--- loncom/lond 1999/10/13 17:48:51 1.1
+++ loncom/lond 1999/10/26 20:24:47 1.2
@@ -2,7 +2,8 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
# 5/26/99,6/4,6/10,6/11,6/14,6/15,6/26,6/28,6/30,
-# 7/8,7/9,7/10,7/12,7/17,7/19,9/21,10/7,10/8,10/9,10/11 Gerd Kortemeyer
+# 7/8,7/9,7/10,7/12,7/17,7/19,9/21,
+# 10/7,10/8,10/9,10/11,10/13,10/15 Gerd Kortemeyer
# based on "Perl Cookbook" ISBN 1-56592-243-3
# preforker - server who forks first
# runs as a daemon
@@ -253,13 +254,34 @@ sub make_new_child {
# =============================================================================
# do something with the connection
# -----------------------------------------------------------------------------
- # see if we know client
+ # see if we know client and check for spoof IP by challenge
my $caller=getpeername($client);
my ($port,$iaddr)=unpack_sockaddr_in($caller);
my $clientip=inet_ntoa($iaddr);
my $clientrec=($hostid{$clientip} ne undef);
&logthis("Connect from $clientip ($hostid{$clientip})");
+ my $clientok;
if ($clientrec) {
+ my $remotereq=<$client>;
+ $remotereq=~s/\W//g;
+ if ($remotereq eq 'init') {
+ my $challenge="$$".time;
+ print $client "$challenge\n";
+ $remotereq=<$client>;
+ $remotereq=~s/\W//g;
+ if ($challenge eq $remotereq) {
+ $clientok=1;
+ print $client "ok\n";
+ } else {
+ &logthis("$clientip did not reply challenge");
+ }
+ } else {
+ &logthis("$clientip failed to initialize: >$remotereq<");
+ }
+ } else {
+ &logthis("Unknown client $clientip");
+ }
+ if ($clientok) {
# ---------------- New known client connecting, could mean machine online again
&reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}");
# ------------------------------------------------------------ Process requests
@@ -324,7 +346,17 @@ sub make_new_child {
my $pf = IO::File->new($passfilename);
my $realpasswd=<$pf>;
chomp($realpasswd);
- if ($realpasswd eq $upass ) {
+ my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+ my $pwdcorrect=0;
+ if ($howpwd eq 'internal') {
+ $pwdcorrect=
+ (crypt($upass,$contentpwd) eq $contentpwd);
+ } elsif ($howpwd eq 'unix') {
+ $contentpwd=(getpwnam($uname))[1];
+ $pwdcorrect=
+ (crypt($upass,$contentpwd) eq $contentpwd);
+ }
+ if ($pwdcorrect) {
print $client "authorized\n";
} else {
print $client "non_authorized\n";
@@ -348,12 +380,20 @@ sub make_new_child {
{ my $pf = IO::File->new($passfilename);
$realpasswd=<$pf>; }
chomp($realpasswd);
- if ($realpasswd eq $upass ) {
+ my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+ if ($howpwd eq 'internal') {
+ if (crypt($upass,$contentpwd) eq $contentpwd) {
+ my $salt=time;
+ $salt=substr($salt,6,2);
+ my $ncpass=crypt($npass,$salt);
{ my $pf = IO::File->new(">$passfilename");
- print $pf "$npass\n";; }
+ print $pf "internal:$ncpass\n";; }
print $client "ok\n";
- } else {
+ } else {
print $client "non_authorized\n";
+ }
+ } else {
+ print $client "auth_mode_error\n";
}
} else {
print $client "unknown_user\n";
@@ -656,7 +696,7 @@ sub make_new_child {
}
} else {
print $client "refused\n";
- &logthis("Unknown client $clientip, closing connection");
+ &logthis("Rejected client $clientip, closing connection");
}
&logthis("Disconnect from $clientip ($hostid{$clientip})");
# =============================================================================