--- loncom/lond 2007/11/10 03:38:28 1.389 +++ loncom/lond 2008/02/21 16:04:19 1.395 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.389 2007/11/10 03:38:28 raeburn Exp $ +# $Id: lond,v 1.395 2008/02/21 16:04:19 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -59,7 +59,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.389 $'; #' stupid emacs +my $VERSION='$Revision: 1.395 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -1514,13 +1514,16 @@ sub authenticate_handler { # udom - User's domain. # uname - Username. # upass - User's password. + # defauthtype - Default authentication types for the domain + # defautharg - Default authentication arg for the domain - my ($udom,$uname,$upass)=split(/:/,$tail); + my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail); &Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); chomp($upass); $upass=&unescape($upass); - my $pwdcorrect = &validate_user($udom, $uname, $upass); + my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype, + $defautharg); if($pwdcorrect) { &Reply( $client, "authorized\n", $userinput); # @@ -1666,7 +1669,7 @@ sub add_user_handler { } unless ($fperror) { my $result=&make_passwd_file($uname, $umode,$npass, $passfilename); - &Reply($client, $result, $userinput); #BUGBUG - could be fail + &Reply($client,\$result, $userinput); #BUGBUG - could be fail } else { &Failure($client, \$fperror, $userinput); } @@ -1735,7 +1738,7 @@ sub change_authentication_handler { my $result = &change_unix_password($uname, $npass); &logthis("Result of password change for $uname: ".$result); if ($result eq "ok") { - &Reply($client, \$result) + &Reply($client, \$result); } else { &Failure($client, \$result); } @@ -2141,17 +2144,17 @@ sub token_auth_user_file_handler { my ($fname, $session) = split(/:/, $tail); chomp($session); - my $reply="non_auth\n"; + my $reply="non_auth"; my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id'; if (open(ENVIN,"$file")) { flock(ENVIN,LOCK_SH); tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640); if (exists($disk_env{"userfile.$fname"})) { - $reply="ok\n"; + $reply="ok"; } else { foreach my $envname (keys(%disk_env)) { if ($envname=~ m|^userfile\.\Q$fname\E|) { - $reply="ok\n"; + $reply="ok"; last; } } @@ -2582,6 +2585,7 @@ sub get_profile_entry { my ($udom,$uname,$namespace,$what) = split(/:/,$tail); chomp($what); + my $replystring = read_profile($udom, $uname, $namespace, $what); my ($first) = split(/:/,$replystring); if($first ne "error") { @@ -3311,7 +3315,7 @@ sub put_course_id_handler { my @new_items = split(/:/,$courseinfo,-1); my %storehash; for (my $i=0; $i<@new_items; $i++) { - $storehash{$items[$i]} = $new_items[$i]; + $storehash{$items[$i]} = &unescape($new_items[$i]); } $hashref->{$key} = &Apache::lonnet::freeze_escape(\%storehash); @@ -4454,11 +4458,11 @@ sub validate_class_access_handler { my ($cmd, $tail, $client) = @_; my $userinput = "$cmd:$tail"; my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail); - my @owners = split(/,/,&unescape($ownerlist)); + my $owners = &unescape($ownerlist); my $outcome; eval { local($SIG{__DIE__})='DEFAULT'; - $outcome=&localenroll::check_section($inst_class,\@owners,$cdom); + $outcome=&localenroll::check_section($inst_class,$owners,$cdom); }; &Reply($client,\$outcome, $userinput); @@ -5969,8 +5973,7 @@ sub get_auth_type # 0 - The domain,user,password triplet is not a valid user. # sub validate_user { - my ($domain, $user, $password) = @_; - + my ($domain, $user, $password, $defauthtype, $defautharg) = @_; # Why negative ~pi you may well ask? Well this function is about # authentication, and therefore very important to get right. @@ -5993,8 +5996,17 @@ sub validate_user { my $null = pack("C",0); # Used by kerberos auth types. + if ($howpwd eq 'nouser') { + if ($defauthtype eq 'localauth') { + $howpwd = $defauthtype; + $contentpwd = $defautharg; + } elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) && + ($defautharg ne '')) { + $howpwd = $defauthtype; + $contentpwd = $defautharg; + } + } if ($howpwd ne 'nouser') { - if($howpwd eq "internal") { # Encrypted is in local password file. $validated = (crypt($password, $contentpwd) eq $contentpwd); } @@ -6045,11 +6057,18 @@ sub validate_user { my $credentials= &Authen::Krb5::cc_default(); $credentials->initialize(&Authen::Krb5::parse_name($user.'@' .$contentpwd)); - my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient, - $krbserver, - $password, - $credentials); - $validated = ($krbreturn == 1); + my $krbreturn; + if (exists(&Authen::Krb5::get_init_creds_password)) { + $krbreturn = + &Authen::Krb5::get_init_creds_password($krbclient,$password, + $krbservice); + $validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); + } else { + $krbreturn = + &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, + $password,$credentials); + $validated = ($krbreturn == 1); + } if (!$validated) { &logthis('krb5: '.$user.', '.$contentpwd.', '. &Authen::Krb5::error()); @@ -6342,7 +6361,7 @@ sub change_unix_password { sub make_passwd_file { my ($uname, $umode,$npass,$passfilename)=@_; - my $result="ok\n"; + my $result="ok"; if ($umode eq 'krb4' or $umode eq 'krb5') { { my $pf = IO::File->new(">$passfilename"); @@ -6410,7 +6429,7 @@ sub make_passwd_file { if($useraddok > 0) { my $error_text = &lcuseraddstrerror($useraddok); &logthis("Failed lcuseradd: $error_text"); - $result = "lcuseradd_failed:$error_text\n"; + $result = "lcuseradd_failed:$error_text"; } else { my $pf = IO::File->new(">$passfilename"); if($pf) { @@ -6434,7 +6453,7 @@ sub make_passwd_file { } } } else { - $result="auth_mode_error\n"; + $result="auth_mode_error"; } return $result; }