[LON-CAPA-cvs] cvs: loncom / lond
albertel
lon-capa-cvs@mail.lon-capa.org
Thu, 22 Aug 2002 20:00:00 -0000
This is a MIME encoded message
--albertel1030046400
Content-Type: text/plain
albertel Thu Aug 22 16:00:00 2002 EDT
Modified files:
/loncom lond
Log:
- implements krb5 need to do user creation stuff still
--albertel1030046400
Content-Type: text/plain
Content-Disposition: attachment; filename="albertel-20020822160000.txt"
Index: loncom/lond
diff -u loncom/lond:1.90 loncom/lond:1.91
--- loncom/lond:1.90 Mon Aug 12 20:37:18 2002
+++ loncom/lond Thu Aug 22 16:00:00 2002
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.90 2002/08/13 00:37:18 stredwic Exp $
+# $Id: lond,v 1.91 2002/08/22 20:00:00 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -74,6 +74,7 @@
use LWP::UserAgent();
use GDBM_File;
use Authen::Krb4;
+use Authen::Krb5;
use lib '/home/httpd/lib/perl/';
use localauth;
@@ -488,7 +489,10 @@
or die "Can't unblock SIGINT for fork: $!\n";
$tmpsnum=0;
-
+#---------------------------------------------------- kerberos 5 initialization
+ &Authen::Krb5::init_context();
+ &Authen::Krb5::init_ets();
+
# handle connections until we've reached $MAX_CLIENTS_PER_CHILD
for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) {
&status('Idle, waiting for connection');
@@ -652,6 +656,24 @@
$contentpwd,'krbtgt',$contentpwd,1,
$upass) == 0);
} else { $pwdcorrect=0; }
+ } elsif ($howpwd eq 'krb5') {
+ $null=pack("C",0);
+ unless ($upass=~/$null/) {
+ my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
+ &logthis("Realm ".$krbclient->realm);
+ my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
+ my $krbserver=&Authen::Krb5::parse_name($krbservice);
+ my $credentials=&Authen::Krb5::cc_default();
+ $credentials->initialize($krbclient);
+ my $krbreturn =
+ &Authen::Krb5::get_in_tkt_with_password(
+ $krbclient,$krbserver,$upass,$credentials);
+ unless ($krbreturn) {
+ &logthis("Krb5 Error: ".
+ &Authen::Krb5::error());
+ }
+ $pwdcorrect = ($krbreturn == 1);
+ } else { $pwdcorrect=0; }
} elsif ($howpwd eq 'localauth') {
$pwdcorrect=&localauth::localauth($uname,$upass,
$contentpwd);
@@ -737,7 +759,7 @@
}
# -------------------------------------------------------------------- makeuser
} elsif ($userinput =~ /^makeuser/) {
- Debug("Make user received");
+ &Debug("Make user received");
my $oldumask=umask(0077);
if ($wasenc==1) {
my
@@ -767,53 +789,9 @@
}
}
unless ($fperror) {
- if ($umode eq 'krb4') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "krb4:$npass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'internal') {
- my $salt=time;
- $salt=substr($salt,6,2);
- my $ncpass=crypt($npass,$salt);
- {
- &Debug("Creating internal auth");
- my $pf = IO::File->new(">$passfilename");
- print $pf "internal:$ncpass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'localauth') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "localauth:$npass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'unix') {
- {
- my $execpath="$perlvar{'lonDaemons'}/".
- "lcuseradd";
- {
- &Debug("Executing external: ".
- $execpath);
- my $se = IO::File->new("|$execpath");
- print $se "$uname\n";
- print $se "$npass\n";
- print $se "$npass\n";
- }
- my $pf = IO::File->new(">$passfilename");
- print $pf "unix:\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'none') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "none:\n";
- }
- print $client "ok\n";
- } else {
- print $client "auth_mode_error\n";
- }
+ my $result=&make_passwd_file($umode,$npass,
+ $passfilename);
+ print $client $result;
} else {
print $client "$fperror\n";
}
@@ -827,60 +805,18 @@
&Debug("Changing authorization");
if ($wasenc==1) {
my
- ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+ ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
chomp($npass);
&Debug("cmd = ".$cmd." domain= ".$udom.
"uname =".$uname." umode= ".$umode);
$npass=&unescape($npass);
- my $proname=propath($udom,$uname);
+ my $proname=&propath($udom,$uname);
my $passfilename="$proname/passwd";
if ($udom ne $perlvar{'lonDefDomain'}) {
print $client "not_right_domain\n";
} else {
- if ($umode eq 'krb4') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "krb4:$npass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'internal') {
- my $salt=time;
- $salt=substr($salt,6,2);
- my $ncpass=crypt($npass,$salt);
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "internal:$ncpass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'localauth') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "localauth:$npass\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'unix') {
- {
- my $execpath="$perlvar{'lonDaemons'}/".
- "lcuseradd";
- {
- my $se = IO::File->new("|$execpath");
- print $se "$uname\n";
- print $se "$npass\n";
- print $se "$npass\n";
- }
- my $pf = IO::File->new(">$passfilename");
- print $pf "unix:\n";
- }
- print $client "ok\n";
- } elsif ($umode eq 'none') {
- {
- my $pf = IO::File->new(">$passfilename");
- print $pf "none:\n";
- }
- print $client "ok\n";
- } else {
- print $client "auth_mode_error\n";
- }
+ &make_passwd_file($umode,$npass,$passfilename);
+ print $client $result;
}
} else {
print $client "refused\n";
@@ -1539,7 +1475,7 @@
my ($authtype, $contentpwd) = split(/:/, $realpassword);
Debug("Authtype = $authtype, content = $contentpwd\n");
my $availinfo = '';
- if($authtype eq 'krb4') {
+ if($authtype eq 'krb4' or $authtype eq 'krb5') {
$availinfo = $contentpwd;
}
@@ -1661,6 +1597,53 @@
}
return $result;
}
+
+sub make_passwd_file {
+ my ($umode,$npass,$passfilename)=@_;
+ my $result="ok\n";
+ if ($umode eq 'krb4' or $umode eq 'krb5') {
+ {
+ my $pf = IO::File->new(">$passfilename");
+ print $pf "$umode:$npass\n";
+ }
+ } elsif ($umode eq 'internal') {
+ my $salt=time;
+ $salt=substr($salt,6,2);
+ my $ncpass=crypt($npass,$salt);
+ {
+ &Debug("Creating internal auth");
+ my $pf = IO::File->new(">$passfilename");
+ print $pf "internal:$ncpass\n";
+ }
+ } elsif ($umode eq 'localauth') {
+ {
+ my $pf = IO::File->new(">$passfilename");
+ print $pf "localauth:$npass\n";
+ }
+ } elsif ($umode eq 'unix') {
+ {
+ my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+ {
+ &Debug("Executing external: ".$execpath);
+ my $se = IO::File->new("|$execpath");
+ print $se "$uname\n";
+ print $se "$npass\n";
+ print $se "$npass\n";
+ }
+ my $pf = IO::File->new(">$passfilename");
+ print $pf "unix:\n";
+ }
+ } elsif ($umode eq 'none') {
+ {
+ my $pf = IO::File->new(">$passfilename");
+ print $pf "none:\n";
+ }
+ } else {
+ $result="auth_mode_error\n";
+ }
+ return $result;
+}
+
# ----------------------------------- POD (plain old documentation, CPAN style)
=head1 NAME
@@ -1959,6 +1942,7 @@
LWP::UserAgent()
GDBM_File
Authen::Krb4
+Authen::Krb5
=head1 COREQUISITES
--albertel1030046400--