loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.390 and 1.395

version 1.390, 2007/11/12 22:54:42	version 1.395, 2008/02/21 16:04:19
Line 1514 sub authenticate_handler {	Line 1514 sub authenticate_handler {
# udom - User's domain.	# udom - User's domain.
# uname - Username.	# uname - Username.
# upass - User's password.	# upass - User's password.
	# defauthtype - Default authentication types for the domain
	# defautharg - Default authentication arg for the domain

my ($udom,$uname,$upass)=split(/:/,$tail);	my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail);
&Debug(" Authenticate domain = $udom, user = $uname, password = $upass");	&Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
chomp($upass);	chomp($upass);
$upass=&unescape($upass);	$upass=&unescape($upass);

my $pwdcorrect = &validate_user($udom, $uname, $upass);	my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype,
	$defautharg);
if($pwdcorrect) {	if($pwdcorrect) {
&Reply( $client, "authorized\n", $userinput);	&Reply( $client, "authorized\n", $userinput);
#	#
Line 2141 sub token_auth_user_file_handler {	Line 2144 sub token_auth_user_file_handler {
my ($fname, $session) = split(/:/, $tail);	my ($fname, $session) = split(/:/, $tail);

chomp($session);	chomp($session);
my $reply="non_auth\n";	my $reply="non_auth";
my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id';	my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id';
if (open(ENVIN,"$file")) {	if (open(ENVIN,"$file")) {
flock(ENVIN,LOCK_SH);	flock(ENVIN,LOCK_SH);
tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640);	tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640);
if (exists($disk_env{"userfile.$fname"})) {	if (exists($disk_env{"userfile.$fname"})) {
$reply="ok\n";	$reply="ok";
} else {	} else {
foreach my $envname (keys(%disk_env)) {	foreach my $envname (keys(%disk_env)) {
if ($envname=~ m\|^userfile\.\Q$fname\E\|) {	if ($envname=~ m\|^userfile\.\Q$fname\E\|) {
$reply="ok\n";	$reply="ok";
last;	last;
}	}
}	}
Line 3312 sub put_course_id_handler {	Line 3315 sub put_course_id_handler {
my @new_items = split(/:/,$courseinfo,-1);	my @new_items = split(/:/,$courseinfo,-1);
my %storehash;	my %storehash;
for (my $i=0; $i<@new_items; $i++) {	for (my $i=0; $i<@new_items; $i++) {
$storehash{$items[$i]} = $new_items[$i];	$storehash{$items[$i]} = &unescape($new_items[$i]);
}	}
$hashref->{$key} =	$hashref->{$key} =
&Apache::lonnet::freeze_escape(\%storehash);	&Apache::lonnet::freeze_escape(\%storehash);
Line 4455 sub validate_class_access_handler {	Line 4458 sub validate_class_access_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;
my $userinput = "$cmd:$tail";	my $userinput = "$cmd:$tail";
my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail);	my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail);
my @owners = split(/,/,&unescape($ownerlist));	my $owners = &unescape($ownerlist);
my $outcome;	my $outcome;
eval {	eval {
local($SIG{__DIE__})='DEFAULT';	local($SIG{__DIE__})='DEFAULT';
$outcome=&localenroll::check_section($inst_class,\@owners,$cdom);	$outcome=&localenroll::check_section($inst_class,$owners,$cdom);
};	};
&Reply($client,\$outcome, $userinput);	&Reply($client,\$outcome, $userinput);

Line 5970 sub get_auth_type	Line 5973 sub get_auth_type
# 0 - The domain,user,password triplet is not a valid user.	# 0 - The domain,user,password triplet is not a valid user.
#	#
sub validate_user {	sub validate_user {
my ($domain, $user, $password) = @_;	my ($domain, $user, $password, $defauthtype, $defautharg) = @_;


# Why negative ~pi you may well ask? Well this function is about	# Why negative ~pi you may well ask? Well this function is about
# authentication, and therefore very important to get right.	# authentication, and therefore very important to get right.
Line 5994 sub validate_user {	Line 5996 sub validate_user {

my $null = pack("C",0); # Used by kerberos auth types.	my $null = pack("C",0); # Used by kerberos auth types.

	if ($howpwd eq 'nouser') {
	if ($defauthtype eq 'localauth') {
	$howpwd = $defauthtype;
	$contentpwd = $defautharg;
	} elsif ((($defauthtype eq 'krb4') \|\| ($defauthtype eq 'krb5')) &&
	($defautharg ne '')) {
	$howpwd = $defauthtype;
	$contentpwd = $defautharg;
	}
	}
if ($howpwd ne 'nouser') {	if ($howpwd ne 'nouser') {

if($howpwd eq "internal") { # Encrypted is in local password file.	if($howpwd eq "internal") { # Encrypted is in local password file.
$validated = (crypt($password, $contentpwd) eq $contentpwd);	$validated = (crypt($password, $contentpwd) eq $contentpwd);
}	}
Line 6046 sub validate_user {	Line 6057 sub validate_user {
my $credentials= &Authen::Krb5::cc_default();	my $credentials= &Authen::Krb5::cc_default();
$credentials->initialize(&Authen::Krb5::parse_name($user.'@'	$credentials->initialize(&Authen::Krb5::parse_name($user.'@'
.$contentpwd));	.$contentpwd));
my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,	my $krbreturn;
$krbserver,	if (exists(&Authen::Krb5::get_init_creds_password)) {
$password,	$krbreturn =
$credentials);	&Authen::Krb5::get_init_creds_password($krbclient,$password,
$validated = ($krbreturn == 1);	$krbservice);
	$validated = (ref($krbreturn) eq 'Authen::Krb5::Creds');
	} else {
	$krbreturn =
	&Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver,
	$password,$credentials);
	$validated = ($krbreturn == 1);
	}
if (!$validated) {	if (!$validated) {
&logthis('krb5: '.$user.', '.$contentpwd.', '.	&logthis('krb5: '.$user.', '.$contentpwd.', '.
&Authen::Krb5::error());	&Authen::Krb5::error());

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.390
changed lines
	Added in v.1.395