1: #!/usr/bin/perl
2: # The LearningOnline Network
3: # lond "LON Daemon" Server (port "LOND" 5663)
4: #
5: # $Id: lond,v 1.177 2004/02/18 10:35:56 foxr Exp $
6: #
7: # Copyright Michigan State University Board of Trustees
8: #
9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10: #
11: # LON-CAPA is free software; you can redistribute it and/or modify
12: # it under the terms of the GNU General Public License as published by
13: # the Free Software Foundation; either version 2 of the License, or
14: # (at your option) any later version.
15: #
16: # LON-CAPA is distributed in the hope that it will be useful,
17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: # GNU General Public License for more details.
20: #
21: # You should have received a copy of the GNU General Public License
22: # along with LON-CAPA; if not, write to the Free Software
23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24: #
25: # /home/httpd/html/adm/gpl.txt
26: #
27:
28:
29: # http://www.lon-capa.org/
30: #
31:
32: use strict;
33: use lib '/home/httpd/lib/perl/';
34: use LONCAPA::Configuration;
35:
36: use IO::Socket;
37: use IO::File;
38: #use Apache::File;
39: use Symbol;
40: use POSIX;
41: use Crypt::IDEA;
42: use LWP::UserAgent();
43: use GDBM_File;
44: use Authen::Krb4;
45: use Authen::Krb5;
46: use lib '/home/httpd/lib/perl/';
47: use localauth;
48: use File::Copy;
49: use LONCAPA::ConfigFileEdit;
50:
51: my $DEBUG = 0; # Non zero to enable debug log entries.
52:
53: my $status='';
54: my $lastlog='';
55:
56: my $VERSION='$Revision: 1.177 $'; #' stupid emacs
57: my $remoteVERSION;
58: my $currenthostid;
59: my $currentdomainid;
60:
61: my $client;
62: my $clientip;
63: my $clientname;
64:
65: my $cipher; # Cipher key negotiated with client.
66: my $tmpsnum = 0;; # Id of tmpputs.
67:
68: my $server;
69: my $thisserver;
70:
71: #
72: # Connection type is:
73: # client - All client actions are allowed
74: # manager - only management functions allowed.
75: # both - Both management and client actions are allowed
76: #
77:
78: my $ConnectionType;
79:
80: my %hostid;
81: my %hostdom;
82: my %hostip;
83:
84: my %managers; # Ip -> manager names
85:
86: my %perlvar; # Will have the apache conf defined perl vars.
87:
88: #
89: # The hash below is used for command dispatching, and is therefore keyed on the request keyword.
90: # Each element of the hash contains a reference to an array that contains:
91: # A reference to a sub that executes the request corresponding to the keyword.
92: # A flag that is true if the request must be encoded to be acceptable.
93: # A mask with bits as follows:
94: # CLIENT_OK - Set when the function is allowed by ordinary clients
95: # MANAGER_OK - Set when the function is allowed to manager clients.
96: #
97: my $CLIENT_OK = 1;
98: my $MANAGER_OK = 2;
99: my %Dispatcher;
100:
101: #
102: # The array below are password error strings."
103: #
104: my $lastpwderror = 13; # Largest error number from lcpasswd.
105: my @passwderrors = ("ok",
106: "lcpasswd must be run as user 'www'",
107: "lcpasswd got incorrect number of arguments",
108: "lcpasswd did not get the right nubmer of input text lines",
109: "lcpasswd too many simultaneous pwd changes in progress",
110: "lcpasswd User does not exist.",
111: "lcpasswd Incorrect current passwd",
112: "lcpasswd Unable to su to root.",
113: "lcpasswd Cannot set new passwd.",
114: "lcpasswd Username has invalid characters",
115: "lcpasswd Invalid characters in password",
116: "11", "12",
117: "lcpasswd Password mismatch");
118:
119:
120: # The array below are lcuseradd error strings.:
121:
122: my $lastadderror = 13;
123: my @adderrors = ("ok",
124: "User ID mismatch, lcuseradd must run as user www",
125: "lcuseradd Incorrect number of command line parameters must be 3",
126: "lcuseradd Incorrect number of stdinput lines, must be 3",
127: "lcuseradd Too many other simultaneous pwd changes in progress",
128: "lcuseradd User does not exist",
129: "lcuseradd Unable to make www member of users's group",
130: "lcuseradd Unable to su to root",
131: "lcuseradd Unable to set password",
132: "lcuseradd Usrname has invalid characters",
133: "lcuseradd Password has an invalid character",
134: "lcuseradd User already exists",
135: "lcuseradd Could not add user.",
136: "lcuseradd Password mismatch");
137:
138: #
139: # Statistics that are maintained and dislayed in the status line.
140: #
141: my $Transactions; # Number of attempted transactions.
142: my $Failures; # Number of transcations failed.
143:
144: # ResetStatistics:
145: # Resets the statistics counters:
146: #
147: sub ResetStatistics {
148: $Transactions = 0;
149: $Failures = 0;
150: }
151:
152: #
153: # Return true if client is a manager.
154: #
155: sub isManager {
156: return (($ConnectionType eq "manager") || ($ConnectionType eq "both"));
157: }
158: #
159: # Return tru if client can do client functions
160: #
161: sub isClient {
162: return (($ConnectionType eq "client") || ($ConnectionType eq "both"));
163: }
164:
165:
166: #
167: # Get a Request:
168: # Gets a Request message from the client. The transaction
169: # is defined as a 'line' of text. We remove the new line
170: # from the text line.
171: #
172: sub GetRequest {
173: my $input = <$client>;
174: chomp($input);
175:
176: Debug("Request = $input\n");
177:
178: &status('Processing '.$clientname.':'.$input);
179:
180: return $input;
181: }
182: #
183: # Decipher encoded traffic
184: # Parameters:
185: # input - Encoded data.
186: # Returns:
187: # Decoded data or undef if encryption key was not yet negotiated.
188: # Implicit input:
189: # cipher - This global holds the negotiated encryption key.
190: #
191: sub Decipher {
192: my $input = shift;
193: my $output = '';
194:
195:
196: if($cipher) {
197: my($enc, $enclength, $encinput) = split(/:/, $input);
198: for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
199: $output .=
200: $cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
201: }
202: return substr($output, 0, $enclength);
203: } else {
204: return undef;
205: }
206:
207: }
208:
209: #
210: # Register a command processor. This function is invoked to register a sub
211: # to process a request. Once registered, the ProcessRequest sub can automatically
212: # dispatch requests to an appropriate sub, and do the top level validity checking
213: # as well:
214: # - Is the keyword recognized.
215: # - Is the proper client type attempting the request.
216: # - Is the request encrypted if it has to be.
217: # Parameters:
218: # $RequestName - Name of the request being registered.
219: # This is the command request that will match
220: # against the hash keywords to lookup the information
221: # associated with the dispatch information.
222: # $Procedure - Reference to a sub to call to process the request.
223: # All subs get called as follows:
224: # Procedure($cmd, $tail, $replyfd, $key)
225: # $cmd - the actual keyword that invoked us.
226: # $tail - the tail of the request that invoked us.
227: # $replyfd- File descriptor connected to the client
228: # $MustEncode - True if the request must be encoded to be good.
229: # $ClientOk - True if it's ok for a client to request this.
230: # $ManagerOk - True if it's ok for a manager to request this.
231: # Side effects:
232: # - On success, the Dispatcher hash has an entry added for the key $RequestName
233: # - On failure, the program will die as it's a bad internal bug to try to
234: # register a duplicate command handler.
235: #
236: sub RegisterHandler {
237: my $RequestName = shift;
238: my $Procedure = shift;
239: my $MustEncode = shift;
240: my $ClientOk = shift;
241: my $ManagerOk = shift;
242:
243: # Don't allow duplication#
244:
245: if (defined $Dispatcher{$RequestName}) {
246: die "Attempting to define a duplicate request handler for $RequestName\n";
247: }
248: # Build the client type mask:
249:
250: my $ClientTypeMask = 0;
251: if($ClientOk) {
252: $ClientTypeMask |= $CLIENT_OK;
253: }
254: if($ManagerOk) {
255: $ClientTypeMask |= $MANAGER_OK;
256: }
257:
258: # Enter the hash:
259:
260: my @entry = ($Procedure, $MustEncode, $ClientTypeMask);
261:
262: $Dispatcher{$RequestName} = \@entry;
263:
264:
265: }
266:
267: #--------------------- Request Handlers --------------------------------------------
268: #
269: # By convention each request handler registers itself prior to the sub declaration:
270: #
271:
272: # Handles ping requests.
273: # Parameters:
274: # $cmd - the actual keyword that invoked us.
275: # $tail - the tail of the request that invoked us.
276: # $replyfd- File descriptor connected to the client
277: # Implicit Inputs:
278: # $currenthostid - Global variable that carries the name of the host we are
279: # known as.
280: # Returns:
281: # 1 - Ok to continue processing.
282: # 0 - Program should exit.
283: # Side effects:
284: # Reply information is sent to the client.
285:
286: sub PingHandler {
287: my $cmd = shift;
288: my $tail = shift;
289: my $client = shift;
290:
291: Reply( $client,"$currenthostid\n","$cmd:$tail");
292:
293: return 1;
294: }
295: RegisterHandler("ping", \&PingHandler, 0, 1, 1); # Ping unencoded, client or manager.
296: #
297: # Handles pong reequests:
298: # Parameters:
299: # $cmd - the actual keyword that invoked us.
300: # $tail - the tail of the request that invoked us.
301: # $replyfd- File descriptor connected to the client
302: # Implicit Inputs:
303: # $currenthostid - Global variable that carries the name of the host we are
304: # connected to.
305: # Returns:
306: # 1 - Ok to continue processing.
307: # 0 - Program should exit.
308: # Side effects:
309: # Reply information is sent to the client.
310:
311: sub PongHandler {
312: my $cmd = shift;
313: my $tail = shift;
314: my $replyfd = shift;
315:
316: my $reply=&reply("ping",$clientname);
317: Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
318: return 1;
319: }
320: RegisterHandler("pong", \&PongHandler, 0, 1, 1); # Pong unencoded, client or manager
321:
322: #
323: # EstablishKeyHandler:
324: # Called to establish an encrypted session key with the remote client.
325: #
326: # Parameters:
327: # $cmd - the actual keyword that invoked us.
328: # $tail - the tail of the request that invoked us.
329: # $replyfd- File descriptor connected to the client
330: # Implicit Inputs:
331: # $currenthostid - Global variable that carries the name of the host
332: # known as.
333: # $clientname - Global variable that carries the name of the hsot we're connected to.
334: # Returns:
335: # 1 - Ok to continue processing.
336: # 0 - Program should exit.
337: # Implicit Outputs:
338: # Reply information is sent to the client.
339: # $cipher is set with a reference to a new IDEA encryption object.
340: #
341: sub EstablishKeyHandler {
342: my $cmd = shift;
343: my $tail = shift;
344: my $replyfd = shift;
345:
346: my $buildkey=time.$$.int(rand 100000);
347: $buildkey=~tr/1-6/A-F/;
348: $buildkey=int(rand 100000).$buildkey.int(rand 100000);
349: my $key=$currenthostid.$clientname;
350: $key=~tr/a-z/A-Z/;
351: $key=~tr/G-P/0-9/;
352: $key=~tr/Q-Z/0-9/;
353: $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
354: $key=substr($key,0,32);
355: my $cipherkey=pack("H32",$key);
356: $cipher=new IDEA $cipherkey;
357: Reply($replyfd, "$buildkey\n", "$cmd:$tail");
358:
359: return 1;
360:
361: }
362: RegisterHandler("ekey", \&EstablishKeyHandler, 0, 1,1);
363:
364: # LoadHandler:
365: # Handler for the load command. Returns the current system load average
366: # to the requestor.
367: #
368: # Parameters:
369: # $cmd - the actual keyword that invoked us.
370: # $tail - the tail of the request that invoked us.
371: # $replyfd- File descriptor connected to the client
372: # Implicit Inputs:
373: # $currenthostid - Global variable that carries the name of the host
374: # known as.
375: # $clientname - Global variable that carries the name of the hsot we're connected to.
376: # Returns:
377: # 1 - Ok to continue processing.
378: # 0 - Program should exit.
379: # Side effects:
380: # Reply information is sent to the client.
381: sub LoadHandler {
382: my $cmd = shift;
383: my $tail = shift;
384: my $replyfd = shift;
385:
386: # Get the load average from /proc/loadavg and calculate it as a percentage of
387: # the allowed load limit as set by the perl global variable lonLoadLim
388:
389: my $loadavg;
390: my $loadfile=IO::File->new('/proc/loadavg');
391:
392: $loadavg=<$loadfile>;
393: $loadavg =~ s/\s.*//g; # Extract the first field only.
394:
395: my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
396:
397: Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
398:
399: return 1;
400: }
401: RegisterHandler("load", \&LoadHandler, 0, 1, 0);
402:
403:
404: #
405: # Process the userload request. This sub returns to the client the current
406: # user load average. It can be invoked either by clients or managers.
407: #
408: # Parameters:
409: # $cmd - the actual keyword that invoked us.
410: # $tail - the tail of the request that invoked us.
411: # $replyfd- File descriptor connected to the client
412: # Implicit Inputs:
413: # $currenthostid - Global variable that carries the name of the host
414: # known as.
415: # $clientname - Global variable that carries the name of the hsot we're connected to.
416: # Returns:
417: # 1 - Ok to continue processing.
418: # 0 - Program should exit
419: # Implicit inputs:
420: # whatever the userload() function requires.
421: # Implicit outputs:
422: # the reply is written to the client.
423: #
424: sub UserLoadHandler {
425: my $cmd = shift;
426: my $tail = shift;
427: my $replyfd = shift;
428:
429: my $userloadpercent=&userload();
430: Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
431:
432: return 1;
433: }
434: RegisterHandler("userload", \&UserLoadHandler, 0, 1, 0);
435:
436: # Process a request for the authorization type of a user:
437: # (userauth).
438: #
439: # Parameters:
440: # $cmd - the actual keyword that invoked us.
441: # $tail - the tail of the request that invoked us.
442: # $replyfd- File descriptor connected to the client
443: # Returns:
444: # 1 - Ok to continue processing.
445: # 0 - Program should exit
446: # Implicit outputs:
447: # The user authorization type is written to the client.
448: #
449: sub UserAuthorizationType {
450: my $cmd = shift;
451: my $tail = shift;
452: my $replyfd = shift;
453:
454: my $userinput = "$cmd:$tail";
455:
456: # Pull the domain and username out of the command tail.
457: # and call GetAuthType to determine the authentication type.
458:
459: my ($udom,$uname)=split(/:/,$tail);
460: my $result = GetAuthType($udom, $uname);
461: if($result eq "nouser") {
462: Failure( $replyfd, "unknown_user\n", $userinput);
463: } else {
464: Reply( $replyfd, "$result\n", $userinput);
465: }
466:
467: return 1;
468: }
469: RegisterHandler("currentauth", \&UserAuthorizationType, 1, 1, 0);
470: #
471: # Process a request by a manager to push a hosts or domain table
472: # to us. We pick apart the command and pass it on to the subs
473: # that already exist to do this.
474: #
475: # Parameters:
476: # $cmd - the actual keyword that invoked us.
477: # $tail - the tail of the request that invoked us.
478: # $client - File descriptor connected to the client
479: # Returns:
480: # 1 - Ok to continue processing.
481: # 0 - Program should exit
482: # Implicit Output:
483: # a reply is written to the client.
484:
485: sub PushFileHandler {
486: my $cmd = shift;
487: my $tail = shift;
488: my $client = shift;
489:
490: my $userinput = "$cmd:$tail";
491:
492: # At this time we only know that the IP of our partner is a valid manager
493: # the code below is a hook to do further authentication (e.g. to resolve
494: # spoofing).
495:
496: my $cert = GetCertificate($userinput);
497: if(ValidManager($cert)) {
498:
499: # Now presumably we have the bona fides of both the peer host and the
500: # process making the request.
501:
502: my $reply = PushFile($userinput);
503: Reply($client, "$reply\n", $userinput);
504:
505: } else {
506: Failure( $client, "refused\n", $userinput);
507: }
508: }
509: RegisterHandler("pushfile", \&PushFileHandler, 1, 0, 1);
510:
511:
512:
513: # Process a reinit request. Reinit requests that either
514: # lonc or lond be reinitialized so that an updated
515: # host.tab or domain.tab can be processed.
516: #
517: # Parameters:
518: # $cmd - the actual keyword that invoked us.
519: # $tail - the tail of the request that invoked us.
520: # $client - File descriptor connected to the client
521: # Returns:
522: # 1 - Ok to continue processing.
523: # 0 - Program should exit
524: # Implicit output:
525: # a reply is sent to the client.
526: #
527: sub ReinitProcessHandler {
528: my $cmd = shift;
529: my $tail = shift;
530: my $client = shift;
531:
532: my $userinput = "$cmd:$tail";
533:
534: my $cert = GetCertificate($userinput);
535: if(ValidManager($cert)) {
536: chomp($userinput);
537: my $reply = ReinitProcess($userinput);
538: Reply( $client, "$reply\n", $userinput);
539: } else {
540: Failure( $client, "refused\n", $userinput);
541: }
542: return 1;
543: }
544:
545: RegisterHandler("reinit", \&ReinitProcessHandler, 1, 0, 1);
546:
547: # Process the editing script for a table edit operation.
548: # the editing operation must be encrypted and requested by
549: # a manager host.
550: #
551: # Parameters:
552: # $cmd - the actual keyword that invoked us.
553: # $tail - the tail of the request that invoked us.
554: # $client - File descriptor connected to the client
555: # Returns:
556: # 1 - Ok to continue processing.
557: # 0 - Program should exit
558: # Implicit output:
559: # a reply is sent to the client.
560: #
561: sub EditTableHandler {
562: my $command = shift;
563: my $tail = shift;
564: my $client = shift;
565:
566: my $userinput = "$command:$tail";
567:
568: my $cert = GetCertificate($userinput);
569: if(ValidManager($cert)) {
570: my($filetype, $script) = split(/:/, $tail);
571: if (($filetype eq "hosts") ||
572: ($filetype eq "domain")) {
573: if($script ne "") {
574: Reply($client, # BUGBUG - EditFile
575: EditFile($userinput), # could fail.
576: $userinput);
577: } else {
578: Failure($client,"refused\n",$userinput);
579: }
580: } else {
581: Failure($client,"refused\n",$userinput);
582: }
583: } else {
584: Failure($client,"refused\n",$userinput);
585: }
586: return 1;
587: }
588: RegisterHandler("edit", \&EditTableHandler, 1, 0, 1);
589:
590:
591: #
592: # Authenticate a user against the LonCAPA authentication
593: # database. Note that there are several authentication
594: # possibilities:
595: # - unix - The user can be authenticated against the unix
596: # password file.
597: # - internal - The user can be authenticated against a purely
598: # internal per user password file.
599: # - kerberos - The user can be authenticated against either a kerb4 or kerb5
600: # ticket granting authority.
601: # - user - The person tailoring LonCAPA can supply a user authentication mechanism
602: # that is per system.
603: #
604: # Parameters:
605: # $cmd - The command that got us here.
606: # $tail - Tail of the command (remaining parameters).
607: # $client - File descriptor connected to client.
608: # Returns
609: # 0 - Requested to exit, caller should shut down.
610: # 1 - Continue processing.
611: # Implicit inputs:
612: # The authentication systems describe above have their own forms of implicit
613: # input into the authentication process that are described above.
614: #
615: sub AuthenticateHandler {
616: my $cmd = shift;
617: my $tail = shift;
618: my $client = shift;
619:
620: # Regenerate the full input line
621:
622: my $userinput = $cmd.":".$tail;
623:
624: # udom - User's domain.
625: # uname - Username.
626: # upass - User's password.
627:
628: my ($udom,$uname,$upass)=split(/:/,$tail);
629: chomp($upass);
630: $upass=unescape($upass);
631: my $proname=propath($udom,$uname);
632: my $passfilename="$proname/passwd";
633:
634: # The user's 'personal' loncapa passworrd file describes how to authenticate:
635:
636: if (-e $passfilename) {
637: my $pf = IO::File->new($passfilename);
638: my $realpasswd=<$pf>;
639: chomp($realpasswd);
640: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
641: my $pwdcorrect=0;
642: #
643: # Authenticate against password stored in the internal file.
644: #
645: if ($howpwd eq 'internal') {
646: &Debug("Internal auth");
647: $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
648: #
649: # Authenticate against the unix password file.
650: #
651: } elsif ($howpwd eq 'unix') {
652: &Debug("Unix auth");
653: if((getpwnam($uname))[1] eq "") { #no such user!
654: $pwdcorrect = 0;
655: } else {
656: $contentpwd=(getpwnam($uname))[1];
657: my $pwauth_path="/usr/local/sbin/pwauth";
658: unless ($contentpwd eq 'x') {
659: $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
660: } elsif (-e $pwauth_path) {
661: open PWAUTH, "|$pwauth_path" or
662: die "Cannot invoke authentication";
663: print PWAUTH "$uname\n$upass\n";
664: close PWAUTH;
665: $pwdcorrect=!$?;
666: }
667: }
668: #
669: # Authenticate against a Kerberos 4 server:
670: #
671: } elsif ($howpwd eq 'krb4') {
672: my $null=pack("C",0);
673: unless ($upass=~/$null/) {
674: my $krb4_error = &Authen::Krb4::get_pw_in_tkt($uname,
675: "",
676: $contentpwd,
677: 'krbtgt',
678: $contentpwd,
679: 1,
680: $upass);
681: if (!$krb4_error) {
682: $pwdcorrect = 1;
683: } else {
684: $pwdcorrect=0;
685: # log error if it is not a bad password
686: if ($krb4_error != 62) {
687: &logthis('krb4:'.$uname.','.$contentpwd.','.
688: &Authen::Krb4::get_err_txt($Authen::Krb4::error));
689: }
690: }
691: }
692: #
693: # Authenticate against a Kerberos 5 server:
694: #
695: } elsif ($howpwd eq 'krb5') {
696: my $null=pack("C",0);
697: unless ($upass=~/$null/) {
698: my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
699: my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
700: my $krbserver=&Authen::Krb5::parse_name($krbservice);
701: my $credentials=&Authen::Krb5::cc_default();
702: $credentials->initialize($krbclient);
703: my $krbreturn = &Authen::Krb5::get_in_tkt_with_password(
704: $krbclient,
705: $krbserver,
706: $upass,
707: $credentials);
708: $pwdcorrect = ($krbreturn == 1);
709: } else {
710: $pwdcorrect=0;
711: }
712: #
713: # Finally, the user may have written in an authentication module.
714: # in that case, if requested, authenticate against it.
715: #
716: } elsif ($howpwd eq 'localauth') {
717: $pwdcorrect=&localauth::localauth($uname,$upass,$contentpwd);
718: }
719: #
720: # Successfully authorized.
721: #
722: if ($pwdcorrect) {
723: Reply( $client, "authorized\n", $userinput);
724: #
725: # Bad credentials: Failed to authorize
726: #
727: } else {
728: Failure( $client, "non_authorized\n", $userinput);
729: }
730: #
731: # User bad... note it may be bad security practice to differntiate to the
732: # caller a bad user from a bad passwd... since that supplies covert channel
733: # information (you have a good user but bad password e.g.) to guessers.
734: #
735: } else {
736: Failure( $client, "unknown_user\n", $userinput);
737: }
738: return 1;
739: }
740: RegisterHandler("auth", \&AuthenticateHandler, 1, 1, 0);
741:
742: #
743: # Change a user's password. Note that this function is complicated by
744: # the fact that a user may be authenticated in more than one way:
745: # At present, we are not able to change the password for all types of
746: # authentication methods. Only for:
747: # unix - unix password or shadow passoword style authentication.
748: # local - Locally written authentication mechanism.
749: # For now, kerb4 and kerb5 password changes are not supported and result
750: # in an error.
751: # FUTURE WORK:
752: # Support kerberos passwd changes?
753: # Parameters:
754: # $cmd - The command that got us here.
755: # $tail - Tail of the command (remaining parameters).
756: # $client - File descriptor connected to client.
757: # Returns
758: # 0 - Requested to exit, caller should shut down.
759: # 1 - Continue processing.
760: # Implicit inputs:
761: # The authentication systems describe above have their own forms of implicit
762: # input into the authentication process that are described above.
763: sub ChangePasswordHandler {
764: my $cmd = shift;
765: my $tail = shift;
766: my $client = shift;
767:
768: my $userinput = $cmd.":".$tail; # Reconstruct client's string.
769:
770: #
771: # udom - user's domain.
772: # uname - Username.
773: # upass - Current password.
774: # npass - New password.
775:
776: my ($udom,$uname,$upass,$npass)=split(/:/,$tail);
777: chomp($npass);
778: $upass=&unescape($upass);
779: $npass=&unescape($npass);
780: &Debug("Trying to change password for $uname");
781: my $proname=propath($udom,$uname);
782: my $passfilename="$proname/passwd";
783: if (-e $passfilename) {
784: my $realpasswd;
785: {
786: my $pf = IO::File->new($passfilename);
787: $realpasswd=<$pf>;
788: }
789: chomp($realpasswd);
790: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
791: if ($howpwd eq 'internal') {
792: &Debug("internal auth");
793: if (crypt($upass,$contentpwd) eq $contentpwd) {
794: my $salt=time;
795: $salt=substr($salt,6,2);
796: my $ncpass=crypt($npass,$salt);
797: {
798: my $pf = IO::File->new(">$passfilename");
799: if ($pf) {
800: print $pf "internal:$ncpass\n";
801: &logthis("Result of password change for "
802: ."$uname: pwchange_success");
803: Reply($client, "ok\n", $userinput);
804: } else {
805: &logthis("Unable to open $uname passwd "
806: ."to change password");
807: Failure( $client, "non_authorized\n",$userinput);
808: }
809: }
810: } else {
811: Failure($client, "non_authorized\n", $userinput);
812: }
813: } elsif ($howpwd eq 'unix') {
814: # Unix means we have to access /etc/password
815: # one way or another.
816: # First: Make sure the current password is
817: # correct
818: &Debug("auth is unix");
819: $contentpwd=(getpwnam($uname))[1];
820: my $pwdcorrect = "0";
821: my $pwauth_path="/usr/local/sbin/pwauth";
822: unless ($contentpwd eq 'x') {
823: $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
824: } elsif (-e $pwauth_path) {
825: open PWAUTH, "|$pwauth_path" or
826: die "Cannot invoke authentication";
827: print PWAUTH "$uname\n$upass\n";
828: close PWAUTH;
829: &Debug("exited pwauth with $? ($uname,$upass) ");
830: $pwdcorrect=($? == 0);
831: }
832: if ($pwdcorrect) {
833: my $execdir=$perlvar{'lonDaemons'};
834: &Debug("Opening lcpasswd pipeline");
835: my $pf = IO::File->new("|$execdir/lcpasswd > "
836: ."$perlvar{'lonDaemons'}"
837: ."/logs/lcpasswd.log");
838: print $pf "$uname\n$npass\n$npass\n";
839: close $pf;
840: my $err = $?;
841: my $result = ($err>0 ? 'pwchange_failure' : 'ok');
842: &logthis("Result of password change for $uname: ".
843: &lcpasswdstrerror($?));
844: Reply($client, "$result\n", $userinput);
845: } else {
846: Reply($client, "non_authorized\n", $userinput);
847: }
848: } else {
849: Reply( $client, "auth_mode_error\n", $userinput);
850: }
851: } else {
852: Reply( $client, "unknown_user\n", $userinput);
853: }
854: return 1;
855: }
856: RegisterHandler("passwd", \&ChangePasswordHandler, 1, 1, 0);
857:
858: #
859: # Create a new user. User in this case means a lon-capa user.
860: # The user must either already exist in some authentication realm
861: # like kerberos or the /etc/passwd. If not, a user completely local to
862: # this loncapa system is created.
863: #
864: # Parameters:
865: # $cmd - The command that got us here.
866: # $tail - Tail of the command (remaining parameters).
867: # $client - File descriptor connected to client.
868: # Returns
869: # 0 - Requested to exit, caller should shut down.
870: # 1 - Continue processing.
871: # Implicit inputs:
872: # The authentication systems describe above have their own forms of implicit
873: # input into the authentication process that are described above.
874: sub AddUserHandler {
875: my $cmd = shift;
876: my $tail = shift;
877: my $client = shift;
878:
879: my $userinput = $cmd.":".$tail;
880:
881: my $oldumask=umask(0077);
882: my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
883: &Debug("cmd =".$cmd." $udom =".$udom." uname=".$uname);
884: chomp($npass);
885: $npass=&unescape($npass);
886: my $proname=propath($udom,$uname);
887: my $passfilename="$proname/passwd";
888: &Debug("Password file created will be:".$passfilename);
889: if (-e $passfilename) {
890: Failure( $client, "already_exists\n", $userinput);
891: } elsif ($udom ne $currentdomainid) {
892: Failure($client, "not_right_domain\n", $userinput);
893: } else {
894: my @fpparts=split(/\//,$proname);
895: my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
896: my $fperror='';
897: for (my $i=3;$i<=$#fpparts;$i++) {
898: $fpnow.='/'.$fpparts[$i];
899: unless (-e $fpnow) {
900: unless (mkdir($fpnow,0777)) {
901: $fperror="error: ".($!+0)." mkdir failed while attempting "
902: ."makeuser";
903: }
904: }
905: }
906: unless ($fperror) {
907: my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
908: Reply($client, $result, $userinput); #BUGBUG - could be fail
909: } else {
910: Failure($client, "$fperror\n", $userinput);
911: }
912: }
913: umask($oldumask);
914: return 1;
915:
916: }
917: RegisterHandler("makeuser", \&AddUserHandler, 1, 1, 0);
918:
919: #
920: # Change the authentication method of a user. Note that this may
921: # also implicitly change the user's password if, for example, the user is
922: # joining an existing authentication realm. Known authentication realms at
923: # this time are:
924: # internal - Purely internal password file (only loncapa knows this user)
925: # local - Institutionally written authentication module.
926: # unix - Unix user (/etc/passwd with or without /etc/shadow).
927: # kerb4 - kerberos version 4
928: # kerb5 - kerberos version 5
929: #
930: # Parameters:
931: # $cmd - The command that got us here.
932: # $tail - Tail of the command (remaining parameters).
933: # $client - File descriptor connected to client.
934: # Returns
935: # 0 - Requested to exit, caller should shut down.
936: # 1 - Continue processing.
937: # Implicit inputs:
938: # The authentication systems describe above have their own forms of implicit
939: # input into the authentication process that are described above.
940: #
941: sub ChangeAuthenticationHandler {
942: my $cmd = shift;
943: my $tail = shift;
944: my $client = shift;
945:
946: my $userinput = "$cmd:$tail"; # Reconstruct user input.
947:
948: my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
949: chomp($npass);
950: &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
951: $npass=&unescape($npass);
952: my $proname=&propath($udom,$uname);
953: my $passfilename="$proname/passwd";
954: if ($udom ne $currentdomainid) {
955: Failure( $client, "not_right_domain\n", $client);
956: } else {
957: my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
958: Reply($client, $result, $userinput);
959: }
960: return 1;
961: }
962: RegisterHandler("changeuserauth", \&ChangeAuthenticationHandler, 1,1, 0);
963:
964: #
965: # Determines if this is the home server for a user. The home server
966: # for a user will have his/her lon-capa passwd file. Therefore all we need
967: # to do is determine if this file exists.
968: #
969: # Parameters:
970: # $cmd - The command that got us here.
971: # $tail - Tail of the command (remaining parameters).
972: # $client - File descriptor connected to client.
973: # Returns
974: # 0 - Requested to exit, caller should shut down.
975: # 1 - Continue processing.
976: # Implicit inputs:
977: # The authentication systems describe above have their own forms of implicit
978: # input into the authentication process that are described above.
979: #
980: sub IsHomeHandler {
981: my $cmd = shift;
982: my $tail = shift;
983: my $client = shift;
984:
985: my $userinput = "$cmd:$tail";
986:
987: my ($udom,$uname)=split(/:/,$tail);
988: chomp($uname);
989: my $proname=propath($udom,$uname);
990: if (-e $proname) {
991: Reply( $client, "found\n", $userinput);
992: } else {
993: Failure($client, "not_found\n", $userinput);
994: }
995: return 1;
996: }
997: RegisterHandler("home", \&IsHomeHandler, 0,1,0);
998: #
999: # Process an update request for a resource?? I think what's going on here is
1000: # that a resource has been modified that we hold a subscription to.
1001: # If the resource is not local, then we must update, or at least invalidate our
1002: # cached copy of the resource.
1003: # FUTURE WORK:
1004: # I need to look at this logic carefully. My druthers would be to follow
1005: # typical caching logic, and simple invalidate the cache, drop any subscription
1006: # an let the next fetch start the ball rolling again... however that may
1007: # actually be more difficult than it looks given the complex web of
1008: # proxy servers.
1009: # Parameters:
1010: # $cmd - The command that got us here.
1011: # $tail - Tail of the command (remaining parameters).
1012: # $client - File descriptor connected to client.
1013: # Returns
1014: # 0 - Requested to exit, caller should shut down.
1015: # 1 - Continue processing.
1016: # Implicit inputs:
1017: # The authentication systems describe above have their own forms of implicit
1018: # input into the authentication process that are described above.
1019: #
1020: sub UpdateResourceHandler {
1021: my $cmd = shift;
1022: my $tail = shift;
1023: my $client = shift;
1024:
1025: my $userinput = "$cmd:$tail";
1026:
1027: my $fname=$tail;
1028: my $ownership=ishome($fname);
1029: if ($ownership eq 'not_owner') {
1030: if (-e $fname) {
1031: my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
1032: $atime,$mtime,$ctime,$blksize,$blocks)=stat($fname);
1033: my $now=time;
1034: my $since=$now-$atime;
1035: if ($since>$perlvar{'lonExpire'}) {
1036: my $reply=&reply("unsub:$fname","$clientname");
1037: unlink("$fname");
1038: } else {
1039: my $transname="$fname.in.transfer";
1040: my $remoteurl=&reply("sub:$fname","$clientname");
1041: my $response;
1042: alarm(120);
1043: {
1044: my $ua=new LWP::UserAgent;
1045: my $request=new HTTP::Request('GET',"$remoteurl");
1046: $response=$ua->request($request,$transname);
1047: }
1048: alarm(0);
1049: if ($response->is_error()) {
1050: unlink($transname);
1051: my $message=$response->status_line;
1052: &logthis("LWP GET: $message for $fname ($remoteurl)");
1053: } else {
1054: if ($remoteurl!~/\.meta$/) {
1055: alarm(120);
1056: {
1057: my $ua=new LWP::UserAgent;
1058: my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
1059: my $mresponse=$ua->request($mrequest,$fname.'.meta');
1060: if ($mresponse->is_error()) {
1061: unlink($fname.'.meta');
1062: }
1063: }
1064: alarm(0);
1065: }
1066: rename($transname,$fname);
1067: }
1068: }
1069: Reply( $client, "ok\n", $userinput);
1070: } else {
1071: Failure($client, "not_found\n", $userinput);
1072: }
1073: } else {
1074: Failure($client, "rejected\n", $userinput);
1075: }
1076: return 1;
1077: }
1078: RegisterHandler("update", \&UpdateResourceHandler, 0 ,1, 0);
1079:
1080: #
1081: # Fetch a user file from a remote server:
1082: # Parameters:
1083: # $cmd - The command that got us here.
1084: # $tail - Tail of the command (remaining parameters).
1085: # $client - File descriptor connected to client.
1086: # Returns
1087: # 0 - Requested to exit, caller should shut down.
1088: # 1 - Continue processing.
1089: #
1090: sub FetchUserFileHandler {
1091: my $cmd = shift;
1092: my $tail = shift;
1093: my $client = shift;
1094:
1095: my $userinput = "$cmd:$tail";
1096: my $fname = $tail;
1097: my ($udom,$uname,$ufile)=split(/\//,$fname);
1098: my $udir=propath($udom,$uname).'/userfiles';
1099: unless (-e $udir) {
1100: mkdir($udir,0770);
1101: }
1102: if (-e $udir) {
1103: $ufile=~s/^[\.\~]+//;
1104: $ufile=~s/\///g;
1105: my $destname=$udir.'/'.$ufile;
1106: my $transname=$udir.'/'.$ufile.'.in.transit';
1107: my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
1108: my $response;
1109: alarm(120);
1110: {
1111: my $ua=new LWP::UserAgent;
1112: my $request=new HTTP::Request('GET',"$remoteurl");
1113: $response=$ua->request($request,$transname);
1114: }
1115: alarm(0);
1116: if ($response->is_error()) {
1117: unlink($transname);
1118: my $message=$response->status_line;
1119: &logthis("LWP GET: $message for $fname ($remoteurl)");
1120: Failure($client, "failed\n", $userinput);
1121: } else {
1122: if (!rename($transname,$destname)) {
1123: &logthis("Unable to move $transname to $destname");
1124: unlink($transname);
1125: Failure($client, "failed\n", $userinput);
1126: } else {
1127: Reply($client, "ok\n", $userinput);
1128: }
1129: }
1130: } else {
1131: Failure($client, "not_home\n", $userinput);
1132: }
1133: return 1;
1134: }
1135: RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0);
1136: #
1137: # Authenticate access to a user file. Question? The token for athentication
1138: # is allowed to be sent as cleartext is this really what we want? This token
1139: # represents the user's session id. Once it is forged does this allow too much access??
1140: #
1141: # Parameters:
1142: # $cmd - The command that got us here.
1143: # $tail - Tail of the command (remaining parameters).
1144: # $client - File descriptor connected to client.
1145: # Returns
1146: # 0 - Requested to exit, caller should shut down.
1147: # 1 - Continue processing.
1148: sub AuthenticateUserFileAccess {
1149: my $cmd = shift;
1150: my $tail = shift;
1151: my $client = shift;
1152: my $userinput = "$cmd:$tail";
1153:
1154: my ($fname,$session)=split(/:/,$tail);
1155: chomp($session);
1156: my $reply='non_auth';
1157: if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.$session.'.id')) {
1158: while (my $line=<ENVIN>) {
1159: if ($line=~/userfile\.$fname\=/) {
1160: $reply='ok';
1161: }
1162: }
1163: close(ENVIN);
1164: Reply($client, $reply."\n", $userinput);
1165: } else {
1166: Failure($client, "invalid_token\n", $userinput);
1167: }
1168: return 1;
1169:
1170: }
1171: RegisterHandler("tokenauthuserfile", \&AuthenticateUserFileAccess, 0, 1, 0);
1172: #
1173: # Unsubscribe from a resource.
1174: #
1175: # Parameters:
1176: # $cmd - The command that got us here.
1177: # $tail - Tail of the command (remaining parameters).
1178: # $client - File descriptor connected to client.
1179: # Returns
1180: # 0 - Requested to exit, caller should shut down.
1181: # 1 - Continue processing.
1182: #
1183: sub UnsubscribeHandler {
1184: my $cmd = shift;
1185: my $tail = shift;
1186: my $client = shift;
1187: my $userinput= "$cmd:$tail";
1188:
1189: my $fname = $tail;
1190: if (-e $fname) {
1191: Reply($client, &unsub($client,$fname,$clientip), $userinput);
1192: } else {
1193: Failure($client, "not_found\n", $userinput);
1194: }
1195: return 1;
1196: }
1197: RegisterHandler("unusb", \&UnsubscribeHandler, 0, 1, 0);
1198:
1199: # Subscribe to a resource.
1200: #
1201: # Parameters:
1202: # $cmd - The command that got us here.
1203: # $tail - Tail of the command (remaining parameters).
1204: # $client - File descriptor connected to client.
1205: # Returns
1206: # 0 - Requested to exit, caller should shut down.
1207: # 1 - Continue processing.
1208: #
1209: sub SubscribeHandler {
1210: my $cmd = shift;
1211: my $tail = shift;
1212: my $client = shift;
1213: my $userinput = "$cmd:$tail";
1214:
1215: Reply( $client, &subscribe($userinput,$clientip), $userinput);
1216:
1217: return 1;
1218: }
1219: RegisterHandler("sub", \&SubscribeHandler, 0, 1, 0);
1220:
1221: #
1222: # Determine the version of a resource (?) Or is it return
1223: # the top version of the resource? Not yet clear from the
1224: # code in currentversion.
1225: #
1226: # Parameters:
1227: # $cmd - The command that got us here.
1228: # $tail - Tail of the command (remaining parameters).
1229: # $client - File descriptor connected to client.
1230: # Returns
1231: # 0 - Requested to exit, caller should shut down.
1232: # 1 - Continue processing.
1233: #
1234: sub CurrentVersionHandler {
1235: my $cmd = shift;
1236: my $tail = shift;
1237: my $client = shift;
1238: my $userinput= "$cmd:$tail";
1239:
1240: my $fname = $tail;
1241: Reply( $client, ¤tversion($fname)."\n", $userinput);
1242: return 1;
1243:
1244: }
1245: RegisterHandler("currentversion", \&CurrentVersionHandler, 0, 1, 0);
1246:
1247:
1248: # Make an entry in a user's activity log.
1249: #
1250: # Parameters:
1251: # $cmd - The command that got us here.
1252: # $tail - Tail of the command (remaining parameters).
1253: # $client - File descriptor connected to client.
1254: # Returns
1255: # 0 - Requested to exit, caller should shut down.
1256: # 1 - Continue processing.
1257: #
1258: sub ActivityLogEntryHandler {
1259: my $cmd = shift;
1260: my $tail = shift;
1261: my $client = shift;
1262: my $userinput= "$cmd:$tail";
1263:
1264: my ($udom,$uname,$what)=split(/:/,$tail);
1265: chomp($what);
1266: my $proname=propath($udom,$uname);
1267: my $now=time;
1268: my $hfh;
1269: if ($hfh=IO::File->new(">>$proname/activity.log")) {
1270: print $hfh "$now:$clientname:$what\n";
1271: Reply( $client, "ok\n", $userinput);
1272: } else {
1273: Reply($client, "error: ".($!+0)." IO::File->new Failed "
1274: ."while attempting log\n",
1275: $userinput);
1276: }
1277:
1278: return 1;
1279: }
1280: RegisterHandler("log", \&ActivityLogEntryHandler, 0, 1, 0);
1281: #
1282: # Put a namespace entry in a user profile hash.
1283: # My druthers would be for this to be an encrypted interaction too.
1284: # anything that might be an inadvertent covert channel about either
1285: # user authentication or user personal information....
1286: #
1287: # Parameters:
1288: # $cmd - The command that got us here.
1289: # $tail - Tail of the command (remaining parameters).
1290: # $client - File descriptor connected to client.
1291: # Returns
1292: # 0 - Requested to exit, caller should shut down.
1293: # 1 - Continue processing.
1294: #
1295: sub PutUserProfileEntry {
1296: my $cmd = shift;
1297: my $tail = shift;
1298: my $client = shift;
1299: my $userinput = "$cmd:$tail";
1300:
1301: my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
1302: $namespace=~s/\//\_/g;
1303: $namespace=~s/\W//g;
1304: if ($namespace ne 'roles') {
1305: chomp($what);
1306: my $proname=propath($udom,$uname);
1307: my $now=time;
1308: unless ($namespace=~/^nohist\_/) {
1309: my $hfh;
1310: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1311: print $hfh "P:$now:$what\n";
1312: }
1313: }
1314: my @pairs=split(/\&/,$what);
1315: my %hash;
1316: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
1317: &GDBM_WRCREAT(),0640)) {
1318: foreach my $pair (@pairs) {
1319: my ($key,$value)=split(/=/,$pair);
1320: $hash{$key}=$value;
1321: }
1322: if (untie(%hash)) {
1323: Reply( $client, "ok\n", $userinput);
1324: } else {
1325: Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
1326: "while attempting put\n",
1327: $userinput);
1328: }
1329: } else {
1330: Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
1331: "while attempting put\n", $userinput);
1332: }
1333: } else {
1334: Failure( $client, "refused\n", $userinput);
1335: }
1336:
1337: return 1;
1338: }
1339: RegisterHandler("put", \&PutUserProfileEntry, 0, 1, 0);
1340:
1341: #
1342: # Increment a profile entry in the user history file.
1343: # The history contains keyword value pairs. In this case,
1344: # The value itself is a pair of numbers. The first, the current value
1345: # the second an increment that this function applies to the current
1346: # value.
1347: #
1348: # Parameters:
1349: # $cmd - The command that got us here.
1350: # $tail - Tail of the command (remaining parameters).
1351: # $client - File descriptor connected to client.
1352: # Returns
1353: # 0 - Requested to exit, caller should shut down.
1354: # 1 - Continue processing.
1355: #
1356: sub IncrementUserValueHandler {
1357: my $cmd = shift;
1358: my $tail = shift;
1359: my $client = shift;
1360: my $userinput = shift;
1361:
1362: my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
1363: $namespace=~s/\//\_/g;
1364: $namespace=~s/\W//g;
1365: if ($namespace ne 'roles') {
1366: chomp($what);
1367: my $proname=propath($udom,$uname);
1368: my $now=time;
1369: unless ($namespace=~/^nohist\_/) {
1370: my $hfh;
1371: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1372: print $hfh "P:$now:$what\n";
1373: }
1374: }
1375: my @pairs=split(/\&/,$what);
1376: my %hash;
1377: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),
1378: 0640)) {
1379: foreach my $pair (@pairs) {
1380: my ($key,$value)=split(/=/,$pair);
1381: # We could check that we have a number...
1382: if (! defined($value) || $value eq '') {
1383: $value = 1;
1384: }
1385: $hash{$key}+=$value;
1386: }
1387: if (untie(%hash)) {
1388: Reply( $client, "ok\n", $userinput);
1389: } else {
1390: Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
1391: "while attempting put\n", $userinput);
1392: }
1393: } else {
1394: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
1395: "while attempting put\n", $userinput);
1396: }
1397: } else {
1398: Failure($client, "refused\n", $userinput);
1399: }
1400:
1401: return 1;
1402: }
1403: RegisterHandler("inc", \&IncrementUserValueHandler, 0, 1, 0);
1404: #
1405: # Put a new role for a user. Roles are LonCAPA's packaging of permissions.
1406: # Each 'role' a user has implies a set of permissions. Adding a new role
1407: # for a person grants the permissions packaged with that role
1408: # to that user when the role is selected.
1409: #
1410: # Parameters:
1411: # $cmd - The command string (rolesput).
1412: # $tail - The remainder of the request line. For rolesput this
1413: # consists of a colon separated list that contains:
1414: # The domain and user that is granting the role (logged).
1415: # The domain and user that is getting the role.
1416: # The roles being granted as a set of & separated pairs.
1417: # each pair a key value pair.
1418: # $client - File descriptor connected to the client.
1419: # Returns:
1420: # 0 - If the daemon should exit
1421: # 1 - To continue processing.
1422: #
1423: #
1424: sub RolesPutHandler {
1425: my $cmd = shift;
1426: my $tail = shift;
1427: my $client = shift;
1428: my $userinput = "$cmd:$tail";
1429:
1430: my ($exedom,$exeuser,$udom,$uname,$what) =split(/:/,$tail);
1431: &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
1432: "what = ".$what);
1433: my $namespace='roles';
1434: chomp($what);
1435: my $proname=propath($udom,$uname);
1436: my $now=time;
1437: #
1438: # Log the attempt to set a role. The {}'s here ensure that the file
1439: # handle is open for the minimal amount of time. Since the flush
1440: # is done on close this improves the chances the log will be an un-
1441: # corrupted ordered thing.
1442: {
1443: my $hfh;
1444: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1445: print $hfh "P:$now:$exedom:$exeuser:$what\n";
1446: }
1447: }
1448: my @pairs=split(/\&/,$what);
1449: my %hash;
1450: if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_WRCREAT(),0640)) {
1451: foreach my $pair (@pairs) {
1452: my ($key,$value)=split(/=/,$pair);
1453: &ManagePermissions($key, $udom, $uname,
1454: &GetAuthType( $udom, $uname));
1455: $hash{$key}=$value;
1456: }
1457: if (untie(%hash)) {
1458: Reply($client, "ok\n", $userinput);
1459: } else {
1460: Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
1461: "while attempting rolesput\n", $userinput);
1462: }
1463: } else {
1464: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
1465: "while attempting rolesput\n", $userinput);
1466: }
1467: return 1;
1468: }
1469: RegisterHandler("rolesput", \&RolesPutHandler, 1,1,0); # Encoded client only.
1470: #
1471: # Deletes (removes) a role for a user. This is equivalent to removing
1472: # a permissions package associated with the role from the user's profile.
1473: #
1474: # Parameters:
1475: # $cmd - The command (rolesdel)
1476: # $tail - The remainder of the request line. This consists
1477: # of:
1478: # The domain and user requesting the change (logged)
1479: # The domain and user being changed.
1480: # The roles being revoked. These are shipped to us
1481: # as a bunch of & separated role name keywords.
1482: # $client - The file handle open on the client.
1483: # Returns:
1484: # 1 - Continue processing
1485: # 0 - Exit.
1486: #
1487: sub RolesDeleteHandler {
1488: my $cmd = shift;
1489: my $tail = shift;
1490: my $client = shift;
1491: my $userinput = "$cmd:$tail";
1492:
1493: my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
1494: &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
1495: "what = ".$what);
1496: my $namespace='roles';
1497: chomp($what);
1498: my $proname=propath($udom,$uname);
1499: my $now=time;
1500: #
1501: # Log the attempt. This {}'ing is done to ensure that the
1502: # logfile is flushed and closed as quickly as possible. Hopefully
1503: # this preserves both time ordering and reduces the probability that
1504: # messages will be interleaved.
1505: #
1506: {
1507: my $hfh;
1508: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1509: print $hfh "D:$now:$exedom:$exeuser:$what\n";
1510: }
1511: }
1512: my @rolekeys=split(/\&/,$what);
1513: my %hash;
1514: if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_WRCREAT(),0640)) {
1515: foreach my $key (@rolekeys) {
1516: delete $hash{$key};
1517: }
1518: if (untie(%hash)) {
1519: Reply($client, "ok\n", $userinput);
1520: } else {
1521: Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
1522: "while attempting rolesdel\n", $userinput);
1523: }
1524: } else {
1525: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
1526: "while attempting rolesdel\n", $userinput);
1527: }
1528:
1529: return 1;
1530: }
1531: RegisterHandler("rolesdel", \&RolesDeleteHandler, 1,1, 0); # Encoded client only
1532:
1533: # Unencrypted get from a user's profile database. See
1534: # GetProfileEntryEncrypted for a version that does end-to-end encryption.
1535: # This function retrieves a keyed item from a specific named database in the
1536: # user's directory.
1537: #
1538: # Parameters:
1539: # $cmd - Command request keyword (get).
1540: # $tail - Tail of the command. This is a colon separated list
1541: # consisting of the domain and username that uniquely
1542: # identifies the profile,
1543: # The 'namespace' which selects the gdbm file to
1544: # do the lookup in,
1545: # & separated list of keys to lookup. Note that
1546: # the values are returned as an & separated list too.
1547: # $client - File descriptor open on the client.
1548: # Returns:
1549: # 1 - Continue processing.
1550: # 0 - Exit.
1551: #
1552: sub GetProfileEntry {
1553: my $cmd = shift;
1554: my $tail = shift;
1555: my $client = shift;
1556: my $userinput= "$cmd:$tail";
1557:
1558: my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
1559: $namespace=~s/\//\_/g;
1560: $namespace=~s/\W//g;
1561: chomp($what);
1562: my @queries=split(/\&/,$what);
1563: my $proname=propath($udom,$uname);
1564: my $qresult='';
1565: my %hash;
1566: if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_READER(),0640)) {
1567: for (my $i=0;$i<=$#queries;$i++) {
1568: $qresult.="$hash{$queries[$i]}&"; # Presumably failure gives empty string.
1569: }
1570: if (untie(%hash)) {
1571: $qresult=~s/\&$//; # Remove trailing & from last lookup.
1572: Reply($client, "$qresult\n", $userinput);
1573: } else {
1574: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
1575: "while attempting get\n", $userinput);
1576: }
1577: } else {
1578: if ($!+0 == 2) { # +0 coerces errno -> number 2 is ENOENT
1579: Failure($client, "error:No such file or ".
1580: "GDBM reported bad block error\n", $userinput);
1581: } else { # Some other undifferentiated err.
1582: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
1583: "while attempting get\n", $userinput);
1584: }
1585: }
1586: return 1;
1587: }
1588: RegisterHandler("get", \&GetProfileEntry, 0,1,0);
1589: #
1590: # Process the encrypted get request. Note that the request is sent
1591: # in clear, but the reply is encrypted. This is a small covert channel:
1592: # information about the sensitive keys is given to the snooper. Just not
1593: # information about the values of the sensitive key. Hmm if I wanted to
1594: # know these I'd snoop for the egets. Get the profile item names from them
1595: # and then issue a get for them since there's no enforcement of the
1596: # requirement of an encrypted get for particular profile items. If I
1597: # were re-doing this, I'd force the request to be encrypted as well as the
1598: # reply. I'd also just enforce encrypted transactions for all gets since
1599: # that would prevent any covert channel snooping.
1600: #
1601: # Parameters:
1602: # $cmd - Command keyword of request (eget).
1603: # $tail - Tail of the command. See GetProfileEntry
# for more information about this.
1604: # $client - File open on the client.
1605: # Returns:
1606: # 1 - Continue processing
1607: # 0 - server should exit.
1608: sub GetProfileEntryEncrypted {
1609: my $cmd = shift;
1610: my $tail = shift;
1611: my $client = shift;
1612: my $userinput = "$cmd:$tail";
1613:
1614: my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
1615: $namespace=~s/\//\_/g;
1616: $namespace=~s/\W//g;
1617: chomp($what);
1618: my @queries=split(/\&/,$what);
1619: my $proname=propath($udom,$uname);
1620: my $qresult='';
1621: my %hash;
1622: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
1623: for (my $i=0;$i<=$#queries;$i++) {
1624: $qresult.="$hash{$queries[$i]}&";
1625: }
1626: if (untie(%hash)) {
1627: $qresult=~s/\&$//;
1628: if ($cipher) {
1629: my $cmdlength=length($qresult);
1630: $qresult.=" ";
1631: my $encqresult='';
1632: for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
1633: $encqresult.= unpack("H16", $cipher->encrypt(substr($qresult,
1634: $encidx,
1635: 8)));
1636: }
1637: Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
1638: } else {
1639: Failure( $client, "error:no_key\n", $userinput);
1640: }
1641: } else {
1642: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
1643: "while attempting eget\n", $userinput);
1644: }
1645: } else {
1646: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
1647: "while attempting eget\n", $userinput);
1648: }
1649:
1650: return 1;
1651: }
1652: RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0);
1653:
1654: #
1655: # Deletes a key in a user profile database.
1656: #
1657: # Parameters:
1658: # $cmd - Command keyword (del).
1659: # $tail - Command tail. IN this case a colon
1660: # separated list containing:
1661: # The domain and user that identifies uniquely
1662: # the identity of the user.
1663: # The profile namespace (name of the profile
1664: # database file).
1665: # & separated list of keywords to delete.
1666: # $client - File open on client socket.
1667: # Returns:
1668: # 1 - Continue processing
1669: # 0 - Exit server.
1670: #
1671: #
1672: sub DeletProfileEntry {
1673: my $cmd = shift;
1674: my $tail = shift;
1675: my $client = shift;
1676: my $userinput = "cmd:$tail";
1677:
1678: my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
1679: $namespace=~s/\//\_/g;
1680: $namespace=~s/\W//g;
1681: chomp($what);
1682: my $proname=propath($udom,$uname);
1683: my $now=time;
1684: unless ($namespace=~/^nohist\_/) {
1685: my $hfh;
1686: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1687: print $hfh "D:$now:$what\n";
1688: }
1689: }
1690: my @keys=split(/\&/,$what);
1691: my %hash;
1692: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
1693: foreach my $key (@keys) {
1694: delete($hash{$key});
1695: }
1696: if (untie(%hash)) {
1697: Reply($client, "ok\n", $userinput);
1698: } else {
1699: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
1700: "while attempting del\n", $userinput);
1701: }
1702: } else {
1703: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
1704: "while attempting del\n", $userinput);
1705: }
1706: return 1;
1707: }
1708: RegisterHandler("del", \&DeleteProfileEntry, 0, 1, 0);
1709: #
1710: # List the set of keys that are defined in a profile database file.
1711: # A successful reply from this will contain an & separated list of
1712: # the keys.
1713: # Parameters:
1714: # $cmd - Command request (keys).
1715: # $tail - Remainder of the request, a colon separated
1716: # list containing domain/user that identifies the
1717: # user being queried, and the database namespace
1718: # (database filename essentially).
1719: # $client - File open on the client.
1720: # Returns:
1721: # 1 - Continue processing.
1722: # 0 - Exit the server.
1723: #
1724: sub GetProfileKeys {
1725: my $cmd = shift;
1726: my $tail = shift;
1727: my $client = shift;
1728: my $userinput = "$cmd:$tail";
1729:
1730: my ($udom,$uname,$namespace)=split(/:/,$tail);
1731: $namespace=~s/\//\_/g;
1732: $namespace=~s/\W//g;
1733: my $proname=propath($udom,$uname);
1734: my $qresult='';
1735: my %hash;
1736: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
1737: foreach my $key (keys %hash) {
1738: $qresult.="$key&";
1739: }
1740: if (untie(%hash)) {
1741: $qresult=~s/\&$//;
1742: Reply($client, "$qresult\n", $userinput);
1743: } else {
1744: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
1745: "while attempting keys\n", $userinput);
1746: }
1747: } else {
1748: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
1749: "while attempting keys\n", $userinput);
1750: }
1751:
1752: return 1;
1753: }
1754: RegisterHandler("keys", \&GetProfileKeys, 0, 1, 0);
1755: #
1756: # Dump the contents of a user profile database.
1757: # Note that this constitutes a very large covert channel too since
1758: # the dump will return sensitive information that is not encrypted.
1759: # The naive security assumption is that the session negotiation ensures
1760: # our client is trusted and I don't believe that's assured at present.
1761: # Sure want badly to go to ssl or tls. Of course if my peer isn't really
1762: # a LonCAPA node they could have negotiated an encryption key too so >sigh<.
1763: #
1764: # Parameters:
1765: # $cmd - The command request keyword (currentdump).
1766: # $tail - Remainder of the request, consisting of a colon
1767: # separated list that has the domain/username and
1768: # the namespace to dump (database file).
1769: # $client - file open on the remote client.
1770: # Returns:
1771: # 1 - Continue processing.
1772: # 0 - Exit the server.
1773: #
1774: sub DumpProfileDatabase {
1775: my $cmd = shift;
1776: my $tail = shift;
1777: my $client = shift;
1778: my $userinput = "$cmd:$tail";
1779:
1780: my ($udom,$uname,$namespace) = split(/:/,$tail);
1781: $namespace=~s/\//\_/g;
1782: $namespace=~s/\W//g;
1783: my $qresult='';
1784: my $proname=propath($udom,$uname);
1785: my %hash;
1786: if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_READER(),0640)) {
1787: # Structure of %data:
1788: # $data{$symb}->{$parameter}=$value;
1789: # $data{$symb}->{'v.'.$parameter}=$version;
1790: # since $parameter will be unescaped, we do not
1791: # have to worry about silly parameter names...
1792: my %data = (); # A hash of anonymous hashes..
1793: while (my ($key,$value) = each(%hash)) {
1794: my ($v,$symb,$param) = split(/:/,$key);
1795: next if ($v eq 'version' || $symb eq 'keys');
1796: next if (exists($data{$symb}) &&
1797: exists($data{$symb}->{$param}) &&
1798: $data{$symb}->{'v.'.$param} > $v);
1799: $data{$symb}->{$param}=$value;
1800: $data{$symb}->{'v.'.$param}=$v;
1801: }
1802: if (untie(%hash)) {
1803: while (my ($symb,$param_hash) = each(%data)) {
1804: while(my ($param,$value) = each (%$param_hash)){
1805: next if ($param =~ /^v\./); # Ignore versions...
1806: #
1807: # Just dump the symb=value pairs separated by &
1808: #
1809: $qresult.=$symb.':'.$param.'='.$value.'&';
1810: }
1811: }
1812: chop($qresult);
1813: Reply($client , "$qresult\n", $userinput);
1814: } else {
1815: Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
1816: "while attempting currentdump\n", $userinput);
1817: }
1818: } else {
1819: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
1820: "while attempting currentdump\n", $userinput);
1821: }
1822:
1823: return 1;
1824: }
1825: RegisterHandler("currentdump", \&DumpProfileDatabase, 0, 1, 0);
1826: #
1827: # Dump a profile database with an optional regular expression
1828: # to match against the keys. In this dump, no effort is made
1829: # to separate symb from version information. Presumably the
1830: # databases that are dumped by this command are of a different
1831: # structure. Need to look at this and improve the documentation of
1832: # both this and the currentdump handler.
1833: # Parameters:
1834: # $cmd - The command keyword.
1835: # $tail - All of the characters after the $cmd:
1836: # These are expected to be a colon
1837: # separated list containing:
1838: # domain/user - identifying the user.
1839: # namespace - identifying the database.
1840: # regexp - optional regular expression
1841: # that is matched against
1842: # database keywords to do
1843: # selective dumps.
1844: # $client - Channel open on the client.
1845: # Returns:
1846: # 1 - Continue processing.
1847: # Side effects:
1848: # response is written to $client.
1849: #
1850: sub DumpWithRegexp {
1851: my $cmd = shift;
1852: my $tail = shift;
1853: my $client = shift;
1854:
1855: my $userinput = "$cmd:$tail";
1856:
1857: my ($udom,$uname,$namespace,$regexp)=split(/:/,$tail);
1858: $namespace=~s/\//\_/g;
1859: $namespace=~s/\W//g;
1860: if (defined($regexp)) {
1861: $regexp=&unescape($regexp);
1862: } else {
1863: $regexp='.';
1864: }
1865: my $qresult='';
1866: my $proname=propath($udom,$uname);
1867: my %hash;
1868: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
1869: &GDBM_READER(),0640)) {
1870: study($regexp);
1871: while (my ($key,$value) = each(%hash)) {
1872: if ($regexp eq '.') {
1873: $qresult.=$key.'='.$value.'&';
1874: } else {
1875: my $unescapeKey = &unescape($key);
1876: if (eval('$unescapeKey=~/$regexp/')) {
1877: $qresult.="$key=$value&";
1878: }
1879: }
1880: }
1881: if (untie(%hash)) {
1882: chop($qresult);
1883: Reply($client, "$qresult\n", $userinput);
1884: } else {
1885: Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
1886: "while attempting dump\n", $userinput);
1887: }
1888: } else {
1889: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
1890: "while attempting dump\n", $userinput);
1891: }
1892:
1893: return 1;
1894: }
1895: RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0);
1896:
1897: # Store an aitem in any database but the roles database.
1898: #
1899: # Parameters:
1900: # $cmd - Request command keyword.
1901: # $tail - Tail of the request. This is a colon
1902: # separated list containing:
1903: # domain/user - User and authentication domain.
1904: # namespace - Name of the database being modified
1905: # rid - Resource keyword to modify.
1906: # what - new value associated with rid.
1907: #
1908: # $client - Socket open on the client.
1909: #
1910: #
1911: # Returns:
1912: # 1 (keep on processing).
1913: # Side-Effects:
1914: # Writes to the client
1915: sub StoreHandler {
1916: my $cmd = shift;
1917: my $tail = shift;
1918: my $client = shift;
1919:
1920: my $userinput = "$cmd:$tail";
1921:
1922: my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail);
1923: $namespace=~s/\//\_/g;
1924: $namespace=~s/\W//g;
1925: if ($namespace ne 'roles') {
1926: chomp($what);
1927: my $proname=propath($udom,$uname);
1928: my $now=time;
1929: unless ($namespace=~/^nohist\_/) {
1930: my $hfh;
1931: if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
1932: print $hfh "P:$now:$rid:$what\n";
1933: }
1934: }
1935: my @pairs=split(/\&/,$what);
1936: my %hash;
1937: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
1938: &GDBM_WRCREAT(),0640)) {
1939: my @previouskeys=split(/&/,$hash{"keys:$rid"});
1940: my $key;
1941: $hash{"version:$rid"}++;
1942: my $version=$hash{"version:$rid"};
1943: my $allkeys='';
1944: foreach my $pair (@pairs) {
1945: my ($key,$value)=split(/=/,$pair);
1946: $allkeys.=$key.':';
1947: $hash{"$version:$rid:$key"}=$value;
1948: }
1949: $hash{"$version:$rid:timestamp"}=$now;
1950: $allkeys.='timestamp';
1951: $hash{"$version:keys:$rid"}=$allkeys;
1952: if (untie(%hash)) {
1953: Reply($client, "ok\n", $userinput);
1954: } else {
1955: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
1956: "while attempting store\n", $userinput);
1957: }
1958: } else {
1959: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
1960: "while attempting store\n", $userinput);
1961: }
1962: } else {
1963: Failure($client, "refused\n", $userinput);
1964: }
1965:
1966: return 1;
1967: }
1968: RegisterHandler("store", \&StoreHandler, 0, 1, 0);
1969: #
1970: # Restore a prior version of a resource.
1971: #
1972: # Parameters:
1973: # $cmd - Command keyword.
1974: # $tail - Remainder of the request which consists of:
1975: # domain/user - User and auth. domain.
1976: # namespace - name of resource database.
1977: # rid - Resource id.
1978: # $client - socket open on the client.
1979: #
1980: # Returns:
1981: # 1 indicating the caller should not yet exit.
1982: # Side-effects:
1983: # Writes a reply to the client.
1984: #
1985: sub RestoreHandler {
1986: my $cmd = shift;
1987: my $tail = shift;
1988: my $client = shift;
1989:
1990: my $userinput = "$cmd:$tail"; # Only used for logging purposes.
1991:
1992: my ($cmd,$udom,$uname,$namespace,$rid) = split(/:/,$userinput);
1993: $namespace=~s/\//\_/g;
1994: $namespace=~s/\W//g;
1995: chomp($rid);
1996: my $proname=propath($udom,$uname);
1997: my $qresult='';
1998: my %hash;
1999: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
2000: &GDBM_READER(),0640)) {
2001: my $version=$hash{"version:$rid"};
2002: $qresult.="version=$version&";
2003: my $scope;
2004: for ($scope=1;$scope<=$version;$scope++) {
2005: my $vkeys=$hash{"$scope:keys:$rid"};
2006: my @keys=split(/:/,$vkeys);
2007: my $key;
2008: $qresult.="$scope:keys=$vkeys&";
2009: foreach $key (@keys) {
2010: $qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
2011: }
2012: }
2013: if (untie(%hash)) {
2014: $qresult=~s/\&$//;
2015: Reply( $client, "$qresult\n", $userinput);
2016: } else {
2017: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
2018: "while attempting restore\n", $userinput);
2019: }
2020: } else {
2021: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
2022: "while attempting restore\n", $userinput);
2023: }
2024:
2025: return 1;
2026:
2027:
2028: }
2029: RegisterHandler("restor", \&RestoreHandler, 0,1,0);
2030:
2031: #
2032: # Add a chat message to to a discussion board.
2033: #
2034: # Parameters:
2035: # $cmd - Request keyword.
2036: # $tail - Tail of the command. A colon separated list
2037: # containing:
2038: # cdom - Domain on which the chat board lives
2039: # cnum - Identifier of the discussion group.
2040: # post - Body of the posting.
2041: # $client - Socket open on the client.
2042: # Returns:
2043: # 1 - Indicating caller should keep on processing.
2044: #
2045: # Side-effects:
2046: # writes a reply to the client.
2047: #
2048: #
2049: sub SendChatHandler {
2050: my $cmd = shift;
2051: my $tail = shift;
2052: my $client = shift;
2053:
2054: my $userinput = "$cmd:$tail";
2055:
2056: my ($cdom,$cnum,$newpost)=split(/\:/,$tail);
2057: &chatadd($cdom,$cnum,$newpost);
2058: Reply($client, "ok\n", $userinput);
2059:
2060: return 1;
2061: }
2062: RegisterHandler("chatsend", \&SendChatHandler, 0, 1, 0);
2063: #
2064: # Retrieve the set of chat messagss from a discussion board.
2065: #
2066: # Parameters:
2067: # $cmd - Command keyword that initiated the request.
2068: # $tail - Remainder of the request after the command
2069: # keyword. In this case a colon separated list of
2070: # chat domain - Which discussion board.
2071: # chat id - Discussion thread(?)
2072: # domain/user - Authentication domain and username
2073: # of the requesting person.
2074: # $client - Socket open on the client program.
2075: # Returns:
2076: # 1 - continue processing
2077: # Side effects:
2078: # Response is written to the client.
2079: #
2080: sub RetrieveChatHandler {
2081: my $cmd = shift;
2082: my $tail = shift;
2083: my $client = shift;
2084:
2085: my $userinput = "$cmd:$tail";
2086:
2087: my ($cdom,$cnum,$udom,$uname)=split(/\:/,$tail);
2088: my $reply='';
2089: foreach (&getchat($cdom,$cnum,$udom,$uname)) {
2090: $reply.=&escape($_).':';
2091: }
2092: $reply=~s/\:$//;
2093: Reply($client, $reply."\n", $userinput);
2094:
2095:
2096: return 1;
2097: }
2098: RegisterHandler("chatretr", \&RetrieveChatHandler, 0, 1, 0);
2099: #
2100: # Initiate a query of an sql database. SQL query repsonses get put in
2101: # a file for later retrieval. This prevents sql query results from
2102: # bottlenecking the system. Note that with loncnew, perhaps this is
2103: # less of an issue since multiple outstanding requests can be concurrently
2104: # serviced.
2105: #
2106: # Parameters:
2107: # $cmd - COmmand keyword that initiated the request.
2108: # $tail - Remainder of the command after the keyword.
2109: # For this function, this consists of a query and
2110: # 3 arguments that are self-documentingly labelled
2111: # in the original arg1, arg2, arg3.
2112: # $client - Socket open on the client.
2113: # Return:
2114: # 1 - Indicating processing should continue.
2115: # Side-effects:
2116: # a reply is written to $client.
2117: #
2118: sub SendQueryHandler {
2119: my $cmd = shift;
2120: my $tail = shift;
2121: my $client = shift;
2122:
2123: my $userinput = "$cmd:$tail";
2124:
2125: my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
2126: $query=~s/\n*$//g;
2127: Reply($client, "". sqlreply("$clientname\&$query".
2128: "\&$arg1"."\&$arg2"."\&$arg3")."\n",
2129: $userinput);
2130:
2131: return 1;
2132: }
2133: RegisterHandler("querysend", \&SendQueryHandler, 0, 1, 0);
2134:
2135: #
2136: # Add a reply to an sql query. SQL queries are done asyncrhonously.
2137: # The query is submitted via a "querysend" transaction.
2138: # There it is passed on to the lonsql daemon, queued and issued to
2139: # mysql.
2140: # This transaction is invoked when the sql transaction is complete
2141: # it stores the query results in flie and indicates query completion.
2142: # presumably local software then fetches this response... I'm guessing
2143: # the sequence is: lonc does a querysend, we ask lonsql to do it.
2144: # lonsql on completion of the query interacts with the lond of our
2145: # client to do a query reply storing two files:
2146: # - id - The results of the query.
2147: # - id.end - Indicating the transaction completed.
2148: # NOTE: id is a unique id assigned to the query and querysend time.
2149: # Parameters:
2150: # $cmd - Command keyword that initiated this request.
2151: # $tail - Remainder of the tail. In this case that's a colon
2152: # separated list containing the query Id and the
2153: # results of the query.
2154: # $client - Socket open on the client.
2155: # Return:
2156: # 1 - Indicating that we should continue processing.
2157: # Side effects:
2158: # ok written to the client.
2159: #
2160: sub ReplyQueryHandler {
2161: my $cmd = shift;
2162: my $tail = shift;
2163: my $client = shift;
2164:
2165: my $userinput = "$cmd:$tail";
2166:
2167: my ($cmd,$id,$reply)=split(/:/,$userinput);
2168: my $store;
2169: my $execdir=$perlvar{'lonDaemons'};
2170: if ($store=IO::File->new(">$execdir/tmp/$id")) {
2171: $reply=~s/\&/\n/g;
2172: print $store $reply;
2173: close $store;
2174: my $store2=IO::File->new(">$execdir/tmp/$id.end");
2175: print $store2 "done\n";
2176: close $store2;
2177: Reply($client, "ok\n", $userinput);
2178: }
2179: else {
2180: Failure($client, "error: ".($!+0)
2181: ." IO::File->new Failed ".
2182: "while attempting queryreply\n", $userinput);
2183: }
2184:
2185:
2186: return 1;
2187: }
2188: RegisterHandler("queryreply", \&ReplyQueryHandler, 0, 1, 0);
2189: #
2190: # Process the courseidput query. Not quite sure what this means
2191: # at the system level sense. It appears a gdbm file in the
2192: # /home/httpd/lonUsers/$domain/nohist_courseids is tied and
2193: # a set of entries made in that database.
2194: #
2195: # Parameters:
2196: # $cmd - The command keyword that initiated this request.
2197: # $tail - Tail of the command. In this case consists of a colon
2198: # separated list contaning the domain to apply this to and
2199: # an ampersand separated list of keyword=value pairs.
2200: # $client - Socket open on the client.
2201: # Returns:
2202: # 1 - indicating that processing should continue
2203: #
2204: # Side effects:
2205: # reply is written to the client.
2206: #
2207: sub PutCourseIdHandler {
2208: my $cmd = shift;
2209: my $tail = shift;
2210: my $client = shift;
2211:
2212: my $userinput = "$cmd:$tail";
2213:
2214: my ($udom,$what)=split(/:/,$tail);
2215: chomp($what);
2216: $udom=~s/\W//g;
2217: my $proname=
2218: "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
2219: my $now=time;
2220: my @pairs=split(/\&/,$what);
2221: my %hash;
2222: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
2223: foreach my $pair (@pairs) {
2224: my ($key,$value)=split(/=/,$pair);
2225: $hash{$key}=$value.':'.$now;
2226: }
2227: if (untie(%hash)) {
2228: Reply($client, "ok\n", $userinput);
2229: } else {
2230: Failure( $client, "error: ".($!+0)
2231: ." untie(GDBM) Failed ".
2232: "while attempting courseidput\n", $userinput);
2233: }
2234: } else {
2235: Failure( $client, "error: ".($!+0)
2236: ." tie(GDBM) Failed ".
2237: "while attempting courseidput\n", $userinput);
2238: }
2239:
2240: return 1;
2241: }
2242: RegisterHandler("courseidput", \&PutCourseIdHandler, 0, 1, 0);
2243:
2244: # Retrieves the value of a course id resource keyword pattern
2245: # defined since a starting date. Both the starting date and the
2246: # keyword pattern are optional. If the starting date is not supplied it
2247: # is treated as the beginning of time. If the pattern is not found,
2248: # it is treatred as "." matching everything.
2249: #
2250: # Parameters:
2251: # $cmd - Command keyword that resulted in us being dispatched.
2252: # $tail - The remainder of the command that, in this case, consists
2253: # of a colon separated list of:
2254: # domain - The domain in which the course database is
2255: # defined.
2256: # since - Optional parameter describing the minimum
2257: # time of definition(?) of the resources that
2258: # will match the dump.
2259: # description - regular expression that is used to filter
2260: # the dump. Only keywords matching this regexp
2261: # will be used.
2262: # $client - The socket open on the client.
2263: # Returns:
2264: # 1 - Continue processing.
2265: # Side Effects:
2266: # a reply is written to $client.
2267: sub DumpCourseIdHandler {
2268: my $cmd = shift;
2269: my $tail = shift;
2270: my $client = shift;
2271:
2272: my $userinput = "$cmd:$tail";
2273:
2274: my ($udom,$since,$description) =split(/:/,$tail);
2275: if (defined($description)) {
2276: $description=&unescape($description);
2277: } else {
2278: $description='.';
2279: }
2280: unless (defined($since)) { $since=0; }
2281: my $qresult='';
2282: my $proname = "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
2283: my %hash;
2284: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
2285: while (my ($key,$value) = each(%hash)) {
2286: my ($descr,$lasttime)=split(/\:/,$value);
2287: if ($lasttime<$since) {
2288: next;
2289: }
2290: if ($description eq '.') {
2291: $qresult.=$key.'='.$descr.'&';
2292: } else {
2293: my $unescapeVal = &unescape($descr);
2294: if (eval('$unescapeVal=~/$description/i')) {
2295: $qresult.="$key=$descr&";
2296: }
2297: }
2298: }
2299: if (untie(%hash)) {
2300: chop($qresult);
2301: Reply($client, "$qresult\n", $userinput);
2302: } else {
2303: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
2304: "while attempting courseiddump\n", $userinput);
2305: }
2306: } else {
2307: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
2308: "while attempting courseiddump\n", $userinput);
2309: }
2310:
2311:
2312: return 1;
2313: }
2314: RegisterHandler("courseiddump", \&DumpCourseIdHandler, 0, 1, 0);
2315: #
2316: # Puts an id to a domains id database.
2317: #
2318: # Parameters:
2319: # $cmd - The command that triggered us.
2320: # $tail - Remainder of the request other than the command. This is a
2321: # colon separated list containing:
2322: # $domain - The domain for which we are writing the id.
2323: # $pairs - The id info to write... this is and & separated list
2324: # of keyword=value.
2325: # $client - Socket open on the client.
2326: # Returns:
2327: # 1 - Continue processing.
2328: # Side effects:
2329: # reply is written to $client.
2330: #
2331: sub PutIdHandler {
2332: my $cmd = shift;
2333: my $tail = shift;
2334: my $client = shift;
2335:
2336: my $userinput = "$cmd:$tail";
2337:
2338: my ($udom,$what)=split(/:/,$tail);
2339: chomp($what);
2340: $udom=~s/\W//g;
2341: my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
2342: my $now=time;
2343: {
2344: my $hfh;
2345: if ($hfh=IO::File->new(">>$proname.hist")) {
2346: print $hfh "P:$now:$what\n";
2347: }
2348: }
2349: my @pairs=split(/\&/,$what);
2350: my %hash;
2351: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
2352: foreach my $pair (@pairs) {
2353: my ($key,$value)=split(/=/,$pair);
2354: $hash{$key}=$value;
2355: }
2356: if (untie(%hash)) {
2357: Reply($client, "ok\n", $userinput);
2358: } else {
2359: Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
2360: "while attempting idput\n", $userinput);
2361: }
2362: } else {
2363: Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
2364: "while attempting idput\n", $userinput);
2365: }
2366:
2367: return 1;
2368: }
2369:
2370: RegisterHandler("idput", \&PutIdHandler, 0, 1, 0);
2371: #
2372: # Retrieves a set of id values from the id database.
2373: # Returns an & separated list of results, one for each requested id to the
2374: # client.
2375: #
2376: # Parameters:
2377: # $cmd - Command keyword that caused us to be dispatched.
2378: # $tail - Tail of the command. Consists of a colon separated:
2379: # domain - the domain whose id table we dump
2380: # ids Consists of an & separated list of
2381: # id keywords whose values will be fetched.
2382: # nonexisting keywords will have an empty value.
2383: # $client - Socket open on the client.
2384: #
2385: # Returns:
2386: # 1 - indicating processing should continue.
2387: # Side effects:
2388: # An & separated list of results is written to $client.
2389: #
2390: sub GetIdHandler {
2391: my $cmd = shift;
2392: my $tail = shift;
2393: my $client = shift;
2394:
2395: my $userinput = "$client:$tail";
2396:
2397: my ($udom,$what)=split(/:/,$tail);
2398: chomp($what);
2399: $udom=~s/\W//g;
2400: my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
2401: my @queries=split(/\&/,$what);
2402: my $qresult='';
2403: my %hash;
2404: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
2405: for (my $i=0;$i<=$#queries;$i++) {
2406: $qresult.="$hash{$queries[$i]}&";
2407: }
2408: if (untie(%hash)) {
2409: $qresult=~s/\&$//;
2410: Reply($client, "$qresult\n", $userinput);
2411: } else {
2412: Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
2413: "while attempting idget\n",$userinput);
2414: }
2415: } else {
2416: Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
2417: "while attempting idget\n",$userinput);
2418: }
2419:
2420: return 1;
2421: }
2422: RegisterHandler("idget", \&GetIdHandler, 0, 1, 0);
2423: #------------------------------------------------------------------------------------
2424: #
2425: # Process a Request. Takes a request from the client validates
2426: # it and performs the operation requested by it. Returns
2427: # a response to the client.
2428: #
2429: # Parameters:
2430: # request - A string containing the user's request.
2431: # Returns:
2432: # 0 - Requested to exit, caller should shut down.
2433: # 1 - Accept additional requests from the client.
2434: #
2435: sub ProcessRequest {
2436: my $Request = shift;
2437: my $KeepGoing = 1; # Assume we're not asked to stop.
2438:
2439: my $wasenc=0;
2440: my $userinput = $Request; # for compatibility with oldcode <yeach>
2441:
2442:
2443: # ------------------------------------------------------------ See if encrypted
2444:
2445: if($userinput =~ /^enc/) {
2446: $wasenc = 1;
2447: $userinput = Decipher($userinput);
2448: if(! $userinput) {
2449: Failure($client,"error:Encrypted data without negotiating key");
2450: return 0; # Break off with this imposter.
2451: }
2452: }
2453: # Split off the request keyword from the rest of the stuff.
2454:
2455: my ($command, $tail) = split(/:/, $userinput, 2);
2456:
2457:
2458: # ------------------------------------------------------------- Normal commands
2459:
2460: #
2461: # If the command is in the hash, then execute it via the hash dispatch:
2462: #
2463: if(defined $Dispatcher{$command}) {
2464:
2465: my $DispatchInfo = $Dispatcher{$command};
2466: my $Handler = $$DispatchInfo[0];
2467: my $NeedEncode = $$DispatchInfo[1];
2468: my $ClientTypes = $$DispatchInfo[2];
2469:
2470: # Validate the request:
2471:
2472: my $ok = 1;
2473: if($NeedEncode && (!$wasenc)) {
2474: Reply($client, "refused\n", $userinput);
2475: $ok = 0;
2476: }
2477: if(isClient && (($ClientTypes & $CLIENT_OK) == 0)) {
2478: Reply($client, "refused\n", $userinput);
2479: $ok = 0;
2480: }
2481: if(isManager && (($ClientTypes & $MANAGER_OK) == 0)) {
2482: Reply($client, "refused\n", $userinput);
2483: $ok = 0;
2484: }
2485: if($ok) {
2486: $KeepGoing = &$Handler($command, $tail, $client);
2487: }
2488:
2489:
2490:
2491:
2492:
2493: # ---------------------------------------------------------------------- tmpput
2494: } elsif ($userinput =~ /^tmpput/) {
2495: if(isClient) {
2496: my ($cmd,$what)=split(/:/,$userinput);
2497: my $store;
2498: $tmpsnum++;
2499: my $id=$$.'_'.$clientip.'_'.$tmpsnum;
2500: $id=~s/\W/\_/g;
2501: $what=~s/\n//g;
2502: my $execdir=$perlvar{'lonDaemons'};
2503: if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
2504: print $store $what;
2505: close $store;
2506: Reply($client, "$id\n", $userinput);
2507: }
2508: else {
2509: Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
2510: "while attempting tmpput\n", $userinput);
2511: }
2512: } else {
2513: Failure($client, "refused\n", $userinput);
2514:
2515: }
2516:
2517: # ---------------------------------------------------------------------- tmpget
2518: } elsif ($userinput =~ /^tmpget/) {
2519: if(isClient) {
2520: my ($cmd,$id)=split(/:/,$userinput);
2521: chomp($id);
2522: $id=~s/\W/\_/g;
2523: my $store;
2524: my $execdir=$perlvar{'lonDaemons'};
2525: if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
2526: my $reply=<$store>;
2527: Reply( $client, "$reply\n", $userinput);
2528: close $store;
2529: }
2530: else {
2531: Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
2532: "while attempting tmpget\n", $userinput);
2533: }
2534: } else {
2535: Failure($client, "refused\n", $userinput);
2536:
2537: }
2538: # ---------------------------------------------------------------------- tmpdel
2539: } elsif ($userinput =~ /^tmpdel/) {
2540: if(isClient) {
2541: my ($cmd,$id)=split(/:/,$userinput);
2542: chomp($id);
2543: $id=~s/\W/\_/g;
2544: my $execdir=$perlvar{'lonDaemons'};
2545: if (unlink("$execdir/tmp/$id.tmp")) {
2546: Reply($client, "ok\n", $userinput);
2547: } else {
2548: Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
2549: "while attempting tmpdel\n", $userinput);
2550: }
2551: } else {
2552: Failure($client, "refused\n", $userinput);
2553: }
2554: # -------------------------------------------------------------------------- ls
2555: } elsif ($userinput =~ /^ls/) {
2556: if(isClient) {
2557: my ($cmd,$ulsdir)=split(/:/,$userinput);
2558: my $ulsout='';
2559: my $ulsfn;
2560: if (-e $ulsdir) {
2561: if(-d $ulsdir) {
2562: if (opendir(LSDIR,$ulsdir)) {
2563: while ($ulsfn=readdir(LSDIR)) {
2564: my @ulsstats=stat($ulsdir.'/'.$ulsfn);
2565: $ulsout.=$ulsfn.'&'.
2566: join('&',@ulsstats).':';
2567: }
2568: closedir(LSDIR);
2569: }
2570: } else {
2571: my @ulsstats=stat($ulsdir);
2572: $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
2573: }
2574: } else {
2575: $ulsout='no_such_dir';
2576: }
2577: if ($ulsout eq '') { $ulsout='empty'; }
2578: Reply($client, "$ulsout\n", $userinput);
2579: } else {
2580: Failure($client, "refused\n", $userinput);
2581:
2582: }
2583: # ----------------------------------------------------------------- setannounce
2584: } elsif ($userinput =~ /^setannounce/) {
2585: if (isClient) {
2586: my ($cmd,$announcement)=split(/:/,$userinput);
2587: chomp($announcement);
2588: $announcement=&unescape($announcement);
2589: if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
2590: '/announcement.txt')) {
2591: print $store $announcement;
2592: close $store;
2593: Reply($client, "ok\n", $userinput);
2594: } else {
2595: Failure($client, "error: ".($!+0)."\n", $userinput);
2596: }
2597: } else {
2598: Failure($client, "refused\n", $userinput);
2599:
2600: }
2601: # ------------------------------------------------------------------ Hanging up
2602: } elsif (($userinput =~ /^exit/) ||
2603: ($userinput =~ /^init/)) { # no restrictions.
2604: &logthis("Client $clientip ($clientname) hanging up: $userinput");
2605: Reply($client, "bye\n", $userinput);
2606: $client->shutdown(2); # shutdown the socket forcibly.
2607: $client->close();
2608: $KeepGoing = 0; # Flag to exit the program.
2609:
2610: # ---------------------------------- set current host/domain
2611: } elsif ($userinput =~ /^sethost:/) {
2612: if (isClient) {
2613: Reply($client, &sethost($userinput)."\n", $userinput);
2614: } else {
2615: Failure($client, "refused\n", $userinput);
2616: }
2617: #---------------------------------- request file (?) version.
2618: } elsif ($userinput =~/^version:/) {
2619: if (isClient) {
2620: Reply($client, &version($userinput)."\n", $userinput);
2621: } else {
2622: Reply( $client, "refused\n", $userinput);
2623: }
2624: # ------------------------------------------------------------- unknown command
2625:
2626: } else {
2627: # unknown command
2628: Failure($client, "unknown_cmd\n", $userinput);
2629: }
2630:
2631: return $KeepGoing;
2632: }
2633:
2634:
2635: #
2636: # GetCertificate: Given a transaction that requires a certificate,
2637: # this function will extract the certificate from the transaction
2638: # request. Note that at this point, the only concept of a certificate
2639: # is the hostname to which we are connected.
2640: #
2641: # Parameter:
2642: # request - The request sent by our client (this parameterization may
2643: # need to change when we really use a certificate granting
2644: # authority.
2645: #
2646: sub GetCertificate {
2647: my $request = shift;
2648:
2649: return $clientip;
2650: }
2651:
2652:
2653:
2654: #
2655: # ReadManagerTable: Reads in the current manager table. For now this is
2656: # done on each manager authentication because:
2657: # - These authentications are not frequent
2658: # - This allows dynamic changes to the manager table
2659: # without the need to signal to the lond.
2660: #
2661:
2662: sub ReadManagerTable {
2663:
2664: # Clean out the old table first..
2665:
2666: foreach my $key (keys %managers) {
2667: delete $managers{$key};
2668: }
2669:
2670: my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
2671: if (!open (MANAGERS, $tablename)) {
2672: logthis('<font color="red">No manager table. Nobody can manage!!</font>');
2673: return;
2674: }
2675: while(my $host = <MANAGERS>) {
2676: chomp($host);
2677: if ($host =~ "^#") { # Comment line.
2678: logthis('<font color="green"> Skipping line: '. "$host</font>\n");
2679: next;
2680: }
2681: if (!defined $hostip{$host}) { # This is a non cluster member
2682: # The entry is of the form:
2683: # cluname:hostname
2684: # cluname - A 'cluster hostname' is needed in order to negotiate
2685: # the host key.
2686: # hostname- The dns name of the host.
2687: #
2688: my($cluname, $dnsname) = split(/:/, $host);
2689:
2690: my $ip = gethostbyname($dnsname);
2691: if(defined($ip)) { # bad names don't deserve entry.
2692: my $hostip = inet_ntoa($ip);
2693: $managers{$hostip} = $cluname;
2694: logthis('<font color="green"> registering manager '.
2695: "$dnsname as $cluname with $hostip </font>\n");
2696: }
2697: } else {
2698: logthis('<font color="green"> existing host'." $host</font>\n");
2699: $managers{$hostip{$host}} = $host; # Use info from cluster tab if clumemeber
2700: }
2701: }
2702: }
2703:
2704: #
2705: # ValidManager: Determines if a given certificate represents a valid manager.
2706: # in this primitive implementation, the 'certificate' is
2707: # just the connecting loncapa client name. This is checked
2708: # against a valid client list in the configuration.
2709: #
2710: #
2711: sub ValidManager {
2712: my $certificate = shift;
2713:
2714: return isManager;
2715: }
2716: #
2717: # CopyFile: Called as part of the process of installing a
2718: # new configuration file. This function copies an existing
2719: # file to a backup file.
2720: # Parameters:
2721: # oldfile - Name of the file to backup.
2722: # newfile - Name of the backup file.
2723: # Return:
2724: # 0 - Failure (errno has failure reason).
2725: # 1 - Success.
2726: #
2727: sub CopyFile {
2728: my $oldfile = shift;
2729: my $newfile = shift;
2730:
2731: # The file must exist:
2732:
2733: if(-e $oldfile) {
2734:
2735: # Read the old file.
2736:
2737: my $oldfh = IO::File->new("< $oldfile");
2738: if(!$oldfh) {
2739: return 0;
2740: }
2741: my @contents = <$oldfh>; # Suck in the entire file.
2742:
2743: # write the backup file:
2744:
2745: my $newfh = IO::File->new("> $newfile");
2746: if(!(defined $newfh)){
2747: return 0;
2748: }
2749: my $lines = scalar @contents;
2750: for (my $i =0; $i < $lines; $i++) {
2751: print $newfh ($contents[$i]);
2752: }
2753:
2754: $oldfh->close;
2755: $newfh->close;
2756:
2757: chmod(0660, $newfile);
2758:
2759: return 1;
2760:
2761: } else {
2762: return 0;
2763: }
2764: }
2765: #
2766: # Host files are passed out with externally visible host IPs.
2767: # If, for example, we are behind a fire-wall or NAT host, our
2768: # internally visible IP may be different than the externally
2769: # visible IP. Therefore, we always adjust the contents of the
2770: # host file so that the entry for ME is the IP that we believe
2771: # we have. At present, this is defined as the entry that
2772: # DNS has for us. If by some chance we are not able to get a
2773: # DNS translation for us, then we assume that the host.tab file
2774: # is correct.
2775: # BUGBUGBUG - in the future, we really should see if we can
2776: # easily query the interface(s) instead.
2777: # Parameter(s):
2778: # contents - The contents of the host.tab to check.
2779: # Returns:
2780: # newcontents - The adjusted contents.
2781: #
2782: #
2783: sub AdjustHostContents {
2784: my $contents = shift;
2785: my $adjusted;
2786: my $me = $perlvar{'lonHostID'};
2787:
2788: foreach my $line (split(/\n/,$contents)) {
2789: if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
2790: chomp($line);
2791: my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
2792: if ($id eq $me) {
2793: my $ip = gethostbyname($name);
2794: my $ipnew = inet_ntoa($ip);
2795: $ip = $ipnew;
2796: # Reconstruct the host line and append to adjusted:
2797:
2798: my $newline = "$id:$domain:$role:$name:$ip";
2799: if($maxcon ne "") { # Not all hosts have loncnew tuning params
2800: $newline .= ":$maxcon:$idleto:$mincon";
2801: }
2802: $adjusted .= $newline."\n";
2803:
2804: } else { # Not me, pass unmodified.
2805: $adjusted .= $line."\n";
2806: }
2807: } else { # Blank or comment never re-written.
2808: $adjusted .= $line."\n"; # Pass blanks and comments as is.
2809: }
2810: }
2811: return $adjusted;
2812: }
2813: #
2814: # InstallFile: Called to install an administrative file:
2815: # - The file is created with <name>.tmp
2816: # - The <name>.tmp file is then mv'd to <name>
2817: # This lugubrious procedure is done to ensure that we are never without
2818: # a valid, even if dated, version of the file regardless of who crashes
2819: # and when the crash occurs.
2820: #
2821: # Parameters:
2822: # Name of the file
2823: # File Contents.
2824: # Return:
2825: # nonzero - success.
2826: # 0 - failure and $! has an errno.
2827: #
2828: sub InstallFile {
2829: my $Filename = shift;
2830: my $Contents = shift;
2831: my $TempFile = $Filename.".tmp";
2832:
2833: # Open the file for write:
2834:
2835: my $fh = IO::File->new("> $TempFile"); # Write to temp.
2836: if(!(defined $fh)) {
2837: &logthis('<font color="red"> Unable to create '.$TempFile."</font>");
2838: return 0;
2839: }
2840: # write the contents of the file:
2841:
2842: print $fh ($Contents);
2843: $fh->close; # In case we ever have a filesystem w. locking
2844:
2845: chmod(0660, $TempFile);
2846:
2847: # Now we can move install the file in position.
2848:
2849: move($TempFile, $Filename);
2850:
2851: return 1;
2852: }
2853: #
2854: # ConfigFileFromSelector: converts a configuration file selector
2855: # (one of host or domain at this point) into a
2856: # configuration file pathname.
2857: #
2858: # Parameters:
2859: # selector - Configuration file selector.
2860: # Returns:
2861: # Full path to the file or undef if the selector is invalid.
2862: #
2863: sub ConfigFileFromSelector {
2864: my $selector = shift;
2865: my $tablefile;
2866:
2867: my $tabledir = $perlvar{'lonTabDir'}.'/';
2868: if ($selector eq "hosts") {
2869: $tablefile = $tabledir."hosts.tab";
2870: } elsif ($selector eq "domain") {
2871: $tablefile = $tabledir."domain.tab";
2872: } else {
2873: return undef;
2874: }
2875: return $tablefile;
2876:
2877: }
2878: #
2879: # PushFile: Called to do an administrative push of a file.
2880: # - Ensure the file being pushed is one we support.
2881: # - Backup the old file to <filename.saved>
2882: # - Separate the contents of the new file out from the
2883: # rest of the request.
2884: # - Write the new file.
2885: # Parameter:
2886: # Request - The entire user request. This consists of a : separated
2887: # string pushfile:tablename:contents.
2888: # NOTE: The contents may have :'s in it as well making things a bit
2889: # more interesting... but not much.
2890: # Returns:
2891: # String to send to client ("ok" or "refused" if bad file).
2892: #
2893: sub PushFile {
2894: my $request = shift;
2895: my ($command, $filename, $contents) = split(":", $request, 3);
2896:
2897: # At this point in time, pushes for only the following tables are
2898: # supported:
2899: # hosts.tab ($filename eq host).
2900: # domain.tab ($filename eq domain).
2901: # Construct the destination filename or reject the request.
2902: #
2903: # lonManage is supposed to ensure this, however this session could be
2904: # part of some elaborate spoof that managed somehow to authenticate.
2905: #
2906:
2907:
2908: my $tablefile = ConfigFileFromSelector($filename);
2909: if(! (defined $tablefile)) {
2910: return "refused";
2911: }
2912: #
2913: # >copy< the old table to the backup table
2914: # don't rename in case system crashes/reboots etc. in the time
2915: # window between a rename and write.
2916: #
2917: my $backupfile = $tablefile;
2918: $backupfile =~ s/\.tab$/.old/;
2919: if(!CopyFile($tablefile, $backupfile)) {
2920: &logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
2921: return "error:$!";
2922: }
2923: &logthis('<font color="green"> Pushfile: backed up '
2924: .$tablefile." to $backupfile</font>");
2925:
2926: # If the file being pushed is the host file, we adjust the entry for ourself so that the
2927: # IP will be our current IP as looked up in dns. Note this is only 99% good as it's possible
2928: # to conceive of conditions where we don't have a DNS entry locally. This is possible in a
2929: # network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
2930: # that possibilty.
2931:
2932: if($filename eq "host") {
2933: $contents = AdjustHostContents($contents);
2934: }
2935:
2936: # Install the new file:
2937:
2938: if(!InstallFile($tablefile, $contents)) {
2939: &logthis('<font color="red"> Pushfile: unable to install '
2940: .$tablefile." $! </font>");
2941: return "error:$!";
2942: }
2943: else {
2944: &logthis('<font color="green"> Installed new '.$tablefile
2945: ."</font>");
2946:
2947: }
2948:
2949:
2950: # Indicate success:
2951:
2952: return "ok";
2953:
2954: }
2955:
2956: #
2957: # Called to re-init either lonc or lond.
2958: #
2959: # Parameters:
2960: # request - The full request by the client. This is of the form
2961: # reinit:<process>
2962: # where <process> is allowed to be either of
2963: # lonc or lond
2964: #
2965: # Returns:
2966: # The string to be sent back to the client either:
2967: # ok - Everything worked just fine.
2968: # error:why - There was a failure and why describes the reason.
2969: #
2970: #
2971: sub ReinitProcess {
2972: my $request = shift;
2973:
2974:
2975: # separate the request (reinit) from the process identifier and
2976: # validate it producing the name of the .pid file for the process.
2977: #
2978: #
2979: my ($junk, $process) = split(":", $request);
2980: my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
2981: if($process eq 'lonc') {
2982: $processpidfile = $processpidfile."lonc.pid";
2983: if (!open(PIDFILE, "< $processpidfile")) {
2984: return "error:Open failed for $processpidfile";
2985: }
2986: my $loncpid = <PIDFILE>;
2987: close(PIDFILE);
2988: logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
2989: ."</font>");
2990: kill("USR2", $loncpid);
2991: } elsif ($process eq 'lond') {
2992: logthis('<font color="red"> Reinitializing self (lond) </font>');
2993: &UpdateHosts; # Lond is us!!
2994: } else {
2995: &logthis('<font color="yellow" Invalid reinit request for '.$process
2996: ."</font>");
2997: return "error:Invalid process identifier $process";
2998: }
2999: return 'ok';
3000: }
3001: # Validate a line in a configuration file edit script:
3002: # Validation includes:
3003: # - Ensuring the command is valid.
3004: # - Ensuring the command has sufficient parameters
3005: # Parameters:
3006: # scriptline - A line to validate (\n has been stripped for what it's worth).
3007: #
3008: # Return:
3009: # 0 - Invalid scriptline.
3010: # 1 - Valid scriptline
3011: # NOTE:
3012: # Only the command syntax is checked, not the executability of the
3013: # command.
3014: #
3015: sub isValidEditCommand {
3016: my $scriptline = shift;
3017:
3018: # Line elements are pipe separated:
3019:
3020: my ($command, $key, $newline) = split(/\|/, $scriptline);
3021: &logthis('<font color="green"> isValideditCommand checking: '.
3022: "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
3023:
3024: if ($command eq "delete") {
3025: #
3026: # key with no newline.
3027: #
3028: if( ($key eq "") || ($newline ne "")) {
3029: return 0; # Must have key but no newline.
3030: } else {
3031: return 1; # Valid syntax.
3032: }
3033: } elsif ($command eq "replace") {
3034: #
3035: # key and newline:
3036: #
3037: if (($key eq "") || ($newline eq "")) {
3038: return 0;
3039: } else {
3040: return 1;
3041: }
3042: } elsif ($command eq "append") {
3043: if (($key ne "") && ($newline eq "")) {
3044: return 1;
3045: } else {
3046: return 0;
3047: }
3048: } else {
3049: return 0; # Invalid command.
3050: }
3051: return 0; # Should not get here!!!
3052: }
3053: #
3054: # ApplyEdit - Applies an edit command to a line in a configuration
3055: # file. It is the caller's responsiblity to validate the
3056: # edit line.
3057: # Parameters:
3058: # $directive - A single edit directive to apply.
3059: # Edit directives are of the form:
3060: # append|newline - Appends a new line to the file.
3061: # replace|key|newline - Replaces the line with key value 'key'
3062: # delete|key - Deletes the line with key value 'key'.
3063: # $editor - A config file editor object that contains the
3064: # file being edited.
3065: #
3066: sub ApplyEdit {
3067: my $directive = shift;
3068: my $editor = shift;
3069:
3070: # Break the directive down into its command and its parameters
3071: # (at most two at this point. The meaning of the parameters, if in fact
3072: # they exist depends on the command).
3073:
3074: my ($command, $p1, $p2) = split(/\|/, $directive);
3075:
3076: if($command eq "append") {
3077: $editor->Append($p1); # p1 - key p2 null.
3078: } elsif ($command eq "replace") {
3079: $editor->ReplaceLine($p1, $p2); # p1 - key p2 = newline.
3080: } elsif ($command eq "delete") {
3081: $editor->DeleteLine($p1); # p1 - key p2 null.
3082: } else { # Should not get here!!!
3083: die "Invalid command given to ApplyEdit $command"
3084: }
3085: }
3086: #
3087: # AdjustOurHost:
3088: # Adjusts a host file stored in a configuration file editor object
3089: # for the true IP address of this host. This is necessary for hosts
3090: # that live behind a firewall.
3091: # Those hosts have a publicly distributed IP of the firewall, but
3092: # internally must use their actual IP. We assume that a given
3093: # host only has a single IP interface for now.
3094: # Formal Parameters:
3095: # editor - The configuration file editor to adjust. This
3096: # editor is assumed to contain a hosts.tab file.
3097: # Strategy:
3098: # - Figure out our hostname.
3099: # - Lookup the entry for this host.
3100: # - Modify the line to contain our IP
3101: # - Do a replace for this host.
3102: sub AdjustOurHost {
3103: my $editor = shift;
3104:
3105: # figure out who I am.
3106:
3107: my $myHostName = $perlvar{'lonHostID'}; # LonCAPA hostname.
3108:
3109: # Get my host file entry.
3110:
3111: my $ConfigLine = $editor->Find($myHostName);
3112: if(! (defined $ConfigLine)) {
3113: die "AdjustOurHost - no entry for me in hosts file $myHostName";
3114: }
3115: # figure out my IP:
3116: # Use the config line to get my hostname.
3117: # Use gethostbyname to translate that into an IP address.
3118: #
3119: my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
3120: my $BinaryIp = gethostbyname($name);
3121: my $ip = inet_ntoa($ip);
3122: #
3123: # Reassemble the config line from the elements in the list.
3124: # Note that if the loncnew items were not present before, they will
3125: # be now even if they would be empty
3126: #
3127: my $newConfigLine = $id;
3128: foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
3129: $newConfigLine .= ":".$item;
3130: }
3131: # Replace the line:
3132:
3133: $editor->ReplaceLine($id, $newConfigLine);
3134:
3135: }
3136: #
3137: # ReplaceConfigFile:
3138: # Replaces a configuration file with the contents of a
3139: # configuration file editor object.
3140: # This is done by:
3141: # - Copying the target file to <filename>.old
3142: # - Writing the new file to <filename>.tmp
3143: # - Moving <filename.tmp> -> <filename>
3144: # This laborious process ensures that the system is never without
3145: # a configuration file that's at least valid (even if the contents
3146: # may be dated).
3147: # Parameters:
3148: # filename - Name of the file to modify... this is a full path.
3149: # editor - Editor containing the file.
3150: #
3151: sub ReplaceConfigFile {
3152: my $filename = shift;
3153: my $editor = shift;
3154:
3155: CopyFile ($filename, $filename.".old");
3156:
3157: my $contents = $editor->Get(); # Get the contents of the file.
3158:
3159: InstallFile($filename, $contents);
3160: }
3161: #
3162: #
3163: # Called to edit a configuration table file
3164: # Parameters:
3165: # request - The entire command/request sent by lonc or lonManage
3166: # Return:
3167: # The reply to send to the client.
3168: #
3169: sub EditFile {
3170: my $request = shift;
3171:
3172: # Split the command into it's pieces: edit:filetype:script
3173:
3174: my ($request, $filetype, $script) = split(/:/, $request,3); # : in script
3175:
3176: # Check the pre-coditions for success:
3177:
3178: if($request != "edit") { # Something is amiss afoot alack.
3179: return "error:edit request detected, but request != 'edit'\n";
3180: }
3181: if( ($filetype ne "hosts") &&
3182: ($filetype ne "domain")) {
3183: return "error:edit requested with invalid file specifier: $filetype \n";
3184: }
3185:
3186: # Split the edit script and check it's validity.
3187:
3188: my @scriptlines = split(/\n/, $script); # one line per element.
3189: my $linecount = scalar(@scriptlines);
3190: for(my $i = 0; $i < $linecount; $i++) {
3191: chomp($scriptlines[$i]);
3192: if(!isValidEditCommand($scriptlines[$i])) {
3193: return "error:edit with bad script line: '$scriptlines[$i]' \n";
3194: }
3195: }
3196:
3197: # Execute the edit operation.
3198: # - Create a config file editor for the appropriate file and
3199: # - execute each command in the script:
3200: #
3201: my $configfile = ConfigFileFromSelector($filetype);
3202: if (!(defined $configfile)) {
3203: return "refused\n";
3204: }
3205: my $editor = ConfigFileEdit->new($configfile);
3206:
3207: for (my $i = 0; $i < $linecount; $i++) {
3208: ApplyEdit($scriptlines[$i], $editor);
3209: }
3210: # If the file is the host file, ensure that our host is
3211: # adjusted to have our ip:
3212: #
3213: if($filetype eq "host") {
3214: AdjustOurHost($editor);
3215: }
3216: # Finally replace the current file with our file.
3217: #
3218: ReplaceConfigFile($configfile, $editor);
3219:
3220: return "ok\n";
3221: }
3222: #
3223: # Convert an error return code from lcpasswd to a string value.
3224: #
3225: sub lcpasswdstrerror {
3226: my $ErrorCode = shift;
3227: if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) {
3228: return "lcpasswd Unrecognized error return value ".$ErrorCode;
3229: } else {
3230: return $passwderrors[$ErrorCode];
3231: }
3232: }
3233:
3234: #
3235: # Convert an error return code from lcuseradd to a string value:
3236: #
3237: sub lcuseraddstrerror {
3238: my $ErrorCode = shift;
3239: if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) {
3240: return "lcuseradd - Unrecognized error code: ".$ErrorCode;
3241: } else {
3242: return $adderrors[$ErrorCode];
3243: }
3244: }
3245:
3246: # grabs exception and records it to log before exiting
3247: sub catchexception {
3248: my ($error)=@_;
3249: $SIG{'QUIT'}='DEFAULT';
3250: $SIG{__DIE__}='DEFAULT';
3251: &status("Catching exception");
3252: &logthis("<font color=red>CRITICAL: "
3253: ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
3254: ."a crash with this error msg->[$error]</font>");
3255: &logthis('Famous last words: '.$status.' - '.$lastlog);
3256: if ($client) { print $client "error: $error\n"; }
3257: $server->close();
3258: die($error);
3259: }
3260:
3261: sub timeout {
3262: &status("Handling Timeout");
3263: &logthis("<font color=ref>CRITICAL: TIME OUT ".$$."</font>");
3264: &catchexception('Timeout');
3265: }
3266: # -------------------------------- Set signal handlers to record abnormal exits
3267:
3268: $SIG{'QUIT'}=\&catchexception;
3269: $SIG{__DIE__}=\&catchexception;
3270:
3271: # ---------------------------------- Read loncapa_apache.conf and loncapa.conf
3272: &status("Read loncapa.conf and loncapa_apache.conf");
3273: my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf');
3274: %perlvar=%{$perlvarref};
3275: undef $perlvarref;
3276:
3277: # ----------------------------- Make sure this process is running from user=www
3278: my $wwwid=getpwnam('www');
3279: if ($wwwid!=$<) {
3280: my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
3281: my $subj="LON: $currenthostid User ID mismatch";
3282: system("echo 'User ID mismatch. lond must be run as user www.' |\
3283: mailto $emailto -s '$subj' > /dev/null");
3284: exit 1;
3285: }
3286:
3287: # --------------------------------------------- Check if other instance running
3288:
3289: my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
3290:
3291: if (-e $pidfile) {
3292: my $lfh=IO::File->new("$pidfile");
3293: my $pide=<$lfh>;
3294: chomp($pide);
3295: if (kill 0 => $pide) { die "already running"; }
3296: }
3297:
3298: # ------------------------------------------------------------- Read hosts file
3299:
3300:
3301:
3302: # establish SERVER socket, bind and listen.
3303: $server = IO::Socket::INET->new(LocalPort => $perlvar{'londPort'},
3304: Type => SOCK_STREAM,
3305: Proto => 'tcp',
3306: Reuse => 1,
3307: Listen => 10 )
3308: or die "making socket: $@\n";
3309:
3310: # --------------------------------------------------------- Do global variables
3311:
3312: # global variables
3313:
3314: my %children = (); # keys are current child process IDs
3315: my $children = 0; # current number of children
3316:
3317: sub REAPER { # takes care of dead children
3318: $SIG{CHLD} = \&REAPER;
3319: &status("Handling child death");
3320: my $pid = wait;
3321: if (defined($children{$pid})) {
3322: &logthis("Child $pid died");
3323: $children --;
3324: delete $children{$pid};
3325: } else {
3326: &logthis("Unknown Child $pid died");
3327: }
3328: &status("Finished Handling child death");
3329: }
3330:
3331: sub HUNTSMAN { # signal handler for SIGINT
3332: &status("Killing children (INT)");
3333: local($SIG{CHLD}) = 'IGNORE'; # we're going to kill our children
3334: kill 'INT' => keys %children;
3335: &logthis("Free socket: ".shutdown($server,2)); # free up socket
3336: my $execdir=$perlvar{'lonDaemons'};
3337: unlink("$execdir/logs/lond.pid");
3338: &logthis("<font color=red>CRITICAL: Shutting down</font>");
3339: &status("Done killing children");
3340: exit; # clean up with dignity
3341: }
3342:
3343: sub HUPSMAN { # signal handler for SIGHUP
3344: local($SIG{CHLD}) = 'IGNORE'; # we're going to kill our children
3345: &status("Killing children for restart (HUP)");
3346: kill 'INT' => keys %children;
3347: &logthis("Free socket: ".shutdown($server,2)); # free up socket
3348: &logthis("<font color=red>CRITICAL: Restarting</font>");
3349: my $execdir=$perlvar{'lonDaemons'};
3350: unlink("$execdir/logs/lond.pid");
3351: &status("Restarting self (HUP)");
3352: exec("$execdir/lond"); # here we go again
3353: }
3354:
3355: #
3356: # Kill off hashes that describe the host table prior to re-reading it.
3357: # Hashes affected are:
3358: # %hostid, %hostdom %hostip
3359: #
3360: sub KillHostHashes {
3361: foreach my $key (keys %hostid) {
3362: delete $hostid{$key};
3363: }
3364: foreach my $key (keys %hostdom) {
3365: delete $hostdom{$key};
3366: }
3367: foreach my $key (keys %hostip) {
3368: delete $hostip{$key};
3369: }
3370: }
3371: #
3372: # Read in the host table from file and distribute it into the various hashes:
3373: #
3374: # - %hostid - Indexed by IP, the loncapa hostname.
3375: # - %hostdom - Indexed by loncapa hostname, the domain.
3376: # - %hostip - Indexed by hostid, the Ip address of the host.
3377: sub ReadHostTable {
3378:
3379: open (CONFIG,"$perlvar{'lonTabDir'}/hosts.tab") || die "Can't read host file";
3380:
3381: while (my $configline=<CONFIG>) {
3382: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
3383: chomp($ip); $ip=~s/\D+$//;
3384: $hostid{$ip}=$id;
3385: $hostdom{$id}=$domain;
3386: $hostip{$id}=$ip;
3387: if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; }
3388: }
3389: close(CONFIG);
3390: }
3391: #
3392: # Reload the Apache daemon's state.
3393: # This is done by invoking /home/httpd/perl/apachereload
3394: # a setuid perl script that can be root for us to do this job.
3395: #
3396: sub ReloadApache {
3397: my $execdir = $perlvar{'lonDaemons'};
3398: my $script = $execdir."/apachereload";
3399: system($script);
3400: }
3401:
3402: #
3403: # Called in response to a USR2 signal.
3404: # - Reread hosts.tab
3405: # - All children connected to hosts that were removed from hosts.tab
3406: # are killed via SIGINT
3407: # - All children connected to previously existing hosts are sent SIGUSR1
3408: # - Our internal hosts hash is updated to reflect the new contents of
3409: # hosts.tab causing connections from hosts added to hosts.tab to
3410: # now be honored.
3411: #
3412: sub UpdateHosts {
3413: &status("Reload hosts.tab");
3414: logthis('<font color="blue"> Updating connections </font>');
3415: #
3416: # The %children hash has the set of IP's we currently have children
3417: # on. These need to be matched against records in the hosts.tab
3418: # Any ip's no longer in the table get killed off they correspond to
3419: # either dropped or changed hosts. Note that the re-read of the table
3420: # will take care of new and changed hosts as connections come into being.
3421:
3422:
3423: KillHostHashes;
3424: ReadHostTable;
3425:
3426: foreach my $child (keys %children) {
3427: my $childip = $children{$child};
3428: if(!$hostid{$childip}) {
3429: logthis('<font color="blue"> UpdateHosts killing child '
3430: ." $child for ip $childip </font>");
3431: kill('INT', $child);
3432: } else {
3433: logthis('<font color="green"> keeping child for ip '
3434: ." $childip (pid=$child) </font>");
3435: }
3436: }
3437: ReloadApache;
3438: &status("Finished reloading hosts.tab");
3439: }
3440:
3441:
3442: sub checkchildren {
3443: &status("Checking on the children (sending signals)");
3444: &initnewstatus();
3445: &logstatus();
3446: &logthis('Going to check on the children');
3447: my $docdir=$perlvar{'lonDocRoot'};
3448: foreach (sort keys %children) {
3449: sleep 1;
3450: unless (kill 'USR1' => $_) {
3451: &logthis ('Child '.$_.' is dead');
3452: &logstatus($$.' is dead');
3453: }
3454: }
3455: sleep 5;
3456: $SIG{ALRM} = sub { die "timeout" };
3457: $SIG{__DIE__} = 'DEFAULT';
3458: &status("Checking on the children (waiting for reports)");
3459: foreach (sort keys %children) {
3460: unless (-e "$docdir/lon-status/londchld/$_.txt") {
3461: eval {
3462: alarm(300);
3463: &logthis('Child '.$_.' did not respond');
3464: kill 9 => $_;
3465: #$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
3466: #$subj="LON: $currenthostid killed lond process $_";
3467: #my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
3468: #$execdir=$perlvar{'lonDaemons'};
3469: #$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
3470: alarm(0);
3471: }
3472: }
3473: }
3474: $SIG{ALRM} = 'DEFAULT';
3475: $SIG{__DIE__} = \&catchexception;
3476: &status("Finished checking children");
3477: }
3478:
3479: # --------------------------------------------------------------------- Logging
3480:
3481: sub logthis {
3482: my $message=shift;
3483: my $execdir=$perlvar{'lonDaemons'};
3484: my $fh=IO::File->new(">>$execdir/logs/lond.log");
3485: my $now=time;
3486: my $local=localtime($now);
3487: $lastlog=$local.': '.$message;
3488: print $fh "$local ($$): $message\n";
3489: }
3490:
3491: # ------------------------- Conditional log if $DEBUG true.
3492: sub Debug {
3493: my $message = shift;
3494: if($DEBUG) {
3495: &logthis($message);
3496: }
3497: }
3498:
3499: #
3500: # Sub to do replies to client.. this gives a hook for some
3501: # debug tracing too:
3502: # Parameters:
3503: # fd - File open on client.
3504: # reply - Text to send to client.
3505: # request - Original request from client.
3506: #
3507: # Note: This increments Transactions
3508: #
3509: sub Reply {
3510: alarm(120);
3511: my $fd = shift;
3512: my $reply = shift;
3513: my $request = shift;
3514:
3515: print $fd $reply;
3516: Debug("Request was $request Reply was $reply");
3517:
3518: $Transactions++;
3519: alarm(0);
3520:
3521:
3522: }
3523: #
3524: # Sub to report a failure.
3525: # This function:
3526: # - Increments the failure statistic counters.
3527: # - Invokes Reply to send the error message to the client.
3528: # Parameters:
3529: # fd - File descriptor open on the client
3530: # reply - Reply text to emit.
3531: # request - The original request message (used by Reply
3532: # to debug if that's enabled.
3533: # Implicit outputs:
3534: # $Failures- The number of failures is incremented.
3535: # Reply (invoked here) sends a message to the
3536: # client:
3537: #
3538: sub Failure {
3539: my $fd = shift;
3540: my $reply = shift;
3541: my $request = shift;
3542:
3543: $Failures++;
3544: Reply($fd, $reply, $request); # That's simple eh?
3545: }
3546: # ------------------------------------------------------------------ Log status
3547:
3548: sub logstatus {
3549: &status("Doing logging");
3550: my $docdir=$perlvar{'lonDocRoot'};
3551: {
3552: my $fh=IO::File->new(">>$docdir/lon-status/londstatus.txt");
3553: print $fh $$."\t".$currenthostid."\t".$status."\t".$lastlog."\n";
3554: $fh->close();
3555: }
3556: &status("Finished londstatus.txt");
3557: {
3558: my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
3559: print $fh $status."\n".$lastlog."\n".time;
3560: $fh->close();
3561: }
3562: ResetStatistics;
3563: &status("Finished logging");
3564:
3565: }
3566:
3567: sub initnewstatus {
3568: my $docdir=$perlvar{'lonDocRoot'};
3569: my $fh=IO::File->new(">$docdir/lon-status/londstatus.txt");
3570: my $now=time;
3571: my $local=localtime($now);
3572: print $fh "LOND status $local - parent $$\n\n";
3573: opendir(DIR,"$docdir/lon-status/londchld");
3574: while (my $filename=readdir(DIR)) {
3575: unlink("$docdir/lon-status/londchld/$filename");
3576: }
3577: closedir(DIR);
3578: }
3579:
3580: # -------------------------------------------------------------- Status setting
3581:
3582: sub status {
3583: my $what=shift;
3584: my $now=time;
3585: my $local=localtime($now);
3586: my $status = "lond: $what $local ";
3587: if($Transactions) {
3588: $status .= " Transactions: $Transactions Failed; $Failures";
3589: }
3590: $0=$status;
3591: }
3592:
3593: # -------------------------------------------------------- Escape Special Chars
3594:
3595: sub escape {
3596: my $str=shift;
3597: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
3598: return $str;
3599: }
3600:
3601: # ----------------------------------------------------- Un-Escape Special Chars
3602:
3603: sub unescape {
3604: my $str=shift;
3605: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
3606: return $str;
3607: }
3608:
3609: # ----------------------------------------------------------- Send USR1 to lonc
3610:
3611: sub reconlonc {
3612: my $peerfile=shift;
3613: &logthis("Trying to reconnect for $peerfile");
3614: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
3615: if (my $fh=IO::File->new("$loncfile")) {
3616: my $loncpid=<$fh>;
3617: chomp($loncpid);
3618: if (kill 0 => $loncpid) {
3619: &logthis("lonc at pid $loncpid responding, sending USR1");
3620: kill USR1 => $loncpid;
3621: } else {
3622: &logthis(
3623: "<font color=red>CRITICAL: "
3624: ."lonc at pid $loncpid not responding, giving up</font>");
3625: }
3626: } else {
3627: &logthis('<font color=red>CRITICAL: lonc not running, giving up</font>');
3628: }
3629: }
3630:
3631: # -------------------------------------------------- Non-critical communication
3632:
3633: sub subreply {
3634: my ($cmd,$server)=@_;
3635: my $peerfile="$perlvar{'lonSockDir'}/$server";
3636: my $sclient=IO::Socket::UNIX->new(Peer =>"$peerfile",
3637: Type => SOCK_STREAM,
3638: Timeout => 10)
3639: or return "con_lost";
3640: print $sclient "$cmd\n";
3641: my $answer=<$sclient>;
3642: chomp($answer);
3643: if (!$answer) { $answer="con_lost"; }
3644: return $answer;
3645: }
3646:
3647: sub reply {
3648: my ($cmd,$server)=@_;
3649: my $answer;
3650: if ($server ne $currenthostid) {
3651: $answer=subreply($cmd,$server);
3652: if ($answer eq 'con_lost') {
3653: $answer=subreply("ping",$server);
3654: if ($answer ne $server) {
3655: &logthis("sub reply: answer != server answer is $answer, server is $server");
3656: &reconlonc("$perlvar{'lonSockDir'}/$server");
3657: }
3658: $answer=subreply($cmd,$server);
3659: }
3660: } else {
3661: $answer='self_reply';
3662: }
3663: return $answer;
3664: }
3665:
3666: # -------------------------------------------------------------- Talk to lonsql
3667:
3668: sub sqlreply {
3669: my ($cmd)=@_;
3670: my $answer=subsqlreply($cmd);
3671: if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
3672: return $answer;
3673: }
3674:
3675: sub subsqlreply {
3676: my ($cmd)=@_;
3677: my $unixsock="mysqlsock";
3678: my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
3679: my $sclient=IO::Socket::UNIX->new(Peer =>"$peerfile",
3680: Type => SOCK_STREAM,
3681: Timeout => 10)
3682: or return "con_lost";
3683: print $sclient "$cmd\n";
3684: my $answer=<$sclient>;
3685: chomp($answer);
3686: if (!$answer) { $answer="con_lost"; }
3687: return $answer;
3688: }
3689:
3690: # -------------------------------------------- Return path to profile directory
3691:
3692: sub propath {
3693: my ($udom,$uname)=@_;
3694: $udom=~s/\W//g;
3695: $uname=~s/\W//g;
3696: my $subdir=$uname.'__';
3697: $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
3698: my $proname="$perlvar{'lonUsersDir'}/$udom/$subdir/$uname";
3699: return $proname;
3700: }
3701:
3702: # --------------------------------------- Is this the home server of an author?
3703:
3704: sub ishome {
3705: my $author=shift;
3706: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
3707: my ($udom,$uname)=split(/\//,$author);
3708: my $proname=propath($udom,$uname);
3709: if (-e $proname) {
3710: return 'owner';
3711: } else {
3712: return 'not_owner';
3713: }
3714: }
3715:
3716: # ======================================================= Continue main program
3717: # ---------------------------------------------------- Fork once and dissociate
3718:
3719: my $fpid=fork;
3720: exit if $fpid;
3721: die "Couldn't fork: $!" unless defined ($fpid);
3722:
3723: POSIX::setsid() or die "Can't start new session: $!";
3724:
3725: # ------------------------------------------------------- Write our PID on disk
3726:
3727: my $execdir=$perlvar{'lonDaemons'};
3728: open (PIDSAVE,">$execdir/logs/lond.pid");
3729: print PIDSAVE "$$\n";
3730: close(PIDSAVE);
3731: &logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
3732: &status('Starting');
3733:
3734:
3735:
3736: # ----------------------------------------------------- Install signal handlers
3737:
3738:
3739: $SIG{CHLD} = \&REAPER;
3740: $SIG{INT} = $SIG{TERM} = \&HUNTSMAN;
3741: $SIG{HUP} = \&HUPSMAN;
3742: $SIG{USR1} = \&checkchildren;
3743: $SIG{USR2} = \&UpdateHosts;
3744:
3745: # Read the host hashes:
3746:
3747: ReadHostTable;
3748:
3749:
3750: # --------------------------------------------------------------
3751: # Accept connections. When a connection comes in, it is validated
3752: # and if good, a child process is created to process transactions
3753: # along the connection.
3754:
3755: while (1) {
3756: &status('Starting accept');
3757: $client = $server->accept() or next;
3758: &status('Accepted '.$client.' off to spawn');
3759: make_new_child($client);
3760: &status('Finished spawning');
3761: }
3762:
3763: sub make_new_child {
3764: my $pid;
3765: my $sigset;
3766:
3767: $client = shift;
3768: &status('Starting new child '.$client);
3769: &logthis('<font color="green"> Attempting to start child ('.$client.
3770: ")</font>");
3771: # block signal for fork
3772: $sigset = POSIX::SigSet->new(SIGINT);
3773: sigprocmask(SIG_BLOCK, $sigset)
3774: or die "Can't block SIGINT for fork: $!\n";
3775:
3776: die "fork: $!" unless defined ($pid = fork);
3777:
3778: $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
3779: # connection liveness.
3780:
3781: #
3782: # Figure out who we're talking to so we can record the peer in
3783: # the pid hash.
3784: #
3785: my $caller = getpeername($client);
3786: my ($port,$iaddr)=unpack_sockaddr_in($caller);
3787: $clientip=inet_ntoa($iaddr);
3788:
3789: if ($pid) {
3790: # Parent records the child's birth and returns.
3791: sigprocmask(SIG_UNBLOCK, $sigset)
3792: or die "Can't unblock SIGINT for fork: $!\n";
3793: $children{$pid} = $clientip;
3794: $children++;
3795: &status('Started child '.$pid);
3796: return;
3797: } else {
3798: # Child can *not* return from this subroutine.
3799: $SIG{INT} = 'DEFAULT'; # make SIGINT kill us as it did before
3800: $SIG{CHLD} = 'DEFAULT'; #make this default so that pwauth returns
3801: #don't get intercepted
3802: $SIG{USR1}= \&logstatus;
3803: $SIG{ALRM}= \&timeout;
3804: $lastlog='Forked ';
3805: $status='Forked';
3806:
3807: # unblock signals
3808: sigprocmask(SIG_UNBLOCK, $sigset)
3809: or die "Can't unblock SIGINT for fork: $!\n";
3810:
3811:
3812:
3813: &Authen::Krb5::init_context();
3814: &Authen::Krb5::init_ets();
3815:
3816: &status('Accepted connection');
3817: # =============================================================================
3818: # do something with the connection
3819: # -----------------------------------------------------------------------------
3820: # see if we know client and check for spoof IP by challenge
3821:
3822: ReadManagerTable; # May also be a manager!!
3823:
3824: my $clientrec=($hostid{$clientip} ne undef);
3825: my $ismanager=($managers{$clientip} ne undef);
3826: $clientname = "[unknonwn]";
3827: if($clientrec) { # Establish client type.
3828: $ConnectionType = "client";
3829: $clientname = $hostid{$clientip};
3830: if($ismanager) {
3831: $ConnectionType = "both";
3832: }
3833: } else {
3834: $ConnectionType = "manager";
3835: $clientname = $managers{$clientip};
3836: }
3837: my $clientok;
3838: if ($clientrec || $ismanager) {
3839: &status("Waiting for init from $clientip $clientname");
3840: &logthis('<font color="yellow">INFO: Connection, '.
3841: $clientip.
3842: " ($clientname) connection type = $ConnectionType </font>" );
3843: &status("Connecting $clientip ($clientname))");
3844: my $remotereq=<$client>;
3845: $remotereq=~s/[^\w:]//g;
3846: if ($remotereq =~ /^init/) {
3847: &sethost("sethost:$perlvar{'lonHostID'}");
3848: my $challenge="$$".time;
3849: print $client "$challenge\n";
3850: &status(
3851: "Waiting for challenge reply from $clientip ($clientname)");
3852: $remotereq=<$client>;
3853: $remotereq=~s/\W//g;
3854: if ($challenge eq $remotereq) {
3855: $clientok=1;
3856: print $client "ok\n";
3857: } else {
3858: &logthis(
3859: "<font color=blue>WARNING: $clientip did not reply challenge</font>");
3860: &status('No challenge reply '.$clientip);
3861: }
3862: } else {
3863: &logthis(
3864: "<font color=blue>WARNING: "
3865: ."$clientip failed to initialize: >$remotereq< </font>");
3866: &status('No init '.$clientip);
3867: }
3868: } else {
3869: &logthis(
3870: "<font color=blue>WARNING: Unknown client $clientip</font>");
3871: &status('Hung up on '.$clientip);
3872: }
3873: if ($clientok) {
3874: # ---------------- New known client connecting, could mean machine online again
3875:
3876: foreach my $id (keys(%hostip)) {
3877: if ($hostip{$id} ne $clientip ||
3878: $hostip{$currenthostid} eq $clientip) {
3879: # no need to try to do recon's to myself
3880: next;
3881: }
3882: &reconlonc("$perlvar{'lonSockDir'}/$id");
3883: }
3884: &logthis("<font color=green>Established connection: $clientname</font>");
3885: &status('Will listen to '.$clientname);
3886:
3887: ResetStatistics();
3888:
3889: # ------------------------------------------------------------ Process requests
3890: my $KeepGoing = 1;
3891: while ((my $userinput=GetRequest) && $KeepGoing) {
3892: $KeepGoing = ProcessRequest($userinput);
3893: # -------------------------------------------------------------------- complete
3894:
3895: &status('Listening to '.$clientname);
3896: }
3897: # --------------------------------------------- client unknown or fishy, refuse
3898: } else {
3899: print $client "refused\n";
3900: $client->close();
3901: &logthis("<font color=blue>WARNING: "
3902: ."Rejected client $clientip, closing connection</font>");
3903: }
3904: }
3905:
3906: # =============================================================================
3907:
3908: &logthis("<font color=red>CRITICAL: "
3909: ."Disconnect from $clientip ($clientname)</font>");
3910:
3911:
3912: # this exit is VERY important, otherwise the child will become
3913: # a producer of more and more children, forking yourself into
3914: # process death.
3915: exit;
3916:
3917: }
3918:
3919:
3920: #
3921: # Checks to see if the input roleput request was to set
3922: # an author role. If so, invokes the lchtmldir script to set
3923: # up a correct public_html
3924: # Parameters:
3925: # request - The request sent to the rolesput subchunk.
3926: # We're looking for /domain/_au
3927: # domain - The domain in which the user is having roles doctored.
3928: # user - Name of the user for which the role is being put.
3929: # authtype - The authentication type associated with the user.
3930: #
3931: sub ManagePermissions
3932: {
3933: my $request = shift;
3934: my $domain = shift;
3935: my $user = shift;
3936: my $authtype= shift;
3937:
3938: # See if the request is of the form /$domain/_au
3939: &logthis("ruequest is $request");
3940: if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
3941: my $execdir = $perlvar{'lonDaemons'};
3942: my $userhome= "/home/$user" ;
3943: &logthis("system $execdir/lchtmldir $userhome $user $authtype");
3944: system("$execdir/lchtmldir $userhome $user $authtype");
3945: }
3946: }
3947: #
3948: # GetAuthType - Determines the authorization type of a user in a domain.
3949:
3950: # Returns the authorization type or nouser if there is no such user.
3951: #
3952: sub GetAuthType
3953: {
3954: my $domain = shift;
3955: my $user = shift;
3956:
3957: Debug("GetAuthType( $domain, $user ) \n");
3958: my $proname = &propath($domain, $user);
3959: my $passwdfile = "$proname/passwd";
3960: if( -e $passwdfile ) {
3961: my $pf = IO::File->new($passwdfile);
3962: my $realpassword = <$pf>;
3963: chomp($realpassword);
3964: Debug("Password info = $realpassword\n");
3965: my ($authtype, $contentpwd) = split(/:/, $realpassword);
3966: Debug("Authtype = $authtype, content = $contentpwd\n");
3967: my $availinfo = '';
3968: if($authtype eq 'krb4' or $authtype eq 'krb5') {
3969: $availinfo = $contentpwd;
3970: }
3971:
3972: return "$authtype:$availinfo";
3973: }
3974: else {
3975: Debug("Returning nouser");
3976: return "nouser";
3977: }
3978: }
3979:
3980: sub addline {
3981: my ($fname,$hostid,$ip,$newline)=@_;
3982: my $contents;
3983: my $found=0;
3984: my $expr='^'.$hostid.':'.$ip.':';
3985: $expr =~ s/\./\\\./g;
3986: my $sh;
3987: if ($sh=IO::File->new("$fname.subscription")) {
3988: while (my $subline=<$sh>) {
3989: if ($subline !~ /$expr/) {$contents.= $subline;} else {$found=1;}
3990: }
3991: $sh->close();
3992: }
3993: $sh=IO::File->new(">$fname.subscription");
3994: if ($contents) { print $sh $contents; }
3995: if ($newline) { print $sh $newline; }
3996: $sh->close();
3997: return $found;
3998: }
3999:
4000: sub getchat {
4001: my ($cdom,$cname,$udom,$uname)=@_;
4002: my %hash;
4003: my $proname=&propath($cdom,$cname);
4004: my @entries=();
4005: if (tie(%hash,'GDBM_File',"$proname/nohist_chatroom.db",
4006: &GDBM_READER(),0640)) {
4007: @entries=map { $_.':'.$hash{$_} } sort keys %hash;
4008: untie %hash;
4009: }
4010: my @participants=();
4011: my $cutoff=time-60;
4012: if (tie(%hash,'GDBM_File',"$proname/nohist_inchatroom.db",
4013: &GDBM_WRCREAT(),0640)) {
4014: $hash{$uname.':'.$udom}=time;
4015: foreach (sort keys %hash) {
4016: if ($hash{$_}>$cutoff) {
4017: $participants[$#participants+1]='active_participant:'.$_;
4018: }
4019: }
4020: untie %hash;
4021: }
4022: return (@participants,@entries);
4023: }
4024:
4025: sub chatadd {
4026: my ($cdom,$cname,$newchat)=@_;
4027: my %hash;
4028: my $proname=&propath($cdom,$cname);
4029: my @entries=();
4030: my $time=time;
4031: if (tie(%hash,'GDBM_File',"$proname/nohist_chatroom.db",
4032: &GDBM_WRCREAT(),0640)) {
4033: @entries=map { $_.':'.$hash{$_} } sort keys %hash;
4034: my ($lastid)=($entries[$#entries]=~/^(\w+)\:/);
4035: my ($thentime,$idnum)=split(/\_/,$lastid);
4036: my $newid=$time.'_000000';
4037: if ($thentime==$time) {
4038: $idnum=~s/^0+//;
4039: $idnum++;
4040: $idnum=substr('000000'.$idnum,-6,6);
4041: $newid=$time.'_'.$idnum;
4042: }
4043: $hash{$newid}=$newchat;
4044: my $expired=$time-3600;
4045: foreach (keys %hash) {
4046: my ($thistime)=($_=~/(\d+)\_/);
4047: if ($thistime<$expired) {
4048: delete $hash{$_};
4049: }
4050: }
4051: untie %hash;
4052: }
4053: {
4054: my $hfh;
4055: if ($hfh=IO::File->new(">>$proname/chatroom.log")) {
4056: print $hfh "$time:".&unescape($newchat)."\n";
4057: }
4058: }
4059: }
4060:
4061: sub unsub {
4062: my ($fname,$clientip)=@_;
4063: my $result;
4064: if (unlink("$fname.$clientname")) {
4065: $result="ok\n";
4066: } else {
4067: $result="not_subscribed\n";
4068: }
4069: if (-e "$fname.subscription") {
4070: my $found=&addline($fname,$clientname,$clientip,'');
4071: if ($found) { $result="ok\n"; }
4072: } else {
4073: if ($result != "ok\n") { $result="not_subscribed\n"; }
4074: }
4075: return $result;
4076: }
4077:
4078: sub currentversion {
4079: my $fname=shift;
4080: my $version=-1;
4081: my $ulsdir='';
4082: if ($fname=~/^(.+)\/[^\/]+$/) {
4083: $ulsdir=$1;
4084: }
4085: my ($fnamere1,$fnamere2);
4086: # remove version if already specified
4087: $fname=~s/\.\d+\.(\w+(?:\.meta)*)$/\.$1/;
4088: # get the bits that go before and after the version number
4089: if ( $fname=~/^(.*\.)(\w+(?:\.meta)*)$/ ) {
4090: $fnamere1=$1;
4091: $fnamere2='.'.$2;
4092: }
4093: if (-e $fname) { $version=1; }
4094: if (-e $ulsdir) {
4095: if(-d $ulsdir) {
4096: if (opendir(LSDIR,$ulsdir)) {
4097: my $ulsfn;
4098: while ($ulsfn=readdir(LSDIR)) {
4099: # see if this is a regular file (ignore links produced earlier)
4100: my $thisfile=$ulsdir.'/'.$ulsfn;
4101: unless (-l $thisfile) {
4102: if ($thisfile=~/\Q$fnamere1\E(\d+)\Q$fnamere2\E$/) {
4103: if ($1>$version) { $version=$1; }
4104: }
4105: }
4106: }
4107: closedir(LSDIR);
4108: $version++;
4109: }
4110: }
4111: }
4112: return $version;
4113: }
4114:
4115: sub thisversion {
4116: my $fname=shift;
4117: my $version=-1;
4118: if ($fname=~/\.(\d+)\.\w+(?:\.meta)*$/) {
4119: $version=$1;
4120: }
4121: return $version;
4122: }
4123:
4124: sub subscribe {
4125: my ($userinput,$clientip)=@_;
4126: my $result;
4127: my ($cmd,$fname)=split(/:/,$userinput);
4128: my $ownership=&ishome($fname);
4129: if ($ownership eq 'owner') {
4130: # explitly asking for the current version?
4131: unless (-e $fname) {
4132: my $currentversion=¤tversion($fname);
4133: if (&thisversion($fname)==$currentversion) {
4134: if ($fname=~/^(.+)\.\d+\.(\w+(?:\.meta)*)$/) {
4135: my $root=$1;
4136: my $extension=$2;
4137: symlink($root.'.'.$extension,
4138: $root.'.'.$currentversion.'.'.$extension);
4139: unless ($extension=~/\.meta$/) {
4140: symlink($root.'.'.$extension.'.meta',
4141: $root.'.'.$currentversion.'.'.$extension.'.meta');
4142: }
4143: }
4144: }
4145: }
4146: if (-e $fname) {
4147: if (-d $fname) {
4148: $result="directory\n";
4149: } else {
4150: if (-e "$fname.$clientname") {&unsub($fname,$clientip);}
4151: my $now=time;
4152: my $found=&addline($fname,$clientname,$clientip,
4153: "$clientname:$clientip:$now\n");
4154: if ($found) { $result="$fname\n"; }
4155: # if they were subscribed to only meta data, delete that
4156: # subscription, when you subscribe to a file you also get
4157: # the metadata
4158: unless ($fname=~/\.meta$/) { &unsub("$fname.meta",$clientip); }
4159: $fname=~s/\/home\/httpd\/html\/res/raw/;
4160: $fname="http://$thisserver/".$fname;
4161: $result="$fname\n";
4162: }
4163: } else {
4164: $result="not_found\n";
4165: }
4166: } else {
4167: $result="rejected\n";
4168: }
4169: return $result;
4170: }
4171:
4172: sub make_passwd_file {
4173: my ($uname, $umode,$npass,$passfilename)=@_;
4174: my $result="ok\n";
4175: if ($umode eq 'krb4' or $umode eq 'krb5') {
4176: {
4177: my $pf = IO::File->new(">$passfilename");
4178: print $pf "$umode:$npass\n";
4179: }
4180: } elsif ($umode eq 'internal') {
4181: my $salt=time;
4182: $salt=substr($salt,6,2);
4183: my $ncpass=crypt($npass,$salt);
4184: {
4185: &Debug("Creating internal auth");
4186: my $pf = IO::File->new(">$passfilename");
4187: print $pf "internal:$ncpass\n";
4188: }
4189: } elsif ($umode eq 'localauth') {
4190: {
4191: my $pf = IO::File->new(">$passfilename");
4192: print $pf "localauth:$npass\n";
4193: }
4194: } elsif ($umode eq 'unix') {
4195: {
4196: my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
4197: {
4198: &Debug("Executing external: ".$execpath);
4199: &Debug("user = ".$uname.", Password =". $npass);
4200: my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log");
4201: print $se "$uname\n";
4202: print $se "$npass\n";
4203: print $se "$npass\n";
4204: }
4205: my $useraddok = $?;
4206: if($useraddok > 0) {
4207: &logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
4208: }
4209: my $pf = IO::File->new(">$passfilename");
4210: print $pf "unix:\n";
4211: }
4212: } elsif ($umode eq 'none') {
4213: {
4214: my $pf = IO::File->new(">$passfilename");
4215: print $pf "none:\n";
4216: }
4217: } else {
4218: $result="auth_mode_error\n";
4219: }
4220: return $result;
4221: }
4222:
4223: sub sethost {
4224: my ($remotereq) = @_;
4225: my (undef,$hostid)=split(/:/,$remotereq);
4226: if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
4227: if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) {
4228: $currenthostid=$hostid;
4229: $currentdomainid=$hostdom{$hostid};
4230: &logthis("Setting hostid to $hostid, and domain to $currentdomainid");
4231: } else {
4232: &logthis("Requested host id $hostid not an alias of ".
4233: $perlvar{'lonHostID'}." refusing connection");
4234: return 'unable_to_set';
4235: }
4236: return 'ok';
4237: }
4238:
4239: sub version {
4240: my ($userinput)=@_;
4241: $remoteVERSION=(split(/:/,$userinput))[1];
4242: return "version:$VERSION";
4243: }
4244: ############## >>>>>>>>>>>>>>>>>>>>>>>>>> FUTUREWORK <<<<<<<<<<<<<<<<<<<<<<<<<<<<
4245: #There is a copy of this in lonnet.pm
4246: # Can we hoist these lil' things out into common places?
4247: #
4248: sub userload {
4249: my $numusers=0;
4250: {
4251: opendir(LONIDS,$perlvar{'lonIDsDir'});
4252: my $filename;
4253: my $curtime=time;
4254: while ($filename=readdir(LONIDS)) {
4255: if ($filename eq '.' || $filename eq '..') {next;}
4256: my ($mtime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[9];
4257: if ($curtime-$mtime < 1800) { $numusers++; }
4258: }
4259: closedir(LONIDS);
4260: }
4261: my $userloadpercent=0;
4262: my $maxuserload=$perlvar{'lonUserLoadLim'};
4263: if ($maxuserload) {
4264: $userloadpercent=100*$numusers/$maxuserload;
4265: }
4266: $userloadpercent=sprintf("%.2f",$userloadpercent);
4267: return $userloadpercent;
4268: }
4269:
4270: # ----------------------------------- POD (plain old documentation, CPAN style)
4271:
4272: =head1 NAME
4273:
4274: lond - "LON Daemon" Server (port "LOND" 5663)
4275:
4276: =head1 SYNOPSIS
4277:
4278: Usage: B<lond>
4279:
4280: Should only be run as user=www. This is a command-line script which
4281: is invoked by B<loncron>. There is no expectation that a typical user
4282: will manually start B<lond> from the command-line. (In other words,
4283: DO NOT START B<lond> YOURSELF.)
4284:
4285: =head1 DESCRIPTION
4286:
4287: There are two characteristics associated with the running of B<lond>,
4288: PROCESS MANAGEMENT (starting, stopping, handling child processes)
4289: and SERVER-SIDE ACTIVITIES (password authentication, user creation,
4290: subscriptions, etc). These are described in two large
4291: sections below.
4292:
4293: B<PROCESS MANAGEMENT>
4294:
4295: Preforker - server who forks first. Runs as a daemon. HUPs.
4296: Uses IDEA encryption
4297:
4298: B<lond> forks off children processes that correspond to the other servers
4299: in the network. Management of these processes can be done at the
4300: parent process level or the child process level.
4301:
4302: B<logs/lond.log> is the location of log messages.
4303:
4304: The process management is now explained in terms of linux shell commands,
4305: subroutines internal to this code, and signal assignments:
4306:
4307: =over 4
4308:
4309: =item *
4310:
4311: PID is stored in B<logs/lond.pid>
4312:
4313: This is the process id number of the parent B<lond> process.
4314:
4315: =item *
4316:
4317: SIGTERM and SIGINT
4318:
4319: Parent signal assignment:
4320: $SIG{INT} = $SIG{TERM} = \&HUNTSMAN;
4321:
4322: Child signal assignment:
4323: $SIG{INT} = 'DEFAULT'; (and SIGTERM is DEFAULT also)
4324: (The child dies and a SIGALRM is sent to parent, awaking parent from slumber
4325: to restart a new child.)
4326:
4327: Command-line invocations:
4328: B<kill> B<-s> SIGTERM I<PID>
4329: B<kill> B<-s> SIGINT I<PID>
4330:
4331: Subroutine B<HUNTSMAN>:
4332: This is only invoked for the B<lond> parent I<PID>.
4333: This kills all the children, and then the parent.
4334: The B<lonc.pid> file is cleared.
4335:
4336: =item *
4337:
4338: SIGHUP
4339:
4340: Current bug:
4341: This signal can only be processed the first time
4342: on the parent process. Subsequent SIGHUP signals
4343: have no effect.
4344:
4345: Parent signal assignment:
4346: $SIG{HUP} = \&HUPSMAN;
4347:
4348: Child signal assignment:
4349: none (nothing happens)
4350:
4351: Command-line invocations:
4352: B<kill> B<-s> SIGHUP I<PID>
4353:
4354: Subroutine B<HUPSMAN>:
4355: This is only invoked for the B<lond> parent I<PID>,
4356: This kills all the children, and then the parent.
4357: The B<lond.pid> file is cleared.
4358:
4359: =item *
4360:
4361: SIGUSR1
4362:
4363: Parent signal assignment:
4364: $SIG{USR1} = \&USRMAN;
4365:
4366: Child signal assignment:
4367: $SIG{USR1}= \&logstatus;
4368:
4369: Command-line invocations:
4370: B<kill> B<-s> SIGUSR1 I<PID>
4371:
4372: Subroutine B<USRMAN>:
4373: When invoked for the B<lond> parent I<PID>,
4374: SIGUSR1 is sent to all the children, and the status of
4375: each connection is logged.
4376:
4377: =item *
4378:
4379: SIGUSR2
4380:
4381: Parent Signal assignment:
4382: $SIG{USR2} = \&UpdateHosts
4383:
4384: Child signal assignment:
4385: NONE
4386:
4387:
4388: =item *
4389:
4390: SIGCHLD
4391:
4392: Parent signal assignment:
4393: $SIG{CHLD} = \&REAPER;
4394:
4395: Child signal assignment:
4396: none
4397:
4398: Command-line invocations:
4399: B<kill> B<-s> SIGCHLD I<PID>
4400:
4401: Subroutine B<REAPER>:
4402: This is only invoked for the B<lond> parent I<PID>.
4403: Information pertaining to the child is removed.
4404: The socket port is cleaned up.
4405:
4406: =back
4407:
4408: B<SERVER-SIDE ACTIVITIES>
4409:
4410: Server-side information can be accepted in an encrypted or non-encrypted
4411: method.
4412:
4413: =over 4
4414:
4415: =item ping
4416:
4417: Query a client in the hosts.tab table; "Are you there?"
4418:
4419: =item pong
4420:
4421: Respond to a ping query.
4422:
4423: =item ekey
4424:
4425: Read in encrypted key, make cipher. Respond with a buildkey.
4426:
4427: =item load
4428:
4429: Respond with CPU load based on a computation upon /proc/loadavg.
4430:
4431: =item currentauth
4432:
4433: Reply with current authentication information (only over an
4434: encrypted channel).
4435:
4436: =item auth
4437:
4438: Only over an encrypted channel, reply as to whether a user's
4439: authentication information can be validated.
4440:
4441: =item passwd
4442:
4443: Allow for a password to be set.
4444:
4445: =item makeuser
4446:
4447: Make a user.
4448:
4449: =item passwd
4450:
4451: Allow for authentication mechanism and password to be changed.
4452:
4453: =item home
4454:
4455: Respond to a question "are you the home for a given user?"
4456:
4457: =item update
4458:
4459: Update contents of a subscribed resource.
4460:
4461: =item unsubscribe
4462:
4463: The server is unsubscribing from a resource.
4464:
4465: =item subscribe
4466:
4467: The server is subscribing to a resource.
4468:
4469: =item log
4470:
4471: Place in B<logs/lond.log>
4472:
4473: =item put
4474:
4475: stores hash in namespace
4476:
4477: =item rolesput
4478:
4479: put a role into a user's environment
4480:
4481: =item get
4482:
4483: returns hash with keys from array
4484: reference filled in from namespace
4485:
4486: =item eget
4487:
4488: returns hash with keys from array
4489: reference filled in from namesp (encrypts the return communication)
4490:
4491: =item rolesget
4492:
4493: get a role from a user's environment
4494:
4495: =item del
4496:
4497: deletes keys out of array from namespace
4498:
4499: =item keys
4500:
4501: returns namespace keys
4502:
4503: =item dump
4504:
4505: dumps the complete (or key matching regexp) namespace into a hash
4506:
4507: =item store
4508:
4509: stores hash permanently
4510: for this url; hashref needs to be given and should be a \%hashname; the
4511: remaining args aren't required and if they aren't passed or are '' they will
4512: be derived from the ENV
4513:
4514: =item restore
4515:
4516: returns a hash for a given url
4517:
4518: =item querysend
4519:
4520: Tells client about the lonsql process that has been launched in response
4521: to a sent query.
4522:
4523: =item queryreply
4524:
4525: Accept information from lonsql and make appropriate storage in temporary
4526: file space.
4527:
4528: =item idput
4529:
4530: Defines usernames as corresponding to IDs. (These "IDs" are unique identifiers
4531: for each student, defined perhaps by the institutional Registrar.)
4532:
4533: =item idget
4534:
4535: Returns usernames corresponding to IDs. (These "IDs" are unique identifiers
4536: for each student, defined perhaps by the institutional Registrar.)
4537:
4538: =item tmpput
4539:
4540: Accept and store information in temporary space.
4541:
4542: =item tmpget
4543:
4544: Send along temporarily stored information.
4545:
4546: =item ls
4547:
4548: List part of a user's directory.
4549:
4550: =item pushtable
4551:
4552: Pushes a file in /home/httpd/lonTab directory. Currently limited to:
4553: hosts.tab and domain.tab. The old file is copied to *.tab.backup but
4554: must be restored manually in case of a problem with the new table file.
4555: pushtable requires that the request be encrypted and validated via
4556: ValidateManager. The form of the command is:
4557: enc:pushtable tablename <tablecontents> \n
4558: where pushtable, tablename and <tablecontents> will be encrypted, but \n is a
4559: cleartext newline.
4560:
4561: =item Hanging up (exit or init)
4562:
4563: What to do when a client tells the server that they (the client)
4564: are leaving the network.
4565:
4566: =item unknown command
4567:
4568: If B<lond> is sent an unknown command (not in the list above),
4569: it replys to the client "unknown_cmd".
4570:
4571:
4572: =item UNKNOWN CLIENT
4573:
4574: If the anti-spoofing algorithm cannot verify the client,
4575: the client is rejected (with a "refused" message sent
4576: to the client, and the connection is closed.
4577:
4578: =back
4579:
4580: =head1 PREREQUISITES
4581:
4582: IO::Socket
4583: IO::File
4584: Apache::File
4585: Symbol
4586: POSIX
4587: Crypt::IDEA
4588: LWP::UserAgent()
4589: GDBM_File
4590: Authen::Krb4
4591: Authen::Krb5
4592:
4593: =head1 COREQUISITES
4594:
4595: =head1 OSNAMES
4596:
4597: linux
4598:
4599: =head1 SCRIPT CATEGORIES
4600:
4601: Server/Process
4602:
4603: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>