File:
[LON-CAPA] /
loncom /
LondConnection.pm
Revision
1.53:
download - view:
text,
annotated -
select for diffs
Mon Oct 1 11:00:43 2012 UTC (11 years, 6 months ago) by
foxr
Branches:
MAIN
CVS tags:
version_2_11_X,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
version_2_11_2_uiuc,
version_2_11_2_msu,
version_2_11_2_educog,
version_2_11_2,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
HEAD
Fix timeout edgecase (But 6610?).
1: # This module defines and implements a class that represents
2: # a connection to a lond daemon.
3: #
4: # $Id: LondConnection.pm,v 1.53 2012/10/01 11:00:43 foxr Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package LondConnection;
30:
31: use strict;
32: use IO::Socket;
33: use IO::Socket::INET;
34: use IO::Handle;
35: use IO::File;
36: use Fcntl;
37: use POSIX;
38: use Crypt::IDEA;
39: use LONCAPA::lonlocal;
40: use LONCAPA::lonssl;
41:
42:
43:
44:
45: my $DebugLevel=0;
46: my %perlvar;
47: my $InsecureOk;
48:
49: #
50: # Set debugging level
51: #
52: sub SetDebug {
53: $DebugLevel = shift;
54: }
55:
56: #
57: # The config read is done in this way to support the read of
58: # the non-default configuration file in the
59: # event we are being used outside of loncapa.
60: #
61:
62: my $ConfigRead = 0;
63:
64: # Read the configuration file for apache to get the perl
65: # variables set.
66:
67: sub ReadConfig {
68: Debug(8, "ReadConfig called");
69:
70: my $perlvarref = read_conf('loncapa.conf');
71: %perlvar = %{$perlvarref};
72: $ConfigRead = 1;
73:
74: $InsecureOk = $perlvar{loncAllowInsecure};
75: }
76:
77: sub Debug {
78:
79: my ($level, $message) = @_;
80:
81: if ($level < $DebugLevel) {
82: print STDERR ($message."\n");
83: }
84: }
85:
86: =pod
87:
88: =head2 Dump
89:
90: Dump the internal state of the object: For debugging purposes, to stderr.
91:
92: =cut
93:
94: sub Dump {
95: my $self = shift;
96: my $level = shift;
97: my $now = time;
98: my $local = localtime($now);
99:
100: if ($level >= $DebugLevel) {
101: return;
102: }
103:
104:
105: my $key;
106: my $value;
107: print STDERR "[ $local ] Dumping LondConnectionObject:\n";
108: print STDERR join(':',caller(1))."\n";
109: while(($key, $value) = each %$self) {
110: print STDERR "$key -> $value\n";
111: }
112: print STDERR "-------------------------------\n";
113: }
114:
115: =pod
116:
117: Local function to do a state transition. If the state transition
118: callback is defined it is called with two parameters: the self and the
119: old state.
120:
121: =cut
122:
123: sub Transition {
124:
125: my ($self, $newstate) = @_;
126:
127: my $oldstate = $self->{State};
128: $self->{State} = $newstate;
129: $self->{TimeoutRemaining} = $self->{TimeoutValue};
130: if($self->{TransitionCallback}) {
131: ($self->{TransitionCallback})->($self, $oldstate);
132: }
133: }
134:
135:
136:
137: =pod
138:
139: =head2 new
140:
141: Construct a new lond connection.
142:
143: Parameters (besides the class name) include:
144:
145: =item hostname
146:
147: host the remote lond is on. This host is a host in the hosts.tab file
148:
149: =item port
150:
151: port number the remote lond is listening on.
152:
153: =cut
154:
155: sub new {
156: my ($class, $DnsName, $Port, $lonid) = @_;
157:
158: if (!$ConfigRead) {
159: ReadConfig();
160: $ConfigRead = 1;
161: }
162: &Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.")\n");
163:
164: # The host must map to an entry in the hosts table:
165: # We connect to the dns host that corresponds to that
166: # system and use the hostname for the encryption key
167: # negotion. In the objec these become the Host and
168: # LoncapaHim fields of the object respectively.
169: #
170: # if it is me use loopback for connection
171: if ($DnsName eq &main::my_hostname()) { $DnsName="127.0.0.1"; }
172: Debug(9, "Connecting to $DnsName");
173: # Now create the object...
174: my $self = { Host => $DnsName,
175: LoncapaHim => $lonid,
176: Port => $Port,
177: State => "Initialized",
178: AuthenticationMode => "",
179: TransactionRequest => "",
180: TransactionReply => "",
181: NextRequest => "",
182: InformReadable => 0,
183: InformWritable => 0,
184: TimeoutCallback => undef,
185: TransitionCallback => undef,
186: Timeoutable => 0,
187: TimeoutValue => 30,
188: TimeoutRemaining => 0,
189: LocalKeyFile => "",
190: CipherKey => "",
191: LondVersion => "Unknown",
192: Cipher => undef,
193: ClientData => undef};
194: bless($self, $class);
195: unless ($self->{Socket} = IO::Socket::INET->new(PeerHost => $self->{Host},
196: PeerPort => $self->{Port},
197: Type => SOCK_STREAM,
198: Proto => "tcp",
199: Timeout => 3)) {
200: Debug(8, "Error? \n$@ \n$!");
201: return undef; # Inidicates the socket could not be made.
202: }
203: my $socket = $self->{Socket}; # For local use only.
204: $socket->sockopt(SO_KEEPALIVE, 1); # Turn on keepalive probes when idle.
205: # If we are local, we'll first try local auth mode, otherwise, we'll try
206: # the ssl auth mode:
207:
208: my $key;
209: my $keyfile;
210: if ($DnsName eq '127.0.0.1') {
211: $self->{AuthenticationMode} = "local";
212: ($key, $keyfile) = lonlocal::CreateKeyFile();
213: Debug(8, "Local key: $key, stored in $keyfile");
214:
215: # If I can't make the key file fall back to insecure if
216: # allowed...else give up right away.
217:
218: if(!(defined $key) || !(defined $keyfile)) {
219: if($InsecureOk) {
220: $self->{AuthenticationMode} = "insecure";
221: $self->{TransactionRequest} = "init\n";
222: }
223: else {
224: $socket->close;
225: return undef;
226: }
227: }
228: $self->{TransactionRequest} = "init:local:$keyfile\n";
229: Debug(9, "Init string is init:local:$keyfile");
230: if(!$self->CreateCipher($key)) { # Nothing's going our way...
231: $socket->close;
232: return undef;
233: }
234:
235: } else {
236: # Remote peer: I'd like to do ssl, but if my host key or certificates
237: # are not all installed, my only choice is insecure, if that's
238: # allowed:
239:
240: my ($ca, $cert) = lonssl::CertificateFile;
241: my $sslkeyfile = lonssl::KeyFile;
242:
243: if((defined $ca) && (defined $cert) && (defined $sslkeyfile)) {
244:
245: $self->{AuthenticationMode} = "ssl";
246: $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n";
247: } else {
248: if($InsecureOk) { # Allowed to do insecure:
249: $self->{AuthenticationMode} = "insecure";
250: $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n";
251: }
252: else { # Not allowed to do insecure...
253: $socket->close;
254: return undef;
255: }
256: }
257: }
258:
259: #
260: # We're connected. Set the state, and the events we'll accept:
261: #
262: $self->Transition("Connected");
263: $self->{InformWritable} = 1; # When socket is writable we send init
264: $self->{Timeoutable} = 1; # Timeout allowed during startup negotiation.
265:
266:
267: #
268: # Set socket to nonblocking I/O.
269: #
270: my $flags = fcntl($socket, F_GETFL,0);
271: if(!$flags) {
272: $socket->close;
273: return undef;
274: }
275: if(!fcntl($socket, F_SETFL, $flags | O_NONBLOCK)) {
276: $socket->close;
277: return undef;
278: }
279:
280: # return the object :
281:
282: Debug(9, "Initial object state: ");
283: $self->Dump(9);
284:
285: return $self;
286: }
287:
288: =pod
289:
290: =head2 Readable
291:
292: This member should be called when the Socket becomes readable. Until
293: the read completes, action is state independet. Data are accepted into
294: the TransactionReply until a newline character is received. At that
295: time actionis state dependent:
296:
297: =item Connected
298:
299: in this case we received challenge, the state changes to
300: ChallengeReceived, and we initiate a send with the challenge response.
301:
302: =item ReceivingReply
303:
304: In this case a reply has been received for a transaction, the state
305: goes to Idle and we disable write and read notification.
306:
307: =item ChallengeReeived
308:
309: we just got what should be an ok\n and the connection can now handle
310: transactions.
311:
312: =cut
313:
314: sub Readable {
315: my $self = shift;
316: my $socket = $self->{Socket};
317: my $data = '';
318: my $rv;
319: my $ConnectionMode = $self->{AuthenticationMode};
320:
321: if ($socket) {
322: eval {
323: $rv = $socket->recv($data, POSIX::BUFSIZ, 0);
324: }
325: } else {
326: $self->Transition("Disconnected");
327: return -1;
328: }
329: my $errno = $! + 0; # Force numeric context.
330:
331: unless (defined($rv) && length $data) {# Read failed,
332: if(($errno == POSIX::EWOULDBLOCK) ||
333: ($errno == POSIX::EAGAIN) ||
334: ($errno == POSIX::EINTR)) {
335: return 0;
336: }
337:
338: # Connection likely lost.
339: &Debug(4, "Connection lost");
340: $self->{TransactionRequest} = '';
341: $socket->close();
342: $self->Transition("Disconnected");
343: return -1;
344: }
345: # If we actually got data, reset the timeout.
346:
347: if (length $data) {
348: $self->{TimeoutRemaining} = $self->{TimeoutValue}; # getting data resets the timeout period.
349: }
350: # Append the data to the buffer. And figure out if the read is done:
351:
352: &Debug(9,"Received from host: ".$data);
353: $self->{TransactionReply} .= $data;
354: if($self->{TransactionReply} =~ m/\n$/) {
355: &Debug(8,"Readable End of line detected");
356:
357:
358: if ($self->{State} eq "Initialized") { # We received the challenge:
359: # Our init was replied to. What happens next depends both on
360: # the actual init we sent (AuthenticationMode member data)
361: # and the response:
362: # AuthenticationMode == local:
363: # Response ok: The key has been exchanged and
364: # the key file destroyed. We can jump
365: # into setting the host and requesting the
366: # Later we'll also bypass key exchange.
367: # Response digits:
368: # Old style lond. Delete the keyfile.
369: # If allowed fall back to insecure mode.
370: # else close connection and fail.
371: # Response other:
372: # Failed local auth
373: # Close connection and fail.
374: #
375: # AuthenticationMode == ssl:
376: # Response ok:ssl
377: # Response digits:
378: # Response other:
379: # Authentication mode == insecure
380: # Response digits
381: # Response other:
382:
383: my $Response = $self->{TransactionReply};
384: if($ConnectionMode eq "local") {
385: if($Response =~ /^ok:local/) { # Good local auth.
386: $self->ToVersionRequest();
387: return 0;
388: }
389: elsif ($Response =~/^[0-9]+/) { # Old style lond.
390: return $self->CompleteInsecure();
391:
392: }
393: else { # Complete flop
394: &Debug(3, "init:local : unrecognized reply");
395: $self->Transition("Disconnected");
396: $socket->close;
397: return -1;
398: }
399: }
400: elsif ($ConnectionMode eq "ssl") {
401: if($Response =~ /^ok:ssl/) { # Good ssl...
402: if($self->ExchangeKeysViaSSL()) { # Success skip to vsn stuff
403: # Need to reset to non blocking:
404:
405: my $flags = fcntl($socket, F_GETFL, 0);
406: fcntl($socket, F_SETFL, $flags | O_NONBLOCK);
407: $self->ToVersionRequest();
408: return 0;
409: }
410: else { # Failed in ssl exchange.
411: &Debug(3,"init:ssl failed key negotiation!");
412: $self->Transition("Disconnected");
413: $socket->close;
414: return -1;
415: }
416: }
417: elsif ($Response =~ /^[0-9]+/) { # Old style lond.
418: return $self->CompleteInsecure();
419: }
420: else { # Complete flop
421: }
422: }
423: elsif ($ConnectionMode eq "insecure") {
424: if($self->{TransactionReply} eq "refused\n") { # Remote doesn't have
425:
426: $self->Transition("Disconnected"); # in host tables.
427: $socket->close();
428: return -1;
429:
430: }
431: return $self->CompleteInsecure();
432: }
433: else {
434: &Debug(1,"Authentication mode incorrect");
435: die "BUG!!! LondConnection::Readable invalid authmode";
436: }
437:
438:
439: } elsif ($self->{State} eq "ChallengeReplied") {
440: if($self->{TransactionReply} ne "ok\n") {
441: $self->Transition("Disconnected");
442: $socket->close();
443: return -1;
444: }
445: $self->ToVersionRequest();
446: return 0;
447:
448: } elsif ($self->{State} eq "ReadingVersionString") {
449: chomp($self->{TransactionReply});
450: $self->{LondVersion} = $self->{TransactionReply};
451: $self->Transition("SetHost");
452: $self->{InformReadable} = 0;
453: $self->{InformWritable} = 1;
454: my $peer = $self->{LoncapaHim};
455: $self->{TransactionRequest}= "sethost:$peer\n";
456: return 0;
457: } elsif ($self->{State} eq "HostSet") { # should be ok.
458: if($self->{TransactionReply} ne "ok\n") {
459: $self->Transition("Disconnected");
460: $socket->close();
461: return -1;
462: }
463: # If the auth mode is insecure we must still
464: # exchange session keys. Otherwise,
465: # we can just transition to idle.
466:
467: if($ConnectionMode eq "insecure") {
468: $self->Transition("RequestingKey");
469: $self->{InformReadable} = 0;
470: $self->{InformWritable} = 1;
471: $self->{TransactionRequest} = "ekey\n";
472: return 0;
473: }
474: else {
475: $self->ToIdle();
476: return 0;
477: }
478: } elsif ($self->{State} eq "ReceivingKey") {
479: my $buildkey = $self->{TransactionReply};
480: my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'};
481: $key=~tr/a-z/A-Z/;
482: $key=~tr/G-P/0-9/;
483: $key=~tr/Q-Z/0-9/;
484: $key =$key.$buildkey.$key.$buildkey.$key.$buildkey;
485: $key = substr($key,0,32);
486: if(!$self->CreateCipher($key)) {
487: $self->Transition("Disconnected");
488: $socket->close();
489: return -1;
490: } else {
491: $self->ToIdle();
492: return 0;
493: }
494: } elsif ($self->{State} eq "ReceivingReply") {
495:
496: # If the data are encrypted, decrypt first.
497:
498: my $answer = $self->{TransactionReply};
499: if($answer =~ /^enc\:/) {
500: $answer = $self->Decrypt($answer);
501: $self->{TransactionReply} = "$answer\n";
502: }
503: # if we have a NextRequest do it immeadiately
504: if ($self->{NextRequest}) {
505: $self->{TransactionRequest} = $self->{NextRequest};
506: undef( $self->{NextRequest} );
507: $self->{TransactionReply} = "";
508: $self->{InformWritable} = 1;
509: $self->{InformReadable} = 0;
510: $self->{Timeoutable} = 1;
511: $self->Transition("SendingRequest");
512: return 0;
513: } else {
514: # finish the transaction
515:
516: $self->ToIdle();
517: return 0;
518: }
519: } elsif ($self->{State} eq "Disconnected") { # No connection.
520: return -1;
521: } else { # Internal error: Invalid state.
522: $self->Transition("Disconnected");
523: $socket->close();
524: return -1;
525: }
526: }
527:
528: return 0;
529:
530: }
531:
532:
533: =pod
534:
535: This member should be called when the Socket becomes writable.
536:
537: The action is state independent. An attempt is made to drain the
538: contents of the TransactionRequest member. Once this is drained, we
539: mark the object as waiting for readability.
540:
541: Returns 0 if successful, or -1 if not.
542:
543: =cut
544: sub Writable {
545: my $self = shift; # Get reference to the object.
546: my $socket = $self->{Socket};
547: my $nwritten;
548: if ($socket) {
549: eval {
550: $nwritten = $socket->send($self->{TransactionRequest}, 0);
551: }
552: } else {
553: # For whatever reason, there's no longer a socket left.
554:
555:
556: $self->Transition("Disconnected");
557: return -1;
558: }
559: my $errno = $! + 0;
560: unless (defined $nwritten) {
561: if($errno != POSIX::EINTR) {
562: $self->Transition("Disconnected");
563: return -1;
564: }
565:
566: }
567: if (($nwritten >= 0) ||
568: ($errno == POSIX::EWOULDBLOCK) ||
569: ($errno == POSIX::EAGAIN) ||
570: ($errno == POSIX::EINTR) ||
571: ($errno == 0)) {
572: $self->{TimeoutRemaining} = $self->{TimeoutValue};
573: substr($self->{TransactionRequest}, 0, $nwritten) = ""; # rmv written part
574: if(length $self->{TransactionRequest} == 0) {
575: $self->{InformWritable} = 0;
576: $self->{InformReadable} = 1;
577: $self->{TransactionReply} = '';
578: #
579: # Figure out the next state:
580: #
581: if($self->{State} eq "Connected") {
582: $self->Transition("Initialized");
583: } elsif($self->{State} eq "ChallengeReceived") {
584: $self->Transition("ChallengeReplied");
585: } elsif($self->{State} eq "RequestingVersion") {
586: $self->Transition("ReadingVersionString");
587: } elsif ($self->{State} eq "SetHost") {
588: $self->Transition("HostSet");
589: } elsif($self->{State} eq "RequestingKey") {
590: $self->Transition("ReceivingKey");
591: # $self->{InformWritable} = 0;
592: # $self->{InformReadable} = 1;
593: # $self->{TransactionReply} = '';
594: } elsif ($self->{State} eq "SendingRequest") {
595: $self->Transition("ReceivingReply");
596: $self->{TimeoutRemaining} = $self->{TimeoutValue};
597: } elsif ($self->{State} eq "Disconnected") {
598: return -1;
599: }
600: return 0;
601: }
602: } else { # The write failed (e.g. partner disconnected).
603: $self->Transition("Disconnected");
604: $socket->close();
605: return -1;
606: }
607:
608: }
609: =pod
610:
611: =head2 Tick
612:
613: Tick is called every time unit by the event framework. It
614:
615: =item 1 decrements the remaining timeout.
616:
617: =item 2 If the timeout is zero, calls TimedOut indicating that the current operation timed out.
618:
619: =cut
620:
621: sub Tick {
622: my $self = shift;
623: $self->{TimeoutRemaining}--;
624: if ($self->{TimeoutRemaining} < 0) {
625: $self->TimedOut();
626: }
627: }
628:
629: =pod
630:
631: =head2 TimedOut
632:
633: called on a timeout. If the timeout callback is defined, it is called
634: with $self as its parameters.
635:
636: =cut
637:
638: sub TimedOut {
639:
640: my $self = shift;
641: if($self->{TimeoutCallback}) {
642: my $callback = $self->{TimeoutCallback};
643: my @args = ( $self);
644: &$callback(@args);
645: }
646: }
647:
648: =pod
649:
650: =head2 InitiateTransaction
651:
652: Called to initiate a transaction. A transaction can only be initiated
653: when the object is idle... otherwise an error is returned. A
654: transaction consists of a request to the server that will have a
655: reply. This member sets the request data in the TransactionRequest
656: member, makes the state SendingRequest and sets the data to allow a
657: timout, and to request writability notification.
658:
659: =cut
660:
661: sub InitiateTransaction {
662:
663: my ($self, $data) = @_;
664:
665: Debug(1, "initiating transaction: ".$data);
666: if($self->{State} ne "Idle") {
667: Debug(0," .. but not idle here\n");
668: return -1; # Error indicator.
669: }
670: # if the transaction is to be encrypted encrypt the data:
671: (my $sethost, my $server,$data)=split(/:/,$data,3);
672:
673: if($data =~ /^encrypt\:/) {
674: $data = $self->Encrypt($data);
675: }
676:
677: # Setup the trasaction
678: # currently no version of lond supports inlining the sethost
679: if ($self->PeerVersion() <= 321) {
680: if ($server ne $self->{LoncapaHim}) {
681: $self->{NextRequest} = $data;
682: $self->{TransactionRequest} = "$sethost:$server\n";
683: $self->{LoncapaHim} = $server;
684: } else {
685: $self->{TransactionRequest} = $data;
686: }
687: } else {
688: $self->{LoncapaHim} = $server;
689: $self->{TransactionRequest} = "$sethost:$server:$data";
690: }
691: $self->{TransactionReply} = "";
692: $self->{InformWritable} = 1;
693: $self->{InformReadable} = 0;
694: $self->{Timeoutable} = 1;
695: $self->{TimeoutRemaining} = $self->{TimeoutValue};
696: $self->Transition("SendingRequest");
697: }
698:
699:
700: =pod
701:
702: =head2 SetStateTransitionCallback
703:
704: Sets a callback for state transitions. Returns a reference to any
705: prior established callback, or undef if there was none:
706:
707: =cut
708:
709: sub SetStateTransitionCallback {
710: my $self = shift;
711: my $oldCallback = $self->{TransitionCallback};
712: $self->{TransitionCallback} = shift;
713: return $oldCallback;
714: }
715:
716: =pod
717:
718: =head2 SetTimeoutCallback
719:
720: Sets the timeout callback. Returns a reference to any prior
721: established callback or undef if there was none.
722:
723: =cut
724:
725: sub SetTimeoutCallback {
726:
727: my ($self, $callback) = @_;
728:
729: my $oldCallback = $self->{TimeoutCallback};
730: $self->{TimeoutCallback} = $callback;
731: return $oldCallback;
732: }
733:
734: =pod
735:
736: =head2 Shutdown:
737:
738: Shuts down the socket.
739:
740: =cut
741:
742: sub Shutdown {
743: my $self = shift;
744: my $socket = $self->GetSocket();
745: Debug(5,"socket is -$socket-");
746: if ($socket) {
747: # Ask lond to exit too. Non blocking so
748: # there is no cost for failure.
749: eval {
750: $socket->send("exit\n", 0);
751: $socket->shutdown(2);
752: }
753: }
754: $self->{Timeoutable} = 0; # Shutdown sockets can't timeout.
755: }
756:
757: =pod
758:
759: =head2 GetState
760:
761: selector for the object state.
762:
763: =cut
764:
765: sub GetState {
766: my $self = shift;
767: return $self->{State};
768: }
769:
770: =pod
771:
772: =head2 GetSocket
773:
774: selector for the object socket.
775:
776: =cut
777:
778: sub GetSocket {
779: my $self = shift;
780: return $self->{Socket};
781: }
782:
783:
784: =pod
785:
786: =head2 WantReadable
787:
788: Return the state of the flag that indicates the object wants to be
789: called when readable.
790:
791: =cut
792:
793: sub WantReadable {
794: my $self = shift;
795:
796: return $self->{InformReadable};
797: }
798:
799: =pod
800:
801: =head2 WantWritable
802:
803: Return the state of the flag that indicates the object wants write
804: notification.
805:
806: =cut
807:
808: sub WantWritable {
809: my $self = shift;
810: return $self->{InformWritable};
811: }
812:
813: =pod
814:
815: =head2 WantTimeout
816:
817: return the state of the flag that indicates the object wants to be
818: informed of timeouts.
819:
820: =cut
821:
822: sub WantTimeout {
823: my $self = shift;
824: return $self->{Timeoutable};
825: }
826:
827: =pod
828:
829: =head2 GetReply
830:
831: Returns the reply from the last transaction.
832:
833: =cut
834:
835: sub GetReply {
836: my $self = shift;
837: return $self->{TransactionReply};
838: }
839:
840: =pod
841:
842: =head2 Encrypt
843:
844: Returns the encrypted version of the command string.
845:
846: The command input string is of the form:
847:
848: encrypt:command
849:
850: The output string can be directly sent to lond as it is of the form:
851:
852: enc:length:<encodedrequest>
853:
854: =cut
855:
856: sub Encrypt {
857:
858: my ($self, $request) = @_;
859:
860:
861: # Split the encrypt: off the request and figure out it's length.
862: # the cipher works in blocks of 8 bytes.
863:
864: my $cmd = $request;
865: $cmd =~ s/^encrypt\://; # strip off encrypt:
866: chomp($cmd); # strip off trailing \n
867: my $length=length($cmd); # Get the string length.
868: $cmd .= " "; # Pad with blanks so we can fill out a block.
869:
870: # encrypt the request in 8 byte chunks to create the encrypted
871: # output request.
872:
873: my $Encoded = '';
874: for(my $index = 0; $index <= $length; $index += 8) {
875: $Encoded .=
876: unpack("H16",
877: $self->{Cipher}->encrypt(substr($cmd,
878: $index, 8)));
879: }
880:
881: # Build up the answer as enc:length:$encrequest.
882:
883: $request = "enc:$length:$Encoded\n";
884: return $request;
885:
886:
887: }
888:
889: =pod
890:
891: =head2 Decrypt
892:
893: Decrypt a response from the server. The response is in the form:
894:
895: enc:<length>:<encrypted data>
896:
897: =cut
898:
899: sub Decrypt {
900:
901: my ($self, $encrypted) = @_;
902:
903: # Bust up the response into length, and encryptedstring:
904:
905: my ($enc, $length, $EncryptedString) = split(/:/,$encrypted);
906: chomp($EncryptedString);
907:
908: # Decode the data in 8 byte blocks. The string is encoded
909: # as hex digits so there are two characters per byte:
910:
911: my $decrypted = "";
912: for(my $index = 0; $index < length($EncryptedString);
913: $index += 16) {
914: $decrypted .= $self->{Cipher}->decrypt(
915: pack("H16",
916: substr($EncryptedString,
917: $index,
918: 16)));
919: }
920: # the answer may have trailing pads to fill out a block.
921: # $length tells us the actual length of the decrypted string:
922:
923: $decrypted = substr($decrypted, 0, $length);
924: Debug(9, "Decrypted $EncryptedString to $decrypted");
925:
926: return $decrypted;
927:
928: }
929: # ToIdle
930: # Called to transition to idle... done enough it's worth subbing
931: # off to ensure it's always done right!!
932: #
933: sub ToIdle {
934: my $self = shift;
935:
936: $self->Transition("Idle");
937: $self->{InformWritiable} = 0;
938: $self->{InformReadable} = 0;
939: $self->{Timeoutable} = 0;
940: }
941:
942: # ToVersionRequest
943: # Called to transition to "RequestVersion" also done a few times
944: # so worth subbing out.
945: #
946: sub ToVersionRequest {
947: my $self = shift;
948:
949: $self->Transition("RequestingVersion");
950: $self->{InformReadable} = 0;
951: $self->{InformWritable} = 1;
952: $self->{TransactionRequest} = "version\n";
953:
954: }
955: #
956: # CreateCipher
957: # Given a cipher key stores the key in the object context,
958: # creates the cipher object, (stores that in object context),
959: # This is done a couple of places, so it's worth factoring it out.
960: #
961: # Parameters:
962: # (self)
963: # key - The Cipher key.
964: #
965: # Returns:
966: # 0 - Failure to create IDEA cipher.
967: # 1 - Success.
968: #
969: sub CreateCipher {
970: my ($self, $key) = @_; # According to coding std.
971:
972: $self->{CipherKey} = $key; # Save the text key...
973: my $packedkey = pack ("H32", $key);
974: my $cipher = new IDEA $packedkey;
975: if($cipher) {
976: $self->{Cipher} = $cipher;
977: Debug("Cipher created dumping socket: ");
978: $self->Dump(9);
979: return 1;
980: }
981: else {
982: return 0;
983: }
984: }
985: # ExchangeKeysViaSSL
986: # Called to do cipher key exchange via SSL.
987: # The socket is promoted to an SSL socket. If that's successful,
988: # we read out cipher key through the socket and create an IDEA
989: # cipher object.
990: # Parameters:
991: # (self)
992: # Returns:
993: # true - Success.
994: # false - Failure.
995: #
996: # Assumptions:
997: # 1. The ssl session setup has timeout logic built in so we don't
998: # have to worry about DOS attacks at that stage.
999: # 2. If the ssl session gets set up we are talking to a legitimate
1000: # lond so again we don't have to worry about DOS attacks.
1001: # All this allows us just to call
1002: sub ExchangeKeysViaSSL {
1003: my $self = shift;
1004: my $socket = $self->{Socket};
1005:
1006: # Get our signed certificate, the certificate authority's
1007: # certificate and our private key file. All of these
1008: # are needed to create the ssl connection.
1009:
1010: my ($SSLCACertificate,
1011: $SSLCertificate) = lonssl::CertificateFile();
1012: my $SSLKey = lonssl::KeyFile();
1013:
1014: # Promote our connection to ssl and read the key from lond.
1015:
1016: my $SSLSocket = lonssl::PromoteClientSocket($socket,
1017: $SSLCACertificate,
1018: $SSLCertificate,
1019: $SSLKey);
1020: if(defined $SSLSocket) {
1021: my $key = <$SSLSocket>;
1022: lonssl::Close($SSLSocket);
1023: if($key) {
1024: chomp($key); # \n is not part of the key.
1025: return $self->CreateCipher($key);
1026: }
1027: else {
1028: Debug(3, "Failed to read ssl key");
1029: return 0;
1030: }
1031: }
1032: else {
1033: # Failed!!
1034: Debug(3, "Failed to negotiate SSL connection!");
1035: return 0;
1036: }
1037: # should not get here
1038: return 0;
1039:
1040: }
1041:
1042:
1043:
1044: #
1045: # CompleteInsecure:
1046: # This function is called to initiate the completion of
1047: # insecure challenge response negotiation.
1048: # To do this, we copy the challenge string to the transaction
1049: # request, flip to writability and state transition to
1050: # ChallengeReceived..
1051: # All this is only possible if InsecureOk is true.
1052: # Parameters:
1053: # (self) - This object's context hash.
1054: # Return:
1055: # 0 - Ok to transition.
1056: # -1 - Not ok to transition (InsecureOk not ok).
1057: #
1058: sub CompleteInsecure {
1059: my $self = shift;
1060: if($InsecureOk) {
1061: $self->{AuthenticationMode} = "insecure";
1062: &Debug(8," Transition out of Initialized:insecure");
1063: $self->{TransactionRequest} = $self->{TransactionReply};
1064: $self->{InformWritable} = 1;
1065: $self->{InformReadable} = 0;
1066: $self->Transition("ChallengeReceived");
1067: $self->{TimeoutRemaining} = $self->{TimeoutValue};
1068: return 0;
1069:
1070:
1071: }
1072: else {
1073: &Debug(3, "Insecure key negotiation disabled!");
1074: my $socket = $self->{Socket};
1075: $socket->close;
1076: return -1;
1077: }
1078: }
1079:
1080: ###########################################################
1081: #
1082: # The following is an unashamed kludge that is here to
1083: # allow LondConnection to be used outside of the
1084: # loncapa environment (e.g. by lonManage).
1085: #
1086: # This is a textual inclusion of pieces of the
1087: # Configuration.pm module.
1088: #
1089:
1090:
1091: my @confdirs=('/etc/httpd/conf/','/etc/apache2/');
1092:
1093: # ------------------- Subroutine read_conf: read LON-CAPA server configuration.
1094: # This subroutine reads PerlSetVar values out of specified web server
1095: # configuration files.
1096: sub read_conf
1097: {
1098: my (@conf_files)=@_;
1099: my (%perlvar,%configdirs);
1100: foreach my $filename (@conf_files,'loncapa_apache.conf') {
1101: my $configdir = '';
1102: $configdirs{$filename} = [@confdirs];
1103: while ($configdir eq '' && @{$configdirs{$filename}} > 0) {
1104: my $testdir = shift(@{$configdirs{$filename}});
1105: if (-e $testdir.$filename) {
1106: $configdir = $testdir;
1107: }
1108: }
1109: if ($configdir eq '') {
1110: die("Couldn't find a directory containing $filename");
1111: }
1112: if($DebugLevel > 3) {
1113: print STDERR ("Going to read $configdir.$filename\n");
1114: }
1115: open(CONFIG,'<'.$configdir.$filename) or
1116: die("Can't read $configdir$filename");
1117: while (my $configline=<CONFIG>) {
1118: if ($configline =~ /^[^\#]*PerlSetVar/) {
1119: my ($unused,$varname,$varvalue)=split(/\s+/,$configline);
1120: chomp($varvalue);
1121: $perlvar{$varname}=$varvalue;
1122: }
1123: }
1124: close(CONFIG);
1125: }
1126: if($DebugLevel > 3) {
1127: print STDERR "Dumping perlvar:\n";
1128: foreach my $var (keys %perlvar) {
1129: print STDERR "$var = $perlvar{$var}\n";
1130: }
1131: }
1132: my $perlvarref=\%perlvar;
1133: return $perlvarref;
1134: }
1135:
1136: #
1137: # Get the version of our peer. Note that this is only well
1138: # defined if the state machine has hit the idle state at least
1139: # once (well actually if it has transitioned out of
1140: # ReadingVersionString The member data LondVersion is returned.
1141: #
1142: sub PeerVersion {
1143: my $self = shift;
1144: my ($version) = ($self->{LondVersion} =~ /Revision: 1\.(\d+)/);
1145: return $version;
1146: }
1147:
1148: #
1149: # Manipulate the client data field
1150: #
1151: sub SetClientData {
1152: my ($self, $newData) = @_;
1153: $self->{ClientData} = $newData;
1154: }
1155: #
1156: # Get the current client data field.
1157: #
1158: sub GetClientData {
1159: my $self = shift;
1160: return $self->{ClientData};
1161: }
1162:
1163: 1;
1164:
1165: =pod
1166:
1167: =head1 Theory
1168:
1169: The lond object is a state machine. It lives through the following states:
1170:
1171: =item Connected:
1172:
1173: a TCP connection has been formed, but the passkey has not yet been
1174: negotiated.
1175:
1176: =item Initialized:
1177:
1178: "init" sent.
1179:
1180: =item ChallengeReceived:
1181:
1182: lond sent its challenge to us.
1183:
1184: =item ChallengeReplied:
1185:
1186: We replied to lond's challenge waiting for lond's ok.
1187:
1188: =item RequestingKey:
1189:
1190: We are requesting an encryption key.
1191:
1192: =item ReceivingKey:
1193:
1194: We are receiving an encryption key.
1195:
1196: =item Idle:
1197:
1198: Connection was negotiated but no requests are active.
1199:
1200: =item SendingRequest:
1201:
1202: A request is being sent to the peer.
1203:
1204: =item ReceivingReply:
1205:
1206: Waiting for an entire reply from the peer.
1207:
1208: =item Disconnected:
1209:
1210: For whatever reason, the connection was dropped.
1211:
1212: When we need to be writing data, we have a writable event. When we
1213: need to be reading data, a readable event established. Events
1214: dispatch through the class functions Readable and Writable, and the
1215: watcher contains a reference to the associated object to allow object
1216: context to be reached.
1217:
1218: =head2 Member data.
1219:
1220: =item Host
1221:
1222: Host socket is connected to.
1223:
1224: =item Port
1225:
1226: The port the remote lond is listening on.
1227:
1228: =item Socket
1229:
1230: Socket open on the connection.
1231:
1232: =item State
1233:
1234: The current state.
1235:
1236: =item AuthenticationMode
1237:
1238: How authentication is being done. This can be any of:
1239:
1240: o local - Authenticate via a key exchanged in a file.
1241: o ssl - Authenticate via a key exchaned through a temporary ssl tunnel.
1242: o insecure - Exchange keys in an insecure manner.
1243:
1244: insecure is only allowed if the configuration parameter loncAllowInsecure
1245: is nonzero.
1246:
1247: =item TransactionRequest
1248:
1249: The request being transmitted.
1250:
1251: =item TransactionReply
1252:
1253: The reply being received from the transaction.
1254:
1255: =item InformReadable
1256:
1257: True if we want to be called when socket is readable.
1258:
1259: =item InformWritable
1260:
1261: True if we want to be informed if the socket is writable.
1262:
1263: =item Timeoutable
1264:
1265: True if the current operation is allowed to timeout.
1266:
1267: =item TimeoutValue
1268:
1269: Number of seconds in the timeout.
1270:
1271: =item TimeoutRemaining
1272:
1273: Number of seconds left in the timeout.
1274:
1275: =item CipherKey
1276:
1277: The key that was negotiated with the peer.
1278:
1279: =item Cipher
1280:
1281: The cipher obtained via the key.
1282:
1283:
1284: =head2 The following are callback like members:
1285:
1286: =item Tick:
1287:
1288: Called in response to a timer tick. Used to managed timeouts etc.
1289:
1290: =item Readable:
1291:
1292: Called when the socket becomes readable.
1293:
1294: =item Writable:
1295:
1296: Called when the socket becomes writable.
1297:
1298: =item TimedOut:
1299:
1300: Called when a timed operation timed out.
1301:
1302:
1303: =head2 The following are operational member functions.
1304:
1305: =item InitiateTransaction:
1306:
1307: Called to initiate a new transaction
1308:
1309: =item SetStateTransitionCallback:
1310:
1311: Called to establish a function that is called whenever the object goes
1312: through a state transition. This is used by The client to manage the
1313: work flow for the object.
1314:
1315: =item SetTimeoutCallback:
1316:
1317: Set a function to be called when a transaction times out. The
1318: function will be called with the object as its sole parameter.
1319:
1320: =item Encrypt:
1321:
1322: Encrypts a block of text according to the cipher negotiated with the
1323: peer (assumes the text is a command).
1324:
1325: =item Decrypt:
1326:
1327: Decrypts a block of text according to the cipher negotiated with the
1328: peer (assumes the block was a reply.
1329:
1330: =item Shutdown:
1331:
1332: Shuts off the socket.
1333:
1334: =head2 The following are selector member functions:
1335:
1336: =item GetState:
1337:
1338: Returns the current state
1339:
1340: =item GetSocket:
1341:
1342: Gets the socekt open on the connection to lond.
1343:
1344: =item WantReadable:
1345:
1346: true if the current state requires a readable event.
1347:
1348: =item WantWritable:
1349:
1350: true if the current state requires a writable event.
1351:
1352: =item WantTimeout:
1353:
1354: true if the current state requires timeout support.
1355:
1356: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to LondConnection.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom