[LON-CAPA-cvs] cvs: loncom / lond

matthew lon-capa-cvs@mail.lon-capa.org
Tue, 19 Feb 2002 21:52:54 -0000


matthew		Tue Feb 19 16:52:54 2002 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Added unix (filesystem) authentication handling to passwd handler.
  
  
Index: loncom/lond
diff -u loncom/lond:1.71 loncom/lond:1.72
--- loncom/lond:1.71	Tue Feb 12 18:08:27 2002
+++ loncom/lond	Tue Feb 19 16:52:54 2002
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.71 2002/02/12 23:08:27 www Exp $
+# $Id: lond,v 1.72 2002/02/19 21:52:54 matthew Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -670,7 +670,8 @@
                        chomp($npass);
                        $upass=&unescape($upass);
                        $npass=&unescape($npass);
-                       my $proname=propath($udom,$uname);
+		       &logthis("Trying to change password for $uname");
+		       my $proname=propath($udom,$uname);
                        my $passfilename="$proname/passwd";
                        if (-e $passfilename) {
 			   my $realpasswd;
@@ -685,11 +686,42 @@
 			     my $ncpass=crypt($npass,$salt);
                              { my $pf = IO::File->new(">$passfilename");
  	  		       print $pf "internal:$ncpass\n"; }             
+			     &logthis("Result of password change for $uname: pwchange_success");
                              print $client "ok\n";
                            } else {
                              print $client "non_authorized\n";
                            }
-                          } else {
+                          } elsif ($howpwd eq 'unix') {
+			      # Unix means we have to access /etc/password
+			      # one way or another.
+			      # First: Make sure the current password is
+			      #        correct
+			      $contentpwd=(getpwnam($uname))[1];
+			      my $pwdcorrect = "0";
+			      my $pwauth_path="/usr/local/sbin/pwauth";
+			      unless ($contentpwd eq 'x') {
+				  $pwdcorrect=
+                                    (crypt($upass,$contentpwd) eq $contentpwd);
+			      } elsif (-e $pwauth_path) {
+				  open PWAUTH, "|$pwauth_path" or
+				      die "Cannot invoke authentication";
+				  print PWAUTH "$uname\n$upass\n";
+				  close PWAUTH;
+				  $pwdcorrect=!$?;
+			      }
+			     if ($pwdcorrect) {
+				 my $execdir=$perlvar{'lonDaemons'};
+				 my $pf = IO::File->new("|$execdir/lcpasswd");
+				 print $pf "$uname\n$npass\n$npass\n";
+				 close $pf;
+				 my $result = ($?>0 ? 'pwchange_failure' 
+					       : 'ok');
+				 &logthis("Result of password change for $uname: $result");
+				 print $client "$result\n";
+			     } else {
+				 print $client "non_authorized\n";
+			     }
+			  } else {
                             print $client "auth_mode_error\n";
                           }  
 		       } else {