version 1.75, 2002/03/27 04:07:02
|
version 1.80, 2002/05/11 21:24:56
|
Line 53
|
Line 53
|
# 02/12 Gerd Kortemeyer |
# 02/12 Gerd Kortemeyer |
# 02/19 Matthew Hall |
# 02/19 Matthew Hall |
# 02/25 Gerd Kortemeyer |
# 02/25 Gerd Kortemeyer |
|
# 05/11 Scott Harrison |
### |
### |
|
|
# based on "Perl Cookbook" ISBN 1-56592-243-3 |
# based on "Perl Cookbook" ISBN 1-56592-243-3 |
Line 61
|
Line 62
|
# HUPs |
# HUPs |
# uses IDEA encryption |
# uses IDEA encryption |
|
|
|
use lib '/home/httpd/lib/perl/'; |
|
use LONCAPA::Configuration; |
|
|
use IO::Socket; |
use IO::Socket; |
use IO::File; |
use IO::File; |
use Apache::File; |
use Apache::File; |
Line 73 use Authen::Krb4;
|
Line 77 use Authen::Krb4;
|
use lib '/home/httpd/lib/perl/'; |
use lib '/home/httpd/lib/perl/'; |
use localauth; |
use localauth; |
|
|
|
my $DEBUG = 0; # Non zero to enable debug log entries. |
|
|
my $status=''; |
my $status=''; |
my $lastlog=''; |
my $lastlog=''; |
|
|
Line 99 sub timeout {
|
Line 105 sub timeout {
|
$SIG{'QUIT'}=\&catchexception; |
$SIG{'QUIT'}=\&catchexception; |
$SIG{__DIE__}=\&catchexception; |
$SIG{__DIE__}=\&catchexception; |
|
|
# ------------------------------------ Read httpd access.conf and get variables |
# ------------------------------------------- Read access.conf and loncapa.conf |
|
&status("Read access.conf and loncapa.conf"); |
open (CONFIG,"/etc/httpd/conf/access.conf") || die "Can't read access.conf"; |
my $perlvarref=LONCAPA::Configuration::read_conf('access.conf','loncapa.conf'); |
|
my %perlvar=%{$perlvarref}; |
while ($configline=<CONFIG>) { |
undef $perlvarref; |
if ($configline =~ /PerlSetVar/) { |
|
my ($dummy,$varname,$varvalue)=split(/\s+/,$configline); |
|
chomp($varvalue); |
|
$perlvar{$varname}=$varvalue; |
|
} |
|
} |
|
close(CONFIG); |
|
|
|
# ----------------------------- Make sure this process is running from user=www |
# ----------------------------- Make sure this process is running from user=www |
my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
Line 235 sub logthis {
|
Line 234 sub logthis {
|
print $fh "$local ($$): $message\n"; |
print $fh "$local ($$): $message\n"; |
} |
} |
|
|
|
# ------------------------- Conditional log if $DEBUG true. |
|
sub Debug { |
|
my $message = shift; |
|
if($DEBUG) { |
|
&logthis($message); |
|
} |
|
} |
# ------------------------------------------------------------------ Log status |
# ------------------------------------------------------------------ Log status |
|
|
sub logstatus { |
sub logstatus { |
Line 533 sub make_new_child {
|
Line 539 sub make_new_child {
|
if ($clientok) { |
if ($clientok) { |
# ---------------- New known client connecting, could mean machine online again |
# ---------------- New known client connecting, could mean machine online again |
|
|
# &reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}"); |
&reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}"); |
&logthis( |
&logthis( |
"<font color=green>Established connection: $hostid{$clientip}</font>"); |
"<font color=green>Established connection: $hostid{$clientip}</font>"); |
&status('Will listen to '.$hostid{$clientip}); |
&status('Will listen to '.$hostid{$clientip}); |
# ------------------------------------------------------------ Process requests |
# ------------------------------------------------------------ Process requests |
while (my $userinput=<$client>) { |
while (my $userinput=<$client>) { |
chomp($userinput); |
chomp($userinput); |
|
Debug("Request = $userinput\n"); |
&status('Processing '.$hostid{$clientip}.': '.$userinput); |
&status('Processing '.$hostid{$clientip}.': '.$userinput); |
my $wasenc=0; |
my $wasenc=0; |
alarm(120); |
alarm(120); |
Line 595 sub make_new_child {
|
Line 602 sub make_new_child {
|
} elsif ($userinput =~ /^currentauth/) { |
} elsif ($userinput =~ /^currentauth/) { |
if ($wasenc==1) { |
if ($wasenc==1) { |
my ($cmd,$udom,$uname)=split(/:/,$userinput); |
my ($cmd,$udom,$uname)=split(/:/,$userinput); |
my $proname=propath($udom,$uname); |
my $result = GetAuthType($udom, $uname); |
my $passfilename="$proname/passwd"; |
if($result eq "nouser") { |
if (-e $passfilename) { |
print $client "unknown_user\n"; |
my $pf = IO::File->new($passfilename); |
} |
my $realpasswd=<$pf>; |
else { |
chomp($realpasswd); |
print $client "$result\n" |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
} |
my $availablecontent=''; |
|
if ($howpwd eq 'krb4') { |
|
$availablecontent=$contentpwd; |
|
} |
|
print $client "$howpwd:$availablecontent\n"; |
|
} else { |
|
print $client "unknown_user\n"; |
|
} |
|
} else { |
} else { |
print $client "refused\n"; |
print $client "refused\n"; |
} |
} |
Line 737 sub make_new_child {
|
Line 736 sub make_new_child {
|
} |
} |
# -------------------------------------------------------------------- makeuser |
# -------------------------------------------------------------------- makeuser |
} elsif ($userinput =~ /^makeuser/) { |
} elsif ($userinput =~ /^makeuser/) { |
|
Debug("Make user received"); |
my $oldumask=umask(0077); |
my $oldumask=umask(0077); |
if ($wasenc==1) { |
if ($wasenc==1) { |
my |
my |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
|
&Debug("cmd =".$cmd." $udom =".$udom. |
|
" uname=".$uname); |
chomp($npass); |
chomp($npass); |
$npass=&unescape($npass); |
$npass=&unescape($npass); |
my $proname=propath($udom,$uname); |
my $proname=propath($udom,$uname); |
my $passfilename="$proname/passwd"; |
my $passfilename="$proname/passwd"; |
|
&Debug("Password file created will be:". |
|
$passfilename); |
if (-e $passfilename) { |
if (-e $passfilename) { |
print $client "already_exists\n"; |
print $client "already_exists\n"; |
} elsif ($udom ne $perlvar{'lonDefDomain'}) { |
} elsif ($udom ne $perlvar{'lonDefDomain'}) { |
Line 773 sub make_new_child {
|
Line 777 sub make_new_child {
|
$salt=substr($salt,6,2); |
$salt=substr($salt,6,2); |
my $ncpass=crypt($npass,$salt); |
my $ncpass=crypt($npass,$salt); |
{ |
{ |
my $pf = IO::File->new(">$passfilename"); |
&Debug("Creating internal auth"); |
|
my $pf = IO::File->new(">$passfilename"); |
print $pf "internal:$ncpass\n"; |
print $pf "internal:$ncpass\n"; |
} |
} |
print $client "ok\n"; |
print $client "ok\n"; |
Line 788 sub make_new_child {
|
Line 793 sub make_new_child {
|
my $execpath="$perlvar{'lonDaemons'}/". |
my $execpath="$perlvar{'lonDaemons'}/". |
"lcuseradd"; |
"lcuseradd"; |
{ |
{ |
|
&Debug("Executing external: ". |
|
$execpath); |
my $se = IO::File->new("|$execpath"); |
my $se = IO::File->new("|$execpath"); |
print $se "$uname\n"; |
print $se "$uname\n"; |
print $se "$npass\n"; |
print $se "$npass\n"; |
Line 816 sub make_new_child {
|
Line 823 sub make_new_child {
|
umask($oldumask); |
umask($oldumask); |
# -------------------------------------------------------------- changeuserauth |
# -------------------------------------------------------------- changeuserauth |
} elsif ($userinput =~ /^changeuserauth/) { |
} elsif ($userinput =~ /^changeuserauth/) { |
if ($wasenc==1) { |
&Debug("Changing authorization"); |
|
if ($wasenc==1) { |
my |
my |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
chomp($npass); |
chomp($npass); |
|
&Debug("cmd = ".$cmd." domain= ".$udom. |
|
"uname =".$uname." umode= ".$umode); |
$npass=&unescape($npass); |
$npass=&unescape($npass); |
my $proname=propath($udom,$uname); |
my $proname=propath($udom,$uname); |
my $passfilename="$proname/passwd"; |
my $passfilename="$proname/passwd"; |
Line 1028 sub make_new_child {
|
Line 1038 sub make_new_child {
|
} |
} |
# -------------------------------------------------------------------- rolesput |
# -------------------------------------------------------------------- rolesput |
} elsif ($userinput =~ /^rolesput/) { |
} elsif ($userinput =~ /^rolesput/) { |
|
&Debug("rolesput"); |
if ($wasenc==1) { |
if ($wasenc==1) { |
my ($cmd,$exedom,$exeuser,$udom,$uname,$what) |
my ($cmd,$exedom,$exeuser,$udom,$uname,$what) |
=split(/:/,$userinput); |
=split(/:/,$userinput); |
|
&Debug("cmd = ".$cmd." exedom= ".$exedom. |
|
"user = ".$exeuser." udom=".$udom. |
|
"what = ".$what); |
my $namespace='roles'; |
my $namespace='roles'; |
chomp($what); |
chomp($what); |
my $proname=propath($udom,$uname); |
my $proname=propath($udom,$uname); |
Line 1047 sub make_new_child {
|
Line 1061 sub make_new_child {
|
if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) { |
if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) { |
foreach $pair (@pairs) { |
foreach $pair (@pairs) { |
($key,$value)=split(/=/,$pair); |
($key,$value)=split(/=/,$pair); |
|
&ManagePermissions($key, $udom, $uname, |
|
&GetAuthType( $udom, |
|
$uname)); |
$hash{$key}=$value; |
$hash{$key}=$value; |
|
|
} |
} |
if (untie(%hash)) { |
if (untie(%hash)) { |
print $client "ok\n"; |
print $client "ok\n"; |
Line 1442 sub make_new_child {
|
Line 1460 sub make_new_child {
|
} |
} |
} |
} |
|
|
|
|
|
# |
|
# Checks to see if the input roleput request was to set |
|
# an author role. If so, invokes the lchtmldir script to set |
|
# up a correct public_html |
|
# Parameters: |
|
# request - The request sent to the rolesput subchunk. |
|
# We're looking for /domain/_au |
|
# domain - The domain in which the user is having roles doctored. |
|
# user - Name of the user for which the role is being put. |
|
# authtype - The authentication type associated with the user. |
|
# |
|
sub ManagePermissions |
|
{ |
|
my $request = shift; |
|
my $domain = shift; |
|
my $user = shift; |
|
my $authtype= shift; |
|
|
|
# See if the request is of the form /$domain/_au |
|
|
|
if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput... |
|
my $execdir = $perlvar{'lonDaemons'}; |
|
my $userhome= "/home/$user" ; |
|
Debug("system $execdir/lchtmldir $userhome $system $authtype"); |
|
system("$execdir/lchtmldir $userhome $user $authtype"); |
|
} |
|
} |
|
# |
|
# GetAuthType - Determines the authorization type of a user in a domain. |
|
|
|
# Returns the authorization type or nouser if there is no such user. |
|
# |
|
sub GetAuthType |
|
{ |
|
my $domain = shift; |
|
my $user = shift; |
|
|
|
Debug("GetAuthType( $domain, $user ) \n"); |
|
my $proname = &propath($domain, $user); |
|
my $passwdfile = "$proname/passwd"; |
|
if( -e $passwdfile ) { |
|
my $pf = IO::File->new($passwdfile); |
|
my $realpassword = <$pf>; |
|
chomp($realpassword); |
|
Debug("Password info = $realpassword\n"); |
|
my ($authtype, $contentpwd) = split(/:/, $realpassword); |
|
Debug("Authtype = $authtype, content = $contentpwd\n"); |
|
my $availinfo = ''; |
|
if($authtype eq 'krb4') { |
|
$availinfo = $contentpwd; |
|
} |
|
|
|
return "$authtype:$availinfo"; |
|
} |
|
else { |
|
Debug("Returning nouser"); |
|
return "nouser"; |
|
} |
|
|
|
} |
|
|
# ----------------------------------- POD (plain old documentation, CPAN style) |
# ----------------------------------- POD (plain old documentation, CPAN style) |
|
|
=head1 NAME |
=head1 NAME |