|
version 1.134, 2003/08/12 03:28:31
|
version 1.140, 2003/08/26 11:15:57
|
|
Line 50
|
Line 50
|
| # population). Since the time averaged connection rate is close to zero |
# population). Since the time averaged connection rate is close to zero |
| # because lonc's purpose is to maintain near continuous connnections, |
# because lonc's purpose is to maintain near continuous connnections, |
| # preforking is not really needed. |
# preforking is not really needed. |
| |
# 08/xx/2003 Ron Fox: Add management requests. Management requests |
| |
# will be validated via a call to ValidateManager. At present, this |
| |
# is done by simple host verification. In the future we can modify |
| |
# this function to do a certificate check. |
| |
# Management functions supported include: |
| |
# - pushing /home/httpd/lonTabs/hosts.tab |
| |
# - pushing /home/httpd/lonTabs/domain.tab |
| ### |
### |
| |
|
| use strict; |
use strict; |
|
Line 80 my $currenthostid;
|
Line 87 my $currenthostid;
|
| my $currentdomainid; |
my $currentdomainid; |
| |
|
| my $client; |
my $client; |
| |
my $clientip; |
| |
|
| my $server; |
my $server; |
| my $thisserver; |
my $thisserver; |
| |
|
|
Line 126 my @adderrors = ("ok",
|
Line 135 my @adderrors = ("ok",
|
| |
|
| |
|
| # |
# |
| |
# GetCertificate: Given a transaction that requires a certificate, |
| |
# this function will extract the certificate from the transaction |
| |
# request. Note that at this point, the only concept of a certificate |
| |
# is the hostname to which we are connected. |
| |
# |
| |
# Parameter: |
| |
# request - The request sent by our client (this parameterization may |
| |
# need to change when we really use a certificate granting |
| |
# authority. |
| |
# |
| |
sub GetCertificate { |
| |
my $request = shift; |
| |
|
| |
return $clientip; |
| |
} |
| |
|
| |
|
| |
# |
| |
# ValidManager: Determines if a given certificate represents a valid manager. |
| |
# in this primitive implementation, the 'certificate' is |
| |
# just the connecting loncapa client name. This is checked |
| |
# against a valid client list in the configuration. |
| |
# |
| |
# |
| |
sub ValidManager { |
| |
my $certificate = shift; |
| |
|
| |
my $hostentry = $hostid{$certificate}; |
| |
if ($hostentry ne undef) { |
| |
&logthis('<font color="yellow">Authenticating manager'. |
| |
" $hostentry</font>"); |
| |
return 1; |
| |
} else { |
| |
&logthis('<font color="red"> Failed manager authentication '. |
| |
"$certificate </font>"); |
| |
} |
| |
} |
| |
# |
| # Convert an error return code from lcpasswd to a string value. |
# Convert an error return code from lcpasswd to a string value. |
| # |
# |
| sub lcpasswdstrerror { |
sub lcpasswdstrerror { |
|
Line 527 sub make_new_child {
|
Line 574 sub make_new_child {
|
| sigprocmask(SIG_BLOCK, $sigset) |
sigprocmask(SIG_BLOCK, $sigset) |
| or die "Can't block SIGINT for fork: $!\n"; |
or die "Can't block SIGINT for fork: $!\n"; |
| |
|
| my $clientip; |
|
| die "fork: $!" unless defined ($pid = fork); |
die "fork: $!" unless defined ($pid = fork); |
| |
|
| if ($pid) { |
if ($pid) { |
|
Line 645 sub make_new_child {
|
Line 691 sub make_new_child {
|
| if ($userinput =~ /^ping/) { |
if ($userinput =~ /^ping/) { |
| print $client "$currenthostid\n"; |
print $client "$currenthostid\n"; |
| # ------------------------------------------------------------------------ pong |
# ------------------------------------------------------------------------ pong |
| } elsif ($userinput =~ /^pong/) { |
}elsif ($userinput =~ /^pong/) { |
| my $reply=&reply("ping",$hostid{$clientip}); |
my $reply=&reply("ping",$hostid{$clientip}); |
| print $client "$currenthostid:$reply\n"; |
print $client "$currenthostid:$reply\n"; |
| # ------------------------------------------------------------------------ ekey |
# ------------------------------------------------------------------------ ekey |
|
Line 676 sub make_new_child {
|
Line 722 sub make_new_child {
|
| } elsif ($userinput =~ /^userload/) { |
} elsif ($userinput =~ /^userload/) { |
| my $userloadpercent=&userload(); |
my $userloadpercent=&userload(); |
| print $client "$userloadpercent\n"; |
print $client "$userloadpercent\n"; |
| |
|
| |
# |
| |
# Transactions requiring encryption: |
| |
# |
| # ----------------------------------------------------------------- currentauth |
# ----------------------------------------------------------------- currentauth |
| } elsif ($userinput =~ /^currentauth/) { |
} elsif ($userinput =~ /^currentauth/) { |
| if ($wasenc==1) { |
if ($wasenc==1) { |
|
Line 690 sub make_new_child {
|
Line 740 sub make_new_child {
|
| } else { |
} else { |
| print $client "refused\n"; |
print $client "refused\n"; |
| } |
} |
| |
#--------------------------------------------------------------------- pushfile |
| |
} elsif($userinput =~ /^pushfile/) { |
| |
if($wasenc == 1) { |
| |
my $cert = GetCertificate($userinput); |
| |
if(ValidManager($cert)) { |
| |
print $client "ok\n"; |
| |
} else { |
| |
print $client "refused\n"; |
| |
} |
| |
} else { |
| |
print $client "refused\n"; |
| |
} |
| |
#--------------------------------------------------------------------- reinit |
| |
} elsif($userinput =~ /^reinit/) { |
| |
if ($wasenc == 1) { |
| |
my $cert = GetCertificate($userinput); |
| |
if(ValidManager($cert)) { |
| |
print $client "ok\n"; |
| |
} else { |
| |
print $client "refused\n"; |
| |
} |
| |
} else { |
| |
print $client "refused\n"; |
| |
} |
| # ------------------------------------------------------------------------ auth |
# ------------------------------------------------------------------------ auth |
| } elsif ($userinput =~ /^auth/) { |
} elsif ($userinput =~ /^auth/) { |
| if ($wasenc==1) { |
if ($wasenc==1) { |
|
Line 801 sub make_new_child {
|
Line 875 sub make_new_child {
|
| my $salt=time; |
my $salt=time; |
| $salt=substr($salt,6,2); |
$salt=substr($salt,6,2); |
| my $ncpass=crypt($npass,$salt); |
my $ncpass=crypt($npass,$salt); |
| { my $pf = IO::File->new(">$passfilename"); |
{ |
| print $pf "internal:$ncpass\n"; } |
my $pf; |
| &logthis("Result of password change for $uname: pwchange_success"); |
if ($pf = IO::File->new(">$passfilename")) { |
| print $client "ok\n"; |
print $pf "internal:$ncpass\n"; |
| |
&logthis("Result of password change for $uname: pwchange_success"); |
| |
print $client "ok\n"; |
| |
} else { |
| |
&logthis("Unable to open $uname passwd to change password"); |
| |
print $client "non_authorized\n"; |
| |
} |
| |
} |
| |
|
| } else { |
} else { |
| print $client "non_authorized\n"; |
print $client "non_authorized\n"; |
| } |
} |
|
Line 1726 sub make_new_child {
|
Line 1808 sub make_new_child {
|
| } |
} |
| if ($ulsout eq '') { $ulsout='empty'; } |
if ($ulsout eq '') { $ulsout='empty'; } |
| print $client "$ulsout\n"; |
print $client "$ulsout\n"; |
| |
# ----------------------------------------------------------------- setannounce |
| |
} elsif ($userinput =~ /^setannounce/) { |
| |
my ($cmd,$announcement)=split(/:/,$userinput); |
| |
chomp($announcement); |
| |
$announcement=&unescape($announcement); |
| |
if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}. |
| |
'/announcement.txt')) { |
| |
print $store $announcement; |
| |
close $store; |
| |
print $client "ok\n"; |
| |
} else { |
| |
print $client "error: ".($!+0)."\n"; |
| |
} |
| # ------------------------------------------------------------------ Hanging up |
# ------------------------------------------------------------------ Hanging up |
| } elsif (($userinput =~ /^exit/) || |
} elsif (($userinput =~ /^exit/) || |
| ($userinput =~ /^init/)) { |
($userinput =~ /^init/)) { |
|
Line 2098 sub userload {
|
Line 2193 sub userload {
|
| my $curtime=time; |
my $curtime=time; |
| while ($filename=readdir(LONIDS)) { |
while ($filename=readdir(LONIDS)) { |
| if ($filename eq '.' || $filename eq '..') {next;} |
if ($filename eq '.' || $filename eq '..') {next;} |
| my ($atime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[8]; |
my ($mtime)=(stat($perlvar{'lonIDsDir'}.'/'.$filename))[9]; |
| if ($curtime-$atime < 3600) { $numusers++; } |
if ($curtime-$mtime < 3600) { $numusers++; } |
| } |
} |
| closedir(LONIDS); |
closedir(LONIDS); |
| } |
} |
|
Line 2381 Send along temporarily stored informatio
|
Line 2476 Send along temporarily stored informatio
|
| |
|
| List part of a user's directory. |
List part of a user's directory. |
| |
|
| |
=item pushtable |
| |
|
| |
Pushes a file in /home/httpd/lonTab directory. Currently limited to: |
| |
hosts.tab and domain.tab. The old file is copied to *.tab.backup but |
| |
must be restored manually in case of a problem with the new table file. |
| |
pushtable requires that the request be encrypted and validated via |
| |
ValidateManager. The form of the command is: |
| |
enc:pushtable tablename <tablecontents> \n |
| |
where pushtable, tablename and <tablecontents> will be encrypted, but \n is a |
| |
cleartext newline. |
| |
|
| =item Hanging up (exit or init) |
=item Hanging up (exit or init) |
| |
|
| What to do when a client tells the server that they (the client) |
What to do when a client tells the server that they (the client) |
|
Line 2391 are leaving the network.
|
Line 2497 are leaving the network.
|
| If B<lond> is sent an unknown command (not in the list above), |
If B<lond> is sent an unknown command (not in the list above), |
| it replys to the client "unknown_cmd". |
it replys to the client "unknown_cmd". |
| |
|
| |
|
| =item UNKNOWN CLIENT |
=item UNKNOWN CLIENT |
| |
|
| If the anti-spoofing algorithm cannot verify the client, |
If the anti-spoofing algorithm cannot verify the client, |
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom