|
version 1.388, 2007/10/13 17:07:56
|
version 1.395, 2008/02/21 16:04:19
|
|
Line 1514 sub authenticate_handler {
|
Line 1514 sub authenticate_handler {
|
| # udom - User's domain. |
# udom - User's domain. |
| # uname - Username. |
# uname - Username. |
| # upass - User's password. |
# upass - User's password. |
| |
# defauthtype - Default authentication types for the domain |
| |
# defautharg - Default authentication arg for the domain |
| |
|
| my ($udom,$uname,$upass)=split(/:/,$tail); |
my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail); |
| &Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
| chomp($upass); |
chomp($upass); |
| $upass=&unescape($upass); |
$upass=&unescape($upass); |
| |
|
| my $pwdcorrect = &validate_user($udom, $uname, $upass); |
my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype, |
| |
$defautharg); |
| if($pwdcorrect) { |
if($pwdcorrect) { |
| &Reply( $client, "authorized\n", $userinput); |
&Reply( $client, "authorized\n", $userinput); |
| # |
# |
|
Line 1666 sub add_user_handler {
|
Line 1669 sub add_user_handler {
|
| } |
} |
| unless ($fperror) { |
unless ($fperror) { |
| my $result=&make_passwd_file($uname, $umode,$npass, $passfilename); |
my $result=&make_passwd_file($uname, $umode,$npass, $passfilename); |
| &Reply($client, $result, $userinput); #BUGBUG - could be fail |
&Reply($client,\$result, $userinput); #BUGBUG - could be fail |
| } else { |
} else { |
| &Failure($client, \$fperror, $userinput); |
&Failure($client, \$fperror, $userinput); |
| } |
} |
|
Line 1735 sub change_authentication_handler {
|
Line 1738 sub change_authentication_handler {
|
| my $result = &change_unix_password($uname, $npass); |
my $result = &change_unix_password($uname, $npass); |
| &logthis("Result of password change for $uname: ".$result); |
&logthis("Result of password change for $uname: ".$result); |
| if ($result eq "ok") { |
if ($result eq "ok") { |
| &Reply($client, \$result) |
&Reply($client, \$result); |
| } else { |
} else { |
| &Failure($client, \$result); |
&Failure($client, \$result); |
| } |
} |
|
Line 2141 sub token_auth_user_file_handler {
|
Line 2144 sub token_auth_user_file_handler {
|
| my ($fname, $session) = split(/:/, $tail); |
my ($fname, $session) = split(/:/, $tail); |
| |
|
| chomp($session); |
chomp($session); |
| my $reply="non_auth\n"; |
my $reply="non_auth"; |
| my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id'; |
my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id'; |
| if (open(ENVIN,"$file")) { |
if (open(ENVIN,"$file")) { |
| flock(ENVIN,LOCK_SH); |
flock(ENVIN,LOCK_SH); |
| tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640); |
tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640); |
| if (exists($disk_env{"userfile.$fname"})) { |
if (exists($disk_env{"userfile.$fname"})) { |
| $reply="ok\n"; |
$reply="ok"; |
| } else { |
} else { |
| foreach my $envname (keys(%disk_env)) { |
foreach my $envname (keys(%disk_env)) { |
| if ($envname=~ m|^userfile\.\Q$fname\E|) { |
if ($envname=~ m|^userfile\.\Q$fname\E|) { |
| $reply="ok\n"; |
$reply="ok"; |
| last; |
last; |
| } |
} |
| } |
} |
|
Line 2582 sub get_profile_entry {
|
Line 2585 sub get_profile_entry {
|
| my ($udom,$uname,$namespace,$what) = split(/:/,$tail); |
my ($udom,$uname,$namespace,$what) = split(/:/,$tail); |
| chomp($what); |
chomp($what); |
| |
|
| |
|
| my $replystring = read_profile($udom, $uname, $namespace, $what); |
my $replystring = read_profile($udom, $uname, $namespace, $what); |
| my ($first) = split(/:/,$replystring); |
my ($first) = split(/:/,$replystring); |
| if($first ne "error") { |
if($first ne "error") { |
|
Line 3311 sub put_course_id_handler {
|
Line 3315 sub put_course_id_handler {
|
| my @new_items = split(/:/,$courseinfo,-1); |
my @new_items = split(/:/,$courseinfo,-1); |
| my %storehash; |
my %storehash; |
| for (my $i=0; $i<@new_items; $i++) { |
for (my $i=0; $i<@new_items; $i++) { |
| $storehash{$items[$i]} = $new_items[$i]; |
$storehash{$items[$i]} = &unescape($new_items[$i]); |
| } |
} |
| $hashref->{$key} = |
$hashref->{$key} = |
| &Apache::lonnet::freeze_escape(\%storehash); |
&Apache::lonnet::freeze_escape(\%storehash); |
|
Line 4057 sub dump_domainroles_handler {
|
Line 4061 sub dump_domainroles_handler {
|
| } |
} |
| } |
} |
| unless (@roles < 1) { |
unless (@roles < 1) { |
| unless (grep/^$trole$/,@roles) { |
unless (grep/^\Q$trole\E$/,@roles) { |
| $match = 0; |
$match = 0; |
| } |
} |
| } |
} |
|
Line 4454 sub validate_class_access_handler {
|
Line 4458 sub validate_class_access_handler {
|
| my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
| my $userinput = "$cmd:$tail"; |
my $userinput = "$cmd:$tail"; |
| my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail); |
my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail); |
| my @owners = split(/,/,&unescape($ownerlist)); |
my $owners = &unescape($ownerlist); |
| my $outcome; |
my $outcome; |
| eval { |
eval { |
| local($SIG{__DIE__})='DEFAULT'; |
local($SIG{__DIE__})='DEFAULT'; |
| $outcome=&localenroll::check_section($inst_class,\@owners,$cdom); |
$outcome=&localenroll::check_section($inst_class,$owners,$cdom); |
| }; |
}; |
| &Reply($client,\$outcome, $userinput); |
&Reply($client,\$outcome, $userinput); |
| |
|
|
Line 4666 sub get_institutional_user_rules {
|
Line 4670 sub get_institutional_user_rules {
|
| } |
} |
| ®ister_handler("instuserrules",\&get_institutional_user_rules,0,1,0); |
®ister_handler("instuserrules",\&get_institutional_user_rules,0,1,0); |
| |
|
| |
sub get_institutional_id_rules { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
my $dom = &unescape($tail); |
| |
my (%rules_hash,@rules_order); |
| |
my $outcome; |
| |
eval { |
| |
local($SIG{__DIE__})='DEFAULT'; |
| |
$outcome = &localenroll::id_rules($dom,\%rules_hash,\@rules_order); |
| |
}; |
| |
if (!$@) { |
| |
if ($outcome eq 'ok') { |
| |
my $result; |
| |
foreach my $key (keys(%rules_hash)) { |
| |
$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&'; |
| |
} |
| |
$result =~ s/\&$//; |
| |
$result .= ':'; |
| |
if (@rules_order > 0) { |
| |
foreach my $item (@rules_order) { |
| |
$result .= &escape($item).'&'; |
| |
} |
| |
} |
| |
$result =~ s/\&$//; |
| |
&Reply($client,\$result,$userinput); |
| |
} else { |
| |
&Reply($client,"error\n", $userinput); |
| |
} |
| |
} else { |
| |
&Failure($client,"unknown_cmd\n",$userinput); |
| |
} |
| |
} |
| |
®ister_handler("instidrules",\&get_institutional_id_rules,0,1,0); |
| |
|
| |
|
| sub institutional_username_check { |
sub institutional_username_check { |
| my ($cmd, $tail, $client) = @_; |
my ($cmd, $tail, $client) = @_; |
|
Line 4696 sub institutional_username_check {
|
Line 4734 sub institutional_username_check {
|
| } |
} |
| ®ister_handler("instrulecheck",\&institutional_username_check,0,1,0); |
®ister_handler("instrulecheck",\&institutional_username_check,0,1,0); |
| |
|
| |
sub institutional_id_check { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
my %rulecheck; |
| |
my $outcome; |
| |
my ($udom,$id,@rules) = split(/:/,$tail); |
| |
$udom = &unescape($udom); |
| |
$id = &unescape($id); |
| |
@rules = map {&unescape($_);} (@rules); |
| |
eval { |
| |
local($SIG{__DIE__})='DEFAULT'; |
| |
$outcome = &localenroll::id_check($udom,$id,\@rules,\%rulecheck); |
| |
}; |
| |
if (!$@) { |
| |
if ($outcome eq 'ok') { |
| |
my $result=''; |
| |
foreach my $key (keys(%rulecheck)) { |
| |
$result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&'; |
| |
} |
| |
&Reply($client,\$result,$userinput); |
| |
} else { |
| |
&Reply($client,"error\n", $userinput); |
| |
} |
| |
} else { |
| |
&Failure($client,"unknown_cmd\n",$userinput); |
| |
} |
| |
} |
| |
®ister_handler("instidrulecheck",\&institutional_id_check,0,1,0); |
| |
|
| # Get domain specific conditions for import of student photographs to a course |
# Get domain specific conditions for import of student photographs to a course |
| # |
# |
|
Line 5907 sub get_auth_type
|
Line 5973 sub get_auth_type
|
| # 0 - The domain,user,password triplet is not a valid user. |
# 0 - The domain,user,password triplet is not a valid user. |
| # |
# |
| sub validate_user { |
sub validate_user { |
| my ($domain, $user, $password) = @_; |
my ($domain, $user, $password, $defauthtype, $defautharg) = @_; |
| |
|
| |
|
| # Why negative ~pi you may well ask? Well this function is about |
# Why negative ~pi you may well ask? Well this function is about |
| # authentication, and therefore very important to get right. |
# authentication, and therefore very important to get right. |
|
Line 5931 sub validate_user {
|
Line 5996 sub validate_user {
|
| |
|
| my $null = pack("C",0); # Used by kerberos auth types. |
my $null = pack("C",0); # Used by kerberos auth types. |
| |
|
| |
if ($howpwd eq 'nouser') { |
| |
if ($defauthtype eq 'localauth') { |
| |
$howpwd = $defauthtype; |
| |
$contentpwd = $defautharg; |
| |
} elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) && |
| |
($defautharg ne '')) { |
| |
$howpwd = $defauthtype; |
| |
$contentpwd = $defautharg; |
| |
} |
| |
} |
| if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
| |
|
| if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
| $validated = (crypt($password, $contentpwd) eq $contentpwd); |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
| } |
} |
|
Line 5983 sub validate_user {
|
Line 6057 sub validate_user {
|
| my $credentials= &Authen::Krb5::cc_default(); |
my $credentials= &Authen::Krb5::cc_default(); |
| $credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
| .$contentpwd)); |
.$contentpwd)); |
| my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient, |
my $krbreturn; |
| $krbserver, |
if (exists(&Authen::Krb5::get_init_creds_password)) { |
| $password, |
$krbreturn = |
| $credentials); |
&Authen::Krb5::get_init_creds_password($krbclient,$password, |
| $validated = ($krbreturn == 1); |
$krbservice); |
| |
$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); |
| |
} else { |
| |
$krbreturn = |
| |
&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
| |
$password,$credentials); |
| |
$validated = ($krbreturn == 1); |
| |
} |
| if (!$validated) { |
if (!$validated) { |
| &logthis('krb5: '.$user.', '.$contentpwd.', '. |
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
| &Authen::Krb5::error()); |
&Authen::Krb5::error()); |
|
Line 6280 sub change_unix_password {
|
Line 6361 sub change_unix_password {
|
| |
|
| sub make_passwd_file { |
sub make_passwd_file { |
| my ($uname, $umode,$npass,$passfilename)=@_; |
my ($uname, $umode,$npass,$passfilename)=@_; |
| my $result="ok\n"; |
my $result="ok"; |
| if ($umode eq 'krb4' or $umode eq 'krb5') { |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
| { |
{ |
| my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
|
Line 6348 sub make_passwd_file {
|
Line 6429 sub make_passwd_file {
|
| if($useraddok > 0) { |
if($useraddok > 0) { |
| my $error_text = &lcuseraddstrerror($useraddok); |
my $error_text = &lcuseraddstrerror($useraddok); |
| &logthis("Failed lcuseradd: $error_text"); |
&logthis("Failed lcuseradd: $error_text"); |
| $result = "lcuseradd_failed:$error_text\n"; |
$result = "lcuseradd_failed:$error_text"; |
| } else { |
} else { |
| my $pf = IO::File->new(">$passfilename"); |
my $pf = IO::File->new(">$passfilename"); |
| if($pf) { |
if($pf) { |
|
Line 6372 sub make_passwd_file {
|
Line 6453 sub make_passwd_file {
|
| } |
} |
| } |
} |
| } else { |
} else { |
| $result="auth_mode_error\n"; |
$result="auth_mode_error"; |
| } |
} |
| return $result; |
return $result; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom