--- loncom/lond 2004/03/23 11:50:12 1.178.2.13 +++ loncom/lond 2004/04/15 11:26:34 1.178.2.16 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.178.2.13 2004/03/23 11:50:12 foxr Exp $ +# $Id: lond,v 1.178.2.16 2004/04/15 11:26:34 foxr Exp $ # # Copyright Michigan State University Board of Trustees # @@ -53,7 +53,7 @@ my $DEBUG = 1; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.178.2.13 $'; #' stupid emacs +my $VERSION='$Revision: 1.178.2.16 $'; #' stupid emacs my $remoteVERSION; my $currenthostid; my $currentdomainid; @@ -796,7 +796,7 @@ sub ChangePasswordHandler { # First require that the user can be authenticated with their # old password: - my $validated = ValidUser($udom, $uname, $upass); + my $validated = ValidateUser($udom, $uname, $upass); if($validated) { my $realpasswd = GetAuthType($udom, $uname); # Defined since authd. @@ -890,6 +890,7 @@ sub AddUserHandler { for (my $i=3;$i<= ($#fpparts-1);$i++) { $fpnow.='/'.$fpparts[$i]; unless (-e $fpnow) { + &logthis("mkdir $fpnow"); unless (mkdir($fpnow,0777)) { $fperror="error: ".($!+0)." mkdir failed while attempting " ."makeuser"; @@ -989,7 +990,7 @@ sub IsHomeHandler { my ($udom,$uname)=split(/:/,$tail); chomp($uname); - my $passfile = PasswordPath($udom, $uname); + my $passfile = PasswordFilename($udom, $uname); if($passfile) { Reply( $client, "found\n", $userinput); } else { @@ -1137,10 +1138,7 @@ sub FetchUserFileHandler { } RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0); # -# Authenticate access to a user file. Question? The token for athentication -# is allowed to be sent as cleartext is this really what we want? This token -# represents the user's session id. Once it is forged does this allow too much -# access?? +# Authenticate access to a user file. # # Parameters: # $cmd - The command that got us here. @@ -1616,7 +1614,7 @@ sub GetProfileEntryEncrypted { return 1; } -RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0); +RegisterHandler("eget", \&GetProfileEntryEncrypted, 0, 1, 0); # # Deletes a key in a user profile database. @@ -1847,7 +1845,8 @@ sub DumpWithRegexp { } RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0); -# Store an aitem in any database but the roles database. +# Store an aitem in any resource meta data(?) or database with +# versioning? # # Parameters: # $cmd - Request command keyword. @@ -4185,7 +4184,7 @@ sub ValidateUser { $validated = (crypt($password, $contentpwd) eq $contentpwd); } elsif ($howpwd eq "unix") { # User is a normal unix user. - $contentpwd = (getpwname($user))[1]; + $contentpwd = (getpwnam($user))[1]; if($contentpwd) { if($contentpwd eq 'x') { # Shadow password file... my $pwauth_path = "/usr/local/sbin/pwauth"; @@ -4487,23 +4486,35 @@ sub make_passwd_file { print $pf "localauth:$npass\n"; } } elsif ($umode eq 'unix') { - { - my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; - { - &Debug("Executing external: ".$execpath); - &Debug("user = ".$uname.", Password =". $npass); - my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log"); - print $se "$uname\n"; - print $se "$npass\n"; - print $se "$npass\n"; - } - my $useraddok = $?; - if($useraddok > 0) { - &logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok)); - } - my $pf = IO::File->new(">$passfilename"); - print $pf "unix:\n"; + # + # Don't allow the creation of privileged accounts!!! that would + # be real bad!!! + # + my $uid = getpwnam($uname); + if((defined $uid) && ($uid == 0)) { + &logthis(">>>Attempted add of privileged account blocked<<<"); + return "no_priv_account_error\n"; } + + # + my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; + + &Debug("Executing external: ".$execpath); + &Debug("user = ".$uname.", Password =". $npass); + my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log"); + print $se "$uname\n"; + print $se "$npass\n"; + print $se "$npass\n"; + + my $useraddok = $?; + if($useraddok > 0) { + my $lcstring = lcuseraddstrerror($useraddok); + &logthis("Failed lcuseradd: $lcstring"); + return "error: lcuseradd failed: $lcstring\n"; + } + my $pf = IO::File->new(">$passfilename"); + print $pf "unix:\n"; + } elsif ($umode eq 'none') { { my $pf = IO::File->new(">$passfilename");