|
version 1.393, 2008/01/07 02:21:35
|
version 1.395, 2008/02/21 16:04:19
|
|
Line 1514 sub authenticate_handler {
|
Line 1514 sub authenticate_handler {
|
| # udom - User's domain. |
# udom - User's domain. |
| # uname - Username. |
# uname - Username. |
| # upass - User's password. |
# upass - User's password. |
| |
# defauthtype - Default authentication types for the domain |
| |
# defautharg - Default authentication arg for the domain |
| |
|
| my ($udom,$uname,$upass)=split(/:/,$tail); |
my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail); |
| &Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass"); |
| chomp($upass); |
chomp($upass); |
| $upass=&unescape($upass); |
$upass=&unescape($upass); |
| |
|
| my $pwdcorrect = &validate_user($udom, $uname, $upass); |
my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype, |
| |
$defautharg); |
| if($pwdcorrect) { |
if($pwdcorrect) { |
| &Reply( $client, "authorized\n", $userinput); |
&Reply( $client, "authorized\n", $userinput); |
| # |
# |
|
Line 5970 sub get_auth_type
|
Line 5973 sub get_auth_type
|
| # 0 - The domain,user,password triplet is not a valid user. |
# 0 - The domain,user,password triplet is not a valid user. |
| # |
# |
| sub validate_user { |
sub validate_user { |
| my ($domain, $user, $password) = @_; |
my ($domain, $user, $password, $defauthtype, $defautharg) = @_; |
| |
|
| |
|
| # Why negative ~pi you may well ask? Well this function is about |
# Why negative ~pi you may well ask? Well this function is about |
| # authentication, and therefore very important to get right. |
# authentication, and therefore very important to get right. |
|
Line 5994 sub validate_user {
|
Line 5996 sub validate_user {
|
| |
|
| my $null = pack("C",0); # Used by kerberos auth types. |
my $null = pack("C",0); # Used by kerberos auth types. |
| |
|
| |
if ($howpwd eq 'nouser') { |
| |
if ($defauthtype eq 'localauth') { |
| |
$howpwd = $defauthtype; |
| |
$contentpwd = $defautharg; |
| |
} elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) && |
| |
($defautharg ne '')) { |
| |
$howpwd = $defauthtype; |
| |
$contentpwd = $defautharg; |
| |
} |
| |
} |
| if ($howpwd ne 'nouser') { |
if ($howpwd ne 'nouser') { |
| |
|
| if($howpwd eq "internal") { # Encrypted is in local password file. |
if($howpwd eq "internal") { # Encrypted is in local password file. |
| $validated = (crypt($password, $contentpwd) eq $contentpwd); |
$validated = (crypt($password, $contentpwd) eq $contentpwd); |
| } |
} |
|
Line 6046 sub validate_user {
|
Line 6057 sub validate_user {
|
| my $credentials= &Authen::Krb5::cc_default(); |
my $credentials= &Authen::Krb5::cc_default(); |
| $credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
$credentials->initialize(&Authen::Krb5::parse_name($user.'@' |
| .$contentpwd)); |
.$contentpwd)); |
| my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient, |
my $krbreturn; |
| $krbserver, |
if (exists(&Authen::Krb5::get_init_creds_password)) { |
| $password, |
$krbreturn = |
| $credentials); |
&Authen::Krb5::get_init_creds_password($krbclient,$password, |
| $validated = ($krbreturn == 1); |
$krbservice); |
| |
$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds'); |
| |
} else { |
| |
$krbreturn = |
| |
&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver, |
| |
$password,$credentials); |
| |
$validated = ($krbreturn == 1); |
| |
} |
| if (!$validated) { |
if (!$validated) { |
| &logthis('krb5: '.$user.', '.$contentpwd.', '. |
&logthis('krb5: '.$user.', '.$contentpwd.', '. |
| &Authen::Krb5::error()); |
&Authen::Krb5::error()); |
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom