--- loncom/lond 2002/02/06 14:18:09 1.68.2.1 +++ loncom/lond 2002/02/19 21:52:54 1.72 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.68.2.1 2002/02/06 14:18:09 albertel Exp $ +# $Id: lond,v 1.72 2002/02/19 21:52:54 matthew Exp $ # # Copyright Michigan State University Board of Trustees # @@ -48,6 +48,9 @@ # 12/22 Gerd Kortemeyer # YEAR=2002 # 01/20/02,02/05 Gerd Kortemeyer +# 02/05 Guy Albertelli +# 02/07 Scott Harrison +# 02/12 Gerd Kortemeyer ### # based on "Perl Cookbook" ISBN 1-56592-243-3 @@ -136,7 +139,7 @@ open (CONFIG,"$perlvar{'lonTabDir'}/host while ($configline=) { my ($id,$domain,$role,$name,$ip)=split(/:/,$configline); - chomp($ip); + chomp($ip); $ip=~s/\D+$//; $hostid{$ip}=$id; if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; } $PREFORK++; @@ -534,7 +537,6 @@ sub make_new_child { while (my $userinput=<$client>) { chomp($userinput); &status('Processing '.$hostid{$clientip}.': '.$userinput); - &logthis('Processing '.$hostid{$clientip}.': '.$userinput); my $wasenc=0; alarm(120); # ------------------------------------------------------------ See if encrypted @@ -551,9 +553,7 @@ sub make_new_child { $userinput=substr($userinput,0,$cmdlength); $wasenc=1; } - &logthis('Decrypted '.$hostid{$clientip}.': '.$userinput); - } - + } # ------------------------------------------------------------- Normal commands # ------------------------------------------------------------------------ ping if ($userinput =~ /^ping/) { @@ -640,10 +640,13 @@ sub make_new_child { $pwdcorrect=!$?; } } elsif ($howpwd eq 'krb4') { + $null=pack("C",0); + unless ($upass=~/$null/) { $pwdcorrect=( Authen::Krb4::get_pw_in_tkt($uname,"", $contentpwd,'krbtgt',$contentpwd,1, $upass) == 0); + } else { $pwdcorrect=0; } } elsif ($howpwd eq 'localauth') { $pwdcorrect=&localauth::localauth($uname,$upass, $contentpwd); @@ -667,7 +670,8 @@ sub make_new_child { chomp($npass); $upass=&unescape($upass); $npass=&unescape($npass); - my $proname=propath($udom,$uname); + &logthis("Trying to change password for $uname"); + my $proname=propath($udom,$uname); my $passfilename="$proname/passwd"; if (-e $passfilename) { my $realpasswd; @@ -682,11 +686,42 @@ sub make_new_child { my $ncpass=crypt($npass,$salt); { my $pf = IO::File->new(">$passfilename"); print $pf "internal:$ncpass\n"; } + &logthis("Result of password change for $uname: pwchange_success"); print $client "ok\n"; } else { print $client "non_authorized\n"; } - } else { + } elsif ($howpwd eq 'unix') { + # Unix means we have to access /etc/password + # one way or another. + # First: Make sure the current password is + # correct + $contentpwd=(getpwnam($uname))[1]; + my $pwdcorrect = "0"; + my $pwauth_path="/usr/local/sbin/pwauth"; + unless ($contentpwd eq 'x') { + $pwdcorrect= + (crypt($upass,$contentpwd) eq $contentpwd); + } elsif (-e $pwauth_path) { + open PWAUTH, "|$pwauth_path" or + die "Cannot invoke authentication"; + print PWAUTH "$uname\n$upass\n"; + close PWAUTH; + $pwdcorrect=!$?; + } + if ($pwdcorrect) { + my $execdir=$perlvar{'lonDaemons'}; + my $pf = IO::File->new("|$execdir/lcpasswd"); + print $pf "$uname\n$npass\n$npass\n"; + close $pf; + my $result = ($?>0 ? 'pwchange_failure' + : 'ok'); + &logthis("Result of password change for $uname: $result"); + print $client "$result\n"; + } else { + print $client "non_authorized\n"; + } + } else { print $client "auth_mode_error\n"; } } else { @@ -1377,7 +1412,6 @@ sub make_new_child { # -------------------------------------------------------------------- complete alarm(0); &status('Listening to '.$hostid{$clientip}); - &logthis('Completed '.$userinput.' Listening to '.$hostid{$clientip}); } # --------------------------------------------- client unknown or fishy, refuse } else {