version 1.284, 2005/06/03 18:23:19
|
version 1.287, 2005/06/27 10:27:02
|
Line 112 my %Dispatcher;
|
Line 112 my %Dispatcher;
|
# |
# |
my $lastpwderror = 13; # Largest error number from lcpasswd. |
my $lastpwderror = 13; # Largest error number from lcpasswd. |
my @passwderrors = ("ok", |
my @passwderrors = ("ok", |
"lcpasswd must be run as user 'www'", |
"pwchange_failure - lcpasswd must be run as user 'www'", |
"lcpasswd got incorrect number of arguments", |
"pwchange_failure - lcpasswd got incorrect number of arguments", |
"lcpasswd did not get the right nubmer of input text lines", |
"pwchange_failure - lcpasswd did not get the right nubmer of input text lines", |
"lcpasswd too many simultaneous pwd changes in progress", |
"pwchange_failure - lcpasswd too many simultaneous pwd changes in progress", |
"lcpasswd User does not exist.", |
"pwchange_failure - lcpasswd User does not exist.", |
"lcpasswd Incorrect current passwd", |
"pwchange_failure - lcpasswd Incorrect current passwd", |
"lcpasswd Unable to su to root.", |
"pwchange_failure - lcpasswd Unable to su to root.", |
"lcpasswd Cannot set new passwd.", |
"pwchange_failure - lcpasswd Cannot set new passwd.", |
"lcpasswd Username has invalid characters", |
"pwchange_failure - lcpasswd Username has invalid characters", |
"lcpasswd Invalid characters in password", |
"pwchange_failure - lcpasswd Invalid characters in password", |
"lcpasswd User already exists", |
"pwchange_failure - lcpasswd User already exists", |
"lcpasswd Something went wrong with user addition.", |
"pwchange_failure - lcpasswd Something went wrong with user addition.", |
"lcpasswd Password mismatch", |
"pwchange_failure - lcpasswd Password mismatch", |
"lcpasswd Error filename is invalid"); |
"pwchange_failure - lcpasswd Error filename is invalid"); |
|
|
|
|
# The array below are lcuseradd error strings.: |
# The array below are lcuseradd error strings.: |
Line 1701 sub change_password_handler {
|
Line 1701 sub change_password_handler {
|
&Failure( $client, "non_authorized\n",$userinput); |
&Failure( $client, "non_authorized\n",$userinput); |
} |
} |
} elsif ($howpwd eq 'unix') { |
} elsif ($howpwd eq 'unix') { |
# Unix means we have to access /etc/password |
my $result = &change_unix_password($uname, $npass); |
&Debug("auth is unix"); |
|
my $execdir=$perlvar{'lonDaemons'}; |
|
&Debug("Opening lcpasswd pipeline"); |
|
my $pf = IO::File->new("|$execdir/lcpasswd > " |
|
."$perlvar{'lonDaemons'}" |
|
."/logs/lcpasswd.log"); |
|
print $pf "$uname\n$npass\n$npass\n"; |
|
close $pf; |
|
my $err = $?; |
|
my $result = ($err>0 ? 'pwchange_failure' : 'ok'); |
|
&logthis("Result of password change for $uname: ". |
&logthis("Result of password change for $uname: ". |
&lcpasswdstrerror($?)); |
$result); |
&Reply($client, "$result\n", $userinput); |
&Reply($client, "$result\n", $userinput); |
} else { |
} else { |
# this just means that the current password mode is not |
# this just means that the current password mode is not |
Line 1812 sub add_user_handler {
|
Line 1802 sub add_user_handler {
|
# Implicit inputs: |
# Implicit inputs: |
# The authentication systems describe above have their own forms of implicit |
# The authentication systems describe above have their own forms of implicit |
# input into the authentication process that are described above. |
# input into the authentication process that are described above. |
|
# NOTE: |
|
# This is also used to change the authentication credential values (e.g. passwd). |
|
# |
# |
# |
sub change_authentication_handler { |
sub change_authentication_handler { |
|
|
Line 1831 sub change_authentication_handler {
|
Line 1824 sub change_authentication_handler {
|
my $oldauth = &get_auth_type($udom, $uname); # Get old auth info. |
my $oldauth = &get_auth_type($udom, $uname); # Get old auth info. |
my $passfilename = &password_path($udom, $uname); |
my $passfilename = &password_path($udom, $uname); |
if ($passfilename) { # Not allowed to create a new user!! |
if ($passfilename) { # Not allowed to create a new user!! |
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
# If just changing the unix passwd. need to arrange to run |
# |
# passwd since otherwise make_passwd_file will run |
# If the current auth mode is internal, and the old auth mode was |
# lcuseradd which fails if an account already exists |
# unix, or krb*, and the user is an author for this domain, |
# (to prevent an unscrupulous LONCAPA admin from stealing |
# re-run manage_permissions for that role in order to be able |
# an existing account by overwriting it as a LonCAPA account). |
# to take ownership of the construction space back to www:www |
|
# |
if(($oldauth =~/^unix/) && ($umode eq "unix")) { |
|
my $result = &change_unix_password($uname, $npass); |
if( (($oldauth =~ /^unix/) && ($umode eq "internal")) || |
&logthis("Result of password change for $uname: ".$result); |
(($oldauth =~ /^internal/) && ($umode eq "unix")) ) { |
if ($result eq "ok") { |
if(&is_author($udom, $uname)) { |
&Reply($client, "$result\n") |
&Debug(" Need to manage author permissions..."); |
} |
&manage_permissions("/$udom/_au", $udom, $uname, "$umode:"); |
else { |
|
&Failure($client, "$result\n"); |
} |
} |
} |
} |
|
else { |
|
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
|
# |
|
# If the current auth mode is internal, and the old auth mode was |
|
# unix, or krb*, and the user is an author for this domain, |
|
# re-run manage_permissions for that role in order to be able |
|
# to take ownership of the construction space back to www:www |
|
# |
|
|
|
|
|
if( (($oldauth =~ /^unix/) && ($umode eq "internal")) || |
|
(($oldauth =~ /^internal/) && ($umode eq "unix")) ) { |
|
if(&is_author($udom, $uname)) { |
|
&Debug(" Need to manage author permissions..."); |
|
&manage_permissions("/$udom/_au", $udom, $uname, "$umode:"); |
|
} |
|
} |
|
&Reply($client, $result, $userinput); |
|
} |
|
|
|
|
&Reply($client, $result, $userinput); |
|
} else { |
} else { |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
} |
} |
Line 4768 $SIG{USR2} = \&UpdateHosts;
|
Line 4780 $SIG{USR2} = \&UpdateHosts;
|
|
|
ReadHostTable; |
ReadHostTable; |
|
|
|
my $dist=`$perlvar{'lonDaemons'}/distprobe`; |
|
|
# -------------------------------------------------------------- |
# -------------------------------------------------------------- |
# Accept connections. When a connection comes in, it is validated |
# Accept connections. When a connection comes in, it is validated |
# and if good, a child process is created to process transactions |
# and if good, a child process is created to process transactions |
Line 4843 sub make_new_child {
|
Line 4857 sub make_new_child {
|
# my $tmpsnum=0; # Now global |
# my $tmpsnum=0; # Now global |
#---------------------------------------------------- kerberos 5 initialization |
#---------------------------------------------------- kerberos 5 initialization |
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_ets(); |
if ($dist ne 'fedora4') { |
|
&Authen::Krb5::init_ets(); |
|
} |
|
|
&status('Accepted connection'); |
&status('Accepted connection'); |
# ============================================================================= |
# ============================================================================= |
Line 5499 sub subscribe {
|
Line 5515 sub subscribe {
|
} |
} |
return $result; |
return $result; |
} |
} |
|
# Change the passwd of a unix user. The caller must have |
|
# first verified that the user is a loncapa user. |
|
# |
|
# Parameters: |
|
# user - Unix user name to change. |
|
# pass - New password for the user. |
|
# Returns: |
|
# ok - if success |
|
# other - Some meaningfule error message string. |
|
# NOTE: |
|
# invokes a setuid script to change the passwd. |
|
sub change_unix_password { |
|
my ($user, $pass) = @_; |
|
|
|
&Debug("change_unix_password"); |
|
my $execdir=$perlvar{'lonDaemons'}; |
|
&Debug("Opening lcpasswd pipeline"); |
|
my $pf = IO::File->new("|$execdir/lcpasswd > " |
|
."$perlvar{'lonDaemons'}" |
|
."/logs/lcpasswd.log"); |
|
print $pf "$user\n$pass\n$pass\n"; |
|
close $pf; |
|
my $err = $?; |
|
return ($err < @passwderrors) ? $passwderrors[$err] : |
|
"pwchange_falure - unknown error"; |
|
|
|
|
|
} |
|
|
|
|
sub make_passwd_file { |
sub make_passwd_file { |
my ($uname, $umode,$npass,$passfilename)=@_; |
my ($uname, $umode,$npass,$passfilename)=@_; |
Line 5558 sub make_passwd_file {
|
Line 5603 sub make_passwd_file {
|
print $se "$npass\n"; |
print $se "$npass\n"; |
print $se "$lc_error_file\n"; # Status -> unique file. |
print $se "$lc_error_file\n"; # Status -> unique file. |
} |
} |
my $error = IO::File->new("< $lc_error_file"); |
if (-r $lc_error_file) { |
my $useraddok = <$error>; |
&Debug("Opening error file: $lc_error_file"); |
$error->close; |
my $error = IO::File->new("< $lc_error_file"); |
unlink($lc_error_file); |
my $useraddok = <$error>; |
|
$error->close; |
chomp $useraddok; |
unlink($lc_error_file); |
|
|
if($useraddok > 0) { |
chomp $useraddok; |
my $error_text = &lcuseraddstrerror($useraddok); |
|
&logthis("Failed lcuseradd: $error_text"); |
if($useraddok > 0) { |
$result = "lcuseradd_failed:$error_text\n"; |
my $error_text = &lcuseraddstrerror($useraddok); |
} else { |
&logthis("Failed lcuseradd: $error_text"); |
my $pf = IO::File->new(">$passfilename"); |
$result = "lcuseradd_failed:$error_text\n"; |
if($pf) { |
} else { |
print $pf "unix:\n"; |
my $pf = IO::File->new(">$passfilename"); |
} else { |
if($pf) { |
$result = "pass_file_failed_error"; |
print $pf "unix:\n"; |
|
} else { |
|
$result = "pass_file_failed_error"; |
|
} |
} |
} |
|
} else { |
|
&Debug("Could not locate lcuseradd error: $lc_error_file"); |
|
$result="bug_lcuseradd_no_output_file"; |
} |
} |
} |
} |
} elsif ($umode eq 'none') { |
} elsif ($umode eq 'none') { |