|
version 1.247, 2004/09/02 18:37:44
|
version 1.254, 2004/09/14 10:27:22
|
|
Line 331 sub InsecureConnection {
|
Line 331 sub InsecureConnection {
|
| |
|
| |
|
| } |
} |
| |
|
| # |
# |
| |
# Safely execute a command (as long as it's not a shel command and doesn |
| |
# not require/rely on shell escapes. The function operates by doing a |
| |
# a pipe based fork and capturing stdout and stderr from the pipe. |
| |
# |
| |
# Formal Parameters: |
| |
# $line - A line of text to be executed as a command. |
| |
# Returns: |
| |
# The output from that command. If the output is multiline the caller |
| |
# must know how to split up the output. |
| |
# |
| |
# |
| |
sub execute_command { |
| |
my ($line) = @_; |
| |
my @words = split(/\s/, $line); # Bust the command up into words. |
| |
my $output = ""; |
| |
|
| |
my $pid = open(CHILD, "-|"); |
| |
|
| |
if($pid) { # Parent process |
| |
Debug("In parent process for execute_command"); |
| |
my @data = <CHILD>; # Read the child's outupt... |
| |
close CHILD; |
| |
foreach my $output_line (@data) { |
| |
Debug("Adding $output_line"); |
| |
$output .= $output_line; # Presumably has a \n on it. |
| |
} |
| |
|
| |
} else { # Child process |
| |
close (STDERR); |
| |
open (STDERR, ">&STDOUT");# Combine stderr, and stdout... |
| |
exec(@words); # won't return. |
| |
} |
| |
return $output; |
| |
} |
| |
|
| |
|
| # GetCertificate: Given a transaction that requires a certificate, |
# GetCertificate: Given a transaction that requires a certificate, |
| # this function will extract the certificate from the transaction |
# this function will extract the certificate from the transaction |
| # request. Note that at this point, the only concept of a certificate |
# request. Note that at this point, the only concept of a certificate |
|
Line 1013 sub tie_user_hash {
|
Line 1048 sub tie_user_hash {
|
| $how, 0640)) { |
$how, 0640)) { |
| # If this is a namespace for which a history is kept, |
# If this is a namespace for which a history is kept, |
| # make the history log entry: |
# make the history log entry: |
| if (($namespace =~/^nohist\_/) && (defined($loghead))) { |
if (($namespace !~/^nohist\_/) && (defined($loghead))) { |
| my $args = scalar @_; |
my $args = scalar @_; |
| Debug(" Opening history: $namespace $args"); |
Debug(" Opening history: $namespace $args"); |
| my $hfh = IO::File->new(">>$proname/$namespace.hist"); |
my $hfh = IO::File->new(">>$proname/$namespace.hist"); |
|
Line 1302 sub push_file_handler {
|
Line 1337 sub push_file_handler {
|
| |
|
| sub du_handler { |
sub du_handler { |
| my ($cmd, $ududir, $client) = @_; |
my ($cmd, $ududir, $client) = @_; |
| |
my ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier. |
| |
my $userinput = "$cmd:$ududir"; |
| |
|
| if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) { |
if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) { |
| &Failure($client,"refused\n","$cmd:$ududir"); |
&Failure($client,"refused\n","$cmd:$ududir"); |
| return 1; |
return 1; |
| } |
} |
| my $duout = `du -ks $ududir 2>/dev/null`; |
# Since $ududir could have some nasties in it, |
| $duout=~s/[^\d]//g; #preserve only the numbers |
# we will require that ududir is a valid |
| &Reply($client,"$duout\n","$cmd:$ududir"); |
# directory. Just in case someone tries to |
| |
# slip us a line like .;(cd /home/httpd rm -rf*) |
| |
# etc. |
| |
# |
| |
if (-d $ududir) { |
| |
# And as Shakespeare would say to make |
| |
# assurance double sure, |
| |
# use execute_command to ensure that the command is not executed in |
| |
# a shell that can screw us up. |
| |
|
| |
my $duout = execute_command("du -ks $ududir"); |
| |
$duout=~s/[^\d]//g; #preserve only the numbers |
| |
&Reply($client,"$duout\n","$cmd:$ududir"); |
| |
} else { |
| |
|
| |
&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir"); |
| |
|
| |
} |
| return 1; |
return 1; |
| } |
} |
| ®ister_handler("du", \&du_handler, 0, 1, 0); |
®ister_handler("du", \&du_handler, 0, 1, 0); |
|
Line 1370 sub ls_handler {
|
Line 1425 sub ls_handler {
|
| $ulsout='no_such_dir'; |
$ulsout='no_such_dir'; |
| } |
} |
| if ($ulsout eq '') { $ulsout='empty'; } |
if ($ulsout eq '') { $ulsout='empty'; } |
| print $client "$ulsout\n"; |
&Reply($client, "$ulsout\n", $userinput); # This supports debug logging. |
| |
|
| return 1; |
return 1; |
| |
|
|
Line 1712 sub change_authentication_handler {
|
Line 1767 sub change_authentication_handler {
|
| my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
my $result=&make_passwd_file($uname, $umode,$npass,$passfilename); |
| &Reply($client, $result, $userinput); |
&Reply($client, $result, $userinput); |
| } else { |
} else { |
| &Failure($client, "non_authorized", $userinput); # Fail the user now. |
&Failure($client, "non_authorized\n", $userinput); # Fail the user now. |
| } |
} |
| } |
} |
| return 1; |
return 1; |
|
Line 1939 sub remove_user_file_handler {
|
Line 1994 sub remove_user_file_handler {
|
| if (-e $udir) { |
if (-e $udir) { |
| my $file=$udir.'/userfiles/'.$ufile; |
my $file=$udir.'/userfiles/'.$ufile; |
| if (-e $file) { |
if (-e $file) { |
| |
# |
| |
# If the file is a regular file unlink is fine... |
| |
# However it's possible the client wants a dir. |
| |
# removed, in which case rmdir is more approprate: |
| |
# |
| if (-f $file){ |
if (-f $file){ |
| unlink($file); |
unlink($file); |
| } elsif(-d $file) { |
} elsif(-d $file) { |
| rmdir($file); |
rmdir($file); |
| } |
} |
| if (-e $file) { |
if (-e $file) { |
| |
# File is still there after we deleted it ?!? |
| |
|
| &Failure($client, "failed\n", "$cmd:$tail"); |
&Failure($client, "failed\n", "$cmd:$tail"); |
| } else { |
} else { |
| &Reply($client, "ok\n", "$cmd:$tail"); |
&Reply($client, "ok\n", "$cmd:$tail"); |
|
Line 2063 sub token_auth_user_file_handler {
|
Line 2125 sub token_auth_user_file_handler {
|
| my ($fname, $session) = split(/:/, $tail); |
my ($fname, $session) = split(/:/, $tail); |
| |
|
| chomp($session); |
chomp($session); |
| my $reply='non_auth'; |
my $reply="non_auth\n"; |
| if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'. |
if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'. |
| $session.'.id')) { |
$session.'.id')) { |
| while (my $line=<ENVIN>) { |
while (my $line=<ENVIN>) { |
| if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; } |
if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply="ok\n"; } |
| } |
} |
| close(ENVIN); |
close(ENVIN); |
| &Reply($client, $reply); |
&Reply($client, $reply, "$cmd:$tail"); |
| } else { |
} else { |
| &Failure($client, "invalid_token\n", "$cmd:$tail"); |
&Failure($client, "invalid_token\n", "$cmd:$tail"); |
| } |
} |
|
Line 3069 sub put_course_id_handler {
|
Line 3131 sub put_course_id_handler {
|
| my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT()); |
my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT()); |
| if ($hashref) { |
if ($hashref) { |
| foreach my $pair (@pairs) { |
foreach my $pair (@pairs) { |
| my ($key,$value)=split(/=/,$pair); |
my ($key,$descr,$inst_code)=split(/=/,$pair); |
| $hashref->{$key}=$value.':'.$now; |
$hashref->{$key}=$descr.':'.$inst_code.':'.$now; |
| } |
} |
| if (untie(%$hashref)) { |
if (untie(%$hashref)) { |
| &Reply($client, "ok\n", $userinput); |
&Reply( $client, "ok\n", $userinput); |
| } else { |
} else { |
| &Failure( $client, "error: ".($!+0) |
&Failure($client, "error: ".($!+0) |
| ." untie(GDBM) Failed ". |
." untie(GDBM) Failed ". |
| "while attempting courseidput\n", $userinput); |
"while attempting courseidput\n", $userinput); |
| } |
} |
| } else { |
} else { |
| &Failure( $client, "error: ".($!+0) |
&Failure($client, "error: ".($!+0) |
| ." tie(GDBM) Failed ". |
." tie(GDBM) Failed ". |
| "while attempting courseidput\n", $userinput); |
"while attempting courseidput\n", $userinput); |
| } |
} |
| |
|
| |
|
| return 1; |
return 1; |
| } |
} |
|
Line 3482 sub exit_handler {
|
Line 3545 sub exit_handler {
|
| |
|
| return 0; |
return 0; |
| } |
} |
| ®ister_handler("exit", \&exit_handler, 0,,1); |
®ister_handler("exit", \&exit_handler, 0,1,1); |
| ®ister_handler("init", \&exit_handler, 0,,1); |
®ister_handler("init", \&exit_handler, 0,1,1); |
| ®ister_handler("quit", \&exit_handler, 0,,1); |
®ister_handler("quit", \&exit_handler, 0,1,1); |
| |
|
| |
# Determine if auto-enrollment is enabled. |
| |
# Note that the original had what I believe to be a defect. |
| |
# The original returned 0 if the requestor was not a registerd client. |
| |
# It should return "refused". |
| |
# Formal Parameters: |
| |
# $cmd - The command that invoked us. |
| |
# $tail - The tail of the command (Extra command parameters. |
| |
# $client - The socket open on the client that issued the request. |
| |
# Returns: |
| |
# 1 - Indicating processing should continue. |
| |
# |
| |
sub enrollment_enabled_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = $cmd.":".$tail; # For logging purposes. |
| |
|
| |
|
| |
my $cdom = split(/:/, $tail); # Domain we're asking about. |
| |
my $outcome = &localenroll::run($cdom); |
| |
&Reply($client, "$outcome\n", $userinput); |
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autorun", \&enrollment_enabled_handler, 0, 1, 0); |
| |
|
| |
# Get the official sections for which auto-enrollment is possible. |
| |
# Since the admin people won't know about 'unofficial sections' |
| |
# we cannot auto-enroll on them. |
| |
# Formal Parameters: |
| |
# $cmd - The command request that got us dispatched here. |
| |
# $tail - The remainder of the request. In our case this |
| |
# will be split into: |
| |
# $coursecode - The course name from the admin point of view. |
| |
# $cdom - The course's domain(?). |
| |
# $client - Socket open on the client. |
| |
# Returns: |
| |
# 1 - Indiciting processing should continue. |
| |
# |
| |
sub get_sections_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
|
| |
my ($coursecode, $cdom) = split(/:/, $tail); |
| |
my @secs = &localenroll::get_sections($coursecode,$cdom); |
| |
my $seclist = &escape(join(':',@secs)); |
| |
|
| |
&Reply($client, "$seclist\n", $userinput); |
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autogetsections", \&get_sections_handler, 0, 1, 0); |
| |
|
| |
# Validate the owner of a new course section. |
| |
# |
| |
# Formal Parameters: |
| |
# $cmd - Command that got us dispatched. |
| |
# $tail - the remainder of the command. For us this consists of a |
| |
# colon separated string containing: |
| |
# $inst - Course Id from the institutions point of view. |
| |
# $owner - Proposed owner of the course. |
| |
# $cdom - Domain of the course (from the institutions |
| |
# point of view?).. |
| |
# $client - Socket open on the client. |
| |
# |
| |
# Returns: |
| |
# 1 - Processing should continue. |
| |
# |
| |
sub validate_course_owner_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
my ($inst_course_id, $owner, $cdom) = split(/:/, $tail); |
| |
|
| |
my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom); |
| |
&Reply($client, "$outcome\n", $userinput); |
| |
|
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0); |
| |
# |
| |
# Validate a course section in the official schedule of classes |
| |
# from the institutions point of view (part of autoenrollment). |
| |
# |
| |
# Formal Parameters: |
| |
# $cmd - The command request that got us dispatched. |
| |
# $tail - The tail of the command. In this case, |
| |
# this is a colon separated set of words that will be split |
| |
# into: |
| |
# $inst_course_id - The course/section id from the |
| |
# institutions point of view. |
| |
# $cdom - The domain from the institutions |
| |
# point of view. |
| |
# $client - Socket open on the client. |
| |
# Returns: |
| |
# 1 - Indicating processing should continue. |
| |
# |
| |
sub validate_course_section_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
my ($inst_course_id, $cdom) = split(/:/, $tail); |
| |
|
| |
my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom); |
| |
&Reply($client, "$outcome\n", $userinput); |
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autovalidatecourse", \&validate_course_section_handler, 0, 1, 0); |
| |
|
| |
# |
| |
# Create a password for a new auto-enrollment user. |
| |
# I think/guess, this password allows access to the institutions |
| |
# AIS class list server/services. Stuart can correct this comment |
| |
# when he finds out how wrong I am. |
| |
# |
| |
# Formal Parameters: |
| |
# $cmd - The command request that got us dispatched. |
| |
# $tail - The tail of the command. In this case this is a colon separated |
| |
# set of words that will be split into: |
| |
# $authparam - An authentication parameter (username??). |
| |
# $cdom - The domain of the course from the institution's |
| |
# point of view. |
| |
# $client - The socket open on the client. |
| |
# Returns: |
| |
# 1 - continue processing. |
| |
# |
| |
sub create_auto_enroll_password_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
|
| |
my ($authparam, $cdom) = split(/:/, $userinput); |
| |
|
| |
my ($create_passwd,$authchk); |
| |
($authparam, |
| |
$create_passwd, |
| |
$authchk) = &localenroll::create_password($authparam,$cdom); |
| |
|
| |
&Reply($client, &escape($authparam.':'.$create_passwd.':'.$authchk)."\n", |
| |
$userinput); |
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autocreatepassword", \&create_auto_enroll_password_handler, |
| |
0, 1, 0); |
| |
|
| |
# Retrieve and remove temporary files created by/during autoenrollment. |
| |
# |
| |
# Formal Parameters: |
| |
# $cmd - The command that got us dispatched. |
| |
# $tail - The tail of the command. In our case this is a colon |
| |
# separated list that will be split into: |
| |
# $filename - The name of the file to remove. |
| |
# The filename is given as a path relative to |
| |
# the LonCAPA temp file directory. |
| |
# $client - Socket open on the client. |
| |
# |
| |
# Returns: |
| |
# 1 - Continue processing. |
| |
|
| |
sub retrieve_auto_file_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "cmd:$tail"; |
| |
|
| |
my ($filename) = split(/:/, $tail); |
| |
|
| |
my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename; |
| |
if ( (-e $source) && ($filename ne '') ) { |
| |
my $reply = ''; |
| |
if (open(my $fh,$source)) { |
| |
while (<$fh>) { |
| |
chomp($_); |
| |
$_ =~ s/^\s+//g; |
| |
$_ =~ s/\s+$//g; |
| |
$reply .= $_; |
| |
} |
| |
close($fh); |
| |
&Reply($client, &escape($reply)."\n", $userinput); |
| |
|
| |
# Does this have to be uncommented??!? (RF). |
| |
# |
| |
# unlink($source); |
| |
} else { |
| |
&Failure($client, "error\n", $userinput); |
| |
} |
| |
} else { |
| |
&Failure($client, "error\n", $userinput); |
| |
} |
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("autoretrieve", \&retrieve_auto_file_handler, 0,1,0); |
| |
|
| |
# |
| |
# Read and retrieve institutional code format (for support form). |
| |
# Formal Parameters: |
| |
# $cmd - Command that dispatched us. |
| |
# $tail - Tail of the command. In this case it conatins |
| |
# the course domain and the coursename. |
| |
# $client - Socket open on the client. |
| |
# Returns: |
| |
# 1 - Continue processing. |
| |
# |
| |
sub get_institutional_code_format_handler { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my $userinput = "$cmd:$tail"; |
| |
|
| |
my $reply; |
| |
my($cdom,$course) = split(/:/,$tail); |
| |
my @pairs = split/\&/,$course; |
| |
my %instcodes = (); |
| |
my %codes = (); |
| |
my @codetitles = (); |
| |
my %cat_titles = (); |
| |
my %cat_order = (); |
| |
foreach (@pairs) { |
| |
my ($key,$value) = split/=/,$_; |
| |
$instcodes{&unescape($key)} = &unescape($value); |
| |
} |
| |
my $formatreply = &localenroll::instcode_format($cdom, |
| |
\%instcodes, |
| |
\%codes, |
| |
\@codetitles, |
| |
\%cat_titles, |
| |
\%cat_order); |
| |
if ($formatreply eq 'ok') { |
| |
my $codes_str = &hash2str(%codes); |
| |
my $codetitles_str = &array2str(@codetitles); |
| |
my $cat_titles_str = &hash2str(%cat_titles); |
| |
my $cat_order_str = &hash2str(%cat_order); |
| |
&Reply($client, |
| |
$codes_str.':'.$codetitles_str.':'.$cat_titles_str.':' |
| |
.$cat_order_str."\n", |
| |
$userinput); |
| |
} else { |
| |
# this else branch added by RF since if not ok, lonc will |
| |
# hang waiting on reply until timeout. |
| |
# |
| |
&Reply($client, "format_error\n", $userinput); |
| |
} |
| |
|
| |
return 1; |
| |
} |
| |
|
| |
®ister_handler("autoinstcodeformat", \&get_institutional_code_format_handler, |
| |
0,1,0); |
| |
|
| |
# |
| |
# Portofolio directory list: |
| |
# |
| |
# Parameters: |
| |
# cmd - Command request that got us called. |
| |
# tail - the remainder of the command line. In this case this is a colon |
| |
# separated list containing the username and domain. |
| |
# used to locate their portfolio. |
| |
# client - Socket openon the client. |
| |
# Returns: |
| |
# 1 indicating processing should continue. |
| |
# |
| |
sub list_portfolio { |
| |
my ($cmd, $tail, $client) = @_; |
| |
my ($uname, $udom) = split(/:/, $tail); |
| |
my $userinput = "$cmd:$tail"; |
| |
|
| |
my $udir=propath($udom,$uname).'/userfiles/portfolio'; |
| |
my $dirLine=''; |
| |
my $dirContents=''; |
| |
if (opendir(LSDIR,$udir.'/')){ |
| |
while ($dirLine = readdir(LSDIR)){ |
| |
$dirContents = $dirContents.$dirLine.'<br />'; |
| |
} |
| |
} else { |
| |
$dirContents = "No directory found\n"; |
| |
} |
| |
&Reply( $client, $dirContents."\n", $userinput); |
| |
|
| |
|
| |
|
| |
return 1; |
| |
} |
| |
®ister_handler("portls", \&list_portfolio, 0,1,0); |
| |
|
| # |
# |
| # |
# |
| # |
# |
|
Line 3533 sub process_request {
|
Line 3879 sub process_request {
|
| $userinput = decipher($userinput); |
$userinput = decipher($userinput); |
| $wasenc=1; |
$wasenc=1; |
| if(!$userinput) { # Cipher not defined. |
if(!$userinput) { # Cipher not defined. |
| &Failure($client, "error: Encrypted data without negotated key"); |
&Failure($client, "error: Encrypted data without negotated key\n"); |
| return 0; |
return 0; |
| } |
} |
| } |
} |
|
Line 3678 sub process_request {
|
Line 4024 sub process_request {
|
| } else { |
} else { |
| print $client "refused\n"; |
print $client "refused\n"; |
| } |
} |
| #--------------------- read and retrieve institutional code format (for support form). |
#--------------------- read and retrieve institutional code format |
| |
# (for support form). |
| } elsif ($userinput =~/^autoinstcodeformat/) { |
} elsif ($userinput =~/^autoinstcodeformat/) { |
| if (isClient) { |
if (isClient) { |
| my $reply; |
my $reply; |
|
Line 4740 sub validate_user {
|
Line 5087 sub validate_user {
|
| # At the end of this function. I'll ensure that it's not still that |
# At the end of this function. I'll ensure that it's not still that |
| # value so we don't just wind up returning some accidental value |
# value so we don't just wind up returning some accidental value |
| # as a result of executing an unforseen code path that |
# as a result of executing an unforseen code path that |
| # did not set $validated. |
# did not set $validated. At the end of valid execution paths, |
| |
# validated shoule be 1 for success or 0 for failuer. |
| |
|
| my $validated = -3.14159; |
my $validated = -3.14159; |
| |
|
|
Line 4828 sub validate_user {
|
Line 5176 sub validate_user {
|
| # |
# |
| |
|
| unless ($validated != -3.14159) { |
unless ($validated != -3.14159) { |
| die "ValidateUser - failed to set the value of validated"; |
# I >really really< want to know if this happens. |
| |
# since it indicates that user authentication is badly |
| |
# broken in some code path. |
| |
# |
| |
die "ValidateUser - failed to set the value of validated $domain, $user $password"; |
| } |
} |
| return $validated; |
return $validated; |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom