loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.92 and 1.107

version 1.92, 2002/08/22 21:37:35	version 1.107, 2003/01/15 19:34:02
Line 54	Line 54
# 02/19 Matthew Hall	# 02/19 Matthew Hall
# 02/25 Gerd Kortemeyer	# 02/25 Gerd Kortemeyer
# 05/11 Scott Harrison	# 05/11 Scott Harrison
	# 01/xx/2003 Ron Fox.. Remove preforking. This makes the general daemon
	# logic simpler (and there were problems maintaining the preforked
	# population). Since the time averaged connection rate is close to zero
	# because lonc's purpose is to maintain near continuous connnections,
	# preforking is not really needed.
###	###

# based on "Perl Cookbook" ISBN 1-56592-243-3
# preforker - server who forks first
# runs as a daemon
# HUPs
# uses IDEA encryption

use lib '/home/httpd/lib/perl/';	use lib '/home/httpd/lib/perl/';
use LONCAPA::Configuration;	use LONCAPA::Configuration;
Line 83 my $DEBUG = 0; # Non zero to ena	Line 83 my $DEBUG = 0; # Non zero to ena
my $status='';	my $status='';
my $lastlog='';	my $lastlog='';

	#
	# The array below are password error strings."
	#
	my $lastpwderror = 13; # Largest error number from lcpasswd.
	my @passwderrors = ("ok",
	"lcpasswd must be run as user 'www'",
	"lcpasswd got incorrect number of arguments",
	"lcpasswd did not get the right nubmer of input text lines",
	"lcpasswd too many simultaneous pwd changes in progress",
	"lcpasswd User does not exist.",
	"lcpasswd Incorrect current passwd",
	"lcpasswd Unable to su to root.",
	"lcpasswd Cannot set new passwd.",
	"lcpasswd Username has invalid characters",
	"lcpasswd Invalid characters in password",
	"11", "12",
	"lcpasswd Password mismatch");


	# The array below are lcuseradd error strings.:

	my $lastadderror = 13;
	my @adderrors = ("ok",
	"User ID mismatch, lcuseradd must run as user www",
	"lcuseradd Incorrect number of command line parameters must be 3",
	"lcuseradd Incorrect number of stdinput lines, must be 3",
	"lcuseradd Too many other simultaneous pwd changes in progress",
	"lcuseradd User does not exist",
	"lcuseradd Unabel to mak ewww member of users's group",
	"lcuseradd Unable to su to root",
	"lcuseradd Unable to set password",
	"lcuseradd Usrname has invbalid charcters",
	"lcuseradd Password has an invalid character",
	"lcuseradd User already exists",
	"lcuseradd Could not add user.",
	"lcuseradd Password mismatch");


	#
	# Convert an error return code from lcpasswd to a string value.
	#
	sub lcpasswdstrerror {
	my $ErrorCode = shift;
	if(($ErrorCode < 0) \|\| ($ErrorCode > $lastpwderror)) {
	return "lcpasswd Unrecognized error return value ".$ErrorCode;
	} else {
	return $passwderrors[$ErrorCode];
	}
	}

	#
	# Convert an error return code from lcuseradd to a string value:
	#
	sub lcuseraddstrerror {
	my $ErrorCode = shift;
	if(($ErrorCode < 0) \|\| ($ErrorCode > $lastadderror)) {
	return "lcuseradd - Unrecognized error code: ".$ErrorCode;
	} else {
	return $adderrors[$ErrorCode];
	}
	}

# grabs exception and records it to log before exiting	# grabs exception and records it to log before exiting
sub catchexception {	sub catchexception {
my ($error)=@_;	my ($error)=@_;
Line 107 $SIG{'QUIT'}=\&catchexception;	Line 169 $SIG{'QUIT'}=\&catchexception;
$SIG{__DIE__}=\&catchexception;	$SIG{__DIE__}=\&catchexception;

# ---------------------------------- Read loncapa_apache.conf and loncapa.conf	# ---------------------------------- Read loncapa_apache.conf and loncapa.conf
&status("Read loncapa_apache.conf and loncapa.conf");	&status("Read loncapa.conf and loncapa_apache.conf");
my $perlvarref=LONCAPA::Configuration::read_conf('loncapa_apache.conf',	my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf');
'loncapa.conf');
my %perlvar=%{$perlvarref};	my %perlvar=%{$perlvarref};
undef $perlvarref;	undef $perlvarref;

Line 279 sub status {	Line 340 sub status {
my $now=time;	my $now=time;
my $local=localtime($now);	my $local=localtime($now);
$status=$local.': '.$what;	$status=$local.': '.$what;
	$0='lond: '.$what.' '.$local;
}	}

# -------------------------------------------------------- Escape Special Chars	# -------------------------------------------------------- Escape Special Chars
Line 429 close(PIDSAVE);	Line 491 close(PIDSAVE);
&logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");	&logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
&status('Starting');	&status('Starting');

# ------------------------------------------------------- Now we are on our own

# Fork off our children.
for (1 .. $PREFORK) {
make_new_child();
}

# ----------------------------------------------------- Install signal handlers	# ----------------------------------------------------- Install signal handlers

&status('Forked children');

$SIG{CHLD} = \&REAPER;	$SIG{CHLD} = \&REAPER;
$SIG{INT} = $SIG{TERM} = \&HUNTSMAN;	$SIG{INT} = $SIG{TERM} = \&HUNTSMAN;
$SIG{HUP} = \&HUPSMAN;	$SIG{HUP} = \&HUPSMAN;
$SIG{USR1} = \&checkchildren;	$SIG{USR1} = \&checkchildren;

# And maintain the population.

	# --------------------------------------------------------------
	# Accept connections. When a connection comes in, it is validated
	# and if good, a child process is created to process transactions
	# along the connection.

while (1) {	while (1) {
&status('Sleeping');	$client = $server->accept() or next;
sleep; # wait for a signal (i.e., child's death)	make_new_child($client);
&logthis('Woke up');
&status('Woke up');
for ($i = $children; $i < $PREFORK; $i++) {
make_new_child(); # top up the child pool
}
}	}

sub make_new_child {	sub make_new_child {
	my $client;
my $pid;	my $pid;
my $cipher;	my $cipher;
my $sigset;	my $sigset;

	$client = shift;
&logthis("Attempting to start child");	&logthis("Attempting to start child");
# block signal for fork	# block signal for fork
$sigset = POSIX::SigSet->new(SIGINT);	$sigset = POSIX::SigSet->new(SIGINT);
Line 493 sub make_new_child {	Line 553 sub make_new_child {
&Authen::Krb5::init_context();	&Authen::Krb5::init_context();
&Authen::Krb5::init_ets();	&Authen::Krb5::init_ets();

# handle connections until we've reached $MAX_CLIENTS_PER_CHILD
for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) {
&status('Idle, waiting for connection');
$client = $server->accept() or last;
&status('Accepted connection');	&status('Accepted connection');
# =============================================================================	# =============================================================================
# do something with the connection	# do something with the connection
# -----------------------------------------------------------------------------	# -----------------------------------------------------------------------------
	$client->sockopt(SO_KEEPALIVE, 1);# Enable monitoring of
	# connection liveness.
# see if we know client and check for spoof IP by challenge	# see if we know client and check for spoof IP by challenge
my $caller=getpeername($client);	my $caller = getpeername($client);
my ($port,$iaddr)=unpack_sockaddr_in($caller);	my ($port,$iaddr)=unpack_sockaddr_in($caller);
my $clientip=inet_ntoa($iaddr);	my $clientip=inet_ntoa($iaddr);
my $clientrec=($hostid{$clientip} ne undef);	my $clientrec=($hostid{$clientip} ne undef);
Line 632 sub make_new_child {	Line 690 sub make_new_child {
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
my $pwdcorrect=0;	my $pwdcorrect=0;
if ($howpwd eq 'internal') {	if ($howpwd eq 'internal') {
	&Debug("Internal auth");
$pwdcorrect=	$pwdcorrect=
(crypt($upass,$contentpwd) eq $contentpwd);	(crypt($upass,$contentpwd) eq $contentpwd);
} elsif ($howpwd eq 'unix') {	} elsif ($howpwd eq 'unix') {
$contentpwd=(getpwnam($uname))[1];	&Debug("Unix auth");
my $pwauth_path="/usr/local/sbin/pwauth";	if((getpwnam($uname))[1] eq "") { #no such user!
unless ($contentpwd eq 'x') {	$pwdcorrect = 0;
$pwdcorrect=	} else {
(crypt($upass,$contentpwd) eq $contentpwd);	$contentpwd=(getpwnam($uname))[1];
}	my $pwauth_path="/usr/local/sbin/pwauth";
	unless ($contentpwd eq 'x') {
	$pwdcorrect=
	(crypt($upass,$contentpwd) eq
	$contentpwd);
	}

elsif (-e $pwauth_path) {	elsif (-e $pwauth_path) {
open PWAUTH, "\|$pwauth_path" or	open PWAUTH, "\|$pwauth_path" or
die "Cannot invoke authentication";	die "Cannot invoke authentication";
Line 648 sub make_new_child {	Line 713 sub make_new_child {
close PWAUTH;	close PWAUTH;
$pwdcorrect=!$?;	$pwdcorrect=!$?;
}	}
	}
} elsif ($howpwd eq 'krb4') {	} elsif ($howpwd eq 'krb4') {
$null=pack("C",0);	$null=pack("C",0);
unless ($upass=~/$null/) {	unless ($upass=~/$null/) {
$pwdcorrect=(	my $krb4_error = &Authen::Krb4::get_pw_in_tkt
Authen::Krb4::get_pw_in_tkt($uname,"",	($uname,"",$contentpwd,'krbtgt',
$contentpwd,'krbtgt',$contentpwd,1,	$contentpwd,1,$upass);
$upass) == 0);	if (!$krb4_error) {
} else { $pwdcorrect=0; }	$pwdcorrect = 1;
	} else {
	$pwdcorrect=0;
	# log error if it is not a bad password
	if ($krb4_error != 62) {
	&logthis('krb4:'.$uname.','.$contentpwd.','.
	&Authen::Krb4::get_err_txt($Authen::Krb4::error));
	}
	}
	}
} elsif ($howpwd eq 'krb5') {	} elsif ($howpwd eq 'krb5') {
$null=pack("C",0);	$null=pack("C",0);
unless ($upass=~/$null/) {	unless ($upass=~/$null/) {
Line 696 sub make_new_child {	Line 771 sub make_new_child {
chomp($npass);	chomp($npass);
$upass=&unescape($upass);	$upass=&unescape($upass);
$npass=&unescape($npass);	$npass=&unescape($npass);
&logthis("Trying to change password for $uname");	&Debug("Trying to change password for $uname");
my $proname=propath($udom,$uname);	my $proname=propath($udom,$uname);
my $passfilename="$proname/passwd";	my $passfilename="$proname/passwd";
if (-e $passfilename) {	if (-e $passfilename) {
Line 706 sub make_new_child {	Line 781 sub make_new_child {
chomp($realpasswd);	chomp($realpasswd);
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
if ($howpwd eq 'internal') {	if ($howpwd eq 'internal') {
	&Debug("internal auth");
if (crypt($upass,$contentpwd) eq $contentpwd) {	if (crypt($upass,$contentpwd) eq $contentpwd) {
my $salt=time;	my $salt=time;
$salt=substr($salt,6,2);	$salt=substr($salt,6,2);
Line 722 sub make_new_child {	Line 798 sub make_new_child {
# one way or another.	# one way or another.
# First: Make sure the current password is	# First: Make sure the current password is
# correct	# correct
	&Debug("auth is unix");
$contentpwd=(getpwnam($uname))[1];	$contentpwd=(getpwnam($uname))[1];
my $pwdcorrect = "0";	my $pwdcorrect = "0";
my $pwauth_path="/usr/local/sbin/pwauth";	my $pwauth_path="/usr/local/sbin/pwauth";
Line 733 sub make_new_child {	Line 810 sub make_new_child {
die "Cannot invoke authentication";	die "Cannot invoke authentication";
print PWAUTH "$uname\n$upass\n";	print PWAUTH "$uname\n$upass\n";
close PWAUTH;	close PWAUTH;
$pwdcorrect=!$?;	&Debug("exited pwauth with $? ($uname,$upass) ");
	$pwdcorrect=($? == 0);
}	}
if ($pwdcorrect) {	if ($pwdcorrect) {
my $execdir=$perlvar{'lonDaemons'};	my $execdir=$perlvar{'lonDaemons'};
my $pf = IO::File->new("\|$execdir/lcpasswd");	&Debug("Opening lcpasswd pipeline");
	my $pf = IO::File->new("\|$execdir/lcpasswd > /home/www/lcpasswd.log");
print $pf "$uname\n$npass\n$npass\n";	print $pf "$uname\n$npass\n$npass\n";
close $pf;	close $pf;
my $result = ($?>0 ? 'pwchange_failure'	my $err = $?;
	my $result = ($err>0 ? 'pwchange_failure'
: 'ok');	: 'ok');
&logthis("Result of password change for $uname: $result");	&logthis("Result of password change for $uname: ".
	&lcpasswdstrerror($?));
print $client "$result\n";	print $client "$result\n";
} else {	} else {
print $client "non_authorized\n";	print $client "non_authorized\n";
Line 788 sub make_new_child {	Line 869 sub make_new_child {
}	}
}	}
unless ($fperror) {	unless ($fperror) {
my $result=&make_passwd_file($umode,$npass,	my $result=&make_passwd_file($uname, $umode,$npass,
$passfilename);	$passfilename);
print $client $result;	print $client $result;
} else {	} else {
Line 814 sub make_new_child {	Line 895 sub make_new_child {
if ($udom ne $perlvar{'lonDefDomain'}) {	if ($udom ne $perlvar{'lonDefDomain'}) {
print $client "not_right_domain\n";	print $client "not_right_domain\n";
} else {	} else {
&make_passwd_file($umode,$npass,$passfilename);	my $result=&make_passwd_file($uname, $umode,$npass,
	$passfilename);
print $client $result;	print $client $result;
}	}
} else {	} else {
Line 937 sub make_new_child {	Line 1019 sub make_new_child {
# ------------------------------------------------------------------- subscribe	# ------------------------------------------------------------------- subscribe
} elsif ($userinput =~ /^sub/) {	} elsif ($userinput =~ /^sub/) {
print $client &subscribe($userinput,$clientip);	print $client &subscribe($userinput,$clientip);
	# ------------------------------------------------------------- current version
	} elsif ($userinput =~ /^currentversion/) {
	my ($cmd,$fname)=split(/:/,$userinput);
	print $client &currentversion($fname)."\n";
# ------------------------------------------------------------------------- log	# ------------------------------------------------------------------------- log
} elsif ($userinput =~ /^log/) {	} elsif ($userinput =~ /^log/) {
my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);	my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
Line 1135 sub make_new_child {	Line 1221 sub make_new_child {
} else {	} else {
print $client "error:$!\n";	print $client "error:$!\n";
}	}
	# ----------------------------------------------------------------- dumpcurrent
	} elsif ($userinput =~ /^currentdump/) {
	my ($cmd,$udom,$uname,$namespace)
	=split(/:/,$userinput);
	$namespace=~s/\//\_/g;
	$namespace=~s/\W//g;
	my $qresult='';
	my $proname=propath($udom,$uname);
	if (tie(%hash,'GDBM_File',
	"$proname/$namespace.db",
	&GDBM_READER(),0640)) {
	# Structure of %data:
	# $data{$symb}->{$parameter}=$value;
	# $data{$symb}->{'v.'.$parameter}=$version;
	# since $parameter will be unescaped, we do not
	# have to worry about silly parameter names...
	my %data = ();
	while (my ($key,$value) = each(%hash)) {
	my ($v,$symb,$param) = split(/:/,$key);
	next if ($v eq 'version' \|\| $symb eq 'keys');
	next if (exists($data{$symb}) &&
	exists($data{$symb}->{$param}) &&
	$data{$symb}->{'v.'.$param} > $v);
	$data{$symb}->{$param}=$value;
	$data{$symb}->{'v.'.$param}=$v;
	}
	if (untie(%hash)) {
	while (my ($symb,$param_hash) = each(%data)) {
	while(my ($param,$value) = each (%$param_hash)){
	next if ($param =~ /^v\./);
	$qresult.=$symb.':'.$param.'='.$value.'&';
	}
	}
	chop($qresult);
	print $client "$qresult\n";
	} else {
	print $client "error:$!\n";
	}
	} else {
	print $client "error:$!\n";
	}
# ------------------------------------------------------------------------ dump	# ------------------------------------------------------------------------ dump
} elsif ($userinput =~ /^dump/) {	} elsif ($userinput =~ /^dump/) {
my ($cmd,$udom,$uname,$namespace,$regexp)	my ($cmd,$udom,$uname,$namespace,$regexp)
Line 1146 sub make_new_child {	Line 1273 sub make_new_child {
} else {	} else {
$regexp='.';	$regexp='.';
}	}
my $proname=propath($udom,$uname);
my $qresult='';	my $qresult='';
if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {	my $proname=propath($udom,$uname);
	if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
study($regexp);	study($regexp);
foreach $key (keys %hash) {	while (($key,$value) = each(%hash)) {
my $unescapeKey = &unescape($key);	if ($regexp eq '.') {
if (eval('$unescapeKey=~/$regexp/')) {	$qresult.=$key.'='.$value.'&';
$qresult.="$key=$hash{$key}&";	} else {
}	my $unescapeKey = &unescape($key);
	if (eval('$unescapeKey=~/$regexp/')) {
	$qresult.="$key=$value&";
	}
	}
}	}
if (untie(%hash)) {	if (untie(%hash)) {
$qresult=~s/\&$//;	chop($qresult);
print $client "$qresult\n";	print $client "$qresult\n";
} else {	} else {
print $client "error:$!\n";	print $client "error:$!\n";
}	}
} else {	} else {
print $client "error:$!\n";	print $client "error:$!\n";
Line 1408 sub make_new_child {	Line 1539 sub make_new_child {
&logthis("<font color=blue>WARNING: "	&logthis("<font color=blue>WARNING: "
."Rejected client $clientip, closing connection</font>");	."Rejected client $clientip, closing connection</font>");
}	}
}	}

# =============================================================================	# =============================================================================

&logthis("<font color=red>CRITICAL: "	&logthis("<font color=red>CRITICAL: "
."Disconnect from $clientip ($hostid{$clientip})</font>");	."Disconnect from $clientip ($hostid{$clientip})</font>");
# tidy up gracefully and finish

$server->close();

# this exit is VERY important, otherwise the child will become	# this exit is VERY important, otherwise the child will become
# a producer of more and more children, forking yourself into	# a producer of more and more children, forking yourself into
# process death.	# process death.
exit;	exit;
}
}	}


Line 1565 sub unsub {	Line 1694 sub unsub {
return $result;	return $result;
}	}

	sub currentversion {
	my $fname=shift;
	my $version=-1;
	my $ulsdir='';
	if ($fname=~/^(.+)\/[^\/]+$/) {
	$ulsdir=$1;
	}
	$fname=~s/\.\d+\.(\w+(?:\.meta)*)$/\.$1/;
	$fname=~s/\.(\w+(?:\.meta)*)$/\.$\\d\+$\.$1\$/;

	if (-e $fname) { $version=1; }
	if (-e $ulsdir) {
	if(-d $ulsdir) {
	if (opendir(LSDIR,$ulsdir)) {
	while ($ulsfn=readdir(LSDIR)) {
	# see if this is a regular file (ignore links produced earlier)
	my $thisfile=$ulsdir.'/'.$ulsfn;
	unless (-l $thisfile) {
	if ($thisfile=~/$fname/) {
	if ($1>$version) { $version=$1; }
	}
	}
	}
	closedir(LSDIR);
	$version++;
	}
	}
	}
	return $version;
	}

	sub thisversion {
	my $fname=shift;
	my $version=-1;
	if ($fname=~/\.(\d+)\.\w+(?:\.meta)*$/) {
	$version=$1;
	}
	return $version;
	}

sub subscribe {	sub subscribe {
my ($userinput,$clientip)=@_;	my ($userinput,$clientip)=@_;
my $result;	my $result;
my ($cmd,$fname)=split(/:/,$userinput);	my ($cmd,$fname)=split(/:/,$userinput);
my $ownership=&ishome($fname);	my $ownership=&ishome($fname);
if ($ownership eq 'owner') {	if ($ownership eq 'owner') {
	# explitly asking for the current version?
	unless (-e $fname) {
	my $currentversion=&currentversion($fname);
	if (&thisversion($fname)==$currentversion) {
	if ($fname=~/^(.+)\.\d+\.(\w+(?:\.meta)*)$/) {
	my $root=$1;
	my $extension=$2;
	symlink($root.'.'.$extension,
	$root.'.'.$currentversion.'.'.$extension);
	unless ($extension=~/\.meta$/) {
	symlink($root.'.'.$extension.'.meta',
	$root.'.'.$currentversion.'.'.$extension.'.meta');
	}
	}
	}
	}
if (-e $fname) {	if (-e $fname) {
if (-d $fname) {	if (-d $fname) {
$result="directory\n";	$result="directory\n";
Line 1598 sub subscribe {	Line 1783 sub subscribe {
}	}

sub make_passwd_file {	sub make_passwd_file {
my ($umode,$npass,$passfilename)=@_;	my ($uname, $umode,$npass,$passfilename)=@_;
my $result="ok\n";	my $result="ok\n";
if ($umode eq 'krb4' or $umode eq 'krb5') {	if ($umode eq 'krb4' or $umode eq 'krb5') {
{	{
Line 1624 sub make_passwd_file {	Line 1809 sub make_passwd_file {
my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";	my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
{	{
&Debug("Executing external: ".$execpath);	&Debug("Executing external: ".$execpath);
my $se = IO::File->new("\|$execpath");	&Debug("user = ".$uname.", Password =". $npass);
	my $se = IO::File->new("\|$execpath > /home/www/lcuseradd.log");
print $se "$uname\n";	print $se "$uname\n";
print $se "$npass\n";	print $se "$npass\n";
print $se "$npass\n";	print $se "$npass\n";
}	}
	my $useraddok = $?;
	if($useraddok > 0) {
	&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
	}
my $pf = IO::File->new(">$passfilename");	my $pf = IO::File->new(">$passfilename");
print $pf "unix:\n";	print $pf "unix:\n";
}	}

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.92
changed lines
	Added in v.1.107