Diff for /loncom/lond between versions 1.217 and 1.218

version 1.217, 2004/07/28 21:33:22 version 1.218, 2004/07/29 10:50:54
Line 1204  sub user_load_handler { Line 1204  sub user_load_handler {
 }  }
 register_handler("userload", \&user_load_handler, 0, 1, 0);  register_handler("userload", \&user_load_handler, 0, 1, 0);
   
   #   Process a request for the authorization type of a user:
   #   (userauth).
   #
   # Parameters:
   #      $cmd    - the actual keyword that invoked us.
   #      $tail   - the tail of the request that invoked us.
   #      $replyfd- File descriptor connected to the client
   #  Returns:
   #      1       - Ok to continue processing.
   #      0       - Program should exit
   # Implicit outputs:
   #    The user authorization type is written to the client.
   #
   sub user_authorization_type {
       my ($cmd, $tail, $replyfd) = @_;
      
       my $userinput = "$cmd:$tail";
      
       #  Pull the domain and username out of the command tail.
       # and call GetAuthType to determine the authentication type.
      
       my ($udom,$uname)=split(/:/,$tail);
       my $result = &GetAuthType($udom, $uname);
       if($result eq "nouser") {
    &Failure( $replyfd, "unknown_user\n", $userinput);
       } else {
    #
    # We only want to pass the second field from GetAuthType
    # for ^krb.. otherwise we'll be handing out the encrypted
    # password for internals e.g.
    #
    my ($type,$otherinfo) = split(/:/,$result);
    if($type =~ /^krb/) {
       $type = $result;
    }
    &Reply( $replyfd, "$type\n", $userinput);
       }
     
       return 1;
   }
   &register_handler("currentauth", \&user_authorization_type, 1, 1, 0);
   
   #   Process a request by a manager to push a hosts or domain table 
   #   to us.  We pick apart the command and pass it on to the subs
   #   that already exist to do this.
   #
   # Parameters:
   #      $cmd    - the actual keyword that invoked us.
   #      $tail   - the tail of the request that invoked us.
   #      $client - File descriptor connected to the client
   #  Returns:
   #      1       - Ok to continue processing.
   #      0       - Program should exit
   # Implicit Output:
   #    a reply is written to the client.
   
   sub push_file_handler {
       my ($cmd, $tail, $client) = @_;
   
       my $userinput = "$cmd:$tail";
   
       # At this time we only know that the IP of our partner is a valid manager
       # the code below is a hook to do further authentication (e.g. to resolve
       # spoofing).
   
       my $cert = &GetCertificate($userinput);
       if(&ValidManager($cert)) { 
   
    # Now presumably we have the bona fides of both the peer host and the
    # process making the request.
         
    my $reply = &PushFile($userinput);
    &Reply($client, "$reply\n", $userinput);
   
       } else {
    &Failure( $client, "refused\n", $userinput);
       } 
   }
   &register_handler("pushfile", \&push_file_handler, 1, 0, 1);
   
   
   
   #   Process a reinit request.  Reinit requests that either
   #   lonc or lond be reinitialized so that an updated 
   #   host.tab or domain.tab can be processed.
   #
   # Parameters:
   #      $cmd    - the actual keyword that invoked us.
   #      $tail   - the tail of the request that invoked us.
   #      $client - File descriptor connected to the client
   #  Returns:
   #      1       - Ok to continue processing.
   #      0       - Program should exit
   #  Implicit output:
   #     a reply is sent to the client.
   #
   sub reinit_process_handler {
       my ($cmd, $tail, $client) = @_;
      
       my $userinput = "$cmd:$tail";
      
       my $cert = &GetCertificate($userinput);
       if(&ValidManager($cert)) {
    chomp($userinput);
    my $reply = &ReinitProcess($userinput);
    &Reply( $client,  "$reply\n", $userinput);
       } else {
    &Failure( $client, "refused\n", $userinput);
       }
       return 1;
   }
   
   &register_handler("reinit", \&reinit_process_handler, 1, 0, 1);
   
   #  Process the editing script for a table edit operation.
   #  the editing operation must be encrypted and requested by
   #  a manager host.
   #
   # Parameters:
   #      $cmd    - the actual keyword that invoked us.
   #      $tail   - the tail of the request that invoked us.
   #      $client - File descriptor connected to the client
   #  Returns:
   #      1       - Ok to continue processing.
   #      0       - Program should exit
   #  Implicit output:
   #     a reply is sent to the client.
   #
   sub edit_table_handler {
       my ($command, $tail, $client) = @_;
      
       my $userinput = "$command:$tail";
   
       my $cert = &GetCertificate($userinput);
       if(&ValidManager($cert)) {
    my($filetype, $script) = split(/:/, $tail);
    if (($filetype eq "hosts") || 
       ($filetype eq "domain")) {
       if($script ne "") {
    &Reply($client,              # BUGBUG - EditFile
         &EditFile($userinput), #   could fail.
         $userinput);
       } else {
    &Failure($client,"refused\n",$userinput);
       }
    } else {
       &Failure($client,"refused\n",$userinput);
    }
       } else {
    &Failure($client,"refused\n",$userinput);
       }
       return 1;
   }
   register_handler("edit", \&edit_table_handler, 1, 0, 1);
   
   
   
   
 #---------------------------------------------------------------  #---------------------------------------------------------------
 #  #
Line 1318  sub process_request { Line 1475  sub process_request {
   
 #------------------- Commands not yet in spearate handlers. --------------  #------------------- Commands not yet in spearate handlers. --------------
   
 # ----------------------------------------------------------------- currentauth  
     if ($userinput =~ /^currentauth/) {  
  if (($wasenc==1)  && isClient) { # Encoded & client only.  
     my ($cmd,$udom,$uname)=split(/:/,$userinput);  
     my $result = GetAuthType($udom, $uname);  
     if($result eq "nouser") {  
  print $client "unknown_user\n";  
     }  
     else {  
  print $client "$result\n";  
     }  
  } else {  
     Reply($client, "refused\n", $userinput);  
       
  }  
 #--------------------------------------------------------------------- pushfile  
     } elsif($userinput =~ /^pushfile/) { # encoded & manager.  
  if(($wasenc == 1) && isManager) {  
     my $cert = GetCertificate($userinput);  
     if(ValidManager($cert)) {  
  my $reply = PushFile($userinput);  
  print $client "$reply\n";  
     } else {  
  print $client "refused\n";  
     }   
  } else {  
     Reply($client, "refused\n", $userinput);  
       
  }  
 #--------------------------------------------------------------------- reinit  
     } elsif($userinput =~ /^reinit/) { # Encoded and manager  
  if (($wasenc == 1) && isManager) {  
     my $cert = GetCertificate($userinput);  
     if(ValidManager($cert)) {  
  chomp($userinput);  
  my $reply = ReinitProcess($userinput);  
  print $client  "$reply\n";  
     } else {  
  print $client "refused\n";  
     }  
  } else {  
     Reply($client, "refused\n", $userinput);  
  }  
 #------------------------------------------------------------------------- edit  
     } elsif ($userinput =~ /^edit/) {    # encoded and manager:  
  if(($wasenc ==1) && (isManager)) {  
     my $cert = GetCertificate($userinput);  
     if(ValidManager($cert)) {  
  my($command, $filetype, $script) = split(/:/, $userinput);  
  if (($filetype eq "hosts") || ($filetype eq "domain")) {  
     if($script ne "") {  
  Reply($client, EditFile($userinput));  
     } else {  
  Reply($client,"refused\n",$userinput);  
     }  
  } else {  
     Reply($client,"refused\n",$userinput);  
  }  
             } else {  
  Reply($client,"refused\n",$userinput);  
             }  
  } else {  
     Reply($client,"refused\n",$userinput);  
  }  
 # ------------------------------------------------------------------------ auth  # ------------------------------------------------------------------------ auth
     } elsif ($userinput =~ /^auth/) { # Encoded and client only.      if ($userinput =~ /^auth/) { # Encoded and client only.
  if (($wasenc==1) && isClient) {   if (($wasenc==1) && isClient) {
     my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);      my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
     chomp($upass);      chomp($upass);

Removed from v.1.217  
changed lines
  Added in v.1.218


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>