--- loncom/lond 1999/10/13 17:48:51 1.1 +++ loncom/lond 1999/10/26 20:24:47 1.2 @@ -2,7 +2,8 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # 5/26/99,6/4,6/10,6/11,6/14,6/15,6/26,6/28,6/30, -# 7/8,7/9,7/10,7/12,7/17,7/19,9/21,10/7,10/8,10/9,10/11 Gerd Kortemeyer +# 7/8,7/9,7/10,7/12,7/17,7/19,9/21, +# 10/7,10/8,10/9,10/11,10/13,10/15 Gerd Kortemeyer # based on "Perl Cookbook" ISBN 1-56592-243-3 # preforker - server who forks first # runs as a daemon @@ -253,13 +254,34 @@ sub make_new_child { # ============================================================================= # do something with the connection # ----------------------------------------------------------------------------- - # see if we know client + # see if we know client and check for spoof IP by challenge my $caller=getpeername($client); my ($port,$iaddr)=unpack_sockaddr_in($caller); my $clientip=inet_ntoa($iaddr); my $clientrec=($hostid{$clientip} ne undef); &logthis("Connect from $clientip ($hostid{$clientip})"); + my $clientok; if ($clientrec) { + my $remotereq=<$client>; + $remotereq=~s/\W//g; + if ($remotereq eq 'init') { + my $challenge="$$".time; + print $client "$challenge\n"; + $remotereq=<$client>; + $remotereq=~s/\W//g; + if ($challenge eq $remotereq) { + $clientok=1; + print $client "ok\n"; + } else { + &logthis("$clientip did not reply challenge"); + } + } else { + &logthis("$clientip failed to initialize: >$remotereq<"); + } + } else { + &logthis("Unknown client $clientip"); + } + if ($clientok) { # ---------------- New known client connecting, could mean machine online again &reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}"); # ------------------------------------------------------------ Process requests @@ -324,7 +346,17 @@ sub make_new_child { my $pf = IO::File->new($passfilename); my $realpasswd=<$pf>; chomp($realpasswd); - if ($realpasswd eq $upass ) { + my ($howpwd,$contentpwd)=split(/:/,$realpasswd); + my $pwdcorrect=0; + if ($howpwd eq 'internal') { + $pwdcorrect= + (crypt($upass,$contentpwd) eq $contentpwd); + } elsif ($howpwd eq 'unix') { + $contentpwd=(getpwnam($uname))[1]; + $pwdcorrect= + (crypt($upass,$contentpwd) eq $contentpwd); + } + if ($pwdcorrect) { print $client "authorized\n"; } else { print $client "non_authorized\n"; @@ -348,12 +380,20 @@ sub make_new_child { { my $pf = IO::File->new($passfilename); $realpasswd=<$pf>; } chomp($realpasswd); - if ($realpasswd eq $upass ) { + my ($howpwd,$contentpwd)=split(/:/,$realpasswd); + if ($howpwd eq 'internal') { + if (crypt($upass,$contentpwd) eq $contentpwd) { + my $salt=time; + $salt=substr($salt,6,2); + my $ncpass=crypt($npass,$salt); { my $pf = IO::File->new(">$passfilename"); - print $pf "$npass\n";; } + print $pf "internal:$ncpass\n";; } print $client "ok\n"; - } else { + } else { print $client "non_authorized\n"; + } + } else { + print $client "auth_mode_error\n"; } } else { print $client "unknown_user\n"; @@ -656,7 +696,7 @@ sub make_new_child { } } else { print $client "refused\n"; - &logthis("Unknown client $clientip, closing connection"); + &logthis("Rejected client $clientip, closing connection"); } &logthis("Disconnect from $clientip ($hostid{$clientip})"); # =============================================================================