version 1.90.2.1, 2002/09/03 02:02:50
|
version 1.98, 2002/09/19 21:16:24
|
Line 74 use Crypt::IDEA;
|
Line 74 use Crypt::IDEA;
|
use LWP::UserAgent(); |
use LWP::UserAgent(); |
use GDBM_File; |
use GDBM_File; |
use Authen::Krb4; |
use Authen::Krb4; |
|
use Authen::Krb5; |
use lib '/home/httpd/lib/perl/'; |
use lib '/home/httpd/lib/perl/'; |
use localauth; |
use localauth; |
|
|
Line 82 my $DEBUG = 0; # Non zero to ena
|
Line 83 my $DEBUG = 0; # Non zero to ena
|
my $status=''; |
my $status=''; |
my $lastlog=''; |
my $lastlog=''; |
|
|
|
# |
|
# The array below are password error strings." |
|
# |
|
my $lastpwderror = 13; # Largest error number from lcpasswd. |
|
my @passwderrors = ("ok", |
|
"lcpasswd must be run as user 'www'", |
|
"lcpasswd got incorrect number of arguments", |
|
"lcpasswd did not get the right nubmer of input text lines", |
|
"lcpasswd too many simultaneous pwd changes in progress", |
|
"lcpasswd User does not exist.", |
|
"lcpasswd Incorrect current passwd", |
|
"lcpasswd Unable to su to root.", |
|
"lcpasswd Cannot set new passwd.", |
|
"lcpasswd Username has invalid characters", |
|
"lcpasswd Invalid characters in password", |
|
"11", "12", |
|
"lcpasswd Password mismatch"); |
|
|
|
|
|
# The array below are lcuseradd error strings.: |
|
|
|
my $lastadderror = 13; |
|
my @adderrors = ("ok", |
|
"User ID mismatch, lcuseradd must run as user www", |
|
"lcuseradd Incorrect number of command line parameters must be 3", |
|
"lcuseradd Incorrect number of stdinput lines, must be 3", |
|
"lcuseradd Too many other simultaneous pwd changes in progress", |
|
"lcuseradd User does not exist", |
|
"lcuseradd Unabel to mak ewww member of users's group", |
|
"lcuseradd Unable to su to root", |
|
"lcuseradd Unable to set password", |
|
"lcuseradd Usrname has invbalid charcters", |
|
"lcuseradd Password has an invalid character", |
|
"lcuseradd User already exists", |
|
"lcuseradd Could not add user.", |
|
"lcuseradd Password mismatch"); |
|
|
|
|
|
# |
|
# Convert an error return code from lcpasswd to a string value. |
|
# |
|
sub lcpasswdstrerror { |
|
my $ErrorCode = shift; |
|
if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) { |
|
return "lcpasswd Unrecognized error return value ".$ErrorCode; |
|
} else { |
|
return $passwderrors[$ErrorCode]; |
|
} |
|
} |
|
|
|
# |
|
# Convert an error return code from lcuseradd to a string value: |
|
# |
|
sub lcuseraddstrerror { |
|
my $ErrorCode = shift; |
|
if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) { |
|
return "lcuseradd - Unrecognized error code: ".$ErrorCode; |
|
} else { |
|
return $adderrors[$ErrorCode]; |
|
} |
|
} |
|
|
# grabs exception and records it to log before exiting |
# grabs exception and records it to log before exiting |
sub catchexception { |
sub catchexception { |
my ($error)=@_; |
my ($error)=@_; |
Line 106 $SIG{'QUIT'}=\&catchexception;
|
Line 169 $SIG{'QUIT'}=\&catchexception;
|
$SIG{__DIE__}=\&catchexception; |
$SIG{__DIE__}=\&catchexception; |
|
|
# ---------------------------------- Read loncapa_apache.conf and loncapa.conf |
# ---------------------------------- Read loncapa_apache.conf and loncapa.conf |
&status("Read loncapa_apache.conf and loncapa.conf"); |
&status("Read loncapa.conf and loncapa_apache.conf"); |
my $perlvarref=LONCAPA::Configuration::read_conf('loncapa_apache.conf', |
my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf'); |
'loncapa.conf'); |
|
my %perlvar=%{$perlvarref}; |
my %perlvar=%{$perlvarref}; |
undef $perlvarref; |
undef $perlvarref; |
|
|
Line 488 sub make_new_child {
|
Line 550 sub make_new_child {
|
or die "Can't unblock SIGINT for fork: $!\n"; |
or die "Can't unblock SIGINT for fork: $!\n"; |
|
|
$tmpsnum=0; |
$tmpsnum=0; |
|
#---------------------------------------------------- kerberos 5 initialization |
|
&Authen::Krb5::init_context(); |
|
&Authen::Krb5::init_ets(); |
|
|
# handle connections until we've reached $MAX_CLIENTS_PER_CHILD |
# handle connections until we've reached $MAX_CLIENTS_PER_CHILD |
for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) { |
for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) { |
&status('Idle, waiting for connection'); |
&status('Idle, waiting for connection'); |
Line 654 sub make_new_child {
|
Line 719 sub make_new_child {
|
$contentpwd,'krbtgt',$contentpwd,1, |
$contentpwd,'krbtgt',$contentpwd,1, |
$upass) == 0); |
$upass) == 0); |
} else { $pwdcorrect=0; } |
} else { $pwdcorrect=0; } |
|
} elsif ($howpwd eq 'krb5') { |
|
$null=pack("C",0); |
|
unless ($upass=~/$null/) { |
|
my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd); |
|
my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd; |
|
my $krbserver=&Authen::Krb5::parse_name($krbservice); |
|
my $credentials=&Authen::Krb5::cc_default(); |
|
$credentials->initialize($krbclient); |
|
my $krbreturn = |
|
&Authen::Krb5::get_in_tkt_with_password( |
|
$krbclient,$krbserver,$upass,$credentials); |
|
# unless ($krbreturn) { |
|
# &logthis("Krb5 Error: ". |
|
# &Authen::Krb5::error()); |
|
# } |
|
$pwdcorrect = ($krbreturn == 1); |
|
} else { $pwdcorrect=0; } |
} elsif ($howpwd eq 'localauth') { |
} elsif ($howpwd eq 'localauth') { |
$pwdcorrect=&localauth::localauth($uname,$upass, |
$pwdcorrect=&localauth::localauth($uname,$upass, |
$contentpwd); |
$contentpwd); |
Line 677 sub make_new_child {
|
Line 759 sub make_new_child {
|
chomp($npass); |
chomp($npass); |
$upass=&unescape($upass); |
$upass=&unescape($upass); |
$npass=&unescape($npass); |
$npass=&unescape($npass); |
&logthis("Trying to change password for $uname"); |
&Debug("Trying to change password for $uname"); |
my $proname=propath($udom,$uname); |
my $proname=propath($udom,$uname); |
my $passfilename="$proname/passwd"; |
my $passfilename="$proname/passwd"; |
if (-e $passfilename) { |
if (-e $passfilename) { |
Line 687 sub make_new_child {
|
Line 769 sub make_new_child {
|
chomp($realpasswd); |
chomp($realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
if ($howpwd eq 'internal') { |
if ($howpwd eq 'internal') { |
|
&Debug("internal auth"); |
if (crypt($upass,$contentpwd) eq $contentpwd) { |
if (crypt($upass,$contentpwd) eq $contentpwd) { |
my $salt=time; |
my $salt=time; |
$salt=substr($salt,6,2); |
$salt=substr($salt,6,2); |
Line 703 sub make_new_child {
|
Line 786 sub make_new_child {
|
# one way or another. |
# one way or another. |
# First: Make sure the current password is |
# First: Make sure the current password is |
# correct |
# correct |
|
&Debug("auth is unix"); |
$contentpwd=(getpwnam($uname))[1]; |
$contentpwd=(getpwnam($uname))[1]; |
my $pwdcorrect = "0"; |
my $pwdcorrect = "0"; |
my $pwauth_path="/usr/local/sbin/pwauth"; |
my $pwauth_path="/usr/local/sbin/pwauth"; |
Line 714 sub make_new_child {
|
Line 798 sub make_new_child {
|
die "Cannot invoke authentication"; |
die "Cannot invoke authentication"; |
print PWAUTH "$uname\n$upass\n"; |
print PWAUTH "$uname\n$upass\n"; |
close PWAUTH; |
close PWAUTH; |
$pwdcorrect=!$?; |
&Debug("exited pwauth with $? ($uname,$upass) "); |
|
$pwdcorrect=($? == 0); |
} |
} |
if ($pwdcorrect) { |
if ($pwdcorrect) { |
my $execdir=$perlvar{'lonDaemons'}; |
my $execdir=$perlvar{'lonDaemons'}; |
my $pf = IO::File->new("|$execdir/lcpasswd"); |
&Debug("Opening lcpasswd pipeline"); |
|
my $pf = IO::File->new("|$execdir/lcpasswd > /home/www/lcpasswd.log"); |
print $pf "$uname\n$npass\n$npass\n"; |
print $pf "$uname\n$npass\n$npass\n"; |
close $pf; |
close $pf; |
my $result = ($?>0 ? 'pwchange_failure' |
my $err = $?; |
|
my $result = ($err>0 ? 'pwchange_failure' |
: 'ok'); |
: 'ok'); |
&logthis("Result of password change for $uname: $result"); |
&logthis("Result of password change for $uname: ". |
|
&lcpasswdstrerror($?)); |
print $client "$result\n"; |
print $client "$result\n"; |
} else { |
} else { |
print $client "non_authorized\n"; |
print $client "non_authorized\n"; |
Line 739 sub make_new_child {
|
Line 827 sub make_new_child {
|
} |
} |
# -------------------------------------------------------------------- makeuser |
# -------------------------------------------------------------------- makeuser |
} elsif ($userinput =~ /^makeuser/) { |
} elsif ($userinput =~ /^makeuser/) { |
Debug("Make user received"); |
&Debug("Make user received"); |
my $oldumask=umask(0077); |
my $oldumask=umask(0077); |
if ($wasenc==1) { |
if ($wasenc==1) { |
my |
my |
Line 769 sub make_new_child {
|
Line 857 sub make_new_child {
|
} |
} |
} |
} |
unless ($fperror) { |
unless ($fperror) { |
if ($umode eq 'krb4') { |
my $result=&make_passwd_file($uname, $umode,$npass, |
{ |
$passfilename); |
my $pf = IO::File->new(">$passfilename"); |
print $client $result; |
print $pf "krb4:$npass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'internal') { |
|
my $salt=time; |
|
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
{ |
|
&Debug("Creating internal auth"); |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "internal:$ncpass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'localauth') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "localauth:$npass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'unix') { |
|
{ |
|
my $execpath="$perlvar{'lonDaemons'}/". |
|
"lcuseradd"; |
|
{ |
|
&Debug("Executing external: ". |
|
$execpath); |
|
my $se = IO::File->new("|$execpath"); |
|
print $se "$uname\n"; |
|
print $se "$npass\n"; |
|
print $se "$npass\n"; |
|
} |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "unix:\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'none') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "none:\n"; |
|
} |
|
print $client "ok\n"; |
|
} else { |
|
print $client "auth_mode_error\n"; |
|
} |
|
} else { |
} else { |
print $client "$fperror\n"; |
print $client "$fperror\n"; |
} |
} |
Line 829 sub make_new_child {
|
Line 873 sub make_new_child {
|
&Debug("Changing authorization"); |
&Debug("Changing authorization"); |
if ($wasenc==1) { |
if ($wasenc==1) { |
my |
my |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); |
chomp($npass); |
chomp($npass); |
&Debug("cmd = ".$cmd." domain= ".$udom. |
&Debug("cmd = ".$cmd." domain= ".$udom. |
"uname =".$uname." umode= ".$umode); |
"uname =".$uname." umode= ".$umode); |
$npass=&unescape($npass); |
$npass=&unescape($npass); |
my $proname=propath($udom,$uname); |
my $proname=&propath($udom,$uname); |
my $passfilename="$proname/passwd"; |
my $passfilename="$proname/passwd"; |
if ($udom ne $perlvar{'lonDefDomain'}) { |
if ($udom ne $perlvar{'lonDefDomain'}) { |
print $client "not_right_domain\n"; |
print $client "not_right_domain\n"; |
} else { |
} else { |
if ($umode eq 'krb4') { |
my $result=&make_passwd_file($uname, $umode,$npass, |
{ |
$passfilename); |
my $pf = IO::File->new(">$passfilename"); |
print $client $result; |
print $pf "krb4:$npass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'internal') { |
|
my $salt=time; |
|
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "internal:$ncpass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'localauth') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "localauth:$npass\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'unix') { |
|
{ |
|
my $execpath="$perlvar{'lonDaemons'}/". |
|
"lcuseradd"; |
|
{ |
|
my $se = IO::File->new("|$execpath"); |
|
print $se "$uname\n"; |
|
print $se "$npass\n"; |
|
print $se "$npass\n"; |
|
} |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "unix:\n"; |
|
} |
|
print $client "ok\n"; |
|
} elsif ($umode eq 'none') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "none:\n"; |
|
} |
|
print $client "ok\n"; |
|
} else { |
|
print $client "auth_mode_error\n"; |
|
} |
|
} |
} |
} else { |
} else { |
print $client "refused\n"; |
print $client "refused\n"; |
Line 1541 sub GetAuthType
|
Line 1544 sub GetAuthType
|
my ($authtype, $contentpwd) = split(/:/, $realpassword); |
my ($authtype, $contentpwd) = split(/:/, $realpassword); |
Debug("Authtype = $authtype, content = $contentpwd\n"); |
Debug("Authtype = $authtype, content = $contentpwd\n"); |
my $availinfo = ''; |
my $availinfo = ''; |
if($authtype eq 'krb4') { |
if($authtype eq 'krb4' or $authtype eq 'krb5') { |
$availinfo = $contentpwd; |
$availinfo = $contentpwd; |
} |
} |
|
|
Line 1663 sub subscribe {
|
Line 1666 sub subscribe {
|
} |
} |
return $result; |
return $result; |
} |
} |
|
|
|
sub make_passwd_file { |
|
my ($uname, $umode,$npass,$passfilename)=@_; |
|
my $result="ok\n"; |
|
if ($umode eq 'krb4' or $umode eq 'krb5') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "$umode:$npass\n"; |
|
} |
|
} elsif ($umode eq 'internal') { |
|
my $salt=time; |
|
$salt=substr($salt,6,2); |
|
my $ncpass=crypt($npass,$salt); |
|
{ |
|
&Debug("Creating internal auth"); |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "internal:$ncpass\n"; |
|
} |
|
} elsif ($umode eq 'localauth') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "localauth:$npass\n"; |
|
} |
|
} elsif ($umode eq 'unix') { |
|
{ |
|
my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; |
|
{ |
|
&Debug("Executing external: ".$execpath); |
|
&Debug("user = ".$uname.", Password =". $npass); |
|
my $se = IO::File->new("|$execpath > /home/www/lcuseradd.log"); |
|
print $se "$uname\n"; |
|
print $se "$npass\n"; |
|
print $se "$npass\n"; |
|
} |
|
my $useraddok = $?; |
|
if($useraddok > 0) { |
|
&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok)); |
|
} |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "unix:\n"; |
|
} |
|
} elsif ($umode eq 'none') { |
|
{ |
|
my $pf = IO::File->new(">$passfilename"); |
|
print $pf "none:\n"; |
|
} |
|
} else { |
|
$result="auth_mode_error\n"; |
|
} |
|
return $result; |
|
} |
|
|
# ----------------------------------- POD (plain old documentation, CPAN style) |
# ----------------------------------- POD (plain old documentation, CPAN style) |
|
|
=head1 NAME |
=head1 NAME |
Line 1961 Crypt::IDEA
|
Line 2016 Crypt::IDEA
|
LWP::UserAgent() |
LWP::UserAgent() |
GDBM_File |
GDBM_File |
Authen::Krb4 |
Authen::Krb4 |
|
Authen::Krb5 |
|
|
=head1 COREQUISITES |
=head1 COREQUISITES |
|
|