--- loncom/lond 2002/03/27 04:07:02 1.75 +++ loncom/lond 2002/05/08 02:31:04 1.79 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.75 2002/03/27 04:07:02 foxr Exp $ +# $Id: lond,v 1.79 2002/05/08 02:31:04 foxr Exp $ # # Copyright Michigan State University Board of Trustees # @@ -73,6 +73,8 @@ use Authen::Krb4; use lib '/home/httpd/lib/perl/'; use localauth; +my $DEBUG = 0; # Non zero to enable debug log entries. + my $status=''; my $lastlog=''; @@ -235,6 +237,13 @@ sub logthis { print $fh "$local ($$): $message\n"; } +# ------------------------- Conditional log if $DEBUG true. +sub Debug { + my $message = shift; + if($DEBUG) { + &logthis($message); + } +} # ------------------------------------------------------------------ Log status sub logstatus { @@ -533,13 +542,14 @@ sub make_new_child { if ($clientok) { # ---------------- New known client connecting, could mean machine online again - # &reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}"); + &reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}"); &logthis( "Established connection: $hostid{$clientip}"); &status('Will listen to '.$hostid{$clientip}); # ------------------------------------------------------------ Process requests while (my $userinput=<$client>) { chomp($userinput); + Debug("Request = $userinput\n"); &status('Processing '.$hostid{$clientip}.': '.$userinput); my $wasenc=0; alarm(120); @@ -595,21 +605,13 @@ sub make_new_child { } elsif ($userinput =~ /^currentauth/) { if ($wasenc==1) { my ($cmd,$udom,$uname)=split(/:/,$userinput); - my $proname=propath($udom,$uname); - my $passfilename="$proname/passwd"; - if (-e $passfilename) { - my $pf = IO::File->new($passfilename); - my $realpasswd=<$pf>; - chomp($realpasswd); - my ($howpwd,$contentpwd)=split(/:/,$realpasswd); - my $availablecontent=''; - if ($howpwd eq 'krb4') { - $availablecontent=$contentpwd; - } - print $client "$howpwd:$availablecontent\n"; - } else { - print $client "unknown_user\n"; - } + my $result = GetAuthType($udom, $uname); + if($result eq "nouser") { + print $client "unknown_user\n"; + } + else { + print $client "$result\n" + } } else { print $client "refused\n"; } @@ -737,14 +739,19 @@ sub make_new_child { } # -------------------------------------------------------------------- makeuser } elsif ($userinput =~ /^makeuser/) { + Debug("Make user received"); my $oldumask=umask(0077); if ($wasenc==1) { my ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); + &Debug("cmd =".$cmd." $udom =".$udom. + " uname=".$uname); chomp($npass); $npass=&unescape($npass); my $proname=propath($udom,$uname); my $passfilename="$proname/passwd"; + &Debug("Password file created will be:". + $passfilename); if (-e $passfilename) { print $client "already_exists\n"; } elsif ($udom ne $perlvar{'lonDefDomain'}) { @@ -773,7 +780,8 @@ sub make_new_child { $salt=substr($salt,6,2); my $ncpass=crypt($npass,$salt); { - my $pf = IO::File->new(">$passfilename"); + &Debug("Creating internal auth"); + my $pf = IO::File->new(">$passfilename"); print $pf "internal:$ncpass\n"; } print $client "ok\n"; @@ -788,6 +796,8 @@ sub make_new_child { my $execpath="$perlvar{'lonDaemons'}/". "lcuseradd"; { + &Debug("Executing external: ". + $execpath); my $se = IO::File->new("|$execpath"); print $se "$uname\n"; print $se "$npass\n"; @@ -816,10 +826,13 @@ sub make_new_child { umask($oldumask); # -------------------------------------------------------------- changeuserauth } elsif ($userinput =~ /^changeuserauth/) { - if ($wasenc==1) { + &Debug("Changing authorization"); + if ($wasenc==1) { my ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput); chomp($npass); + &Debug("cmd = ".$cmd." domain= ".$udom. + "uname =".$uname." umode= ".$umode); $npass=&unescape($npass); my $proname=propath($udom,$uname); my $passfilename="$proname/passwd"; @@ -1028,9 +1041,13 @@ sub make_new_child { } # -------------------------------------------------------------------- rolesput } elsif ($userinput =~ /^rolesput/) { + &Debug("rolesput"); if ($wasenc==1) { my ($cmd,$exedom,$exeuser,$udom,$uname,$what) =split(/:/,$userinput); + &Debug("cmd = ".$cmd." exedom= ".$exedom. + "user = ".$exeuser." udom=".$udom. + "what = ".$what); my $namespace='roles'; chomp($what); my $proname=propath($udom,$uname); @@ -1047,7 +1064,11 @@ sub make_new_child { if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) { foreach $pair (@pairs) { ($key,$value)=split(/=/,$pair); + &ManagePermissions($key, $udom, $uname, + &GetAuthType( $udom, + $uname)); $hash{$key}=$value; + } if (untie(%hash)) { print $client "ok\n"; @@ -1442,6 +1463,68 @@ sub make_new_child { } } + +# +# Checks to see if the input roleput request was to set +# an author role. If so, invokes the lchtmldir script to set +# up a correct public_html +# Parameters: +# request - The request sent to the rolesput subchunk. +# We're looking for /domain/_au +# domain - The domain in which the user is having roles doctored. +# user - Name of the user for which the role is being put. +# authtype - The authentication type associated with the user. +# +sub ManagePermissions +{ + my $request = shift; + my $domain = shift; + my $user = shift; + my $authtype= shift; + + # See if the request is of the form /$domain/_au + + if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput... + my $execdir = $perlvar{'lonDaemons'}; + my $userhome= "/home/$user" ; + Debug("system $execdir/lchtmldir $userhome $system $authtype"); + system("$execdir/lchtmldir $userhome $user $authtype"); + } +} +# +# GetAuthType - Determines the authorization type of a user in a domain. + +# Returns the authorization type or nouser if there is no such user. +# +sub GetAuthType +{ + my $domain = shift; + my $user = shift; + + Debug("GetAuthType( $domain, $user ) \n"); + my $proname = &propath($domain, $user); + my $passwdfile = "$proname/passwd"; + if( -e $passwdfile ) { + my $pf = IO::File->new($passwdfile); + my $realpassword = <$pf>; + chomp($realpassword); + Debug("Password info = $realpassword\n"); + my ($authtype, $contentpwd) = split(/:/, $realpassword); + Debug("Authtype = $authtype, content = $contentpwd\n"); + my $availinfo = ''; + if($authtype eq 'krb4') { + $availinfo = $contentpwd; + } + + return "$authtype:$availinfo"; + } + else { + Debug("Returning nouser"); + return "nouser"; + } + +} + # ----------------------------------- POD (plain old documentation, CPAN style) =head1 NAME