loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.178.2.9 and 1.225

-version 1.178.2.9, 2004/03/22 09:05:11
+version 1.225, 2004/08/09 10:34:18
  Line 20
  #
  # You should have received a copy of the GNU General Public License
  # along with LON-CAPA; if not, write to the Free Software
  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  #
  # /home/httpd/html/adm/gpl.txt
  #
  Line 45  use Authen::Krb4;
  use Authen::Krb5;
  use lib '/home/httpd/lib/perl/';
  use localauth;
+ use localenroll;
  use File::Copy;
  use LONCAPA::ConfigFileEdit;
+ use LONCAPA::lonlocal;
+ use LONCAPA::lonssl;
+ use Fcntl qw(:flock);
- my $DEBUG = 1;		       # Non zero to enable debug log entries.
+ my $DEBUG = 0;		       # Non zero to enable debug log entries.
  my $status='';
  my $lastlog='';
  my $VERSION='$Revision$'; #' stupid emacs
  my $remoteVERSION;
- my $currenthostid;
+ my $currenthostid="default";
  my $currentdomainid;
  my $client;
- my $clientip;
+ my $clientip;			# IP address of client.
- my $clientname;
+ my $clientdns;			# DNS name of client.
+ my $clientname;			# LonCAPA name of client.
- my $cipher;			# Cipher key negotiated with client.
- my $tmpsnum = 0;;		# Id of tmpputs.
  my $server;
- my $thisserver;
+ my $thisserver;			# DNS of us.
+ my $keymode;
+ my $cipher;			# Cipher key negotiated with client
+ my $tmpsnum = 0;		# Id of tmpputs.
  #
  #   Connection type is:
- Line 77  my $thisserver;
+ Line 84  my $thisserver;
  my $ConnectionType;
- my %hostid;
+ my %hostid;			# ID's for hosts in cluster by ip.
- my %hostdom;
+ my %hostdom;			# LonCAPA domain for hosts in cluster.
- my %hostip;
+ my %hostip;			# IPs for hosts in cluster.
+ my %hostdns;			# ID's of hosts looked up by DNS name.
  my %managers;			# Ip -> manager names
- Line 98  my $CLIENT_OK  = 1;
+ Line 106  my $CLIENT_OK  = 1;
  my $MANAGER_OK = 2;
  my %Dispatcher;
  #
  #  The array below are password error strings."
  #
- Line 113  my @passwderrors = ("ok",
+ Line 122  my @passwderrors = ("ok",
  		   "lcpasswd Cannot set new passwd.",
  		   "lcpasswd Username has invalid characters",
  		   "lcpasswd Invalid characters in password",
- 		    "11", "12",
+ 		   "lcpasswd User already exists",
- 		    "lcpasswd Password mismatch");
+                    "lcpasswd Something went wrong with user addition.",
+ 		    "lcpasswd Password mismatch",
+ 		    "lcpasswd Error filename is invalid");
  #  The array below are lcuseradd error strings.:
- Line 135  my @adderrors    = ("ok",
+ Line 146  my @adderrors    = ("ok",
  		    "lcuseradd Could not add user.",
  		    "lcuseradd Password mismatch");
  #
  #   Statistics that are maintained and dislayed in the status line.
  #
- my $Transactions;		# Number of attempted transactions.
+ my $Transactions = 0;		# Number of attempted transactions.
- my $Failures;			# Number of transcations failed.
+ my $Failures     = 0;		# Number of transcations failed.
  #   ResetStatistics:
  #      Resets the statistics counters:
- Line 149  sub ResetStatistics {
+ Line 162  sub ResetStatistics {
      $Failures     = 0;
  }
+ #------------------------------------------------------------------------
+ #
+ #   LocalConnection
+ #     Completes the formation of a locally authenticated connection.
+ #     This function will ensure that the 'remote' client is really the
+ #     local host.  If not, the connection is closed, and the function fails.
+ #     If so, initcmd is parsed for the name of a file containing the
+ #     IDEA session key.  The fie is opened, read, deleted and the session
+ #     key returned to the caller.
+ #
+ # Parameters:
+ #   $Socket      - Socket open on client.
+ #   $initcmd     - The full text of the init command.
+ #
+ # Implicit inputs:
+ #    $clientdns  - The DNS name of the remote client.
+ #    $thisserver - Our DNS name.
+ #
+ # Returns:
+ #     IDEA session key on success.
+ #     undef on failure.
+ #
+ sub LocalConnection {
+     my ($Socket, $initcmd) = @_;
+     Debug("Attempting local connection: $initcmd client: $clientdns me: $thisserver");
+     if($clientdns ne $thisserver) {
+ 	&logthis('<font color="red"> LocalConnection rejecting non local: '
+ 		 ."$clientdns ne $thisserver </font>");
+ 	close $Socket;
+ 	return undef;
+     }  else {
+ 	chomp($initcmd);	# Get rid of \n in filename.
+ 	my ($init, $type, $name) = split(/:/, $initcmd);
+ 	Debug(" Init command: $init $type $name ");
+ 	# Require that $init = init, and $type = local:  Otherwise
+ 	# the caller is insane:
+ 	if(($init ne "init") && ($type ne "local")) {
+ 	    &logthis('<font color = "red"> LocalConnection: caller is insane! '
+ 		     ."init = $init, and type = $type </font>");
+ 	    close($Socket);;
+ 	    return undef;
+ 	}
+ 	#  Now get the key filename:
+ 	my $IDEAKey = lonlocal::ReadKeyFile($name);
+ 	return $IDEAKey;
+     }
+ }
+ #------------------------------------------------------------------------------
+ #
+ #  SSLConnection
+ #   Completes the formation of an ssh authenticated connection. The
+ #   socket is promoted to an ssl socket.  If this promotion and the associated
+ #   certificate exchange are successful, the IDEA key is generated and sent
+ #   to the remote peer via the SSL tunnel. The IDEA key is also returned to
+ #   the caller after the SSL tunnel is torn down.
+ #
+ # Parameters:
+ #   Name              Type             Purpose
+ #   $Socket          IO::Socket::INET  Plaintext socket.
+ #
+ # Returns:
+ #    IDEA key on success.
+ #    undef on failure.
+ #
+ sub SSLConnection {
+     my $Socket   = shift;
+     Debug("SSLConnection: ");
+     my $KeyFile         = lonssl::KeyFile();
+     if(!$KeyFile) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get key file $err </font>");
+ 	return undef;
+     }
+     my ($CACertificate,
+ 	$Certificate) = lonssl::CertificateFile();
+     # If any of the key, certificate or certificate authority
+     # certificate filenames are not defined, this can't work.
+     if((!$Certificate) || (!$CACertificate)) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get certificates: $err </font>");
+ 	return undef;
+     }
+     Debug("Key: $KeyFile CA: $CACertificate Cert: $Certificate");
+     # Indicate to our peer that we can procede with
+     # a transition to ssl authentication:
+     print $Socket "ok:ssl\n";
+     Debug("Approving promotion -> ssl");
+     #  And do so:
+     my $SSLSocket = lonssl::PromoteServerSocket($Socket,
+ 						$CACertificate,
+ 						$Certificate,
+ 						$KeyFile);
+     if(! ($SSLSocket) ) {	# SSL socket promotion failed.
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL "
+ 		 ."SSL Socket promotion failed: $err </font>");
+ 	return undef;
+     }
+     Debug("SSL Promotion successful");
+     #
+     #  The only thing we'll use the socket for is to send the IDEA key
+     #  to the peer:
+     my $Key = lonlocal::CreateCipherKey();
+     print $SSLSocket "$Key\n";
+     lonssl::Close($SSLSocket);
+     Debug("Key exchange complete: $Key");
+     return $Key;
+ }
+ #
+ #     InsecureConnection:
+ #        If insecure connections are allowd,
+ #        exchange a challenge with the client to 'validate' the
+ #        client (not really, but that's the protocol):
+ #        We produce a challenge string that's sent to the client.
+ #        The client must then echo the challenge verbatim to us.
+ #
+ #  Parameter:
+ #      Socket      - Socket open on the client.
+ #  Returns:
+ #      1           - success.
+ #      0           - failure (e.g.mismatch or insecure not allowed).
+ #
+ sub InsecureConnection {
+     my $Socket  =  shift;
+     #   Don't even start if insecure connections are not allowed.
+     if(! $perlvar{londAllowInsecure}) {	# Insecure connections not allowed.
+ 	return 0;
+     }
+     #   Fabricate a challenge string and send it..
+     my $challenge = "$$".time;	# pid + time.
+     print $Socket "$challenge\n";
+     &status("Waiting for challenge reply");
+     my $answer = <$Socket>;
+     $answer    =~s/\W//g;
+     if($challenge eq $answer) {
+ 	return 1;
+     } else {
+ 	logthis("<font color='blue'>WARNING client did not respond to challenge</font>");
+ 	&status("No challenge reqply");
+ 	return 0;
+     }
+ }
+ #
+ #   GetCertificate: Given a transaction that requires a certificate,
+ #   this function will extract the certificate from the transaction
+ #   request.  Note that at this point, the only concept of a certificate
+ #   is the hostname to which we are connected.
+ #
+ #   Parameter:
+ #      request   - The request sent by our client (this parameterization may
+ #                  need to change when we really use a certificate granting
+ #                  authority.
+ #
+ sub GetCertificate {
+     my $request = shift;
+     return $clientip;
+ }
  #
  #   Return true if client is a manager.
  #
- Line 161  sub isManager {
+ Line 363  sub isManager {
  sub isClient {
      return (($ConnectionType eq "client") || ($ConnectionType eq "both"));
  }
+ #
+ #   ReadManagerTable: Reads in the current manager table. For now this is
+ #                     done on each manager authentication because:
+ #                     - These authentications are not frequent
+ #                     - This allows dynamic changes to the manager table
+ #                       without the need to signal to the lond.
+ #
+ sub ReadManagerTable {
+     #   Clean out the old table first..
+    foreach my $key (keys %managers) {
+       delete $managers{$key};
+    }
+    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+    if (!open (MANAGERS, $tablename)) {
+       logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
+       return;
+    }
+    while(my $host = <MANAGERS>) {
+       chomp($host);
+       if ($host =~ "^#") {                  # Comment line.
+          next;
+       }
+       if (!defined $hostip{$host}) { # This is a non cluster member
+ 	    #  The entry is of the form:
+ 	    #    cluname:hostname
+ 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
+ 	    #            the host key.
+ 	    #  hostname- The dns name of the host.
+ 	    #
+           my($cluname, $dnsname) = split(/:/, $host);
+           my $ip = gethostbyname($dnsname);
+           if(defined($ip)) {                 # bad names don't deserve entry.
+             my $hostip = inet_ntoa($ip);
+             $managers{$hostip} = $cluname;
+             logthis('<font color="green"> registering manager '.
+                     "$dnsname as $cluname with $hostip </font>\n");
+          }
+       } else {
+          logthis('<font color="green"> existing host'." $host</font>\n");
+          $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
+       }
+    }
+ }
+ #
+ #  ValidManager: Determines if a given certificate represents a valid manager.
+ #                in this primitive implementation, the 'certificate' is
+ #                just the connecting loncapa client name.  This is checked
+ #                against a valid client list in the configuration.
+ #
+ #
+ sub ValidManager {
+     my $certificate = shift;
+     return isManager;
+ }
+ #
+ #  CopyFile:  Called as part of the process of installing a
+ #             new configuration file.  This function copies an existing
+ #             file to a backup file.
+ # Parameters:
+ #     oldfile  - Name of the file to backup.
+ #     newfile  - Name of the backup file.
+ # Return:
+ #     0   - Failure (errno has failure reason).
+ #     1   - Success.
+ #
+ sub CopyFile {
+     my ($oldfile, $newfile) = @_;
+     #  The file must exist:
+     if(-e $oldfile) {
+ 	 # Read the old file.
+ 	my $oldfh = IO::File->new("< $oldfile");
+ 	if(!$oldfh) {
+ 	    return 0;
+ 	}
+ 	my @contents = <$oldfh>;  # Suck in the entire file.
+ 	# write the backup file:
+ 	my $newfh = IO::File->new("> $newfile");
+ 	if(!(defined $newfh)){
+ 	    return 0;
+ 	}
+ 	my $lines = scalar @contents;
+ 	for (my $i =0; $i < $lines; $i++) {
+ 	    print $newfh ($contents[$i]);
+ 	}
+ 	$oldfh->close;
+ 	$newfh->close;
+ 	chmod(0660, $newfile);
+ 	return 1;
+     } else {
+ 	return 0;
+     }
+ }
+ #
+ #  Host files are passed out with externally visible host IPs.
+ #  If, for example, we are behind a fire-wall or NAT host, our
+ #  internally visible IP may be different than the externally
+ #  visible IP.  Therefore, we always adjust the contents of the
+ #  host file so that the entry for ME is the IP that we believe
+ #  we have.  At present, this is defined as the entry that
+ #  DNS has for us.  If by some chance we are not able to get a
+ #  DNS translation for us, then we assume that the host.tab file
+ #  is correct.
+ #    BUGBUGBUG - in the future, we really should see if we can
+ #       easily query the interface(s) instead.
+ # Parameter(s):
+ #     contents    - The contents of the host.tab to check.
+ # Returns:
+ #     newcontents - The adjusted contents.
+ #
+ #
+ sub AdjustHostContents {
+     my $contents  = shift;
+     my $adjusted;
+     my $me        = $perlvar{'lonHostID'};
+  foreach my $line (split(/\n/,$contents)) {
+ 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+ 	    chomp($line);
+ 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+ 	    if ($id eq $me) {
+           my $ip = gethostbyname($name);
+           my $ipnew = inet_ntoa($ip);
+          $ip = $ipnew;
+ 		#  Reconstruct the host line and append to adjusted:
+ 		   my $newline = "$id:$domain:$role:$name:$ip";
+ 		   if($maxcon ne "") { # Not all hosts have loncnew tuning params
+ 		     $newline .= ":$maxcon:$idleto:$mincon";
+ 		   }
+ 		   $adjusted .= $newline."\n";
+       } else {		# Not me, pass unmodified.
+ 		   $adjusted .= $line."\n";
+       }
+ 	} else {                  # Blank or comment never re-written.
+ 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
+ 	}
+  }
+  return $adjusted;
+ }
+ #
+ #   InstallFile: Called to install an administrative file:
+ #       - The file is created with <name>.tmp
+ #       - The <name>.tmp file is then mv'd to <name>
+ #   This lugubrious procedure is done to ensure that we are never without
+ #   a valid, even if dated, version of the file regardless of who crashes
+ #   and when the crash occurs.
+ #
+ #  Parameters:
+ #       Name of the file
+ #       File Contents.
+ #  Return:
+ #      nonzero - success.
+ #      0       - failure and $! has an errno.
+ #
+ sub InstallFile {
+     my ($Filename, $Contents) = @_;
+     my $TempFile = $Filename.".tmp";
+     #  Open the file for write:
+     my $fh = IO::File->new("> $TempFile"); # Write to temp.
+     if(!(defined $fh)) {
+ 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
+ 	return 0;
+     }
+     #  write the contents of the file:
+     print $fh ($Contents);
+     $fh->close;			# In case we ever have a filesystem w. locking
+     chmod(0660, $TempFile);
+     # Now we can move install the file in position.
+     move($TempFile, $Filename);
+     return 1;
+ }
+ #
+ #   ConfigFileFromSelector: converts a configuration file selector
+ #                 (one of host or domain at this point) into a
+ #                 configuration file pathname.
+ #
+ #  Parameters:
+ #      selector  - Configuration file selector.
+ #  Returns:
+ #      Full path to the file or undef if the selector is invalid.
+ #
+ sub ConfigFileFromSelector {
+     my $selector   = shift;
+     my $tablefile;
+     my $tabledir = $perlvar{'lonTabDir'}.'/';
+     if ($selector eq "hosts") {
+ 	$tablefile = $tabledir."hosts.tab";
+     } elsif ($selector eq "domain") {
+ 	$tablefile = $tabledir."domain.tab";
+     } else {
+ 	return undef;
+     }
+     return $tablefile;
+ }
+ #
+ #   PushFile:  Called to do an administrative push of a file.
+ #              - Ensure the file being pushed is one we support.
+ #              - Backup the old file to <filename.saved>
+ #              - Separate the contents of the new file out from the
+ #                rest of the request.
+ #              - Write the new file.
+ #  Parameter:
+ #     Request - The entire user request.  This consists of a : separated
+ #               string pushfile:tablename:contents.
+ #     NOTE:  The contents may have :'s in it as well making things a bit
+ #            more interesting... but not much.
+ #  Returns:
+ #     String to send to client ("ok" or "refused" if bad file).
+ #
+ sub PushFile {
+     my $request = shift;
+     my ($command, $filename, $contents) = split(":", $request, 3);
+     #  At this point in time, pushes for only the following tables are
+     #  supported:
+     #   hosts.tab  ($filename eq host).
+     #   domain.tab ($filename eq domain).
+     # Construct the destination filename or reject the request.
+     #
+     # lonManage is supposed to ensure this, however this session could be
+     # part of some elaborate spoof that managed somehow to authenticate.
+     #
+     my $tablefile = ConfigFileFromSelector($filename);
+     if(! (defined $tablefile)) {
+ 	return "refused";
+     }
+     #
+     # >copy< the old table to the backup table
+     #        don't rename in case system crashes/reboots etc. in the time
+     #        window between a rename and write.
+     #
+     my $backupfile = $tablefile;
+     $backupfile    =~ s/\.tab$/.old/;
+     if(!CopyFile($tablefile, $backupfile)) {
+ 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
+ 	return "error:$!";
+     }
+     &logthis('<font color="green"> Pushfile: backed up '
+ 	    .$tablefile." to $backupfile</font>");
+     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
+     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+     #  that possibilty.
+     if($filename eq "host") {
+ 	$contents = AdjustHostContents($contents);
+     }
+     #  Install the new file:
+     if(!InstallFile($tablefile, $contents)) {
+ 	&logthis('<font color="red"> Pushfile: unable to install '
+ 	 .$tablefile." $! </font>");
+ 	return "error:$!";
+     } else {
+ 	&logthis('<font color="green"> Installed new '.$tablefile
+ 		 ."</font>");
+     }
+     #  Indicate success:
+     return "ok";
+ }
+ #
+ #  Called to re-init either lonc or lond.
+ #
+ #  Parameters:
+ #    request   - The full request by the client.  This is of the form
+ #                reinit:<process>
+ #                where <process> is allowed to be either of
+ #                lonc or lond
+ #
+ #  Returns:
+ #     The string to be sent back to the client either:
+ #   ok         - Everything worked just fine.
+ #   error:why  - There was a failure and why describes the reason.
+ #
+ #
+ sub ReinitProcess {
+     my $request = shift;
+     # separate the request (reinit) from the process identifier and
+     # validate it producing the name of the .pid file for the process.
+     #
+     #
+     my ($junk, $process) = split(":", $request);
+     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
+     if($process eq 'lonc') {
+ 	$processpidfile = $processpidfile."lonc.pid";
+ 	if (!open(PIDFILE, "< $processpidfile")) {
+ 	    return "error:Open failed for $processpidfile";
+ 	}
+ 	my $loncpid = <PIDFILE>;
+ 	close(PIDFILE);
+ 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
+ 		."</font>");
+ 	kill("USR2", $loncpid);
+     } elsif ($process eq 'lond') {
+ 	logthis('<font color="red"> Reinitializing self (lond) </font>');
+ 	&UpdateHosts;			# Lond is us!!
+     } else {
+ 	&logthis('<font color="yellow" Invalid reinit request for '.$process
+ 		 ."</font>");
+ 	return "error:Invalid process identifier $process";
+     }
+     return 'ok';
+ }
+ #   Validate a line in a configuration file edit script:
+ #   Validation includes:
+ #     - Ensuring the command is valid.
+ #     - Ensuring the command has sufficient parameters
+ #   Parameters:
+ #     scriptline - A line to validate (\n has been stripped for what it's worth).
+ #
+ #   Return:
+ #      0     - Invalid scriptline.
+ #      1     - Valid scriptline
+ #  NOTE:
+ #     Only the command syntax is checked, not the executability of the
+ #     command.
+ #
+ sub isValidEditCommand {
+     my $scriptline = shift;
+     #   Line elements are pipe separated:
+     my ($command, $key, $newline)  = split(/\|/, $scriptline);
+     &logthis('<font color="green"> isValideditCommand checking: '.
+ 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
+     if ($command eq "delete") {
+ 	#
+ 	#   key with no newline.
+ 	#
+ 	if( ($key eq "") || ($newline ne "")) {
+ 	    return 0;		# Must have key but no newline.
+ 	} else {
+ 	    return 1;		# Valid syntax.
+ 	}
+     } elsif ($command eq "replace") {
+ 	#
+ 	#   key and newline:
+ 	#
+ 	if (($key eq "") || ($newline eq "")) {
+ 	    return 0;
+ 	} else {
+ 	    return 1;
+ 	}
+     } elsif ($command eq "append") {
+ 	if (($key ne "") && ($newline eq "")) {
+ 	    return 1;
+ 	} else {
+ 	    return 0;
+ 	}
+     } else {
+ 	return 0;		# Invalid command.
+     }
+     return 0;			# Should not get here!!!
+ }
+ #
+ #   ApplyEdit - Applies an edit command to a line in a configuration
+ #               file.  It is the caller's responsiblity to validate the
+ #               edit line.
+ #   Parameters:
+ #      $directive - A single edit directive to apply.
+ #                   Edit directives are of the form:
+ #                  append|newline      - Appends a new line to the file.
+ #                  replace|key|newline - Replaces the line with key value 'key'
+ #                  delete|key          - Deletes the line with key value 'key'.
+ #      $editor   - A config file editor object that contains the
+ #                  file being edited.
+ #
+ sub ApplyEdit {
+     my ($directive, $editor) = @_;
+     # Break the directive down into its command and its parameters
+     # (at most two at this point.  The meaning of the parameters, if in fact
+     #  they exist depends on the command).
+     my ($command, $p1, $p2) = split(/\|/, $directive);
+     if($command eq "append") {
+ 	$editor->Append($p1);	          # p1 - key p2 null.
+     } elsif ($command eq "replace") {
+ 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
+     } elsif ($command eq "delete") {
+ 	$editor->DeleteLine($p1);         # p1 - key p2 null.
+     } else {			          # Should not get here!!!
+ 	die "Invalid command given to ApplyEdit $command"
+     }
+ }
+ #
+ # AdjustOurHost:
+ #           Adjusts a host file stored in a configuration file editor object
+ #           for the true IP address of this host. This is necessary for hosts
+ #           that live behind a firewall.
+ #           Those hosts have a publicly distributed IP of the firewall, but
+ #           internally must use their actual IP.  We assume that a given
+ #           host only has a single IP interface for now.
+ # Formal Parameters:
+ #     editor   - The configuration file editor to adjust.  This
+ #                editor is assumed to contain a hosts.tab file.
+ # Strategy:
+ #    - Figure out our hostname.
+ #    - Lookup the entry for this host.
+ #    - Modify the line to contain our IP
+ #    - Do a replace for this host.
+ sub AdjustOurHost {
+     my $editor        = shift;
+     # figure out who I am.
+     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
+     #  Get my host file entry.
+     my $ConfigLine    = $editor->Find($myHostName);
+     if(! (defined $ConfigLine)) {
+ 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
+     }
+     # figure out my IP:
+     #   Use the config line to get my hostname.
+     #   Use gethostbyname to translate that into an IP address.
+     #
+     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
+     my $BinaryIp = gethostbyname($name);
+     my $ip       = inet_ntoa($ip);
+     #
+     #  Reassemble the config line from the elements in the list.
+     #  Note that if the loncnew items were not present before, they will
+     #  be now even if they would be empty
+     #
+     my $newConfigLine = $id;
+     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
+ 	$newConfigLine .= ":".$item;
+     }
+     #  Replace the line:
+     $editor->ReplaceLine($id, $newConfigLine);
+ }
+ #
+ #   ReplaceConfigFile:
+ #              Replaces a configuration file with the contents of a
+ #              configuration file editor object.
+ #              This is done by:
+ #              - Copying the target file to <filename>.old
+ #              - Writing the new file to <filename>.tmp
+ #              - Moving <filename.tmp>  -> <filename>
+ #              This laborious process ensures that the system is never without
+ #              a configuration file that's at least valid (even if the contents
+ #              may be dated).
+ #   Parameters:
+ #        filename   - Name of the file to modify... this is a full path.
+ #        editor     - Editor containing the file.
+ #
+ sub ReplaceConfigFile {
+     my ($filename, $editor) = @_;
+     CopyFile ($filename, $filename.".old");
+     my $contents  = $editor->Get(); # Get the contents of the file.
+     InstallFile($filename, $contents);
+ }
+ #
+ #
+ #   Called to edit a configuration table  file
+ #   Parameters:
+ #      request           - The entire command/request sent by lonc or lonManage
+ #   Return:
+ #      The reply to send to the client.
+ #
+ sub EditFile {
+     my $request = shift;
+     #  Split the command into it's pieces:  edit:filetype:script
+     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
+     #  Check the pre-coditions for success:
+     if($request != "edit") {	# Something is amiss afoot alack.
+ 	return "error:edit request detected, but request != 'edit'\n";
+     }
+     if( ($filetype ne "hosts")  &&
+ 	($filetype ne "domain")) {
+ 	return "error:edit requested with invalid file specifier: $filetype \n";
+     }
+     #   Split the edit script and check it's validity.
+     my @scriptlines = split(/\n/, $script);  # one line per element.
+     my $linecount   = scalar(@scriptlines);
+     for(my $i = 0; $i < $linecount; $i++) {
+ 	chomp($scriptlines[$i]);
+ 	if(!isValidEditCommand($scriptlines[$i])) {
+ 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
+ 	}
+     }
+     #   Execute the edit operation.
+     #   - Create a config file editor for the appropriate file and
+     #   - execute each command in the script:
+     #
+     my $configfile = ConfigFileFromSelector($filetype);
+     if (!(defined $configfile)) {
+ 	return "refused\n";
+     }
+     my $editor = ConfigFileEdit->new($configfile);
+     for (my $i = 0; $i < $linecount; $i++) {
+ 	ApplyEdit($scriptlines[$i], $editor);
+     }
+     # If the file is the host file, ensure that our host is
+     # adjusted to have our ip:
+     #
+     if($filetype eq "host") {
+ 	AdjustOurHost($editor);
+     }
+     #  Finally replace the current file with our file.
+     #
+     ReplaceConfigFile($configfile, $editor);
+     return "ok\n";
+ }
+ #---------------------------------------------------------------
+ #
+ # Manipulation of hash based databases (factoring out common code
+ # for later use as we refactor.
  #
  #  Ties a domain level resource file to a hash.
  #  If requested a history entry is created in the associated hist file.
- Line 178  sub isClient {
+ Line 955  sub isClient {
  #    Reference to a hash bound to the db file or alternatively undef
  #    if the tie failed.
  #
- sub TieDomainHash {
+ sub tie_domain_hash {
-     my $domain    = shift;
+     my ($domain,$namespace,$how,$loghead,$logtail) = @_;
-     my $namespace = shift;
-     my $how       = shift;
      # Filter out any whitespace in the domain name:
      $domain =~ s/\W//g;
      # We have enough to go on to tie the hash:
-     my $UserTopDir   = $perlvar('lonUsersDir');
+     my $user_top_dir   = $perlvar{'lonUsersDir'};
-     my $DomainDir    = $UserTopDir."/$domain";
+     my $domain_dir     = $user_top_dir."/$domain";
-     my $ResourceFile = $DomainDir."/$namespace.db";
+     my $resource_file  = $domain_dir."/$namespace.db";
      my %hash;
-     if(tie(%hash, 'GDBM_File', $ResourceFile, $how, 0640)) {
+     if(tie(%hash, 'GDBM_File', $resource_file, $how, 0640)) {
- 	if (scalar @_) {	# Need to log the operation.
+ 	if (defined($loghead)) {	# Need to log the operation.
- 	    my $logFh = IO::File->new(">>$DomainDir/$namespace.hist");
+ 	    my $logFh = IO::File->new(">>$domain_dir/$namespace.hist");
- 	    if($logFH) {
+ 	    if($logFh) {
- 		my $TimeStamp = time;
+ 		my $timestamp = time;
- 		my ($loghead, $logtail) = @_;
+ 		print $logFh "$loghead:$timestamp:$logtail\n";
- 		print $logFH "$loghead:$TimeStamp:$logtail\n";
  	    }
+ 	    $logFh->close;
  	}
  	return \%hash;		# Return the tied hash.
-     }
+     } else {
-     else {
  	return undef;		# Tie failed.
      }
  }
- Line 228  sub TieDomainHash {
+ Line 1002  sub TieDomainHash {
  #   hash to which the database is tied.  It's up to the caller to untie.
  #   undef if the has could not be tied.
  #
- sub TieUserHash {
+ sub tie_user_hash {
-   my $domain      = shift;
+     my ($domain,$user,$namespace,$how,$loghead,$what) = @_;
-   my $user        = shift;
-   my $namespace   = shift;
-   my $how         = shift;
-   $namespace=~s/\//\_/g;	# / -> _
-   $namespace=~s/\W//g;		# whitespace eliminated.
-   my $proname     = propath($domain, $user);
-   # If this is a namespace for which a history is kept,
-   # make the history log entry:
-   unless ($namespace =~/^nohist\_/ && (scalar @_ > 0)) {
-     my $hfh = IO::File->new(">>$proname/$namespace.hist");
-     if($hfh) {
-       my $now = time;
-       my $loghead  = shift;
-       my $what    = shift;
-       print $hfh "$loghead:$now:$what\n";
-     }
-   }
-   #  Tie the database.
-   my %hash;
-   if(tie(%hash, 'GDBM_FILE', "$proname/$namespace.db",
- 	 $how, 0640)) {
-     return \%hash;
-   }
-   else {
-     return undef;
-   }
- }
- #
- #   Get a Request:
- #   Gets a Request message from the client.  The transaction
- #   is defined as a 'line' of text.  We remove the new line
- #   from the text line.
- #
- sub GetRequest {
-     my $input = <$client>;
-     chomp($input);
-     Debug("Request = $input\n");
+     $namespace=~s/\//\_/g;	# / -> _
+     $namespace=~s/\W//g;		# whitespace eliminated.
-     &status('Processing '.$clientname.':'.$input);
+     my $proname     = propath($domain, $user);
-     return $input;
- }
- #
- #   Decipher encoded traffic
- #  Parameters:
- #     input      - Encoded data.
- #  Returns:
- #     Decoded data or undef if encryption key was not yet negotiated.
- #  Implicit input:
- #     cipher  - This global holds the negotiated encryption key.
- #
- sub Decipher {
-     my $input  = shift;
-     my $output = '';
-     if($cipher) {
+     #  Tie the database.
- 	my($enc, $enclength, $encinput) = split(/:/, $input);
- 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
+     my %hash;
- 	    $output .=
+     if(tie(%hash, 'GDBM_File', "$proname/$namespace.db",
- 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
+ 	   $how, 0640)) {
+ 	# If this is a namespace for which a history is kept,
+ 	# make the history log entry:
+ 	if (($namespace =~/^nohist\_/) && (defined($loghead))) {
+ 	    my $args = scalar @_;
+ 	    Debug(" Opening history: $namespace $args");
+ 	    my $hfh = IO::File->new(">>$proname/$namespace.hist");
+ 	    if($hfh) {
+ 		my $now = time;
+ 		print $hfh "$loghead:$now:$what\n";
+ 	    }
+ 	    $hfh->close;
  	}
- 	return substr($output, 0, $enclength);
+ 	return \%hash;
      } else {
  	return undef;
      }
- }
- #
- #   Register a command processor.  This function is invoked to register a sub
- #   to process a request.  Once registered, the ProcessRequest sub can automatically
- #   dispatch requests to an appropriate sub, and do the top level validity checking
- #   as well:
- #    - Is the keyword recognized.
- #    - Is the proper client type attempting the request.
- #    - Is the request encrypted if it has to be.
- #   Parameters:
- #    $RequestName         - Name of the request being registered.
- #                           This is the command request that will match
- #                           against the hash keywords to lookup the information
- #                           associated with the dispatch information.
- #    $Procedure           - Reference to a sub to call to process the request.
- #                           All subs get called as follows:
- #                             Procedure($cmd, $tail, $replyfd, $key)
- #                             $cmd    - the actual keyword that invoked us.
- #                             $tail   - the tail of the request that invoked us.
- #                             $replyfd- File descriptor connected to the client
- #    $MustEncode          - True if the request must be encoded to be good.
- #    $ClientOk            - True if it's ok for a client to request this.
- #    $ManagerOk           - True if it's ok for a manager to request this.
- # Side effects:
- #      - On success, the Dispatcher hash has an entry added for the key $RequestName
- #      - On failure, the program will die as it's a bad internal bug to try to
- #        register a duplicate command handler.
- #
- sub RegisterHandler {
-     my $RequestName    = shift;
-     my $Procedure      = shift;
-     my $MustEncode     = shift;
-     my $ClientOk       = shift;
-     my $ManagerOk      = shift;
-     #  Don't allow duplication#
-     if (defined $Dispatcher{$RequestName}) {
- 	die "Attempting to define a duplicate request handler for $RequestName\n";
-     }
-     #   Build the client type mask:
-     my $ClientTypeMask = 0;
-     if($ClientOk) {
- 	$ClientTypeMask  |= $CLIENT_OK;
-     }
-     if($ManagerOk) {
- 	$ClientTypeMask  |= $MANAGER_OK;
-     }
-     #  Enter the hash:
-     my @entry = ($Procedure, $MustEncode, $ClientTypeMask);
-     $Dispatcher{$RequestName} = \@entry;
  }
  #--------------------- Request Handlers --------------------------------------------
  #
- #   By convention each request handler registers itself prior to the sub declaration:
+ #   By convention each request handler registers itself prior to the sub
+ #   declaration:
  #
+ #++
+ #
  #  Handles ping requests.
  #  Parameters:
  #      $cmd    - the actual keyword that invoked us.
- Line 383  sub RegisterHandler {
+ Line 1055  sub RegisterHandler {
  #  Side effects:
  #      Reply information is sent to the client.
- sub PingHandler {
+ sub ping_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
+     Debug("$cmd $tail $client .. $currenthostid:");
-     my $client = shift;
      Reply( $client,"$currenthostid\n","$cmd:$tail");
      return 1;
  }
- RegisterHandler("ping", \&PingHandler, 0, 1, 1);       # Ping unencoded, client or manager.
+ &register_handler("ping", \&ping_handler, 0, 1, 1);       # Ping unencoded, client or manager.
+ #++
+ #
+ # Handles pong requests.  Pong replies with our current host id, and
+ #                         the results of a ping sent to us via our lonc.
  #
- # Handles pong reequests:
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 408  RegisterHandler("ping", \&PingHandler, 0
+ Line 1083  RegisterHandler("ping", \&PingHandler, 0
  #  Side effects:
  #      Reply information is sent to the client.
- sub PongHandler {
+ sub pong_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $reply=&reply("ping",$clientname);
-     Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
+     &Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("pong", \&PongHandler, 0, 1, 1);       # Pong unencoded, client or manager
+ &register_handler("pong", \&pong_handler, 0, 1, 1);       # Pong unencoded, client or manager
- #
+ #++
- #   EstablishKeyHandler:
  #      Called to establish an encrypted session key with the remote client.
- #
+ #      Note that with secure lond, in most cases this function is never
+ #      invoked.  Instead, the secure session key is established either
+ #      via a local file that's locked down tight and only lives for a short
+ #      time, or via an ssl tunnel...and is generated from a bunch-o-random
+ #      bits from /dev/urandom, rather than the predictable pattern used by
+ #      by this sub.  This sub is only used in the old-style insecure
+ #      key negotiation.
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 438  RegisterHandler("pong", \&PongHandler, 0
+ Line 1116  RegisterHandler("pong", \&PongHandler, 0
  #      Reply information is sent to the client.
  #      $cipher is set with a reference to a new IDEA encryption object.
  #
- sub EstablishKeyHandler {
+ sub establish_key_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail     = shift;
-     my $replyfd  = shift;
      my $buildkey=time.$$.int(rand 100000);
      $buildkey=~tr/1-6/A-F/;
- Line 454  sub EstablishKeyHandler {
+ Line 1130  sub EstablishKeyHandler {
      $key=substr($key,0,32);
      my $cipherkey=pack("H32",$key);
      $cipher=new IDEA $cipherkey;
-     Reply($replyfd, "$buildkey\n", "$cmd:$tail");
+     &Reply($replyfd, "$buildkey\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("ekey", \&EstablishKeyHandler, 0, 1,1);
+ &register_handler("ekey", \&establish_key_handler, 0, 1,1);
- #  LoadHandler:
  #     Handler for the load command.  Returns the current system load average
  #     to the requestor.
  #
- Line 478  RegisterHandler("ekey", \&EstablishKeyHa
+ Line 1154  RegisterHandler("ekey", \&EstablishKeyHa
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
- sub LoadHandler {
+ sub load_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
     # Get the load average from /proc/loadavg and calculate it as a percentage of
     # the allowed load limit as set by the perl global variable lonLoadLim
- Line 494  sub LoadHandler {
+ Line 1168  sub LoadHandler {
      my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
-     Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
+     &Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("load", \&LoadHandler, 0, 1, 0);
+ register_handler("load", \&load_handler, 0, 1, 0);
  #
  #   Process the userload request.  This sub returns to the client the current
- Line 521  RegisterHandler("load", \&LoadHandler, 0
+ Line 1194  RegisterHandler("load", \&LoadHandler, 0
  #  Implicit outputs:
  #     the reply is written to the client.
  #
- sub UserLoadHandler {
+ sub user_load_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $userloadpercent=&userload();
-     Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
+     &Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("userload", \&UserLoadHandler, 0, 1, 0);
+ register_handler("userload", \&user_load_handler, 0, 1, 0);
  #   Process a request for the authorization type of a user:
  #   (userauth).
- Line 546  RegisterHandler("userload", \&UserLoadHa
+ Line 1217  RegisterHandler("userload", \&UserLoadHa
  # Implicit outputs:
  #    The user authorization type is written to the client.
  #
- sub UserAuthorizationType {
+ sub user_authorization_type {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $userinput = "$cmd:$tail";
      #  Pull the domain and username out of the command tail.
-     # and call GetAuthType to determine the authentication type.
+     # and call get_auth_type to determine the authentication type.
      my ($udom,$uname)=split(/:/,$tail);
-     my $result = GetAuthType($udom, $uname);
+     my $result = &get_auth_type($udom, $uname);
      if($result eq "nouser") {
- 	Failure( $replyfd, "unknown_user\n", $userinput);
+ 	&Failure( $replyfd, "unknown_user\n", $userinput);
      } else {
  	#
- 	# We only want to pass the second field from GetAuthType
+ 	# We only want to pass the second field from get_auth_type
  	# for ^krb.. otherwise we'll be handing out the encrypted
  	# password for internals e.g.
  	#
- Line 570  sub UserAuthorizationType {
+ Line 1239  sub UserAuthorizationType {
  	if($type =~ /^krb/) {
  	    $type = $result;
  	}
- 	Reply( $replyfd, "$type\n", $userinput);
+ 	&Reply( $replyfd, "$type:\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("currentauth", \&UserAuthorizationType, 1, 1, 0);
+ &register_handler("currentauth", \&user_authorization_type, 1, 1, 0);
- #
  #   Process a request by a manager to push a hosts or domain table
  #   to us.  We pick apart the command and pass it on to the subs
  #   that already exist to do this.
- Line 591  RegisterHandler("currentauth", \&UserAut
+ Line 1260  RegisterHandler("currentauth", \&UserAut
  # Implicit Output:
  #    a reply is written to the client.
- sub PushFileHandler {
+ sub push_file_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
- Line 602  sub PushFileHandler {
+ Line 1269  sub PushFileHandler {
      # the code below is a hook to do further authentication (e.g. to resolve
      # spoofing).
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	# Now presumably we have the bona fides of both the peer host and the
  	# process making the request.
- 	my $reply = PushFile($userinput);
+ 	my $reply = &PushFile($userinput);
- 	Reply($client, "$reply\n", $userinput);
+ 	&Reply($client, "$reply\n", $userinput);
      } else {
- 	Failure( $client, "refused\n", $userinput);
+ 	&Failure( $client, "refused\n", $userinput);
      }
+     return 1;
  }
- RegisterHandler("pushfile", \&PushFileHandler, 1, 0, 1);
+ &register_handler("pushfile", \&push_file_handler, 1, 0, 1);
- Line 633  RegisterHandler("pushfile", \&PushFileHa
+ Line 1301  RegisterHandler("pushfile", \&PushFileHa
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub ReinitProcessHandler {
+ sub reinit_process_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	chomp($userinput);
- 	my $reply = ReinitProcess($userinput);
+ 	my $reply = &ReinitProcess($userinput);
- 	Reply( $client,  "$reply\n", $userinput);
+ 	&Reply( $client,  "$reply\n", $userinput);
      } else {
- 	Failure( $client, "refused\n", $userinput);
+ 	&Failure( $client, "refused\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("reinit", \&ReinitProcessHandler, 1, 0, 1);
+ &register_handler("reinit", \&reinit_process_handler, 1, 0, 1);
  #  Process the editing script for a table edit operation.
  #  the editing operation must be encrypted and requested by
- Line 667  RegisterHandler("reinit", \&ReinitProces
+ Line 1333  RegisterHandler("reinit", \&ReinitProces
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub EditTableHandler {
+ sub edit_table_handler {
-     my $command    = shift;
+     my ($command, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
      my $userinput = "$command:$tail";
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	my($filetype, $script) = split(/:/, $tail);
  	if (($filetype eq "hosts") ||
  	    ($filetype eq "domain")) {
  	    if($script ne "") {
- 		Reply($client,              # BUGBUG - EditFile
+ 		&Reply($client,              # BUGBUG - EditFile
- 		      EditFile($userinput), #   could fail.
+ 		      &EditFile($userinput), #   could fail.
  		      $userinput);
  	    } else {
- 		Failure($client,"refused\n",$userinput);
+ 		&Failure($client,"refused\n",$userinput);
  	    }
  	} else {
- 	    Failure($client,"refused\n",$userinput);
+ 	    &Failure($client,"refused\n",$userinput);
  	}
      } else {
- 	Failure($client,"refused\n",$userinput);
+ 	&Failure($client,"refused\n",$userinput);
      }
      return 1;
  }
- RegisterHandler("edit", \&EditTableHandler, 1, 0, 1);
+ register_handler("edit", \&edit_table_handler, 1, 0, 1);
  #
- Line 721  RegisterHandler("edit", \&EditTableHandl
+ Line 1385  RegisterHandler("edit", \&EditTableHandl
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub AuthenticateHandler {
+ sub authenticate_handler {
-     my $cmd        = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
      #  Regenerate the full input line
      my $userinput  = $cmd.":".$tail;
      #  udom    - User's domain.
      #  uname   - Username.
      #  upass   - User's password.
      my ($udom,$uname,$upass)=split(/:/,$tail);
-     Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
+     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
      chomp($upass);
-     $upass=unescape($upass);
+     $upass=&unescape($upass);
-     # Fetch the user authentication information:
+     my $pwdcorrect = &validate_user($udom, $uname, $upass);
+     if($pwdcorrect) {
-     my $realpasswd = GetAuthType($udom, $uname);
+ 	&Reply( $client, "authorized\n", $userinput);
-     if($realpasswd ne "nouser") { # nouser means no passwd file.
- 	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
- 	my $pwdcorrect=0;
- 	#
- 	#   Authenticate against password stored in the internal file.
- 	#
- 	Debug("Authenticating via $howpwd");
- 	if ($howpwd eq 'internal') {
- 	    &Debug("Internal auth");
- 	    $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
- 	    #
- 	    #   Authenticate against the unix password file.
- 	    #
- 	} elsif ($howpwd eq 'unix') {
- 	    &Debug("Unix auth");
- 	    if((getpwnam($uname))[1] eq "") { #no such user!
- 		$pwdcorrect = 0;
- 	    } else {
- 		$contentpwd=(getpwnam($uname))[1];
- 		my $pwauth_path="/usr/local/sbin/pwauth";
- 		unless ($contentpwd eq 'x') { # Not in shadow file.
- 		    $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
- 		} elsif (-e $pwauth_path) { # In shadow file so
- 		    open PWAUTH, "|$pwauth_path" or # use external program
- 			die "Cannot invoke authentication";
- 		    print PWAUTH "$uname\n$upass\n";
- 		    close PWAUTH;
- 		    $pwdcorrect=!$?;
- 		}
- 	    }
- 	    #
- 	    #   Authenticate against a Kerberos 4 server:
- 	    #
- 	} elsif ($howpwd eq 'krb4') {
- 	    my $null=pack("C",0);
- 	    unless ($upass=~/$null/) {
- 		my $krb4_error = &Authen::Krb4::get_pw_in_tkt($uname,
- 							      "",
- 							      $contentpwd,
- 							      'krbtgt',
- 							      $contentpwd,
-,
- 							      $upass);
- 		if (!$krb4_error) {
- 		    $pwdcorrect = 1;
- 		} else {
- 		    $pwdcorrect=0;
- 		    # log error if it is not a bad password
- 		    if ($krb4_error != 62) {
- 			&logthis('krb4:'.$uname.','.$contentpwd.','.
- 				 &Authen::Krb4::get_err_txt($Authen::Krb4::error));
- 		    }
- 		}
- 	    }
- 	    #
- 	    #   Authenticate against a Kerberos 5 server:
- 	    #
- 	} elsif ($howpwd eq 'krb5') {
- 	    my $null=pack("C",0);
- 	    unless ($upass=~/$null/) {
- 		my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
- 		my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
- 		my $krbserver=&Authen::Krb5::parse_name($krbservice);
- 		my $credentials=&Authen::Krb5::cc_default();
- 		$credentials->initialize($krbclient);
- 		my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,
- 									$krbserver,
- 									$upass,
- 									$credentials);
- 		$pwdcorrect = ($krbreturn == 1);
- 	    } else {
- 		$pwdcorrect=0;
- 	    }
- 	    #
- 	    #  Finally, the user may have written in an authentication module.
- 	    #  in that case, if requested, authenticate against it.
- 	    #
- 	} elsif ($howpwd eq 'localauth') {
- 	    $pwdcorrect=&localauth::localauth($uname,$upass,$contentpwd);
- 	}
  	#
- 	#   Successfully authorized.
+ 	#  Bad credentials: Failed to authorize
  	#
- 	if ($pwdcorrect) {
- 	    Reply( $client, "authorized\n", $userinput);
- 	    #
- 	    #  Bad credentials: Failed to authorize
- 	    #
- 	} else {
- 	    Failure( $client, "non_authorized\n", $userinput);
- 	}
- 	#  Used to be unknown_user but that allows crackers to
- 	#  distinguish between bad username and bad password so...
- 	#
      } else {
- 	Failure( $client, "non_authorized\n", $userinput);
+ 	&Failure( $client, "non_authorized\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("auth", \&AuthenticateHandler, 1, 1, 0);
+ register_handler("auth", \&authenticate_handler, 1, 1, 0);
  #
  #   Change a user's password.  Note that this function is complicated by
- Line 864  RegisterHandler("auth", \&AuthenticateHa
+ Line 1438  RegisterHandler("auth", \&AuthenticateHa
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub ChangePasswordHandler {
+ sub change_password_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput = $cmd.":".$tail;           # Reconstruct client's string.
      #
- Line 878  sub ChangePasswordHandler {
+ Line 1450  sub ChangePasswordHandler {
      #  npass - New password.
      my ($udom,$uname,$upass,$npass)=split(/:/,$tail);
-     chomp($npass);
      $upass=&unescape($upass);
      $npass=&unescape($npass);
      &Debug("Trying to change password for $uname");
-     my $realpasswd  = GetAuthType($udom, $uname);
-     if ($realpasswd ne "nouser") {
+     # First require that the user can be authenticated with their
+     # old password:
+     my $validated = &validate_user($udom, $uname, $upass);
+     if($validated) {
+ 	my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.
  	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
  	if ($howpwd eq 'internal') {
  	    &Debug("internal auth");
- 	    if (crypt($upass,$contentpwd) eq $contentpwd) {
+ 	    my $salt=time;
- 		my $salt=time;
+ 	    $salt=substr($salt,6,2);
- 		$salt=substr($salt,6,2);
+ 	    my $ncpass=crypt($npass,$salt);
- 		my $ncpass=crypt($npass,$salt);
+ 	    if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
- 		if(RewritePwFile($udom, $uname, "internal:$ncpass")) {
+ 		&logthis("Result of password change for "
- 		    &logthis("Result of password change for "
+ 			 ."$uname: pwchange_success");
- 			     ."$uname: pwchange_success");
+ 		&Reply($client, "ok\n", $userinput);
- 		    Reply($client, "ok\n", $userinput);
- 		} else {
- 		    &logthis("Unable to open $uname passwd "
- 			     ."to change password");
- 		    Failure( $client, "non_authorized\n",$userinput);
- 		}
  	    } else {
- 		Failure($client, "non_authorized\n", $userinput);
+ 		&logthis("Unable to open $uname passwd "
+ 			 ."to change password");
+ 		&Failure( $client, "non_authorized\n",$userinput);
  	    }
  	} elsif ($howpwd eq 'unix') {
  	    # Unix means we have to access /etc/password
- 	    # one way or another.
- 	    # First: Make sure the current password is
- 	    #        correct
  	    &Debug("auth is unix");
- 	    $contentpwd=(getpwnam($uname))[1];
+ 	    my $execdir=$perlvar{'lonDaemons'};
- 	    my $pwdcorrect = "0";
+ 	    &Debug("Opening lcpasswd pipeline");
- 	    my $pwauth_path="/usr/local/sbin/pwauth";
+ 	    my $pf = IO::File->new("|$execdir/lcpasswd > "
- 	    unless ($contentpwd eq 'x') {
+ 				   ."$perlvar{'lonDaemons'}"
- 		$pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
+ 				   ."/logs/lcpasswd.log");
- 	    } elsif (-e $pwauth_path) {
+ 	    print $pf "$uname\n$npass\n$npass\n";
- 		open PWAUTH, "|$pwauth_path" or
+ 	    close $pf;
- 		    die "Cannot invoke authentication";
+ 	    my $err = $?;
- 		print PWAUTH "$uname\n$upass\n";
+ 	    my $result = ($err>0 ? 'pwchange_failure' : 'ok');
- 		close PWAUTH;
+ 	    &logthis("Result of password change for $uname: ".
- 		&Debug("exited pwauth with $? ($uname,$upass) ");
+ 		     &lcpasswdstrerror($?));
- 		$pwdcorrect=($? == 0);
+ 	    &Reply($client, "$result\n", $userinput);
- 	    }
- 	    if ($pwdcorrect) {
- 		my $execdir=$perlvar{'lonDaemons'};
- 		&Debug("Opening lcpasswd pipeline");
- 		my $pf = IO::File->new("|$execdir/lcpasswd > "
- 				       ."$perlvar{'lonDaemons'}"
- 				       ."/logs/lcpasswd.log");
- 		print $pf "$uname\n$npass\n$npass\n";
- 		close $pf;
- 		my $err = $?;
- 		my $result = ($err>0 ? 'pwchange_failure' : 'ok');
- 		&logthis("Result of password change for $uname: ".
- 			 &lcpasswdstrerror($?));
- 		Reply($client, "$result\n", $userinput);
- 	    } else {
- 		Reply($client, "non_authorized\n", $userinput);
- 	    }
  	} else {
  	    # this just means that the current password mode is not
  	    # one we know how to change (e.g the kerberos auth modes or
  	    # locally written auth handler).
  	    #
- 	    Reply( $client, "auth_mode_error\n", $userinput);
+ 	    &Failure( $client, "auth_mode_error\n", $userinput);
  	}
      } else {
- 	#  used to be unknonw user but that gives out too much info..
+ 	&Failure( $client, "non_authorized\n", $userinput);
- 	#  so make it the same as if the initial passwd was bad.
- 	#
- 	Reply( $client, "non_authorized\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("passwd", \&ChangePasswordHandler, 1, 1, 0);
+ register_handler("passwd", \&change_password_handler, 1, 1, 0);
  #
  #   Create a new user.  User in this case means a lon-capa user.
- Line 971  RegisterHandler("passwd", \&ChangePasswo
+ Line 1525  RegisterHandler("passwd", \&ChangePasswo
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub AddUserHandler {
+ sub add_user_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
      my $userinput = $cmd.":".$tail; # Reconstruct the full request line.
- Line 987  sub AddUserHandler {
+ Line 1541  sub AddUserHandler {
  	my $oldumask=umask(0077);
  	chomp($npass);
  	$npass=&unescape($npass);
- 	my $passfilename  = PasswordPath($udom, $uname);
+ 	my $passfilename  = &password_path($udom, $uname);
  	&Debug("Password file created will be:".$passfilename);
  	if (-e $passfilename) {
- 	    Failure( $client, "already_exists\n", $userinput);
+ 	    &Failure( $client, "already_exists\n", $userinput);
  	} else {
  	    my @fpparts=split(/\//,$passfilename);
  	    my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
- Line 998  sub AddUserHandler {
+ Line 1552  sub AddUserHandler {
  	    for (my $i=3;$i<= ($#fpparts-1);$i++) {
  		$fpnow.='/'.$fpparts[$i];
  		unless (-e $fpnow) {
+ 		    &logthis("mkdir $fpnow");
  		    unless (mkdir($fpnow,0777)) {
  			$fperror="error: ".($!+0)." mkdir failed while attempting "
  			    ."makeuser";
- Line 1006  sub AddUserHandler {
+ Line 1561  sub AddUserHandler {
  	    }
  	    unless ($fperror) {
  		my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
- 		Reply($client, $result, $userinput);     #BUGBUG - could be fail
+ 		&Reply($client, $result, $userinput);     #BUGBUG - could be fail
  	    } else {
- 		Failure($client, "$fperror\n", $userinput);
+ 		&Failure($client, "$fperror\n", $userinput);
  	    }
  	}
  	umask($oldumask);
      }  else {
- 	Failure($client, "not_right_domain\n",
+ 	&Failure($client, "not_right_domain\n",
  		$userinput);	# Even if we are multihomed.
      }
      return 1;
  }
- RegisterHandler("makeuser", \&AddUserHandler, 1, 1, 0);
+ &register_handler("makeuser", \&add_user_handler, 1, 1, 0);
  #
  #   Change the authentication method of a user.  Note that this may
- Line 1044  RegisterHandler("makeuser", \&AddUserHan
+ Line 1599  RegisterHandler("makeuser", \&AddUserHan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub ChangeAuthenticationHandler {
+ sub change_authentication_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my $userinput  = "$cmd:$tail";              # Reconstruct user input.
      my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
      &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
      if ($udom ne $currentdomainid) {
- 	Failure( $client, "not_right_domain\n", $client);
+ 	&Failure( $client, "not_right_domain\n", $client);
      } else {
  	chomp($npass);
  	$npass=&unescape($npass);
- 	my $passfilename = PasswordPath($udom, $uname);
+ 	my $passfilename = &password_path($udom, $uname);
  	if ($passfilename) {	# Not allowed to create a new user!!
  	    my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
- 	    Reply($client, $result, $userinput);
+ 	    &Reply($client, $result, $userinput);
  	} else {
- 	    Failure($client, "non_authorized", $userinput); # Fail the user now.
+ 	    &Failure($client, "non_authorized", $userinput); # Fail the user now.
  	}
      }
      return 1;
  }
- RegisterHandler("changeuserauth", \&ChangeAuthenticationHandler, 1,1, 0);
+ &register_handler("changeuserauth", \&change_authentication_handler, 1,1, 0);
  #
  #   Determines if this is the home server for a user.  The home server
- Line 1088  RegisterHandler("changeuserauth", \&Chan
+ Line 1642  RegisterHandler("changeuserauth", \&Chan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub IsHomeHandler {
+ sub is_home_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput  = "$cmd:$tail";
      my ($udom,$uname)=split(/:/,$tail);
      chomp($uname);
-     my $passfile = PasswordPath($udom, $uname);
+     my $passfile = &password_filename($udom, $uname);
      if($passfile) {
- 	Reply( $client, "found\n", $userinput);
+ 	&Reply( $client, "found\n", $userinput);
      } else {
- 	Failure($client, "not_found\n", $userinput);
+ 	&Failure($client, "not_found\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("home", \&IsHomeHandler, 0,1,0);
+ &register_handler("home", \&is_home_handler, 0,1,0);
  #
  #   Process an update request for a resource?? I think what's going on here is
  #   that a resource has been modified that we hold a subscription to.
- Line 1128  RegisterHandler("home", \&IsHomeHandler,
+ Line 1681  RegisterHandler("home", \&IsHomeHandler,
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub UpdateResourceHandler {
+ sub update_resource_handler {
-     my $cmd    = shift;
-     my $tail   = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my $fname=$tail;
+     my $fname= $tail;		# This allows interactive testing
      my $ownership=ishome($fname);
      if ($ownership eq 'not_owner') {
  	if (-e $fname) {
- Line 1177  sub UpdateResourceHandler {
+ Line 1731  sub UpdateResourceHandler {
  		    rename($transname,$fname);
  		}
  	    }
- 	    Reply( $client, "ok\n", $userinput);
+ 	    &Reply( $client, "ok\n", $userinput);
  	} else {
- 	    Failure($client, "not_found\n", $userinput);
+ 	    &Failure($client, "not_found\n", $userinput);
  	}
      } else {
- 	Failure($client, "rejected\n", $userinput);
+ 	&Failure($client, "rejected\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("update", \&UpdateResourceHandler, 0 ,1, 0);
+ &register_handler("update", \&update_resource_handler, 0 ,1, 0);
  #
  #   Fetch a user file from a remote server:
- Line 1198  RegisterHandler("update", \&UpdateResour
+ Line 1752  RegisterHandler("update", \&UpdateResour
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub FetchUserFileHandler {
+ sub fetch_user_file_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my $userinput = "$cmd:$tail";
      my $fname           = $tail;
      my ($udom,$uname,$ufile)=split(/\//,$fname);
-     my $udir=propath($udom,$uname).'/userfiles';
+     my $udir=&propath($udom,$uname).'/userfiles';
      unless (-e $udir) {
  	mkdir($udir,0770);
      }
- Line 1228  sub FetchUserFileHandler {
+ Line 1781  sub FetchUserFileHandler {
  	    unlink($transname);
  	    my $message=$response->status_line;
  	    &logthis("LWP GET: $message for $fname ($remoteurl)");
- 	    Failure($client, "failed\n", $userinput);
+ 	    &Failure($client, "failed\n", $userinput);
  	} else {
  	    if (!rename($transname,$destname)) {
  		&logthis("Unable to move $transname to $destname");
  		unlink($transname);
- 		Failure($client, "failed\n", $userinput);
+ 		&Failure($client, "failed\n", $userinput);
  	    } else {
- 		Reply($client, "ok\n", $userinput);
+ 		&Reply($client, "ok\n", $userinput);
  	    }
  	}
      } else {
- 	Failure($client, "not_home\n", $userinput);
+ 	&Failure($client, "not_home\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0);
+ &register_handler("fetchuserfile", \&fetch_user_file_handler, 0, 1, 0);
- #
- #   Authenticate access to a user file.  Question?   The token for athentication
- #   is allowed to be sent as cleartext is this really what we want?  This token
- #   represents the user's session id.  Once it is forged does this allow too much
- #   access??
- #
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
- sub AuthenticateUserFileAccess {
-     my $cmd       = shift;
-     my $tail      = shift;
-     my $client    = shift;
-     my $userinput = "$cmd:$tail";
-     my ($fname,$session)=split(/:/,$tail);
+ #---------------------------------------------------------------
-     chomp($session);
-     my $reply='non_auth';
-     if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.$session.'.id')) {
- 	while (my $line=<ENVIN>) {
- 	    if ($line=~/userfile\.$fname\=/) {
- 		$reply='ok';
- 	    }
- 	}
- 	close(ENVIN);
- 	Reply($client, $reply."\n", $userinput);
-     } else {
- 	Failure($client, "invalid_token\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("tokenauthuserfile", \&AuthenticateUserFileAccess, 0, 1, 0);
  #
- #   Unsubscribe from a resource.
+ #   Getting, decoding and dispatching requests:
  #
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
- #
- sub UnsubscribeHandler {
-     my $cmd      = shift;
-     my $tail     = shift;
-     my $client   = shift;
-     my $userinput= "$cmd:$tail";
-     my $fname = $tail;
-     if (-e $fname) {
- 	Reply($client, &unsub($client,$fname,$clientip), $userinput);
-     } else {
- 	Failure($client, "not_found\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("unusb", \&UnsubscribeHandler, 0, 1, 0);
- #   Subscribe to a resource.
- #
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
  #
- sub SubscribeHandler {
+ #   Get a Request:
-     my $cmd        = shift;
+ #   Gets a Request message from the client.  The transaction
-     my $tail       = shift;
+ #   is defined as a 'line' of text.  We remove the new line
-     my $client     = shift;
+ #   from the text line.
-     my $userinput  = "$cmd:$tail";
+ #
+ sub get_request {
+     my $input = <$client>;
+     chomp($input);
+ j
+     Debug("get_request: Request = $input\n");
-     Reply( $client, &subscribe($userinput,$clientip), $userinput);
+     &status('Processing '.$clientname.':'.$input);
-     return 1;
+     return $input;
  }
- RegisterHandler("sub", \&SubscribeHandler, 0, 1, 0);
+ #---------------------------------------------------------------
  #
- #   Determine the version of a resource (?) Or is it return
+ #  Process a request.  This sub should shrink as each action
- #   the top version of the resource?  Not yet clear from the
+ #  gets farmed out into a separat sub that is registered
- #   code in currentversion.
+ #  with the dispatch hash.
  #
  # Parameters:
- #    $cmd      - The command that got us here.
+ #    user_input   - The request received from the client (lonc).
- #    $tail     - Tail of the command (remaining parameters).
+ # Returns:
- #    $client   - File descriptor connected to client.
+ #    true to keep processing, false if caller should exit.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
  #
- sub CurrentVersionHandler {
+ sub process_request {
-     my $cmd      = shift;
+     my ($userinput) = @_;      # Easier for now to break style than to
-     my $tail     = shift;
+                                 # fix all the userinput -> user_input.
-     my $client   = shift;
+     my $wasenc    = 0;		# True if request was encrypted.
-     my $userinput= "$cmd:$tail";
+ # ------------------------------------------------------------ See if encrypted
+     if ($userinput =~ /^enc/) {
-     my $fname   = $tail;
+ 	$userinput = decipher($userinput);
-     Reply( $client, &currentversion($fname)."\n", $userinput);
+ 	$wasenc=1;
-     return 1;
+ 	if(!$userinput) {	# Cipher not defined.
+ 	    &Failure($client, "error: Encrypted data without negotated key");
+ 	    return 0;
+ 	}
+     }
+     Debug("process_request: $userinput\n");
+     #
+     #   The 'correct way' to add a command to lond is now to
+     #   write a sub to execute it and Add it to the command dispatch
+     #   hash via a call to register_handler..  The comments to that
+     #   sub should give you enough to go on to show how to do this
+     #   along with the examples that are building up as this code
+     #   is getting refactored.   Until all branches of the
+     #   if/elseif monster below have been factored out into
+     #   separate procesor subs, if the dispatch hash is missing
+     #   the command keyword, we will fall through to the remainder
+     #   of the if/else chain below in order to keep this thing in
+     #   working order throughout the transmogrification.
- }
+     my ($command, $tail) = split(/:/, $userinput, 2);
- RegisterHandler("currentversion", \&CurrentVersionHandler, 0, 1, 0);
+     chomp($command);
+     chomp($tail);
+     $tail =~ s/(\r)//;		# This helps people debugging with e.g. telnet.
+     $command =~ s/(\r)//;	# And this too for parameterless commands.
+     if(!$tail) {
+ 	$tail ="";		# defined but blank.
+     }
+     &Debug("Command received: $command, encoded = $wasenc");
- #  Make an entry in a user's activity log.
+     if(defined $Dispatcher{$command}) {
- #
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
- #
- sub ActivityLogEntryHandler {
-     my $cmd      = shift;
-     my $tail     = shift;
-     my $client   = shift;
-     my $userinput= "$cmd:$tail";
-     my ($udom,$uname,$what)=split(/:/,$tail);
+ 	my $dispatch_info = $Dispatcher{$command};
-     chomp($what);
+ 	my $handler       = $$dispatch_info[0];
-     my $proname=propath($udom,$uname);
+ 	my $need_encode   = $$dispatch_info[1];
-     my $now=time;
+ 	my $client_types  = $$dispatch_info[2];
-     my $hfh;
+ 	Debug("Matched dispatch hash: mustencode: $need_encode "
-     if ($hfh=IO::File->new(">>$proname/activity.log")) {
+ 	      ."ClientType $client_types");
- 	print $hfh "$now:$clientname:$what\n";
- 	Reply( $client, "ok\n", $userinput);
+ 	#  Validate the request:
-     } else {
- 	Failure($client, "error: ".($!+0)." IO::File->new Failed "
+ 	my $ok = 1;
- 	      ."while attempting log\n",
+ 	my $requesterprivs = 0;
- 	      $userinput);
+ 	if(&isClient()) {
-     }
+ 	    $requesterprivs |= $CLIENT_OK;
+ 	}
+ 	if(&isManager()) {
+ 	    $requesterprivs |= $MANAGER_OK;
+ 	}
+ 	if($need_encode && (!$wasenc)) {
+ 	    Debug("Must encode but wasn't: $need_encode $wasenc");
+ 	    $ok = 0;
+ 	}
+ 	if(($client_types & $requesterprivs) == 0) {
+ 	    Debug("Client not privileged to do this operation");
+ 	    $ok = 0;
+ 	}
-     return 1;
+ 	if($ok) {
- }
+ 	    Debug("Dispatching to handler $command $tail");
- RegisterHandler("log", \&ActivityLogEntryHandler, 0, 1, 0);
+ 	    my $keep_going = &$handler($command, $tail, $client);
- #
+ 	    return $keep_going;
- #   Put a namespace entry in a user profile hash.
+ 	} else {
- #   My druthers would be for this to be an encrypted interaction too.
+ 	    Debug("Refusing to dispatch because client did not match requirements");
- #   anything that might be an inadvertent covert channel about either
+ 	    Failure($client, "refused\n", $userinput);
- #   user authentication or user personal information....
+ 	    return 1;
- #
+ 	}
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
- #
- sub PutUserProfileEntry {
-     my $cmd       = shift;
-     my $tail      = shift;
-     my $client    = shift;
-     my $userinput = "$cmd:$tail";
-     my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
+     }
-     if ($namespace ne 'roles') {
-        chomp($what);
-        my $hashref = TieUserHash($udom, $uname, $namespace,
- 				     &GDBM_WRCREAT(),"P",$what);
-        if($hashref) {
- 	 my @pairs=split(/\&/,$what);
- 	 foreach my $pair (@pairs) {
- 	    my ($key,$value)=split(/=/,$pair);
- 	    $hashref->{$key}=$value;
- 	  }
- 	  if (untie(%$hashref)) {
- 	     Reply( $client, "ok\n", $userinput);
- 	  } else {
- 	     Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
- 		     "while attempting put\n",
- 		     $userinput);
- 	  }
-        } else {
- 	  Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
- 		   "while attempting put\n", $userinput);
-        }
-      } else {
-         Failure( $client, "refused\n", $userinput);
-      }
-      return 1;
- }
- RegisterHandler("put", \&PutUserProfileEntry, 0, 1, 0);
- #
+ #------------------- Commands not yet in spearate handlers. --------------
- #   Increment a profile entry in the user history file.
- #   The history contains keyword value pairs.  In this case,
- #   The value itself is a pair of numbers.  The first, the current value
- #   the second an increment that this function applies to the current
- #   value.
- #
- # Parameters:
- #    $cmd      - The command that got us here.
- #    $tail     - Tail of the command (remaining parameters).
- #    $client   - File descriptor connected to client.
- # Returns
- #     0        - Requested to exit, caller should shut down.
- #     1        - Continue processing.
- #
- sub IncrementUserValueHandler {
-     my $cmd         = shift;
-     my $tail        = shift;
-     my $client      = shift;
-     my $userinput   = "$cmd:$tail";
-     my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
-     if ($namespace ne 'roles') {
-         chomp($what);
- 	my $hashref = TieUserHash($udom, $uname,
- 				      $namespace, &GDBM_WRCREAT(),
- 				      "P",$what);
- 	if ($hashref) {
- 	   my @pairs=split(/\&/,$what);
- 	   foreach my $pair (@pairs) {
- 	     my ($key,$value)=split(/=/,$pair);
- 	     # We could check that we have a number...
- 	     if (! defined($value) || $value eq '') {
- 	        $value = 1;
- 	     }
- 	     $hashref->{$key}+=$value;
- 	   }
- 	   if (untie(%$hashref)) {
- 	      Reply( $client, "ok\n", $userinput);
- 	   } else {
- 	      Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
- 		      "while attempting inc\n", $userinput);
- 	   }
- 	 } else {
- 	   Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		   "while attempting inc\n", $userinput);
- 	 }
-       } else {
- 	 Failure($client, "refused\n", $userinput);
-       }
-     return 1;
- }
- RegisterHandler("inc", \&IncrementUserValueHandler, 0, 1, 0);
- #
- #   Put a new role for a user.  Roles are LonCAPA's packaging of permissions.
- #   Each 'role' a user has implies a set of permissions.  Adding a new role
- #   for a person grants the permissions packaged with that role
- #   to that user when the role is selected.
- #
- # Parameters:
- #    $cmd       - The command string (rolesput).
- #    $tail      - The remainder of the request line.  For rolesput this
- #                 consists of a colon separated list that contains:
- #                 The domain and user that is granting the role (logged).
- #                 The domain and user that is getting the role.
- #                 The roles being granted as a set of & separated pairs.
- #                 each pair a key value pair.
- #    $client    - File descriptor connected to the client.
- # Returns:
- #     0         - If the daemon should exit
- #     1         - To continue processing.
- #
- #
- sub RolesPutHandler {
-     my $cmd        = shift;
-     my $tail       = shift;
-     my $client     = shift;
-     my $userinput  = "$cmd:$tail";
-     my ($exedom,$exeuser,$udom,$uname,$what)   =split(/:/,$tail);
-     &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
+ # --------------------------------------------------------- remove a user file
- 	   "what = ".$what);
+    if ($userinput =~ /^removeuserfile/) { # Client clear or enc.
-     my $namespace='roles';
+ 	if(isClient) {
-     chomp($what);
+ 	    my ($cmd,$fname)=split(/:/,$userinput);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+ 	    my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
- 				  &GDBM_WRCREAT(), "P",
+ 	    &logthis("$udom - $uname - $ufile");
- 				  "$exedom:$exeuser:$what");
+ 	    if ($ufile =~m|/\.\./|) {
-     #
+ 		# any files paths with /../ in them refuse
-     #  Log the attempt to set a role.  The {}'s here ensure that the file
+ 		# to deal with
-     #  handle is open for the minimal amount of time.  Since the flush
+ 		print $client "refused\n";
-     #  is done on close this improves the chances the log will be an un-
+ 	    } else {
-     #  corrupted ordered thing.
+ 		my $udir=propath($udom,$uname);
-     if ($hashref) {
+ 		if (-e $udir) {
- 	my @pairs=split(/\&/,$what);
+ 		    my $file=$udir.'/userfiles/'.$ufile;
- 	foreach my $pair (@pairs) {
+ 		    if (-e $file) {
- 	    my ($key,$value)=split(/=/,$pair);
+ 			unlink($file);
- 	    &ManagePermissions($key, $udom, $uname,
+ 			if (-e $file) {
- 			       &GetAuthType( $udom, $uname));
+ 			    print $client "failed\n";
- 	    $hashref->{$key}=$value;
+ 			} else {
+ 			    print $client "ok\n";
+ 			}
+ 		    } else {
+ 			print $client "not_found\n";
+ 		    }
+ 		} else {
+ 		    print $client "not_home\n";
+ 		}
+ 	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if (untie($hashref)) {
+ # ------------------------------------------ authenticate access to a user file
- 	    Reply($client, "ok\n", $userinput);
+     } elsif ($userinput =~ /^tokenauthuserfile/) { # Client only
+ 	if(isClient) {
+ 	    my ($cmd,$fname,$session)=split(/:/,$userinput);
+ 	    chomp($session);
+ 	    my $reply='non_auth';
+ 	    if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
+ 		     $session.'.id')) {
+ 		while (my $line=<ENVIN>) {
+ 		    if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; }
+ 			    }
+ 		close(ENVIN);
+ 		print $client $reply."\n";
+ 	    } else {
+ 		print $client "invalid_token\n";
+ 	    }
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		     "while attempting rolesput\n", $userinput);
  	}
-     } else {
+ # ----------------------------------------------------------------- unsubscribe
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^unsub/) {
- 		 "while attempting rolesput\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$fname)=split(/:/,$userinput);
-     return 1;
+ 	    if (-e $fname) {
- }
+ 		print $client &unsub($fname,$clientip);
- RegisterHandler("rolesput", \&RolesPutHandler, 1,1,0);  # Encoded client only.
+ 	    } else {
- #
+ 		print $client "not_found\n";
- #   Deletes (removes) a role for a user.   This is equivalent to removing
+ 	    }
- #  a permissions package associated with the role from the user's profile.
- #
- # Parameters:
- #     $cmd                 - The command (rolesdel)
- #     $tail                - The remainder of the request line. This consists
- #                             of:
- #                             The domain and user requesting the change (logged)
- #                             The domain and user being changed.
- #                             The roles being revoked.  These are shipped to us
- #                             as a bunch of & separated role name keywords.
- #     $client              - The file handle open on the client.
- # Returns:
- #     1                    - Continue processing
- #     0                    - Exit.
- #
- sub RolesDeleteHandler {
-     my $cmd          = shift;
-     my $tail         = shift;
-     my $client       = shift;
-     my $userinput    = "$cmd:$tail";
-     my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
-     &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
- 	   "what = ".$what);
-     my $namespace='roles';
-     chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
- 				  &GDBM_WRCREAT(), "D",
- 				  "$exedom:$exeuser:$what");
-     if ($hashref) {
-        my @rolekeys=split(/\&/,$what);
-        foreach my $key (@rolekeys) {
- 	  delete $hashref->{$key};
-        }
-        if (untie(%$hashref)) {
- 	  Reply($client, "ok\n", $userinput);
- 	} else {
- 	   Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
- 		    "while attempting rolesdel\n", $userinput);
- 	}
-      } else {
-         Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		 "while attempting rolesdel\n", $userinput);
-      }
-     return 1;
- }
- RegisterHandler("rolesdel", \&RolesDeleteHandler, 1,1, 0); # Encoded client only
- # Unencrypted get from a user's profile database.  See
- # GetProfileEntryEncrypted for a version that does end-to-end encryption.
- # This function retrieves a keyed item from a specific named database in the
- # user's directory.
- #
- # Parameters:
- #   $cmd             - Command request keyword (get).
- #   $tail            - Tail of the command.  This is a colon separated list
- #                      consisting of the domain and username that uniquely
- #                      identifies the profile,
- #                      The 'namespace' which selects the gdbm file to
- #                      do the lookup in,
- #                      & separated list of keys to lookup.  Note that
- #                      the values are returned as an & separated list too.
- #   $client          - File descriptor open on the client.
- # Returns:
- #   1       - Continue processing.
- #   0       - Exit.
- #
- sub GetProfileEntry {
-     my $cmd      = shift;
-     my $tail     = shift;
-     my $client   = shift;
-     my $userinput= "$cmd:$tail";
-     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
-     chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
- 				 &GDBM_READER());
-     if ($hashref) {
-         my @queries=split(/\&/,$what);
-         my $qresult='';
- 	for (my $i=0;$i<=$#queries;$i++) {
- 	    $qresult.="$hashref->{$queries[$i]}&";    # Presumably failure gives empty string.
- 	}
- 	$qresult=~s/\&$//;              # Remove trailing & from last lookup.
- 	if (untie(%$hashref)) {
- 	    Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting get\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------- subscribe
- 	if ($!+0 == 2) {               # +0 coerces errno -> number 2 is ENOENT
+     } elsif ($userinput =~ /^sub/) {
- 	    Failure($client, "error:No such file or ".
+ 	if(isClient) {
- 		    "GDBM reported bad block error\n", $userinput);
+ 	    print $client &subscribe($userinput,$clientip);
- 	} else {                        # Some other undifferentiated err.
+ 	} else {
- 	    Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting get\n", $userinput);
  	}
-     }
+ # ------------------------------------------------------------- current version
-     return 1;
+     } elsif ($userinput =~ /^currentversion/) {
- }
+ 	if(isClient) {
- RegisterHandler("get", \&GetProfileEntry, 0,1,0);
+ 	    my ($cmd,$fname)=split(/:/,$userinput);
- #
+ 	    print $client &currentversion($fname)."\n";
- #  Process the encrypted get request.  Note that the request is sent
+ 	} else {
- #  in clear, but the reply is encrypted.  This is a small covert channel:
+ 	    Reply($client, "refused\n", $userinput);
- #  information about the sensitive keys is given to the snooper.  Just not
- #  information about the values of the sensitive key.  Hmm if I wanted to
+ 	}
- #  know these I'd snoop for the egets. Get the profile item names from them
+ # ------------------------------------------------------------------------- log
- #  and then issue a get for them since there's no enforcement of the
+     } elsif ($userinput =~ /^log/) {
- #  requirement of an encrypted get for particular profile items.  If I
+ 	if(isClient) {
- #  were re-doing this, I'd force the request to be encrypted as well as the
+ 	    my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
- #  reply.  I'd also just enforce encrypted transactions for all gets since
+ 	    chomp($what);
- #  that would prevent any covert channel snooping.
+ 	    my $proname=propath($udom,$uname);
- #
+ 	    my $now=time;
- #  Parameters:
+ 	    {
- #     $cmd               - Command keyword of request (eget).
+ 		my $hfh;
- #     $tail              - Tail of the command.  See GetProfileEntry
#                          for more information about this.
+ 		if ($hfh=IO::File->new(">>$proname/activity.log")) {
- #     $client            - File open on the client.
+ 		    print $hfh "$now:$clientname:$what\n";
- #  Returns:
+ 		    print $client "ok\n";
- #     1      - Continue processing
+ 		} else {
- #     0      - server should exit.
+ 		    print $client "error: ".($!+0)
- sub GetProfileEntryEncrypted {
+ 			." IO::File->new Failed "
-     my $cmd       = shift;
+ 			."while attempting log\n";
-     my $tail      = shift;
-     my $client    = shift;
-     my $userinput = "$cmd:$tail";
-     my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
-     chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
- 				  &GDBM_READER());
-     if ($hashref) {
-         my @queries=split(/\&/,$what);
-         my $qresult='';
- 	for (my $i=0;$i<=$#queries;$i++) {
- 	    $qresult.="$hashref->{$queries[$i]}&";
- 	}
- 	if (untie(%$hashref)) {
- 	    $qresult=~s/\&$//;
- 	    if ($cipher) {
- 		my $cmdlength=length($qresult);
- 		$qresult.="         ";
- 		my $encqresult='';
- 		for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
- 		    $encqresult.= unpack("H16", $cipher->encrypt(substr($qresult,
- 									$encidx,
-)));
  		}
- 		Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
- 	    } else {
- 		Failure( $client, "error:no_key\n", $userinput);
  	    }
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting eget\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------------- put
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^put/) {
- 		"while attempting eget\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$udom,$uname,$namespace,$what)
+ 		=split(/:/,$userinput,5);
-     return 1;
+ 	    $namespace=~s/\//\_/g;
- }
+ 	    $namespace=~s/\W//g;
- RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0);
+ 	    if ($namespace ne 'roles') {
+ 		chomp($what);
- #
+ 		my $proname=propath($udom,$uname);
- #   Deletes a key in a user profile database.
+ 		my $now=time;
- #
+ 		my @pairs=split(/\&/,$what);
- #   Parameters:
+ 		my %hash;
- #       $cmd                  - Command keyword (del).
+ 		if (tie(%hash,'GDBM_File',
- #       $tail                 - Command tail.  IN this case a colon
+ 			"$proname/$namespace.db",
- #                               separated list containing:
+ 			&GDBM_WRCREAT(),0640)) {
- #                               The domain and user that identifies uniquely
+ 		    unless ($namespace=~/^nohist\_/) {
- #                               the identity of the user.
+ 			my $hfh;
- #                               The profile namespace (name of the profile
+ 			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
- #                               database file).
+ 		    }
- #                               & separated list of keywords to delete.
- #       $client              - File open on client socket.
+ 		    foreach my $pair (@pairs) {
- # Returns:
+ 			my ($key,$value)=split(/=/,$pair);
- #     1   - Continue processing
+ 			$hash{$key}=$value;
- #     0   - Exit server.
+ 		    }
- #
+ 		    if (untie(%hash)) {
- #
+ 			print $client "ok\n";
+ 		    } else {
- sub DeleteProfileEntry {
+ 			print $client "error: ".($!+0)
-     my $cmd      = shift;
+ 			    ." untie(GDBM) failed ".
-     my $tail     = shift;
+ 			    "while attempting put\n";
-     my $client   = shift;
+ 		    }
-     my $userinput = "cmd:$tail";
+ 		} else {
+ 		    print $client "error: ".($!)
-     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
+ 			." tie(GDBM) Failed ".
-     chomp($what);
+ 			"while attempting put\n";
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+ 		}
- 				  &GDBM_WRCREAT(),
+ 	    } else {
- 				  "D",$what);
+ 		print $client "refused\n";
-     if ($hashref) {
+ 	    }
-         my @keys=split(/\&/,$what);
+ 	} else {
- 	foreach my $key (@keys) {
+ 	    Reply($client, "refused\n", $userinput);
- 	    delete($hashref->{$key});
  	}
- 	if (untie(%$hashref)) {
+ # ------------------------------------------------------------------- inc
- 	    Reply($client, "ok\n", $userinput);
+     } elsif ($userinput =~ /^inc:/) {
+ 	if(isClient) {
+ 	    my ($cmd,$udom,$uname,$namespace,$what)
+ 		=split(/:/,$userinput);
+ 	    $namespace=~s/\//\_/g;
+ 	    $namespace=~s/\W//g;
+ 	    if ($namespace ne 'roles') {
+ 		chomp($what);
+ 		my $proname=propath($udom,$uname);
+ 		my $now=time;
+ 		my @pairs=split(/\&/,$what);
+ 		my %hash;
+ 		if (tie(%hash,'GDBM_File',
+ 			"$proname/$namespace.db",
+ 			&GDBM_WRCREAT(),0640)) {
+ 		    unless ($namespace=~/^nohist\_/) {
+ 			my $hfh;
+ 			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
+ 		    }
+ 		    foreach my $pair (@pairs) {
+ 			my ($key,$value)=split(/=/,$pair);
+ 			# We could check that we have a number...
+ 			if (! defined($value) || $value eq '') {
+ 			    $value = 1;
+ 			}
+ 			$hash{$key}+=$value;
+ 		    }
+ 		    if (untie(%hash)) {
+ 			print $client "ok\n";
+ 		    } else {
+ 			print $client "error: ".($!+0)
+ 			    ." untie(GDBM) failed ".
+ 			    "while attempting inc\n";
+ 		    }
+ 		} else {
+ 		    print $client "error: ".($!)
+ 			." tie(GDBM) Failed ".
+ 			"while attempting inc\n";
+ 		}
+ 	    } else {
+ 		print $client "refused\n";
+ 	    }
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting del\n", $userinput);
  	}
-     } else {
+ # -------------------------------------------------------------------- rolesput
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^rolesput/) {
- 		 "while attempting del\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    &Debug("rolesput");
-     return 1;
+ 	    if ($wasenc==1) {
- }
+ 		my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
- RegisterHandler("del", \&DeleteProfileEntry, 0, 1, 0);
+ 		    =split(/:/,$userinput);
- #
+ 		&Debug("cmd = ".$cmd." exedom= ".$exedom.
- #  List the set of keys that are defined in a profile database file.
+ 		       "user = ".$exeuser." udom=".$udom.
- #  A successful reply from this will contain an & separated list of
+ 		       "what = ".$what);
- #  the keys.
+ 		my $namespace='roles';
- # Parameters:
+ 		chomp($what);
- #     $cmd              - Command request (keys).
+ 		my $proname=propath($udom,$uname);
- #     $tail             - Remainder of the request, a colon separated
+ 		my $now=time;
- #                         list containing domain/user that identifies the
+ 		my @pairs=split(/\&/,$what);
- #                         user being queried, and the database namespace
+ 		my %hash;
- #                         (database filename essentially).
+ 		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
- #     $client           - File open on the client.
+ 		    {
- #  Returns:
+ 			my $hfh;
- #    1    - Continue processing.
+ 			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
- #    0    - Exit the server.
+ 			    print $hfh "P:$now:$exedom:$exeuser:$what\n";
- #
+ 			}
- sub GetProfileKeys {
+ 		    }
-     my $cmd       = shift;
-     my $tail      = shift;
+ 		    foreach my $pair (@pairs) {
-     my $client    = shift;
+ 			my ($key,$value)=split(/=/,$pair);
-     my $userinput = "$cmd:$tail";
+ 			&ManagePermissions($key, $udom, $uname,
+ 					   &get_auth_type( $udom,
-     my ($udom,$uname,$namespace)=split(/:/,$tail);
+ 							 $uname));
-     my $qresult='';
+ 			$hash{$key}=$value;
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+ 		    }
- 				  &GDBM_READER());
+ 		    if (untie(%hash)) {
-     if ($hashref) {
+ 			print $client "ok\n";
- 	foreach my $key (keys %$hashref) {
+ 		    } else {
- 	    $qresult.="$key&";
+ 			print $client "error: ".($!+0)
- 	}
+ 			    ." untie(GDBM) Failed ".
- 	if (untie(%$hashref)) {
+ 			    "while attempting rolesput\n";
- 	    $qresult=~s/\&$//;
+ 		    }
- 	    Reply($client, "$qresult\n", $userinput);
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." tie(GDBM) Failed ".
+ 			"while attempting rolesput\n";
+ 			    }
+ 	    } else {
+ 		print $client "refused\n";
+ 	    }
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting keys\n", $userinput);
  	}
-     } else {
+ # -------------------------------------------------------------------- rolesdel
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^rolesdel/) {
- 		 "while attempting keys\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    &Debug("rolesdel");
+ 	    if ($wasenc==1) {
-     return 1;
+ 		my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
- }
+ 		    =split(/:/,$userinput);
- RegisterHandler("keys", \&GetProfileKeys, 0, 1, 0);
+ 		&Debug("cmd = ".$cmd." exedom= ".$exedom.
- #
+ 		       "user = ".$exeuser." udom=".$udom.
- #   Dump the contents of a user profile database.
+ 		       "what = ".$what);
- #   Note that this constitutes a very large covert channel too since
+ 		my $namespace='roles';
- #   the dump will return sensitive information that is not encrypted.
+ 		chomp($what);
- #   The naive security assumption is that the session negotiation ensures
+ 		my $proname=propath($udom,$uname);
- #   our client is trusted and I don't believe that's assured at present.
+ 		my $now=time;
- #   Sure want badly to go to ssl or tls.  Of course if my peer isn't really
+ 		my @rolekeys=split(/\&/,$what);
- #   a LonCAPA node they could have negotiated an encryption key too so >sigh<.
+ 		my %hash;
- #
+ 		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
- #  Parameters:
+ 		    {
- #     $cmd           - The command request keyword (currentdump).
+ 			my $hfh;
- #     $tail          - Remainder of the request, consisting of a colon
+ 			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
- #                      separated list that has the domain/username and
+ 			    print $hfh "D:$now:$exedom:$exeuser:$what\n";
- #                      the namespace to dump (database file).
+ 			}
- #     $client        - file open on the remote client.
+ 		    }
- # Returns:
+ 		    foreach my $key (@rolekeys) {
- #     1    - Continue processing.
+ 			delete $hash{$key};
- #     0    - Exit the server.
+ 		    }
- #
+ 		    if (untie(%hash)) {
- sub DumpProfileDatabase {
+ 			print $client "ok\n";
-     my $cmd       = shift;
+ 		    } else {
-     my $tail      = shift;
+ 			print $client "error: ".($!+0)
-     my $client    = shift;
+ 			    ." untie(GDBM) Failed ".
-     my $userinput = "$cmd:$tail";
+ 			    "while attempting rolesdel\n";
+ 		    }
-     my ($udom,$uname,$namespace) = split(/:/,$tail);
+ 		} else {
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+ 		    print $client "error: ".($!+0)
- 				  &GDBM_READER());
+ 			." tie(GDBM) Failed ".
-     if ($hashref) {
+ 			"while attempting rolesdel\n";
- 	# Structure of %data:
- 	# $data{$symb}->{$parameter}=$value;
- 	# $data{$symb}->{'v.'.$parameter}=$version;
- 	# since $parameter will be unescaped, we do not
-  	# have to worry about silly parameter names...
-         my $qresult='';
- 	my %data = ();                     # A hash of anonymous hashes..
- 	while (my ($key,$value) = each(%$hashref)) {
- 	    my ($v,$symb,$param) = split(/:/,$key);
- 	    next if ($v eq 'version' || $symb eq 'keys');
- 	    next if (exists($data{$symb}) &&
- 		     exists($data{$symb}->{$param}) &&
- 		     $data{$symb}->{'v.'.$param} > $v);
- 	    $data{$symb}->{$param}=$value;
- 	    $data{$symb}->{'v.'.$param}=$v;
- 	}
- 	if (untie(%$hashref)) {
- 	    while (my ($symb,$param_hash) = each(%data)) {
- 		while(my ($param,$value) = each (%$param_hash)){
- 		    next if ($param =~ /^v\./);       # Ignore versions...
- 		    #
- 		    #   Just dump the symb=value pairs separated by &
- 		    #
- 		    $qresult.=$symb.':'.$param.'='.$value.'&';
  		}
+ 	    } else {
+ 		print $client "refused\n";
  	    }
- 	    chop($qresult);
- 	    Reply($client , "$qresult\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		     "while attempting currentdump\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------------- get
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^get/) {
- 		"while attempting currentdump\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$udom,$uname,$namespace,$what)
+ 		=split(/:/,$userinput);
-     return 1;
+ 	    $namespace=~s/\//\_/g;
- }
+ 	    $namespace=~s/\W//g;
- RegisterHandler("currentdump", \&DumpProfileDatabase, 0, 1, 0);
+ 	    chomp($what);
- #
+ 	    my @queries=split(/\&/,$what);
- #   Dump a profile database with an optional regular expression
+ 	    my $proname=propath($udom,$uname);
- #   to match against the keys.  In this dump, no effort is made
+ 	    my $qresult='';
- #   to separate symb from version information. Presumably the
+ 	    my %hash;
- #   databases that are dumped by this command are of a different
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
- #   structure.  Need to look at this and improve the documentation of
+ 		for (my $i=0;$i<=$#queries;$i++) {
- #   both this and the currentdump handler.
+ 		    $qresult.="$hash{$queries[$i]}&";
- # Parameters:
+ 		}
- #    $cmd                     - The command keyword.
+ 		if (untie(%hash)) {
- #    $tail                    - All of the characters after the $cmd:
+ 		    $qresult=~s/\&$//;
- #                               These are expected to be a colon
+ 		    print $client "$qresult\n";
- #                               separated list containing:
+ 		} else {
- #                               domain/user - identifying the user.
+ 		    print $client "error: ".($!+0)
- #                               namespace   - identifying the database.
+ 			." untie(GDBM) Failed ".
- #                               regexp      - optional regular expression
+ 			"while attempting get\n";
- #                                             that is matched against
+ 		}
- #                                             database keywords to do
- #                                             selective dumps.
- #   $client                   - Channel open on the client.
- # Returns:
- #    1    - Continue processing.
- # Side effects:
- #    response is written to $client.
- #
- sub DumpWithRegexp {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$cmd:$tail";
-     my ($udom,$uname,$namespace,$regexp)=split(/:/,$tail);
-     if (defined($regexp)) {
- 	$regexp=&unescape($regexp);
-     } else {
- 	$regexp='.';
-     }
-     my $hashref =TieUserHash($udom, $uname, $namespace,
- 				 &GDBM_READER());
-     if ($hashref) {
-         my $qresult='';
- 	while (my ($key,$value) = each(%$hashref)) {
- 	    if ($regexp eq '.') {
- 		$qresult.=$key.'='.$value.'&';
  	    } else {
- 		my $unescapeKey = &unescape($key);
+ 		if ($!+0 == 2) {
- 		if (eval('$unescapeKey=~/$regexp/')) {
+ 		    print $client "error:No such file or ".
- 		    $qresult.="$key=$value&";
+ 			"GDBM reported bad block error\n";
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." tie(GDBM) Failed ".
+ 			"while attempting get\n";
  		}
  	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if (untie(%$hashref)) {
+ # ------------------------------------------------------------------------ eget
- 	    chop($qresult);
+     } elsif ($userinput =~ /^eget/) {
- 	    Reply($client, "$qresult\n", $userinput);
+ 	if (isClient) {
+ 	    my ($cmd,$udom,$uname,$namespace,$what)
+ 		=split(/:/,$userinput);
+ 	    $namespace=~s/\//\_/g;
+ 	    $namespace=~s/\W//g;
+ 	    chomp($what);
+ 	    my @queries=split(/\&/,$what);
+ 	    my $proname=propath($udom,$uname);
+ 	    my $qresult='';
+ 	    my %hash;
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+ 		for (my $i=0;$i<=$#queries;$i++) {
+ 		    $qresult.="$hash{$queries[$i]}&";
+ 		}
+ 		if (untie(%hash)) {
+ 		    $qresult=~s/\&$//;
+ 		    if ($cipher) {
+ 			my $cmdlength=length($qresult);
+ 			$qresult.="         ";
+ 			my $encqresult='';
+ 			for
+ 			    (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+ 				$encqresult.=
+ 				    unpack("H16",
+ 					   $cipher->encrypt(substr($qresult,$encidx,8)));
+ 			    }
+ 			print $client "enc:$cmdlength:$encqresult\n";
+ 		    } else {
+ 			print $client "error:no_key\n";
+ 		    }
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." untie(GDBM) Failed ".
+ 			"while attempting eget\n";
+ 		}
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting eget\n";
+ 	    }
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		     "while attempting dump\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------------- del
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^del/) {
- 		"while attempting dump\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$udom,$uname,$namespace,$what)
+ 		=split(/:/,$userinput);
-     return 1;
+ 	    $namespace=~s/\//\_/g;
- }
+ 	    $namespace=~s/\W//g;
- RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0);
+ 	    chomp($what);
+ 	    my $proname=propath($udom,$uname);
- #  Store an aitem in any database but the roles database.
+ 	    my $now=time;
- #
+ 	    my @keys=split(/\&/,$what);
- #  Parameters:
+ 	    my %hash;
- #    $cmd                - Request command keyword.
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
- #    $tail               - Tail of the request.  This is a colon
+ 		unless ($namespace=~/^nohist\_/) {
- #                          separated list containing:
+ 		    my $hfh;
- #                          domain/user - User and authentication domain.
+ 		    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "D:$now:$what\n"; }
- #                          namespace   - Name of the database being modified
+ 		}
- #                          rid         - Resource keyword to modify.
+ 		foreach my $key (@keys) {
- #                          what        - new value associated with rid.
+ 		    delete($hash{$key});
- #
+ 		}
- #    $client             - Socket open on the client.
+ 		if (untie(%hash)) {
- #
+ 		    print $client "ok\n";
- #
+ 		} else {
- #  Returns:
+ 		    print $client "error: ".($!+0)
- #      1 (keep on processing).
+ 			." untie(GDBM) Failed ".
- #  Side-Effects:
+ 			"while attempting del\n";
- #    Writes to the client
+ 		}
- sub StoreHandler {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$cmd:$tail";
-     my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail);
-     if ($namespace ne 'roles') {
- 	chomp($what);
- 	my @pairs=split(/\&/,$what);
- 	my $hashref  = TieUserHash($udom, $uname, $namespace,
- 				       &GDBM_WRCREAT(), "P",
- 				       "$rid:$what");
- 	if ($hashref) {
- 	    my $now = time;
- 	    my @previouskeys=split(/&/,$hashref->{"keys:$rid"});
- 	    my $key;
- 	    $hashref->{"version:$rid"}++;
- 	    my $version=$hashref->{"version:$rid"};
- 	    my $allkeys='';
- 	    foreach my $pair (@pairs) {
- 		my ($key,$value)=split(/=/,$pair);
- 		$allkeys.=$key.':';
- 		$hashref->{"$version:$rid:$key"}=$value;
- 	    }
- 	    $hashref->{"$version:$rid:timestamp"}=$now;
- 	    $allkeys.='timestamp';
- 	    $hashref->{"$version:keys:$rid"}=$allkeys;
- 	    if (untie($hashref)) {
- 		Reply($client, "ok\n", $userinput);
  	    } else {
- 		Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		print $client "error: ".($!+0)
- 			"while attempting store\n", $userinput);
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting del\n";
  	    }
  	} else {
- 	    Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		     "while attempting store\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------------ keys
- 	Failure($client, "refused\n", $userinput);
+     } elsif ($userinput =~ /^keys/) {
-     }
+ 	if(isClient) {
+ 	    my ($cmd,$udom,$uname,$namespace)
-     return 1;
+ 		=split(/:/,$userinput);
- }
+ 	    $namespace=~s/\//\_/g;
- RegisterHandler("store", \&StoreHandler, 0, 1, 0);
+ 	    $namespace=~s/\W//g;
- #
+ 	    my $proname=propath($udom,$uname);
- #   Restore a prior version of a resource.
+ 	    my $qresult='';
- #
+ 	    my %hash;
- #  Parameters:
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
- #     $cmd               - Command keyword.
+ 		foreach my $key (keys %hash) {
- #     $tail              - Remainder of the request which consists of:
+ 		    $qresult.="$key&";
- #                          domain/user   - User and auth. domain.
+ 		}
- #                          namespace     - name of resource database.
+ 		if (untie(%hash)) {
- #                          rid           - Resource id.
+ 		    $qresult=~s/\&$//;
- #    $client             - socket open on the client.
+ 		    print $client "$qresult\n";
- #
+ 		} else {
- # Returns:
+ 		    print $client "error: ".($!+0)
- #      1  indicating the caller should not yet exit.
+ 			." untie(GDBM) Failed ".
- # Side-effects:
+ 			"while attempting keys\n";
- #   Writes a reply to the client.
+ 		}
- #
+ 	    } else {
- sub RestoreHandler {
+ 		print $client "error: ".($!+0)
-     my $cmd     = shift;
+ 		    ." tie(GDBM) Failed ".
-     my $tail    = shift;
+ 		    "while attempting keys\n";
-     my $client  = shift;
+ 	    }
-     my $userinput = "$cmd:$tail";	# Only used for logging purposes.
-     my ($cmd,$udom,$uname,$namespace,$rid) = split(/:/,$userinput);
-     $namespace=~s/\//\_/g;
-     $namespace=~s/\W//g;
-     chomp($rid);
-     my $proname=propath($udom,$uname);
-     my $qresult='';
-     my %hash;
-     if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
- 	    &GDBM_READER(),0640)) {
- 	my $version=$hash{"version:$rid"};
- 	$qresult.="version=$version&";
- 	my $scope;
- 	for ($scope=1;$scope<=$version;$scope++) {
- 	    my $vkeys=$hash{"$scope:keys:$rid"};
- 	    my @keys=split(/:/,$vkeys);
- 	    my $key;
- 	    $qresult.="$scope:keys=$vkeys&";
- 	    foreach $key (@keys) {
- 		$qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
- 	    }
- 	}
- 	if (untie(%hash)) {
- 	    $qresult=~s/\&$//;
- 	    Reply( $client, "$qresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting restore\n", $userinput);
  	}
-     } else {
+ # ----------------------------------------------------------------- dumpcurrent
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^currentdump/) {
- 		"while attempting restore\n", $userinput);
+ 	if (isClient) {
-     }
+ 	    my ($cmd,$udom,$uname,$namespace)
+ 		=split(/:/,$userinput);
-     return 1;
+ 	    $namespace=~s/\//\_/g;
+ 	    $namespace=~s/\W//g;
+ 	    my $qresult='';
- }
+ 	    my $proname=propath($udom,$uname);
- RegisterHandler("restore", \&RestoreHandler, 0,1,0);
+ 	    my %hash;
+ 	    if (tie(%hash,'GDBM_File',
- #
+ 		    "$proname/$namespace.db",
- #   Add a chat message to to a discussion board.
+ 		    &GDBM_READER(),0640)) {
- #
+ 			    # Structure of %data:
- # Parameters:
+ 		# $data{$symb}->{$parameter}=$value;
- #    $cmd                - Request keyword.
+ 		# $data{$symb}->{'v.'.$parameter}=$version;
- #    $tail               - Tail of the command. A colon separated list
+ 		# since $parameter will be unescaped, we do not
- #                          containing:
+ 		# have to worry about silly parameter names...
- #                          cdom    - Domain on which the chat board lives
+ 		my %data = ();
- #                          cnum    - Identifier of the discussion group.
+ 		while (my ($key,$value) = each(%hash)) {
- #                          post    - Body of the posting.
+ 		    my ($v,$symb,$param) = split(/:/,$key);
- #   $client              - Socket open on the client.
+ 		    next if ($v eq 'version' || $symb eq 'keys');
- # Returns:
+ 		    next if (exists($data{$symb}) &&
- #   1    - Indicating caller should keep on processing.
+ 			     exists($data{$symb}->{$param}) &&
- #
+ 			     $data{$symb}->{'v.'.$param} > $v);
- # Side-effects:
+ 		    $data{$symb}->{$param}=$value;
- #   writes a reply to the client.
+ 		    $data{$symb}->{'v.'.$param}=$v;
- #
+ 		}
- #
+ 		if (untie(%hash)) {
- sub SendChatHandler {
+ 		    while (my ($symb,$param_hash) = each(%data)) {
-     my $cmd     = shift;
+ 			while(my ($param,$value) = each (%$param_hash)){
-     my $tail    = shift;
+ 			    next if ($param =~ /^v\./);
-     my $client  = shift;
+ 			    $qresult.=$symb.':'.$param.'='.$value.'&';
+ 			}
-     my $userinput = "$cmd:$tail";
+ 		    }
+ 		    chop($qresult);
-     my ($cdom,$cnum,$newpost)=split(/\:/,$tail);
+ 		    print $client "$qresult\n";
-     &chatadd($cdom,$cnum,$newpost);
+ 		} else {
-     Reply($client, "ok\n", $userinput);
+ 		    print $client "error: ".($!+0)
+ 			." untie(GDBM) Failed ".
-     return 1;
+ 			"while attempting currentdump\n";
- }
+ 		}
- RegisterHandler("chatsend", \&SendChatHandler, 0, 1, 0);
+ 	    } else {
- #
+ 		print $client "error: ".($!+0)
- #   Retrieve the set of chat messagss from a discussion board.
+ 		    ." tie(GDBM) Failed ".
- #
+ 		    "while attempting currentdump\n";
- #  Parameters:
+ 	    }
- #    $cmd             - Command keyword that initiated the request.
+ 	} else {
- #    $tail            - Remainder of the request after the command
+ 	    Reply($client, "refused\n", $userinput);
- #                       keyword.  In this case a colon separated list of
- #                       chat domain    - Which discussion board.
- #                       chat id        - Discussion thread(?)
- #                       domain/user    - Authentication domain and username
- #                                        of the requesting person.
- #   $client           - Socket open on the client program.
- # Returns:
- #    1     - continue processing
- # Side effects:
- #    Response is written to the client.
- #
- sub RetrieveChatHandler {
-     my $cmd      = shift;
-     my $tail     = shift;
-     my $client   = shift;
-     my $userinput = "$cmd:$tail";
-     my ($cdom,$cnum,$udom,$uname)=split(/\:/,$tail);
-     my $reply='';
-     foreach (&getchat($cdom,$cnum,$udom,$uname)) {
- 	$reply.=&escape($_).':';
-     }
-     $reply=~s/\:$//;
-     Reply($client, $reply."\n", $userinput);
-     return 1;
- }
- RegisterHandler("chatretr", \&RetrieveChatHandler, 0, 1, 0);
- #
- #  Initiate a query of an sql database.  SQL query repsonses get put in
- #  a file for later retrieval.  This prevents sql query results from
- #  bottlenecking the system.  Note that with loncnew, perhaps this is
- #  less of an issue since multiple outstanding requests can be concurrently
- #  serviced.
- #
- #  Parameters:
- #     $cmd       - COmmand keyword that initiated the request.
- #     $tail      - Remainder of the command after the keyword.
- #                  For this function, this consists of a query and
- #                  3 arguments that are self-documentingly labelled
- #                  in the original arg1, arg2, arg3.
- #     $client    - Socket open on the client.
- # Return:
- #    1   - Indicating processing should continue.
- # Side-effects:
- #    a reply is written to $client.
- #
- sub SendQueryHandler {
-     my $cmd     = shift;
-     my $tail    = shift;
-     my $client  = shift;
-     my $userinput = "$cmd:$tail";
-     my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
-     $query=~s/\n*$//g;
-     Reply($client, "". sqlreply("$clientname\&$query".
- 				"\&$arg1"."\&$arg2"."\&$arg3")."\n",
- 	  $userinput);
-     return 1;
- }
- RegisterHandler("querysend", \&SendQueryHandler, 0, 1, 0);
- #
- #   Add a reply to an sql query.  SQL queries are done asyncrhonously.
- #   The query is submitted via a "querysend" transaction.
- #   There it is passed on to the lonsql daemon, queued and issued to
- #   mysql.
- #     This transaction is invoked when the sql transaction is complete
- #   it stores the query results in flie and indicates query completion.
- #   presumably local software then fetches this response... I'm guessing
- #   the sequence is: lonc does a querysend, we ask lonsql to do it.
- #   lonsql on completion of the query interacts with the lond of our
- #   client to do a query reply storing two files:
- #    - id     - The results of the query.
- #    - id.end - Indicating the transaction completed.
- #    NOTE: id is a unique id assigned to the query and querysend time.
- # Parameters:
- #    $cmd        - Command keyword that initiated this request.
- #    $tail       - Remainder of the tail.  In this case that's a colon
- #                  separated list containing the query Id and the
- #                  results of the query.
- #    $client     - Socket open on the client.
- # Return:
- #    1           - Indicating that we should continue processing.
- # Side effects:
- #    ok written to the client.
- #
- sub ReplyQueryHandler {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$cmd:$tail";
-     my ($cmd,$id,$reply)=split(/:/,$userinput);
-     my $store;
-     my $execdir=$perlvar{'lonDaemons'};
-     if ($store=IO::File->new(">$execdir/tmp/$id")) {
- 	$reply=~s/\&/\n/g;
- 	print $store $reply;
- 	close $store;
- 	my $store2=IO::File->new(">$execdir/tmp/$id.end");
- 	print $store2 "done\n";
- 	close $store2;
- 	Reply($client, "ok\n", $userinput);
-     } else {
- 	Failure($client, "error: ".($!+0)
- 		." IO::File->new Failed ".
- 		"while attempting queryreply\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("queryreply", \&ReplyQueryHandler, 0, 1, 0);
- #
- #  Process the courseidput query.  Not quite sure what this means
- #  at the system level sense.  It appears a gdbm file in the
- #  /home/httpd/lonUsers/$domain/nohist_courseids is tied and
- #  a set of entries made in that database.
- #
- # Parameters:
- #   $cmd      - The command keyword that initiated this request.
- #   $tail     - Tail of the command.  In this case consists of a colon
- #               separated list contaning the domain to apply this to and
- #               an ampersand separated list of keyword=value pairs.
- #   $client   - Socket open on the client.
- # Returns:
- #   1    - indicating that processing should continue
- #
- # Side effects:
- #   reply is written to the client.
- #
- sub PutCourseIdHandler {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$cmd:$tail";
-     chomp($what);
-     my $now=time;
-     my @pairs=split(/\&/,$what);
-     my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT());
-     if ($hashref) {
- 	foreach my $pair (@pairs) {
- 	    my ($key,$value)=split(/=/,$pair);
- 	    $hashref->{$key}=$value.':'.$now;
- 	}
- 	if (untie(%$hashref)) {
- 	    Reply($client, "ok\n", $userinput);
- 	} else {
- 	    Failure( $client, "error: ".($!+0)
- 		     ." untie(GDBM) Failed ".
- 		     "while attempting courseidput\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------------ dump
- 	Failure( $client, "error: ".($!+0)
+     } elsif ($userinput =~ /^dump/) {
- 		 ." tie(GDBM) Failed ".
+ 	if(isClient) {
- 		 "while attempting courseidput\n", $userinput);
+ 	    my ($cmd,$udom,$uname,$namespace,$regexp)
-     }
+ 		=split(/:/,$userinput);
+ 	    $namespace=~s/\//\_/g;
-     return 1;
+ 	    $namespace=~s/\W//g;
- }
+ 	    if (defined($regexp)) {
- RegisterHandler("courseidput", \&PutCourseIdHandler, 0, 1, 0);
+ 		$regexp=&unescape($regexp);
+ 	    } else {
- #  Retrieves the value of a course id resource keyword pattern
+ 		$regexp='.';
- #  defined since a starting date.  Both the starting date and the
+ 	    }
- #  keyword pattern are optional.  If the starting date is not supplied it
+ 	    my $qresult='';
- #  is treated as the beginning of time.  If the pattern is not found,
+ 	    my $proname=propath($udom,$uname);
- #  it is treatred as "." matching everything.
+ 	    my %hash;
- #
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
- #  Parameters:
+ 		while (my ($key,$value) = each(%hash)) {
- #     $cmd     - Command keyword that resulted in us being dispatched.
+ 		    if ($regexp eq '.') {
- #     $tail    - The remainder of the command that, in this case, consists
+ 			$qresult.=$key.'='.$value.'&';
- #                of a colon separated list of:
+ 		    } else {
- #                 domain   - The domain in which the course database is
+ 			my $unescapeKey = &unescape($key);
- #                            defined.
+ 			if (eval('$unescapeKey=~/$regexp/')) {
- #                 since    - Optional parameter describing the minimum
+ 			    $qresult.="$key=$value&";
- #                            time of definition(?) of the resources that
+ 			}
- #                            will match the dump.
+ 		    }
- #                 description - regular expression that is used to filter
+ 		}
- #                            the dump.  Only keywords matching this regexp
+ 		if (untie(%hash)) {
- #                            will be used.
+ 		    chop($qresult);
- #     $client  - The socket open on the client.
+ 		    print $client "$qresult\n";
- # Returns:
+ 		} else {
- #    1     - Continue processing.
+ 		    print $client "error: ".($!+0)
- # Side Effects:
+ 			." untie(GDBM) Failed ".
- #   a reply is written to $client.
+ 			"while attempting dump\n";
- sub DumpCourseIdHandler {
+ 		}
-     my $cmd    = shift;
+ 	    } else {
-     my $tail   = shift;
+ 		print $client "error: ".($!+0)
-     my $client = shift;
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting dump\n";
-     my $userinput = "$cmd:$tail";
-     my ($udom,$since,$description) =split(/:/,$tail);
-     if (defined($description)) {
- 	$description=&unescape($description);
-     } else {
- 	$description='.';
-     }
-     unless (defined($since)) { $since=0; }
-     my $qresult='';
-     my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT());
-     if ($hashref) {
- 	while (my ($key,$value) = each(%$hashref)) {
- 	    my ($descr,$lasttime)=split(/\:/,$value);
- 	    if ($lasttime<$since) {
- 		next;
  	    }
- 	    if ($description eq '.') {
+ 	} else {
- 		$qresult.=$key.'='.$descr.'&';
+ 	    Reply($client, "refused\n", $userinput);
+ 	}
+ # ----------------------------------------------------------------------- store
+     } elsif ($userinput =~ /^store/) {
+ 	if(isClient) {
+ 	    my ($cmd,$udom,$uname,$namespace,$rid,$what)
+ 		=split(/:/,$userinput);
+ 	    $namespace=~s/\//\_/g;
+ 	    $namespace=~s/\W//g;
+ 	    if ($namespace ne 'roles') {
+ 		chomp($what);
+ 		my $proname=propath($udom,$uname);
+ 		my $now=time;
+ 		my @pairs=split(/\&/,$what);
+ 		my %hash;
+ 		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+ 		    unless ($namespace=~/^nohist\_/) {
+ 			my $hfh;
+ 			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 			    print $hfh "P:$now:$rid:$what\n";
+ 			}
+ 		    }
+ 		    my @previouskeys=split(/&/,$hash{"keys:$rid"});
+ 		    my $key;
+ 		    $hash{"version:$rid"}++;
+ 		    my $version=$hash{"version:$rid"};
+ 		    my $allkeys='';
+ 		    foreach my $pair (@pairs) {
+ 			my ($key,$value)=split(/=/,$pair);
+ 			$allkeys.=$key.':';
+ 			$hash{"$version:$rid:$key"}=$value;
+ 		    }
+ 		    $hash{"$version:$rid:timestamp"}=$now;
+ 		    $allkeys.='timestamp';
+ 		    $hash{"$version:keys:$rid"}=$allkeys;
+ 		    if (untie(%hash)) {
+ 			print $client "ok\n";
+ 		    } else {
+ 			print $client "error: ".($!+0)
+ 			    ." untie(GDBM) Failed ".
+ 			    "while attempting store\n";
+ 				}
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." tie(GDBM) Failed ".
+ 			"while attempting store\n";
+ 		}
  	    } else {
- 		my $unescapeVal = &unescape($descr);
+ 		print $client "refused\n";
- 		if (eval('$unescapeVal=~/$description/i')) {
+ 	    }
- 		    $qresult.="$key=$descr&";
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
+ 	}
+ # --------------------------------------------------------------------- restore
+     } elsif ($userinput =~ /^restore/) {
+ 	if(isClient) {
+ 	    my ($cmd,$udom,$uname,$namespace,$rid)
+ 		=split(/:/,$userinput);
+ 	    $namespace=~s/\//\_/g;
+ 	    $namespace=~s/\W//g;
+ 	    chomp($rid);
+ 	    my $proname=propath($udom,$uname);
+ 	    my $qresult='';
+ 	    my %hash;
+ 	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+ 		my $version=$hash{"version:$rid"};
+ 		$qresult.="version=$version&";
+ 		my $scope;
+ 		for ($scope=1;$scope<=$version;$scope++) {
+ 		    my $vkeys=$hash{"$scope:keys:$rid"};
+ 		    my @keys=split(/:/,$vkeys);
+ 		    my $key;
+ 		    $qresult.="$scope:keys=$vkeys&";
+ 		    foreach $key (@keys) {
+ 			$qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
+ 		    }
+ 		}
+ 		if (untie(%hash)) {
+ 		    $qresult=~s/\&$//;
+ 		    print $client "$qresult\n";
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." untie(GDBM) Failed ".
+ 			"while attempting restore\n";
  		}
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting restore\n";
  	    }
+ 	} else  {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if (untie(%$hashref)) {
+ # -------------------------------------------------------------------- chatsend
- 	    chop($qresult);
+     } elsif ($userinput =~ /^chatsend/) {
- 	    Reply($client, "$qresult\n", $userinput);
+ 	if(isClient) {
+ 	    my ($cmd,$cdom,$cnum,$newpost)=split(/\:/,$userinput);
+ 	    &chatadd($cdom,$cnum,$newpost);
+ 	    print $client "ok\n";
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting courseiddump\n", $userinput);
  	}
-     } else {
+ # -------------------------------------------------------------------- chatretr
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^chatretr/) {
- 		"while attempting courseiddump\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my
+ 		($cmd,$cdom,$cnum,$udom,$uname)=split(/\:/,$userinput);
+ 	    my $reply='';
-     return 1;
+ 	    foreach (&getchat($cdom,$cnum,$udom,$uname)) {
- }
+ 		$reply.=&escape($_).':';
- RegisterHandler("courseiddump", \&DumpCourseIdHandler, 0, 1, 0);
+ 	    }
- #
+ 	    $reply=~s/\:$//;
- #  Puts an id to a domains id database.
+ 	    print $client $reply."\n";
- #
+ 	} else {
- #  Parameters:
+ 	    Reply($client, "refused\n", $userinput);
- #   $cmd     - The command that triggered us.
- #   $tail    - Remainder of the request other than the command. This is a
- #              colon separated list containing:
- #              $domain  - The domain for which we are writing the id.
- #              $pairs  - The id info to write... this is and & separated list
- #                        of keyword=value.
- #   $client  - Socket open on the client.
- #  Returns:
- #    1   - Continue processing.
- #  Side effects:
- #     reply is written to $client.
- #
- sub PutIdHandler {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$cmd:$tail";
-     my ($udom,$what)=split(/:/,$tail);
-     chomp($what);
-     my @pairs=split(/\&/,$what);
-     my $hashref = TieDomainHash($udom, "ids", &GDBM_WRCREAT(),
- 				"P", $what);
-     if ($hashref) {
- 	foreach my $pair (@pairs) {
- 	    my ($key,$value)=split(/=/,$pair);
- 	    $hashref->{$key}=$value;
  	}
- 	if (untie(%$hashref)) {
+ # ------------------------------------------------------------------- querysend
- 	    Reply($client, "ok\n", $userinput);
+     } elsif ($userinput =~ /^querysend/) {
+ 	if (isClient) {
+ 	    my ($cmd,$query,
+ 		$arg1,$arg2,$arg3)=split(/\:/,$userinput);
+ 	    $query=~s/\n*$//g;
+ 	    print $client "".
+ 		sqlreply("$clientname\&$query".
+ 			 "\&$arg1"."\&$arg2"."\&$arg3")."\n";
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		    "while attempting idput\n", $userinput);
  	}
-     } else {
+ # ------------------------------------------------------------------ queryreply
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^queryreply/) {
- 		 "while attempting idput\n", $userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$id,$reply)=split(/:/,$userinput);
+ 	    my $store;
-     return 1;
+ 	    my $execdir=$perlvar{'lonDaemons'};
- }
+ 	    if ($store=IO::File->new(">$execdir/tmp/$id")) {
+ 		$reply=~s/\&/\n/g;
- RegisterHandler("idput", \&PutIdHandler, 0, 1, 0);
+ 		print $store $reply;
- #
+ 		close $store;
- #  Retrieves a set of id values from the id database.
+ 		my $store2=IO::File->new(">$execdir/tmp/$id.end");
- #  Returns an & separated list of results, one for each requested id to the
+ 		print $store2 "done\n";
- #  client.
+ 		close $store2;
- #
+ 		print $client "ok\n";
- # Parameters:
+ 	    } else {
- #   $cmd       - Command keyword that caused us to be dispatched.
+ 		print $client "error: ".($!+0)
- #   $tail      - Tail of the command.  Consists of a colon separated:
+ 		    ." IO::File->new Failed ".
- #               domain - the domain whose id table we dump
+ 		    "while attempting queryreply\n";
- #               ids      Consists of an & separated list of
+ 	    }
- #                        id keywords whose values will be fetched.
- #                        nonexisting keywords will have an empty value.
- #   $client    - Socket open on the client.
- #
- # Returns:
- #    1 - indicating processing should continue.
- # Side effects:
- #   An & separated list of results is written to $client.
- #
- sub GetIdHandler {
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
-     my $userinput = "$client:$tail";
-     my ($udom,$what)=split(/:/,$tail);
-     chomp($what);
-     my @queries=split(/\&/,$what);
-     my $qresult='';
-     my $hashref = TieDomainHash($udom, "ids", &GDBM_READER());
-     if ($hashref) {
- 	for (my $i=0;$i<=$#queries;$i++) {
- 	    $qresult.="$hashref->{$queries[$i]}&";
- 	}
- 	if (untie(%$hashref)) {
- 	    $qresult=~s/\&$//;
- 	    Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    Reply($client, "refused\n", $userinput);
- 		     "while attempting idget\n",$userinput);
  	}
-     } else {
+ # ----------------------------------------------------------------- courseidput
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } elsif ($userinput =~ /^courseidput/) {
- 		"while attempting idget\n",$userinput);
+ 	if(isClient) {
-     }
+ 	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+ 	    chomp($what);
-     return 1;
+ 			$udom=~s/\W//g;
- }
+ 	    my $proname=
+ 		"$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
- RegisterHandler("idget", \&GetIdHandler, 0, 1, 0);
+ 	    my $now=time;
- #
+ 	    my @pairs=split(/\&/,$what);
- #  Process the tmpput command I'm not sure what this does.. Seems to
+ 	    my %hash;
- #  create a file in the lonDaemons/tmp directory of the form $id.tmp
+ 	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
- # where Id is the client's ip concatenated with a sequence number.
+ 		foreach my $pair (@pairs) {
- # The file will contain some value that is passed in.  Is this e.g.
+ 		    my ($key,$descr,$inst_code)=split(/=/,$pair);
- # a login token?
+ 		    $hash{$key}=$descr.':'.$inst_code.':'.$now;
- #
- # Parameters:
- #    $cmd     - The command that got us dispatched.
- #    $tail    - The remainder of the request following $cmd:
- #               In this case this will be the contents of the file.
- #    $client  - Socket connected to the client.
- # Returns:
- #    1 indicating processing can continue.
- # Side effects:
- #   A file is created in the local filesystem.
- #   A reply is sent to the client.
- sub TmpPutHandler {
-     my $cmd       = shift;
-     my $what      = shift;
-     my $client    = shift;
-     my $userinput = "$cmd:$what";	# Reconstruct for logging.
-     my $store;
-     $tmpsnum++;
-     my $id=$$.'_'.$clientip.'_'.$tmpsnum;
-     $id=~s/\W/\_/g;
-     $what=~s/\n//g;
-     my $execdir=$perlvar{'lonDaemons'};
-     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
- 	print $store $what;
- 	close $store;
- 	Reply($client, "$id\n", $userinput);
-     } else {
- 	Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
- 		 "while attempting tmpput\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("tmpput", \&TmpPutHandler, 0, 1, 0);
- #   Processes the tmpget command.  This command returns the contents
- #  of a temporary resource file(?) created via tmpput.
- #
- # Paramters:
- #    $cmd      - Command that got us dispatched.
- #    $id       - Tail of the command, contain the id of the resource
- #                we want to fetch.
- #    $client   - socket open on the client.
- # Return:
- #    1         - Inidcating processing can continue.
- # Side effects:
- #   A reply is sent to the client.
- #
- sub TmpGetHandler {
-     my $cmd       = shift;
-     my $id        = shift;
-     my $client    = shift;
-     my $userinput = "$cmd:$id";
-     chomp($id);
-     $id=~s/\W/\_/g;
-     my $store;
-     my $execdir=$perlvar{'lonDaemons'};
-     if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
- 	my $reply=<$store>;
- 	Reply( $client, "$reply\n", $userinput);
- 	close $store;
-     } else {
- 	Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
- 		 "while attempting tmpget\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("tmpget", \&TmpGetHandler, 0, 1, 0);
- #
- #  Process the tmpdel command.  This command deletes a temp resource
- #  created by the tmpput command.
- #
- # Parameters:
- #   $cmd      - Command that got us here.
- #   $id       - Id of the temporary resource created.
- #   $client   - socket open on the client process.
- #
- # Returns:
- #   1     - Indicating processing should continue.
- # Side Effects:
- #   A file is deleted
- #   A reply is sent to the client.
- sub TmpDelHandler {
-     my $cmd      = shift;
-     my $id       = shift;
-     my $client   = shift;
-     my $userinput= "$cmd:$id";
-     chomp($id);
-     $id=~s/\W/\_/g;
-     my $execdir=$perlvar{'lonDaemons'};
-     if (unlink("$execdir/tmp/$id.tmp")) {
- 	Reply($client, "ok\n", $userinput);
-     } else {
- 	Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
- 		 "while attempting tmpdel\n", $userinput);
-     }
-     return 1;
- }
- RegisterHandler("tmpdel", \&TmpDelHandler, 0, 1, 0);
- #
- #   ls  - list the contents of a directory.  For each file in the
- #    selected directory the filename followed by the full output of
- #    the stat function is returned.  The returned info for each
- #    file are separated by ':'.  The stat fields are separated by &'s.
- # Parameters:
- #    $cmd        - The command that dispatched us (ls).
- #    $ulsdir     - The directory path to list... I'm not sure what this
- #                  is relative as things like ls:. return e.g.
- #                  no_such_dir.
- #    $client     - Socket open on the client.
- # Returns:
- #     1 - indicating that the daemon should not disconnect.
- # Side Effects:
- #   The reply is written to  $client.
- #
- sub LsHandler {
-     my $cmd     = shift;
-     my $ulsdir  = shift;
-     my $client  = shift;
-     my $userinput = "$cmd:$ulsdir";
-     my $ulsout='';
-     my $ulsfn;
-     if (-e $ulsdir) {
- 	if(-d $ulsdir) {
- 	    if (opendir(LSDIR,$ulsdir)) {
- 		while ($ulsfn=readdir(LSDIR)) {
- 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
- 		    $ulsout.=$ulsfn.'&'.
- 			join('&',@ulsstats).':';
  		}
- 		closedir(LSDIR);
+ 		if (untie(%hash)) {
+ 		    print $client "ok\n";
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." untie(GDBM) Failed ".
+ 			"while attempting courseidput\n";
+ 		}
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting courseidput\n";
  	    }
  	} else {
- 	    my @ulsstats=stat($ulsdir);
+ 	    Reply($client, "refused\n", $userinput);
- 	    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
  	}
-     } else {
+ # ---------------------------------------------------------------- courseiddump
- 	$ulsout='no_such_dir';
+     } elsif ($userinput =~ /^courseiddump/) {
-     }
+ 	if(isClient) {
-     if ($ulsout eq '') { $ulsout='empty'; }
+ 	    my ($cmd,$udom,$since,$description)
-     Reply($client, "$ulsout\n", $userinput);
+ 		=split(/:/,$userinput);
+ 	    if (defined($description)) {
+ 		$description=&unescape($description);
-     return 1;
+ 	    } else {
- }
+ 		$description='.';
- RegisterHandler("ls", \&LsHandler, 0, 1, 0);
+ 	    }
+ 	    unless (defined($since)) { $since=0; }
+ 	    my $qresult='';
- #
+ 	    my $proname=
- #   Processes the setannounce command.  This command
+ 		"$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
- #   creates a file named announce.txt in the top directory of
+ 	    my %hash;
- #   the documentn root and sets its contents.  The announce.txt file is
+ 	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
- #   printed in its entirety at the LonCAPA login page.  Note:
+ 		while (my ($key,$value) = each(%hash)) {
- #   once the announcement.txt fileis created it cannot be deleted.
+ 		    my ($descr,$lasttime,$inst_code);
- #   However, setting the contents of the file to empty removes the
+ 		    if ($value =~ m/^([^\:]*):([^\:]*):(\d+)$/) {
- #   announcement from the login page of loncapa so who cares.
+ 			($descr,$inst_code,$lasttime)=($1,$2,$3);
- #
+ 		    } else {
- # Parameters:
+ 			($descr,$lasttime) = split(/\:/,$value);
- #    $cmd          - The command that got us dispatched.
+ 		    }
- #    $announcement - The text of the announcement.
+ 		    if ($lasttime<$since) { next; }
- #    $client       - Socket open on the client process.
+ 		    if ($description eq '.') {
- # Retunrns:
+ 			$qresult.=$key.'='.$descr.':'.$inst_code.'&';
- #   1             - Indicating request processing should continue
+ 		    } else {
- # Side Effects:
+ 			my $unescapeVal = &unescape($descr);
- #   The file {DocRoot}/announcement.txt is created.
+ 			if (eval('$unescapeVal=~/\Q$description\E/i')) {
- #   A reply is sent to $client.
+ 			    $qresult.=$key.'='.$descr.':'.$inst_code.'&';
- #
+ 			}
- sub SetAnnounceHandler {
+ 		    }
-     my $cmd          = shift;
+ 		}
-     my $announcement = shift;
+ 		if (untie(%hash)) {
-     my $client       = shift;
+ 		    chop($qresult);
+ 		    print $client "$qresult\n";
-     my $userinput    = "$cmd:$announcement";
+ 		} else {
+ 		    print $client "error: ".($!+0)
-     chomp($announcement);
+ 			." untie(GDBM) Failed ".
-     $announcement=&unescape($announcement);
+ 			"while attempting courseiddump\n";
-     if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
+ 		}
- 				'/announcement.txt')) {
+ 	    } else {
- 	print $store $announcement;
+ 		print $client "error: ".($!+0)
- 	close $store;
+ 		    ." tie(GDBM) Failed ".
- 	Reply($client, "ok\n", $userinput);
+ 		    "while attempting courseiddump\n";
-     } else {
+ 	    }
- 	Failure($client, "error: ".($!+0)."\n", $userinput);
+ 	} else {
-     }
+ 	    Reply($client, "refused\n", $userinput);
-     return 1;
- }
- RegisterHandler("setannounce", \&SetAnnounceHandler, 0, 1, 0);
- #
- #  Return the version of the daemon.  This can be used to determine
- #  the compatibility of cross version installations or, alternatively to
- #  simply know who's out of date and who isn't.  Note that the version
- #  is returned concatenated with the tail.
- # Parameters:
- #   $cmd        - the request that dispatched to us.
- #   $tail       - Tail of the request (client's version?).
- #   $client     - Socket open on the client.
- #Returns:
- #   1 - continue processing requests.
- # Side Effects:
- #   Replies with version to $client.
- sub GetVersionHandler {
-     my $client     = shift;
-     my $tail       = shift;
-     my $client     = shift;
-     my $userinput  = $client;
-     Reply($client, &version($userinput)."\n", $userinput);
-     return 1;
- }
- RegisterHandler("version", \&GetVersionHandler, 0, 1, 0);
- #  Set the current host and domain.  This is used to support
- #  multihomed systems.  Each IP of the system, or even separate daemons
- #  on the same IP can be treated as handling a separate lonCAPA virtual
- #  machine.  This command selects the virtual lonCAPA.  The client always
- #  knows the right one since it is lonc and it is selecting the domain/system
- #  from the hosts.tab file.
- # Parameters:
- #    $cmd      - Command that dispatched us.
- #    $tail     - Tail of the command (domain/host requested).
- #    $socket   - Socket open on the client.
- #
- # Returns:
- #     1   - Indicates the program should continue to process requests.
- # Side-effects:
- #     The default domain/system context is modified for this daemon.
- #     a reply is sent to the client.
- #
- sub SelectHostHandler {
-     my $cmd        = shift;
-     my $tail       = shift;
-     my $socket     = shift;
-     my $userinput  ="$cmd:$tail";
-     Reply($client, &sethost($userinput)."\n", $userinput);
-     return 1;
- }
- RegisterHandler("sethost", \&SelectHostHandler, 0, 1, 0);
- #  Process a request to exit:
- #   - "bye" is sent to the client.
- #   - The client socket is shutdown and closed.
- #   - We indicate to the caller that we should exit.
- # Formal Parameters:
- #   $cmd                - The command that got us here.
- #   $tail               - Tail of the command (empty).
- #   $client             - Socket open on the tail.
- # Returns:
- #   0      - Indicating the program should exit!!
- #
- sub ExitHandler {
-     my $cmd     = shift;
-     my $tail    = shift;
-     my $client  = shift;
-     my $userinput = "$cmd:$tail";
-     &logthis("Client $clientip ($clientname) hanging up: $userinput");
-     Reply($client, "bye\n", $userinput);
-     $client->shutdown(2);        # shutdown the socket forcibly.
-     $client->close();
-     return 0;
- }
- RegisterHandler("exit", \&ExitHandler, 0, 1,1);
- RegisterHandler("init", \&ExitHandler, 0, 1,1);	# RE-init is like exit.
- RegisterHandler("quit", \&ExitHandler, 0, 1,1); # I like this too!
- #------------------------------------------------------------------------------------
- #
- #   Process a Request.  Takes a request from the client validates
- #   it and performs the operation requested by it.  Returns
- #   a response to the client.
- #
- #  Parameters:
- #      request      - A string containing the user's request.
- #  Returns:
- #      0            - Requested to exit, caller should shut down.
- #      1            - Accept additional requests from the client.
- #
- sub ProcessRequest {
-     my $Request      = shift;
-     my $KeepGoing    = 1;	# Assume we're not asked to stop.
-     my $wasenc=0;
-     my $userinput = $Request;   # for compatibility with oldcode <yeach>
- # ------------------------------------------------------------ See if encrypted
-     if($userinput =~ /^enc/) {
- 	$wasenc = 1;
- 	$userinput = Decipher($userinput);
- 	if(! $userinput) {
- 	    Failure($client,"error:Encrypted data without negotiating key");
- 	    return 0;                      # Break off with this imposter.
  	}
-     }
+ # ----------------------------------------------------------------------- idput
-     # Split off the request keyword from the rest of the stuff.
+     } elsif ($userinput =~ /^idput/) {
+ 	if(isClient) {
-     my ($command, $tail) = split(/:/, $userinput, 2);
+ 	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+ 	    chomp($what);
-     Debug("Command received: $command, encoded = $wasenc");
+ 	    $udom=~s/\W//g;
+ 	    my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+ 	    my $now=time;
- # ------------------------------------------------------------- Normal commands
+ 	    my @pairs=split(/\&/,$what);
+ 	    my %hash;
-     #
+ 	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
-     #   If the command is in the hash, then execute it via the hash dispatch:
+ 		{
-     #
+ 		    my $hfh;
-     if(defined $Dispatcher{$command}) {
+ 		    if ($hfh=IO::File->new(">>$proname.hist")) {
+ 			print $hfh "P:$now:$what\n";
- 	my $DispatchInfo = $Dispatcher{$command};
+ 		    }
- 	my $Handler      = $$DispatchInfo[0];
+ 		}
- 	my $NeedEncode   = $$DispatchInfo[1];
+ 		foreach my $pair (@pairs) {
- 	my $ClientTypes  = $$DispatchInfo[2];
+ 		    my ($key,$value)=split(/=/,$pair);
- 	Debug("Matched dispatch hash: mustencode: $NeedEncode ClientType $ClientTypes");
+ 		    $hash{$key}=$value;
+ 		}
- 	#  Validate the request:
+ 		if (untie(%hash)) {
+ 		    print $client "ok\n";
- 	my $ok = 1;
+ 		} else {
- 	my $requesterprivs = 0;
+ 		    print $client "error: ".($!+0)
- 	if(isClient()) {
+ 			." untie(GDBM) Failed ".
- 	    $requesterprivs |= $CLIENT_OK;
+ 			"while attempting idput\n";
+ 		}
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting idput\n";
+ 	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if(isManager()) {
+ # ----------------------------------------------------------------------- idget
- 	    $requesterprivs |= $MANAGER_OK;
+     } elsif ($userinput =~ /^idget/) {
+ 	if(isClient) {
+ 	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+ 	    chomp($what);
+ 	    $udom=~s/\W//g;
+ 	    my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+ 	    my @queries=split(/\&/,$what);
+ 	    my $qresult='';
+ 	    my %hash;
+ 	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+ 		for (my $i=0;$i<=$#queries;$i++) {
+ 		    $qresult.="$hash{$queries[$i]}&";
+ 		}
+ 		if (untie(%hash)) {
+ 		    $qresult=~s/\&$//;
+ 		    print $client "$qresult\n";
+ 		} else {
+ 		    print $client "error: ".($!+0)
+ 			." untie(GDBM) Failed ".
+ 			"while attempting idget\n";
+ 		}
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ." tie(GDBM) Failed ".
+ 		    "while attempting idget\n";
+ 	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if($NeedEncode && (!$wasenc)) {
+ # ---------------------------------------------------------------------- tmpput
- 	    Debug("Must encode but wasn't: $NeedEncode $wasenc");
+     } elsif ($userinput =~ /^tmpput/) {
- 	    $ok = 0;
+ 	if(isClient) {
+ 	    my ($cmd,$what)=split(/:/,$userinput);
+ 	    my $store;
+ 	    $tmpsnum++;
+ 	    my $id=$$.'_'.$clientip.'_'.$tmpsnum;
+ 	    $id=~s/\W/\_/g;
+ 	    $what=~s/\n//g;
+ 	    my $execdir=$perlvar{'lonDaemons'};
+ 	    if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
+ 		print $store $what;
+ 		close $store;
+ 		print $client "$id\n";
+ 	    }
+ 	    else {
+ 		print $client "error: ".($!+0)
+ 		    ."IO::File->new Failed ".
+ 		    "while attempting tmpput\n";
+ 	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
- 	if(($ClientTypes & $requesterprivs) == 0) {
- 	    Debug("Client not privileged to do this operation");
+ # ---------------------------------------------------------------------- tmpget
- 	    $ok = 0;
+     } elsif ($userinput =~ /^tmpget/) {
+ 	if(isClient) {
+ 	    my ($cmd,$id)=split(/:/,$userinput);
+ 	    chomp($id);
+ 	    $id=~s/\W/\_/g;
+ 	    my $store;
+ 	    my $execdir=$perlvar{'lonDaemons'};
+ 	    if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
+ 		my $reply=<$store>;
+ 			    print $client "$reply\n";
+ 		close $store;
+ 	    }
+ 	    else {
+ 		print $client "error: ".($!+0)
+ 		    ."IO::File->new Failed ".
+ 		    "while attempting tmpget\n";
+ 	    }
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
  	}
+ # ---------------------------------------------------------------------- tmpdel
- 	if($ok) {
+     } elsif ($userinput =~ /^tmpdel/) {
- 	    Debug("Dispatching to handler $command $tail");
+ 	if(isClient) {
- 	    $KeepGoing = &$Handler($command, $tail, $client);
+ 	    my ($cmd,$id)=split(/:/,$userinput);
+ 	    chomp($id);
+ 	    $id=~s/\W/\_/g;
+ 	    my $execdir=$perlvar{'lonDaemons'};
+ 	    if (unlink("$execdir/tmp/$id.tmp")) {
+ 		print $client "ok\n";
+ 	    } else {
+ 		print $client "error: ".($!+0)
+ 		    ."Unlink tmp Failed ".
+ 		    "while attempting tmpdel\n";
+ 	    }
  	} else {
- 	    Debug("Refusing to dispatch because ok is false");
+ 	    Reply($client, "refused\n", $userinput);
- 	    Failure($client, "refused", $userinput);
  	}
+ # ----------------------------------------- portfolio directory list (portls)
+     } elsif ($userinput =~ /^portls/) {
- # ------------------------------------------------------------- unknown command
+ 	if(isClient) {
+ 	    my ($cmd,$uname,$udom)=split(/:/,$userinput);
-     } else {
+ 	    my $udir=propath($udom,$uname).'/userfiles/portfolio';
- 	# unknown command
+ 	    my $dirLine='';
- 	Failure($client, "unknown_cmd\n", $userinput);
+ 	    my $dirContents='';
-     }
+ 	    if (opendir(LSDIR,$udir.'/')){
+ 		while ($dirLine = readdir(LSDIR)){
-     return $KeepGoing;
+ 		    $dirContents = $dirContents.$dirLine.'<br />';
- }
+ 		}
+ 	    } else {
+ 		$dirContents = "No directory found\n";
- #
+ 	    }
- #   GetCertificate: Given a transaction that requires a certificate,
+ 	    print $client $dirContents."\n";
- #   this function will extract the certificate from the transaction
+ 	} else {
- #   request.  Note that at this point, the only concept of a certificate
+ 	    Reply($client, "refused\n", $userinput);
- #   is the hostname to which we are connected.
- #
- #   Parameter:
- #      request   - The request sent by our client (this parameterization may
- #                  need to change when we really use a certificate granting
- #                  authority.
- #
- sub GetCertificate {
-     my $request = shift;
-     return $clientip;
- }
- #
- #   ReadManagerTable: Reads in the current manager table. For now this is
- #                     done on each manager authentication because:
- #                     - These authentications are not frequent
- #                     - This allows dynamic changes to the manager table
- #                       without the need to signal to the lond.
- #
- sub ReadManagerTable {
-     #   Clean out the old table first..
-     foreach my $key (keys %managers) {
- 	delete $managers{$key};
-     }
-     my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
-     if (!open (MANAGERS, $tablename)) {
- 	logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
- 	return;
-     }
-     while(my $host = <MANAGERS>) {
- 	chomp($host);
- 	if ($host =~ "^#") {                  # Comment line.
- 	    logthis('<font color="green"> Skipping line: '. "$host</font>\n");
- 	    next;
  	}
- 	if (!defined $hostip{$host}) { # This is a non cluster member
+ # -------------------------------------------------------------------------- ls
- 	    #  The entry is of the form:
+     } elsif ($userinput =~ /^ls/) {
- 	    #    cluname:hostname
+ 	if(isClient) {
- 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
+ 	    my $obs;
- 	    #            the host key.
+ 	    my $rights;
- 	    #  hostname- The dns name of the host.
+ 	    my ($cmd,$ulsdir)=split(/:/,$userinput);
- 	    #
+ 	    my $ulsout='';
- 	    my($cluname, $dnsname) = split(/:/, $host);
+ 	    my $ulsfn;
+ 	    if (-e $ulsdir) {
+ 		if(-d $ulsdir) {
+ 		    if (opendir(LSDIR,$ulsdir)) {
+ 			while ($ulsfn=readdir(LSDIR)) {
+ 			    undef $obs, $rights;
+ 			    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
+ 			    #We do some obsolete checking here
+ 			    if(-e $ulsdir.'/'.$ulsfn.".meta") {
+ 				open(FILE, $ulsdir.'/'.$ulsfn.".meta");
+ 				my @obsolete=<FILE>;
+ 				foreach my $obsolete (@obsolete) {
+ 				    if($obsolete =~ m|(<obsolete>)(on)|) { $obs = 1; }
+ 				    if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
+ 				}
+ 			    }
+ 			    $ulsout.=$ulsfn.'&'.join('&',@ulsstats);
+ 			    if($obs eq '1') { $ulsout.="&1"; }
+ 			    else { $ulsout.="&0"; }
+ 			    if($rights eq '1') { $ulsout.="&1:"; }
+ 			    else { $ulsout.="&0:"; }
+ 			}
+ 			closedir(LSDIR);
+ 		    }
+ 		} else {
+ 		    my @ulsstats=stat($ulsdir);
+ 		    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
+ 		}
+ 	    } else {
+ 		$ulsout='no_such_dir';
+ 	    }
+ 	    if ($ulsout eq '') { $ulsout='empty'; }
+ 	    print $client "$ulsout\n";
+ 	} else {
+ 	    Reply($client, "refused\n", $userinput);
- 	    my $ip = gethostbyname($dnsname);
+ 	}
- 	    if(defined($ip)) {                 # bad names don't deserve entry.
+ # ----------------------------------------------------------------- setannounce
- 		my $hostip = inet_ntoa($ip);
+     } elsif ($userinput =~ /^setannounce/) {
- 		$managers{$hostip} = $cluname;
+ 	if (isClient) {
- 		logthis('<font color="green"> registering manager '.
+ 	    my ($cmd,$announcement)=split(/:/,$userinput);
- 			"$dnsname as $cluname with $hostip </font>\n");
+ 	    chomp($announcement);
+ 	    $announcement=&unescape($announcement);
+ 	    if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
+ 					'/announcement.txt')) {
+ 		print $store $announcement;
+ 		close $store;
+ 		print $client "ok\n";
+ 	    } else {
+ 		print $client "error: ".($!+0)."\n";
  	    }
  	} else {
- 	    logthis('<font color="green"> existing host'." $host</font>\n");
+ 	    Reply($client, "refused\n", $userinput);
- 	    $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
  	}
-     }
+ # ------------------------------------------------------------------ Hanging up
- }
+     } elsif (($userinput =~ /^exit/) ||
+ 	     ($userinput =~ /^init/)) { # no restrictions.
- #
+ 	&logthis(
- #  ValidManager: Determines if a given certificate represents a valid manager.
+ 		 "Client $clientip ($clientname) hanging up: $userinput");
- #                in this primitive implementation, the 'certificate' is
+ 	print $client "bye\n";
- #                just the connecting loncapa client name.  This is checked
+ 	$client->shutdown(2);        # shutdown the socket forcibly.
- #                against a valid client list in the configuration.
+ 	$client->close();
- #
+ 	return 0;
- #
- sub ValidManager {
+ # ---------------------------------- set current host/domain
-     my $certificate = shift;
+     } elsif ($userinput =~ /^sethost:/) {
+ 	if (isClient) {
-     return isManager;
+ 	    print $client &sethost($userinput)."\n";
- }
+ 	} else {
- #
+ 	    print $client "refused\n";
- #  CopyFile:  Called as part of the process of installing a
- #             new configuration file.  This function copies an existing
- #             file to a backup file.
- # Parameters:
- #     oldfile  - Name of the file to backup.
- #     newfile  - Name of the backup file.
- # Return:
- #     0   - Failure (errno has failure reason).
- #     1   - Success.
- #
- sub CopyFile {
-     my $oldfile = shift;
-     my $newfile = shift;
-     #  The file must exist:
-     if(-e $oldfile) {
- 	# Read the old file.
- 	my $oldfh = IO::File->new("< $oldfile");
- 	if(!$oldfh) {
- 	    return 0;
  	}
- 	my @contents = <$oldfh>;  # Suck in the entire file.
+ #---------------------------------- request file (?) version.
+     } elsif ($userinput =~/^version:/) {
- 	# write the backup file:
+ 	if (isClient) {
+ 	    print $client &version($userinput)."\n";
- 	my $newfh = IO::File->new("> $newfile");
+ 	} else {
- 	if(!(defined $newfh)){
+ 	    print $client "refused\n";
- 	    return 0;
  	}
- 	my $lines = scalar @contents;
+ #------------------------------- is auto-enrollment enabled?
- 	for (my $i =0; $i < $lines; $i++) {
+     } elsif ($userinput =~/^autorun:/) {
- 	    print $newfh ($contents[$i]);
+ 	if (isClient) {
+ 	    my ($cmd,$cdom) = split(/:/,$userinput);
+ 	    my $outcome = &localenroll::run($cdom);
+ 	    print $client "$outcome\n";
+ 	} else {
+ 	    print $client "0\n";
  	}
+ #------------------------------- get official sections (for auto-enrollment).
- 	$oldfh->close;
+     } elsif ($userinput =~/^autogetsections:/) {
- 	$newfh->close;
+ 	if (isClient) {
+ 	    my ($cmd,$coursecode,$cdom)=split(/:/,$userinput);
- 	chmod(0660, $newfile);
+ 	    my @secs = &localenroll::get_sections($coursecode,$cdom);
+ 	    my $seclist = &escape(join(':',@secs));
- 	return 1;
+ 	    print $client "$seclist\n";
+ 	} else {
-     } else {
+ 	    print $client "refused\n";
- 	return 0;
+ 	}
-     }
+ #----------------------- validate owner of new course section (for auto-enrollment).
- }
+     } elsif ($userinput =~/^autonewcourse:/) {
- #
+ 	if (isClient) {
- #  Host files are passed out with externally visible host IPs.
+ 	    my ($cmd,$inst_course_id,$owner,$cdom)=split(/:/,$userinput);
- #  If, for example, we are behind a fire-wall or NAT host, our
+ 	    my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
- #  internally visible IP may be different than the externally
+ 	    print $client "$outcome\n";
- #  visible IP.  Therefore, we always adjust the contents of the
+ 	} else {
- #  host file so that the entry for ME is the IP that we believe
+ 	    print $client "refused\n";
- #  we have.  At present, this is defined as the entry that
+ 	}
- #  DNS has for us.  If by some chance we are not able to get a
+ #-------------- validate course section in schedule of classes (for auto-enrollment).
- #  DNS translation for us, then we assume that the host.tab file
+     } elsif ($userinput =~/^autovalidatecourse:/) {
- #  is correct.
+ 	if (isClient) {
- #    BUGBUGBUG - in the future, we really should see if we can
+ 	    my ($cmd,$inst_course_id,$cdom)=split(/:/,$userinput);
- #       easily query the interface(s) instead.
+ 	    my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
- # Parameter(s):
+ 	    print $client "$outcome\n";
- #     contents    - The contents of the host.tab to check.
+ 	} else {
- # Returns:
+ 	    print $client "refused\n";
- #     newcontents - The adjusted contents.
+ 	}
- #
+ #--------------------------- create password for new user (for auto-enrollment).
- #
+     } elsif ($userinput =~/^autocreatepassword:/) {
- sub AdjustHostContents {
+ 	if (isClient) {
-     my $contents  = shift;
+ 	    my ($cmd,$authparam,$cdom)=split(/:/,$userinput);
-     my $adjusted;
+ 	    my ($create_passwd,$authchk);
-     my $me        = $perlvar{'lonHostID'};
+ 	    ($authparam,$create_passwd,$authchk) = &localenroll::create_password($authparam,$cdom);
+ 	    print $client &escape($authparam.':'.$create_passwd.':'.$authchk)."\n";
-     foreach my $line (split(/\n/,$contents)) {
+ 	} else {
- 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+ 	    print $client "refused\n";
- 	    chomp($line);
+ 	}
- 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+ #---------------------------  read and remove temporary files (for auto-enrollment).
- 	    if ($id eq $me) {
+     } elsif ($userinput =~/^autoretrieve:/) {
- 		my $ip = gethostbyname($name);
+ 	if (isClient) {
- 		my $ipnew = inet_ntoa($ip);
+ 	    my ($cmd,$filename) = split(/:/,$userinput);
- 		$ip = $ipnew;
+ 	    my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
- 		#  Reconstruct the host line and append to adjusted:
+ 	    if ( (-e $source) && ($filename ne '') ) {
+ 		my $reply = '';
- 		my $newline = "$id:$domain:$role:$name:$ip";
+ 		if (open(my $fh,$source)) {
- 		if($maxcon ne "") { # Not all hosts have loncnew tuning params
+ 		    while (<$fh>) {
- 		    $newline .= ":$maxcon:$idleto:$mincon";
+ 			chomp($_);
+ 			$_ =~ s/^\s+//g;
+ 			$_ =~ s/\s+$//g;
+ 			$reply .= $_;
+ 		    }
+ 		    close($fh);
+ 		    print $client &escape($reply)."\n";
+ #                                unlink($source);
+ 		} else {
+ 		    print $client "error\n";
  		}
- 		$adjusted .= $newline."\n";
+ 	    } else {
+ 		print $client "error\n";
- 	    } else {		# Not me, pass unmodified.
- 		$adjusted .= $line."\n";
  	    }
- 	} else {                  # Blank or comment never re-written.
+ 	} else {
- 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
+ 	    print $client "refused\n";
  	}
+ #---------------------  read and retrieve institutional code format (for support form).
+     } elsif ($userinput =~/^autoinstcodeformat:/) {
+ 	if (isClient) {
+ 	    my $reply;
+ 	    my($cmd,$cdom,$course) = split(/:/,$userinput);
+ 	    my @pairs = split/\&/,$course;
+ 	    my %instcodes = ();
+ 	    my %codes = ();
+ 	    my @codetitles = ();
+ 	    my %cat_titles = ();
+ 	    my %cat_order = ();
+ 	    foreach (@pairs) {
+ 		my ($key,$value) = split/=/,$_;
+ 		$instcodes{&unescape($key)} = &unescape($value);
+ 	    }
+ 	    my $formatreply = &localenroll::instcode_format($cdom,\%instcodes,\%codes,\@codetitles,\%cat_titles,\%cat_order);
+ 	    if ($formatreply eq 'ok') {
+ 		my $codes_str = &hash2str(%codes);
+ 		my $codetitles_str = &array2str(@codetitles);
+ 		my $cat_titles_str = &hash2str(%cat_titles);
+ 		my $cat_order_str = &hash2str(%cat_order);
+ 		print $client $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'.$cat_order_str."\n";
+ 	    }
+ 	} else {
+ 	    print $client "refused\n";
+ 	}
+ # ------------------------------------------------------------- unknown command
+     } else {
+ 	# unknown command
+ 	print $client "unknown_cmd\n";
      }
-     return $adjusted;
+ # -------------------------------------------------------------------- complete
- }
+     Debug("process_request - returning 1");
- #
- #   InstallFile: Called to install an administrative file:
- #       - The file is created with <name>.tmp
- #       - The <name>.tmp file is then mv'd to <name>
- #   This lugubrious procedure is done to ensure that we are never without
- #   a valid, even if dated, version of the file regardless of who crashes
- #   and when the crash occurs.
- #
- #  Parameters:
- #       Name of the file
- #       File Contents.
- #  Return:
- #      nonzero - success.
- #      0       - failure and $! has an errno.
- #
- sub InstallFile {
-     my $Filename = shift;
-     my $Contents = shift;
-     my $TempFile = $Filename.".tmp";
-     #  Open the file for write:
-     my $fh = IO::File->new("> $TempFile"); # Write to temp.
-     if(!(defined $fh)) {
- 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
- 	return 0;
-     }
-     #  write the contents of the file:
-     print $fh ($Contents);
-     $fh->close;			# In case we ever have a filesystem w. locking
-     chmod(0660, $TempFile);
-     # Now we can move install the file in position.
-     move($TempFile, $Filename);
      return 1;
  }
  #
- #   ConfigFileFromSelector: converts a configuration file selector
+ #   Decipher encoded traffic
- #                 (one of host or domain at this point) into a
- #                 configuration file pathname.
- #
  #  Parameters:
- #      selector  - Configuration file selector.
+ #     input      - Encoded data.
- #  Returns:
- #      Full path to the file or undef if the selector is invalid.
- #
- sub ConfigFileFromSelector {
-     my $selector   = shift;
-     my $tablefile;
-     my $tabledir = $perlvar{'lonTabDir'}.'/';
-     if ($selector eq "hosts") {
- 	$tablefile = $tabledir."hosts.tab";
-     } elsif ($selector eq "domain") {
- 	$tablefile = $tabledir."domain.tab";
-     } else {
- 	return undef;
-     }
-     return $tablefile;
- }
- #
- #   PushFile:  Called to do an administrative push of a file.
- #              - Ensure the file being pushed is one we support.
- #              - Backup the old file to <filename.saved>
- #              - Separate the contents of the new file out from the
- #                rest of the request.
- #              - Write the new file.
- #  Parameter:
- #     Request - The entire user request.  This consists of a : separated
- #               string pushfile:tablename:contents.
- #     NOTE:  The contents may have :'s in it as well making things a bit
- #            more interesting... but not much.
  #  Returns:
- #     String to send to client ("ok" or "refused" if bad file).
+ #     Decoded data or undef if encryption key was not yet negotiated.
+ #  Implicit input:
+ #     cipher  - This global holds the negotiated encryption key.
  #
- sub PushFile {
+ sub decipher {
-     my $request = shift;
+     my ($input)  = @_;
-     my ($command, $filename, $contents) = split(":", $request, 3);
+     my $output = '';
-     #  At this point in time, pushes for only the following tables are
-     #  supported:
-     #   hosts.tab  ($filename eq host).
-     #   domain.tab ($filename eq domain).
-     # Construct the destination filename or reject the request.
-     #
-     # lonManage is supposed to ensure this, however this session could be
-     # part of some elaborate spoof that managed somehow to authenticate.
-     #
-     my $tablefile = ConfigFileFromSelector($filename);
-     if(! (defined $tablefile)) {
- 	return "refused";
-     }
-     #
-     # >copy< the old table to the backup table
-     #        don't rename in case system crashes/reboots etc. in the time
-     #        window between a rename and write.
-     #
-     my $backupfile = $tablefile;
-     $backupfile    =~ s/\.tab$/.old/;
-     if(!CopyFile($tablefile, $backupfile)) {
- 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
- 	return "error:$!";
-     }
-     &logthis('<font color="green"> Pushfile: backed up '
- 	     .$tablefile." to $backupfile</font>");
-     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+     if($cipher) {
-     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+ 	my($enc, $enclength, $encinput) = split(/:/, $input);
-     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
+ 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
-     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+ 	    $output .=
-     #  that possibilty.
+ 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
-     if($filename eq "host") {
- 	$contents = AdjustHostContents($contents);
-     }
-     #  Install the new file:
-     if(!InstallFile($tablefile, $contents)) {
- 	&logthis('<font color="red"> Pushfile: unable to install '
- 		 .$tablefile." $! </font>");
- 	return "error:$!";
-     } else {
- 	&logthis('<font color="green"> Installed new '.$tablefile
- 		 ."</font>");
-     }
-     #  Indicate success:
-     return "ok";
- }
- #
- #  Called to re-init either lonc or lond.
- #
- #  Parameters:
- #    request   - The full request by the client.  This is of the form
- #                reinit:<process>
- #                where <process> is allowed to be either of
- #                lonc or lond
- #
- #  Returns:
- #     The string to be sent back to the client either:
- #   ok         - Everything worked just fine.
- #   error:why  - There was a failure and why describes the reason.
- #
- #
- sub ReinitProcess {
-     my $request = shift;
-     # separate the request (reinit) from the process identifier and
-     # validate it producing the name of the .pid file for the process.
-     #
-     #
-     my ($junk, $process) = split(":", $request);
-     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
-     if($process eq 'lonc') {
- 	$processpidfile = $processpidfile."lonc.pid";
- 	if (!open(PIDFILE, "< $processpidfile")) {
- 	    return "error:Open failed for $processpidfile";
  	}
- 	my $loncpid = <PIDFILE>;
+ 	return substr($output, 0, $enclength);
- 	close(PIDFILE);
- 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
- 		."</font>");
- 	kill("USR2", $loncpid);
-     } elsif ($process eq 'lond') {
- 	logthis('<font color="red"> Reinitializing self (lond) </font>');
- 	&UpdateHosts;			# Lond is us!!
      } else {
- 	&logthis('<font color="yellow" Invalid reinit request for '.$process
+ 	return undef;
- 		 ."</font>");
- 	return "error:Invalid process identifier $process";
      }
-     return 'ok';
  }
- #   Validate a line in a configuration file edit script:
- #   Validation includes:
- #     - Ensuring the command is valid.
- #     - Ensuring the command has sufficient parameters
- #   Parameters:
- #     scriptline - A line to validate (\n has been stripped for what it's worth).
- #
- #   Return:
- #      0     - Invalid scriptline.
- #      1     - Valid scriptline
- #  NOTE:
- #     Only the command syntax is checked, not the executability of the
- #     command.
- #
- sub isValidEditCommand {
-     my $scriptline = shift;
-     #   Line elements are pipe separated:
-     my ($command, $key, $newline)  = split(/\|/, $scriptline);
-     &logthis('<font color="green"> isValideditCommand checking: '.
- 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
-     if ($command eq "delete") {
- 	#
- 	#   key with no newline.
- 	#
- 	if( ($key eq "") || ($newline ne "")) {
- 	    return 0;		# Must have key but no newline.
- 	} else {
- 	    return 1;		# Valid syntax.
- 	}
-     } elsif ($command eq "replace") {
- 	#
- 	#   key and newline:
- 	#
- 	if (($key eq "") || ($newline eq "")) {
- 	    return 0;
- 	} else {
- 	    return 1;
- 	}
-     } elsif ($command eq "append") {
- 	if (($key ne "") && ($newline eq "")) {
- 	    return 1;
- 	} else {
- 	    return 0;
- 	}
-     } else {
- 	return 0;		# Invalid command.
-     }
-     return 0;			# Should not get here!!!
- }
  #
- #   ApplyEdit - Applies an edit command to a line in a configuration
+ #   Register a command processor.  This function is invoked to register a sub
- #               file.  It is the caller's responsiblity to validate the
+ #   to process a request.  Once registered, the ProcessRequest sub can automatically
- #               edit line.
+ #   dispatch requests to an appropriate sub, and do the top level validity checking
+ #   as well:
+ #    - Is the keyword recognized.
+ #    - Is the proper client type attempting the request.
+ #    - Is the request encrypted if it has to be.
  #   Parameters:
- #      $directive - A single edit directive to apply.
+ #    $request_name         - Name of the request being registered.
- #                   Edit directives are of the form:
+ #                           This is the command request that will match
- #                  append|newline      - Appends a new line to the file.
+ #                           against the hash keywords to lookup the information
- #                  replace|key|newline - Replaces the line with key value 'key'
+ #                           associated with the dispatch information.
- #                  delete|key          - Deletes the line with key value 'key'.
+ #    $procedure           - Reference to a sub to call to process the request.
- #      $editor   - A config file editor object that contains the
+ #                           All subs get called as follows:
- #                  file being edited.
+ #                             Procedure($cmd, $tail, $replyfd, $key)
+ #                             $cmd    - the actual keyword that invoked us.
+ #                             $tail   - the tail of the request that invoked us.
+ #                             $replyfd- File descriptor connected to the client
+ #    $must_encode          - True if the request must be encoded to be good.
+ #    $client_ok            - True if it's ok for a client to request this.
+ #    $manager_ok           - True if it's ok for a manager to request this.
+ # Side effects:
+ #      - On success, the Dispatcher hash has an entry added for the key $RequestName
+ #      - On failure, the program will die as it's a bad internal bug to try to
+ #        register a duplicate command handler.
  #
- sub ApplyEdit {
+ sub register_handler {
-     my $directive   = shift;
+     my ($request_name,$procedure,$must_encode,	$client_ok,$manager_ok)   = @_;
-     my $editor      = shift;
-     # Break the directive down into its command and its parameters
+     #  Don't allow duplication#
-     # (at most two at this point.  The meaning of the parameters, if in fact
-     #  they exist depends on the command).
+     if (defined $Dispatcher{$request_name}) {
+ 	die "Attempting to define a duplicate request handler for $request_name\n";
-     my ($command, $p1, $p2) = split(/\|/, $directive);
-     if($command eq "append") {
- 	$editor->Append($p1);	          # p1 - key p2 null.
-     } elsif ($command eq "replace") {
- 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
-     } elsif ($command eq "delete") {
- 	$editor->DeleteLine($p1);         # p1 - key p2 null.
-     } else {			          # Should not get here!!!
- 	die "Invalid command given to ApplyEdit $command";
      }
- }
+     #   Build the client type mask:
- #
- # AdjustOurHost:
+     my $client_type_mask = 0;
- #           Adjusts a host file stored in a configuration file editor object
+     if($client_ok) {
- #           for the true IP address of this host. This is necessary for hosts
+ 	$client_type_mask  |= $CLIENT_OK;
- #           that live behind a firewall.
- #           Those hosts have a publicly distributed IP of the firewall, but
- #           internally must use their actual IP.  We assume that a given
- #           host only has a single IP interface for now.
- # Formal Parameters:
- #     editor   - The configuration file editor to adjust.  This
- #                editor is assumed to contain a hosts.tab file.
- # Strategy:
- #    - Figure out our hostname.
- #    - Lookup the entry for this host.
- #    - Modify the line to contain our IP
- #    - Do a replace for this host.
- sub AdjustOurHost {
-     my $editor        = shift;
-     # figure out who I am.
-     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
-     #  Get my host file entry.
-     my $ConfigLine    = $editor->Find($myHostName);
-     if(! (defined $ConfigLine)) {
- 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
      }
-     # figure out my IP:
+     if($manager_ok) {
-     #   Use the config line to get my hostname.
+ 	$client_type_mask  |= $MANAGER_OK;
-     #   Use gethostbyname to translate that into an IP address.
-     #
-     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
-     my $BinaryIp = gethostbyname($name);
-     my $ip       = inet_ntoa($ip);
-     #
-     #  Reassemble the config line from the elements in the list.
-     #  Note that if the loncnew items were not present before, they will
-     #  be now even if they would be empty
-     #
-     my $newConfigLine = $id;
-     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
- 	$newConfigLine .= ":".$item;
      }
-     #  Replace the line:
+     #  Enter the hash:
-     $editor->ReplaceLine($id, $newConfigLine);
+     my @entry = ($procedure, $must_encode, $client_type_mask);
- }
- #
+     $Dispatcher{$request_name} = \@entry;
- #   ReplaceConfigFile:
- #              Replaces a configuration file with the contents of a
- #              configuration file editor object.
- #              This is done by:
- #              - Copying the target file to <filename>.old
- #              - Writing the new file to <filename>.tmp
- #              - Moving <filename.tmp>  -> <filename>
- #              This laborious process ensures that the system is never without
- #              a configuration file that's at least valid (even if the contents
- #              may be dated).
- #   Parameters:
- #        filename   - Name of the file to modify... this is a full path.
- #        editor     - Editor containing the file.
- #
- sub ReplaceConfigFile {
-     my $filename  = shift;
-     my $editor    = shift;
-     CopyFile ($filename, $filename.".old");
-     my $contents  = $editor->Get(); # Get the contents of the file.
-     InstallFile($filename, $contents);
  }
- #
- #
- #   Called to edit a configuration table  file
- #   Parameters:
- #      request           - The entire command/request sent by lonc or lonManage
- #   Return:
- #      The reply to send to the client.
- #
- sub EditFile {
-     my $request = shift;
-     #  Split the command into it's pieces:  edit:filetype:script
-     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
-     #  Check the pre-coditions for success:
-     if($request != "edit") {	# Something is amiss afoot alack.
- 	return "error:edit request detected, but request != 'edit'\n";
-     }
-     if( ($filetype ne "hosts")  &&
- 	($filetype ne "domain")) {
- 	return "error:edit requested with invalid file specifier: $filetype \n";
-     }
-     #   Split the edit script and check it's validity.
+ #------------------------------------------------------------------
-     my @scriptlines = split(/\n/, $script);  # one line per element.
-     my $linecount   = scalar(@scriptlines);
-     for(my $i = 0; $i < $linecount; $i++) {
- 	chomp($scriptlines[$i]);
- 	if(!isValidEditCommand($scriptlines[$i])) {
- 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
- 	}
-     }
-     #   Execute the edit operation.
-     #   - Create a config file editor for the appropriate file and
-     #   - execute each command in the script:
-     #
-     my $configfile = ConfigFileFromSelector($filetype);
-     if (!(defined $configfile)) {
- 	return "refused\n";
-     }
-     my $editor = ConfigFileEdit->new($configfile);
-     for (my $i = 0; $i < $linecount; $i++) {
- 	ApplyEdit($scriptlines[$i], $editor);
-     }
-     # If the file is the host file, ensure that our host is
-     # adjusted to have our ip:
-     #
-     if($filetype eq "host") {
- 	AdjustOurHost($editor);
-     }
-     #  Finally replace the current file with our file.
-     #
-     ReplaceConfigFile($configfile, $editor);
-     return "ok\n";
- }
  #
  #  Convert an error return code from lcpasswd to a string value.
  #
- Line 3457  sub catchexception {
+ Line 3143  sub catchexception {
      $SIG{'QUIT'}='DEFAULT';
      $SIG{__DIE__}='DEFAULT';
      &status("Catching exception");
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
- 	     ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
+      ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
- 	     ."a crash with this error msg->[$error]</font>");
+      ."a crash with this error msg->[$error]</font>");
      &logthis('Famous last words: '.$status.' - '.$lastlog);
      if ($client) { print $client "error: $error\n"; }
      $server->close();
- Line 3468  sub catchexception {
+ Line 3154  sub catchexception {
  sub timeout {
      &status("Handling Timeout");
-     &logthis("<font color=ref>CRITICAL: TIME OUT ".$$."</font>");
+     &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
      &catchexception('Timeout');
  }
  # -------------------------------- Set signal handlers to record abnormal exits
- Line 3485  undef $perlvarref;
+ Line 3171  undef $perlvarref;
  # ----------------------------- Make sure this process is running from user=www
  my $wwwid=getpwnam('www');
  if ($wwwid!=$<) {
-     my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
-     my $subj="LON: $currenthostid User ID mismatch";
+    my $subj="LON: $currenthostid User ID mismatch";
-     system("echo 'User ID mismatch.  lond must be run as user www.' |\
+    system("echo 'User ID mismatch.  lond must be run as user www.' |\
   mailto $emailto -s '$subj' > /dev/null");
-     exit 1;
+    exit 1;
  }
  # --------------------------------------------- Check if other instance running
- Line 3497  if ($wwwid!=$<) {
+ Line 3183  if ($wwwid!=$<) {
  my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
  if (-e $pidfile) {
-     my $lfh=IO::File->new("$pidfile");
+    my $lfh=IO::File->new("$pidfile");
-     my $pide=<$lfh>;
+    my $pide=<$lfh>;
-     chomp($pide);
+    chomp($pide);
-     if (kill 0 => $pide) { die "already running"; }
+    if (kill 0 => $pide) { die "already running"; }
  }
  # ------------------------------------------------------------- Read hosts file
- Line 3513  $server = IO::Socket::INET->new(LocalPor
+ Line 3199  $server = IO::Socket::INET->new(LocalPor
                                  Proto     => 'tcp',
                                  Reuse     => 1,
                                  Listen    => 10 )
-     or die "making socket: $@\n";
+   or die "making socket: $@\n";
  # --------------------------------------------------------- Do global variables
  # global variables
  my %children               = ();       # keys are current child process IDs
- my $children               = 0;        # current number of children
  sub REAPER {                        # takes care of dead children
      $SIG{CHLD} = \&REAPER;
      &status("Handling child death");
-     my $pid = wait;
+     my $pid;
-     if (defined($children{$pid})) {
+     do {
- 	&logthis("Child $pid died");
+ 	$pid = waitpid(-1,&WNOHANG());
- 	$children --;
+ 	if (defined($children{$pid})) {
- 	delete $children{$pid};
+ 	    &logthis("Child $pid died");
-     } else {
+ 	    delete($children{$pid});
- 	&logthis("Unknown Child $pid died");
+ 	} elsif ($pid > 0) {
+ 	    &logthis("Unknown Child $pid died");
+ 	}
+     } while ( $pid > 0 );
+     foreach my $child (keys(%children)) {
+ 	$pid = waitpid($child,&WNOHANG());
+ 	if ($pid > 0) {
+ 	    &logthis("Child $child - $pid looks like we missed it's death");
+ 	    delete($children{$pid});
+ 	}
      }
      &status("Finished Handling child death");
  }
- Line 3543  sub HUNTSMAN {                      # si
+ Line 3237  sub HUNTSMAN {                      # si
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
-     &logthis("<font color=red>CRITICAL: Shutting down</font>");
+     &logthis("<font color='red'>CRITICAL: Shutting down</font>");
      &status("Done killing children");
      exit;                           # clean up with dignity
  }
- Line 3553  sub HUPSMAN {                      # sig
+ Line 3247  sub HUPSMAN {                      # sig
      &status("Killing children for restart (HUP)");
      kill 'INT' => keys %children;
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
-     &logthis("<font color=red>CRITICAL: Restarting</font>");
+     &logthis("<font color='red'>CRITICAL: Restarting</font>");
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
      &status("Restarting self (HUP)");
- Line 3563  sub HUPSMAN {                      # sig
+ Line 3257  sub HUPSMAN {                      # sig
  #
  #    Kill off hashes that describe the host table prior to re-reading it.
  #    Hashes affected are:
- #       %hostid, %hostdom %hostip
+ #       %hostid, %hostdom %hostip %hostdns.
  #
  sub KillHostHashes {
      foreach my $key (keys %hostid) {
- Line 3575  sub KillHostHashes {
+ Line 3269  sub KillHostHashes {
      foreach my $key (keys %hostip) {
  	delete $hostip{$key};
      }
+     foreach my $key (keys %hostdns) {
+ 	delete $hostdns{$key};
+     }
  }
  #
  #   Read in the host table from file and distribute it into the various hashes:
- Line 3585  sub KillHostHashes {
+ Line 3282  sub KillHostHashes {
  sub ReadHostTable {
      open (CONFIG,"$perlvar{'lonTabDir'}/hosts.tab") || die "Can't read host file";
+     my $myloncapaname = $perlvar{'lonHostID'};
+     Debug("My loncapa name is : $myloncapaname");
      while (my $configline=<CONFIG>) {
- 	my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
+ 	if (!($configline =~ /^\s*\#/)) {
- 	chomp($ip); $ip=~s/\D+$//;
+ 	    my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
- 	$hostid{$ip}=$id;
+ 	    chomp($ip); $ip=~s/\D+$//;
- 	$hostdom{$id}=$domain;
+ 	    $hostid{$ip}=$id;         # LonCAPA name of host by IP.
- 	$hostip{$id}=$ip;
+ 	    $hostdom{$id}=$domain;    # LonCAPA domain name of host.
- 	if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; }
+ 	    $hostip{$id}=$ip;	      # IP address of host.
+ 	    $hostdns{$name} = $id;    # LonCAPA name of host by DNS.
+ 	    if ($id eq $perlvar{'lonHostID'}) {
+ 		Debug("Found me in the host table: $name");
+ 		$thisserver=$name;
+ 	    }
+ 	}
      }
      close(CONFIG);
  }
- Line 3654  sub checkchildren {
+ Line 3359  sub checkchildren {
      &logthis('Going to check on the children');
      my $docdir=$perlvar{'lonDocRoot'};
      foreach (sort keys %children) {
- 	sleep 1;
+ 	#sleep 1;
          unless (kill 'USR1' => $_) {
  	    &logthis ('Child '.$_.' is dead');
              &logstatus($$.' is dead');
+ 	    delete($children{$_});
          }
      }
      sleep 5;
-     $SIG{ALRM} = sub { die "timeout" };
+     $SIG{ALRM} = sub { Debug("timeout");
+ 		       die "timeout";  };
      $SIG{__DIE__} = 'DEFAULT';
      &status("Checking on the children (waiting for reports)");
      foreach (sort keys %children) {
          unless (-e "$docdir/lon-status/londchld/$_.txt") {
- 	    eval {
+           eval {
- 		alarm(300);
+             alarm(300);
- 		&logthis('Child '.$_.' did not respond');
+ 	    &logthis('Child '.$_.' did not respond');
- 		kill 9 => $_;
+ 	    kill 9 => $_;
- 		#$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+ 	    #$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
- 		#$subj="LON: $currenthostid killed lond process $_";
+ 	    #$subj="LON: $currenthostid killed lond process $_";
- 		#my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
+ 	    #my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
- 		#$execdir=$perlvar{'lonDaemons'};
+ 	    #$execdir=$perlvar{'lonDaemons'};
- 		#$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
+ 	    #$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
- 		alarm(0);
+ 	    delete($children{$_});
- 	    }
+ 	    alarm(0);
+ 	  }
          }
      }
      $SIG{ALRM} = 'DEFAULT';
      $SIG{__DIE__} = \&catchexception;
      &status("Finished checking children");
+     &logthis('Finished Checking children');
  }
  # --------------------------------------------------------------------- Logging
- Line 3712  sub Debug {
+ Line 3421  sub Debug {
  #     reply   - Text to send to client.
  #     request - Original request from client.
  #
- #  Note: This increments Transactions
- #
  sub Reply {
-     alarm(120);
+     my ($fd, $reply, $request) = @_;
-     my $fd      = shift;
-     my $reply   = shift;
-     my $request = shift;
      print $fd $reply;
      Debug("Request was $request  Reply was $reply");
      $Transactions++;
-     alarm(0);
  }
  #
  #    Sub to report a failure.
  #    This function:
- Line 3757  sub logstatus {
+ Line 3461  sub logstatus {
      &status("Doing logging");
      my $docdir=$perlvar{'lonDocRoot'};
      {
- 	my $fh=IO::File->new(">>$docdir/lon-status/londstatus.txt");
+ 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
- 	print $fh $$."\t".$currenthostid."\t".$status."\t".$lastlog."\n";
+         print $fh $status."\n".$lastlog."\n".time."\n$keymode";
- 	$fh->close();
+         $fh->close();
      }
-     &status("Finished londstatus.txt");
+     &status("Finished $$.txt");
      {
- 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
+ 	open(LOG,">>$docdir/lon-status/londstatus.txt");
- 	print $fh $status."\n".$lastlog."\n".time;
+ 	flock(LOG,LOCK_EX);
- 	$fh->close();
+ 	print LOG $$."\t".$clientname."\t".$currenthostid."\t"
+ 	    .$status."\t".$lastlog."\t $keymode\n";
+ 	flock(DB,LOCK_UN);
+ 	close(LOG);
      }
-     ResetStatistics;
      &status("Finished logging");
  }
  sub initnewstatus {
- Line 3791  sub status {
+ Line 3496  sub status {
      my $what=shift;
      my $now=time;
      my $local=localtime($now);
-     my $status = "lond: $what $local ";
+     $status=$local.': '.$what;
-     if($Transactions) {
+     $0='lond: '.$what.' '.$local;
- 	$status .= " Transactions: $Transactions Failed; $Failures";
-     }
-     $0=$status;
  }
  # -------------------------------------------------------- Escape Special Chars
- Line 3827  sub reconlonc {
+ Line 3529  sub reconlonc {
  	    &logthis("lonc at pid $loncpid responding, sending USR1");
              kill USR1 => $loncpid;
          } else {
- 	    &logthis("<font color=red>CRITICAL: "
+ 	    &logthis(
- 		     ."lonc at pid $loncpid not responding, giving up</font>");
+               "<font color='red'>CRITICAL: "
+              ."lonc at pid $loncpid not responding, giving up</font>");
          }
      } else {
- 	&logthis('<font color=red>CRITICAL: lonc not running, giving up</font>');
+       &logthis('<font color="red">CRITICAL: lonc not running, giving up</font>');
      }
  }
- Line 3843  sub subreply {
+ Line 3546  sub subreply {
      my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
                                        Type    => SOCK_STREAM,
                                        Timeout => 10)
- 	or return "con_lost";
+        or return "con_lost";
      print $sclient "$cmd\n";
      my $answer=<$sclient>;
      chomp($answer);
- Line 3852  sub subreply {
+ Line 3555  sub subreply {
  }
  sub reply {
-     my ($cmd,$server)=@_;
+   my ($cmd,$server)=@_;
-     my $answer;
+   my $answer;
-     if ($server ne $currenthostid) {
+   if ($server ne $currenthostid) {
- 	$answer=subreply($cmd,$server);
+     $answer=subreply($cmd,$server);
- 	if ($answer eq 'con_lost') {
+     if ($answer eq 'con_lost') {
- 	    $answer=subreply("ping",$server);
+ 	$answer=subreply("ping",$server);
- 	    if ($answer ne $server) {
+         if ($answer ne $server) {
- 		&logthis("sub reply: answer != server answer is $answer, server is $server");
+ 	    &logthis("sub reply: answer != server answer is $answer, server is $server");
- 		&reconlonc("$perlvar{'lonSockDir'}/$server");
+            &reconlonc("$perlvar{'lonSockDir'}/$server");
- 	    }
+         }
- 	    $answer=subreply($cmd,$server);
+         $answer=subreply($cmd,$server);
- 	}
+     }
-     } else {
+   } else {
- 	$answer='self_reply';
+     $answer='self_reply';
-     }
+   }
-     return $answer;
+   return $answer;
  }
  # -------------------------------------------------------------- Talk to lonsql
- Line 3886  sub subsqlreply {
+ Line 3589  sub subsqlreply {
      my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
                                        Type    => SOCK_STREAM,
                                        Timeout => 10)
- 	or return "con_lost";
+        or return "con_lost";
      print $sclient "$cmd\n";
      my $answer=<$sclient>;
      chomp($answer);
- Line 3935  my $execdir=$perlvar{'lonDaemons'};
+ Line 3638  my $execdir=$perlvar{'lonDaemons'};
  open (PIDSAVE,">$execdir/logs/lond.pid");
  print PIDSAVE "$$\n";
  close(PIDSAVE);
- &logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
+ &logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
  &status('Starting');
- Line 3953  $SIG{USR2} = \&UpdateHosts;
+ Line 3656  $SIG{USR2} = \&UpdateHosts;
  ReadHostTable;
  # --------------------------------------------------------------
  #   Accept connections.  When a connection comes in, it is validated
  #   and if good, a child process is created to process transactions
- Line 3969  while (1) {
+ Line 3671  while (1) {
  sub make_new_child {
      my $pid;
+ #    my $cipher;     # Now global
      my $sigset;
      $client = shift;
- Line 3979  sub make_new_child {
+ Line 3682  sub make_new_child {
      $sigset = POSIX::SigSet->new(SIGINT);
      sigprocmask(SIG_BLOCK, $sigset)
          or die "Can't block SIGINT for fork: $!\n";
      die "fork: $!" unless defined ($pid = fork);
      $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
- Line 3990  sub make_new_child {
+ Line 3693  sub make_new_child {
      #  the pid hash.
      #
      my $caller = getpeername($client);
-     my ($port,$iaddr)=unpack_sockaddr_in($caller);
+     my ($port,$iaddr);
-     $clientip=inet_ntoa($iaddr);
+     if (defined($caller) && length($caller) > 0) {
+ 	($port,$iaddr)=unpack_sockaddr_in($caller);
+     } else {
+ 	&logthis("Unable to determine who caller was, getpeername returned nothing");
+     }
+     if (defined($iaddr)) {
+ 	$clientip  = inet_ntoa($iaddr);
+ 	Debug("Connected with $clientip");
+ 	$clientdns = gethostbyaddr($iaddr, AF_INET);
+ 	Debug("Connected with $clientdns by name");
+     } else {
+ 	&logthis("Unable to determine clientip");
+ 	$clientip='Unavailable';
+     }
      if ($pid) {
          # Parent records the child's birth and returns.
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
          $children{$pid} = $clientip;
-         $children++;
          &status('Started child '.$pid);
          return;
      } else {
- Line 4015  sub make_new_child {
+ Line 3730  sub make_new_child {
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
+ #        my $tmpsnum=0;            # Now global
+ #---------------------------------------------------- kerberos 5 initialization
          &Authen::Krb5::init_context();
          &Authen::Krb5::init_ets();
  	&status('Accepted connection');
  # =============================================================================
              # do something with the connection
  # -----------------------------------------------------------------------------
- 	# see if we know client and check for spoof IP by challenge
+ 	# see if we know client and 'check' for spoof IP by ineffective challenge
  	ReadManagerTable;	# May also be a manager!!
- Line 4042  sub make_new_child {
+ Line 3757  sub make_new_child {
  	    $clientname = $managers{$clientip};
  	}
  	my $clientok;
  	if ($clientrec || $ismanager) {
  	    &status("Waiting for init from $clientip $clientname");
  	    &logthis('<font color="yellow">INFO: Connection, '.
  		     $clientip.
- 		     " ($clientname) connection type = $ConnectionType </font>" );
+ 		  " ($clientname) connection type = $ConnectionType </font>" );
  	    &status("Connecting $clientip  ($clientname))");
  	    my $remotereq=<$client>;
- 	    $remotereq=~s/[^\w:]//g;
+ 	    chomp($remotereq);
+ 	    Debug("Got init: $remotereq");
+ 	    my $inikeyword = split(/:/, $remotereq);
  	    if ($remotereq =~ /^init/) {
  		&sethost("sethost:$perlvar{'lonHostID'}");
- 		my $challenge="$$".time;
+ 		#
- 		print $client "$challenge\n";
+ 		#  If the remote is attempting a local init... give that a try:
- 		&status("Waiting for challenge reply from $clientip ($clientname)");
+ 		#
- 		$remotereq=<$client>;
+ 		my ($i, $inittype) = split(/:/, $remotereq);
- 		$remotereq=~s/\W//g;
- 		if ($challenge eq $remotereq) {
+ 		# If the connection type is ssl, but I didn't get my
- 		    $clientok=1;
+ 		# certificate files yet, then I'll drop  back to
- 		    print $client "ok\n";
+ 		# insecure (if allowed).
+ 		if($inittype eq "ssl") {
+ 		    my ($ca, $cert) = lonssl::CertificateFile;
+ 		    my $kfile       = lonssl::KeyFile;
+ 		    if((!$ca)   ||
+ 		       (!$cert) ||
+ 		       (!$kfile)) {
+ 			$inittype = ""; # This forces insecure attempt.
+ 			&logthis("<font color=\"blue\"> Certificates not "
+ 				 ."installed -- trying insecure auth</font>");
+ 		    } else {	# SSL certificates are in place so
+ 		    }		# Leave the inittype alone.
+ 		}
+ 		if($inittype eq "local") {
+ 		    my $key = LocalConnection($client, $remotereq);
+ 		    if($key) {
+ 			Debug("Got local key $key");
+ 			$clientok     = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			print $client "ok:local\n";
+ 			&logthis('<font color="green"'
+ 				 . "Successful local authentication </font>");
+ 			$keymode = "local"
+ 		    } else {
+ 			Debug("Failed to get local key");
+ 			$clientok = 0;
+ 			shutdown($client, 3);
+ 			close $client;
+ 		    }
+ 		} elsif ($inittype eq "ssl") {
+ 		    my $key = SSLConnection($client);
+ 		    if ($key) {
+ 			$clientok = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			&logthis('<font color="green">'
+ 				 ."Successfull ssl authentication with $clientname </font>");
+ 			$keymode = "ssl";
+ 		    } else {
+ 			$clientok = 0;
+ 			close $client;
+ 		    }
  		} else {
- 		    &logthis("<font color=blue>WARNING: $clientip did not reply challenge</font>");
+ 		    my $ok = InsecureConnection($client);
- 		    &status('No challenge reply '.$clientip);
+ 		    if($ok) {
+ 			$clientok = 1;
+ 			&logthis('<font color="green">'
+ 				 ."Successful insecure authentication with $clientname </font>");
+ 			print $client "ok\n";
+ 			$keymode = "insecure";
+ 		    } else {
+ 			&logthis('<font color="yellow">'
+ 				  ."Attempted insecure connection disallowed </font>");
+ 			close $client;
+ 			$clientok = 0;
+ 		    }
  		}
  	    } else {
- 		&logthis("<font color=blue>WARNING: "
+ 		&logthis(
+ 			 "<font color='blue'>WARNING: "
  			 ."$clientip failed to initialize: >$remotereq< </font>");
  		&status('No init '.$clientip);
  	    }
  	} else {
- 	    &logthis("<font color=blue>WARNING: Unknown client $clientip</font>");
+ 	    &logthis(
+ 		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
  	    &status('Hung up on '.$clientip);
  	}
  	if ($clientok) {
  # ---------------- New known client connecting, could mean machine online again
- Line 4084  sub make_new_child {
+ Line 3864  sub make_new_child {
  		}
  		&reconlonc("$perlvar{'lonSockDir'}/$id");
  	    }
- 	    &logthis("<font color=green>Established connection: $clientname</font>");
+ 	    &logthis("<font color='green'>Established connection: $clientname</font>");
  	    &status('Will listen to '.$clientname);
- 	    ResetStatistics();
  # ------------------------------------------------------------ Process requests
- 	    my $KeepGoing = 1;
+ 	    my $keep_going = 1;
- 	    while ((my $userinput=GetRequest) && $KeepGoing) {
+ 	    my $user_input;
- 		$KeepGoing = ProcessRequest($userinput);
+ 	    while(($user_input = get_request) && $keep_going) {
- # -------------------------------------------------------------------- complete
+ 		alarm(120);
+ 		Debug("Main: Got $user_input\n");
- 		&status('Listening to '.$clientname);
+ 		$keep_going = &process_request($user_input);
+ 		alarm(0);
+ 		&status('Listening to '.$clientname." ($keymode)");
  	    }
  # --------------------------------------------- client unknown or fishy, refuse
- 	} else {
+ 	}  else {
  	    print $client "refused\n";
  	    $client->close();
- 	    &logthis("<font color=blue>WARNING: "
+ 	    &logthis("<font color='blue'>WARNING: "
  		     ."Rejected client $clientip, closing connection</font>");
  	}
      }
  # =============================================================================
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
  	     ."Disconnect from $clientip ($clientname)</font>");
- Line 4131  sub make_new_child {
+ Line 3911  sub make_new_child {
  #    user      - Name of the user for which the role is being put.
  #    authtype  - The authentication type associated with the user.
  #
- sub ManagePermissions {
+ sub ManagePermissions
-     my $request = shift;
+ {
-     my $domain  = shift;
-     my $user    = shift;
+     my ($request, $domain, $user, $authtype) = @_;
-     my $authtype= shift;
      # See if the request is of the form /$domain/_au
-     &logthis("ruequest is $request");
      if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
  	my $execdir = $perlvar{'lonDaemons'};
  	my $userhome= "/home/$user" ;
- Line 4147  sub ManagePermissions {
+ Line 3925  sub ManagePermissions {
      }
  }
  #
  #  Return the full path of a user password file, whether it exists or not.
  # Parameters:
- Line 4155  sub ManagePermissions {
+ Line 3934  sub ManagePermissions {
  # Returns:
  #    Full passwd path:
  #
- sub PasswordPath {
+ sub password_path {
-     my $domain = shift;
+     my ($domain, $user) = @_;
-     my $user   = shift;
      my $path   = &propath($domain, $user);
-     my $path  .= "/passwd";
+     $path  .= "/passwd";
      return $path;
  }
- Line 4175  sub PasswordPath {
+ Line 3954  sub PasswordPath {
  #   - If the password file exists returns its path.
  #   - If the password file does not exist, returns undefined.
  #
- sub PasswordFilename {
+ sub password_filename {
-     my $domain    = shift;
+     my ($domain, $user) = @_;
-     my $user      = shift;
-     my $path  = PasswordPath($domain, $user);
+     Debug ("PasswordFilename called: dom = $domain user = $user");
+     my $path  = &password_path($domain, $user);
+     Debug("PasswordFilename got path: $path");
      if(-e $path) {
  	return $path;
      } else {
- Line 4198  sub PasswordFilename {
+ Line 3978  sub PasswordFilename {
  #   0    - Failed.
  #   1    - Success.
  #
- sub RewritePwFile {
+ sub rewrite_password_file {
-     my $domain   = shift;
+     my ($domain, $user, $contents) = @_;
-     my $user     = shift;
-     my $contents = shift;
-     my $file = PasswordFilename($domain, $user);
+     my $file = &password_filename($domain, $user);
      if (defined $file) {
  	my $pf = IO::File->new(">$file");
  	if($pf) {
- Line 4217  sub RewritePwFile {
+ Line 3995  sub RewritePwFile {
      }
  }
  #
- #   GetAuthType - Determines the authorization type of a user in a domain.
+ #   get_auth_type - Determines the authorization type of a user in a domain.
  #     Returns the authorization type or nouser if there is no such user.
  #
- sub GetAuthType {
+ sub get_auth_type
-     my $domain = shift;
+ {
-     my $user   = shift;
+     my ($domain, $user)  = @_;
-     Debug("GetAuthType( $domain, $user ) \n");
-     my $passwdfile = PasswordFilename($domain, $user);
+     Debug("get_auth_type( $domain, $user ) \n");
-     if( defined $passwdfile ) {
+     my $proname    = &propath($domain, $user);
+     my $passwdfile = "$proname/passwd";
+     if( -e $passwdfile ) {
  	my $pf = IO::File->new($passwdfile);
  	my $realpassword = <$pf>;
  	chomp($realpassword);
  	Debug("Password info = $realpassword\n");
- 	return $realpassword;
+ 	my ($authtype, $contentpwd) = split(/:/, $realpassword);
+ 	Debug("Authtype = $authtype, content = $contentpwd\n");
+ 	my $availinfo = '';
+ 	if($authtype eq 'krb4' or $authtype eq 'krb5') {
+ 	    $availinfo = $contentpwd;
+ 	}
+ 	return "$authtype:$availinfo";
      } else {
  	Debug("Returning nouser");
  	return "nouser";
      }
  }
+ #
+ #  Validate a user given their domain, name and password.  This utility
+ #  function is used by both  AuthenticateHandler and ChangePasswordHandler
+ #  to validate the login credentials of a user.
+ # Parameters:
+ #    $domain    - The domain being logged into (this is required due to
+ #                 the capability for multihomed systems.
+ #    $user      - The name of the user being validated.
+ #    $password  - The user's propoposed password.
+ #
+ # Returns:
+ #     1        - The domain,user,pasword triplet corresponds to a valid
+ #                user.
+ #     0        - The domain,user,password triplet is not a valid user.
+ #
+ sub validate_user {
+     my ($domain, $user, $password) = @_;
+     # Why negative ~pi you may well ask?  Well this function is about
+     # authentication, and therefore very important to get right.
+     # I've initialized the flag that determines whether or not I've
+     # validated correctly to a value it's not supposed to get.
+     # At the end of this function. I'll ensure that it's not still that
+     # value so we don't just wind up returning some accidental value
+     # as a result of executing an unforseen code path that
+     # did not set $validated.
+     my $validated = -3.14159;
+     #  How we authenticate is determined by the type of authentication
+     #  the user has been assigned.  If the authentication type is
+     #  "nouser", the user does not exist so we will return 0.
+     my $contents = &get_auth_type($domain, $user);
+     my ($howpwd, $contentpwd) = split(/:/, $contents);
+     my $null = pack("C",0);	# Used by kerberos auth types.
+     if ($howpwd ne 'nouser') {
+ 	if($howpwd eq "internal") { # Encrypted is in local password file.
+ 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
+ 	}
+ 	elsif ($howpwd eq "unix") { # User is a normal unix user.
+ 	    $contentpwd = (getpwnam($user))[1];
+ 	    if($contentpwd) {
+ 		if($contentpwd eq 'x') { # Shadow password file...
+ 		    my $pwauth_path = "/usr/local/sbin/pwauth";
+ 		    open PWAUTH,  "|$pwauth_path" or
+ 			die "Cannot invoke authentication";
+ 		    print PWAUTH "$user\n$password\n";
+ 		    close PWAUTH;
+ 		    $validated = ! $?;
+ 		} else { 	         # Passwords in /etc/passwd.
+ 		    $validated = (crypt($password,
+ 					$contentpwd) eq $contentpwd);
+ 		}
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	}
+ 	elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain.
+ 	    if(! ($password =~ /$null/) ) {
+ 		my $k4error = &Authen::Krb4::get_pw_in_tkt($user,
+ 							   "",
+ 							   $contentpwd,,
+ 							   'krbtgt',
+ 							   $contentpwd,
+,
+ 							   $password);
+ 		if(!$k4error) {
+ 		    $validated = 1;
+ 		} else {
+ 		    $validated = 0;
+ 		    &logthis('krb4: '.$user.', '.$contentpwd.', '.
+ 			     &Authen::Krb4::get_err_txt($Authen::Krb4::error));
+ 		}
+ 	    } else {
+ 		$validated = 0; # Password has a match with null.
+ 	    }
+ 	} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain.
+ 	    if(!($password =~ /$null/)) { # Null password not allowed.
+ 		my $krbclient = &Authen::Krb5::parse_name($user.'@'
+ 							  .$contentpwd);
+ 		my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd;
+ 		my $krbserver  = &Authen::Krb5::parse_name($krbservice);
+ 		my $credentials= &Authen::Krb5::cc_default();
+ 		$credentials->initialize($krbclient);
+ 		my $krbreturn  = &Authen::KRb5::get_in_tkt_with_password($krbclient,
+ 									 $krbserver,
+ 									 $password,
+ 									 $credentials);
+ 		$validated = ($krbreturn == 1);
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	} elsif ($howpwd eq "localauth") {
+ 	    #  Authenticate via installation specific authentcation method:
+ 	    $validated = &localauth::localauth($user,
+ 					       $password,
+ 					       $contentpwd);
+ 	} else {			# Unrecognized auth is also bad.
+ 	    $validated = 0;
+ 	}
+     } else {
+ 	$validated = 0;
+     }
+     #
+     #  $validated has the correct stat of the authentication:
+     #
+     unless ($validated != -3.14159) {
+ 	die "ValidateUser - failed to set the value of validated";
+     }
+     return $validated;
+ }
  sub addline {
      my ($fname,$hostid,$ip,$newline)=@_;
      my $contents;
- Line 4324  sub chatadd {
+ Line 4232  sub chatadd {
  sub unsub {
      my ($fname,$clientip)=@_;
      my $result;
+     my $unsubs = 0;		# Number of successful unsubscribes:
+     # An old way subscriptions were handled was to have a
+     # subscription marker file:
+     Debug("Attempting unlink of $fname.$clientname");
      if (unlink("$fname.$clientname")) {
- 	$result="ok\n";
+ 	$unsubs++;		# Successful unsub via marker file.
-     } else {
+     }
- 	$result="not_subscribed\n";
-     }
+     # The more modern way to do it is to have a subscription list
+     # file:
      if (-e "$fname.subscription") {
  	my $found=&addline($fname,$clientname,$clientip,'');
- 	if ($found) { $result="ok\n"; }
+ 	if ($found) {
+ 	    $unsubs++;
+ 	}
+     }
+     #  If either or both of these mechanisms succeeded in unsubscribing a
+     #  resource we can return ok:
+     if($unsubs) {
+ 	$result = "ok\n";
      } else {
- 	if ($result != "ok\n") { $result="not_subscribed\n"; }
+ 	$result = "not_subscribed\n";
      }
      return $result;
  }
- Line 4343  sub currentversion {
+ Line 4270  sub currentversion {
      my $version=-1;
      my $ulsdir='';
      if ($fname=~/^(.+)\/[^\/]+$/) {
- 	$ulsdir=$1;
+        $ulsdir=$1;
      }
      my ($fnamere1,$fnamere2);
      # remove version if already specified
- Line 4400  sub subscribe {
+ Line 4327  sub subscribe {
                      symlink($root.'.'.$extension,
                              $root.'.'.$currentversion.'.'.$extension);
                      unless ($extension=~/\.meta$/) {
- 			symlink($root.'.'.$extension.'.meta',
+                        symlink($root.'.'.$extension.'.meta',
- 				$root.'.'.$currentversion.'.'.$extension.'.meta');
+                             $root.'.'.$currentversion.'.'.$extension.'.meta');
  		    }
                  }
              }
- Line 4456  sub make_passwd_file {
+ Line 4383  sub make_passwd_file {
  	}
      } elsif ($umode eq 'unix') {
  	{
- 	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    #
+ 	    #  Don't allow the creation of privileged accounts!!! that would
+ 	    #  be real bad!!!
+ 	    #
+ 	    my $uid = getpwnam($uname);
+ 	    if((defined $uid) && ($uid == 0)) {
+ 		&logthis(">>>Attempted to create privilged account blocked");
+ 		return "no_priv_account_error\n";
+ 	    }
+ 	    my $execpath       ="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    my $lc_error_file  = $execdir."/tmp/lcuseradd".$$.".status";
  	    {
  		&Debug("Executing external: ".$execpath);
  		&Debug("user  = ".$uname.", Password =". $npass);
- Line 4464  sub make_passwd_file {
+ Line 4403  sub make_passwd_file {
  		print $se "$uname\n";
  		print $se "$npass\n";
  		print $se "$npass\n";
+ 		print $se "$lc_error_file\n"; # Status -> unique file.
  	    }
- 	    my $useraddok = $?;
+ 	    my $error = IO::File->new("< $lc_error_file");
+ 	    my $useraddok = <$error>;
+ 	    $error->close;
+ 	    unlink($lc_error_file);
+ 	    chomp $useraddok;
  	    if($useraddok > 0) {
- 		&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
+ 		my $error_text = &lcuseraddstrerror($useraddok);
+ 		&logthis("Failed lcuseradd: $error_text");
+ 		$result = "lcuseradd_failed:$error_text\n";
+ 	    }  else {
+ 		my $pf = IO::File->new(">$passfilename");
+ 		print $pf "unix:\n";
  	    }
- 	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "unix:\n";
  	}
      } elsif ($umode eq 'none') {
  	{
- 	    my $pf = IO::File->new(">$passfilename");
+ 	    my $pf = IO::File->new("> $passfilename");
  	    print $pf "none:\n";
  	}
      } else {
- Line 4488  sub sethost {
+ Line 4437  sub sethost {
      my (undef,$hostid)=split(/:/,$remotereq);
      if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
      if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) {
- 	$currenthostid=$hostid;
+ 	$currenthostid  =$hostid;
  	$currentdomainid=$hostdom{$hostid};
  	&logthis("Setting hostid to $hostid, and domain to $currentdomainid");
      } else {
- Line 4504  sub version {
+ Line 4453  sub version {
      $remoteVERSION=(split(/:/,$userinput))[1];
      return "version:$VERSION";
  }
- ############## >>>>>>>>>>>>>>>>>>>>>>>>>> FUTUREWORK <<<<<<<<<<<<<<<<<<<<<<<<<<<<
  #There is a copy of this in lonnet.pm
- #   Can we hoist these lil' things out into common places?
- #
  sub userload {
      my $numusers=0;
      {
- Line 4530  sub userload {
+ Line 4477  sub userload {
      return $userloadpercent;
  }
+ # Routines for serializing arrays and hashes (copies from lonnet)
+ sub array2str {
+   my (@array) = @_;
+   my $result=&arrayref2str(\@array);
+   $result=~s/^__ARRAY_REF__//;
+   $result=~s/__END_ARRAY_REF__$//;
+   return $result;
+ }
+ sub arrayref2str {
+   my ($arrayref) = @_;
+   my $result='__ARRAY_REF__';
+   foreach my $elem (@$arrayref) {
+     if(ref($elem) eq 'ARRAY') {
+       $result.=&arrayref2str($elem).'&';
+     } elsif(ref($elem) eq 'HASH') {
+       $result.=&hashref2str($elem).'&';
+     } elsif(ref($elem)) {
+       #print("Got a ref of ".(ref($elem))." skipping.");
+     } else {
+       $result.=&escape($elem).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_ARRAY_REF__';
+   return $result;
+ }
+ sub hash2str {
+   my (%hash) = @_;
+   my $result=&hashref2str(\%hash);
+   $result=~s/^__HASH_REF__//;
+   $result=~s/__END_HASH_REF__$//;
+   return $result;
+ }
+ sub hashref2str {
+   my ($hashref)=@_;
+   my $result='__HASH_REF__';
+   foreach (sort(keys(%$hashref))) {
+     if (ref($_) eq 'ARRAY') {
+       $result.=&arrayref2str($_).'=';
+     } elsif (ref($_) eq 'HASH') {
+       $result.=&hashref2str($_).'=';
+     } elsif (ref($_)) {
+       $result.='=';
+       #print("Got a ref of ".(ref($_))." skipping.");
+     } else {
+         if ($_) {$result.=&escape($_).'=';} else { last; }
+     }
+     if(ref($hashref->{$_}) eq 'ARRAY') {
+       $result.=&arrayref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_}) eq 'HASH') {
+       $result.=&hashref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_})) {
+        $result.='&';
+       #print("Got a ref of ".(ref($hashref->{$_}))." skipping.");
+     } else {
+       $result.=&escape($hashref->{$_}).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_HASH_REF__';
+   return $result;
+ }
  # ----------------------------------- POD (plain old documentation, CPAN style)
  =head1 NAME

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.178.2.9
changed lines
	Added in v.1.225