--- loncom/lond 2004/03/23 11:50:12 1.178.2.13 +++ loncom/lond 2004/04/26 10:37:47 1.178.2.19 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.178.2.13 2004/03/23 11:50:12 foxr Exp $ +# $Id: lond,v 1.178.2.19 2004/04/26 10:37:47 foxr Exp $ # # Copyright Michigan State University Board of Trustees # @@ -53,7 +53,7 @@ my $DEBUG = 1; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.178.2.13 $'; #' stupid emacs +my $VERSION='$Revision: 1.178.2.19 $'; #' stupid emacs my $remoteVERSION; my $currenthostid; my $currentdomainid; @@ -796,7 +796,7 @@ sub ChangePasswordHandler { # First require that the user can be authenticated with their # old password: - my $validated = ValidUser($udom, $uname, $upass); + my $validated = ValidateUser($udom, $uname, $upass); if($validated) { my $realpasswd = GetAuthType($udom, $uname); # Defined since authd. @@ -890,6 +890,7 @@ sub AddUserHandler { for (my $i=3;$i<= ($#fpparts-1);$i++) { $fpnow.='/'.$fpparts[$i]; unless (-e $fpnow) { + &logthis("mkdir $fpnow"); unless (mkdir($fpnow,0777)) { $fperror="error: ".($!+0)." mkdir failed while attempting " ."makeuser"; @@ -989,7 +990,7 @@ sub IsHomeHandler { my ($udom,$uname)=split(/:/,$tail); chomp($uname); - my $passfile = PasswordPath($udom, $uname); + my $passfile = PasswordFilename($udom, $uname); if($passfile) { Reply( $client, "found\n", $userinput); } else { @@ -1137,10 +1138,7 @@ sub FetchUserFileHandler { } RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0); # -# Authenticate access to a user file. Question? The token for athentication -# is allowed to be sent as cleartext is this really what we want? This token -# represents the user's session id. Once it is forged does this allow too much -# access?? +# Authenticate access to a user file. # # Parameters: # $cmd - The command that got us here. @@ -1412,9 +1410,9 @@ sub RolesPutHandler { my $client = shift; my $userinput = "$cmd:$tail"; - my ($exedom,$exeuser,$udom,$uname,$what) =split(/:/,$tail); - &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom. - "what = ".$what); + my ( $exedom, $exeuser, $udom, $uname, $what) = split(/:/,$tail); + + my $namespace='roles'; chomp($what); my $hashref = TieUserHash($udom, $uname, $namespace, @@ -1616,7 +1614,7 @@ sub GetProfileEntryEncrypted { return 1; } -RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0); +RegisterHandler("eget", \&GetProfileEntryEncrypted, 0, 1, 0); # # Deletes a key in a user profile database. @@ -1847,7 +1845,8 @@ sub DumpWithRegexp { } RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0); -# Store an aitem in any database but the roles database. +# Store an aitem in any resource meta data(?) or database with +# versioning? # # Parameters: # $cmd - Request command keyword. @@ -2222,19 +2221,24 @@ sub DumpCourseIdHandler { } unless (defined($since)) { $since=0; } my $qresult=''; - + logthis(" Looking for $description since $since"); my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT()); if ($hashref) { while (my ($key,$value) = each(%$hashref)) { my ($descr,$lasttime)=split(/\:/,$value); + logthis("Got: key = $key descr = $descr time: $lasttime"); if ($lasttime<$since) { + logthis("Skipping .. too early"); next; } if ($description eq '.') { + logthis("Adding wildcard match"); $qresult.=$key.'='.$descr.'&'; } else { my $unescapeVal = &unescape($descr); + logthis("Matching with $unescapeVal"); if (eval('$unescapeVal=~/$description/i')) { + logthis("Adding on match"); $qresult.="$key=$descr&"; } } @@ -2492,10 +2496,15 @@ sub LsHandler { my $userinput = "$cmd:$ulsdir"; + chomp($ulsdir); + my $ulsout=''; my $ulsfn; + logthis("ls for '$ulsdir'"); if (-e $ulsdir) { + logthis("ls - directory exists"); if(-d $ulsdir) { + logthis("ls $ulsdir is a file"); if (opendir(LSDIR,$ulsdir)) { while ($ulsfn=readdir(LSDIR)) { my @ulsstats=stat($ulsdir.'/'.$ulsfn); @@ -2679,6 +2688,8 @@ sub ProcessRequest { # Split off the request keyword from the rest of the stuff. my ($command, $tail) = split(/:/, $userinput, 2); + chomp($command); + chomp($tail); Debug("Command received: $command, encoded = $wasenc"); @@ -2720,7 +2731,7 @@ sub ProcessRequest { $KeepGoing = &$Handler($command, $tail, $client); } else { Debug("Refusing to dispatch because ok is false"); - Failure($client, "refused", $userinput); + Failure($client, "refused\n", $userinput); } @@ -4035,7 +4046,7 @@ sub ManagePermissions { my $authtype= shift; # See if the request is of the form /$domain/_au - &logthis("ruequest is $request"); + &logthis("request is $request"); if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput... my $execdir = $perlvar{'lonDaemons'}; my $userhome= "/home/$user" ; @@ -4185,7 +4196,7 @@ sub ValidateUser { $validated = (crypt($password, $contentpwd) eq $contentpwd); } elsif ($howpwd eq "unix") { # User is a normal unix user. - $contentpwd = (getpwname($user))[1]; + $contentpwd = (getpwnam($user))[1]; if($contentpwd) { if($contentpwd eq 'x') { # Shadow password file... my $pwauth_path = "/usr/local/sbin/pwauth"; @@ -4487,23 +4498,35 @@ sub make_passwd_file { print $pf "localauth:$npass\n"; } } elsif ($umode eq 'unix') { - { - my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; - { - &Debug("Executing external: ".$execpath); - &Debug("user = ".$uname.", Password =". $npass); - my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log"); - print $se "$uname\n"; - print $se "$npass\n"; - print $se "$npass\n"; - } - my $useraddok = $?; - if($useraddok > 0) { - &logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok)); - } - my $pf = IO::File->new(">$passfilename"); - print $pf "unix:\n"; + # + # Don't allow the creation of privileged accounts!!! that would + # be real bad!!! + # + my $uid = getpwnam($uname); + if((defined $uid) && ($uid == 0)) { + &logthis(">>>Attempted add of privileged account blocked<<<"); + return "no_priv_account_error\n"; } + + # + my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; + + &Debug("Executing external: ".$execpath); + &Debug("user = ".$uname.", Password =". $npass); + my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log"); + print $se "$uname\n"; + print $se "$npass\n"; + print $se "$npass\n"; + + my $useraddok = $?; + if($useraddok > 0) { + my $lcstring = lcuseraddstrerror($useraddok); + &logthis("Failed lcuseradd: $lcstring"); + return "error: lcuseradd failed: $lcstring\n"; + } + my $pf = IO::File->new(">$passfilename"); + print $pf "unix:\n"; + } elsif ($umode eq 'none') { { my $pf = IO::File->new(">$passfilename"); @@ -4517,8 +4540,10 @@ sub make_passwd_file { sub sethost { my ($remotereq) = @_; + Debug("sethost got $remotereq"); my (undef,$hostid)=split(/:/,$remotereq); if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; } + Debug("sethost attempting to set host $hostid"); if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) { $currenthostid=$hostid; $currentdomainid=$hostdom{$hostid};