version 1.489.2.12, 2014/04/07 23:39:21
|
version 1.489.2.21, 2016/08/11 16:37:54
|
Line 55 use LONCAPA::lonssl;
|
Line 55 use LONCAPA::lonssl;
|
use Fcntl qw(:flock); |
use Fcntl qw(:flock); |
use Apache::lonnet; |
use Apache::lonnet; |
use Mail::Send; |
use Mail::Send; |
|
use Crypt::Eksblowfish::Bcrypt; |
|
use Digest::SHA; |
|
use Encode; |
|
|
my $DEBUG = 0; # Non zero to enable debug log entries. |
my $DEBUG = 0; # Non zero to enable debug log entries. |
|
|
Line 621 sub ConfigFileFromSelector {
|
Line 624 sub ConfigFileFromSelector {
|
# String to send to client ("ok" or "refused" if bad file). |
# String to send to client ("ok" or "refused" if bad file). |
# |
# |
sub PushFile { |
sub PushFile { |
my $request = shift; |
my $request = shift; |
my ($command, $filename, $contents) = split(":", $request, 3); |
my ($command, $filename, $contents) = split(":", $request, 3); |
&Debug("PushFile"); |
&Debug("PushFile"); |
|
|
Line 651 sub PushFile {
|
Line 654 sub PushFile {
|
|
|
if($filename eq "host") { |
if($filename eq "host") { |
$contents = AdjustHostContents($contents); |
$contents = AdjustHostContents($contents); |
|
} elsif ($filename eq 'dns_host' || $filename eq 'dns_domain') { |
|
if ($contents eq '') { |
|
&logthis('<font color="red"> Pushfile: unable to install ' |
|
.$tablefile." - no data received from push. </font>"); |
|
return 'error: push had no data'; |
|
} |
|
if (&Apache::lonnet::get_host_ip($clientname)) { |
|
my $clienthost = &Apache::lonnet::hostname($clientname); |
|
if ($managers{$clientip} eq $clientname) { |
|
my $clientprotocol = $Apache::lonnet::protocol{$clientname}; |
|
$clientprotocol = 'http' if ($clientprotocol ne 'https'); |
|
my $url = '/adm/'.$filename; |
|
$url =~ s{_}{/}; |
|
my $ua=new LWP::UserAgent; |
|
$ua->timeout(60); |
|
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url"); |
|
my $response=$ua->request($request); |
|
if ($response->is_error()) { |
|
&logthis('<font color="red"> Pushfile: unable to install ' |
|
.$tablefile." - error attempting to pull data. </font>"); |
|
return 'error: pull failed'; |
|
} else { |
|
my $result = $response->content; |
|
chomp($result); |
|
unless ($result eq $contents) { |
|
&logthis('<font color="red"> Pushfile: unable to install ' |
|
.$tablefile." - pushed data and pulled data differ. </font>"); |
|
my $pushleng = length($contents); |
|
my $pullleng = length($result); |
|
if ($pushleng != $pullleng) { |
|
return "error: $pushleng vs $pullleng bytes"; |
|
} else { |
|
return "error: mismatch push and pull"; |
|
} |
|
} |
|
} |
|
} |
|
} |
} |
} |
|
|
# Install the new file: |
# Install the new file: |
Line 1979 sub change_password_handler {
|
Line 2020 sub change_password_handler {
|
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
if ($howpwd eq 'internal') { |
if ($howpwd eq 'internal') { |
&Debug("internal auth"); |
&Debug("internal auth"); |
my $salt=time; |
my $ncpass = &hash_passwd($udom,$npass); |
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) { |
if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) { |
my $msg="Result of password change for $uname: pwchange_success"; |
my $msg="Result of password change for $uname: pwchange_success"; |
if ($lonhost) { |
if ($lonhost) { |
$msg .= " - request originated from: $lonhost"; |
$msg .= " - request originated from: $lonhost"; |
} |
} |
&logthis($msg); |
&logthis($msg); |
|
&update_passwd_history($uname,$udom,$howpwd,$context); |
&Reply($client, "ok\n", $userinput); |
&Reply($client, "ok\n", $userinput); |
} else { |
} else { |
&logthis("Unable to open $uname passwd " |
&logthis("Unable to open $uname passwd " |
Line 1996 sub change_password_handler {
|
Line 2036 sub change_password_handler {
|
} |
} |
} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') { |
} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') { |
my $result = &change_unix_password($uname, $npass); |
my $result = &change_unix_password($uname, $npass); |
|
if ($result eq 'ok') { |
|
&update_passwd_history($uname,$udom,$howpwd,$context); |
|
} |
&logthis("Result of password change for $uname: ". |
&logthis("Result of password change for $uname: ". |
$result); |
$result); |
&Reply($client, \$result, $userinput); |
&Reply($client, \$result, $userinput); |
Line 2018 sub change_password_handler {
|
Line 2061 sub change_password_handler {
|
} |
} |
®ister_handler("passwd", \&change_password_handler, 1, 1, 0); |
®ister_handler("passwd", \&change_password_handler, 1, 1, 0); |
|
|
|
sub hash_passwd { |
|
my ($domain,$plainpass,@rest) = @_; |
|
my ($salt,$cost); |
|
if (@rest) { |
|
$cost = $rest[0]; |
|
# salt is first 22 characters, base-64 encoded by bcrypt |
|
my $plainsalt = substr($rest[1],0,22); |
|
$salt = Crypt::Eksblowfish::Bcrypt::de_base64($plainsalt); |
|
} else { |
|
my $defaultcost; |
|
my %domconfig = |
|
&Apache::lonnet::get_dom('configuration',['password'],$domain); |
|
if (ref($domconfig{'password'}) eq 'HASH') { |
|
$defaultcost = $domconfig{'password'}{'cost'}; |
|
} |
|
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
|
$cost = 10; |
|
} else { |
|
$cost = $defaultcost; |
|
} |
|
# Generate random 16-octet base64 salt |
|
$salt = ""; |
|
$salt .= pack("C", int rand(256)) for 1..16; |
|
} |
|
my $hash = &Crypt::Eksblowfish::Bcrypt::bcrypt_hash({ |
|
key_nul => 1, |
|
cost => $cost, |
|
salt => $salt, |
|
}, Digest::SHA::sha512(Encode::encode('UTF-8',$plainpass))); |
|
|
|
my $result = join("!", "", "bcrypt", sprintf("%02d",$cost), |
|
&Crypt::Eksblowfish::Bcrypt::en_base64($salt). |
|
&Crypt::Eksblowfish::Bcrypt::en_base64($hash)); |
|
return $result; |
|
} |
|
|
# |
# |
# Create a new user. User in this case means a lon-capa user. |
# Create a new user. User in this case means a lon-capa user. |
# The user must either already exist in some authentication realm |
# The user must either already exist in some authentication realm |
Line 2061 sub add_user_handler {
|
Line 2140 sub add_user_handler {
|
."makeuser"; |
."makeuser"; |
} |
} |
unless ($fperror) { |
unless ($fperror) { |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, $passfilename); |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, |
|
$passfilename,'makeuser'); |
&Reply($client,\$result, $userinput); #BUGBUG - could be fail |
&Reply($client,\$result, $userinput); #BUGBUG - could be fail |
} else { |
} else { |
&Failure($client, \$fperror, $userinput); |
&Failure($client, \$fperror, $userinput); |
Line 2130 sub change_authentication_handler {
|
Line 2210 sub change_authentication_handler {
|
my $result = &change_unix_password($uname, $npass); |
my $result = &change_unix_password($uname, $npass); |
&logthis("Result of password change for $uname: ".$result); |
&logthis("Result of password change for $uname: ".$result); |
if ($result eq "ok") { |
if ($result eq "ok") { |
|
&update_passwd_history($uname,$udom,$umode,'changeuserauth'); |
&Reply($client, \$result); |
&Reply($client, \$result); |
} else { |
} else { |
&Failure($client, \$result); |
&Failure($client, \$result); |
} |
} |
} else { |
} else { |
my $result=&make_passwd_file($uname,$udom,$umode,$npass,$passfilename); |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, |
|
$passfilename,'changeuserauth'); |
# |
# |
# If the current auth mode is internal, and the old auth mode was |
# If the current auth mode is internal, and the old auth mode was |
# unix, or krb*, and the user is an author for this domain, |
# unix, or krb*, and the user is an author for this domain, |
Line 2156 sub change_authentication_handler {
|
Line 2238 sub change_authentication_handler {
|
} |
} |
®ister_handler("changeuserauth", \&change_authentication_handler, 1,1, 0); |
®ister_handler("changeuserauth", \&change_authentication_handler, 1,1, 0); |
|
|
|
sub update_passwd_history { |
|
my ($uname,$udom,$umode,$context) = @_; |
|
my $proname=&propath($udom,$uname); |
|
my $now = time; |
|
if (open(my $fh,">>$proname/passwd.log")) { |
|
print $fh "$now:$umode:$context\n"; |
|
close($fh); |
|
} |
|
return; |
|
} |
|
|
# |
# |
# Determines if this is the home server for a user. The home server |
# Determines if this is the home server for a user. The home server |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
Line 2407 sub remove_user_file_handler {
|
Line 2500 sub remove_user_file_handler {
|
if (-e $file) { |
if (-e $file) { |
# |
# |
# If the file is a regular file unlink is fine... |
# If the file is a regular file unlink is fine... |
# However it's possible the client wants a dir. |
# However it's possible the client wants a dir |
# removed, in which case rmdir is more approprate: |
# removed, in which case rmdir is more appropriate |
|
# Note: rmdir will only remove an empty directory. |
# |
# |
if (-f $file){ |
if (-f $file){ |
unlink($file); |
unlink($file); |
|
# for html files remove the associated .bak file |
|
# which may have been created by the editor. |
|
if ($ufile =~ m{^((docs|supplemental)/(?:\d+|default)/\d+(?:|/.+)/)[^/]+\.x?html?$}i) { |
|
my $path = $1; |
|
if (-e $file.'.bak') { |
|
unlink($file.'.bak'); |
|
} |
|
} |
} elsif(-d $file) { |
} elsif(-d $file) { |
rmdir($file); |
rmdir($file); |
} |
} |
Line 2774 sub newput_user_profile_entry {
|
Line 2876 sub newput_user_profile_entry {
|
foreach my $pair (@pairs) { |
foreach my $pair (@pairs) { |
my ($key,$value)=split(/=/,$pair); |
my ($key,$value)=split(/=/,$pair); |
if (exists($hashref->{$key})) { |
if (exists($hashref->{$key})) { |
|
if (!&untie_user_hash($hashref)) { |
|
&logthis("error: ".($!+0)." untie (GDBM) failed ". |
|
"while attempting newput - early out as key exists"); |
|
} |
&Failure($client, "key_exists: ".$key."\n",$userinput); |
&Failure($client, "key_exists: ".$key."\n",$userinput); |
return 1; |
return 1; |
} |
} |
Line 3277 sub dump_with_regexp {
|
Line 3383 sub dump_with_regexp {
|
# namespace - Name of the database being modified |
# namespace - Name of the database being modified |
# rid - Resource keyword to modify. |
# rid - Resource keyword to modify. |
# what - new value associated with rid. |
# what - new value associated with rid. |
|
# laststore - (optional) version=timestamp |
|
# for most recent transaction for rid |
|
# in namespace, when cstore was called |
# |
# |
# $client - Socket open on the client. |
# $client - Socket open on the client. |
# |
# |
Line 3285 sub dump_with_regexp {
|
Line 3394 sub dump_with_regexp {
|
# 1 (keep on processing). |
# 1 (keep on processing). |
# Side-Effects: |
# Side-Effects: |
# Writes to the client |
# Writes to the client |
|
# Successful storage will cause either 'ok', or, if $laststore was included |
|
# in the tail of the request, and the version number for the last transaction |
|
# is larger than the version in $laststore, delay:$numtrans , where $numtrans |
|
# is the number of store evevnts recorded for rid in namespace since |
|
# lonnet::store() was called by the client. |
|
# |
sub store_handler { |
sub store_handler { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
|
|
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
|
|
my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail); |
chomp($tail); |
|
my ($udom,$uname,$namespace,$rid,$what,$laststore) =split(/:/,$tail); |
if ($namespace ne 'roles') { |
if ($namespace ne 'roles') { |
|
|
chomp($what); |
|
my @pairs=split(/\&/,$what); |
my @pairs=split(/\&/,$what); |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
&GDBM_WRCREAT(), "S", |
&GDBM_WRCREAT(), "S", |
"$rid:$what"); |
"$rid:$what"); |
if ($hashref) { |
if ($hashref) { |
my $now = time; |
my $now = time; |
my @previouskeys=split(/&/,$hashref->{"keys:$rid"}); |
my $numtrans; |
my $key; |
if ($laststore) { |
|
my ($previousversion,$previoustime) = split(/\=/,$laststore); |
|
my ($lastversion,$lasttime) = (0,0); |
|
$lastversion = $hashref->{"version:$rid"}; |
|
if ($lastversion) { |
|
$lasttime = $hashref->{"$lastversion:$rid:timestamp"}; |
|
} |
|
if (($previousversion) && ($previousversion !~ /\D/)) { |
|
if (($lastversion > $previousversion) && ($lasttime >= $previoustime)) { |
|
$numtrans = $lastversion - $previousversion; |
|
} |
|
} elsif ($lastversion) { |
|
$numtrans = $lastversion; |
|
} |
|
if ($numtrans) { |
|
$numtrans =~ s/D//g; |
|
} |
|
} |
|
|
$hashref->{"version:$rid"}++; |
$hashref->{"version:$rid"}++; |
my $version=$hashref->{"version:$rid"}; |
my $version=$hashref->{"version:$rid"}; |
my $allkeys=''; |
my $allkeys=''; |
Line 3314 sub store_handler {
|
Line 3447 sub store_handler {
|
$allkeys.='timestamp'; |
$allkeys.='timestamp'; |
$hashref->{"$version:keys:$rid"}=$allkeys; |
$hashref->{"$version:keys:$rid"}=$allkeys; |
if (&untie_user_hash($hashref)) { |
if (&untie_user_hash($hashref)) { |
&Reply($client, "ok\n", $userinput); |
my $msg = 'ok'; |
|
if ($numtrans) { |
|
$msg = 'delay:'.$numtrans; |
|
} |
|
&Reply($client, "$msg\n", $userinput); |
} else { |
} else { |
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
"while attempting store\n", $userinput); |
"while attempting store\n", $userinput); |
Line 5213 sub retrieve_auto_file_handler {
|
Line 5350 sub retrieve_auto_file_handler {
|
my ($filename) = split(/:/, $tail); |
my ($filename) = split(/:/, $tail); |
|
|
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
if ( (-e $source) && ($filename ne '') ) { |
if ($filename =~m{/\.\./}) { |
|
&Failure($client, "refused\n", $userinput); |
|
} elsif ( (-e $source) && ($filename ne '') ) { |
my $reply = ''; |
my $reply = ''; |
if (open(my $fh,$source)) { |
if (open(my $fh,$source)) { |
while (<$fh>) { |
while (<$fh>) { |
Line 5272 sub crsreq_checks_handler {
|
Line 5411 sub crsreq_checks_handler {
|
sub validate_crsreq_handler { |
sub validate_crsreq_handler { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
my ($dom,$owner,$crstype,$inststatuslist,$instcode,$instseclist) = split(/:/, $tail); |
my ($dom,$owner,$crstype,$inststatuslist,$instcode,$instseclist,$customdata) = split(/:/, $tail); |
$instcode = &unescape($instcode); |
$instcode = &unescape($instcode); |
$owner = &unescape($owner); |
$owner = &unescape($owner); |
$crstype = &unescape($crstype); |
$crstype = &unescape($crstype); |
$inststatuslist = &unescape($inststatuslist); |
$inststatuslist = &unescape($inststatuslist); |
$instcode = &unescape($instcode); |
$instcode = &unescape($instcode); |
$instseclist = &unescape($instseclist); |
$instseclist = &unescape($instseclist); |
|
my $custominfo = &Apache::lonnet::thaw_unescape($customdata); |
my $outcome; |
my $outcome; |
eval { |
eval { |
local($SIG{__DIE__})='DEFAULT'; |
local($SIG{__DIE__})='DEFAULT'; |
$outcome = &localenroll::validate_crsreq($dom,$owner,$crstype, |
$outcome = &localenroll::validate_crsreq($dom,$owner,$crstype, |
$inststatuslist,$instcode, |
$inststatuslist,$instcode, |
$instseclist); |
$instseclist,$custominfo); |
}; |
}; |
if (!$@) { |
if (!$@) { |
&Reply($client, \$outcome, $userinput); |
&Reply($client, \$outcome, $userinput); |
Line 5298 sub validate_crsreq_handler {
|
Line 5438 sub validate_crsreq_handler {
|
sub crsreq_update_handler { |
sub crsreq_update_handler { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
my ($cdom,$cnum,$crstype,$action,$ownername,$ownerdomain,$fullname,$title,$code,$infohashref) = |
my ($cdom,$cnum,$crstype,$action,$ownername,$ownerdomain,$fullname,$title,$code, |
|
$accessstart,$accessend,$infohashref) = |
split(/:/, $tail); |
split(/:/, $tail); |
$crstype = &unescape($crstype); |
$crstype = &unescape($crstype); |
$action = &unescape($action); |
$action = &unescape($action); |
Line 5307 sub crsreq_update_handler {
|
Line 5448 sub crsreq_update_handler {
|
$fullname = &unescape($fullname); |
$fullname = &unescape($fullname); |
$title = &unescape($title); |
$title = &unescape($title); |
$code = &unescape($code); |
$code = &unescape($code); |
|
$accessstart = &unescape($accessstart); |
|
$accessend = &unescape($accessend); |
my $incoming = &Apache::lonnet::thaw_unescape($infohashref); |
my $incoming = &Apache::lonnet::thaw_unescape($infohashref); |
my ($result,$outcome); |
my ($result,$outcome); |
eval { |
eval { |
Line 5314 sub crsreq_update_handler {
|
Line 5457 sub crsreq_update_handler {
|
my %rtnhash; |
my %rtnhash; |
$outcome = &localenroll::crsreq_updates($cdom,$cnum,$crstype,$action, |
$outcome = &localenroll::crsreq_updates($cdom,$cnum,$crstype,$action, |
$ownername,$ownerdomain,$fullname, |
$ownername,$ownerdomain,$fullname, |
$title,$code,$incoming,\%rtnhash); |
$title,$code,$accessstart,$accessend, |
|
$incoming,\%rtnhash); |
if ($outcome eq 'ok') { |
if ($outcome eq 'ok') { |
my @posskeys = qw(createdweb createdmsg queuedweb queuedmsg formitems reviewweb); |
my @posskeys = qw(createdweb createdmsg createdcustomized createdactions queuedweb queuedmsg formitems reviewweb validationjs onload javascript); |
foreach my $key (keys(%rtnhash)) { |
foreach my $key (keys(%rtnhash)) { |
if (grep(/^\Q$key\E/,@posskeys)) { |
if (grep(/^\Q$key\E/,@posskeys)) { |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
Line 6530 sub make_new_child {
|
Line 6674 sub make_new_child {
|
# my $tmpsnum=0; # Now global |
# my $tmpsnum=0; # Now global |
#---------------------------------------------------- kerberos 5 initialization |
#---------------------------------------------------- kerberos 5 initialization |
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_context(); |
unless (($dist eq 'fedora5') || ($dist eq 'fedora4') || |
|
($dist eq 'fedora6') || ($dist eq 'suse9.3') || |
my $no_ets; |
($dist eq 'suse12.2') || ($dist eq 'suse12.3') || |
if ($dist =~ /^(?:centos|rhes|scientific)(\d+)$/) { |
($dist eq 'suse13.1')) { |
if ($1 >= 7) { |
&Authen::Krb5::init_ets(); |
$no_ets = 1; |
} |
} |
|
} elsif ($dist =~ /^suse(\d+\.\d+)$/) { |
|
if (($1 eq '9.3') || ($1 >= 12.2)) { |
|
$no_ets = 1; |
|
} |
|
} elsif ($dist =~ /^sles(\d+)$/) { |
|
if ($1 > 11) { |
|
$no_ets = 1; |
|
} |
|
} elsif ($dist =~ /^fedora(\d+)$/) { |
|
if ($1 < 7) { |
|
$no_ets = 1; |
|
} |
|
} |
|
unless ($no_ets) { |
|
&Authen::Krb5::init_ets(); |
|
} |
|
|
&status('Accepted connection'); |
&status('Accepted connection'); |
# ============================================================================= |
# ============================================================================= |
Line 6918 sub validate_user {
|
Line 7078 sub validate_user {
|
} |
} |
if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
if (length($contentpwd) == 13) { |
|
$validated = (crypt($password,$contentpwd) eq $contentpwd); |
|
if ($validated) { |
|
my $ncpass = &hash_passwd($domain,$password); |
|
if (&rewrite_password_file($domain,$user,"$howpwd:$ncpass")) { |
|
&update_passwd_history($user,$domain,$howpwd,'conversion'); |
|
&logthis("Validated password hashed with bcrypt for $user:$domain"); |
|
} |
|
} |
|
} else { |
|
$validated = &check_internal_passwd($password,$contentpwd,$domain); |
|
} |
} |
} |
elsif ($howpwd eq "unix") { # User is a normal unix user. |
elsif ($howpwd eq "unix") { # User is a normal unix user. |
$contentpwd = (getpwnam($user))[1]; |
$contentpwd = (getpwnam($user))[1]; |
Line 6986 sub validate_user {
|
Line 7157 sub validate_user {
|
return $validated; |
return $validated; |
} |
} |
|
|
|
sub check_internal_passwd { |
|
my ($plainpass,$stored,$domain) = @_; |
|
my (undef,$method,@rest) = split(/!/,$stored); |
|
if ($method eq "bcrypt") { |
|
my $result = &hash_passwd($domain,$plainpass,@rest); |
|
if ($result ne $stored) { |
|
return 0; |
|
} |
|
# Upgrade to a larger number of rounds if necessary |
|
my $defaultcost; |
|
my %domconfig = |
|
&Apache::lonnet::get_dom('configuration',['password'],$domain); |
|
if (ref($domconfig{'password'}) eq 'HASH') { |
|
$defaultcost = $domconfig{'password'}{'cost'}; |
|
} |
|
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
|
$defaultcost = 10; |
|
} |
|
return 1 unless($rest[0]<$defaultcost); |
|
} |
|
return 0; |
|
} |
|
|
|
sub get_last_authchg { |
|
my ($domain,$user) = @_; |
|
my $lastmod; |
|
my $logname = &propath($domain,$user).'/passwd.log'; |
|
if (-e "$logname") { |
|
$lastmod = (stat("$logname"))[9]; |
|
} |
|
return $lastmod; |
|
} |
|
|
sub krb4_authen { |
sub krb4_authen { |
my ($password,$null,$user,$contentpwd) = @_; |
my ($password,$null,$user,$contentpwd) = @_; |
my $validated = 0; |
my $validated = 0; |
Line 7301 sub change_unix_password {
|
Line 7505 sub change_unix_password {
|
|
|
|
|
sub make_passwd_file { |
sub make_passwd_file { |
my ($uname,$udom,$umode,$npass,$passfilename)=@_; |
my ($uname,$udom,$umode,$npass,$passfilename,$action)=@_; |
my $result="ok"; |
my $result="ok"; |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
{ |
{ |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
if ($pf) { |
if ($pf) { |
print $pf "$umode:$npass\n"; |
print $pf "$umode:$npass\n"; |
|
&update_passwd_history($uname,$udom,$umode,$action); |
} else { |
} else { |
$result = "pass_file_failed_error"; |
$result = "pass_file_failed_error"; |
} |
} |
} |
} |
} elsif ($umode eq 'internal') { |
} elsif ($umode eq 'internal') { |
my $salt=time; |
my $ncpass = &hash_passwd($udom,$npass); |
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
{ |
{ |
&Debug("Creating internal auth"); |
&Debug("Creating internal auth"); |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
if($pf) { |
if($pf) { |
print $pf "internal:$ncpass\n"; |
print $pf "internal:$ncpass\n"; |
|
&update_passwd_history($uname,$udom,$umode,$action); |
} else { |
} else { |
$result = "pass_file_failed_error"; |
$result = "pass_file_failed_error"; |
} |
} |
Line 7330 sub make_passwd_file {
|
Line 7534 sub make_passwd_file {
|
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
if($pf) { |
if($pf) { |
print $pf "localauth:$npass\n"; |
print $pf "localauth:$npass\n"; |
|
&update_passwd_history($uname,$udom,$umode,$action); |
} else { |
} else { |
$result = "pass_file_failed_error"; |
$result = "pass_file_failed_error"; |
} |
} |