[LON-CAPA-cvs] cvs: loncom / lond

albertel lon-capa-cvs@mail.lon-capa.org
Thu, 22 Aug 2002 20:00:00 -0000


This is a MIME encoded message

--albertel1030046400
Content-Type: text/plain

albertel		Thu Aug 22 16:00:00 2002 EDT

  Modified files:              
    /loncom	lond 
  Log:
  - implements krb5 need to do user creation stuff still
  
  
--albertel1030046400
Content-Type: text/plain
Content-Disposition: attachment; filename="albertel-20020822160000.txt"

Index: loncom/lond
diff -u loncom/lond:1.90 loncom/lond:1.91
--- loncom/lond:1.90	Mon Aug 12 20:37:18 2002
+++ loncom/lond	Thu Aug 22 16:00:00 2002
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.90 2002/08/13 00:37:18 stredwic Exp $
+# $Id: lond,v 1.91 2002/08/22 20:00:00 albertel Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -74,6 +74,7 @@
 use LWP::UserAgent();
 use GDBM_File;
 use Authen::Krb4;
+use Authen::Krb5;
 use lib '/home/httpd/lib/perl/';
 use localauth;
 
@@ -488,7 +489,10 @@
             or die "Can't unblock SIGINT for fork: $!\n";
 
         $tmpsnum=0;
-    
+#---------------------------------------------------- kerberos 5 initialization
+        &Authen::Krb5::init_context();
+        &Authen::Krb5::init_ets();
+
         # handle connections until we've reached $MAX_CLIENTS_PER_CHILD
         for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) {
             &status('Idle, waiting for connection');
@@ -652,6 +656,24 @@
                                         $contentpwd,'krbtgt',$contentpwd,1,
 							     $upass) == 0);
 			     } else { $pwdcorrect=0; }
+                          } elsif ($howpwd eq 'krb5') {
+			      $null=pack("C",0);
+			      unless ($upass=~/$null/) {
+				  my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
+				  &logthis("Realm ".$krbclient->realm);
+				  my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
+				  my $krbserver=&Authen::Krb5::parse_name($krbservice);
+				  my $credentials=&Authen::Krb5::cc_default();
+				  $credentials->initialize($krbclient);
+				  my $krbreturn = 
+				    &Authen::Krb5::get_in_tkt_with_password(
+				     $krbclient,$krbserver,$upass,$credentials);
+				  unless ($krbreturn) {
+				      &logthis("Krb5 Error: ".
+					       &Authen::Krb5::error());
+				  }
+				  $pwdcorrect = ($krbreturn == 1);
+			   } else { $pwdcorrect=0; }
                           } elsif ($howpwd eq 'localauth') {
 			    $pwdcorrect=&localauth::localauth($uname,$upass,
 							      $contentpwd);
@@ -737,7 +759,7 @@
 		     }
 # -------------------------------------------------------------------- makeuser
                    } elsif ($userinput =~ /^makeuser/) {
-		     Debug("Make user received");
+		     &Debug("Make user received");
     	             my $oldumask=umask(0077);
 		     if ($wasenc==1) {
                        my 
@@ -767,53 +789,9 @@
                                }
                            }
                            unless ($fperror) {
-			     if ($umode eq 'krb4') {
-                               { 
-                                 my $pf = IO::File->new(">$passfilename");
- 	  		         print $pf "krb4:$npass\n"; 
-                               }             
-                               print $client "ok\n";
-                             } elsif ($umode eq 'internal') {
-			       my $salt=time;
-                               $salt=substr($salt,6,2);
-			       my $ncpass=crypt($npass,$salt);
-                               { 
-				 &Debug("Creating internal auth");
-				 my $pf = IO::File->new(">$passfilename");
- 	  		         print $pf "internal:$ncpass\n"; 
-                               }
-                               print $client "ok\n";
-			     } elsif ($umode eq 'localauth') {
-			       {
-				 my $pf = IO::File->new(">$passfilename");
-  	  		         print $pf "localauth:$npass\n";
-			       }
-			       print $client "ok\n";
-			     } elsif ($umode eq 'unix') {
-			       {
-				 my $execpath="$perlvar{'lonDaemons'}/".
-				              "lcuseradd";
-				 {
-				     &Debug("Executing external: ".
-						  $execpath);
-				     my $se = IO::File->new("|$execpath");
-				     print $se "$uname\n";
-				     print $se "$npass\n";
-				     print $se "$npass\n";
-				 }
-                                 my $pf = IO::File->new(">$passfilename");
- 	  		         print $pf "unix:\n"; 
-			       }
-			       print $client "ok\n";
-			     } elsif ($umode eq 'none') {
-                               { 
-                                 my $pf = IO::File->new(">$passfilename");
- 	  		         print $pf "none:\n"; 
-                               }             
-                               print $client "ok\n";
-                             } else {
-                               print $client "auth_mode_error\n";
-                             }  
+			       my $result=&make_passwd_file($umode,$npass,
+							    $passfilename);
+			       print $client $result;
                            } else {
                                print $client "$fperror\n";
                            }
@@ -827,60 +805,18 @@
 		       &Debug("Changing authorization");
 		      if ($wasenc==1) {
                        my 
-                       ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+		       ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
                        chomp($npass);
 		       &Debug("cmd = ".$cmd." domain= ".$udom.
 			      "uname =".$uname." umode= ".$umode);
                        $npass=&unescape($npass);
-                       my $proname=propath($udom,$uname);
+                       my $proname=&propath($udom,$uname);
                        my $passfilename="$proname/passwd";
 		       if ($udom ne $perlvar{'lonDefDomain'}) {
                            print $client "not_right_domain\n";
                        } else {
-			   if ($umode eq 'krb4') {
-                               { 
-				   my $pf = IO::File->new(">$passfilename");
-				   print $pf "krb4:$npass\n"; 
-                               }             
-                               print $client "ok\n";
-			   } elsif ($umode eq 'internal') {
-			       my $salt=time;
-                               $salt=substr($salt,6,2);
-			       my $ncpass=crypt($npass,$salt);
-                               { 
-				   my $pf = IO::File->new(">$passfilename");
-				   print $pf "internal:$ncpass\n"; 
-                               }
-                               print $client "ok\n";
-			   } elsif ($umode eq 'localauth') {
-			       {
-				   my $pf = IO::File->new(">$passfilename");
-				   print $pf "localauth:$npass\n";
-			       }
-			       print $client "ok\n";
-			   } elsif ($umode eq 'unix') {
-			       {
-				   my $execpath="$perlvar{'lonDaemons'}/".
-				       "lcuseradd";
-				   {
-				       my $se = IO::File->new("|$execpath");
-				       print $se "$uname\n";
-				       print $se "$npass\n";
-				       print $se "$npass\n";
-				   }
-				   my $pf = IO::File->new(">$passfilename");
-				   print $pf "unix:\n"; 
-			       }
-			       print $client "ok\n";
-			   } elsif ($umode eq 'none') {
-                               { 
-				   my $pf = IO::File->new(">$passfilename");
-				   print $pf "none:\n"; 
-                               }             
-                               print $client "ok\n";
-			   } else {
-                               print $client "auth_mode_error\n";
-			   }  
+			   &make_passwd_file($umode,$npass,$passfilename);
+			   print $client $result;
                        }
 		     } else {
 		       print $client "refused\n";
@@ -1539,7 +1475,7 @@
 	my ($authtype, $contentpwd) = split(/:/, $realpassword);
 	Debug("Authtype = $authtype, content = $contentpwd\n");
 	my $availinfo = '';
-	if($authtype eq 'krb4') {
+	if($authtype eq 'krb4' or $authtype eq 'krb5') {
 	    $availinfo = $contentpwd;
 	}
 
@@ -1661,6 +1597,53 @@
     }
     return $result;
 }
+
+sub make_passwd_file {
+    my ($umode,$npass,$passfilename)=@_;
+    my $result="ok\n";
+    if ($umode eq 'krb4' or $umode eq 'krb5') {
+	{
+	    my $pf = IO::File->new(">$passfilename");
+	    print $pf "$umode:$npass\n";
+	}
+    } elsif ($umode eq 'internal') {
+	my $salt=time;
+	$salt=substr($salt,6,2);
+	my $ncpass=crypt($npass,$salt);
+	{
+	    &Debug("Creating internal auth");
+	    my $pf = IO::File->new(">$passfilename");
+	    print $pf "internal:$ncpass\n"; 
+	}
+    } elsif ($umode eq 'localauth') {
+	{
+	    my $pf = IO::File->new(">$passfilename");
+	    print $pf "localauth:$npass\n";
+	}
+    } elsif ($umode eq 'unix') {
+	{
+	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+	    {
+		&Debug("Executing external: ".$execpath);
+		my $se = IO::File->new("|$execpath");
+		print $se "$uname\n";
+		print $se "$npass\n";
+		print $se "$npass\n";
+	    }
+	    my $pf = IO::File->new(">$passfilename");
+	    print $pf "unix:\n";
+	}
+    } elsif ($umode eq 'none') {
+	{
+	    my $pf = IO::File->new(">$passfilename");
+	    print $pf "none:\n";
+	}
+    } else {
+	$result="auth_mode_error\n";
+    }
+    return $result;
+}
+
 # ----------------------------------- POD (plain old documentation, CPAN style)
 
 =head1 NAME
@@ -1959,6 +1942,7 @@
 LWP::UserAgent()
 GDBM_File
 Authen::Krb4
+Authen::Krb5
 
 =head1 COREQUISITES
 

--albertel1030046400--