[LON-CAPA-cvs] cvs: loncom / lond
foxr
lon-capa-cvs@mail.lon-capa.org
Mon, 18 Oct 2004 10:13:47 -0000
foxr Mon Oct 18 06:13:47 2004 EDT
Modified files:
/loncom lond
Log:
Fix some issues:
- The user addition code was not checking for inability to create loncapa password file and
as a result if unable, lond crashed with undefined variable unusable like msgs. Checking
now for the open failure and returning an error messages to the client if can't make the
user passwd file.
- Defect 550: got the ability to change authors from Filesystem auth to internal authentication
working. The other way around still does not yet work due to the fact that lcuseradd belives
the user already exists.
Index: loncom/lond
diff -u loncom/lond:1.260 loncom/lond:1.261
--- loncom/lond:1.260 Mon Oct 11 06:58:28 2004
+++ loncom/lond Mon Oct 18 06:13:46 2004
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.260 2004/10/11 10:58:28 foxr Exp $
+# $Id: lond,v 1.261 2004/10/18 10:13:46 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -57,7 +57,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.260 $'; #' stupid emacs
+my $VERSION='$Revision: 1.261 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -1806,9 +1806,25 @@
chomp($npass);
$npass=&unescape($npass);
+ my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
my $passfilename = &password_path($udom, $uname);
if ($passfilename) { # Not allowed to create a new user!!
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
+ #
+ # If the current auth mode is internal, and the old auth mode was
+ # unix, or krb*, and the user is an author for this domain,
+ # re-run manage_permissions for that role in order to be able
+ # to take ownership of the construction space back to www:www
+ #
+
+ if( ($oldauth =~ /^unix/) && ($umode eq "internal")) { # unix -> internal
+ if(&is_author($udom, $uname)) {
+ &Debug(" Need to manage author permissions...");
+ &manage_permissions("/$udom/_au", $udom, $uname, "internal:");
+ }
+ }
+
+
&Reply($client, $result, $userinput);
} else {
&Failure($client, "non_authorized\n", $userinput); # Fail the user now.
@@ -2445,12 +2461,12 @@
# is done on close this improves the chances the log will be an un-
# corrupted ordered thing.
if ($hashref) {
+ my $pass_entry = &get_auth_type($udom, $uname);
+ my ($auth_type,$pwd) = split(/:/, $pass_entry);
+ $auth_type = $auth_type.":";
my @pairs=split(/\&/,$what);
foreach my $pair (@pairs) {
my ($key,$value)=split(/=/,$pair);
- my $pass_entry = &get_auth_type($udom, $uname);
- my ($auth_type,$pwd) = split(/:/, $pass_entry);
- $auth_type = $auth_type.":";
&manage_permissions($key, $udom, $uname,
$auth_type);
$hashref->{$key}=$value;
@@ -4925,8 +4941,35 @@
exit;
}
+#
+# Determine if a user is an author for the indicated domain.
+#
+# Parameters:
+# domain - domain to check in .
+# user - Name of user to check.
+#
+# Return:
+# 1 - User is an author for domain.
+# 0 - User is not an author for domain.
+sub is_author {
+ my ($domain, $user) = @_;
+
+ &Debug("is_author: $user @ $domain");
+
+ my $hashref = &tie_user_hash($domain, $user, "roles",
+ &GDBM_READER());
+
+ # Author role should show up as a key /domain/_au
+ my $key = "/$domain/_au";
+ my $value = $hashref->{$key};
+ if(defined($value)) {
+ &Debug("$user @ $domain is an author");
+ }
+
+ return defined($value);
+}
#
# Checks to see if the input roleput request was to set
# an author role. If so, invokes the lchtmldir script to set
@@ -4941,13 +4984,17 @@
sub manage_permissions
{
+
my ($request, $domain, $user, $authtype) = @_;
+ &Debug("manage_permissions: $request $domain $user $authtype");
+
# See if the request is of the form /$domain/_au
if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
my $execdir = $perlvar{'lonDaemons'};
my $userhome= "/home/$user" ;
&logthis("system $execdir/lchtmldir $userhome $user $authtype");
+ &Debug("Setting homedir permissions for $userhome");
system("$execdir/lchtmldir $userhome $user $authtype");
}
}
@@ -5392,7 +5439,11 @@
if ($umode eq 'krb4' or $umode eq 'krb5') {
{
my $pf = IO::File->new(">$passfilename");
- print $pf "$umode:$npass\n";
+ if ($pf) {
+ print $pf "$umode:$npass\n";
+ } else {
+ $result = "pass_file_failed_error";
+ }
}
} elsif ($umode eq 'internal') {
my $salt=time;
@@ -5401,12 +5452,20 @@
{
&Debug("Creating internal auth");
my $pf = IO::File->new(">$passfilename");
- print $pf "internal:$ncpass\n";
+ if($pf) {
+ print $pf "internal:$ncpass\n";
+ } else {
+ $result = "pass_file_failed_error";
+ }
}
} elsif ($umode eq 'localauth') {
{
my $pf = IO::File->new(">$passfilename");
- print $pf "localauth:$npass\n";
+ if($pf) {
+ print $pf "localauth:$npass\n";
+ } else {
+ $result = "pass_file_failed_error";
+ }
}
} elsif ($umode eq 'unix') {
{
@@ -5445,13 +5504,21 @@
$result = "lcuseradd_failed:$error_text\n";
} else {
my $pf = IO::File->new(">$passfilename");
- print $pf "unix:\n";
+ if($pf) {
+ print $pf "unix:\n";
+ } else {
+ $result = "pass_file_failed_error";
+ }
}
}
} elsif ($umode eq 'none') {
{
my $pf = IO::File->new("> $passfilename");
- print $pf "none:\n";
+ if($pf) {
+ print $pf "none:\n";
+ } else {
+ $result = "pass_file_failed_error";
+ }
}
} else {
$result="auth_mode_error\n";