--- loncom/lond 2004/07/27 11:21:48 1.215 +++ loncom/lond 2004/07/27 11:34:49 1.216 @@ -2,7 +2,7 @@ # The LearningOnline Network # lond "LON Daemon" Server (port "LOND" 5663) # -# $Id: lond,v 1.215 2004/07/27 11:21:48 foxr Exp $ +# $Id: lond,v 1.216 2004/07/27 11:34:49 foxr Exp $ # # Copyright Michigan State University Board of Trustees # @@ -56,7 +56,7 @@ my $DEBUG = 0; # Non zero to ena my $status=''; my $lastlog=''; -my $VERSION='$Revision: 1.215 $'; #' stupid emacs +my $VERSION='$Revision: 1.216 $'; #' stupid emacs my $remoteVERSION; my $currenthostid="default"; my $currentdomainid; @@ -1039,6 +1039,8 @@ sub tie_user_hash { # declaration: # +#++ +# # Handles ping requests. # Parameters: # $cmd - the actual keyword that invoked us. @@ -1063,6 +1065,7 @@ sub ping_handler { } ®ister_handler("ping", \&ping_handler, 0, 1, 1); # Ping unencoded, client or manager. +#++ # # Handles pong requests. Pong replies with our current host id, and # the results of a ping sent to us via our lonc. @@ -1089,6 +1092,51 @@ sub pong_handler { } ®ister_handler("pong", \&pong_handler, 0, 1, 1); # Pong unencoded, client or manager +#++ +# Called to establish an encrypted session key with the remote client. +# Note that with secure lond, in most cases this function is never +# invoked. Instead, the secure session key is established either +# via a local file that's locked down tight and only lives for a short +# time, or via an ssl tunnel...and is generated from a bunch-o-random +# bits from /dev/urandom, rather than the predictable pattern used by +# by this sub. This sub is only used in the old-style insecure +# key negotiation. +# Parameters: +# $cmd - the actual keyword that invoked us. +# $tail - the tail of the request that invoked us. +# $replyfd- File descriptor connected to the client +# Implicit Inputs: +# $currenthostid - Global variable that carries the name of the host +# known as. +# $clientname - Global variable that carries the name of the hsot we're connected to. +# Returns: +# 1 - Ok to continue processing. +# 0 - Program should exit. +# Implicit Outputs: +# Reply information is sent to the client. +# $cipher is set with a reference to a new IDEA encryption object. +# +sub establish_key_handler { + my ($cmd, $tail, $replyfd) = @_; + + my $buildkey=time.$$.int(rand 100000); + $buildkey=~tr/1-6/A-F/; + $buildkey=int(rand 100000).$buildkey.int(rand 100000); + my $key=$currenthostid.$clientname; + $key=~tr/a-z/A-Z/; + $key=~tr/G-P/0-9/; + $key=~tr/Q-Z/0-9/; + $key=$key.$buildkey.$key.$buildkey.$key.$buildkey; + $key=substr($key,0,32); + my $cipherkey=pack("H32",$key); + $cipher=new IDEA $cipherkey; + &Reply($replyfd, "$buildkey\n", "$cmd:$tail"); + + return 1; + +} +®ister_handler("ekey", \&establish_key_handler, 0, 1,1); + #--------------------------------------------------------------- @@ -1204,22 +1252,8 @@ sub process_request { #------------------- Commands not yet in spearate handlers. -------------- -# ------------------------------------------------------------------------ ekey - if ($userinput =~ /^ekey/) { # ok for both clients & mgrs - my $buildkey=time.$$.int(rand 100000); - $buildkey=~tr/1-6/A-F/; - $buildkey=int(rand 100000).$buildkey.int(rand 100000); - my $key=$currenthostid.$clientname; - $key=~tr/a-z/A-Z/; - $key=~tr/G-P/0-9/; - $key=~tr/Q-Z/0-9/; - $key=$key.$buildkey.$key.$buildkey.$key.$buildkey; - $key=substr($key,0,32); - my $cipherkey=pack("H32",$key); - $cipher=new IDEA $cipherkey; - print $client "$buildkey\n"; # ------------------------------------------------------------------------ load - } elsif ($userinput =~ /^load/) { # client only + if ($userinput =~ /^load/) { # client only if (isClient) { my $loadavg; {