Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.248 and 1.265

version 1.248, 2004/09/03 10:13:59	version 1.265, 2004/11/02 23:13:18
Line 46 use Authen::Krb5;	Line 46 use Authen::Krb5;
use lib '/home/httpd/lib/perl/';	use lib '/home/httpd/lib/perl/';
use localauth;	use localauth;
use localenroll;	use localenroll;
	use localstudentphoto;
use File::Copy;	use File::Copy;
use LONCAPA::ConfigFileEdit;	use LONCAPA::ConfigFileEdit;
use LONCAPA::lonlocal;	use LONCAPA::lonlocal;
Line 331 sub InsecureConnection {	Line 332 sub InsecureConnection {


}	}

#	#
	# Safely execute a command (as long as it's not a shel command and doesn
	# not require/rely on shell escapes. The function operates by doing a
	# a pipe based fork and capturing stdout and stderr from the pipe.
	#
	# Formal Parameters:
	# $line - A line of text to be executed as a command.
	# Returns:
	# The output from that command. If the output is multiline the caller
	# must know how to split up the output.
	#
	#
	sub execute_command {
	my ($line) = @_;
	my @words = split(/\s/, $line); # Bust the command up into words.
	my $output = "";

	my $pid = open(CHILD, "-\|");

	if($pid) { # Parent process
	Debug("In parent process for execute_command");
	my @data = <CHILD>; # Read the child's outupt...
	close CHILD;
	foreach my $output_line (@data) {
	Debug("Adding $output_line");
	$output .= $output_line; # Presumably has a \n on it.
	}

	} else { # Child process
	close (STDERR);
	open (STDERR, ">&STDOUT");# Combine stderr, and stdout...
	exec(@words); # won't return.
	}
	return $output;
	}


# GetCertificate: Given a transaction that requires a certificate,	# GetCertificate: Given a transaction that requires a certificate,
# this function will extract the certificate from the transaction	# this function will extract the certificate from the transaction
# request. Note that at this point, the only concept of a certificate	# request. Note that at this point, the only concept of a certificate
Line 1013 sub tie_user_hash {	Line 1049 sub tie_user_hash {
$how, 0640)) {	$how, 0640)) {
# If this is a namespace for which a history is kept,	# If this is a namespace for which a history is kept,
# make the history log entry:	# make the history log entry:
if (($namespace =~/^nohist\_/) && (defined($loghead))) {	if (($namespace !~/^nohist\_/) && (defined($loghead))) {
my $args = scalar @_;	my $args = scalar @_;
Debug(" Opening history: $namespace $args");	Debug(" Opening history: $namespace $args");
my $hfh = IO::File->new(">>$proname/$namespace.hist");	my $hfh = IO::File->new(">>$proname/$namespace.hist");
Line 1030 sub tie_user_hash {	Line 1066 sub tie_user_hash {

}	}

	# read_profile
	#
	# Returns a set of specific entries from a user's profile file.
	# this is a utility function that is used by both get_profile_entry and
	# get_profile_entry_encrypted.
	#
	# Parameters:
	# udom - Domain in which the user exists.
	# uname - User's account name (loncapa account)
	# namespace - The profile namespace to open.
	# what - A set of & separated queries.
	# Returns:
	# If all ok: - The string that needs to be shipped back to the user.
	# If failure - A string that starts with error: followed by the failure
	# reason.. note that this probabyl gets shipped back to the
	# user as well.
	#
	sub read_profile {
	my ($udom, $uname, $namespace, $what) = @_;

	my $hashref = &tie_user_hash($udom, $uname, $namespace,
	&GDBM_READER());
	if ($hashref) {
	my @queries=split(/\&/,$what);
	my $qresult='';

	for (my $i=0;$i<=$#queries;$i++) {
	$qresult.="$hashref->{$queries[$i]}&"; # Presumably failure gives empty string.
	}
	$qresult=~s/\&$//; # Remove trailing & from last lookup.
	if (untie %$hashref) {
	return $qresult;
	} else {
	return "error: ".($!+0)." untie (GDBM) Failed";
	}
	} else {
	if ($!+0 == 2) {
	return "error:No such file or GDBM reported bad block error";
	} else {
	return "error: ".($!+0)." tie (GDBM) Failed";
	}
	}

	}
#--------------------- Request Handlers --------------------------------------------	#--------------------- Request Handlers --------------------------------------------
#	#
# By convention each request handler registers itself prior to the sub	# By convention each request handler registers itself prior to the sub
Line 1051 sub tie_user_hash {	Line 1131 sub tie_user_hash {
# 0 - Program should exit.	# 0 - Program should exit.
# Side effects:	# Side effects:
# Reply information is sent to the client.	# Reply information is sent to the client.

sub ping_handler {	sub ping_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;
Debug("$cmd $tail $client .. $currenthostid:");	Debug("$cmd $tail $client .. $currenthostid:");
Line 1079 sub ping_handler {	Line 1158 sub ping_handler {
# 0 - Program should exit.	# 0 - Program should exit.
# Side effects:	# Side effects:
# Reply information is sent to the client.	# Reply information is sent to the client.

sub pong_handler {	sub pong_handler {
my ($cmd, $tail, $replyfd) = @_;	my ($cmd, $tail, $replyfd) = @_;

Line 1134 sub establish_key_handler {	Line 1212 sub establish_key_handler {
}	}
&register_handler("ekey", \&establish_key_handler, 0, 1,1);	&register_handler("ekey", \&establish_key_handler, 0, 1,1);


# Handler for the load command. Returns the current system load average	# Handler for the load command. Returns the current system load average
# to the requestor.	# to the requestor.
#	#
Line 1169 sub load_handler {	Line 1246 sub load_handler {

return 1;	return 1;
}	}
register_handler("load", \&load_handler, 0, 1, 0);	&register_handler("load", \&load_handler, 0, 1, 0);

#	#
# Process the userload request. This sub returns to the client the current	# Process the userload request. This sub returns to the client the current
Line 1199 sub user_load_handler {	Line 1276 sub user_load_handler {

return 1;	return 1;
}	}
register_handler("userload", \&user_load_handler, 0, 1, 0);	&register_handler("userload", \&user_load_handler, 0, 1, 0);

# Process a request for the authorization type of a user:	# Process a request for the authorization type of a user:
# (userauth).	# (userauth).
Line 1256 sub user_authorization_type {	Line 1333 sub user_authorization_type {
# 0 - Program should exit	# 0 - Program should exit
# Implicit Output:	# Implicit Output:
# a reply is written to the client.	# a reply is written to the client.

sub push_file_handler {	sub push_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

Line 1299 sub push_file_handler {	Line 1375 sub push_file_handler {
# Side Effects:	# Side Effects:
# The reply is written to $client.	# The reply is written to $client.
#	#

sub du_handler {	sub du_handler {
my ($cmd, $ududir, $client) = @_;	my ($cmd, $ududir, $client) = @_;
	my ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier.
	my $userinput = "$cmd:$ududir";

if ($ududir=~/\.\./ \|\| $ududir!~m\|^/home/httpd/\|) {	if ($ududir=~/\.\./ \|\| $ududir!~m\|^/home/httpd/\|) {
&Failure($client,"refused\n","$cmd:$ududir");	&Failure($client,"refused\n","$cmd:$ududir");
return 1;	return 1;
}	}
my $duout = `du -ks $ududir 2>/dev/null`;	# Since $ududir could have some nasties in it,
$duout=~s/[^\d]//g; #preserve only the numbers	# we will require that ududir is a valid
&Reply($client,"$duout\n","$cmd:$ududir");	# directory. Just in case someone tries to
	# slip us a line like .;(cd /home/httpd rm -rf*)
	# etc.
	#
	if (-d $ududir) {
	# And as Shakespeare would say to make
	# assurance double sure,
	# use execute_command to ensure that the command is not executed in
	# a shell that can screw us up.

	my $duout = execute_command("du -ks $ududir");
	$duout=~s/[^\d]//g; #preserve only the numbers
	&Reply($client,"$duout\n","$cmd:$ududir");
	} else {

	&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir");

	}
return 1;	return 1;
}	}
&register_handler("du", \&du_handler, 0, 1, 0);	&register_handler("du", \&du_handler, 0, 1, 0);


#	#
# ls - list the contents of a directory. For each file in the	# ls - list the contents of a directory. For each file in the
# selected directory the filename followed by the full output of	# selected directory the filename followed by the full output of
Line 1370 sub ls_handler {	Line 1464 sub ls_handler {
$ulsout='no_such_dir';	$ulsout='no_such_dir';
}	}
if ($ulsout eq '') { $ulsout='empty'; }	if ($ulsout eq '') { $ulsout='empty'; }
print $client "$ulsout\n";	&Reply($client, "$ulsout\n", $userinput); # This supports debug logging.

return 1;	return 1;

}	}
&register_handler("ls", \&ls_handler, 0, 1, 0);	&register_handler("ls", \&ls_handler, 0, 1, 0);




# Process a reinit request. Reinit requests that either	# Process a reinit request. Reinit requests that either
# lonc or lond be reinitialized so that an updated	# lonc or lond be reinitialized so that an updated
# host.tab or domain.tab can be processed.	# host.tab or domain.tab can be processed.
Line 1409 sub reinit_process_handler {	Line 1500 sub reinit_process_handler {
}	}
return 1;	return 1;
}	}

&register_handler("reinit", \&reinit_process_handler, 1, 0, 1);	&register_handler("reinit", \&reinit_process_handler, 1, 0, 1);

# Process the editing script for a table edit operation.	# Process the editing script for a table edit operation.
Line 1451 sub edit_table_handler {	Line 1541 sub edit_table_handler {
}	}
return 1;	return 1;
}	}
register_handler("edit", \&edit_table_handler, 1, 0, 1);	&register_handler("edit", \&edit_table_handler, 1, 0, 1);


#	#
# Authenticate a user against the LonCAPA authentication	# Authenticate a user against the LonCAPA authentication
Line 1507 sub authenticate_handler {	Line 1596 sub authenticate_handler {

return 1;	return 1;
}	}
	&register_handler("auth", \&authenticate_handler, 1, 1, 0);
register_handler("auth", \&authenticate_handler, 1, 1, 0);

#	#
# Change a user's password. Note that this function is complicated by	# Change a user's password. Note that this function is complicated by
Line 1599 sub change_password_handler {	Line 1687 sub change_password_handler {

return 1;	return 1;
}	}
register_handler("passwd", \&change_password_handler, 1, 1, 0);	&register_handler("passwd", \&change_password_handler, 1, 1, 0);


#	#
# Create a new user. User in this case means a lon-capa user.	# Create a new user. User in this case means a lon-capa user.
Line 1639 sub add_user_handler {	Line 1726 sub add_user_handler {
if (-e $passfilename) {	if (-e $passfilename) {
&Failure( $client, "already_exists\n", $userinput);	&Failure( $client, "already_exists\n", $userinput);
} else {	} else {
my @fpparts=split(/\//,$passfilename);
my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
my $fperror='';	my $fperror='';
for (my $i=3;$i<= ($#fpparts-1);$i++) {	if (!&mkpath($passfilename)) {
$fpnow.='/'.$fpparts[$i];	$fperror="error: ".($!+0)." mkdir failed while attempting "
unless (-e $fpnow) {	."makeuser";
&logthis("mkdir $fpnow");
unless (mkdir($fpnow,0777)) {
$fperror="error: ".($!+0)." mkdir failed while attempting "
."makeuser";
}
}
}	}
unless ($fperror) {	unless ($fperror) {
my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);	my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
Line 1707 sub change_authentication_handler {	Line 1786 sub change_authentication_handler {
chomp($npass);	chomp($npass);

$npass=&unescape($npass);	$npass=&unescape($npass);
	my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
my $passfilename = &password_path($udom, $uname);	my $passfilename = &password_path($udom, $uname);
if ($passfilename) { # Not allowed to create a new user!!	if ($passfilename) { # Not allowed to create a new user!!
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);	my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
	#
	# If the current auth mode is internal, and the old auth mode was
	# unix, or krb*, and the user is an author for this domain,
	# re-run manage_permissions for that role in order to be able
	# to take ownership of the construction space back to www:www
	#

	if( ($oldauth =~ /^unix/) && ($umode eq "internal")) { # unix -> internal
	if(&is_author($udom, $uname)) {
	&Debug(" Need to manage author permissions...");
	&manage_permissions("/$udom/_au", $udom, $uname, "internal:");
	}
	}


&Reply($client, $result, $userinput);	&Reply($client, $result, $userinput);
} else {	} else {
&Failure($client, "non_authorized", $userinput); # Fail the user now.	&Failure($client, "non_authorized\n", $userinput); # Fail the user now.
}	}
}	}
return 1;	return 1;
Line 1865 sub fetch_user_file_handler {	Line 1960 sub fetch_user_file_handler {
# Note that any regular files in the way of this path are	# Note that any regular files in the way of this path are
# wiped out to deal with some earlier folly of mine.	# wiped out to deal with some earlier folly of mine.

my $path = $udir;	if (!&mkpath($udir.'/')) {
if ($ufile =~m\|(.+)/([^/]+)$\|) {	&Failure($client, "unable_to_create\n", $userinput);
my @parts=split('/',$1);
foreach my $part (@parts) {
$path .= '/'.$part;
if( -f $path) {
unlink($path);
}
if ((-e $path)!=1) {
mkdir($path,0770);
}
}
}	}


my $destname=$udir.'/'.$ufile;	my $destname=$udir.'/'.$ufile;
my $transname=$udir.'/'.$ufile.'.in.transit';	my $transname=$udir.'/'.$ufile.'.in.transit';
my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;	my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
Line 1923 sub fetch_user_file_handler {	Line 2007 sub fetch_user_file_handler {
#	#
# Returns:	# Returns:
# 1 - Continue processing.	# 1 - Continue processing.

sub remove_user_file_handler {	sub remove_user_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

Line 1939 sub remove_user_file_handler {	Line 2022 sub remove_user_file_handler {
if (-e $udir) {	if (-e $udir) {
my $file=$udir.'/userfiles/'.$ufile;	my $file=$udir.'/userfiles/'.$ufile;
if (-e $file) {	if (-e $file) {
	#
	# If the file is a regular file unlink is fine...
	# However it's possible the client wants a dir.
	# removed, in which case rmdir is more approprate:
	#
if (-f $file){	if (-f $file){
unlink($file);	unlink($file);
} elsif(-d $file) {	} elsif(-d $file) {
rmdir($file);	rmdir($file);
}	}
if (-e $file) {	if (-e $file) {
	# File is still there after we deleted it ?!?

&Failure($client, "failed\n", "$cmd:$tail");	&Failure($client, "failed\n", "$cmd:$tail");
} else {	} else {
&Reply($client, "ok\n", "$cmd:$tail");	&Reply($client, "ok\n", "$cmd:$tail");
Line 1969 sub remove_user_file_handler {	Line 2059 sub remove_user_file_handler {
#	#
# Returns:	# Returns:
# 1 - Continue processing.	# 1 - Continue processing.

sub mkdir_user_file_handler {	sub mkdir_user_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

Line 1983 sub mkdir_user_file_handler {	Line 2072 sub mkdir_user_file_handler {
} else {	} else {
my $udir = &propath($udom,$uname);	my $udir = &propath($udom,$uname);
if (-e $udir) {	if (-e $udir) {
my $newdir=$udir.'/userfiles/'.$ufile;	my $newdir=$udir.'/userfiles/'.$ufile.'/';
if (!-e $newdir) {	if (!&mkpath($newdir)) {
mkdir($newdir);	&Failure($client, "failed\n", "$cmd:$tail");
if (!-e $newdir) {
&Failure($client, "failed\n", "$cmd:$tail");
} else {
&Reply($client, "ok\n", "$cmd:$tail");
}
} else {
&Failure($client, "not_found\n", "$cmd:$tail");
}	}
	&Reply($client, "ok\n", "$cmd:$tail");
} else {	} else {
&Failure($client, "not_home\n", "$cmd:$tail");	&Failure($client, "not_home\n", "$cmd:$tail");
}	}
Line 2011 sub mkdir_user_file_handler {	Line 2094 sub mkdir_user_file_handler {
#	#
# Returns:	# Returns:
# 1 - Continue processing.	# 1 - Continue processing.

sub rename_user_file_handler {	sub rename_user_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

Line 2045 sub rename_user_file_handler {	Line 2127 sub rename_user_file_handler {
}	}
&register_handler("renameuserfile", \&rename_user_file_handler, 0,1,0);	&register_handler("renameuserfile", \&rename_user_file_handler, 0,1,0);


#	#
# Authenticate access to a user file by checking the user's	# Authenticate access to a user file by checking that the token the user's
# session token(?)	# passed also exists in their session file
#	#
# Parameters:	# Parameters:
# cmd - The request keyword that dispatched to tus.	# cmd - The request keyword that dispatched to tus.
Line 2056 sub rename_user_file_handler {	Line 2137 sub rename_user_file_handler {
# client - Filehandle open on the client.	# client - Filehandle open on the client.
# Return:	# Return:
# 1.	# 1.

sub token_auth_user_file_handler {	sub token_auth_user_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

my ($fname, $session) = split(/:/, $tail);	my ($fname, $session) = split(/:/, $tail);

chomp($session);	chomp($session);
my $reply='non_auth';	my $reply="non_auth\n";
if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.	if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
$session.'.id')) {	$session.'.id')) {
while (my $line=<ENVIN>) {	while (my $line=<ENVIN>) {
if ($line=~ m\|userfile\.\Q$fname\E\=\|) { $reply='ok'; }	if ($line=~ m\|userfile\.\Q$fname\E\=\|) { $reply="ok\n"; }
}	}
close(ENVIN);	close(ENVIN);
&Reply($client, $reply);	&Reply($client, $reply, "$cmd:$tail");
} else {	} else {
&Failure($client, "invalid_token\n", "$cmd:$tail");	&Failure($client, "invalid_token\n", "$cmd:$tail");
}	}
return 1;	return 1;

}	}

&register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);	&register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);


#	#
# Unsubscribe from a resource.	# Unsubscribe from a resource.
#	#
Line 2109 sub unsubscribe_handler {	Line 2187 sub unsubscribe_handler {
return 1;	return 1;
}	}
&register_handler("unsub", \&unsubscribe_handler, 0, 1, 0);	&register_handler("unsub", \&unsubscribe_handler, 0, 1, 0);

# Subscribe to a resource	# Subscribe to a resource
#	#
# Parameters:	# Parameters:
Line 2187 sub activity_log_handler {	Line 2266 sub activity_log_handler {

return 1;	return 1;
}	}
register_handler("log", \&activity_log_handler, 0, 1, 0);	&register_handler("log", \&activity_log_handler, 0, 1, 0);

#	#
# Put a namespace entry in a user profile hash.	# Put a namespace entry in a user profile hash.
Line 2292 sub increment_user_value_handler {	Line 2371 sub increment_user_value_handler {
}	}
&register_handler("inc", \&increment_user_value_handler, 0, 1, 0);	&register_handler("inc", \&increment_user_value_handler, 0, 1, 0);


#	#
# Put a new role for a user. Roles are LonCAPA's packaging of permissions.	# Put a new role for a user. Roles are LonCAPA's packaging of permissions.
# Each 'role' a user has implies a set of permissions. Adding a new role	# Each 'role' a user has implies a set of permissions. Adding a new role
Line 2332 sub roles_put_handler {	Line 2410 sub roles_put_handler {
# is done on close this improves the chances the log will be an un-	# is done on close this improves the chances the log will be an un-
# corrupted ordered thing.	# corrupted ordered thing.
if ($hashref) {	if ($hashref) {
	my $pass_entry = &get_auth_type($udom, $uname);
	my ($auth_type,$pwd) = split(/:/, $pass_entry);
	$auth_type = $auth_type.":";
my @pairs=split(/\&/,$what);	my @pairs=split(/\&/,$what);
foreach my $pair (@pairs) {	foreach my $pair (@pairs) {
my ($key,$value)=split(/=/,$pair);	my ($key,$value)=split(/=/,$pair);
&manage_permissions($key, $udom, $uname,	&manage_permissions($key, $udom, $uname,
&get_auth_type( $udom, $uname));	$auth_type);
$hashref->{$key}=$value;	$hashref->{$key}=$value;
}	}
if (untie($hashref)) {	if (untie($hashref)) {
Line 2431 sub get_profile_entry {	Line 2512 sub get_profile_entry {

my ($udom,$uname,$namespace,$what) = split(/:/,$tail);	my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
chomp($what);	chomp($what);
my $hashref = &tie_user_hash($udom, $uname, $namespace,
&GDBM_READER());	my $replystring = read_profile($udom, $uname, $namespace, $what);
if ($hashref) {	my ($first) = split(/:/,$replystring);
my @queries=split(/\&/,$what);	if($first ne "error") {
my $qresult='';	&Reply($client, "$replystring\n", $userinput);

for (my $i=0;$i<=$#queries;$i++) {
$qresult.="$hashref->{$queries[$i]}&"; # Presumably failure gives empty string.
}
$qresult=~s/\&$//; # Remove trailing & from last lookup.
if (untie(%$hashref)) {
&Reply($client, "$qresult\n", $userinput);
} else {
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
"while attempting get\n", $userinput);
}
} else {	} else {
if ($!+0 == 2) { # +0 coerces errno -> number 2 is ENOENT	&Failure($client, $replystring." while attempting get\n", $userinput);
&Failure($client, "error:No such file or ".
"GDBM reported bad block error\n", $userinput);
} else { # Some other undifferentiated err.
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
"while attempting get\n", $userinput);
}
}	}
return 1;	return 1;


}	}
&register_handler("get", \&get_profile_entry, 0,1,0);	&register_handler("get", \&get_profile_entry, 0,1,0);

Line 2486 sub get_profile_entry_encrypted {	Line 2552 sub get_profile_entry_encrypted {

my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);	my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
chomp($what);	chomp($what);
my $hashref = &tie_user_hash($udom, $uname, $namespace,	my $qresult = read_profile($udom, $uname, $namespace, $what);
&GDBM_READER());	my ($first) = split(/:/, $qresult);
if ($hashref) {	if($first ne "error") {
my @queries=split(/\&/,$what);
my $qresult='';	if ($cipher) {
for (my $i=0;$i<=$#queries;$i++) {	my $cmdlength=length($qresult);
$qresult.="$hashref->{$queries[$i]}&";	$qresult.=" ";
}	my $encqresult='';
if (untie(%$hashref)) {	for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
$qresult=~s/\&$//;	$encqresult.= unpack("H16",
if ($cipher) {	$cipher->encrypt(substr($qresult,
my $cmdlength=length($qresult);	$encidx,
$qresult.=" ";	8)));
my $encqresult='';
for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
$encqresult.= unpack("H16",
$cipher->encrypt(substr($qresult,
$encidx,
8)));
}
&Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
} else {
&Failure( $client, "error:no_key\n", $userinput);
}	}
	&Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
} else {	} else {
&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".	&Failure( $client, "error:no_key\n", $userinput);
"while attempting eget\n", $userinput);	}
}
} else {	} else {
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".	&Failure($client, "$qresult while attempting eget\n", $userinput);
"while attempting eget\n", $userinput);
}	}

return 1;	return 1;
}	}
&register_handler("eget", \&GetProfileEntryEncrypted, 0, 1, 0);	&register_handler("eget", \&get_profile_entry_encrypted, 0, 1, 0);

#	#
# Deletes a key in a user profile database.	# Deletes a key in a user profile database.
#	#
Line 2540 sub get_profile_entry_encrypted {	Line 2597 sub get_profile_entry_encrypted {
# 0 - Exit server.	# 0 - Exit server.
#	#
#	#

sub delete_profile_entry {	sub delete_profile_entry {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;

Line 2569 sub delete_profile_entry {	Line 2625 sub delete_profile_entry {
return 1;	return 1;
}	}
&register_handler("del", \&delete_profile_entry, 0, 1, 0);	&register_handler("del", \&delete_profile_entry, 0, 1, 0);

#	#
# List the set of keys that are defined in a profile database file.	# List the set of keys that are defined in a profile database file.
# A successful reply from this will contain an & separated list of	# A successful reply from this will contain an & separated list of
Line 2747 sub dump_with_regexp {	Line 2804 sub dump_with_regexp {

return 1;	return 1;
}	}

&register_handler("dump", \&dump_with_regexp, 0, 1, 0);	&register_handler("dump", \&dump_with_regexp, 0, 1, 0);

# Store a set of key=value pairs associated with a versioned name.	# Store a set of key=value pairs associated with a versioned name.
Line 2813 sub store_handler {	Line 2869 sub store_handler {
return 1;	return 1;
}	}
&register_handler("store", \&store_handler, 0, 1, 0);	&register_handler("store", \&store_handler, 0, 1, 0);

#	#
# Dump out all versions of a resource that has key=value pairs associated	# Dump out all versions of a resource that has key=value pairs associated
# with it for each version. These resources are built up via the store	# with it for each version. These resources are built up via the store
Line 2913 sub send_chat_handler {	Line 2970 sub send_chat_handler {
return 1;	return 1;
}	}
&register_handler("chatsend", \&send_chat_handler, 0, 1, 0);	&register_handler("chatsend", \&send_chat_handler, 0, 1, 0);

#	#
# Retrieve the set of chat messagss from a discussion board.	# Retrieve the set of chat messagss from a discussion board.
#	#
Line 3069 sub put_course_id_handler {	Line 3127 sub put_course_id_handler {
my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());	my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
if ($hashref) {	if ($hashref) {
foreach my $pair (@pairs) {	foreach my $pair (@pairs) {
my ($key,$value)=split(/=/,$pair);	my ($key,$descr,$inst_code)=split(/=/,$pair);
$hashref->{$key}=$value.':'.$now;	$hashref->{$key}=$descr.':'.$inst_code.':'.$now;
}	}
if (untie(%$hashref)) {	if (untie(%$hashref)) {
&Reply($client, "ok\n", $userinput);	&Reply( $client, "ok\n", $userinput);
} else {	} else {
&Failure( $client, "error: ".($!+0)	&Failure($client, "error: ".($!+0)
." untie(GDBM) Failed ".	." untie(GDBM) Failed ".
"while attempting courseidput\n", $userinput);	"while attempting courseidput\n", $userinput);
}	}
} else {	} else {
&Failure( $client, "error: ".($!+0)	&Failure($client, "error: ".($!+0)
." tie(GDBM) Failed ".	." tie(GDBM) Failed ".
"while attempting courseidput\n", $userinput);	"while attempting courseidput\n", $userinput);
}	}


return 1;	return 1;
}	}
Line 3206 sub put_id_handler {	Line 3265 sub put_id_handler {

return 1;	return 1;
}	}

&register_handler("idput", \&put_id_handler, 0, 1, 0);	&register_handler("idput", \&put_id_handler, 0, 1, 0);

#	#
# Retrieves a set of id values from the id database.	# Retrieves a set of id values from the id database.
# Returns an & separated list of results, one for each requested id to the	# Returns an & separated list of results, one for each requested id to the
Line 3256 sub get_id_handler {	Line 3315 sub get_id_handler {

return 1;	return 1;
}	}
	&register_handler("idget", \&get_id_handler, 0, 1, 0);
register_handler("idget", \&get_id_handler, 0, 1, 0);

#	#
# Process the tmpput command I'm not sure what this does.. Seems to	# Process the tmpput command I'm not sure what this does.. Seems to
Line 3300 sub tmp_put_handler {	Line 3358 sub tmp_put_handler {

}	}
&register_handler("tmpput", \&tmp_put_handler, 0, 1, 0);	&register_handler("tmpput", \&tmp_put_handler, 0, 1, 0);

# Processes the tmpget command. This command returns the contents	# Processes the tmpget command. This command returns the contents
# of a temporary resource file(?) created via tmpput.	# of a temporary resource file(?) created via tmpput.
#	#
Line 3312 sub tmp_put_handler {	Line 3371 sub tmp_put_handler {
# 1 - Inidcating processing can continue.	# 1 - Inidcating processing can continue.
# Side effects:	# Side effects:
# A reply is sent to the client.	# A reply is sent to the client.

#	#
sub tmp_get_handler {	sub tmp_get_handler {
my ($cmd, $id, $client) = @_;	my ($cmd, $id, $client) = @_;
Line 3335 sub tmp_get_handler {	Line 3393 sub tmp_get_handler {
return 1;	return 1;
}	}
&register_handler("tmpget", \&tmp_get_handler, 0, 1, 0);	&register_handler("tmpget", \&tmp_get_handler, 0, 1, 0);

#	#
# Process the tmpdel command. This command deletes a temp resource	# Process the tmpdel command. This command deletes a temp resource
# created by the tmpput command.	# created by the tmpput command.
Line 3368 sub tmp_del_handler {	Line 3427 sub tmp_del_handler {

}	}
&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);	&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);

#	#
# Processes the setannounce command. This command	# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of	# creates a file named announce.txt in the top directory of
Line 3406 sub set_announce_handler {	Line 3466 sub set_announce_handler {
return 1;	return 1;
}	}
&register_handler("setannounce", \&set_announce_handler, 0, 1, 0);	&register_handler("setannounce", \&set_announce_handler, 0, 1, 0);

#	#
# Return the version of the daemon. This can be used to determine	# Return the version of the daemon. This can be used to determine
# the compatibility of cross version installations or, alternatively to	# the compatibility of cross version installations or, alternatively to
Line 3430 sub get_version_handler {	Line 3491 sub get_version_handler {
return 1;	return 1;
}	}
&register_handler("version", \&get_version_handler, 0, 1, 0);	&register_handler("version", \&get_version_handler, 0, 1, 0);

# Set the current host and domain. This is used to support	# Set the current host and domain. This is used to support
# multihomed systems. Each IP of the system, or even separate daemons	# multihomed systems. Each IP of the system, or even separate daemons
# on the same IP can be treated as handling a separate lonCAPA virtual	# on the same IP can be treated as handling a separate lonCAPA virtual
Line 3566 sub validate_course_owner_handler {	Line 3628 sub validate_course_owner_handler {
return 1;	return 1;
}	}
&register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);	&register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);

#	#
# Validate a course section in the official schedule of classes	# Validate a course section in the official schedule of classes
# from the institutions point of view (part of autoenrollment).	# from the institutions point of view (part of autoenrollment).
Line 3646 sub create_auto_enroll_password_handler	Line 3709 sub create_auto_enroll_password_handler
#	#
# Returns:	# Returns:
# 1 - Continue processing.	# 1 - Continue processing.

sub retrieve_auto_file_handler {	sub retrieve_auto_file_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;
my $userinput = "cmd:$tail";	my $userinput = "cmd:$tail";
Line 3731 sub get_institutional_code_format_handle	Line 3793 sub get_institutional_code_format_handle

return 1;	return 1;
}	}
	&register_handler("autoinstcodeformat",
&register_handler("autoinstcodeformat", \&get_institutional_code_format_handler,	\&get_institutional_code_format_handler,0,1,0);
0,1,0);

#	#
#	# Gets a student's photo to exist (in the correct image type) in the user's
#	# directory.
#	# Formal Parameters:
#	# $cmd - The command request that got us dispatched.
	# $tail - A colon separated set of words that will be split into:
	# $domain - student's domain
	# $uname - student username
	# $type - image type desired
	# $client - The socket open on the client.
	# Returns:
	# 1 - continue processing.
	sub student_photo_handler {
	my ($cmd, $tail, $client) = @_;
	my ($domain,$uname,$type) = split(/:/, $tail);

	my $path=&propath($domain,$uname).
	'/userfiles/internal/studentphoto.'.$type;
	if (-e $path) {
	&Reply($client,"ok\n","$cmd:$tail");
	return 1;
	}
	&mkpath($path);
	my $file=&localstudentphoto::fetch($domain,$uname);
	if (!$file) {
	&Failure($client,"unavailable\n","$cmd:$tail");
	return 1;
	}
	if (!-e $path) { &convert_photo($file,$path); }
	if (-e $path) {
	&Reply($client,"ok\n","$cmd:$tail");
	return 1;
	}
	&Failure($client,"unable_to_convert\n","$cmd:$tail");
	return 1;
	}
	&register_handler("studentphoto", \&student_photo_handler, 0, 1, 0);

	# mkpath makes all directories for a file, expects an absolute path with a
	# file or a trailing / if just a dir is passed
	# returns 1 on success 0 on failure
	sub mkpath {
	my ($file)=@_;
	my @parts=split(/\//,$file,-1);
	my $now=$parts[0].'/'.$parts[1].'/'.$parts[2];
	for (my $i=3;$i<= ($#parts-1);$i++) {
	$now.='/'.$parts[$i];
	if (!-e $now) {
	if (!mkdir($now,0770)) { return 0; }
	}
	}
	return 1;
	}

#---------------------------------------------------------------	#---------------------------------------------------------------
#	#
# Getting, decoding and dispatching requests:	# Getting, decoding and dispatching requests:
#	#

#	#
# Get a Request:	# Get a Request:
# Gets a Request message from the client. The transaction	# Gets a Request message from the client. The transaction
Line 3781 sub process_request {	Line 3890 sub process_request {
$userinput = decipher($userinput);	$userinput = decipher($userinput);
$wasenc=1;	$wasenc=1;
if(!$userinput) { # Cipher not defined.	if(!$userinput) { # Cipher not defined.
&Failure($client, "error: Encrypted data without negotated key");	&Failure($client, "error: Encrypted data without negotated key\n");
return 0;	return 0;
}	}
}	}
Line 3851 sub process_request {	Line 3960 sub process_request {

}	}

#------------------- Commands not yet in spearate handlers. --------------	print $client "unknown_cmd\n";

#------------------------------- is auto-enrollment enabled?
if ($userinput =~/^autorun/) {
if (isClient) {
my ($cmd,$cdom) = split(/:/,$userinput);
my $outcome = &localenroll::run($cdom);
print $client "$outcome\n";
} else {
print $client "0\n";
}
#------------------------------- get official sections (for auto-enrollment).
} elsif ($userinput =~/^autogetsections/) {
if (isClient) {
my ($cmd,$coursecode,$cdom)=split(/:/,$userinput);
my @secs = &localenroll::get_sections($coursecode,$cdom);
my $seclist = &escape(join(':',@secs));
print $client "$seclist\n";
} else {
print $client "refused\n";
}
#----------------------- validate owner of new course section (for auto-enrollment).
} elsif ($userinput =~/^autonewcourse/) {
if (isClient) {
my ($cmd,$inst_course_id,$owner,$cdom)=split(/:/,$userinput);
my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
print $client "$outcome\n";
} else {
print $client "refused\n";
}
#-------------- validate course section in schedule of classes (for auto-enrollment).
} elsif ($userinput =~/^autovalidatecourse/) {
if (isClient) {
my ($cmd,$inst_course_id,$cdom)=split(/:/,$userinput);
my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
print $client "$outcome\n";
} else {
print $client "refused\n";
}
#--------------------------- create password for new user (for auto-enrollment).
} elsif ($userinput =~/^autocreatepassword/) {
if (isClient) {
my ($cmd,$authparam,$cdom)=split(/:/,$userinput);
my ($create_passwd,$authchk);
($authparam,$create_passwd,$authchk) = &localenroll::create_password($authparam,$cdom);
print $client &escape($authparam.':'.$create_passwd.':'.$authchk)."\n";
} else {
print $client "refused\n";
}
#--------------------------- read and remove temporary files (for auto-enrollment).
} elsif ($userinput =~/^autoretrieve/) {
if (isClient) {
my ($cmd,$filename) = split(/:/,$userinput);
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
if ( (-e $source) && ($filename ne '') ) {
my $reply = '';
if (open(my $fh,$source)) {
while (<$fh>) {
chomp($_);
$_ =~ s/^\s+//g;
$_ =~ s/\s+$//g;
$reply .= $_;
}
close($fh);
print $client &escape($reply)."\n";
# unlink($source);
} else {
print $client "error\n";
}
} else {
print $client "error\n";
}
} else {
print $client "refused\n";
}
#--------------------- read and retrieve institutional code format
# (for support form).
} elsif ($userinput =~/^autoinstcodeformat/) {
if (isClient) {
my $reply;
my($cmd,$cdom,$course) = split(/:/,$userinput);
my @pairs = split/\&/,$course;
my %instcodes = ();
my %codes = ();
my @codetitles = ();
my %cat_titles = ();
my %cat_order = ();
foreach (@pairs) {
my ($key,$value) = split/=/,$_;
$instcodes{&unescape($key)} = &unescape($value);
}
my $formatreply = &localenroll::instcode_format($cdom,\%instcodes,\%codes,\@codetitles,\%cat_titles,\%cat_order);
if ($formatreply eq 'ok') {
my $codes_str = &hash2str(%codes);
my $codetitles_str = &array2str(@codetitles);
my $cat_titles_str = &hash2str(%cat_titles);
my $cat_order_str = &hash2str(%cat_order);
print $client $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'.$cat_order_str."\n";
}
} else {
print $client "refused\n";
}
# ------------------------------------------------------------- unknown command

} else {
# unknown command
print $client "unknown_cmd\n";
}
# -------------------------------------------------------------------- complete	# -------------------------------------------------------------------- complete
Debug("process_request - returning 1");	Debug("process_request - returning 1");
return 1;	return 1;
Line 4833 sub make_new_child {	Line 4835 sub make_new_child {
exit;	exit;

}	}
	#
	# Determine if a user is an author for the indicated domain.
	#
	# Parameters:
	# domain - domain to check in .
	# user - Name of user to check.
	#
	# Return:
	# 1 - User is an author for domain.
	# 0 - User is not an author for domain.
	sub is_author {
	my ($domain, $user) = @_;

	&Debug("is_author: $user @ $domain");

	my $hashref = &tie_user_hash($domain, $user, "roles",
	&GDBM_READER());

	# Author role should show up as a key /domain/_au

	my $key = "/$domain/_au";
	my $value = $hashref->{$key};

	if(defined($value)) {
	&Debug("$user @ $domain is an author");
	}

	return defined($value);
	}
#	#
# Checks to see if the input roleput request was to set	# Checks to see if the input roleput request was to set
# an author role. If so, invokes the lchtmldir script to set	# an author role. If so, invokes the lchtmldir script to set
Line 4849 sub make_new_child {	Line 4878 sub make_new_child {
sub manage_permissions	sub manage_permissions
{	{


my ($request, $domain, $user, $authtype) = @_;	my ($request, $domain, $user, $authtype) = @_;

	&Debug("manage_permissions: $request $domain $user $authtype");

# See if the request is of the form /$domain/_au	# See if the request is of the form /$domain/_au
if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...	if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
my $execdir = $perlvar{'lonDaemons'};	my $execdir = $perlvar{'lonDaemons'};
my $userhome= "/home/$user" ;	my $userhome= "/home/$user" ;
&logthis("system $execdir/lchtmldir $userhome $user $authtype");	&logthis("system $execdir/lchtmldir $userhome $user $authtype");
	&Debug("Setting homedir permissions for $userhome");
system("$execdir/lchtmldir $userhome $user $authtype");	system("$execdir/lchtmldir $userhome $user $authtype");
}	}
}	}
Line 4871 sub manage_permissions	Line 4904 sub manage_permissions
#	#
sub password_path {	sub password_path {
my ($domain, $user) = @_;	my ($domain, $user) = @_;
	return &propath($domain, $user).'/passwd';

my $path = &propath($domain, $user);
$path .= "/passwd";

return $path;
}	}

# Password Filename	# Password Filename
Line 4951 sub get_auth_type	Line 4979 sub get_auth_type
Debug("Password info = $realpassword\n");	Debug("Password info = $realpassword\n");
my ($authtype, $contentpwd) = split(/:/, $realpassword);	my ($authtype, $contentpwd) = split(/:/, $realpassword);
Debug("Authtype = $authtype, content = $contentpwd\n");	Debug("Authtype = $authtype, content = $contentpwd\n");
my $availinfo = '';	return "$authtype:$contentpwd";
if($authtype eq 'krb4' or $authtype eq 'krb5') {
$availinfo = $contentpwd;
}

return "$authtype:$availinfo";
} else {	} else {
Debug("Returning nouser");	Debug("Returning nouser");
return "nouser";	return "nouser";
Line 4989 sub validate_user {	Line 5012 sub validate_user {
# At the end of this function. I'll ensure that it's not still that	# At the end of this function. I'll ensure that it's not still that
# value so we don't just wind up returning some accidental value	# value so we don't just wind up returning some accidental value
# as a result of executing an unforseen code path that	# as a result of executing an unforseen code path that
# did not set $validated.	# did not set $validated. At the end of valid execution paths,
	# validated shoule be 1 for success or 0 for failuer.

my $validated = -3.14159;	my $validated = -3.14159;

Line 5077 sub validate_user {	Line 5101 sub validate_user {
#	#

unless ($validated != -3.14159) {	unless ($validated != -3.14159) {
die "ValidateUser - failed to set the value of validated";	# I >really really< want to know if this happens.
	# since it indicates that user authentication is badly
	# broken in some code path.
	#
	die "ValidateUser - failed to set the value of validated $domain, $user $password";
}	}
return $validated;	return $validated;
}	}
Line 5300 sub make_passwd_file {	Line 5328 sub make_passwd_file {
if ($umode eq 'krb4' or $umode eq 'krb5') {	if ($umode eq 'krb4' or $umode eq 'krb5') {
{	{
my $pf = IO::File->new(">$passfilename");	my $pf = IO::File->new(">$passfilename");
print $pf "$umode:$npass\n";	if ($pf) {
	print $pf "$umode:$npass\n";
	} else {
	$result = "pass_file_failed_error";
	}
}	}
} elsif ($umode eq 'internal') {	} elsif ($umode eq 'internal') {
my $salt=time;	my $salt=time;
Line 5309 sub make_passwd_file {	Line 5341 sub make_passwd_file {
{	{
&Debug("Creating internal auth");	&Debug("Creating internal auth");
my $pf = IO::File->new(">$passfilename");	my $pf = IO::File->new(">$passfilename");
print $pf "internal:$ncpass\n";	if($pf) {
	print $pf "internal:$ncpass\n";
	} else {
	$result = "pass_file_failed_error";
	}
}	}
} elsif ($umode eq 'localauth') {	} elsif ($umode eq 'localauth') {
{	{
my $pf = IO::File->new(">$passfilename");	my $pf = IO::File->new(">$passfilename");
print $pf "localauth:$npass\n";	if($pf) {
	print $pf "localauth:$npass\n";
	} else {
	$result = "pass_file_failed_error";
	}
}	}
} elsif ($umode eq 'unix') {	} elsif ($umode eq 'unix') {
{	{
Line 5353 sub make_passwd_file {	Line 5393 sub make_passwd_file {
$result = "lcuseradd_failed:$error_text\n";	$result = "lcuseradd_failed:$error_text\n";
} else {	} else {
my $pf = IO::File->new(">$passfilename");	my $pf = IO::File->new(">$passfilename");
print $pf "unix:\n";	if($pf) {
	print $pf "unix:\n";
	} else {
	$result = "pass_file_failed_error";
	}
}	}
}	}
} elsif ($umode eq 'none') {	} elsif ($umode eq 'none') {
{	{
my $pf = IO::File->new("> $passfilename");	my $pf = IO::File->new("> $passfilename");
print $pf "none:\n";	if($pf) {
	print $pf "none:\n";
	} else {
	$result = "pass_file_failed_error";
	}
}	}
} else {	} else {
$result="auth_mode_error\n";	$result="auth_mode_error\n";
Line 5367 sub make_passwd_file {	Line 5415 sub make_passwd_file {
return $result;	return $result;
}	}

	sub convert_photo {
	my ($start,$dest)=@_;
	system("convert $start $dest");
	}

sub sethost {	sub sethost {
my ($remotereq) = @_;	my ($remotereq) = @_;
my (undef,$hostid)=split(/:/,$remotereq);	my (undef,$hostid)=split(/:/,$remotereq);

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.248
changed lines
	Added in v.1.265