { |
{ |
{ |
my $pf = IO::File->new("> $passfilename"); |
my $pf = IO::File->new("> $passfilename"); |
print $pf "none:\n"; |
if($pf) { |
|
print $pf "none:\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
} else { |
} else { |
$result="auth_mode_error\n"; |
$result="auth_mode_error\n"; |