version 1.511, 2014/06/29 03:22:43
|
version 1.522, 2016/05/30 03:16:38
|
Line 55 use LONCAPA::lonssl;
|
Line 55 use LONCAPA::lonssl;
|
use Fcntl qw(:flock); |
use Fcntl qw(:flock); |
use Apache::lonnet; |
use Apache::lonnet; |
use Mail::Send; |
use Mail::Send; |
|
use Crypt::Eksblowfish::Bcrypt; |
|
use Digest::SHA; |
|
use Encode; |
|
|
my $DEBUG = 0; # Non zero to enable debug log entries. |
my $DEBUG = 0; # Non zero to enable debug log entries. |
|
|
Line 2013 sub change_password_handler {
|
Line 2016 sub change_password_handler {
|
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
if ($howpwd eq 'internal') { |
if ($howpwd eq 'internal') { |
&Debug("internal auth"); |
&Debug("internal auth"); |
my $salt=time; |
my $ncpass = &hash_passwd($udom,$npass); |
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) { |
if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) { |
my $msg="Result of password change for $uname: pwchange_success"; |
my $msg="Result of password change for $uname: pwchange_success"; |
if ($lonhost) { |
if ($lonhost) { |
$msg .= " - request originated from: $lonhost"; |
$msg .= " - request originated from: $lonhost"; |
} |
} |
&logthis($msg); |
&logthis($msg); |
|
&update_passwd_history($uname,$udom,$howpwd,$context); |
&Reply($client, "ok\n", $userinput); |
&Reply($client, "ok\n", $userinput); |
} else { |
} else { |
&logthis("Unable to open $uname passwd " |
&logthis("Unable to open $uname passwd " |
Line 2030 sub change_password_handler {
|
Line 2032 sub change_password_handler {
|
} |
} |
} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') { |
} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') { |
my $result = &change_unix_password($uname, $npass); |
my $result = &change_unix_password($uname, $npass); |
|
if ($result eq 'ok') { |
|
&update_passwd_history($uname,$udom,$howpwd,$context); |
|
} |
&logthis("Result of password change for $uname: ". |
&logthis("Result of password change for $uname: ". |
$result); |
$result); |
&Reply($client, \$result, $userinput); |
&Reply($client, \$result, $userinput); |
Line 2052 sub change_password_handler {
|
Line 2057 sub change_password_handler {
|
} |
} |
®ister_handler("passwd", \&change_password_handler, 1, 1, 0); |
®ister_handler("passwd", \&change_password_handler, 1, 1, 0); |
|
|
|
sub hash_passwd { |
|
my ($domain,$plainpass,@rest) = @_; |
|
my ($salt,$cost); |
|
if (@rest) { |
|
$cost = $rest[0]; |
|
# salt is first 22 characters, base-64 encoded by bcrypt |
|
my $plainsalt = substr($rest[1],0,22); |
|
$salt = Crypt::Eksblowfish::Bcrypt::de_base64($plainsalt); |
|
} else { |
|
my $defaultcost; |
|
my %domconfig = |
|
&Apache::lonnet::get_dom('configuration',['password'],$domain); |
|
if (ref($domconfig{'password'}) eq 'HASH') { |
|
$defaultcost = $domconfig{'password'}{'cost'}; |
|
} |
|
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
|
$cost = 10; |
|
} else { |
|
$cost = $defaultcost; |
|
} |
|
# Generate random 16-octet base64 salt |
|
$salt = ""; |
|
$salt .= pack("C", int rand(256)) for 1..16; |
|
} |
|
my $hash = &Crypt::Eksblowfish::Bcrypt::bcrypt_hash({ |
|
key_nul => 1, |
|
cost => $cost, |
|
salt => $salt, |
|
}, Digest::SHA::sha512(Encode::encode('UTF-8',$plainpass))); |
|
|
|
my $result = join("!", "", "bcrypt", sprintf("%02d",$cost), |
|
&Crypt::Eksblowfish::Bcrypt::en_base64($salt). |
|
&Crypt::Eksblowfish::Bcrypt::en_base64($hash)); |
|
return $result; |
|
} |
|
|
# |
# |
# Create a new user. User in this case means a lon-capa user. |
# Create a new user. User in this case means a lon-capa user. |
# The user must either already exist in some authentication realm |
# The user must either already exist in some authentication realm |
Line 2095 sub add_user_handler {
|
Line 2136 sub add_user_handler {
|
."makeuser"; |
."makeuser"; |
} |
} |
unless ($fperror) { |
unless ($fperror) { |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, $passfilename); |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, |
|
$passfilename,'makeuser'); |
&Reply($client,\$result, $userinput); #BUGBUG - could be fail |
&Reply($client,\$result, $userinput); #BUGBUG - could be fail |
} else { |
} else { |
&Failure($client, \$fperror, $userinput); |
&Failure($client, \$fperror, $userinput); |
Line 2164 sub change_authentication_handler {
|
Line 2206 sub change_authentication_handler {
|
my $result = &change_unix_password($uname, $npass); |
my $result = &change_unix_password($uname, $npass); |
&logthis("Result of password change for $uname: ".$result); |
&logthis("Result of password change for $uname: ".$result); |
if ($result eq "ok") { |
if ($result eq "ok") { |
|
&update_passwd_history($uname,$udom,$umode,'changeuserauth'); |
&Reply($client, \$result); |
&Reply($client, \$result); |
} else { |
} else { |
&Failure($client, \$result); |
&Failure($client, \$result); |
} |
} |
} else { |
} else { |
my $result=&make_passwd_file($uname,$udom,$umode,$npass,$passfilename); |
my $result=&make_passwd_file($uname,$udom,$umode,$npass, |
|
$passfilename,'changeuserauth'); |
# |
# |
# If the current auth mode is internal, and the old auth mode was |
# If the current auth mode is internal, and the old auth mode was |
# unix, or krb*, and the user is an author for this domain, |
# unix, or krb*, and the user is an author for this domain, |
Line 2190 sub change_authentication_handler {
|
Line 2234 sub change_authentication_handler {
|
} |
} |
®ister_handler("changeuserauth", \&change_authentication_handler, 1,1, 0); |
®ister_handler("changeuserauth", \&change_authentication_handler, 1,1, 0); |
|
|
|
sub update_passwd_history { |
|
my ($uname,$udom,$umode,$context) = @_; |
|
my $proname=&propath($udom,$uname); |
|
my $now = time; |
|
if (open(my $fh,">>$proname/passwd.log")) { |
|
print $fh "$now:$umode:$context\n"; |
|
close($fh); |
|
} |
|
return; |
|
} |
|
|
# |
# |
# Determines if this is the home server for a user. The home server |
# Determines if this is the home server for a user. The home server |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
# for a user will have his/her lon-capa passwd file. Therefore all we need |
Line 2441 sub remove_user_file_handler {
|
Line 2496 sub remove_user_file_handler {
|
if (-e $file) { |
if (-e $file) { |
# |
# |
# If the file is a regular file unlink is fine... |
# If the file is a regular file unlink is fine... |
# However it's possible the client wants a dir. |
# However it's possible the client wants a dir |
# removed, in which case rmdir is more approprate: |
# removed, in which case rmdir is more appropriate. |
|
# Note: rmdir will only remove an empty directory. |
# |
# |
if (-f $file){ |
if (-f $file){ |
unlink($file); |
unlink($file); |
|
# for html files remove the associated .bak file |
|
# which may have been created by the editor. |
|
if ($ufile =~ m{^((docs|supplemental)/(?:\d+|default)/\d+(?:|/.+)/)[^/]+\.x?html?$}i) { |
|
my $path = $1; |
|
if (-e $file.'.bak') { |
|
unlink($file.'.bak'); |
|
} |
|
} |
} elsif(-d $file) { |
} elsif(-d $file) { |
rmdir($file); |
rmdir($file); |
} |
} |
Line 2808 sub newput_user_profile_entry {
|
Line 2872 sub newput_user_profile_entry {
|
foreach my $pair (@pairs) { |
foreach my $pair (@pairs) { |
my ($key,$value)=split(/=/,$pair); |
my ($key,$value)=split(/=/,$pair); |
if (exists($hashref->{$key})) { |
if (exists($hashref->{$key})) { |
&Failure($client, "key_exists: ".$key."\n",$userinput); |
if (!&untie_user_hash($hashref)) { |
return 1; |
&logthis("error: ".($!+0)." untie (GDBM) failed ". |
|
"while attempting newput - early out as key exists"); |
|
} |
|
&Failure($client, "key_exists: ".$key."\n",$userinput); |
|
return 1; |
} |
} |
} |
} |
|
|
Line 3322 sub dump_with_regexp {
|
Line 3390 sub dump_with_regexp {
|
# namespace - Name of the database being modified |
# namespace - Name of the database being modified |
# rid - Resource keyword to modify. |
# rid - Resource keyword to modify. |
# what - new value associated with rid. |
# what - new value associated with rid. |
|
# laststore - (optional) version=timestamp |
|
# for most recent transaction for rid |
|
# in namespace, when cstore was called |
# |
# |
# $client - Socket open on the client. |
# $client - Socket open on the client. |
# |
# |
Line 3330 sub dump_with_regexp {
|
Line 3401 sub dump_with_regexp {
|
# 1 (keep on processing). |
# 1 (keep on processing). |
# Side-Effects: |
# Side-Effects: |
# Writes to the client |
# Writes to the client |
|
# Successful storage will cause either 'ok', or, if $laststore was included |
|
# in the tail of the request, and the version number for the last transaction |
|
# is larger than the version in $laststore, delay:$numtrans , where $numtrans |
|
# is the number of store evevnts recorded for rid in namespace since |
|
# lonnet::store() was called by the client. |
|
# |
sub store_handler { |
sub store_handler { |
my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
|
|
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
|
chomp($tail); |
my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail); |
my ($udom,$uname,$namespace,$rid,$what,$laststore) =split(/:/,$tail); |
if ($namespace ne 'roles') { |
if ($namespace ne 'roles') { |
|
|
chomp($what); |
|
my @pairs=split(/\&/,$what); |
my @pairs=split(/\&/,$what); |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
my $hashref = &tie_user_hash($udom, $uname, $namespace, |
&GDBM_WRCREAT(), "S", |
&GDBM_WRCREAT(), "S", |
"$rid:$what"); |
"$rid:$what"); |
if ($hashref) { |
if ($hashref) { |
my $now = time; |
my $now = time; |
my @previouskeys=split(/&/,$hashref->{"keys:$rid"}); |
my $numtrans; |
my $key; |
if ($laststore) { |
|
my ($previousversion,$previoustime) = split(/\=/,$laststore); |
|
my ($lastversion,$lasttime) = (0,0); |
|
$lastversion = $hashref->{"version:$rid"}; |
|
if ($lastversion) { |
|
$lasttime = $hashref->{"$lastversion:$rid:timestamp"}; |
|
} |
|
if (($previousversion) && ($previousversion !~ /\D/)) { |
|
if (($lastversion > $previousversion) && ($lasttime >= $previoustime)) { |
|
$numtrans = $lastversion - $previousversion; |
|
} |
|
} elsif ($lastversion) { |
|
$numtrans = $lastversion; |
|
} |
|
if ($numtrans) { |
|
$numtrans =~ s/D//g; |
|
} |
|
} |
$hashref->{"version:$rid"}++; |
$hashref->{"version:$rid"}++; |
my $version=$hashref->{"version:$rid"}; |
my $version=$hashref->{"version:$rid"}; |
my $allkeys=''; |
my $allkeys=''; |
Line 3359 sub store_handler {
|
Line 3452 sub store_handler {
|
$allkeys.='timestamp'; |
$allkeys.='timestamp'; |
$hashref->{"$version:keys:$rid"}=$allkeys; |
$hashref->{"$version:keys:$rid"}=$allkeys; |
if (&untie_user_hash($hashref)) { |
if (&untie_user_hash($hashref)) { |
&Reply($client, "ok\n", $userinput); |
my $msg = 'ok'; |
|
if ($numtrans) { |
|
$msg = 'delay:'.$numtrans; |
|
} |
|
&Reply($client, "$msg\n", $userinput); |
} else { |
} else { |
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
"while attempting store\n", $userinput); |
"while attempting store\n", $userinput); |
Line 4344 sub put_domain_handler {
|
Line 4441 sub put_domain_handler {
|
} |
} |
®ister_handler("putdom", \&put_domain_handler, 0, 1, 0); |
®ister_handler("putdom", \&put_domain_handler, 0, 1, 0); |
|
|
|
# Updates one or more entries in clickers.db file at the domain level |
|
# |
|
# Parameters: |
|
# $cmd - The command that got us here. |
|
# $tail - Tail of the command (remaining parameters). |
|
# In this case a colon separated list containing: |
|
# (a) the domain for which we are updating the entries, |
|
# (b) the action required -- add or del -- and |
|
# (c) a &-separated list of entries to add or delete. |
|
# $client - File descriptor connected to client. |
|
# Returns |
|
# 1 - Continue processing. |
|
# 0 - Requested to exit, caller should shut down. |
|
# Side effects: |
|
# reply is written to $client. |
|
# |
|
|
|
|
|
sub update_clickers { |
|
my ($cmd, $tail, $client) = @_; |
|
|
|
my $userinput = "$cmd:$tail"; |
|
my ($udom,$action,$what) =split(/:/,$tail,3); |
|
chomp($what); |
|
|
|
my $hashref = &tie_domain_hash($udom, "clickers", &GDBM_WRCREAT(), |
|
"U","$action:$what"); |
|
|
|
if (!$hashref) { |
|
&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ". |
|
"while attempting updateclickers\n", $userinput); |
|
return 1; |
|
} |
|
|
|
my @pairs=split(/\&/,$what); |
|
foreach my $pair (@pairs) { |
|
my ($key,$value)=split(/=/,$pair); |
|
if ($action eq 'add') { |
|
if (exists($hashref->{$key})) { |
|
my @newvals = split(/,/,&unescape($value)); |
|
my @currvals = split(/,/,&unescape($hashref->{$key})); |
|
my @merged = sort(keys(%{{map { $_ => 1 } (@newvals,@currvals)}})); |
|
$hashref->{$key}=&escape(join(',',@merged)); |
|
} else { |
|
$hashref->{$key}=$value; |
|
} |
|
} elsif ($action eq 'del') { |
|
if (exists($hashref->{$key})) { |
|
my %current; |
|
map { $current{$_} = 1; } split(/,/,&unescape($hashref->{$key})); |
|
map { delete($current{$_}); } split(/,/,&unescape($value)); |
|
if (keys(%current)) { |
|
$hashref->{$key}=&escape(join(',',sort(keys(%current)))); |
|
} else { |
|
delete($hashref->{$key}); |
|
} |
|
} |
|
} |
|
} |
|
if (&untie_user_hash($hashref)) { |
|
&Reply( $client, "ok\n", $userinput); |
|
} else { |
|
&Failure($client, "error: ".($!+0)." untie(GDBM) failed ". |
|
"while attempting put\n", |
|
$userinput); |
|
} |
|
return 1; |
|
} |
|
®ister_handler("updateclickers", \&update_clickers, 0, 1, 0); |
|
|
|
|
|
# Deletes one or more entries in a namespace db file at the domain level |
|
# |
|
# Parameters: |
|
# $cmd - The command that got us here. |
|
# $tail - Tail of the command (remaining parameters). |
|
# In this case a colon separated list containing: |
|
# (a) the domain for which we are deleting the entries, |
|
# (b) &-separated list of keys to delete. |
|
# $client - File descriptor connected to client. |
|
# Returns |
|
# 1 - Continue processing. |
|
# 0 - Requested to exit, caller should shut down. |
|
# Side effects: |
|
# reply is written to $client. |
|
# |
|
|
|
sub del_domain_handler { |
|
my ($cmd,$tail,$client) = @_; |
|
|
|
my $userinput = "$cmd:$tail"; |
|
|
|
my ($udom,$namespace,$what)=split(/:/,$tail,3); |
|
chomp($what); |
|
my $hashref = &tie_domain_hash($udom,$namespace,&GDBM_WRCREAT(), |
|
"D", $what); |
|
if ($hashref) { |
|
my @keys=split(/\&/,$what); |
|
foreach my $key (@keys) { |
|
delete($hashref->{$key}); |
|
} |
|
if (&untie_user_hash($hashref)) { |
|
&Reply($client, "ok\n", $userinput); |
|
} else { |
|
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ". |
|
"while attempting deldom\n", $userinput); |
|
} |
|
} else { |
|
&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ". |
|
"while attempting deldom\n", $userinput); |
|
} |
|
return 1; |
|
} |
|
®ister_handler("deldom", \&del_domain_handler, 0, 1, 0); |
|
|
|
|
# Unencrypted get from the namespace database file at the domain level. |
# Unencrypted get from the namespace database file at the domain level. |
# This function retrieves a keyed item from a specific named database in the |
# This function retrieves a keyed item from a specific named database in the |
# domain directory. |
# domain directory. |
Line 5249 sub create_auto_enroll_password_handler
|
Line 5462 sub create_auto_enroll_password_handler
|
®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler, |
®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler, |
0, 1, 0); |
0, 1, 0); |
|
|
|
sub auto_export_grades_handler { |
|
my ($cmd, $tail, $client) = @_; |
|
my $userinput = "$cmd:$tail"; |
|
my ($cdom,$cnum,$info,$data) = split(/:/,$tail); |
|
my $inforef = &Apache::lonnet::thaw_unescape($info); |
|
my $dataref = &Apache::lonnet::thaw_unescape($data); |
|
my ($outcome,$result);; |
|
eval { |
|
local($SIG{__DIE__})='DEFAULT'; |
|
my %rtnhash; |
|
$outcome=&localenroll::export_grades($cdom,$cnum,$inforef,$dataref,\%rtnhash); |
|
if ($outcome eq 'ok') { |
|
foreach my $key (keys(%rtnhash)) { |
|
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
|
} |
|
$result =~ s/\&$//; |
|
} |
|
}; |
|
if (!$@) { |
|
if ($outcome eq 'ok') { |
|
if ($cipher) { |
|
my $cmdlength=length($result); |
|
$result.=" "; |
|
my $encresult=''; |
|
for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) { |
|
$encresult.= unpack("H16", |
|
$cipher->encrypt(substr($result, |
|
$encidx, |
|
8))); |
|
} |
|
&Reply( $client, "enc:$cmdlength:$encresult\n", $userinput); |
|
} else { |
|
&Failure( $client, "error:no_key\n", $userinput); |
|
} |
|
} else { |
|
&Reply($client, "$outcome\n", $userinput); |
|
} |
|
} else { |
|
&Failure($client,"export_error\n",$userinput); |
|
} |
|
return 1; |
|
} |
|
®ister_handler("autoexportgrades", \&auto_export_grades_handler, |
|
0, 1, 0); |
|
|
# Retrieve and remove temporary files created by/during autoenrollment. |
# Retrieve and remove temporary files created by/during autoenrollment. |
# |
# |
# Formal Parameters: |
# Formal Parameters: |
Line 5269 sub retrieve_auto_file_handler {
|
Line 5527 sub retrieve_auto_file_handler {
|
my ($filename) = split(/:/, $tail); |
my ($filename) = split(/:/, $tail); |
|
|
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
if ( (-e $source) && ($filename ne '') ) { |
|
|
if ($filename =~m{/\.\./}) { |
|
&Failure($client, "refused\n", $userinput); |
|
} elsif ( (-e $source) && ($filename ne '') ) { |
my $reply = ''; |
my $reply = ''; |
if (open(my $fh,$source)) { |
if (open(my $fh,$source)) { |
while (<$fh>) { |
while (<$fh>) { |
Line 5301 sub crsreq_checks_handler {
|
Line 5562 sub crsreq_checks_handler {
|
my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
my $dom = $tail; |
my $dom = $tail; |
my $result; |
my $result; |
my @reqtypes = ('official','unofficial','community','textbook'); |
my @reqtypes = ('official','unofficial','community','textbook','placement'); |
eval { |
eval { |
local($SIG{__DIE__})='DEFAULT'; |
local($SIG{__DIE__})='DEFAULT'; |
my %validations; |
my %validations; |
Line 5377 sub crsreq_update_handler {
|
Line 5638 sub crsreq_update_handler {
|
$title,$code,$accessstart,$accessend, |
$title,$code,$accessstart,$accessend, |
$incoming,\%rtnhash); |
$incoming,\%rtnhash); |
if ($outcome eq 'ok') { |
if ($outcome eq 'ok') { |
my @posskeys = qw(createdweb createdmsg queuedweb queuedmsg formitems reviewweb); |
my @posskeys = qw(createdweb createdmsg createdcustomized createdactions queuedweb queuedmsg formitems reviewweb validationjs onload javascript); |
foreach my $key (keys(%rtnhash)) { |
foreach my $key (keys(%rtnhash)) { |
if (grep(/^\Q$key\E/,@posskeys)) { |
if (grep(/^\Q$key\E/,@posskeys)) { |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&'; |
Line 6596 sub make_new_child {
|
Line 6857 sub make_new_child {
|
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_context(); |
|
|
my $no_ets; |
my $no_ets; |
if ($dist =~ /^(?:centos|rhes)(\d+)$/) { |
if ($dist =~ /^(?:centos|rhes|scientific)(\d+)$/) { |
if ($1 >= 7) { |
if ($1 >= 7) { |
$no_ets = 1; |
$no_ets = 1; |
} |
} |
Line 6604 sub make_new_child {
|
Line 6865 sub make_new_child {
|
if (($1 eq '9.3') || ($1 >= 12.2)) { |
if (($1 eq '9.3') || ($1 >= 12.2)) { |
$no_ets = 1; |
$no_ets = 1; |
} |
} |
|
} elsif ($dist =~ /^sles(\d+)$/) { |
|
if ($1 > 11) { |
|
$no_ets = 1; |
|
} |
} elsif ($dist =~ /^fedora(\d+)$/) { |
} elsif ($dist =~ /^fedora(\d+)$/) { |
if ($1 < 7) { |
if ($1 < 7) { |
$no_ets = 1; |
$no_ets = 1; |
Line 6654 sub make_new_child {
|
Line 6919 sub make_new_child {
|
# |
# |
# If the remote is attempting a local init... give that a try: |
# If the remote is attempting a local init... give that a try: |
# |
# |
logthis("remotereq: $remotereq"); |
|
(my $i, my $inittype, $clientversion) = split(/:/, $remotereq); |
(my $i, my $inittype, $clientversion) = split(/:/, $remotereq); |
# For LON-CAPA 2.9, the client session will have sent its LON-CAPA |
# For LON-CAPA 2.9, the client session will have sent its LON-CAPA |
# version when initiating the connection. For LON-CAPA 2.8 and older, |
# version when initiating the connection. For LON-CAPA 2.8 and older, |
Line 6995 sub validate_user {
|
Line 7259 sub validate_user {
|
} |
} |
if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
if (length($contentpwd) == 13) { |
|
$validated = (crypt($password,$contentpwd) eq $contentpwd); |
|
if ($validated) { |
|
my $ncpass = &hash_passwd($domain,$password); |
|
if (&rewrite_password_file($domain,$user,"$howpwd:$ncpass")) { |
|
&update_passwd_history($user,$domain,$howpwd,'conversion'); |
|
&logthis("Validated password hashed with bcrypt for $user:$domain"); |
|
} |
|
} |
|
} else { |
|
$validated = &check_internal_passwd($password,$contentpwd,$domain); |
|
} |
} |
} |
elsif ($howpwd eq "unix") { # User is a normal unix user. |
elsif ($howpwd eq "unix") { # User is a normal unix user. |
$contentpwd = (getpwnam($user))[1]; |
$contentpwd = (getpwnam($user))[1]; |
Line 7063 sub validate_user {
|
Line 7338 sub validate_user {
|
return $validated; |
return $validated; |
} |
} |
|
|
|
sub check_internal_passwd { |
|
my ($plainpass,$stored,$domain) = @_; |
|
my (undef,$method,@rest) = split(/!/,$stored); |
|
if ($method eq "bcrypt") { |
|
my $result = &hash_passwd($domain,$plainpass,@rest); |
|
if ($result ne $stored) { |
|
return 0; |
|
} |
|
# Upgrade to a larger number of rounds if necessary |
|
my $defaultcost; |
|
my %domconfig = |
|
&Apache::lonnet::get_dom('configuration',['password'],$domain); |
|
if (ref($domconfig{'password'}) eq 'HASH') { |
|
$defaultcost = $domconfig{'password'}{'cost'}; |
|
} |
|
if (($defaultcost eq '') || ($defaultcost =~ /D/)) { |
|
$defaultcost = 10; |
|
} |
|
return 1 unless($rest[0]<$defaultcost); |
|
} |
|
return 0; |
|
} |
|
|
|
sub get_last_authchg { |
|
my ($domain,$user) = @_; |
|
my $lastmod; |
|
my $logname = &propath($domain,$user).'/passwd.log'; |
|
if (-e "$logname") { |
|
$lastmod = (stat("$logname"))[9]; |
|
} |
|
return $lastmod; |
|
} |
|
|
sub krb4_authen { |
sub krb4_authen { |
my ($password,$null,$user,$contentpwd) = @_; |
my ($password,$null,$user,$contentpwd) = @_; |
my $validated = 0; |
my $validated = 0; |
Line 7378 sub change_unix_password {
|
Line 7686 sub change_unix_password {
|
|
|
|
|
sub make_passwd_file { |
sub make_passwd_file { |
my ($uname,$udom,$umode,$npass,$passfilename)=@_; |
my ($uname,$udom,$umode,$npass,$passfilename,$action)=@_; |
my $result="ok"; |
my $result="ok"; |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
{ |
{ |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
if ($pf) { |
if ($pf) { |
print $pf "$umode:$npass\n"; |
print $pf "$umode:$npass\n"; |
|
&update_passwd_history($uname,$udom,$umode,$action); |
} else { |
} else { |
$result = "pass_file_failed_error"; |
$result = "pass_file_failed_error"; |
} |
} |
} |
} |
} elsif ($umode eq 'internal') { |
} elsif ($umode eq 'internal') { |
my $salt=time; |
my $ncpass = &hash_passwd($udom,$npass); |
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
{ |
{ |
&Debug("Creating internal auth"); |
&Debug("Creating internal auth"); |
my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
if($pf) { |
if($pf) { |
print $pf "internal:$ncpass\n"; |
print $pf "internal:$ncpass\n"; |
|
&update_passwd_history($uname,$udom,$umode,$action); |
} else { |
} else { |
$result = "pass_file_failed_error"; |
$result = "pass_file_failed_error"; |
} |
} |
Line 7663 Allow for a password to be set.
|
Line 7971 Allow for a password to be set.
|
|
|
Make a user. |
Make a user. |
|
|
=item passwd |
=item changeuserauth |
|
|
Allow for authentication mechanism and password to be changed. |
Allow for authentication mechanism and password to be changed. |
|
|
Line 7752 for each student, defined perhaps by the
|
Line 8060 for each student, defined perhaps by the
|
Returns usernames corresponding to IDs. (These "IDs" are unique identifiers |
Returns usernames corresponding to IDs. (These "IDs" are unique identifiers |
for each student, defined perhaps by the institutional Registrar.) |
for each student, defined perhaps by the institutional Registrar.) |
|
|
|
=item iddel |
|
|
|
Deletes one or more ids in a domain's id database. |
|
|
=item tmpput |
=item tmpput |
|
|
Accept and store information in temporary space. |
Accept and store information in temporary space. |