[LON-CAPA-cvs] cvs: loncom / lond

raeburn lon-capa-cvs-allow@mail.lon-capa.org
Thu, 21 Feb 2008 16:04:20 -0000


raeburn		Thu Feb 21 11:04:20 2008 EDT

  Modified files:              
    /loncom	lond 
  Log:
  If a domain is using institutional authentication (i.e., kerberos or localauth), and a user does not currently have a LON-CAPA account, try to authenticate using default authtype and autharg, if these were passed as arguments.  
  
  
Index: loncom/lond
diff -u loncom/lond:1.394 loncom/lond:1.395
--- loncom/lond:1.394	Mon Feb 11 13:51:41 2008
+++ loncom/lond	Thu Feb 21 11:04:19 2008
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.394 2008/02/11 18:51:41 raeburn Exp $
+# $Id: lond,v 1.395 2008/02/21 16:04:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -59,7 +59,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.394 $'; #' stupid emacs
+my $VERSION='$Revision: 1.395 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1514,13 +1514,16 @@
     #  udom    - User's domain.
     #  uname   - Username.
     #  upass   - User's password.
+    #  defauthtype - Default authentication types for the domain
+    #  defautharg - Default authentication arg for the domain
     
-    my ($udom,$uname,$upass)=split(/:/,$tail);
+    my ($udom,$uname,$upass,$defauthtype,$defautharg)=split(/:/,$tail);
     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
     chomp($upass);
     $upass=&unescape($upass);
 
-    my $pwdcorrect = &validate_user($udom, $uname, $upass);
+    my $pwdcorrect = &validate_user($udom,$uname,$upass,$defauthtype,
+                                    $defautharg);
     if($pwdcorrect) {
 	&Reply( $client, "authorized\n", $userinput);
 	#
@@ -5970,8 +5973,7 @@
 #     0        - The domain,user,password triplet is not a valid user.
 #
 sub validate_user {
-    my ($domain, $user, $password) = @_;
-
+    my ($domain, $user, $password, $defauthtype, $defautharg) = @_;
 
     # Why negative ~pi you may well ask?  Well this function is about
     # authentication, and therefore very important to get right.
@@ -5994,8 +5996,17 @@
 
     my $null = pack("C",0);	# Used by kerberos auth types.
 
+    if ($howpwd eq 'nouser') {
+        if ($defauthtype eq 'localauth') {
+            $howpwd = $defauthtype;
+            $contentpwd = $defautharg;
+        } elsif ((($defauthtype eq 'krb4') || ($defauthtype eq 'krb5')) &&
+             ($defautharg ne '')) {
+            $howpwd = $defauthtype;
+            $contentpwd = $defautharg; 
+        }
+    } 
     if ($howpwd ne 'nouser') {
-
 	if($howpwd eq "internal") { # Encrypted is in local password file.
 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
 	}