loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.178.2.10 and 1.267

-version 1.178.2.10, 2004/03/22 09:16:26
+version 1.267, 2004/12/08 22:45:33
  Line 20
  #
  # You should have received a copy of the GNU General Public License
  # along with LON-CAPA; if not, write to the Free Software
  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  #
  # /home/httpd/html/adm/gpl.txt
  #
  Line 45  use Authen::Krb4;
  use Authen::Krb5;
  use lib '/home/httpd/lib/perl/';
  use localauth;
+ use localenroll;
+ use localstudentphoto;
  use File::Copy;
  use LONCAPA::ConfigFileEdit;
+ use LONCAPA::lonlocal;
+ use LONCAPA::lonssl;
+ use Fcntl qw(:flock);
- my $DEBUG = 1;		       # Non zero to enable debug log entries.
+ my $DEBUG = 0;		       # Non zero to enable debug log entries.
  my $status='';
  my $lastlog='';
  my $VERSION='$Revision$'; #' stupid emacs
  my $remoteVERSION;
- my $currenthostid;
+ my $currenthostid="default";
  my $currentdomainid;
  my $client;
- my $clientip;
+ my $clientip;			# IP address of client.
- my $clientname;
+ my $clientdns;			# DNS name of client.
+ my $clientname;			# LonCAPA name of client.
- my $cipher;			# Cipher key negotiated with client.
- my $tmpsnum = 0;;		# Id of tmpputs.
  my $server;
- my $thisserver;
+ my $thisserver;			# DNS of us.
+ my $keymode;
+ my $cipher;			# Cipher key negotiated with client
+ my $tmpsnum = 0;		# Id of tmpputs.
  #
  #   Connection type is:
- Line 77  my $thisserver;
+ Line 85  my $thisserver;
  my $ConnectionType;
- my %hostid;
+ my %hostid;			# ID's for hosts in cluster by ip.
- my %hostdom;
+ my %hostdom;			# LonCAPA domain for hosts in cluster.
- my %hostip;
+ my %hostip;			# IPs for hosts in cluster.
+ my %hostdns;			# ID's of hosts looked up by DNS name.
  my %managers;			# Ip -> manager names
- Line 98  my $CLIENT_OK  = 1;
+ Line 107  my $CLIENT_OK  = 1;
  my $MANAGER_OK = 2;
  my %Dispatcher;
  #
  #  The array below are password error strings."
  #
- Line 113  my @passwderrors = ("ok",
+ Line 123  my @passwderrors = ("ok",
  		   "lcpasswd Cannot set new passwd.",
  		   "lcpasswd Username has invalid characters",
  		   "lcpasswd Invalid characters in password",
- 		    "11", "12",
+ 		   "lcpasswd User already exists",
- 		    "lcpasswd Password mismatch");
+                    "lcpasswd Something went wrong with user addition.",
+ 		    "lcpasswd Password mismatch",
+ 		    "lcpasswd Error filename is invalid");
  #  The array below are lcuseradd error strings.:
- Line 135  my @adderrors    = ("ok",
+ Line 147  my @adderrors    = ("ok",
  		    "lcuseradd Could not add user.",
  		    "lcuseradd Password mismatch");
  #
  #   Statistics that are maintained and dislayed in the status line.
  #
- my $Transactions;		# Number of attempted transactions.
+ my $Transactions = 0;		# Number of attempted transactions.
- my $Failures;			# Number of transcations failed.
+ my $Failures     = 0;		# Number of transcations failed.
  #   ResetStatistics:
  #      Resets the statistics counters:
- Line 149  sub ResetStatistics {
+ Line 163  sub ResetStatistics {
      $Failures     = 0;
  }
+ #------------------------------------------------------------------------
+ #
+ #   LocalConnection
+ #     Completes the formation of a locally authenticated connection.
+ #     This function will ensure that the 'remote' client is really the
+ #     local host.  If not, the connection is closed, and the function fails.
+ #     If so, initcmd is parsed for the name of a file containing the
+ #     IDEA session key.  The fie is opened, read, deleted and the session
+ #     key returned to the caller.
+ #
+ # Parameters:
+ #   $Socket      - Socket open on client.
+ #   $initcmd     - The full text of the init command.
+ #
+ # Implicit inputs:
+ #    $clientdns  - The DNS name of the remote client.
+ #    $thisserver - Our DNS name.
+ #
+ # Returns:
+ #     IDEA session key on success.
+ #     undef on failure.
+ #
+ sub LocalConnection {
+     my ($Socket, $initcmd) = @_;
+     Debug("Attempting local connection: $initcmd client: $clientdns me: $thisserver");
+     if($clientdns ne $thisserver) {
+ 	&logthis('<font color="red"> LocalConnection rejecting non local: '
+ 		 ."$clientdns ne $thisserver </font>");
+ 	close $Socket;
+ 	return undef;
+     }  else {
+ 	chomp($initcmd);	# Get rid of \n in filename.
+ 	my ($init, $type, $name) = split(/:/, $initcmd);
+ 	Debug(" Init command: $init $type $name ");
+ 	# Require that $init = init, and $type = local:  Otherwise
+ 	# the caller is insane:
+ 	if(($init ne "init") && ($type ne "local")) {
+ 	    &logthis('<font color = "red"> LocalConnection: caller is insane! '
+ 		     ."init = $init, and type = $type </font>");
+ 	    close($Socket);;
+ 	    return undef;
+ 	}
+ 	#  Now get the key filename:
+ 	my $IDEAKey = lonlocal::ReadKeyFile($name);
+ 	return $IDEAKey;
+     }
+ }
+ #------------------------------------------------------------------------------
+ #
+ #  SSLConnection
+ #   Completes the formation of an ssh authenticated connection. The
+ #   socket is promoted to an ssl socket.  If this promotion and the associated
+ #   certificate exchange are successful, the IDEA key is generated and sent
+ #   to the remote peer via the SSL tunnel. The IDEA key is also returned to
+ #   the caller after the SSL tunnel is torn down.
+ #
+ # Parameters:
+ #   Name              Type             Purpose
+ #   $Socket          IO::Socket::INET  Plaintext socket.
+ #
+ # Returns:
+ #    IDEA key on success.
+ #    undef on failure.
+ #
+ sub SSLConnection {
+     my $Socket   = shift;
+     Debug("SSLConnection: ");
+     my $KeyFile         = lonssl::KeyFile();
+     if(!$KeyFile) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get key file $err </font>");
+ 	return undef;
+     }
+     my ($CACertificate,
+ 	$Certificate) = lonssl::CertificateFile();
+     # If any of the key, certificate or certificate authority
+     # certificate filenames are not defined, this can't work.
+     if((!$Certificate) || (!$CACertificate)) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get certificates: $err </font>");
+ 	return undef;
+     }
+     Debug("Key: $KeyFile CA: $CACertificate Cert: $Certificate");
+     # Indicate to our peer that we can procede with
+     # a transition to ssl authentication:
+     print $Socket "ok:ssl\n";
+     Debug("Approving promotion -> ssl");
+     #  And do so:
+     my $SSLSocket = lonssl::PromoteServerSocket($Socket,
+ 						$CACertificate,
+ 						$Certificate,
+ 						$KeyFile);
+     if(! ($SSLSocket) ) {	# SSL socket promotion failed.
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL "
+ 		 ."SSL Socket promotion failed: $err </font>");
+ 	return undef;
+     }
+     Debug("SSL Promotion successful");
+     #
+     #  The only thing we'll use the socket for is to send the IDEA key
+     #  to the peer:
+     my $Key = lonlocal::CreateCipherKey();
+     print $SSLSocket "$Key\n";
+     lonssl::Close($SSLSocket);
+     Debug("Key exchange complete: $Key");
+     return $Key;
+ }
+ #
+ #     InsecureConnection:
+ #        If insecure connections are allowd,
+ #        exchange a challenge with the client to 'validate' the
+ #        client (not really, but that's the protocol):
+ #        We produce a challenge string that's sent to the client.
+ #        The client must then echo the challenge verbatim to us.
+ #
+ #  Parameter:
+ #      Socket      - Socket open on the client.
+ #  Returns:
+ #      1           - success.
+ #      0           - failure (e.g.mismatch or insecure not allowed).
+ #
+ sub InsecureConnection {
+     my $Socket  =  shift;
+     #   Don't even start if insecure connections are not allowed.
+     if(! $perlvar{londAllowInsecure}) {	# Insecure connections not allowed.
+ 	return 0;
+     }
+     #   Fabricate a challenge string and send it..
+     my $challenge = "$$".time;	# pid + time.
+     print $Socket "$challenge\n";
+     &status("Waiting for challenge reply");
+     my $answer = <$Socket>;
+     $answer    =~s/\W//g;
+     if($challenge eq $answer) {
+ 	return 1;
+     } else {
+ 	logthis("<font color='blue'>WARNING client did not respond to challenge</font>");
+ 	&status("No challenge reqply");
+ 	return 0;
+     }
+ }
+ #
+ #   Safely execute a command (as long as it's not a shel command and doesn
+ #   not require/rely on shell escapes.   The function operates by doing a
+ #   a pipe based fork and capturing stdout and stderr  from the pipe.
+ #
+ # Formal Parameters:
+ #     $line                    - A line of text to be executed as a command.
+ # Returns:
+ #     The output from that command.  If the output is multiline the caller
+ #     must know how to split up the output.
+ #
+ #
+ sub execute_command {
+     my ($line)    = @_;
+     my @words     = split(/\s/, $line);	# Bust the command up into words.
+     my $output    = "";
+     my $pid = open(CHILD, "-|");
+     if($pid) {			# Parent process
+ 	Debug("In parent process for execute_command");
+ 	my @data = <CHILD>;	# Read the child's outupt...
+ 	close CHILD;
+ 	foreach my $output_line (@data) {
+ 	    Debug("Adding $output_line");
+ 	    $output .= $output_line; # Presumably has a \n on it.
+ 	}
+     } else {			# Child process
+ 	close (STDERR);
+ 	open  (STDERR, ">&STDOUT");# Combine stderr, and stdout...
+ 	exec(@words);		# won't return.
+     }
+     return $output;
+ }
+ #   GetCertificate: Given a transaction that requires a certificate,
+ #   this function will extract the certificate from the transaction
+ #   request.  Note that at this point, the only concept of a certificate
+ #   is the hostname to which we are connected.
+ #
+ #   Parameter:
+ #      request   - The request sent by our client (this parameterization may
+ #                  need to change when we really use a certificate granting
+ #                  authority.
+ #
+ sub GetCertificate {
+     my $request = shift;
+     return $clientip;
+ }
  #
  #   Return true if client is a manager.
  #
- Line 161  sub isManager {
+ Line 397  sub isManager {
  sub isClient {
      return (($ConnectionType eq "client") || ($ConnectionType eq "both"));
  }
+ #
+ #   ReadManagerTable: Reads in the current manager table. For now this is
+ #                     done on each manager authentication because:
+ #                     - These authentications are not frequent
+ #                     - This allows dynamic changes to the manager table
+ #                       without the need to signal to the lond.
+ #
+ sub ReadManagerTable {
+     #   Clean out the old table first..
+    foreach my $key (keys %managers) {
+       delete $managers{$key};
+    }
+    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+    if (!open (MANAGERS, $tablename)) {
+       logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
+       return;
+    }
+    while(my $host = <MANAGERS>) {
+       chomp($host);
+       if ($host =~ "^#") {                  # Comment line.
+          next;
+       }
+       if (!defined $hostip{$host}) { # This is a non cluster member
+ 	    #  The entry is of the form:
+ 	    #    cluname:hostname
+ 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
+ 	    #            the host key.
+ 	    #  hostname- The dns name of the host.
+ 	    #
+           my($cluname, $dnsname) = split(/:/, $host);
+           my $ip = gethostbyname($dnsname);
+           if(defined($ip)) {                 # bad names don't deserve entry.
+             my $hostip = inet_ntoa($ip);
+             $managers{$hostip} = $cluname;
+             logthis('<font color="green"> registering manager '.
+                     "$dnsname as $cluname with $hostip </font>\n");
+          }
+       } else {
+          logthis('<font color="green"> existing host'." $host</font>\n");
+          $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
+       }
+    }
+ }
+ #
+ #  ValidManager: Determines if a given certificate represents a valid manager.
+ #                in this primitive implementation, the 'certificate' is
+ #                just the connecting loncapa client name.  This is checked
+ #                against a valid client list in the configuration.
+ #
+ #
+ sub ValidManager {
+     my $certificate = shift;
+     return isManager;
+ }
+ #
+ #  CopyFile:  Called as part of the process of installing a
+ #             new configuration file.  This function copies an existing
+ #             file to a backup file.
+ # Parameters:
+ #     oldfile  - Name of the file to backup.
+ #     newfile  - Name of the backup file.
+ # Return:
+ #     0   - Failure (errno has failure reason).
+ #     1   - Success.
+ #
+ sub CopyFile {
+     my ($oldfile, $newfile) = @_;
+     #  The file must exist:
+     if(-e $oldfile) {
+ 	 # Read the old file.
+ 	my $oldfh = IO::File->new("< $oldfile");
+ 	if(!$oldfh) {
+ 	    return 0;
+ 	}
+ 	my @contents = <$oldfh>;  # Suck in the entire file.
+ 	# write the backup file:
+ 	my $newfh = IO::File->new("> $newfile");
+ 	if(!(defined $newfh)){
+ 	    return 0;
+ 	}
+ 	my $lines = scalar @contents;
+ 	for (my $i =0; $i < $lines; $i++) {
+ 	    print $newfh ($contents[$i]);
+ 	}
+ 	$oldfh->close;
+ 	$newfh->close;
+ 	chmod(0660, $newfile);
+ 	return 1;
+     } else {
+ 	return 0;
+     }
+ }
+ #
+ #  Host files are passed out with externally visible host IPs.
+ #  If, for example, we are behind a fire-wall or NAT host, our
+ #  internally visible IP may be different than the externally
+ #  visible IP.  Therefore, we always adjust the contents of the
+ #  host file so that the entry for ME is the IP that we believe
+ #  we have.  At present, this is defined as the entry that
+ #  DNS has for us.  If by some chance we are not able to get a
+ #  DNS translation for us, then we assume that the host.tab file
+ #  is correct.
+ #    BUGBUGBUG - in the future, we really should see if we can
+ #       easily query the interface(s) instead.
+ # Parameter(s):
+ #     contents    - The contents of the host.tab to check.
+ # Returns:
+ #     newcontents - The adjusted contents.
+ #
+ #
+ sub AdjustHostContents {
+     my $contents  = shift;
+     my $adjusted;
+     my $me        = $perlvar{'lonHostID'};
+  foreach my $line (split(/\n/,$contents)) {
+ 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+ 	    chomp($line);
+ 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+ 	    if ($id eq $me) {
+           my $ip = gethostbyname($name);
+           my $ipnew = inet_ntoa($ip);
+          $ip = $ipnew;
+ 		#  Reconstruct the host line and append to adjusted:
+ 		   my $newline = "$id:$domain:$role:$name:$ip";
+ 		   if($maxcon ne "") { # Not all hosts have loncnew tuning params
+ 		     $newline .= ":$maxcon:$idleto:$mincon";
+ 		   }
+ 		   $adjusted .= $newline."\n";
+       } else {		# Not me, pass unmodified.
+ 		   $adjusted .= $line."\n";
+       }
+ 	} else {                  # Blank or comment never re-written.
+ 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
+ 	}
+  }
+  return $adjusted;
+ }
+ #
+ #   InstallFile: Called to install an administrative file:
+ #       - The file is created with <name>.tmp
+ #       - The <name>.tmp file is then mv'd to <name>
+ #   This lugubrious procedure is done to ensure that we are never without
+ #   a valid, even if dated, version of the file regardless of who crashes
+ #   and when the crash occurs.
+ #
+ #  Parameters:
+ #       Name of the file
+ #       File Contents.
+ #  Return:
+ #      nonzero - success.
+ #      0       - failure and $! has an errno.
+ #
+ sub InstallFile {
+     my ($Filename, $Contents) = @_;
+     my $TempFile = $Filename.".tmp";
+     #  Open the file for write:
+     my $fh = IO::File->new("> $TempFile"); # Write to temp.
+     if(!(defined $fh)) {
+ 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
+ 	return 0;
+     }
+     #  write the contents of the file:
+     print $fh ($Contents);
+     $fh->close;			# In case we ever have a filesystem w. locking
+     chmod(0660, $TempFile);
+     # Now we can move install the file in position.
+     move($TempFile, $Filename);
+     return 1;
+ }
+ #
+ #   ConfigFileFromSelector: converts a configuration file selector
+ #                 (one of host or domain at this point) into a
+ #                 configuration file pathname.
+ #
+ #  Parameters:
+ #      selector  - Configuration file selector.
+ #  Returns:
+ #      Full path to the file or undef if the selector is invalid.
+ #
+ sub ConfigFileFromSelector {
+     my $selector   = shift;
+     my $tablefile;
+     my $tabledir = $perlvar{'lonTabDir'}.'/';
+     if ($selector eq "hosts") {
+ 	$tablefile = $tabledir."hosts.tab";
+     } elsif ($selector eq "domain") {
+ 	$tablefile = $tabledir."domain.tab";
+     } else {
+ 	return undef;
+     }
+     return $tablefile;
+ }
+ #
+ #   PushFile:  Called to do an administrative push of a file.
+ #              - Ensure the file being pushed is one we support.
+ #              - Backup the old file to <filename.saved>
+ #              - Separate the contents of the new file out from the
+ #                rest of the request.
+ #              - Write the new file.
+ #  Parameter:
+ #     Request - The entire user request.  This consists of a : separated
+ #               string pushfile:tablename:contents.
+ #     NOTE:  The contents may have :'s in it as well making things a bit
+ #            more interesting... but not much.
+ #  Returns:
+ #     String to send to client ("ok" or "refused" if bad file).
+ #
+ sub PushFile {
+     my $request = shift;
+     my ($command, $filename, $contents) = split(":", $request, 3);
+     #  At this point in time, pushes for only the following tables are
+     #  supported:
+     #   hosts.tab  ($filename eq host).
+     #   domain.tab ($filename eq domain).
+     # Construct the destination filename or reject the request.
+     #
+     # lonManage is supposed to ensure this, however this session could be
+     # part of some elaborate spoof that managed somehow to authenticate.
+     #
+     my $tablefile = ConfigFileFromSelector($filename);
+     if(! (defined $tablefile)) {
+ 	return "refused";
+     }
+     #
+     # >copy< the old table to the backup table
+     #        don't rename in case system crashes/reboots etc. in the time
+     #        window between a rename and write.
+     #
+     my $backupfile = $tablefile;
+     $backupfile    =~ s/\.tab$/.old/;
+     if(!CopyFile($tablefile, $backupfile)) {
+ 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
+ 	return "error:$!";
+     }
+     &logthis('<font color="green"> Pushfile: backed up '
+ 	    .$tablefile." to $backupfile</font>");
+     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
+     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+     #  that possibilty.
+     if($filename eq "host") {
+ 	$contents = AdjustHostContents($contents);
+     }
+     #  Install the new file:
+     if(!InstallFile($tablefile, $contents)) {
+ 	&logthis('<font color="red"> Pushfile: unable to install '
+ 	 .$tablefile." $! </font>");
+ 	return "error:$!";
+     } else {
+ 	&logthis('<font color="green"> Installed new '.$tablefile
+ 		 ."</font>");
+     }
+     #  Indicate success:
+     return "ok";
+ }
+ #
+ #  Called to re-init either lonc or lond.
+ #
+ #  Parameters:
+ #    request   - The full request by the client.  This is of the form
+ #                reinit:<process>
+ #                where <process> is allowed to be either of
+ #                lonc or lond
+ #
+ #  Returns:
+ #     The string to be sent back to the client either:
+ #   ok         - Everything worked just fine.
+ #   error:why  - There was a failure and why describes the reason.
+ #
+ #
+ sub ReinitProcess {
+     my $request = shift;
+     # separate the request (reinit) from the process identifier and
+     # validate it producing the name of the .pid file for the process.
+     #
+     #
+     my ($junk, $process) = split(":", $request);
+     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
+     if($process eq 'lonc') {
+ 	$processpidfile = $processpidfile."lonc.pid";
+ 	if (!open(PIDFILE, "< $processpidfile")) {
+ 	    return "error:Open failed for $processpidfile";
+ 	}
+ 	my $loncpid = <PIDFILE>;
+ 	close(PIDFILE);
+ 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
+ 		."</font>");
+ 	kill("USR2", $loncpid);
+     } elsif ($process eq 'lond') {
+ 	logthis('<font color="red"> Reinitializing self (lond) </font>');
+ 	&UpdateHosts;			# Lond is us!!
+     } else {
+ 	&logthis('<font color="yellow" Invalid reinit request for '.$process
+ 		 ."</font>");
+ 	return "error:Invalid process identifier $process";
+     }
+     return 'ok';
+ }
+ #   Validate a line in a configuration file edit script:
+ #   Validation includes:
+ #     - Ensuring the command is valid.
+ #     - Ensuring the command has sufficient parameters
+ #   Parameters:
+ #     scriptline - A line to validate (\n has been stripped for what it's worth).
+ #
+ #   Return:
+ #      0     - Invalid scriptline.
+ #      1     - Valid scriptline
+ #  NOTE:
+ #     Only the command syntax is checked, not the executability of the
+ #     command.
+ #
+ sub isValidEditCommand {
+     my $scriptline = shift;
+     #   Line elements are pipe separated:
+     my ($command, $key, $newline)  = split(/\|/, $scriptline);
+     &logthis('<font color="green"> isValideditCommand checking: '.
+ 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
+     if ($command eq "delete") {
+ 	#
+ 	#   key with no newline.
+ 	#
+ 	if( ($key eq "") || ($newline ne "")) {
+ 	    return 0;		# Must have key but no newline.
+ 	} else {
+ 	    return 1;		# Valid syntax.
+ 	}
+     } elsif ($command eq "replace") {
+ 	#
+ 	#   key and newline:
+ 	#
+ 	if (($key eq "") || ($newline eq "")) {
+ 	    return 0;
+ 	} else {
+ 	    return 1;
+ 	}
+     } elsif ($command eq "append") {
+ 	if (($key ne "") && ($newline eq "")) {
+ 	    return 1;
+ 	} else {
+ 	    return 0;
+ 	}
+     } else {
+ 	return 0;		# Invalid command.
+     }
+     return 0;			# Should not get here!!!
+ }
+ #
+ #   ApplyEdit - Applies an edit command to a line in a configuration
+ #               file.  It is the caller's responsiblity to validate the
+ #               edit line.
+ #   Parameters:
+ #      $directive - A single edit directive to apply.
+ #                   Edit directives are of the form:
+ #                  append|newline      - Appends a new line to the file.
+ #                  replace|key|newline - Replaces the line with key value 'key'
+ #                  delete|key          - Deletes the line with key value 'key'.
+ #      $editor   - A config file editor object that contains the
+ #                  file being edited.
+ #
+ sub ApplyEdit {
+     my ($directive, $editor) = @_;
+     # Break the directive down into its command and its parameters
+     # (at most two at this point.  The meaning of the parameters, if in fact
+     #  they exist depends on the command).
+     my ($command, $p1, $p2) = split(/\|/, $directive);
+     if($command eq "append") {
+ 	$editor->Append($p1);	          # p1 - key p2 null.
+     } elsif ($command eq "replace") {
+ 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
+     } elsif ($command eq "delete") {
+ 	$editor->DeleteLine($p1);         # p1 - key p2 null.
+     } else {			          # Should not get here!!!
+ 	die "Invalid command given to ApplyEdit $command"
+     }
+ }
+ #
+ # AdjustOurHost:
+ #           Adjusts a host file stored in a configuration file editor object
+ #           for the true IP address of this host. This is necessary for hosts
+ #           that live behind a firewall.
+ #           Those hosts have a publicly distributed IP of the firewall, but
+ #           internally must use their actual IP.  We assume that a given
+ #           host only has a single IP interface for now.
+ # Formal Parameters:
+ #     editor   - The configuration file editor to adjust.  This
+ #                editor is assumed to contain a hosts.tab file.
+ # Strategy:
+ #    - Figure out our hostname.
+ #    - Lookup the entry for this host.
+ #    - Modify the line to contain our IP
+ #    - Do a replace for this host.
+ sub AdjustOurHost {
+     my $editor        = shift;
+     # figure out who I am.
+     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
+     #  Get my host file entry.
+     my $ConfigLine    = $editor->Find($myHostName);
+     if(! (defined $ConfigLine)) {
+ 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
+     }
+     # figure out my IP:
+     #   Use the config line to get my hostname.
+     #   Use gethostbyname to translate that into an IP address.
+     #
+     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
+     my $BinaryIp = gethostbyname($name);
+     my $ip       = inet_ntoa($ip);
+     #
+     #  Reassemble the config line from the elements in the list.
+     #  Note that if the loncnew items were not present before, they will
+     #  be now even if they would be empty
+     #
+     my $newConfigLine = $id;
+     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
+ 	$newConfigLine .= ":".$item;
+     }
+     #  Replace the line:
+     $editor->ReplaceLine($id, $newConfigLine);
+ }
+ #
+ #   ReplaceConfigFile:
+ #              Replaces a configuration file with the contents of a
+ #              configuration file editor object.
+ #              This is done by:
+ #              - Copying the target file to <filename>.old
+ #              - Writing the new file to <filename>.tmp
+ #              - Moving <filename.tmp>  -> <filename>
+ #              This laborious process ensures that the system is never without
+ #              a configuration file that's at least valid (even if the contents
+ #              may be dated).
+ #   Parameters:
+ #        filename   - Name of the file to modify... this is a full path.
+ #        editor     - Editor containing the file.
+ #
+ sub ReplaceConfigFile {
+     my ($filename, $editor) = @_;
+     CopyFile ($filename, $filename.".old");
+     my $contents  = $editor->Get(); # Get the contents of the file.
+     InstallFile($filename, $contents);
+ }
+ #
+ #
+ #   Called to edit a configuration table  file
+ #   Parameters:
+ #      request           - The entire command/request sent by lonc or lonManage
+ #   Return:
+ #      The reply to send to the client.
+ #
+ sub EditFile {
+     my $request = shift;
+     #  Split the command into it's pieces:  edit:filetype:script
+     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
+     #  Check the pre-coditions for success:
+     if($request != "edit") {	# Something is amiss afoot alack.
+ 	return "error:edit request detected, but request != 'edit'\n";
+     }
+     if( ($filetype ne "hosts")  &&
+ 	($filetype ne "domain")) {
+ 	return "error:edit requested with invalid file specifier: $filetype \n";
+     }
+     #   Split the edit script and check it's validity.
+     my @scriptlines = split(/\n/, $script);  # one line per element.
+     my $linecount   = scalar(@scriptlines);
+     for(my $i = 0; $i < $linecount; $i++) {
+ 	chomp($scriptlines[$i]);
+ 	if(!isValidEditCommand($scriptlines[$i])) {
+ 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
+ 	}
+     }
+     #   Execute the edit operation.
+     #   - Create a config file editor for the appropriate file and
+     #   - execute each command in the script:
+     #
+     my $configfile = ConfigFileFromSelector($filetype);
+     if (!(defined $configfile)) {
+ 	return "refused\n";
+     }
+     my $editor = ConfigFileEdit->new($configfile);
+     for (my $i = 0; $i < $linecount; $i++) {
+ 	ApplyEdit($scriptlines[$i], $editor);
+     }
+     # If the file is the host file, ensure that our host is
+     # adjusted to have our ip:
+     #
+     if($filetype eq "host") {
+ 	AdjustOurHost($editor);
+     }
+     #  Finally replace the current file with our file.
+     #
+     ReplaceConfigFile($configfile, $editor);
+     return "ok\n";
+ }
+ #---------------------------------------------------------------
+ #
+ # Manipulation of hash based databases (factoring out common code
+ # for later use as we refactor.
  #
  #  Ties a domain level resource file to a hash.
  #  If requested a history entry is created in the associated hist file.
- Line 178  sub isClient {
+ Line 988  sub isClient {
  #    Reference to a hash bound to the db file or alternatively undef
  #    if the tie failed.
  #
- sub TieDomainHash {
+ sub tie_domain_hash {
-     my $domain    = shift;
+     my ($domain,$namespace,$how,$loghead,$logtail) = @_;
-     my $namespace = shift;
-     my $how       = shift;
      # Filter out any whitespace in the domain name:
- Line 189  sub TieDomainHash {
+ Line 997  sub TieDomainHash {
      # We have enough to go on to tie the hash:
-     my $UserTopDir   = $perlvar{'lonUsersDir'};
+     my $user_top_dir   = $perlvar{'lonUsersDir'};
-     my $DomainDir    = $UserTopDir."/$domain";
+     my $domain_dir     = $user_top_dir."/$domain";
-     my $ResourceFile = $DomainDir."/$namespace.db";
+     my $resource_file  = $domain_dir."/$namespace.db";
      my %hash;
-     if(tie(%hash, 'GDBM_File', $ResourceFile, $how, 0640)) {
+     if(tie(%hash, 'GDBM_File', $resource_file, $how, 0640)) {
- 	if (scalar @_) {	# Need to log the operation.
+ 	if (defined($loghead)) {	# Need to log the operation.
- 	    my $logFh = IO::File->new(">>$DomainDir/$namespace.hist");
+ 	    my $logFh = IO::File->new(">>$domain_dir/$namespace.hist");
  	    if($logFh) {
- 		my $TimeStamp = time;
+ 		my $timestamp = time;
- 		my ($loghead, $logtail) = @_;
+ 		print $logFh "$loghead:$timestamp:$logtail\n";
- 		print $logFh "$loghead:$TimeStamp:$logtail\n";
  	    }
+ 	    $logFh->close;
  	}
  	return \%hash;		# Return the tied hash.
-     }
+     } else {
-     else {
  	return undef;		# Tie failed.
      }
  }
- Line 228  sub TieDomainHash {
+ Line 1035  sub TieDomainHash {
  #   hash to which the database is tied.  It's up to the caller to untie.
  #   undef if the has could not be tied.
  #
- sub TieUserHash {
+ sub tie_user_hash {
-     my $domain      = shift;
+     my ($domain,$user,$namespace,$how,$loghead,$what) = @_;
-     my $user        = shift;
-     my $namespace   = shift;
-     my $how         = shift;
      $namespace=~s/\//\_/g;	# / -> _
      $namespace=~s/\W//g;		# whitespace eliminated.
      my $proname     = propath($domain, $user);
-     # If this is a namespace for which a history is kept,
-     # make the history log entry:
-     unless ($namespace =~/^nohist\_/ && (scalar @_ > 0)) {
- 	my $hfh = IO::File->new(">>$proname/$namespace.hist");
- 	if($hfh) {
- 	    my $now = time;
- 	    my $loghead  = shift;
- 	    my $what    = shift;
- 	    print $hfh "$loghead:$now:$what\n";
- 	}
-     }
      #  Tie the database.
      my %hash;
-     if(tie(%hash, 'GDBM_FILE', "$proname/$namespace.db",
+     if(tie(%hash, 'GDBM_File', "$proname/$namespace.db",
  	   $how, 0640)) {
+ 	# If this is a namespace for which a history is kept,
+ 	# make the history log entry:
+ 	if (($namespace !~/^nohist\_/) && (defined($loghead))) {
+ 	    my $args = scalar @_;
+ 	    Debug(" Opening history: $namespace $args");
+ 	    my $hfh = IO::File->new(">>$proname/$namespace.hist");
+ 	    if($hfh) {
+ 		my $now = time;
+ 		print $hfh "$loghead:$now:$what\n";
+ 	    }
+ 	    $hfh->close;
+ 	}
  	return \%hash;
-     }
+     } else {
-     else {
  	return undef;
      }
  }
+ #   read_profile
  #
- #   Get a Request:
+ #   Returns a set of specific entries from a user's profile file.
- #   Gets a Request message from the client.  The transaction
+ #   this is a utility function that is used by both get_profile_entry and
- #   is defined as a 'line' of text.  We remove the new line
+ #   get_profile_entry_encrypted.
- #   from the text line.
- #
- sub GetRequest {
-     my $input = <$client>;
-     chomp($input);
-     Debug("Request = $input\n");
-     &status('Processing '.$clientname.':'.$input);
-     return $input;
- }
  #
- #   Decipher encoded traffic
+ # Parameters:
- #  Parameters:
+ #    udom       - Domain in which the user exists.
- #     input      - Encoded data.
+ #    uname      - User's account name (loncapa account)
- #  Returns:
+ #    namespace  - The profile namespace to open.
- #     Decoded data or undef if encryption key was not yet negotiated.
+ #    what       - A set of & separated queries.
- #  Implicit input:
+ # Returns:
- #     cipher  - This global holds the negotiated encryption key.
+ #    If all ok: - The string that needs to be shipped back to the user.
+ #    If failure - A string that starts with error: followed by the failure
+ #                 reason.. note that this probabyl gets shipped back to the
+ #                 user as well.
  #
- sub Decipher {
+ sub read_profile {
-     my $input  = shift;
+     my ($udom, $uname, $namespace, $what) = @_;
-     my $output = '';
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
+ 				 &GDBM_READER());
-     if($cipher) {
+     if ($hashref) {
- 	my($enc, $enclength, $encinput) = split(/:/, $input);
+         my @queries=split(/\&/,$what);
- 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
+         my $qresult='';
- 	    $output .=
- 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
+ 	for (my $i=0;$i<=$#queries;$i++) {
+ 	    $qresult.="$hashref->{$queries[$i]}&";    # Presumably failure gives empty string.
+ 	}
+ 	$qresult=~s/\&$//;              # Remove trailing & from last lookup.
+ 	if (untie %$hashref) {
+ 	    return $qresult;
+ 	} else {
+ 	    return "error: ".($!+0)." untie (GDBM) Failed";
  	}
- 	return substr($output, 0, $enclength);
      } else {
- 	return undef;
+ 	if ($!+0 == 2) {
+ 	    return "error:No such file or GDBM reported bad block error";
+ 	} else {
+ 	    return "error: ".($!+0)." tie (GDBM) Failed";
+ 	}
      }
- }
- #
- #   Register a command processor.  This function is invoked to register a sub
- #   to process a request.  Once registered, the ProcessRequest sub can automatically
- #   dispatch requests to an appropriate sub, and do the top level validity checking
- #   as well:
- #    - Is the keyword recognized.
- #    - Is the proper client type attempting the request.
- #    - Is the request encrypted if it has to be.
- #   Parameters:
- #    $RequestName         - Name of the request being registered.
- #                           This is the command request that will match
- #                           against the hash keywords to lookup the information
- #                           associated with the dispatch information.
- #    $Procedure           - Reference to a sub to call to process the request.
- #                           All subs get called as follows:
- #                             Procedure($cmd, $tail, $replyfd, $key)
- #                             $cmd    - the actual keyword that invoked us.
- #                             $tail   - the tail of the request that invoked us.
- #                             $replyfd- File descriptor connected to the client
- #    $MustEncode          - True if the request must be encoded to be good.
- #    $ClientOk            - True if it's ok for a client to request this.
- #    $ManagerOk           - True if it's ok for a manager to request this.
- # Side effects:
- #      - On success, the Dispatcher hash has an entry added for the key $RequestName
- #      - On failure, the program will die as it's a bad internal bug to try to
- #        register a duplicate command handler.
- #
- sub RegisterHandler {
-     my $RequestName    = shift;
-     my $Procedure      = shift;
-     my $MustEncode     = shift;
-     my $ClientOk       = shift;
-     my $ManagerOk      = shift;
-     #  Don't allow duplication#
-     if (defined $Dispatcher{$RequestName}) {
- 	die "Attempting to define a duplicate request handler for $RequestName\n";
-     }
-     #   Build the client type mask:
-     my $ClientTypeMask = 0;
-     if($ClientOk) {
- 	$ClientTypeMask  |= $CLIENT_OK;
-     }
-     if($ManagerOk) {
- 	$ClientTypeMask  |= $MANAGER_OK;
-     }
-     #  Enter the hash:
-     my @entry = ($Procedure, $MustEncode, $ClientTypeMask);
-     $Dispatcher{$RequestName} = \@entry;
  }
  #--------------------- Request Handlers --------------------------------------------
  #
- #   By convention each request handler registers itself prior to the sub declaration:
+ #   By convention each request handler registers itself prior to the sub
+ #   declaration:
  #
+ #++
+ #
  #  Handles ping requests.
  #  Parameters:
  #      $cmd    - the actual keyword that invoked us.
- Line 382  sub RegisterHandler {
+ Line 1131  sub RegisterHandler {
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
+ sub ping_handler {
- sub PingHandler {
+     my ($cmd, $tail, $client) = @_;
-     my $cmd    = shift;
+     Debug("$cmd $tail $client .. $currenthostid:");
-     my $tail   = shift;
-     my $client = shift;
      Reply( $client,"$currenthostid\n","$cmd:$tail");
      return 1;
  }
- RegisterHandler("ping", \&PingHandler, 0, 1, 1);       # Ping unencoded, client or manager.
+ &register_handler("ping", \&ping_handler, 0, 1, 1);       # Ping unencoded, client or manager.
+ #++
+ #
+ # Handles pong requests.  Pong replies with our current host id, and
+ #                         the results of a ping sent to us via our lonc.
  #
- # Handles pong reequests:
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 407  RegisterHandler("ping", \&PingHandler, 0
+ Line 1158  RegisterHandler("ping", \&PingHandler, 0
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
+ sub pong_handler {
- sub PongHandler {
+     my ($cmd, $tail, $replyfd) = @_;
-     my $cmd     = shift;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $reply=&reply("ping",$clientname);
-     Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
+     &Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("pong", \&PongHandler, 0, 1, 1);       # Pong unencoded, client or manager
+ &register_handler("pong", \&pong_handler, 0, 1, 1);       # Pong unencoded, client or manager
- #
+ #++
- #   EstablishKeyHandler:
  #      Called to establish an encrypted session key with the remote client.
- #
+ #      Note that with secure lond, in most cases this function is never
+ #      invoked.  Instead, the secure session key is established either
+ #      via a local file that's locked down tight and only lives for a short
+ #      time, or via an ssl tunnel...and is generated from a bunch-o-random
+ #      bits from /dev/urandom, rather than the predictable pattern used by
+ #      by this sub.  This sub is only used in the old-style insecure
+ #      key negotiation.
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 438  RegisterHandler("pong", \&PongHandler, 0
+ Line 1191  RegisterHandler("pong", \&PongHandler, 0
  #      Reply information is sent to the client.
  #      $cipher is set with a reference to a new IDEA encryption object.
  #
- sub EstablishKeyHandler {
+ sub establish_key_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail     = shift;
-     my $replyfd  = shift;
      my $buildkey=time.$$.int(rand 100000);
      $buildkey=~tr/1-6/A-F/;
- Line 454  sub EstablishKeyHandler {
+ Line 1205  sub EstablishKeyHandler {
      $key=substr($key,0,32);
      my $cipherkey=pack("H32",$key);
      $cipher=new IDEA $cipherkey;
-     Reply($replyfd, "$buildkey\n", "$cmd:$tail");
+     &Reply($replyfd, "$buildkey\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("ekey", \&EstablishKeyHandler, 0, 1,1);
+ &register_handler("ekey", \&establish_key_handler, 0, 1,1);
- #  LoadHandler:
  #     Handler for the load command.  Returns the current system load average
  #     to the requestor.
  #
- Line 478  RegisterHandler("ekey", \&EstablishKeyHa
+ Line 1228  RegisterHandler("ekey", \&EstablishKeyHa
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
- sub LoadHandler {
+ sub load_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
     # Get the load average from /proc/loadavg and calculate it as a percentage of
     # the allowed load limit as set by the perl global variable lonLoadLim
- Line 494  sub LoadHandler {
+ Line 1242  sub LoadHandler {
      my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
-     Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
+     &Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("load", \&LoadHandler, 0, 1, 0);
+ &register_handler("load", \&load_handler, 0, 1, 0);
  #
  #   Process the userload request.  This sub returns to the client the current
- Line 521  RegisterHandler("load", \&LoadHandler, 0
+ Line 1268  RegisterHandler("load", \&LoadHandler, 0
  #  Implicit outputs:
  #     the reply is written to the client.
  #
- sub UserLoadHandler {
+ sub user_load_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $userloadpercent=&userload();
-     Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
+     &Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
      return 1;
  }
- RegisterHandler("userload", \&UserLoadHandler, 0, 1, 0);
+ &register_handler("userload", \&user_load_handler, 0, 1, 0);
  #   Process a request for the authorization type of a user:
  #   (userauth).
- Line 546  RegisterHandler("userload", \&UserLoadHa
+ Line 1291  RegisterHandler("userload", \&UserLoadHa
  # Implicit outputs:
  #    The user authorization type is written to the client.
  #
- sub UserAuthorizationType {
+ sub user_authorization_type {
-     my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-     my $tail    = shift;
-     my $replyfd = shift;
      my $userinput = "$cmd:$tail";
      #  Pull the domain and username out of the command tail.
-     # and call GetAuthType to determine the authentication type.
+     # and call get_auth_type to determine the authentication type.
      my ($udom,$uname)=split(/:/,$tail);
-     my $result = GetAuthType($udom, $uname);
+     my $result = &get_auth_type($udom, $uname);
      if($result eq "nouser") {
- 	Failure( $replyfd, "unknown_user\n", $userinput);
+ 	&Failure( $replyfd, "unknown_user\n", $userinput);
      } else {
  	#
- 	# We only want to pass the second field from GetAuthType
+ 	# We only want to pass the second field from get_auth_type
  	# for ^krb.. otherwise we'll be handing out the encrypted
  	# password for internals e.g.
  	#
- Line 570  sub UserAuthorizationType {
+ Line 1313  sub UserAuthorizationType {
  	if($type =~ /^krb/) {
  	    $type = $result;
  	}
- 	Reply( $replyfd, "$type\n", $userinput);
+ 	&Reply( $replyfd, "$type:\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("currentauth", \&UserAuthorizationType, 1, 1, 0);
+ &register_handler("currentauth", \&user_authorization_type, 1, 1, 0);
- #
  #   Process a request by a manager to push a hosts or domain table
  #   to us.  We pick apart the command and pass it on to the subs
  #   that already exist to do this.
- Line 590  RegisterHandler("currentauth", \&UserAut
+ Line 1333  RegisterHandler("currentauth", \&UserAut
  #      0       - Program should exit
  # Implicit Output:
  #    a reply is written to the client.
+ sub push_file_handler {
- sub PushFileHandler {
+     my ($cmd, $tail, $client) = @_;
-     my $cmd    = shift;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
- Line 602  sub PushFileHandler {
+ Line 1342  sub PushFileHandler {
      # the code below is a hook to do further authentication (e.g. to resolve
      # spoofing).
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	# Now presumably we have the bona fides of both the peer host and the
  	# process making the request.
- 	my $reply = PushFile($userinput);
+ 	my $reply = &PushFile($userinput);
- 	Reply($client, "$reply\n", $userinput);
+ 	&Reply($client, "$reply\n", $userinput);
      } else {
- 	Failure( $client, "refused\n", $userinput);
+ 	&Failure( $client, "refused\n", $userinput);
      }
+     return 1;
  }
- RegisterHandler("pushfile", \&PushFileHandler, 1, 0, 1);
+ &register_handler("pushfile", \&push_file_handler, 1, 0, 1);
+ #
+ #   du  - list the disk usuage of a directory recursively.
+ #
+ #   note: stolen code from the ls file handler
+ #   under construction by Rick Banghart
+ #    .
+ # Parameters:
+ #    $cmd        - The command that dispatched us (du).
+ #    $ududir     - The directory path to list... I'm not sure what this
+ #                  is relative as things like ls:. return e.g.
+ #                  no_such_dir.
+ #    $client     - Socket open on the client.
+ # Returns:
+ #     1 - indicating that the daemon should not disconnect.
+ # Side Effects:
+ #   The reply is written to  $client.
+ #
+ sub du_handler {
+     my ($cmd, $ududir, $client) = @_;
+     my ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier.
+     my $userinput = "$cmd:$ududir";
+     if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) {
+ 	&Failure($client,"refused\n","$cmd:$ududir");
+ 	return 1;
+     }
+     #  Since $ududir could have some nasties in it,
+     #  we will require that ududir is a valid
+     #  directory.  Just in case someone tries to
+     #  slip us a  line like .;(cd /home/httpd rm -rf*)
+     #  etc.
+     #
+     if (-d $ududir) {
+ 	#  And as Shakespeare would say to make
+ 	#  assurance double sure,
+ 	# use execute_command to ensure that the command is not executed in
+ 	# a shell that can screw us up.
+ 	my $duout = execute_command("du -ks $ududir");
+ 	$duout=~s/[^\d]//g; #preserve only the numbers
+ 	&Reply($client,"$duout\n","$cmd:$ududir");
+     } else {
+ 	&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir");
+     }
+     return 1;
+ }
+ &register_handler("du", \&du_handler, 0, 1, 0);
+ #
+ #   ls  - list the contents of a directory.  For each file in the
+ #    selected directory the filename followed by the full output of
+ #    the stat function is returned.  The returned info for each
+ #    file are separated by ':'.  The stat fields are separated by &'s.
+ # Parameters:
+ #    $cmd        - The command that dispatched us (ls).
+ #    $ulsdir     - The directory path to list... I'm not sure what this
+ #                  is relative as things like ls:. return e.g.
+ #                  no_such_dir.
+ #    $client     - Socket open on the client.
+ # Returns:
+ #     1 - indicating that the daemon should not disconnect.
+ # Side Effects:
+ #   The reply is written to  $client.
+ #
+ sub ls_handler {
+     my ($cmd, $ulsdir, $client) = @_;
+     my $userinput = "$cmd:$ulsdir";
+     my $obs;
+     my $rights;
+     my $ulsout='';
+     my $ulsfn;
+     if (-e $ulsdir) {
+ 	if(-d $ulsdir) {
+ 	    if (opendir(LSDIR,$ulsdir)) {
+ 		while ($ulsfn=readdir(LSDIR)) {
+ 		    undef $obs, $rights;
+ 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
+ 		    #We do some obsolete checking here
+ 		    if(-e $ulsdir.'/'.$ulsfn.".meta") {
+ 			open(FILE, $ulsdir.'/'.$ulsfn.".meta");
+ 			my @obsolete=<FILE>;
+ 			foreach my $obsolete (@obsolete) {
+ 			    if($obsolete =~ m|(<obsolete>)(on)|) { $obs = 1; }
+ 			    if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
+ 			}
+ 		    }
+ 		    $ulsout.=$ulsfn.'&'.join('&',@ulsstats);
+ 		    if($obs eq '1') { $ulsout.="&1"; }
+ 		    else { $ulsout.="&0"; }
+ 		    if($rights eq '1') { $ulsout.="&1:"; }
+ 		    else { $ulsout.="&0:"; }
+ 		}
+ 		closedir(LSDIR);
+ 	    }
+ 	} else {
+ 	    my @ulsstats=stat($ulsdir);
+ 	    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
+ 	}
+     } else {
+ 	$ulsout='no_such_dir';
+     }
+     if ($ulsout eq '') { $ulsout='empty'; }
+     &Reply($client, "$ulsout\n", $userinput); # This supports debug logging.
+     return 1;
+ }
+ &register_handler("ls", \&ls_handler, 0, 1, 0);
  #   Process a reinit request.  Reinit requests that either
  #   lonc or lond be reinitialized so that an updated
- Line 633  RegisterHandler("pushfile", \&PushFileHa
+ Line 1485  RegisterHandler("pushfile", \&PushFileHa
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub ReinitProcessHandler {
+ sub reinit_process_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	chomp($userinput);
- 	my $reply = ReinitProcess($userinput);
+ 	my $reply = &ReinitProcess($userinput);
- 	Reply( $client,  "$reply\n", $userinput);
+ 	&Reply( $client,  "$reply\n", $userinput);
      } else {
- 	Failure( $client, "refused\n", $userinput);
+ 	&Failure( $client, "refused\n", $userinput);
      }
      return 1;
  }
+ &register_handler("reinit", \&reinit_process_handler, 1, 0, 1);
- RegisterHandler("reinit", \&ReinitProcessHandler, 1, 0, 1);
  #  Process the editing script for a table edit operation.
  #  the editing operation must be encrypted and requested by
- Line 667  RegisterHandler("reinit", \&ReinitProces
+ Line 1516  RegisterHandler("reinit", \&ReinitProces
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub EditTableHandler {
+ sub edit_table_handler {
-     my $command    = shift;
+     my ($command, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
      my $userinput = "$command:$tail";
-     my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-     if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
  	my($filetype, $script) = split(/:/, $tail);
  	if (($filetype eq "hosts") ||
  	    ($filetype eq "domain")) {
  	    if($script ne "") {
- 		Reply($client,              # BUGBUG - EditFile
+ 		&Reply($client,              # BUGBUG - EditFile
- 		      EditFile($userinput), #   could fail.
+ 		      &EditFile($userinput), #   could fail.
  		      $userinput);
  	    } else {
- 		Failure($client,"refused\n",$userinput);
+ 		&Failure($client,"refused\n",$userinput);
  	    }
  	} else {
- 	    Failure($client,"refused\n",$userinput);
+ 	    &Failure($client,"refused\n",$userinput);
  	}
      } else {
- 	Failure($client,"refused\n",$userinput);
+ 	&Failure($client,"refused\n",$userinput);
      }
      return 1;
  }
- RegisterHandler("edit", \&EditTableHandler, 1, 0, 1);
+ &register_handler("edit", \&edit_table_handler, 1, 0, 1);
  #
  #   Authenticate a user against the LonCAPA authentication
- Line 721  RegisterHandler("edit", \&EditTableHandl
+ Line 1567  RegisterHandler("edit", \&EditTableHandl
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub AuthenticateHandler {
+ sub authenticate_handler {
-     my $cmd        = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
      #  Regenerate the full input line
- Line 735  sub AuthenticateHandler {
+ Line 1580  sub AuthenticateHandler {
      #  upass   - User's password.
      my ($udom,$uname,$upass)=split(/:/,$tail);
-     Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
+     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
      chomp($upass);
-     $upass=unescape($upass);
+     $upass=&unescape($upass);
-     # Fetch the user authentication information:
+     my $pwdcorrect = &validate_user($udom, $uname, $upass);
+     if($pwdcorrect) {
-     my $realpasswd = GetAuthType($udom, $uname);
+ 	&Reply( $client, "authorized\n", $userinput);
-     if($realpasswd ne "nouser") { # nouser means no passwd file.
- 	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
- 	my $pwdcorrect=0;
  	#
- 	#   Authenticate against password stored in the internal file.
+ 	#  Bad credentials: Failed to authorize
  	#
- 	Debug("Authenticating via $howpwd");
- 	if ($howpwd eq 'internal') {
- 	    &Debug("Internal auth");
- 	    $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
- 	    #
- 	    #   Authenticate against the unix password file.
- 	    #
- 	} elsif ($howpwd eq 'unix') {
- 	    &Debug("Unix auth");
- 	    if((getpwnam($uname))[1] eq "") { #no such user!
- 		$pwdcorrect = 0;
- 	    } else {
- 		$contentpwd=(getpwnam($uname))[1];
- 		my $pwauth_path="/usr/local/sbin/pwauth";
- 		unless ($contentpwd eq 'x') { # Not in shadow file.
- 		    $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
- 		} elsif (-e $pwauth_path) { # In shadow file so
- 		    open PWAUTH, "|$pwauth_path" or # use external program
- 			die "Cannot invoke authentication";
- 		    print PWAUTH "$uname\n$upass\n";
- 		    close PWAUTH;
- 		    $pwdcorrect=!$?;
- 		}
- 	    }
- 	    #
- 	    #   Authenticate against a Kerberos 4 server:
- 	    #
- 	} elsif ($howpwd eq 'krb4') {
- 	    my $null=pack("C",0);
- 	    unless ($upass=~/$null/) {
- 		my $krb4_error = &Authen::Krb4::get_pw_in_tkt($uname,
- 							      "",
- 							      $contentpwd,
- 							      'krbtgt',
- 							      $contentpwd,
-,
- 							      $upass);
- 		if (!$krb4_error) {
- 		    $pwdcorrect = 1;
- 		} else {
- 		    $pwdcorrect=0;
- 		    # log error if it is not a bad password
- 		    if ($krb4_error != 62) {
- 			&logthis('krb4:'.$uname.','.$contentpwd.','.
- 				 &Authen::Krb4::get_err_txt($Authen::Krb4::error));
- 		    }
- 		}
- 	    }
- 	    #
- 	    #   Authenticate against a Kerberos 5 server:
- 	    #
- 	} elsif ($howpwd eq 'krb5') {
- 	    my $null=pack("C",0);
- 	    unless ($upass=~/$null/) {
- 		my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
- 		my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
- 		my $krbserver=&Authen::Krb5::parse_name($krbservice);
- 		my $credentials=&Authen::Krb5::cc_default();
- 		$credentials->initialize($krbclient);
- 		my $krbreturn = &Authen::Krb5::get_in_tkt_with_password($krbclient,
- 									$krbserver,
- 									$upass,
- 									$credentials);
- 		$pwdcorrect = ($krbreturn == 1);
- 	    } else {
- 		$pwdcorrect=0;
- 	    }
- 	    #
- 	    #  Finally, the user may have written in an authentication module.
- 	    #  in that case, if requested, authenticate against it.
- 	    #
- 	} elsif ($howpwd eq 'localauth') {
- 	    $pwdcorrect=&localauth::localauth($uname,$upass,$contentpwd);
- 	}
- 	#
- 	#   Successfully authorized.
- 	#
- 	if ($pwdcorrect) {
- 	    Reply( $client, "authorized\n", $userinput);
- 	    #
- 	    #  Bad credentials: Failed to authorize
- 	    #
- 	} else {
- 	    Failure( $client, "non_authorized\n", $userinput);
- 	}
- 	#  Used to be unknown_user but that allows crackers to
- 	#  distinguish between bad username and bad password so...
- 	#
      } else {
- 	Failure( $client, "non_authorized\n", $userinput);
+ 	&Failure( $client, "non_authorized\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("auth", \&AuthenticateHandler, 1, 1, 0);
+ &register_handler("auth", \&authenticate_handler, 1, 1, 0);
  #
  #   Change a user's password.  Note that this function is complicated by
- Line 864  RegisterHandler("auth", \&AuthenticateHa
+ Line 1619  RegisterHandler("auth", \&AuthenticateHa
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub ChangePasswordHandler {
+ sub change_password_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput = $cmd.":".$tail;           # Reconstruct client's string.
      #
- Line 878  sub ChangePasswordHandler {
+ Line 1631  sub ChangePasswordHandler {
      #  npass - New password.
      my ($udom,$uname,$upass,$npass)=split(/:/,$tail);
-     chomp($npass);
      $upass=&unescape($upass);
      $npass=&unescape($npass);
      &Debug("Trying to change password for $uname");
-     my $realpasswd  = GetAuthType($udom, $uname);
-     if ($realpasswd ne "nouser") {
+     # First require that the user can be authenticated with their
+     # old password:
+     my $validated = &validate_user($udom, $uname, $upass);
+     if($validated) {
+ 	my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.
  	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
  	if ($howpwd eq 'internal') {
  	    &Debug("internal auth");
- 	    if (crypt($upass,$contentpwd) eq $contentpwd) {
+ 	    my $salt=time;
- 		my $salt=time;
+ 	    $salt=substr($salt,6,2);
- 		$salt=substr($salt,6,2);
+ 	    my $ncpass=crypt($npass,$salt);
- 		my $ncpass=crypt($npass,$salt);
+ 	    if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
- 		if(RewritePwFile($udom, $uname, "internal:$ncpass")) {
+ 		&logthis("Result of password change for "
- 		    &logthis("Result of password change for "
+ 			 ."$uname: pwchange_success");
- 			     ."$uname: pwchange_success");
+ 		&Reply($client, "ok\n", $userinput);
- 		    Reply($client, "ok\n", $userinput);
- 		} else {
- 		    &logthis("Unable to open $uname passwd "
- 			     ."to change password");
- 		    Failure( $client, "non_authorized\n",$userinput);
- 		}
  	    } else {
- 		Failure($client, "non_authorized\n", $userinput);
+ 		&logthis("Unable to open $uname passwd "
+ 			 ."to change password");
+ 		&Failure( $client, "non_authorized\n",$userinput);
  	    }
  	} elsif ($howpwd eq 'unix') {
  	    # Unix means we have to access /etc/password
- 	    # one way or another.
- 	    # First: Make sure the current password is
- 	    #        correct
  	    &Debug("auth is unix");
- 	    $contentpwd=(getpwnam($uname))[1];
+ 	    my $execdir=$perlvar{'lonDaemons'};
- 	    my $pwdcorrect = "0";
+ 	    &Debug("Opening lcpasswd pipeline");
- 	    my $pwauth_path="/usr/local/sbin/pwauth";
+ 	    my $pf = IO::File->new("|$execdir/lcpasswd > "
- 	    unless ($contentpwd eq 'x') {
+ 				   ."$perlvar{'lonDaemons'}"
- 		$pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
+ 				   ."/logs/lcpasswd.log");
- 	    } elsif (-e $pwauth_path) {
+ 	    print $pf "$uname\n$npass\n$npass\n";
- 		open PWAUTH, "|$pwauth_path" or
+ 	    close $pf;
- 		    die "Cannot invoke authentication";
+ 	    my $err = $?;
- 		print PWAUTH "$uname\n$upass\n";
+ 	    my $result = ($err>0 ? 'pwchange_failure' : 'ok');
- 		close PWAUTH;
+ 	    &logthis("Result of password change for $uname: ".
- 		&Debug("exited pwauth with $? ($uname,$upass) ");
+ 		     &lcpasswdstrerror($?));
- 		$pwdcorrect=($? == 0);
+ 	    &Reply($client, "$result\n", $userinput);
- 	    }
- 	    if ($pwdcorrect) {
- 		my $execdir=$perlvar{'lonDaemons'};
- 		&Debug("Opening lcpasswd pipeline");
- 		my $pf = IO::File->new("|$execdir/lcpasswd > "
- 				       ."$perlvar{'lonDaemons'}"
- 				       ."/logs/lcpasswd.log");
- 		print $pf "$uname\n$npass\n$npass\n";
- 		close $pf;
- 		my $err = $?;
- 		my $result = ($err>0 ? 'pwchange_failure' : 'ok');
- 		&logthis("Result of password change for $uname: ".
- 			 &lcpasswdstrerror($?));
- 		Reply($client, "$result\n", $userinput);
- 	    } else {
- 		Reply($client, "non_authorized\n", $userinput);
- 	    }
  	} else {
  	    # this just means that the current password mode is not
  	    # one we know how to change (e.g the kerberos auth modes or
  	    # locally written auth handler).
  	    #
- 	    Reply( $client, "auth_mode_error\n", $userinput);
+ 	    &Failure( $client, "auth_mode_error\n", $userinput);
  	}
      } else {
- 	#  used to be unknonw user but that gives out too much info..
+ 	&Failure( $client, "non_authorized\n", $userinput);
- 	#  so make it the same as if the initial passwd was bad.
- 	#
- 	Reply( $client, "non_authorized\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("passwd", \&ChangePasswordHandler, 1, 1, 0);
+ &register_handler("passwd", \&change_password_handler, 1, 1, 0);
  #
  #   Create a new user.  User in this case means a lon-capa user.
- Line 971  RegisterHandler("passwd", \&ChangePasswo
+ Line 1705  RegisterHandler("passwd", \&ChangePasswo
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub AddUserHandler {
+ sub add_user_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
      my $userinput = $cmd.":".$tail; # Reconstruct the full request line.
- Line 987  sub AddUserHandler {
+ Line 1721  sub AddUserHandler {
  	my $oldumask=umask(0077);
  	chomp($npass);
  	$npass=&unescape($npass);
- 	my $passfilename  = PasswordPath($udom, $uname);
+ 	my $passfilename  = &password_path($udom, $uname);
  	&Debug("Password file created will be:".$passfilename);
  	if (-e $passfilename) {
- 	    Failure( $client, "already_exists\n", $userinput);
+ 	    &Failure( $client, "already_exists\n", $userinput);
  	} else {
- 	    my @fpparts=split(/\//,$passfilename);
- 	    my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
  	    my $fperror='';
- 	    for (my $i=3;$i<= ($#fpparts-1);$i++) {
+ 	    if (!&mkpath($passfilename)) {
- 		$fpnow.='/'.$fpparts[$i];
+ 		$fperror="error: ".($!+0)." mkdir failed while attempting "
- 		unless (-e $fpnow) {
+ 		    ."makeuser";
- 		    unless (mkdir($fpnow,0777)) {
- 			$fperror="error: ".($!+0)." mkdir failed while attempting "
- 			    ."makeuser";
- 		    }
- 		}
  	    }
  	    unless ($fperror) {
  		my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
- 		Reply($client, $result, $userinput);     #BUGBUG - could be fail
+ 		&Reply($client, $result, $userinput);     #BUGBUG - could be fail
  	    } else {
- 		Failure($client, "$fperror\n", $userinput);
+ 		&Failure($client, "$fperror\n", $userinput);
  	    }
  	}
  	umask($oldumask);
      }  else {
- 	Failure($client, "not_right_domain\n",
+ 	&Failure($client, "not_right_domain\n",
  		$userinput);	# Even if we are multihomed.
      }
      return 1;
  }
- RegisterHandler("makeuser", \&AddUserHandler, 1, 1, 0);
+ &register_handler("makeuser", \&add_user_handler, 1, 1, 0);
  #
  #   Change the authentication method of a user.  Note that this may
- Line 1044  RegisterHandler("makeuser", \&AddUserHan
+ Line 1771  RegisterHandler("makeuser", \&AddUserHan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub ChangeAuthenticationHandler {
+ sub change_authentication_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my $userinput  = "$cmd:$tail";              # Reconstruct user input.
      my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
      &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
      if ($udom ne $currentdomainid) {
- 	Failure( $client, "not_right_domain\n", $client);
+ 	&Failure( $client, "not_right_domain\n", $client);
      } else {
  	chomp($npass);
  	$npass=&unescape($npass);
- 	my $passfilename = PasswordPath($udom, $uname);
+ 	my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
+ 	my $passfilename = &password_path($udom, $uname);
  	if ($passfilename) {	# Not allowed to create a new user!!
  	    my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
- 	    Reply($client, $result, $userinput);
+ 	    #
+ 	    #  If the current auth mode is internal, and the old auth mode was
+ 	    #  unix, or krb*,  and the user is an author for this domain,
+ 	    #  re-run manage_permissions for that role in order to be able
+ 	    #  to take ownership of the construction space back to www:www
+ 	    #
+ 	    if( ($oldauth =~ /^unix/) && ($umode eq "internal")) { # unix -> internal
+ 		if(&is_author($udom, $uname)) {
+ 		    &Debug(" Need to manage author permissions...");
+ 		    &manage_permissions("/$udom/_au", $udom, $uname, "internal:");
+ 		}
+ 	    }
+ 	    &Reply($client, $result, $userinput);
  	} else {
- 	    Failure($client, "non_authorized", $userinput); # Fail the user now.
+ 	    &Failure($client, "non_authorized\n", $userinput); # Fail the user now.
  	}
      }
      return 1;
  }
- RegisterHandler("changeuserauth", \&ChangeAuthenticationHandler, 1,1, 0);
+ &register_handler("changeuserauth", \&change_authentication_handler, 1,1, 0);
  #
  #   Determines if this is the home server for a user.  The home server
- Line 1088  RegisterHandler("changeuserauth", \&Chan
+ Line 1830  RegisterHandler("changeuserauth", \&Chan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub IsHomeHandler {
+ sub is_home_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput  = "$cmd:$tail";
      my ($udom,$uname)=split(/:/,$tail);
      chomp($uname);
-     my $passfile = PasswordPath($udom, $uname);
+     my $passfile = &password_filename($udom, $uname);
      if($passfile) {
- 	Reply( $client, "found\n", $userinput);
+ 	&Reply( $client, "found\n", $userinput);
      } else {
- 	Failure($client, "not_found\n", $userinput);
+ 	&Failure($client, "not_found\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("home", \&IsHomeHandler, 0,1,0);
+ &register_handler("home", \&is_home_handler, 0,1,0);
  #
  #   Process an update request for a resource?? I think what's going on here is
  #   that a resource has been modified that we hold a subscription to.
- Line 1128  RegisterHandler("home", \&IsHomeHandler,
+ Line 1869  RegisterHandler("home", \&IsHomeHandler,
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub UpdateResourceHandler {
+ sub update_resource_handler {
-     my $cmd    = shift;
-     my $tail   = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my $fname=$tail;
+     my $fname= $tail;		# This allows interactive testing
      my $ownership=ishome($fname);
      if ($ownership eq 'not_owner') {
  	if (-e $fname) {
- Line 1177  sub UpdateResourceHandler {
+ Line 1919  sub UpdateResourceHandler {
  		    rename($transname,$fname);
  		}
  	    }
- 	    Reply( $client, "ok\n", $userinput);
+ 	    &Reply( $client, "ok\n", $userinput);
  	} else {
- 	    Failure($client, "not_found\n", $userinput);
+ 	    &Failure($client, "not_found\n", $userinput);
  	}
      } else {
- 	Failure($client, "rejected\n", $userinput);
+ 	&Failure($client, "rejected\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("update", \&UpdateResourceHandler, 0 ,1, 0);
+ &register_handler("update", \&update_resource_handler, 0 ,1, 0);
  #
- #   Fetch a user file from a remote server:
+ #   Fetch a user file from a remote server to the user's home directory
+ #   userfiles subdir.
  # Parameters:
  #    $cmd      - The command that got us here.
  #    $tail     - Tail of the command (remaining parameters).
- Line 1198  RegisterHandler("update", \&UpdateResour
+ Line 1941  RegisterHandler("update", \&UpdateResour
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub FetchUserFileHandler {
+ sub fetch_user_file_handler {
-     my $cmd     = shift;
-     my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $client  = shift;
      my $userinput = "$cmd:$tail";
      my $fname           = $tail;
-     my ($udom,$uname,$ufile)=split(/\//,$fname);
+     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
-     my $udir=propath($udom,$uname).'/userfiles';
+     my $udir=&propath($udom,$uname).'/userfiles';
      unless (-e $udir) {
  	mkdir($udir,0770);
      }
+     Debug("fetch user file for $fname");
      if (-e $udir) {
  	$ufile=~s/^[\.\~]+//;
- 	$ufile=~s/\///g;
+ 	# IF necessary, create the path right down to the file.
+ 	# Note that any regular files in the way of this path are
+ 	# wiped out to deal with some earlier folly of mine.
+ 	if (!&mkpath($udir.'/'.$ufile)) {
+ 	    &Failure($client, "unable_to_create\n", $userinput);
+ 	}
  	my $destname=$udir.'/'.$ufile;
  	my $transname=$udir.'/'.$ufile.'.in.transit';
  	my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
  	my $response;
+ 	Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");
  	alarm(120);
  	{
  	    my $ua=new LWP::UserAgent;
- Line 1228  sub FetchUserFileHandler {
+ Line 1980  sub FetchUserFileHandler {
  	    unlink($transname);
  	    my $message=$response->status_line;
  	    &logthis("LWP GET: $message for $fname ($remoteurl)");
- 	    Failure($client, "failed\n", $userinput);
+ 	    &Failure($client, "failed\n", $userinput);
  	} else {
+ 	    Debug("Renaming $transname to $destname");
  	    if (!rename($transname,$destname)) {
  		&logthis("Unable to move $transname to $destname");
  		unlink($transname);
- 		Failure($client, "failed\n", $userinput);
+ 		&Failure($client, "failed\n", $userinput);
  	    } else {
- 		Reply($client, "ok\n", $userinput);
+ 		&Reply($client, "ok\n", $userinput);
  	    }
  	}
      } else {
- 	Failure($client, "not_home\n", $userinput);
+ 	&Failure($client, "not_home\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0);
+ &register_handler("fetchuserfile", \&fetch_user_file_handler, 0, 1, 0);
  #
- #   Authenticate access to a user file.  Question?   The token for athentication
+ #   Remove a file from a user's home directory userfiles subdirectory.
- #   is allowed to be sent as cleartext is this really what we want?  This token
+ # Parameters:
- #   represents the user's session id.  Once it is forged does this allow too much
+ #    cmd   - the Lond request keyword that got us here.
- #   access??
+ #    tail  - the part of the command past the keyword.
+ #    client- File descriptor connected with the client.
  #
+ # Returns:
+ #    1    - Continue processing.
+ sub remove_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($fname) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
+     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
+     if ($ufile =~m|/\.\./|) {
+ 	# any files paths with /../ in them refuse
+ 	# to deal with
+ 	&Failure($client, "refused\n", "$cmd:$tail");
+     } else {
+ 	my $udir = &propath($udom,$uname);
+ 	if (-e $udir) {
+ 	    my $file=$udir.'/userfiles/'.$ufile;
+ 	    if (-e $file) {
+ 		#
+ 		#   If the file is a regular file unlink is fine...
+ 		#   However it's possible the client wants a dir.
+ 		#   removed, in which case rmdir is more approprate:
+ 		#
+ 	        if (-f $file){
+ 		    unlink($file);
+ 		} elsif(-d $file) {
+ 		    rmdir($file);
+ 		}
+ 		if (-e $file) {
+ 		    #  File is still there after we deleted it ?!?
+ 		    &Failure($client, "failed\n", "$cmd:$tail");
+ 		} else {
+ 		    &Reply($client, "ok\n", "$cmd:$tail");
+ 		}
+ 	    } else {
+ 		&Failure($client, "not_found\n", "$cmd:$tail");
+ 	    }
+ 	} else {
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
+ 	}
+     }
+     return 1;
+ }
+ &register_handler("removeuserfile", \&remove_user_file_handler, 0,1,0);
+ #
+ #   make a directory in a user's home directory userfiles subdirectory.
  # Parameters:
- #    $cmd      - The command that got us here.
+ #    cmd   - the Lond request keyword that got us here.
- #    $tail     - Tail of the command (remaining parameters).
+ #    tail  - the part of the command past the keyword.
- #    $client   - File descriptor connected to client.
+ #    client- File descriptor connected with the client.
- # Returns
+ #
- #     0        - Requested to exit, caller should shut down.
+ # Returns:
- #     1        - Continue processing.
+ #    1    - Continue processing.
- sub AuthenticateUserFileAccess {
+ sub mkdir_user_file_handler {
-     my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail      = shift;
-     my $client    = shift;
+     my ($dir) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
-     my $userinput = "$cmd:$tail";
+     $dir=&unescape($dir);
+     my ($udom,$uname,$ufile) = ($dir =~ m|^([^/]+)/([^/]+)/(.+)$|);
+     if ($ufile =~m|/\.\./|) {
+ 	# any files paths with /../ in them refuse
+ 	# to deal with
+ 	&Failure($client, "refused\n", "$cmd:$tail");
+     } else {
+ 	my $udir = &propath($udom,$uname);
+ 	if (-e $udir) {
+ 	    my $newdir=$udir.'/userfiles/'.$ufile.'/';
+ 	    if (!&mkpath($newdir)) {
+ 		&Failure($client, "failed\n", "$cmd:$tail");
+ 	    }
+ 	    &Reply($client, "ok\n", "$cmd:$tail");
+ 	} else {
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
+ 	}
+     }
+     return 1;
+ }
+ &register_handler("mkdiruserfile", \&mkdir_user_file_handler, 0,1,0);
-     my ($fname,$session)=split(/:/,$tail);
+ #
+ #   rename a file in a user's home directory userfiles subdirectory.
+ # Parameters:
+ #    cmd   - the Lond request keyword that got us here.
+ #    tail  - the part of the command past the keyword.
+ #    client- File descriptor connected with the client.
+ #
+ # Returns:
+ #    1    - Continue processing.
+ sub rename_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($udom,$uname,$old,$new) = split(/:/, $tail);
+     $old=&unescape($old);
+     $new=&unescape($new);
+     if ($new =~m|/\.\./| || $old =~m|/\.\./|) {
+ 	# any files paths with /../ in them refuse to deal with
+ 	&Failure($client, "refused\n", "$cmd:$tail");
+     } else {
+ 	my $udir = &propath($udom,$uname);
+ 	if (-e $udir) {
+ 	    my $oldfile=$udir.'/userfiles/'.$old;
+ 	    my $newfile=$udir.'/userfiles/'.$new;
+ 	    if (-e $newfile) {
+ 		&Failure($client, "exists\n", "$cmd:$tail");
+ 	    } elsif (! -e $oldfile) {
+ 		&Failure($client, "not_found\n", "$cmd:$tail");
+ 	    } else {
+ 		if (!rename($oldfile,$newfile)) {
+ 		    &Failure($client, "failed\n", "$cmd:$tail");
+ 		} else {
+ 		    &Reply($client, "ok\n", "$cmd:$tail");
+ 		}
+ 	    }
+ 	} else {
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
+ 	}
+     }
+     return 1;
+ }
+ &register_handler("renameuserfile", \&rename_user_file_handler, 0,1,0);
+ #
+ #  Authenticate access to a user file by checking that the token the user's
+ #  passed also exists in their session file
+ #
+ # Parameters:
+ #   cmd      - The request keyword that dispatched to tus.
+ #   tail     - The tail of the request (colon separated parameters).
+ #   client   - Filehandle open on the client.
+ # Return:
+ #    1.
+ sub token_auth_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($fname, $session) = split(/:/, $tail);
      chomp($session);
-     my $reply='non_auth';
+     my $reply="non_auth\n";
-     if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.$session.'.id')) {
+     if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
+ 	     $session.'.id')) {
  	while (my $line=<ENVIN>) {
- 	    if ($line=~/userfile\.$fname\=/) {
+ 	    if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply="ok\n"; }
- 		$reply='ok';
- 	    }
  	}
  	close(ENVIN);
- 	Reply($client, $reply."\n", $userinput);
+ 	&Reply($client, $reply, "$cmd:$tail");
      } else {
- 	Failure($client, "invalid_token\n", $userinput);
+ 	&Failure($client, "invalid_token\n", "$cmd:$tail");
      }
      return 1;
  }
- RegisterHandler("tokenauthuserfile", \&AuthenticateUserFileAccess, 0, 1, 0);
+ &register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);
  #
  #   Unsubscribe from a resource.
  #
- Line 1292  RegisterHandler("tokenauthuserfile", \&A
+ Line 2170  RegisterHandler("tokenauthuserfile", \&A
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub UnsubscribeHandler {
+ sub unsubscribe_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput= "$cmd:$tail";
-     my $fname = $tail;
+     my ($fname) = split(/:/,$tail); # Split in case there's extrs.
+     &Debug("Unsubscribing $fname");
      if (-e $fname) {
- 	Reply($client, &unsub($client,$fname,$clientip), $userinput);
+ 	&Debug("Exists");
+ 	&Reply($client, &unsub($fname,$clientip), $userinput);
      } else {
- 	Failure($client, "not_found\n", $userinput);
+ 	&Failure($client, "not_found\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("unusb", \&UnsubscribeHandler, 0, 1, 0);
+ &register_handler("unsub", \&unsubscribe_handler, 0, 1, 0);
- #   Subscribe to a resource.
+ #   Subscribe to a resource
  #
  # Parameters:
  #    $cmd      - The command that got us here.
- Line 1318  RegisterHandler("unusb", \&UnsubscribeHa
+ Line 2198  RegisterHandler("unusb", \&UnsubscribeHa
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub SubscribeHandler {
+ sub subscribe_handler {
-     my $cmd        = shift;
+     my ($cmd, $tail, $client)= @_;
-     my $tail       = shift;
-     my $client     = shift;
      my $userinput  = "$cmd:$tail";
-     Reply( $client, &subscribe($userinput,$clientip), $userinput);
+     &Reply( $client, &subscribe($userinput,$clientip), $userinput);
      return 1;
  }
- RegisterHandler("sub", \&SubscribeHandler, 0, 1, 0);
+ &register_handler("sub", \&subscribe_handler, 0, 1, 0);
  #
  #   Determine the version of a resource (?) Or is it return
- Line 1343  RegisterHandler("sub", \&SubscribeHandle
+ Line 2222  RegisterHandler("sub", \&SubscribeHandle
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub CurrentVersionHandler {
+ sub current_version_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput= "$cmd:$tail";
      my $fname   = $tail;
-     Reply( $client, &currentversion($fname)."\n", $userinput);
+     &Reply( $client, &currentversion($fname)."\n", $userinput);
      return 1;
  }
- RegisterHandler("currentversion", \&CurrentVersionHandler, 0, 1, 0);
+ &register_handler("currentversion", \&current_version_handler, 0, 1, 0);
  #  Make an entry in a user's activity log.
  #
- Line 1367  RegisterHandler("currentversion", \&Curr
+ Line 2244  RegisterHandler("currentversion", \&Curr
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub ActivityLogEntryHandler {
+ sub activity_log_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput= "$cmd:$tail";
      my ($udom,$uname,$what)=split(/:/,$tail);
      chomp($what);
-     my $proname=propath($udom,$uname);
+     my $proname=&propath($udom,$uname);
      my $now=time;
      my $hfh;
      if ($hfh=IO::File->new(">>$proname/activity.log")) {
  	print $hfh "$now:$clientname:$what\n";
- 	Reply( $client, "ok\n", $userinput);
+ 	&Reply( $client, "ok\n", $userinput);
      } else {
- 	Failure($client, "error: ".($!+0)." IO::File->new Failed "
+ 	&Failure($client, "error: ".($!+0)." IO::File->new Failed "
- 	      ."while attempting log\n",
+ 		 ."while attempting log\n",
- 	      $userinput);
+ 		 $userinput);
      }
      return 1;
  }
- RegisterHandler("log", \&ActivityLogEntryHandler, 0, 1, 0);
+ &register_handler("log", \&activity_log_handler, 0, 1, 0);
  #
  #   Put a namespace entry in a user profile hash.
  #   My druthers would be for this to be an encrypted interaction too.
- Line 1404  RegisterHandler("log", \&ActivityLogEntr
+ Line 2282  RegisterHandler("log", \&ActivityLogEntr
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub PutUserProfileEntry {
+ sub put_user_profile_entry {
-     my $cmd       = shift;
+     my ($cmd, $tail, $client)  = @_;
-     my $tail      = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$tail";
-     my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
+     my ($udom,$uname,$namespace,$what) =split(/:/,$tail,4);
      if ($namespace ne 'roles') {
  	chomp($what);
- 	my $hashref = TieUserHash($udom, $uname, $namespace,
+ 	my $hashref = &tie_user_hash($udom, $uname, $namespace,
  				  &GDBM_WRCREAT(),"P",$what);
  	if($hashref) {
  	    my @pairs=split(/\&/,$what);
- Line 1422  sub PutUserProfileEntry {
+ Line 2299  sub PutUserProfileEntry {
  		$hashref->{$key}=$value;
  	    }
  	    if (untie(%$hashref)) {
- 		Reply( $client, "ok\n", $userinput);
+ 		&Reply( $client, "ok\n", $userinput);
  	    } else {
- 		Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
  			"while attempting put\n",
  			$userinput);
  	    }
  	} else {
- 	    Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
  		     "while attempting put\n", $userinput);
  	}
      } else {
-         Failure( $client, "refused\n", $userinput);
+         &Failure( $client, "refused\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("put", \&PutUserProfileEntry, 0, 1, 0);
+ &register_handler("put", \&put_user_profile_entry, 0, 1, 0);
  #
  #   Increment a profile entry in the user history file.
- Line 1455  RegisterHandler("put", \&PutUserProfileE
+ Line 2332  RegisterHandler("put", \&PutUserProfileE
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub IncrementUserValueHandler {
+ sub increment_user_value_handler {
-     my $cmd         = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail        = shift;
-     my $client      = shift;
      my $userinput   = "$cmd:$tail";
      my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
      if ($namespace ne 'roles') {
          chomp($what);
- 	my $hashref = TieUserHash($udom, $uname,
+ 	my $hashref = &tie_user_hash($udom, $uname,
- 				  $namespace, &GDBM_WRCREAT(),
+ 				     $namespace, &GDBM_WRCREAT(),
- 				  "P",$what);
+ 				     "P",$what);
  	if ($hashref) {
  	    my @pairs=split(/\&/,$what);
  	    foreach my $pair (@pairs) {
- Line 1478  sub IncrementUserValueHandler {
+ Line 2354  sub IncrementUserValueHandler {
  		$hashref->{$key}+=$value;
  	    }
  	    if (untie(%$hashref)) {
- 		Reply( $client, "ok\n", $userinput);
+ 		&Reply( $client, "ok\n", $userinput);
  	    } else {
- 		Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
- 			"while attempting inc\n", $userinput);
+ 			 "while attempting inc\n", $userinput);
  	    }
  	} else {
- 	    Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		    "while attempting inc\n", $userinput);
+ 		     "while attempting inc\n", $userinput);
  	}
      } else {
- 	Failure($client, "refused\n", $userinput);
+ 	&Failure($client, "refused\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("inc", \&IncrementUserValueHandler, 0, 1, 0);
+ &register_handler("inc", \&increment_user_value_handler, 0, 1, 0);
  #
  #   Put a new role for a user.  Roles are LonCAPA's packaging of permissions.
  #   Each 'role' a user has implies a set of permissions.  Adding a new role
- Line 1514  RegisterHandler("inc", \&IncrementUserVa
+ Line 2391  RegisterHandler("inc", \&IncrementUserVa
  #     1         - To continue processing.
  #
  #
- sub RolesPutHandler {
+ sub roles_put_handler {
-     my $cmd        = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
      my $userinput  = "$cmd:$tail";
-     my ($exedom,$exeuser,$udom,$uname,$what)   =split(/:/,$tail);
+     my ( $exedom, $exeuser, $udom, $uname,  $what) = split(/:/,$tail);
-     &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
- 	   "what = ".$what);
      my $namespace='roles';
      chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
- 			      &GDBM_WRCREAT(), "P",
+ 				 &GDBM_WRCREAT(), "P",
- 			      "$exedom:$exeuser:$what");
+ 				 "$exedom:$exeuser:$what");
      #
      #  Log the attempt to set a role.  The {}'s here ensure that the file
      #  handle is open for the minimal amount of time.  Since the flush
      #  is done on close this improves the chances the log will be an un-
      #  corrupted ordered thing.
      if ($hashref) {
+ 	my $pass_entry = &get_auth_type($udom, $uname);
+ 	my ($auth_type,$pwd)  = split(/:/, $pass_entry);
+ 	$auth_type = $auth_type.":";
  	my @pairs=split(/\&/,$what);
  	foreach my $pair (@pairs) {
  	    my ($key,$value)=split(/=/,$pair);
- 	    &ManagePermissions($key, $udom, $uname,
+ 	    &manage_permissions($key, $udom, $uname,
- 			       &GetAuthType( $udom, $uname));
+ 			       $auth_type);
  	    $hashref->{$key}=$value;
  	}
  	if (untie($hashref)) {
- 	    Reply($client, "ok\n", $userinput);
+ 	    &Reply($client, "ok\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
  		     "while attempting rolesput\n", $userinput);
  	}
      } else {
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
  		 "while attempting rolesput\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("rolesput", \&RolesPutHandler, 1,1,0);  # Encoded client only.
+ &register_handler("rolesput", \&roles_put_handler, 1,1,0);  # Encoded client only.
  #
  #   Deletes (removes) a role for a user.   This is equivalent to removing
  #  a permissions package associated with the role from the user's profile.
- Line 1571  RegisterHandler("rolesput", \&RolesPutHa
+ Line 2451  RegisterHandler("rolesput", \&RolesPutHa
  #     1                    - Continue processing
  #     0                    - Exit.
  #
- sub RolesDeleteHandler {
+ sub roles_delete_handler {
-     my $cmd          = shift;
+     my ($cmd, $tail, $client)  = @_;
-     my $tail         = shift;
-     my $client       = shift;
      my $userinput    = "$cmd:$tail";
      my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
- Line 1582  sub RolesDeleteHandler {
+ Line 2461  sub RolesDeleteHandler {
  	   "what = ".$what);
      my $namespace='roles';
      chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
- 			      &GDBM_WRCREAT(), "D",
+ 				 &GDBM_WRCREAT(), "D",
- 			      "$exedom:$exeuser:$what");
+ 				 "$exedom:$exeuser:$what");
      if ($hashref) {
  	my @rolekeys=split(/\&/,$what);
- Line 1593  sub RolesDeleteHandler {
+ Line 2472  sub RolesDeleteHandler {
  	    delete $hashref->{$key};
  	}
  	if (untie(%$hashref)) {
- 	    Reply($client, "ok\n", $userinput);
+ 	    &Reply($client, "ok\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
  		     "while attempting rolesdel\n", $userinput);
  	}
      } else {
-         Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
  		 "while attempting rolesdel\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("rolesdel", \&RolesDeleteHandler, 1,1, 0); # Encoded client only
+ &register_handler("rolesdel", \&roles_delete_handler, 1,1, 0); # Encoded client only
  # Unencrypted get from a user's profile database.  See
  # GetProfileEntryEncrypted for a version that does end-to-end encryption.
- Line 1626  RegisterHandler("rolesdel", \&RolesDelet
+ Line 2505  RegisterHandler("rolesdel", \&RolesDelet
  #   1       - Continue processing.
  #   0       - Exit.
  #
- sub GetProfileEntry {
+ sub get_profile_entry {
-     my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput= "$cmd:$tail";
      my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
      chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
- 			      &GDBM_READER());
+     my $replystring = read_profile($udom, $uname, $namespace, $what);
-     if ($hashref) {
+     my ($first) = split(/:/,$replystring);
-         my @queries=split(/\&/,$what);
+     if($first ne "error") {
-         my $qresult='';
+ 	&Reply($client, "$replystring\n", $userinput);
- 	for (my $i=0;$i<=$#queries;$i++) {
- 	    $qresult.="$hashref->{$queries[$i]}&";    # Presumably failure gives empty string.
- 	}
- 	$qresult=~s/\&$//;              # Remove trailing & from last lookup.
- 	if (untie(%$hashref)) {
- 	    Reply($client, "$qresult\n", $userinput);
- 	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
- 		    "while attempting get\n", $userinput);
- 	}
      } else {
- 	if ($!+0 == 2) {               # +0 coerces errno -> number 2 is ENOENT
+ 	&Failure($client, $replystring." while attempting get\n", $userinput);
- 	    Failure($client, "error:No such file or ".
- 		    "GDBM reported bad block error\n", $userinput);
- 	} else {                        # Some other undifferentiated err.
- 	    Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		    "while attempting get\n", $userinput);
- 	}
      }
      return 1;
  }
- RegisterHandler("get", \&GetProfileEntry, 0,1,0);
+ &register_handler("get", \&get_profile_entry, 0,1,0);
  #
  #  Process the encrypted get request.  Note that the request is sent
  #  in clear, but the reply is encrypted.  This is a small covert channel:
- Line 1681  RegisterHandler("get", \&GetProfileEntry
+ Line 2545  RegisterHandler("get", \&GetProfileEntry
  #  Returns:
  #     1      - Continue processing
  #     0      - server should exit.
- sub GetProfileEntryEncrypted {
+ sub get_profile_entry_encrypted {
-     my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail      = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$tail";
      my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
      chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $qresult = read_profile($udom, $uname, $namespace, $what);
- 				  &GDBM_READER());
+     my ($first) = split(/:/, $qresult);
-     if ($hashref) {
+     if($first ne "error") {
-         my @queries=split(/\&/,$what);
-         my $qresult='';
+ 	if ($cipher) {
- 	for (my $i=0;$i<=$#queries;$i++) {
+ 	    my $cmdlength=length($qresult);
- 	    $qresult.="$hashref->{$queries[$i]}&";
+ 	    $qresult.="         ";
- 	}
+ 	    my $encqresult='';
- 	if (untie(%$hashref)) {
+ 	    for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
- 	    $qresult=~s/\&$//;
+ 		$encqresult.= unpack("H16",
- 	    if ($cipher) {
+ 				     $cipher->encrypt(substr($qresult,
- 		my $cmdlength=length($qresult);
+ 							     $encidx,
- 		$qresult.="         ";
+)));
- 		my $encqresult='';
- 		for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
- 		    $encqresult.= unpack("H16",
- 					 $cipher->encrypt(substr($qresult,
- 								 $encidx,
-)));
- 		}
- 		Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
- 	    } else {
- 		Failure( $client, "error:no_key\n", $userinput);
  	    }
+ 	    &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		&Failure( $client, "error:no_key\n", $userinput);
- 		    "while attempting eget\n", $userinput);
+ 	    }
- 	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "$qresult while attempting eget\n", $userinput);
- 		"while attempting eget\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0);
+ &register_handler("eget", \&get_profile_entry_encrypted, 0, 1, 0);
  #
  #   Deletes a key in a user profile database.
- Line 1744  RegisterHandler("eget", \&GetProfileEncr
+ Line 2597  RegisterHandler("eget", \&GetProfileEncr
  #     0   - Exit server.
  #
  #
+ sub delete_profile_entry {
+     my ($cmd, $tail, $client) = @_;
- sub DeleteProfileEntry {
-     my $cmd      = shift;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput = "cmd:$tail";
      my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
      chomp($what);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
- 				  &GDBM_WRCREAT(),
+ 				 &GDBM_WRCREAT(),
- 				  "D",$what);
+ 				 "D",$what);
      if ($hashref) {
          my @keys=split(/\&/,$what);
  	foreach my $key (@keys) {
  	    delete($hashref->{$key});
  	}
  	if (untie(%$hashref)) {
- 	    Reply($client, "ok\n", $userinput);
+ 	    &Reply($client, "ok\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
  		    "while attempting del\n", $userinput);
  	}
      } else {
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
  		 "while attempting del\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("del", \&DeleteProfileEntry, 0, 1, 0);
+ &register_handler("del", \&delete_profile_entry, 0, 1, 0);
  #
  #  List the set of keys that are defined in a profile database file.
  #  A successful reply from this will contain an & separated list of
- Line 1789  RegisterHandler("del", \&DeleteProfileEn
+ Line 2641  RegisterHandler("del", \&DeleteProfileEn
  #    1    - Continue processing.
  #    0    - Exit the server.
  #
- sub GetProfileKeys {
+ sub get_profile_keys {
-     my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail      = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$tail";
      my ($udom,$uname,$namespace)=split(/:/,$tail);
      my $qresult='';
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
  				  &GDBM_READER());
      if ($hashref) {
  	foreach my $key (keys %$hashref) {
- Line 1805  sub GetProfileKeys {
+ Line 2656  sub GetProfileKeys {
  	}
  	if (untie(%$hashref)) {
  	    $qresult=~s/\&$//;
- 	    Reply($client, "$qresult\n", $userinput);
+ 	    &Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
  		    "while attempting keys\n", $userinput);
  	}
      } else {
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
  		 "while attempting keys\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("keys", \&GetProfileKeys, 0, 1, 0);
+ &register_handler("keys", \&get_profile_keys, 0, 1, 0);
  #
  #   Dump the contents of a user profile database.
  #   Note that this constitutes a very large covert channel too since
- Line 1837  RegisterHandler("keys", \&GetProfileKeys
+ Line 2689  RegisterHandler("keys", \&GetProfileKeys
  #     1    - Continue processing.
  #     0    - Exit the server.
  #
- sub DumpProfileDatabase {
+ sub dump_profile_database {
-     my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail      = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$tail";
      my ($udom,$uname,$namespace) = split(/:/,$tail);
-     my $hashref = TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
- 				  &GDBM_READER());
+ 				 &GDBM_READER());
      if ($hashref) {
  	# Structure of %data:
  	# $data{$symb}->{$parameter}=$value;
- Line 1875  sub DumpProfileDatabase {
+ Line 2726  sub DumpProfileDatabase {
  		}
  	    }
  	    chop($qresult);
- 	    Reply($client , "$qresult\n", $userinput);
+ 	    &Reply($client , "$qresult\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
  		     "while attempting currentdump\n", $userinput);
  	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
  		"while attempting currentdump\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("currentdump", \&DumpProfileDatabase, 0, 1, 0);
+ &register_handler("currentdump", \&dump_profile_database, 0, 1, 0);
  #
  #   Dump a profile database with an optional regular expression
  #   to match against the keys.  In this dump, no effort is made
- Line 1912  RegisterHandler("currentdump", \&DumpPro
+ Line 2764  RegisterHandler("currentdump", \&DumpPro
  # Side effects:
  #    response is written to $client.
  #
- sub DumpWithRegexp {
+ sub dump_with_regexp {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
- Line 1925  sub DumpWithRegexp {
+ Line 2776  sub DumpWithRegexp {
      } else {
  	$regexp='.';
      }
-     my $hashref =TieUserHash($udom, $uname, $namespace,
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
  				 &GDBM_READER());
      if ($hashref) {
          my $qresult='';
- Line 1941  sub DumpWithRegexp {
+ Line 2792  sub DumpWithRegexp {
  	}
  	if (untie(%$hashref)) {
  	    chop($qresult);
- 	    Reply($client, "$qresult\n", $userinput);
+ 	    &Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
  		     "while attempting dump\n", $userinput);
  	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
  		"while attempting dump\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0);
+ &register_handler("dump", \&dump_with_regexp, 0, 1, 0);
- #  Store an aitem in any database but the roles database.
+ #  Store a set of key=value pairs associated with a versioned name.
  #
  #  Parameters:
  #    $cmd                - Request command keyword.
- Line 1973  RegisterHandler("dump", \&DumpWithRegexp
+ Line 2824  RegisterHandler("dump", \&DumpWithRegexp
  #      1 (keep on processing).
  #  Side-Effects:
  #    Writes to the client
- sub StoreHandler {
+ sub store_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
- Line 1985  sub StoreHandler {
+ Line 2834  sub StoreHandler {
  	chomp($what);
  	my @pairs=split(/\&/,$what);
- 	my $hashref  = TieUserHash($udom, $uname, $namespace,
+ 	my $hashref  = &tie_user_hash($udom, $uname, $namespace,
  				       &GDBM_WRCREAT(), "P",
  				       "$rid:$what");
  	if ($hashref) {
- Line 2004  sub StoreHandler {
+ Line 2853  sub StoreHandler {
  	    $allkeys.='timestamp';
  	    $hashref->{"$version:keys:$rid"}=$allkeys;
  	    if (untie($hashref)) {
- 		Reply($client, "ok\n", $userinput);
+ 		&Reply($client, "ok\n", $userinput);
  	    } else {
- 		Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
  			"while attempting store\n", $userinput);
  	    }
  	} else {
- 	    Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
  		     "while attempting store\n", $userinput);
  	}
      } else {
- 	Failure($client, "refused\n", $userinput);
+ 	&Failure($client, "refused\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("store", \&StoreHandler, 0, 1, 0);
+ &register_handler("store", \&store_handler, 0, 1, 0);
  #
- #   Restore a prior version of a resource.
+ #  Dump out all versions of a resource that has key=value pairs associated
+ # with it for each version.  These resources are built up via the store
+ # command.
  #
  #  Parameters:
  #     $cmd               - Command keyword.
- Line 2035  RegisterHandler("store", \&StoreHandler,
+ Line 2887  RegisterHandler("store", \&StoreHandler,
  #      1  indicating the caller should not yet exit.
  # Side-effects:
  #   Writes a reply to the client.
+ #   The reply is a string of the following shape:
+ #   version=current&version:keys=k1:k2...&1:k1=v1&1:k2=v2...
+ #    Where the 1 above represents version 1.
+ #    this continues for all pairs of keys in all versions.
+ #
  #
- sub RestoreHandler {
+ #
-     my $cmd     = shift;
+ #
-     my $tail    = shift;
+ sub restore_handler {
-     my $client  = shift;
+     my ($cmd, $tail, $client) = @_;
      my $userinput = "$cmd:$tail";	# Only used for logging purposes.
- Line 2047  sub RestoreHandler {
+ Line 2904  sub RestoreHandler {
      $namespace=~s/\//\_/g;
      $namespace=~s/\W//g;
      chomp($rid);
-     my $proname=propath($udom,$uname);
+     my $proname=&propath($udom,$uname);
      my $qresult='';
      my %hash;
      if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
- Line 2066  sub RestoreHandler {
+ Line 2923  sub RestoreHandler {
  	}
  	if (untie(%hash)) {
  	    $qresult=~s/\&$//;
- 	    Reply( $client, "$qresult\n", $userinput);
+ 	    &Reply( $client, "$qresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
  		    "while attempting restore\n", $userinput);
  	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
  		"while attempting restore\n", $userinput);
      }
- Line 2080  sub RestoreHandler {
+ Line 2937  sub RestoreHandler {
  }
- RegisterHandler("restore", \&RestoreHandler, 0,1,0);
+ &register_handler("restore", \&restore_handler, 0,1,0);
  #
  #   Add a chat message to to a discussion board.
- Line 2100  RegisterHandler("restore", \&RestoreHand
+ Line 2957  RegisterHandler("restore", \&RestoreHand
  #   writes a reply to the client.
  #
  #
- sub SendChatHandler {
+ sub send_chat_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput = "$cmd:$tail";
      my ($cdom,$cnum,$newpost)=split(/\:/,$tail);
-     &chatadd($cdom,$cnum,$newpost);
+     &chat_add($cdom,$cnum,$newpost);
-     Reply($client, "ok\n", $userinput);
+     &Reply($client, "ok\n", $userinput);
      return 1;
  }
- RegisterHandler("chatsend", \&SendChatHandler, 0, 1, 0);
+ &register_handler("chatsend", \&send_chat_handler, 0, 1, 0);
  #
  #   Retrieve the set of chat messagss from a discussion board.
  #
- Line 2131  RegisterHandler("chatsend", \&SendChatHa
+ Line 2988  RegisterHandler("chatsend", \&SendChatHa
  # Side effects:
  #    Response is written to the client.
  #
- sub RetrieveChatHandler {
+ sub retrieve_chat_handler {
-     my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail     = shift;
-     my $client   = shift;
      my $userinput = "$cmd:$tail";
      my ($cdom,$cnum,$udom,$uname)=split(/\:/,$tail);
      my $reply='';
-     foreach (&getchat($cdom,$cnum,$udom,$uname)) {
+     foreach (&get_chat($cdom,$cnum,$udom,$uname)) {
  	$reply.=&escape($_).':';
      }
      $reply=~s/\:$//;
-     Reply($client, $reply."\n", $userinput);
+     &Reply($client, $reply."\n", $userinput);
      return 1;
  }
- RegisterHandler("chatretr", \&RetrieveChatHandler, 0, 1, 0);
+ &register_handler("chatretr", \&retrieve_chat_handler, 0, 1, 0);
  #
  #  Initiate a query of an sql database.  SQL query repsonses get put in
  #  a file for later retrieval.  This prevents sql query results from
- Line 2169  RegisterHandler("chatretr", \&RetrieveCh
+ Line 3026  RegisterHandler("chatretr", \&RetrieveCh
  # Side-effects:
  #    a reply is written to $client.
  #
- sub SendQueryHandler {
+ sub send_query_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput = "$cmd:$tail";
      my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
      $query=~s/\n*$//g;
-     Reply($client, "". sqlreply("$clientname\&$query".
+     &Reply($client, "". &sql_reply("$clientname\&$query".
  				"\&$arg1"."\&$arg2"."\&$arg3")."\n",
  	  $userinput);
      return 1;
  }
- RegisterHandler("querysend", \&SendQueryHandler, 0, 1, 0);
+ &register_handler("querysend", \&send_query_handler, 0, 1, 0);
  #
  #   Add a reply to an sql query.  SQL queries are done asyncrhonously.
- Line 2211  RegisterHandler("querysend", \&SendQuery
+ Line 3067  RegisterHandler("querysend", \&SendQuery
  # Side effects:
  #    ok written to the client.
  #
- sub ReplyQueryHandler {
+ sub reply_query_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
- Line 2228  sub ReplyQueryHandler {
+ Line 3083  sub ReplyQueryHandler {
  	my $store2=IO::File->new(">$execdir/tmp/$id.end");
  	print $store2 "done\n";
  	close $store2;
- 	Reply($client, "ok\n", $userinput);
+ 	&Reply($client, "ok\n", $userinput);
      } else {
- 	Failure($client, "error: ".($!+0)
+ 	&Failure($client, "error: ".($!+0)
  		." IO::File->new Failed ".
  		"while attempting queryreply\n", $userinput);
      }
- Line 2238  sub ReplyQueryHandler {
+ Line 3093  sub ReplyQueryHandler {
      return 1;
  }
- RegisterHandler("queryreply", \&ReplyQueryHandler, 0, 1, 0);
+ &register_handler("queryreply", \&reply_query_handler, 0, 1, 0);
  #
- #  Process the courseidput query.  Not quite sure what this means
+ #  Process the courseidput request.  Not quite sure what this means
  #  at the system level sense.  It appears a gdbm file in the
  #  /home/httpd/lonUsers/$domain/nohist_courseids is tied and
  #  a set of entries made in that database.
- Line 2257  RegisterHandler("queryreply", \&ReplyQue
+ Line 3113  RegisterHandler("queryreply", \&ReplyQue
  # Side effects:
  #   reply is written to the client.
  #
- sub PutCourseIdHandler {
+ sub put_course_id_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my ($udom, $what) = split(/:/, $tail);
+     my ($udom, $what) = split(/:/, $tail,2);
      chomp($what);
      my $now=time;
      my @pairs=split(/\&/,$what);
-     my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT());
+     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
      if ($hashref) {
  	foreach my $pair (@pairs) {
- 	    my ($key,$value)=split(/=/,$pair);
+             my ($key,$courseinfo) = split(/=/,$pair);
- 	    $hashref->{$key}=$value.':'.$now;
+ 	    $hashref->{$key}=$courseinfo.':'.$now;
  	}
  	if (untie(%$hashref)) {
- 	    Reply($client, "ok\n", $userinput);
+ 	    &Reply( $client, "ok\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)
+ 	    &Failure($client, "error: ".($!+0)
  		     ." untie(GDBM) Failed ".
  		     "while attempting courseidput\n", $userinput);
  	}
      } else {
- 	Failure( $client, "error: ".($!+0)
+ 	&Failure($client, "error: ".($!+0)
  		 ." tie(GDBM) Failed ".
  		 "while attempting courseidput\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("courseidput", \&PutCourseIdHandler, 0, 1, 0);
+ &register_handler("courseidput", \&put_course_id_handler, 0, 1, 0);
  #  Retrieves the value of a course id resource keyword pattern
  #  defined since a starting date.  Both the starting date and the
- Line 2315  RegisterHandler("courseidput", \&PutCour
+ Line 3171  RegisterHandler("courseidput", \&PutCour
  #    1     - Continue processing.
  # Side Effects:
  #   a reply is written to $client.
- sub DumpCourseIdHandler {
+ sub dump_course_id_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
-     my ($udom,$since,$description) =split(/:/,$tail);
+     my ($udom,$since,$description,$instcodefilter,$ownerfilter) =split(/:/,$tail);
      if (defined($description)) {
  	$description=&unescape($description);
      } else {
  	$description='.';
      }
+     if (defined($instcodefilter)) {
+         $instcodefilter=&unescape($instcodefilter);
+     } else {
+         $instcodefilter='.';
+     }
+     if (defined($ownerfilter)) {
+         $ownerfilter=&unescape($ownerfilter);
+     } else {
+         $ownerfilter='.';
+     }
      unless (defined($since)) { $since=0; }
      my $qresult='';
+     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
-     my $hashref = TieDomainHash($udom, "nohist_courseids", &GDBM_WRCREAT());
      if ($hashref) {
  	while (my ($key,$value) = each(%$hashref)) {
- 	    my ($descr,$lasttime)=split(/\:/,$value);
+ 	    my ($descr,$lasttime,$inst_code,$owner);
- 	    if ($lasttime<$since) {
+             if ($value =~  m/^([^\:]*):([^\:]*):([^\:]*):(\d+)$/) {
- 		next;
+                 ($descr,$inst_code,$owner,$lasttime)=($1,$2,$3,$4);
- 	    }
+ 	    } elsif ($value =~ m/^([^\:]*):([^\:]*):(\d+)$/) {
- 	    if ($description eq '.') {
+ 		($descr,$inst_code,$lasttime)=($1,$2,$3);
- 		$qresult.=$key.'='.$descr.'&';
  	    } else {
- 		my $unescapeVal = &unescape($descr);
+ 		($descr,$lasttime) = split(/\:/,$value);
- 		if (eval('$unescapeVal=~/$description/i')) {
+ 	    }
- 		    $qresult.="$key=$descr&";
+ 	    if ($lasttime<$since) { next; }
+             my $match = 1;
+ 	    unless ($description eq '.') {
+ 		my $unescapeDescr = &unescape($descr);
+ 		unless (eval('$unescapeDescr=~/\Q$description\E/i')) {
+                     $match = 0;
  		}
+             }
+             unless ($instcodefilter eq '.' || !defined($instcodefilter)) {
+                 my $unescapeInstcode = &unescape($inst_code);
+                 unless (eval('$unescapeInstcode=~/\Q$instcodefilter\E/i')) {
+                     $match = 0;
+                 }
  	    }
+             unless ($ownerfilter eq '.' || !defined($ownerfilter)) {
+                 my $unescapeOwner = &unescape($owner);
+                 unless (eval('$unescapeOwner=~/\Q$ownerfilter\E/i')) {
+                     $match = 0;
+                 }
+             }
+             if ($match == 1) {
+                 $qresult.=$key.'='.$descr.':'.$inst_code.':'.$owner.'&';
+             }
  	}
  	if (untie(%$hashref)) {
  	    chop($qresult);
- 	    Reply($client, "$qresult\n", $userinput);
+ 	    &Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
  		    "while attempting courseiddump\n", $userinput);
  	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
  		"while attempting courseiddump\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("courseiddump", \&DumpCourseIdHandler, 0, 1, 0);
+ &register_handler("courseiddump", \&dump_course_id_handler, 0, 1, 0);
  #
  #  Puts an id to a domains id database.
  #
- Line 2379  RegisterHandler("courseiddump", \&DumpCo
+ Line 3263  RegisterHandler("courseiddump", \&DumpCo
  #  Side effects:
  #     reply is written to $client.
  #
- sub PutIdHandler {
+ sub put_id_handler {
-     my $cmd    = shift;
+     my ($cmd,$tail,$client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$cmd:$tail";
      my ($udom,$what)=split(/:/,$tail);
      chomp($what);
      my @pairs=split(/\&/,$what);
-     my $hashref = TieDomainHash($udom, "ids", &GDBM_WRCREAT(),
+     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
- 				"P", $what);
+ 				   "P", $what);
      if ($hashref) {
  	foreach my $pair (@pairs) {
  	    my ($key,$value)=split(/=/,$pair);
  	    $hashref->{$key}=$value;
  	}
  	if (untie(%$hashref)) {
- 	    Reply($client, "ok\n", $userinput);
+ 	    &Reply($client, "ok\n", $userinput);
  	} else {
- 	    Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
- 		    "while attempting idput\n", $userinput);
+ 		     "while attempting idput\n", $userinput);
  	}
      } else {
- 	Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		 "while attempting idput\n", $userinput);
+ 		  "while attempting idput\n", $userinput);
      }
      return 1;
  }
+ &register_handler("idput", \&put_id_handler, 0, 1, 0);
- RegisterHandler("idput", \&PutIdHandler, 0, 1, 0);
  #
  #  Retrieves a set of id values from the id database.
  #  Returns an & separated list of results, one for each requested id to the
- Line 2430  RegisterHandler("idput", \&PutIdHandler,
+ Line 3313  RegisterHandler("idput", \&PutIdHandler,
  # Side effects:
  #   An & separated list of results is written to $client.
  #
- sub GetIdHandler {
+ sub get_id_handler {
-     my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail   = shift;
-     my $client = shift;
      my $userinput = "$client:$tail";
- Line 2441  sub GetIdHandler {
+ Line 3323  sub GetIdHandler {
      chomp($what);
      my @queries=split(/\&/,$what);
      my $qresult='';
-     my $hashref = TieDomainHash($udom, "ids", &GDBM_READER());
+     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_READER());
      if ($hashref) {
  	for (my $i=0;$i<=$#queries;$i++) {
  	    $qresult.="$hashref->{$queries[$i]}&";
  	}
  	if (untie(%$hashref)) {
  	    $qresult=~s/\&$//;
- 	    Reply($client, "$qresult\n", $userinput);
+ 	    &Reply($client, "$qresult\n", $userinput);
  	} else {
- 	    Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
- 		     "while attempting idget\n",$userinput);
+ 		      "while attempting idget\n",$userinput);
  	}
      } else {
- 	Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 		"while attempting idget\n",$userinput);
+ 		 "while attempting idget\n",$userinput);
      }
      return 1;
  }
+ &register_handler("idget", \&get_id_handler, 0, 1, 0);
- RegisterHandler("idget", \&GetIdHandler, 0, 1, 0);
  #
  #  Process the tmpput command I'm not sure what this does.. Seems to
  #  create a file in the lonDaemons/tmp directory of the form $id.tmp
- Line 2479  RegisterHandler("idget", \&GetIdHandler,
+ Line 3361  RegisterHandler("idget", \&GetIdHandler,
  # Side effects:
  #   A file is created in the local filesystem.
  #   A reply is sent to the client.
- sub TmpPutHandler {
+ sub tmp_put_handler {
-     my $cmd       = shift;
+     my ($cmd, $what, $client) = @_;
-     my $what      = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$what";	# Reconstruct for logging.
- Line 2496  sub TmpPutHandler {
+ Line 3376  sub TmpPutHandler {
      if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
  	print $store $what;
  	close $store;
- 	Reply($client, "$id\n", $userinput);
+ 	&Reply($client, "$id\n", $userinput);
      } else {
- 	Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
+ 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
- 		 "while attempting tmpput\n", $userinput);
+ 		  "while attempting tmpput\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("tmpput", \&TmpPutHandler, 0, 1, 0);
+ &register_handler("tmpput", \&tmp_put_handler, 0, 1, 0);
  #   Processes the tmpget command.  This command returns the contents
  #  of a temporary resource file(?) created via tmpput.
- Line 2518  RegisterHandler("tmpput", \&TmpPutHandle
+ Line 3398  RegisterHandler("tmpput", \&TmpPutHandle
  #    1         - Inidcating processing can continue.
  # Side effects:
  #   A reply is sent to the client.
  #
- sub TmpGetHandler {
+ sub tmp_get_handler {
-     my $cmd       = shift;
+     my ($cmd, $id, $client) = @_;
-     my $id        = shift;
-     my $client    = shift;
      my $userinput = "$cmd:$id";
-     chomp($id);
      $id=~s/\W/\_/g;
      my $store;
      my $execdir=$perlvar{'lonDaemons'};
      if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
  	my $reply=<$store>;
- 	Reply( $client, "$reply\n", $userinput);
+ 	&Reply( $client, "$reply\n", $userinput);
  	close $store;
      } else {
- 	Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
+ 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
- 		 "while attempting tmpget\n", $userinput);
+ 		  "while attempting tmpget\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("tmpget", \&TmpGetHandler, 0, 1, 0);
+ &register_handler("tmpget", \&tmp_get_handler, 0, 1, 0);
  #
  #  Process the tmpdel command.  This command deletes a temp resource
  #  created by the tmpput command.
- Line 2556  RegisterHandler("tmpget", \&TmpGetHandle
+ Line 3435  RegisterHandler("tmpget", \&TmpGetHandle
  # Side Effects:
  #   A file is deleted
  #   A reply is sent to the client.
- sub TmpDelHandler {
+ sub tmp_del_handler {
-     my $cmd      = shift;
+     my ($cmd, $id, $client) = @_;
-     my $id       = shift;
-     my $client   = shift;
      my $userinput= "$cmd:$id";
- Line 2567  sub TmpDelHandler {
+ Line 3444  sub TmpDelHandler {
      $id=~s/\W/\_/g;
      my $execdir=$perlvar{'lonDaemons'};
      if (unlink("$execdir/tmp/$id.tmp")) {
- 	Reply($client, "ok\n", $userinput);
+ 	&Reply($client, "ok\n", $userinput);
      } else {
- 	Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
+ 	&Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
- 		 "while attempting tmpdel\n", $userinput);
+ 		  "while attempting tmpdel\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("tmpdel", \&TmpDelHandler, 0, 1, 0);
+ &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
- #
- #   ls  - list the contents of a directory.  For each file in the
- #    selected directory the filename followed by the full output of
- #    the stat function is returned.  The returned info for each
- #    file are separated by ':'.  The stat fields are separated by &'s.
- # Parameters:
- #    $cmd        - The command that dispatched us (ls).
- #    $ulsdir     - The directory path to list... I'm not sure what this
- #                  is relative as things like ls:. return e.g.
- #                  no_such_dir.
- #    $client     - Socket open on the client.
- # Returns:
- #     1 - indicating that the daemon should not disconnect.
- # Side Effects:
- #   The reply is written to  $client.
- #
- sub LsHandler {
-     my $cmd     = shift;
-     my $ulsdir  = shift;
-     my $client  = shift;
-     my $userinput = "$cmd:$ulsdir";
-     my $ulsout='';
-     my $ulsfn;
-     if (-e $ulsdir) {
- 	if(-d $ulsdir) {
- 	    if (opendir(LSDIR,$ulsdir)) {
- 		while ($ulsfn=readdir(LSDIR)) {
- 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
- 		    $ulsout.=$ulsfn.'&'.
- 			join('&',@ulsstats).':';
- 		}
- 		closedir(LSDIR);
- 	    }
- 	} else {
- 	    my @ulsstats=stat($ulsdir);
- 	    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
- 	}
-     } else {
- 	$ulsout='no_such_dir';
-     }
-     if ($ulsout eq '') { $ulsout='empty'; }
-     Reply($client, "$ulsout\n", $userinput);
-     return 1;
- }
- RegisterHandler("ls", \&LsHandler, 0, 1, 0);
  #
  #   Processes the setannounce command.  This command
- Line 2647  RegisterHandler("ls", \&LsHandler, 0, 1,
+ Line 3474  RegisterHandler("ls", \&LsHandler, 0, 1,
  #   The file {DocRoot}/announcement.txt is created.
  #   A reply is sent to $client.
  #
- sub SetAnnounceHandler {
+ sub set_announce_handler {
-     my $cmd          = shift;
+     my ($cmd, $announcement, $client) = @_;
-     my $announcement = shift;
-     my $client       = shift;
      my $userinput    = "$cmd:$announcement";
- Line 2660  sub SetAnnounceHandler {
+ Line 3485  sub SetAnnounceHandler {
  				'/announcement.txt')) {
  	print $store $announcement;
  	close $store;
- 	Reply($client, "ok\n", $userinput);
+ 	&Reply($client, "ok\n", $userinput);
      } else {
- 	Failure($client, "error: ".($!+0)."\n", $userinput);
+ 	&Failure($client, "error: ".($!+0)."\n", $userinput);
      }
      return 1;
  }
- RegisterHandler("setannounce", \&SetAnnounceHandler, 0, 1, 0);
+ &register_handler("setannounce", \&set_announce_handler, 0, 1, 0);
  #
  #  Return the version of the daemon.  This can be used to determine
- Line 2682  RegisterHandler("setannounce", \&SetAnno
+ Line 3507  RegisterHandler("setannounce", \&SetAnno
  #   1 - continue processing requests.
  # Side Effects:
  #   Replies with version to $client.
- sub GetVersionHandler {
+ sub get_version_handler {
-     my $client     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail       = shift;
-     my $client     = shift;
+     my $userinput  = $cmd.$tail;
-     my $userinput  = $client;
-     Reply($client, &version($userinput)."\n", $userinput);
+     &Reply($client, &version($userinput)."\n", $userinput);
      return 1;
  }
- RegisterHandler("version", \&GetVersionHandler, 0, 1, 0);
+ &register_handler("version", \&get_version_handler, 0, 1, 0);
  #  Set the current host and domain.  This is used to support
  #  multihomed systems.  Each IP of the system, or even separate daemons
- Line 2712  RegisterHandler("version", \&GetVersionH
+ Line 3536  RegisterHandler("version", \&GetVersionH
  #     The default domain/system context is modified for this daemon.
  #     a reply is sent to the client.
  #
- sub SelectHostHandler {
+ sub set_virtual_host_handler {
-     my $cmd        = shift;
+     my ($cmd, $tail, $socket) = @_;
-     my $tail       = shift;
-     my $socket     = shift;
      my $userinput  ="$cmd:$tail";
-     Reply($client, &sethost($userinput)."\n", $userinput);
+     &Reply($client, &sethost($userinput)."\n", $userinput);
      return 1;
  }
- RegisterHandler("sethost", \&SelectHostHandler, 0, 1, 0);
+ &register_handler("sethost", \&set_virtual_host_handler, 0, 1, 0);
  #  Process a request to exit:
  #   - "bye" is sent to the client.
- Line 2737  RegisterHandler("sethost", \&SelectHostH
+ Line 3559  RegisterHandler("sethost", \&SelectHostH
  # Returns:
  #   0      - Indicating the program should exit!!
  #
- sub ExitHandler {
+ sub exit_handler {
-     my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $tail    = shift;
-     my $client  = shift;
      my $userinput = "$cmd:$tail";
      &logthis("Client $clientip ($clientname) hanging up: $userinput");
-     Reply($client, "bye\n", $userinput);
+     &Reply($client, "bye\n", $userinput);
      $client->shutdown(2);        # shutdown the socket forcibly.
      $client->close();
      return 0;
  }
- RegisterHandler("exit", \&ExitHandler, 0, 1,1);
+ &register_handler("exit", \&exit_handler, 0,1,1);
- RegisterHandler("init", \&ExitHandler, 0, 1,1);	# RE-init is like exit.
+ &register_handler("init", \&exit_handler, 0,1,1);
- RegisterHandler("quit", \&ExitHandler, 0, 1,1); # I like this too!
+ &register_handler("quit", \&exit_handler, 0,1,1);
- #------------------------------------------------------------------------------------
- #
+ #  Determine if auto-enrollment is enabled.
- #   Process a Request.  Takes a request from the client validates
+ #  Note that the original had what I believe to be a defect.
- #   it and performs the operation requested by it.  Returns
+ #  The original returned 0 if the requestor was not a registerd client.
- #   a response to the client.
+ #  It should return "refused".
- #
+ # Formal Parameters:
- #  Parameters:
+ #   $cmd       - The command that invoked us.
- #      request      - A string containing the user's request.
+ #   $tail      - The tail of the command (Extra command parameters.
- #  Returns:
+ #   $client    - The socket open on the client that issued the request.
- #      0            - Requested to exit, caller should shut down.
+ # Returns:
- #      1            - Accept additional requests from the client.
+ #    1         - Indicating processing should continue.
  #
- sub ProcessRequest {
+ sub enrollment_enabled_handler {
-     my $Request      = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $KeepGoing    = 1;	# Assume we're not asked to stop.
+     my $userinput = $cmd.":".$tail; # For logging purposes.
-     my $wasenc=0;
-     my $userinput = $Request;   # for compatibility with oldcode <yeach>
+     my $cdom = split(/:/, $tail);   # Domain we're asking about.
+     my $outcome  = &localenroll::run($cdom);
+     &Reply($client, "$outcome\n", $userinput);
- # ------------------------------------------------------------ See if encrypted
+     return 1;
+ }
-     if($userinput =~ /^enc/) {
+ &register_handler("autorun", \&enrollment_enabled_handler, 0, 1, 0);
- 	$wasenc = 1;
- 	$userinput = Decipher($userinput);
- 	if(! $userinput) {
- 	    Failure($client,"error:Encrypted data without negotiating key");
- 	    return 0;                      # Break off with this imposter.
- 	}
-     }
-     # Split off the request keyword from the rest of the stuff.
-     my ($command, $tail) = split(/:/, $userinput, 2);
-     Debug("Command received: $command, encoded = $wasenc");
+ #   Get the official sections for which auto-enrollment is possible.
+ #   Since the admin people won't know about 'unofficial sections'
+ #   we cannot auto-enroll on them.
+ # Formal Parameters:
+ #    $cmd     - The command request that got us dispatched here.
+ #    $tail    - The remainder of the request.  In our case this
+ #               will be split into:
+ #               $coursecode   - The course name from the admin point of view.
+ #               $cdom         - The course's domain(?).
+ #    $client  - Socket open on the client.
+ # Returns:
+ #    1    - Indiciting processing should continue.
+ #
+ sub get_sections_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($coursecode, $cdom) = split(/:/, $tail);
- # ------------------------------------------------------------- Normal commands
+     my @secs = &localenroll::get_sections($coursecode,$cdom);
+     my $seclist = &escape(join(':',@secs));
-     #
+     &Reply($client, "$seclist\n", $userinput);
-     #   If the command is in the hash, then execute it via the hash dispatch:
-     #
-     if(defined $Dispatcher{$command}) {
- 	my $DispatchInfo = $Dispatcher{$command};
+     return 1;
- 	my $Handler      = $$DispatchInfo[0];
+ }
- 	my $NeedEncode   = $$DispatchInfo[1];
+ &register_handler("autogetsections", \&get_sections_handler, 0, 1, 0);
- 	my $ClientTypes  = $$DispatchInfo[2];
- 	Debug("Matched dispatch hash: mustencode: $NeedEncode ClientType $ClientTypes");
- 	#  Validate the request:
- 	my $ok = 1;
- 	my $requesterprivs = 0;
- 	if(isClient()) {
- 	    $requesterprivs |= $CLIENT_OK;
- 	}
- 	if(isManager()) {
- 	    $requesterprivs |= $MANAGER_OK;
- 	}
- 	if($NeedEncode && (!$wasenc)) {
- 	    Debug("Must encode but wasn't: $NeedEncode $wasenc");
- 	    $ok = 0;
- 	}
- 	if(($ClientTypes & $requesterprivs) == 0) {
- 	    Debug("Client not privileged to do this operation");
- 	    $ok = 0;
- 	}
- 	if($ok) {
+ #   Validate the owner of a new course section.
- 	    Debug("Dispatching to handler $command $tail");
+ #
- 	    $KeepGoing = &$Handler($command, $tail, $client);
+ # Formal Parameters:
- 	} else {
+ #   $cmd      - Command that got us dispatched.
- 	    Debug("Refusing to dispatch because ok is false");
+ #   $tail     - the remainder of the command.  For us this consists of a
- 	    Failure($client, "refused", $userinput);
+ #               colon separated string containing:
- 	}
+ #                  $inst    - Course Id from the institutions point of view.
+ #                  $owner   - Proposed owner of the course.
+ #                  $cdom    - Domain of the course (from the institutions
+ #                             point of view?)..
+ #   $client   - Socket open on the client.
+ #
+ # Returns:
+ #   1        - Processing should continue.
+ #
+ sub validate_course_owner_handler {
+     my ($cmd, $tail, $client)  = @_;
+     my $userinput = "$cmd:$tail";
+     my ($inst_course_id, $owner, $cdom) = split(/:/, $tail);
+     my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
+     &Reply($client, "$outcome\n", $userinput);
- # ------------------------------------------------------------- unknown command
-     } else {
- 	# unknown command
- 	Failure($client, "unknown_cmd\n", $userinput);
-     }
-     return $KeepGoing;
+     return 1;
  }
+ &register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);
  #
- #   GetCertificate: Given a transaction that requires a certificate,
+ #   Validate a course section in the official schedule of classes
- #   this function will extract the certificate from the transaction
+ #   from the institutions point of view (part of autoenrollment).
- #   request.  Note that at this point, the only concept of a certificate
- #   is the hostname to which we are connected.
  #
- #   Parameter:
+ # Formal Parameters:
- #      request   - The request sent by our client (this parameterization may
+ #   $cmd          - The command request that got us dispatched.
- #                  need to change when we really use a certificate granting
+ #   $tail         - The tail of the command.  In this case,
- #                  authority.
+ #                   this is a colon separated set of words that will be split
+ #                   into:
+ #                        $inst_course_id - The course/section id from the
+ #                                          institutions point of view.
+ #                        $cdom           - The domain from the institutions
+ #                                          point of view.
+ #   $client       - Socket open on the client.
+ # Returns:
+ #    1           - Indicating processing should continue.
  #
- sub GetCertificate {
+ sub validate_course_section_handler {
-     my $request = shift;
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($inst_course_id, $cdom) = split(/:/, $tail);
-     return $clientip;
+     my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
- }
+     &Reply($client, "$outcome\n", $userinput);
+     return 1;
+ }
+ &register_handler("autovalidatecourse", \&validate_course_section_handler, 0, 1, 0);
  #
- #   ReadManagerTable: Reads in the current manager table. For now this is
+ #   Create a password for a new auto-enrollment user.
- #                     done on each manager authentication because:
+ #   I think/guess, this password allows access to the institutions
- #                     - These authentications are not frequent
+ #   AIS class list server/services.  Stuart can correct this comment
- #                     - This allows dynamic changes to the manager table
+ #   when he finds out how wrong I am.
- #                       without the need to signal to the lond.
+ #
+ # Formal Parameters:
+ #    $cmd     - The command request that got us dispatched.
+ #    $tail    - The tail of the command.   In this case this is a colon separated
+ #               set of words that will be split into:
+ #               $authparam - An authentication parameter (username??).
+ #               $cdom      - The domain of the course from the institution's
+ #                            point of view.
+ #    $client  - The socket open on the client.
+ # Returns:
+ #    1 - continue processing.
  #
+ sub create_auto_enroll_password_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
- sub ReadManagerTable {
+     my ($authparam, $cdom) = split(/:/, $userinput);
-     #   Clean out the old table first..
+     my ($create_passwd,$authchk);
+     ($authparam,
+      $create_passwd,
+      $authchk) = &localenroll::create_password($authparam,$cdom);
-     foreach my $key (keys %managers) {
+     &Reply($client, &escape($authparam.':'.$create_passwd.':'.$authchk)."\n",
- 	delete $managers{$key};
+ 	   $userinput);
-     }
-     my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
-     if (!open (MANAGERS, $tablename)) {
+     return 1;
- 	logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
- 	return;
-     }
-     while(my $host = <MANAGERS>) {
- 	chomp($host);
- 	if ($host =~ "^#") {                  # Comment line.
- 	    logthis('<font color="green"> Skipping line: '. "$host</font>\n");
- 	    next;
- 	}
- 	if (!defined $hostip{$host}) { # This is a non cluster member
- 	    #  The entry is of the form:
- 	    #    cluname:hostname
- 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
- 	    #            the host key.
- 	    #  hostname- The dns name of the host.
- 	    #
- 	    my($cluname, $dnsname) = split(/:/, $host);
- 	    my $ip = gethostbyname($dnsname);
- 	    if(defined($ip)) {                 # bad names don't deserve entry.
- 		my $hostip = inet_ntoa($ip);
- 		$managers{$hostip} = $cluname;
- 		logthis('<font color="green"> registering manager '.
- 			"$dnsname as $cluname with $hostip </font>\n");
- 	    }
- 	} else {
- 	    logthis('<font color="green"> existing host'." $host</font>\n");
- 	    $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
- 	}
-     }
  }
+ &register_handler("autocreatepassword", \&create_auto_enroll_password_handler,
+, 1, 0);
+ #   Retrieve and remove temporary files created by/during autoenrollment.
  #
- #  ValidManager: Determines if a given certificate represents a valid manager.
+ # Formal Parameters:
- #                in this primitive implementation, the 'certificate' is
+ #    $cmd      - The command that got us dispatched.
- #                just the connecting loncapa client name.  This is checked
+ #    $tail     - The tail of the command.  In our case this is a colon
- #                against a valid client list in the configuration.
+ #                separated list that will be split into:
+ #                $filename - The name of the file to remove.
+ #                            The filename is given as a path relative to
+ #                            the LonCAPA temp file directory.
+ #    $client   - Socket open on the client.
  #
- #
+ # Returns:
- sub ValidManager {
+ #   1     - Continue processing.
-     my $certificate = shift;
+ sub retrieve_auto_file_handler {
+     my ($cmd, $tail, $client)    = @_;
+     my $userinput                = "cmd:$tail";
+     my ($filename)   = split(/:/, $tail);
+     my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
+     if ( (-e $source) && ($filename ne '') ) {
+ 	my $reply = '';
+ 	if (open(my $fh,$source)) {
+ 	    while (<$fh>) {
+ 		chomp($_);
+ 		$_ =~ s/^\s+//g;
+ 		$_ =~ s/\s+$//g;
+ 		$reply .= $_;
+ 	    }
+ 	    close($fh);
+ 	    &Reply($client, &escape($reply)."\n", $userinput);
-     return isManager;
+ #   Does this have to be uncommented??!?  (RF).
- }
- #
- #  CopyFile:  Called as part of the process of installing a
- #             new configuration file.  This function copies an existing
- #             file to a backup file.
- # Parameters:
- #     oldfile  - Name of the file to backup.
- #     newfile  - Name of the backup file.
- # Return:
- #     0   - Failure (errno has failure reason).
- #     1   - Success.
  #
- sub CopyFile {
+ #                                unlink($source);
-     my $oldfile = shift;
+ 	} else {
-     my $newfile = shift;
+ 	    &Failure($client, "error\n", $userinput);
-     #  The file must exist:
-     if(-e $oldfile) {
- 	# Read the old file.
- 	my $oldfh = IO::File->new("< $oldfile");
- 	if(!$oldfh) {
- 	    return 0;
- 	}
- 	my @contents = <$oldfh>;  # Suck in the entire file.
- 	# write the backup file:
- 	my $newfh = IO::File->new("> $newfile");
- 	if(!(defined $newfh)){
- 	    return 0;
- 	}
- 	my $lines = scalar @contents;
- 	for (my $i =0; $i < $lines; $i++) {
- 	    print $newfh ($contents[$i]);
  	}
- 	$oldfh->close;
- 	$newfh->close;
- 	chmod(0660, $newfile);
- 	return 1;
      } else {
- 	return 0;
+ 	&Failure($client, "error\n", $userinput);
      }
+     return 1;
  }
+ &register_handler("autoretrieve", \&retrieve_auto_file_handler, 0,1,0);
  #
- #  Host files are passed out with externally visible host IPs.
+ #   Read and retrieve institutional code format (for support form).
- #  If, for example, we are behind a fire-wall or NAT host, our
+ # Formal Parameters:
- #  internally visible IP may be different than the externally
+ #    $cmd        - Command that dispatched us.
- #  visible IP.  Therefore, we always adjust the contents of the
+ #    $tail       - Tail of the command.  In this case it conatins
- #  host file so that the entry for ME is the IP that we believe
+ #                  the course domain and the coursename.
- #  we have.  At present, this is defined as the entry that
+ #    $client     - Socket open on the client.
- #  DNS has for us.  If by some chance we are not able to get a
- #  DNS translation for us, then we assume that the host.tab file
- #  is correct.
- #    BUGBUGBUG - in the future, we really should see if we can
- #       easily query the interface(s) instead.
- # Parameter(s):
- #     contents    - The contents of the host.tab to check.
  # Returns:
- #     newcontents - The adjusted contents.
+ #    1     - Continue processing.
  #
+ sub get_institutional_code_format_handler {
+     my ($cmd, $tail, $client)   = @_;
+     my $userinput               = "$cmd:$tail";
+     my $reply;
+     my($cdom,$course) = split(/:/,$tail);
+     my @pairs = split/\&/,$course;
+     my %instcodes = ();
+     my %codes = ();
+     my @codetitles = ();
+     my %cat_titles = ();
+     my %cat_order = ();
+     foreach (@pairs) {
+ 	my ($key,$value) = split/=/,$_;
+ 	$instcodes{&unescape($key)} = &unescape($value);
+     }
+     my $formatreply = &localenroll::instcode_format($cdom,
+ 						    \%instcodes,
+ 						    \%codes,
+ 						    \@codetitles,
+ 						    \%cat_titles,
+ 						    \%cat_order);
+     if ($formatreply eq 'ok') {
+ 	my $codes_str = &hash2str(%codes);
+ 	my $codetitles_str = &array2str(@codetitles);
+ 	my $cat_titles_str = &hash2str(%cat_titles);
+ 	my $cat_order_str = &hash2str(%cat_order);
+ 	&Reply($client,
+ 	       $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'
+ 	       .$cat_order_str."\n",
+ 	       $userinput);
+     } else {
+ 	# this else branch added by RF since if not ok, lonc will
+ 	# hang waiting on reply until timeout.
+ 	#
+ 	&Reply($client, "format_error\n", $userinput);
+     }
+     return 1;
+ }
+ &register_handler("autoinstcodeformat",
+ 		  \&get_institutional_code_format_handler,0,1,0);
  #
- sub AdjustHostContents {
+ # Gets a student's photo to exist (in the correct image type) in the user's
-     my $contents  = shift;
+ # directory.
-     my $adjusted;
+ # Formal Parameters:
-     my $me        = $perlvar{'lonHostID'};
+ #    $cmd     - The command request that got us dispatched.
+ #    $tail    - A colon separated set of words that will be split into:
+ #               $domain - student's domain
+ #               $uname  - student username
+ #               $type   - image type desired
+ #    $client  - The socket open on the client.
+ # Returns:
+ #    1 - continue processing.
+ sub student_photo_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($domain,$uname,$type) = split(/:/, $tail);
+     my $path=&propath($domain,$uname).
+ 	'/userfiles/internal/studentphoto.'.$type;
+     if (-e $path) {
+ 	&Reply($client,"ok\n","$cmd:$tail");
+ 	return 1;
+     }
+     &mkpath($path);
+     my $file=&localstudentphoto::fetch($domain,$uname);
+     if (!$file) {
+ 	&Failure($client,"unavailable\n","$cmd:$tail");
+ 	return 1;
+     }
+     if (!-e $path) { &convert_photo($file,$path); }
+     if (-e $path) {
+ 	&Reply($client,"ok\n","$cmd:$tail");
+ 	return 1;
+     }
+     &Failure($client,"unable_to_convert\n","$cmd:$tail");
+     return 1;
+ }
+ &register_handler("studentphoto", \&student_photo_handler, 0, 1, 0);
-     foreach my $line (split(/\n/,$contents)) {
+ # mkpath makes all directories for a file, expects an absolute path with a
- 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+ # file or a trailing / if just a dir is passed
- 	    chomp($line);
+ # returns 1 on success 0 on failure
- 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+ sub mkpath {
- 	    if ($id eq $me) {
+     my ($file)=@_;
- 		my $ip = gethostbyname($name);
+     my @parts=split(/\//,$file,-1);
- 		my $ipnew = inet_ntoa($ip);
+     my $now=$parts[0].'/'.$parts[1].'/'.$parts[2];
- 		$ip = $ipnew;
+     for (my $i=3;$i<= ($#parts-1);$i++) {
- 		#  Reconstruct the host line and append to adjusted:
+ 	$now.='/'.$parts[$i];
+ 	if (!-e $now) {
- 		my $newline = "$id:$domain:$role:$name:$ip";
+ 	    if  (!mkdir($now,0770)) { return 0; }
- 		if($maxcon ne "") { # Not all hosts have loncnew tuning params
- 		    $newline .= ":$maxcon:$idleto:$mincon";
- 		}
- 		$adjusted .= $newline."\n";
- 	    } else {		# Not me, pass unmodified.
- 		$adjusted .= $line."\n";
- 	    }
- 	} else {                  # Blank or comment never re-written.
- 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
  	}
      }
-     return $adjusted;
+     return 1;
  }
+ #---------------------------------------------------------------
  #
- #   InstallFile: Called to install an administrative file:
+ #   Getting, decoding and dispatching requests:
- #       - The file is created with <name>.tmp
- #       - The <name>.tmp file is then mv'd to <name>
- #   This lugubrious procedure is done to ensure that we are never without
- #   a valid, even if dated, version of the file regardless of who crashes
- #   and when the crash occurs.
  #
- #  Parameters:
- #       Name of the file
- #       File Contents.
- #  Return:
- #      nonzero - success.
- #      0       - failure and $! has an errno.
  #
- sub InstallFile {
+ #   Get a Request:
-     my $Filename = shift;
+ #   Gets a Request message from the client.  The transaction
-     my $Contents = shift;
+ #   is defined as a 'line' of text.  We remove the new line
-     my $TempFile = $Filename.".tmp";
+ #   from the text line.
+ #
-     #  Open the file for write:
+ sub get_request {
+     my $input = <$client>;
-     my $fh = IO::File->new("> $TempFile"); # Write to temp.
+     chomp($input);
-     if(!(defined $fh)) {
- 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
- 	return 0;
-     }
-     #  write the contents of the file:
-     print $fh ($Contents);
-     $fh->close;			# In case we ever have a filesystem w. locking
-     chmod(0660, $TempFile);
+     &Debug("get_request: Request = $input\n");
-     # Now we can move install the file in position.
+     &status('Processing '.$clientname.':'.$input);
-     move($TempFile, $Filename);
-     return 1;
+     return $input;
  }
+ #---------------------------------------------------------------
  #
- #   ConfigFileFromSelector: converts a configuration file selector
+ #  Process a request.  This sub should shrink as each action
- #                 (one of host or domain at this point) into a
+ #  gets farmed out into a separat sub that is registered
- #                 configuration file pathname.
+ #  with the dispatch hash.
  #
- #  Parameters:
+ # Parameters:
- #      selector  - Configuration file selector.
+ #    user_input   - The request received from the client (lonc).
- #  Returns:
+ # Returns:
- #      Full path to the file or undef if the selector is invalid.
+ #    true to keep processing, false if caller should exit.
  #
- sub ConfigFileFromSelector {
+ sub process_request {
-     my $selector   = shift;
+     my ($userinput) = @_;      # Easier for now to break style than to
-     my $tablefile;
+                                 # fix all the userinput -> user_input.
+     my $wasenc    = 0;		# True if request was encrypted.
-     my $tabledir = $perlvar{'lonTabDir'}.'/';
+ # ------------------------------------------------------------ See if encrypted
-     if ($selector eq "hosts") {
+     if ($userinput =~ /^enc/) {
- 	$tablefile = $tabledir."hosts.tab";
+ 	$userinput = decipher($userinput);
-     } elsif ($selector eq "domain") {
+ 	$wasenc=1;
- 	$tablefile = $tabledir."domain.tab";
+ 	if(!$userinput) {	# Cipher not defined.
-     } else {
+ 	    &Failure($client, "error: Encrypted data without negotated key\n");
- 	return undef;
+ 	    return 0;
+ 	}
      }
-     return $tablefile;
+     Debug("process_request: $userinput\n");
- }
- #
- #   PushFile:  Called to do an administrative push of a file.
- #              - Ensure the file being pushed is one we support.
- #              - Backup the old file to <filename.saved>
- #              - Separate the contents of the new file out from the
- #                rest of the request.
- #              - Write the new file.
- #  Parameter:
- #     Request - The entire user request.  This consists of a : separated
- #               string pushfile:tablename:contents.
- #     NOTE:  The contents may have :'s in it as well making things a bit
- #            more interesting... but not much.
- #  Returns:
- #     String to send to client ("ok" or "refused" if bad file).
- #
- sub PushFile {
-     my $request = shift;
-     my ($command, $filename, $contents) = split(":", $request, 3);
-     #  At this point in time, pushes for only the following tables are
+     #
-     #  supported:
+     #   The 'correct way' to add a command to lond is now to
-     #   hosts.tab  ($filename eq host).
+     #   write a sub to execute it and Add it to the command dispatch
-     #   domain.tab ($filename eq domain).
+     #   hash via a call to register_handler..  The comments to that
-     # Construct the destination filename or reject the request.
+     #   sub should give you enough to go on to show how to do this
-     #
+     #   along with the examples that are building up as this code
-     # lonManage is supposed to ensure this, however this session could be
+     #   is getting refactored.   Until all branches of the
-     # part of some elaborate spoof that managed somehow to authenticate.
+     #   if/elseif monster below have been factored out into
-     #
+     #   separate procesor subs, if the dispatch hash is missing
+     #   the command keyword, we will fall through to the remainder
+     #   of the if/else chain below in order to keep this thing in
+     #   working order throughout the transmogrification.
+     my ($command, $tail) = split(/:/, $userinput, 2);
-     my $tablefile = ConfigFileFromSelector($filename);
+     chomp($command);
-     if(! (defined $tablefile)) {
+     chomp($tail);
- 	return "refused";
+     $tail =~ s/(\r)//;		# This helps people debugging with e.g. telnet.
-     }
+     $command =~ s/(\r)//;	# And this too for parameterless commands.
-     #
+     if(!$tail) {
-     # >copy< the old table to the backup table
+ 	$tail ="";		# defined but blank.
-     #        don't rename in case system crashes/reboots etc. in the time
-     #        window between a rename and write.
-     #
-     my $backupfile = $tablefile;
-     $backupfile    =~ s/\.tab$/.old/;
-     if(!CopyFile($tablefile, $backupfile)) {
- 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
- 	return "error:$!";
      }
-     &logthis('<font color="green"> Pushfile: backed up '
- 	     .$tablefile." to $backupfile</font>");
-     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
-     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
-     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
-     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
-     #  that possibilty.
-     if($filename eq "host") {
+     &Debug("Command received: $command, encoded = $wasenc");
- 	$contents = AdjustHostContents($contents);
-     }
-     #  Install the new file:
+     if(defined $Dispatcher{$command}) {
-     if(!InstallFile($tablefile, $contents)) {
+ 	my $dispatch_info = $Dispatcher{$command};
- 	&logthis('<font color="red"> Pushfile: unable to install '
+ 	my $handler       = $$dispatch_info[0];
- 		 .$tablefile." $! </font>");
+ 	my $need_encode   = $$dispatch_info[1];
- 	return "error:$!";
+ 	my $client_types  = $$dispatch_info[2];
-     } else {
+ 	Debug("Matched dispatch hash: mustencode: $need_encode "
- 	&logthis('<font color="green"> Installed new '.$tablefile
+ 	      ."ClientType $client_types");
- 		 ."</font>");
+ 	#  Validate the request:
-     }
+ 	my $ok = 1;
+ 	my $requesterprivs = 0;
+ 	if(&isClient()) {
+ 	    $requesterprivs |= $CLIENT_OK;
+ 	}
+ 	if(&isManager()) {
+ 	    $requesterprivs |= $MANAGER_OK;
+ 	}
+ 	if($need_encode && (!$wasenc)) {
+ 	    Debug("Must encode but wasn't: $need_encode $wasenc");
+ 	    $ok = 0;
+ 	}
+ 	if(($client_types & $requesterprivs) == 0) {
+ 	    Debug("Client not privileged to do this operation");
+ 	    $ok = 0;
+ 	}
+ 	if($ok) {
+ 	    Debug("Dispatching to handler $command $tail");
+ 	    my $keep_going = &$handler($command, $tail, $client);
+ 	    return $keep_going;
+ 	} else {
+ 	    Debug("Refusing to dispatch because client did not match requirements");
+ 	    Failure($client, "refused\n", $userinput);
+ 	    return 1;
+ 	}
-     #  Indicate success:
+     }
-     return "ok";
+     print $client "unknown_cmd\n";
+ # -------------------------------------------------------------------- complete
+     Debug("process_request - returning 1");
+     return 1;
  }
- #
- #  Called to re-init either lonc or lond.
  #
+ #   Decipher encoded traffic
  #  Parameters:
- #    request   - The full request by the client.  This is of the form
+ #     input      - Encoded data.
- #                reinit:<process>
- #                where <process> is allowed to be either of
- #                lonc or lond
- #
  #  Returns:
- #     The string to be sent back to the client either:
+ #     Decoded data or undef if encryption key was not yet negotiated.
- #   ok         - Everything worked just fine.
+ #  Implicit input:
- #   error:why  - There was a failure and why describes the reason.
+ #     cipher  - This global holds the negotiated encryption key.
- #
- #
- sub ReinitProcess {
-     my $request = shift;
-     # separate the request (reinit) from the process identifier and
-     # validate it producing the name of the .pid file for the process.
-     #
-     #
-     my ($junk, $process) = split(":", $request);
-     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
-     if($process eq 'lonc') {
- 	$processpidfile = $processpidfile."lonc.pid";
- 	if (!open(PIDFILE, "< $processpidfile")) {
- 	    return "error:Open failed for $processpidfile";
- 	}
- 	my $loncpid = <PIDFILE>;
- 	close(PIDFILE);
- 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
- 		."</font>");
- 	kill("USR2", $loncpid);
-     } elsif ($process eq 'lond') {
- 	logthis('<font color="red"> Reinitializing self (lond) </font>');
- 	&UpdateHosts;			# Lond is us!!
-     } else {
- 	&logthis('<font color="yellow" Invalid reinit request for '.$process
- 		 ."</font>");
- 	return "error:Invalid process identifier $process";
-     }
-     return 'ok';
- }
- #   Validate a line in a configuration file edit script:
- #   Validation includes:
- #     - Ensuring the command is valid.
- #     - Ensuring the command has sufficient parameters
- #   Parameters:
- #     scriptline - A line to validate (\n has been stripped for what it's worth).
- #
- #   Return:
- #      0     - Invalid scriptline.
- #      1     - Valid scriptline
- #  NOTE:
- #     Only the command syntax is checked, not the executability of the
- #     command.
  #
- sub isValidEditCommand {
+ sub decipher {
-     my $scriptline = shift;
+     my ($input)  = @_;
+     my $output = '';
-     #   Line elements are pipe separated:
-     my ($command, $key, $newline)  = split(/\|/, $scriptline);
-     &logthis('<font color="green"> isValideditCommand checking: '.
- 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
-     if ($command eq "delete") {
- 	#
+     if($cipher) {
- 	#   key with no newline.
+ 	my($enc, $enclength, $encinput) = split(/:/, $input);
- 	#
+ 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
- 	if( ($key eq "") || ($newline ne "")) {
+ 	    $output .=
- 	    return 0;		# Must have key but no newline.
+ 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
- 	} else {
- 	    return 1;		# Valid syntax.
- 	}
-     } elsif ($command eq "replace") {
- 	#
- 	#   key and newline:
- 	#
- 	if (($key eq "") || ($newline eq "")) {
- 	    return 0;
- 	} else {
- 	    return 1;
- 	}
-     } elsif ($command eq "append") {
- 	if (($key ne "") && ($newline eq "")) {
- 	    return 1;
- 	} else {
- 	    return 0;
  	}
+ 	return substr($output, 0, $enclength);
      } else {
- 	return 0;		# Invalid command.
+ 	return undef;
      }
-     return 0;			# Should not get here!!!
  }
  #
- #   ApplyEdit - Applies an edit command to a line in a configuration
+ #   Register a command processor.  This function is invoked to register a sub
- #               file.  It is the caller's responsiblity to validate the
+ #   to process a request.  Once registered, the ProcessRequest sub can automatically
- #               edit line.
+ #   dispatch requests to an appropriate sub, and do the top level validity checking
+ #   as well:
+ #    - Is the keyword recognized.
+ #    - Is the proper client type attempting the request.
+ #    - Is the request encrypted if it has to be.
  #   Parameters:
- #      $directive - A single edit directive to apply.
+ #    $request_name         - Name of the request being registered.
- #                   Edit directives are of the form:
+ #                           This is the command request that will match
- #                  append|newline      - Appends a new line to the file.
+ #                           against the hash keywords to lookup the information
- #                  replace|key|newline - Replaces the line with key value 'key'
+ #                           associated with the dispatch information.
- #                  delete|key          - Deletes the line with key value 'key'.
+ #    $procedure           - Reference to a sub to call to process the request.
- #      $editor   - A config file editor object that contains the
+ #                           All subs get called as follows:
- #                  file being edited.
+ #                             Procedure($cmd, $tail, $replyfd, $key)
+ #                             $cmd    - the actual keyword that invoked us.
+ #                             $tail   - the tail of the request that invoked us.
+ #                             $replyfd- File descriptor connected to the client
+ #    $must_encode          - True if the request must be encoded to be good.
+ #    $client_ok            - True if it's ok for a client to request this.
+ #    $manager_ok           - True if it's ok for a manager to request this.
+ # Side effects:
+ #      - On success, the Dispatcher hash has an entry added for the key $RequestName
+ #      - On failure, the program will die as it's a bad internal bug to try to
+ #        register a duplicate command handler.
  #
- sub ApplyEdit {
+ sub register_handler {
-     my $directive   = shift;
+     my ($request_name,$procedure,$must_encode,	$client_ok,$manager_ok)   = @_;
-     my $editor      = shift;
-     # Break the directive down into its command and its parameters
-     # (at most two at this point.  The meaning of the parameters, if in fact
-     #  they exist depends on the command).
-     my ($command, $p1, $p2) = split(/\|/, $directive);
+     #  Don't allow duplication#
-     if($command eq "append") {
+     if (defined $Dispatcher{$request_name}) {
- 	$editor->Append($p1);	          # p1 - key p2 null.
+ 	die "Attempting to define a duplicate request handler for $request_name\n";
-     } elsif ($command eq "replace") {
- 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
-     } elsif ($command eq "delete") {
- 	$editor->DeleteLine($p1);         # p1 - key p2 null.
-     } else {			          # Should not get here!!!
- 	die "Invalid command given to ApplyEdit $command";
      }
- }
+     #   Build the client type mask:
- #
- # AdjustOurHost:
+     my $client_type_mask = 0;
- #           Adjusts a host file stored in a configuration file editor object
+     if($client_ok) {
- #           for the true IP address of this host. This is necessary for hosts
+ 	$client_type_mask  |= $CLIENT_OK;
- #           that live behind a firewall.
- #           Those hosts have a publicly distributed IP of the firewall, but
- #           internally must use their actual IP.  We assume that a given
- #           host only has a single IP interface for now.
- # Formal Parameters:
- #     editor   - The configuration file editor to adjust.  This
- #                editor is assumed to contain a hosts.tab file.
- # Strategy:
- #    - Figure out our hostname.
- #    - Lookup the entry for this host.
- #    - Modify the line to contain our IP
- #    - Do a replace for this host.
- sub AdjustOurHost {
-     my $editor        = shift;
-     # figure out who I am.
-     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
-     #  Get my host file entry.
-     my $ConfigLine    = $editor->Find($myHostName);
-     if(! (defined $ConfigLine)) {
- 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
      }
-     # figure out my IP:
+     if($manager_ok) {
-     #   Use the config line to get my hostname.
+ 	$client_type_mask  |= $MANAGER_OK;
-     #   Use gethostbyname to translate that into an IP address.
-     #
-     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
-     my $BinaryIp = gethostbyname($name);
-     my $ip       = inet_ntoa($ip);
-     #
-     #  Reassemble the config line from the elements in the list.
-     #  Note that if the loncnew items were not present before, they will
-     #  be now even if they would be empty
-     #
-     my $newConfigLine = $id;
-     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
- 	$newConfigLine .= ":".$item;
      }
-     #  Replace the line:
+     #  Enter the hash:
-     $editor->ReplaceLine($id, $newConfigLine);
+     my @entry = ($procedure, $must_encode, $client_type_mask);
- }
- #
+     $Dispatcher{$request_name} = \@entry;
- #   ReplaceConfigFile:
- #              Replaces a configuration file with the contents of a
- #              configuration file editor object.
- #              This is done by:
- #              - Copying the target file to <filename>.old
- #              - Writing the new file to <filename>.tmp
- #              - Moving <filename.tmp>  -> <filename>
- #              This laborious process ensures that the system is never without
- #              a configuration file that's at least valid (even if the contents
- #              may be dated).
- #   Parameters:
- #        filename   - Name of the file to modify... this is a full path.
- #        editor     - Editor containing the file.
- #
- sub ReplaceConfigFile {
-     my $filename  = shift;
-     my $editor    = shift;
-     CopyFile ($filename, $filename.".old");
-     my $contents  = $editor->Get(); # Get the contents of the file.
-     InstallFile($filename, $contents);
  }
- #
- #
- #   Called to edit a configuration table  file
- #   Parameters:
- #      request           - The entire command/request sent by lonc or lonManage
- #   Return:
- #      The reply to send to the client.
- #
- sub EditFile {
-     my $request = shift;
-     #  Split the command into it's pieces:  edit:filetype:script
-     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
+ #------------------------------------------------------------------
-     #  Check the pre-coditions for success:
-     if($request != "edit") {	# Something is amiss afoot alack.
- 	return "error:edit request detected, but request != 'edit'\n";
-     }
-     if( ($filetype ne "hosts")  &&
- 	($filetype ne "domain")) {
- 	return "error:edit requested with invalid file specifier: $filetype \n";
-     }
-     #   Split the edit script and check it's validity.
-     my @scriptlines = split(/\n/, $script);  # one line per element.
-     my $linecount   = scalar(@scriptlines);
-     for(my $i = 0; $i < $linecount; $i++) {
- 	chomp($scriptlines[$i]);
- 	if(!isValidEditCommand($scriptlines[$i])) {
- 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
- 	}
-     }
-     #   Execute the edit operation.
-     #   - Create a config file editor for the appropriate file and
-     #   - execute each command in the script:
-     #
-     my $configfile = ConfigFileFromSelector($filetype);
-     if (!(defined $configfile)) {
- 	return "refused\n";
-     }
-     my $editor = ConfigFileEdit->new($configfile);
-     for (my $i = 0; $i < $linecount; $i++) {
- 	ApplyEdit($scriptlines[$i], $editor);
-     }
-     # If the file is the host file, ensure that our host is
-     # adjusted to have our ip:
-     #
-     if($filetype eq "host") {
- 	AdjustOurHost($editor);
-     }
-     #  Finally replace the current file with our file.
-     #
-     ReplaceConfigFile($configfile, $editor);
-     return "ok\n";
- }
  #
  #  Convert an error return code from lcpasswd to a string value.
  #
- Line 3459  sub catchexception {
+ Line 4107  sub catchexception {
      $SIG{'QUIT'}='DEFAULT';
      $SIG{__DIE__}='DEFAULT';
      &status("Catching exception");
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
- 	     ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
+      ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
- 	     ."a crash with this error msg->[$error]</font>");
+      ."a crash with this error msg->[$error]</font>");
      &logthis('Famous last words: '.$status.' - '.$lastlog);
      if ($client) { print $client "error: $error\n"; }
      $server->close();
      die($error);
  }
  sub timeout {
      &status("Handling Timeout");
-     &logthis("<font color=ref>CRITICAL: TIME OUT ".$$."</font>");
+     &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
      &catchexception('Timeout');
  }
  # -------------------------------- Set signal handlers to record abnormal exits
  $SIG{'QUIT'}=\&catchexception;
  $SIG{__DIE__}=\&catchexception;
- Line 3487  undef $perlvarref;
+ Line 4135  undef $perlvarref;
  # ----------------------------- Make sure this process is running from user=www
  my $wwwid=getpwnam('www');
  if ($wwwid!=$<) {
-     my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
-     my $subj="LON: $currenthostid User ID mismatch";
+    my $subj="LON: $currenthostid User ID mismatch";
-     system("echo 'User ID mismatch.  lond must be run as user www.' |\
+    system("echo 'User ID mismatch.  lond must be run as user www.' |\
   mailto $emailto -s '$subj' > /dev/null");
-     exit 1;
+    exit 1;
  }
  # --------------------------------------------- Check if other instance running
- Line 3499  if ($wwwid!=$<) {
+ Line 4147  if ($wwwid!=$<) {
  my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
  if (-e $pidfile) {
-     my $lfh=IO::File->new("$pidfile");
+    my $lfh=IO::File->new("$pidfile");
-     my $pide=<$lfh>;
+    my $pide=<$lfh>;
-     chomp($pide);
+    chomp($pide);
-     if (kill 0 => $pide) { die "already running"; }
+    if (kill 0 => $pide) { die "already running"; }
  }
  # ------------------------------------------------------------- Read hosts file
- Line 3515  $server = IO::Socket::INET->new(LocalPor
+ Line 4163  $server = IO::Socket::INET->new(LocalPor
                                  Proto     => 'tcp',
                                  Reuse     => 1,
                                  Listen    => 10 )
-     or die "making socket: $@\n";
+   or die "making socket: $@\n";
  # --------------------------------------------------------- Do global variables
  # global variables
  my %children               = ();       # keys are current child process IDs
- my $children               = 0;        # current number of children
  sub REAPER {                        # takes care of dead children
      $SIG{CHLD} = \&REAPER;
      &status("Handling child death");
-     my $pid = wait;
+     my $pid;
-     if (defined($children{$pid})) {
+     do {
- 	&logthis("Child $pid died");
+ 	$pid = waitpid(-1,&WNOHANG());
- 	$children --;
+ 	if (defined($children{$pid})) {
- 	delete $children{$pid};
+ 	    &logthis("Child $pid died");
-     } else {
+ 	    delete($children{$pid});
- 	&logthis("Unknown Child $pid died");
+ 	} elsif ($pid > 0) {
+ 	    &logthis("Unknown Child $pid died");
+ 	}
+     } while ( $pid > 0 );
+     foreach my $child (keys(%children)) {
+ 	$pid = waitpid($child,&WNOHANG());
+ 	if ($pid > 0) {
+ 	    &logthis("Child $child - $pid looks like we missed it's death");
+ 	    delete($children{$pid});
+ 	}
      }
      &status("Finished Handling child death");
  }
- Line 3545  sub HUNTSMAN {                      # si
+ Line 4201  sub HUNTSMAN {                      # si
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
-     &logthis("<font color=red>CRITICAL: Shutting down</font>");
+     &logthis("<font color='red'>CRITICAL: Shutting down</font>");
      &status("Done killing children");
      exit;                           # clean up with dignity
  }
- Line 3555  sub HUPSMAN {                      # sig
+ Line 4211  sub HUPSMAN {                      # sig
      &status("Killing children for restart (HUP)");
      kill 'INT' => keys %children;
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
-     &logthis("<font color=red>CRITICAL: Restarting</font>");
+     &logthis("<font color='red'>CRITICAL: Restarting</font>");
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
      &status("Restarting self (HUP)");
- Line 3565  sub HUPSMAN {                      # sig
+ Line 4221  sub HUPSMAN {                      # sig
  #
  #    Kill off hashes that describe the host table prior to re-reading it.
  #    Hashes affected are:
- #       %hostid, %hostdom %hostip
+ #       %hostid, %hostdom %hostip %hostdns.
  #
  sub KillHostHashes {
      foreach my $key (keys %hostid) {
- Line 3577  sub KillHostHashes {
+ Line 4233  sub KillHostHashes {
      foreach my $key (keys %hostip) {
  	delete $hostip{$key};
      }
+     foreach my $key (keys %hostdns) {
+ 	delete $hostdns{$key};
+     }
  }
  #
  #   Read in the host table from file and distribute it into the various hashes:
- Line 3587  sub KillHostHashes {
+ Line 4246  sub KillHostHashes {
  sub ReadHostTable {
      open (CONFIG,"$perlvar{'lonTabDir'}/hosts.tab") || die "Can't read host file";
+     my $myloncapaname = $perlvar{'lonHostID'};
+     Debug("My loncapa name is : $myloncapaname");
      while (my $configline=<CONFIG>) {
- 	my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
+ 	if (!($configline =~ /^\s*\#/)) {
- 	chomp($ip); $ip=~s/\D+$//;
+ 	    my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
- 	$hostid{$ip}=$id;
+ 	    chomp($ip); $ip=~s/\D+$//;
- 	$hostdom{$id}=$domain;
+ 	    $hostid{$ip}=$id;         # LonCAPA name of host by IP.
- 	$hostip{$id}=$ip;
+ 	    $hostdom{$id}=$domain;    # LonCAPA domain name of host.
- 	if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; }
+ 	    $hostip{$id}=$ip;	      # IP address of host.
+ 	    $hostdns{$name} = $id;    # LonCAPA name of host by DNS.
+ 	    if ($id eq $perlvar{'lonHostID'}) {
+ 		Debug("Found me in the host table: $name");
+ 		$thisserver=$name;
+ 	    }
+ 	}
      }
      close(CONFIG);
  }
- Line 3656  sub checkchildren {
+ Line 4323  sub checkchildren {
      &logthis('Going to check on the children');
      my $docdir=$perlvar{'lonDocRoot'};
      foreach (sort keys %children) {
- 	sleep 1;
+ 	#sleep 1;
          unless (kill 'USR1' => $_) {
  	    &logthis ('Child '.$_.' is dead');
              &logstatus($$.' is dead');
+ 	    delete($children{$_});
          }
      }
      sleep 5;
-     $SIG{ALRM} = sub { die "timeout" };
+     $SIG{ALRM} = sub { Debug("timeout");
+ 		       die "timeout";  };
      $SIG{__DIE__} = 'DEFAULT';
      &status("Checking on the children (waiting for reports)");
      foreach (sort keys %children) {
          unless (-e "$docdir/lon-status/londchld/$_.txt") {
- 	    eval {
+           eval {
- 		alarm(300);
+             alarm(300);
- 		&logthis('Child '.$_.' did not respond');
+ 	    &logthis('Child '.$_.' did not respond');
- 		kill 9 => $_;
+ 	    kill 9 => $_;
- 		#$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+ 	    #$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
- 		#$subj="LON: $currenthostid killed lond process $_";
+ 	    #$subj="LON: $currenthostid killed lond process $_";
- 		#my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
+ 	    #my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
- 		#$execdir=$perlvar{'lonDaemons'};
+ 	    #$execdir=$perlvar{'lonDaemons'};
- 		#$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
+ 	    #$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
- 		alarm(0);
+ 	    delete($children{$_});
- 	    }
+ 	    alarm(0);
+ 	  }
          }
      }
      $SIG{ALRM} = 'DEFAULT';
      $SIG{__DIE__} = \&catchexception;
      &status("Finished checking children");
+     &logthis('Finished Checking children');
  }
  # --------------------------------------------------------------------- Logging
- Line 3714  sub Debug {
+ Line 4385  sub Debug {
  #     reply   - Text to send to client.
  #     request - Original request from client.
  #
- #  Note: This increments Transactions
- #
  sub Reply {
-     alarm(120);
+     my ($fd, $reply, $request) = @_;
-     my $fd      = shift;
-     my $reply   = shift;
-     my $request = shift;
      print $fd $reply;
      Debug("Request was $request  Reply was $reply");
      $Transactions++;
-     alarm(0);
  }
  #
  #    Sub to report a failure.
  #    This function:
- Line 3759  sub logstatus {
+ Line 4425  sub logstatus {
      &status("Doing logging");
      my $docdir=$perlvar{'lonDocRoot'};
      {
- 	my $fh=IO::File->new(">>$docdir/lon-status/londstatus.txt");
+ 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
- 	print $fh $$."\t".$currenthostid."\t".$status."\t".$lastlog."\n";
+         print $fh $status."\n".$lastlog."\n".time."\n$keymode";
- 	$fh->close();
+         $fh->close();
      }
-     &status("Finished londstatus.txt");
+     &status("Finished $$.txt");
      {
- 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
+ 	open(LOG,">>$docdir/lon-status/londstatus.txt");
- 	print $fh $status."\n".$lastlog."\n".time;
+ 	flock(LOG,LOCK_EX);
- 	$fh->close();
+ 	print LOG $$."\t".$clientname."\t".$currenthostid."\t"
+ 	    .$status."\t".$lastlog."\t $keymode\n";
+ 	flock(DB,LOCK_UN);
+ 	close(LOG);
      }
-     ResetStatistics;
      &status("Finished logging");
  }
  sub initnewstatus {
- Line 3793  sub status {
+ Line 4460  sub status {
      my $what=shift;
      my $now=time;
      my $local=localtime($now);
-     my $status = "lond: $what $local ";
+     $status=$local.': '.$what;
-     if($Transactions) {
+     $0='lond: '.$what.' '.$local;
- 	$status .= " Transactions: $Transactions Failed; $Failures";
-     }
-     $0=$status;
  }
  # -------------------------------------------------------- Escape Special Chars
- Line 3829  sub reconlonc {
+ Line 4493  sub reconlonc {
  	    &logthis("lonc at pid $loncpid responding, sending USR1");
              kill USR1 => $loncpid;
          } else {
- 	    &logthis("<font color=red>CRITICAL: "
+ 	    &logthis(
- 		     ."lonc at pid $loncpid not responding, giving up</font>");
+               "<font color='red'>CRITICAL: "
+              ."lonc at pid $loncpid not responding, giving up</font>");
          }
      } else {
- 	&logthis('<font color=red>CRITICAL: lonc not running, giving up</font>');
+       &logthis('<font color="red">CRITICAL: lonc not running, giving up</font>');
      }
  }
- Line 3845  sub subreply {
+ Line 4510  sub subreply {
      my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
                                        Type    => SOCK_STREAM,
                                        Timeout => 10)
- 	or return "con_lost";
+        or return "con_lost";
      print $sclient "$cmd\n";
      my $answer=<$sclient>;
      chomp($answer);
- Line 3854  sub subreply {
+ Line 4519  sub subreply {
  }
  sub reply {
-     my ($cmd,$server)=@_;
+   my ($cmd,$server)=@_;
-     my $answer;
+   my $answer;
-     if ($server ne $currenthostid) {
+   if ($server ne $currenthostid) {
- 	$answer=subreply($cmd,$server);
+     $answer=subreply($cmd,$server);
- 	if ($answer eq 'con_lost') {
+     if ($answer eq 'con_lost') {
- 	    $answer=subreply("ping",$server);
+ 	$answer=subreply("ping",$server);
- 	    if ($answer ne $server) {
+         if ($answer ne $server) {
- 		&logthis("sub reply: answer != server answer is $answer, server is $server");
+ 	    &logthis("sub reply: answer != server answer is $answer, server is $server");
- 		&reconlonc("$perlvar{'lonSockDir'}/$server");
+            &reconlonc("$perlvar{'lonSockDir'}/$server");
- 	    }
+         }
- 	    $answer=subreply($cmd,$server);
+         $answer=subreply($cmd,$server);
- 	}
+     }
-     } else {
+   } else {
- 	$answer='self_reply';
+     $answer='self_reply';
-     }
+   }
-     return $answer;
+   return $answer;
  }
  # -------------------------------------------------------------- Talk to lonsql
- sub sqlreply {
+ sub sql_reply {
      my ($cmd)=@_;
-     my $answer=subsqlreply($cmd);
+     my $answer=&sub_sql_reply($cmd);
-     if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
+     if ($answer eq 'con_lost') { $answer=&sub_sql_reply($cmd); }
      return $answer;
  }
- sub subsqlreply {
+ sub sub_sql_reply {
      my ($cmd)=@_;
      my $unixsock="mysqlsock";
      my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
      my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
                                        Type    => SOCK_STREAM,
                                        Timeout => 10)
- 	or return "con_lost";
+        or return "con_lost";
      print $sclient "$cmd\n";
      my $answer=<$sclient>;
      chomp($answer);
- Line 3937  my $execdir=$perlvar{'lonDaemons'};
+ Line 4602  my $execdir=$perlvar{'lonDaemons'};
  open (PIDSAVE,">$execdir/logs/lond.pid");
  print PIDSAVE "$$\n";
  close(PIDSAVE);
- &logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
+ &logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
  &status('Starting');
- Line 3955  $SIG{USR2} = \&UpdateHosts;
+ Line 4620  $SIG{USR2} = \&UpdateHosts;
  ReadHostTable;
  # --------------------------------------------------------------
  #   Accept connections.  When a connection comes in, it is validated
  #   and if good, a child process is created to process transactions
- Line 3971  while (1) {
+ Line 4635  while (1) {
  sub make_new_child {
      my $pid;
+ #    my $cipher;     # Now global
      my $sigset;
      $client = shift;
- Line 3981  sub make_new_child {
+ Line 4646  sub make_new_child {
      $sigset = POSIX::SigSet->new(SIGINT);
      sigprocmask(SIG_BLOCK, $sigset)
          or die "Can't block SIGINT for fork: $!\n";
      die "fork: $!" unless defined ($pid = fork);
      $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
- Line 3992  sub make_new_child {
+ Line 4657  sub make_new_child {
      #  the pid hash.
      #
      my $caller = getpeername($client);
-     my ($port,$iaddr)=unpack_sockaddr_in($caller);
+     my ($port,$iaddr);
-     $clientip=inet_ntoa($iaddr);
+     if (defined($caller) && length($caller) > 0) {
+ 	($port,$iaddr)=unpack_sockaddr_in($caller);
+     } else {
+ 	&logthis("Unable to determine who caller was, getpeername returned nothing");
+     }
+     if (defined($iaddr)) {
+ 	$clientip  = inet_ntoa($iaddr);
+ 	Debug("Connected with $clientip");
+ 	$clientdns = gethostbyaddr($iaddr, AF_INET);
+ 	Debug("Connected with $clientdns by name");
+     } else {
+ 	&logthis("Unable to determine clientip");
+ 	$clientip='Unavailable';
+     }
      if ($pid) {
          # Parent records the child's birth and returns.
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
          $children{$pid} = $clientip;
-         $children++;
          &status('Started child '.$pid);
          return;
      } else {
- Line 4017  sub make_new_child {
+ Line 4694  sub make_new_child {
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
+ #        my $tmpsnum=0;            # Now global
+ #---------------------------------------------------- kerberos 5 initialization
          &Authen::Krb5::init_context();
          &Authen::Krb5::init_ets();
  	&status('Accepted connection');
  # =============================================================================
              # do something with the connection
  # -----------------------------------------------------------------------------
- 	# see if we know client and check for spoof IP by challenge
+ 	# see if we know client and 'check' for spoof IP by ineffective challenge
  	ReadManagerTable;	# May also be a manager!!
- Line 4044  sub make_new_child {
+ Line 4721  sub make_new_child {
  	    $clientname = $managers{$clientip};
  	}
  	my $clientok;
  	if ($clientrec || $ismanager) {
  	    &status("Waiting for init from $clientip $clientname");
  	    &logthis('<font color="yellow">INFO: Connection, '.
  		     $clientip.
- 		     " ($clientname) connection type = $ConnectionType </font>" );
+ 		  " ($clientname) connection type = $ConnectionType </font>" );
  	    &status("Connecting $clientip  ($clientname))");
  	    my $remotereq=<$client>;
- 	    $remotereq=~s/[^\w:]//g;
+ 	    chomp($remotereq);
+ 	    Debug("Got init: $remotereq");
+ 	    my $inikeyword = split(/:/, $remotereq);
  	    if ($remotereq =~ /^init/) {
  		&sethost("sethost:$perlvar{'lonHostID'}");
- 		my $challenge="$$".time;
+ 		#
- 		print $client "$challenge\n";
+ 		#  If the remote is attempting a local init... give that a try:
- 		&status("Waiting for challenge reply from $clientip ($clientname)");
+ 		#
- 		$remotereq=<$client>;
+ 		my ($i, $inittype) = split(/:/, $remotereq);
- 		$remotereq=~s/\W//g;
- 		if ($challenge eq $remotereq) {
+ 		# If the connection type is ssl, but I didn't get my
- 		    $clientok=1;
+ 		# certificate files yet, then I'll drop  back to
- 		    print $client "ok\n";
+ 		# insecure (if allowed).
+ 		if($inittype eq "ssl") {
+ 		    my ($ca, $cert) = lonssl::CertificateFile;
+ 		    my $kfile       = lonssl::KeyFile;
+ 		    if((!$ca)   ||
+ 		       (!$cert) ||
+ 		       (!$kfile)) {
+ 			$inittype = ""; # This forces insecure attempt.
+ 			&logthis("<font color=\"blue\"> Certificates not "
+ 				 ."installed -- trying insecure auth</font>");
+ 		    } else {	# SSL certificates are in place so
+ 		    }		# Leave the inittype alone.
+ 		}
+ 		if($inittype eq "local") {
+ 		    my $key = LocalConnection($client, $remotereq);
+ 		    if($key) {
+ 			Debug("Got local key $key");
+ 			$clientok     = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			print $client "ok:local\n";
+ 			&logthis('<font color="green"'
+ 				 . "Successful local authentication </font>");
+ 			$keymode = "local"
+ 		    } else {
+ 			Debug("Failed to get local key");
+ 			$clientok = 0;
+ 			shutdown($client, 3);
+ 			close $client;
+ 		    }
+ 		} elsif ($inittype eq "ssl") {
+ 		    my $key = SSLConnection($client);
+ 		    if ($key) {
+ 			$clientok = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			&logthis('<font color="green">'
+ 				 ."Successfull ssl authentication with $clientname </font>");
+ 			$keymode = "ssl";
+ 		    } else {
+ 			$clientok = 0;
+ 			close $client;
+ 		    }
  		} else {
- 		    &logthis("<font color=blue>WARNING: $clientip did not reply challenge</font>");
+ 		    my $ok = InsecureConnection($client);
- 		    &status('No challenge reply '.$clientip);
+ 		    if($ok) {
+ 			$clientok = 1;
+ 			&logthis('<font color="green">'
+ 				 ."Successful insecure authentication with $clientname </font>");
+ 			print $client "ok\n";
+ 			$keymode = "insecure";
+ 		    } else {
+ 			&logthis('<font color="yellow">'
+ 				  ."Attempted insecure connection disallowed </font>");
+ 			close $client;
+ 			$clientok = 0;
+ 		    }
  		}
  	    } else {
- 		&logthis("<font color=blue>WARNING: "
+ 		&logthis(
+ 			 "<font color='blue'>WARNING: "
  			 ."$clientip failed to initialize: >$remotereq< </font>");
  		&status('No init '.$clientip);
  	    }
  	} else {
- 	    &logthis("<font color=blue>WARNING: Unknown client $clientip</font>");
+ 	    &logthis(
+ 		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
  	    &status('Hung up on '.$clientip);
  	}
  	if ($clientok) {
  # ---------------- New known client connecting, could mean machine online again
- Line 4086  sub make_new_child {
+ Line 4828  sub make_new_child {
  		}
  		&reconlonc("$perlvar{'lonSockDir'}/$id");
  	    }
- 	    &logthis("<font color=green>Established connection: $clientname</font>");
+ 	    &logthis("<font color='green'>Established connection: $clientname</font>");
  	    &status('Will listen to '.$clientname);
- 	    ResetStatistics();
  # ------------------------------------------------------------ Process requests
- 	    my $KeepGoing = 1;
+ 	    my $keep_going = 1;
- 	    while ((my $userinput=GetRequest) && $KeepGoing) {
+ 	    my $user_input;
- 		$KeepGoing = ProcessRequest($userinput);
+ 	    while(($user_input = get_request) && $keep_going) {
- # -------------------------------------------------------------------- complete
+ 		alarm(120);
+ 		Debug("Main: Got $user_input\n");
- 		&status('Listening to '.$clientname);
+ 		$keep_going = &process_request($user_input);
+ 		alarm(0);
+ 		&status('Listening to '.$clientname." ($keymode)");
  	    }
  # --------------------------------------------- client unknown or fishy, refuse
- 	} else {
+ 	}  else {
  	    print $client "refused\n";
  	    $client->close();
- 	    &logthis("<font color=blue>WARNING: "
+ 	    &logthis("<font color='blue'>WARNING: "
  		     ."Rejected client $clientip, closing connection</font>");
  	}
      }
  # =============================================================================
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
  	     ."Disconnect from $clientip ($clientname)</font>");
- Line 4120  sub make_new_child {
+ Line 4862  sub make_new_child {
      exit;
  }
+ #
+ #   Determine if a user is an author for the indicated domain.
+ #
+ # Parameters:
+ #    domain          - domain to check in .
+ #    user            - Name of user to check.
+ #
+ # Return:
+ #     1             - User is an author for domain.
+ #     0             - User is not an author for domain.
+ sub is_author {
+     my ($domain, $user) = @_;
+     &Debug("is_author: $user @ $domain");
+     my $hashref = &tie_user_hash($domain, $user, "roles",
+ 				 &GDBM_READER());
+     #  Author role should show up as a key /domain/_au
+     my $key   = "/$domain/_au";
+     my $value = $hashref->{$key};
+     if(defined($value)) {
+ 	&Debug("$user @ $domain is an author");
+     }
+     return defined($value);
+ }
  #
  #   Checks to see if the input roleput request was to set
  # an author role.  If so, invokes the lchtmldir script to set
- Line 4133  sub make_new_child {
+ Line 4902  sub make_new_child {
  #    user      - Name of the user for which the role is being put.
  #    authtype  - The authentication type associated with the user.
  #
- sub ManagePermissions {
+ sub manage_permissions
-     my $request = shift;
+ {
-     my $domain  = shift;
-     my $user    = shift;
-     my $authtype= shift;
+     my ($request, $domain, $user, $authtype) = @_;
+     &Debug("manage_permissions: $request $domain $user $authtype");
      # See if the request is of the form /$domain/_au
-     &logthis("ruequest is $request");
      if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
  	my $execdir = $perlvar{'lonDaemons'};
  	my $userhome= "/home/$user" ;
  	&logthis("system $execdir/lchtmldir $userhome $user $authtype");
+ 	&Debug("Setting homedir permissions for $userhome");
  	system("$execdir/lchtmldir $userhome $user $authtype");
      }
  }
  #
  #  Return the full path of a user password file, whether it exists or not.
  # Parameters:
- Line 4157  sub ManagePermissions {
+ Line 4929  sub ManagePermissions {
  # Returns:
  #    Full passwd path:
  #
- sub PasswordPath {
+ sub password_path {
-     my $domain = shift;
+     my ($domain, $user) = @_;
-     my $user   = shift;
+     return &propath($domain, $user).'/passwd';
-     my $path   = &propath($domain, $user);
-     my $path  .= "/passwd";
-     return $path;
  }
  #   Password Filename
- Line 4177  sub PasswordPath {
+ Line 4944  sub PasswordPath {
  #   - If the password file exists returns its path.
  #   - If the password file does not exist, returns undefined.
  #
- sub PasswordFilename {
+ sub password_filename {
-     my $domain    = shift;
+     my ($domain, $user) = @_;
-     my $user      = shift;
-     my $path  = PasswordPath($domain, $user);
+     Debug ("PasswordFilename called: dom = $domain user = $user");
+     my $path  = &password_path($domain, $user);
+     Debug("PasswordFilename got path: $path");
      if(-e $path) {
  	return $path;
      } else {
- Line 4200  sub PasswordFilename {
+ Line 4968  sub PasswordFilename {
  #   0    - Failed.
  #   1    - Success.
  #
- sub RewritePwFile {
+ sub rewrite_password_file {
-     my $domain   = shift;
+     my ($domain, $user, $contents) = @_;
-     my $user     = shift;
-     my $contents = shift;
-     my $file = PasswordFilename($domain, $user);
+     my $file = &password_filename($domain, $user);
      if (defined $file) {
  	my $pf = IO::File->new(">$file");
  	if($pf) {
- Line 4219  sub RewritePwFile {
+ Line 4985  sub RewritePwFile {
      }
  }
  #
- #   GetAuthType - Determines the authorization type of a user in a domain.
+ #   get_auth_type - Determines the authorization type of a user in a domain.
  #     Returns the authorization type or nouser if there is no such user.
  #
- sub GetAuthType {
+ sub get_auth_type
-     my $domain = shift;
+ {
-     my $user   = shift;
+     my ($domain, $user)  = @_;
-     Debug("GetAuthType( $domain, $user ) \n");
-     my $passwdfile = PasswordFilename($domain, $user);
+     Debug("get_auth_type( $domain, $user ) \n");
-     if( defined $passwdfile ) {
+     my $proname    = &propath($domain, $user);
+     my $passwdfile = "$proname/passwd";
+     if( -e $passwdfile ) {
  	my $pf = IO::File->new($passwdfile);
  	my $realpassword = <$pf>;
  	chomp($realpassword);
  	Debug("Password info = $realpassword\n");
- 	return $realpassword;
+ 	my ($authtype, $contentpwd) = split(/:/, $realpassword);
+ 	Debug("Authtype = $authtype, content = $contentpwd\n");
+ 	return "$authtype:$contentpwd";
      } else {
  	Debug("Returning nouser");
  	return "nouser";
      }
  }
+ #
+ #  Validate a user given their domain, name and password.  This utility
+ #  function is used by both  AuthenticateHandler and ChangePasswordHandler
+ #  to validate the login credentials of a user.
+ # Parameters:
+ #    $domain    - The domain being logged into (this is required due to
+ #                 the capability for multihomed systems.
+ #    $user      - The name of the user being validated.
+ #    $password  - The user's propoposed password.
+ #
+ # Returns:
+ #     1        - The domain,user,pasword triplet corresponds to a valid
+ #                user.
+ #     0        - The domain,user,password triplet is not a valid user.
+ #
+ sub validate_user {
+     my ($domain, $user, $password) = @_;
+     # Why negative ~pi you may well ask?  Well this function is about
+     # authentication, and therefore very important to get right.
+     # I've initialized the flag that determines whether or not I've
+     # validated correctly to a value it's not supposed to get.
+     # At the end of this function. I'll ensure that it's not still that
+     # value so we don't just wind up returning some accidental value
+     # as a result of executing an unforseen code path that
+     # did not set $validated.  At the end of valid execution paths,
+     # validated shoule be 1 for success or 0 for failuer.
+     my $validated = -3.14159;
+     #  How we authenticate is determined by the type of authentication
+     #  the user has been assigned.  If the authentication type is
+     #  "nouser", the user does not exist so we will return 0.
+     my $contents = &get_auth_type($domain, $user);
+     my ($howpwd, $contentpwd) = split(/:/, $contents);
+     my $null = pack("C",0);	# Used by kerberos auth types.
+     if ($howpwd ne 'nouser') {
+ 	if($howpwd eq "internal") { # Encrypted is in local password file.
+ 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
+ 	}
+ 	elsif ($howpwd eq "unix") { # User is a normal unix user.
+ 	    $contentpwd = (getpwnam($user))[1];
+ 	    if($contentpwd) {
+ 		if($contentpwd eq 'x') { # Shadow password file...
+ 		    my $pwauth_path = "/usr/local/sbin/pwauth";
+ 		    open PWAUTH,  "|$pwauth_path" or
+ 			die "Cannot invoke authentication";
+ 		    print PWAUTH "$user\n$password\n";
+ 		    close PWAUTH;
+ 		    $validated = ! $?;
+ 		} else { 	         # Passwords in /etc/passwd.
+ 		    $validated = (crypt($password,
+ 					$contentpwd) eq $contentpwd);
+ 		}
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	}
+ 	elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain.
+ 	    if(! ($password =~ /$null/) ) {
+ 		my $k4error = &Authen::Krb4::get_pw_in_tkt($user,
+ 							   "",
+ 							   $contentpwd,,
+ 							   'krbtgt',
+ 							   $contentpwd,
+,
+ 							   $password);
+ 		if(!$k4error) {
+ 		    $validated = 1;
+ 		} else {
+ 		    $validated = 0;
+ 		    &logthis('krb4: '.$user.', '.$contentpwd.', '.
+ 			     &Authen::Krb4::get_err_txt($Authen::Krb4::error));
+ 		}
+ 	    } else {
+ 		$validated = 0; # Password has a match with null.
+ 	    }
+ 	} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain.
+ 	    if(!($password =~ /$null/)) { # Null password not allowed.
+ 		my $krbclient = &Authen::Krb5::parse_name($user.'@'
+ 							  .$contentpwd);
+ 		my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd;
+ 		my $krbserver  = &Authen::Krb5::parse_name($krbservice);
+ 		my $credentials= &Authen::Krb5::cc_default();
+ 		$credentials->initialize($krbclient);
+ 		my $krbreturn  = &Authen::KRb5::get_in_tkt_with_password($krbclient,
+ 									 $krbserver,
+ 									 $password,
+ 									 $credentials);
+ 		$validated = ($krbreturn == 1);
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	} elsif ($howpwd eq "localauth") {
+ 	    #  Authenticate via installation specific authentcation method:
+ 	    $validated = &localauth::localauth($user,
+ 					       $password,
+ 					       $contentpwd);
+ 	} else {			# Unrecognized auth is also bad.
+ 	    $validated = 0;
+ 	}
+     } else {
+ 	$validated = 0;
+     }
+     #
+     #  $validated has the correct stat of the authentication:
+     #
+     unless ($validated != -3.14159) {
+ 	#  I >really really< want to know if this happens.
+ 	#  since it indicates that user authentication is badly
+ 	#  broken in some code path.
+         #
+ 	die "ValidateUser - failed to set the value of validated $domain, $user $password";
+     }
+     return $validated;
+ }
  sub addline {
      my ($fname,$hostid,$ip,$newline)=@_;
      my $contents;
- Line 4262  sub addline {
+ Line 5158  sub addline {
      return $found;
  }
- sub getchat {
+ sub get_chat {
      my ($cdom,$cname,$udom,$uname)=@_;
      my %hash;
      my $proname=&propath($cdom,$cname);
- Line 4287  sub getchat {
+ Line 5183  sub getchat {
      return (@participants,@entries);
  }
- sub chatadd {
+ sub chat_add {
      my ($cdom,$cname,$newchat)=@_;
      my %hash;
      my $proname=&propath($cdom,$cname);
- Line 4326  sub chatadd {
+ Line 5222  sub chatadd {
  sub unsub {
      my ($fname,$clientip)=@_;
      my $result;
+     my $unsubs = 0;		# Number of successful unsubscribes:
+     # An old way subscriptions were handled was to have a
+     # subscription marker file:
+     Debug("Attempting unlink of $fname.$clientname");
      if (unlink("$fname.$clientname")) {
- 	$result="ok\n";
+ 	$unsubs++;		# Successful unsub via marker file.
-     } else {
+     }
- 	$result="not_subscribed\n";
-     }
+     # The more modern way to do it is to have a subscription list
+     # file:
      if (-e "$fname.subscription") {
  	my $found=&addline($fname,$clientname,$clientip,'');
- 	if ($found) { $result="ok\n"; }
+ 	if ($found) {
+ 	    $unsubs++;
+ 	}
+     }
+     #  If either or both of these mechanisms succeeded in unsubscribing a
+     #  resource we can return ok:
+     if($unsubs) {
+ 	$result = "ok\n";
      } else {
- 	if ($result != "ok\n") { $result="not_subscribed\n"; }
+ 	$result = "not_subscribed\n";
      }
      return $result;
  }
- Line 4345  sub currentversion {
+ Line 5260  sub currentversion {
      my $version=-1;
      my $ulsdir='';
      if ($fname=~/^(.+)\/[^\/]+$/) {
- 	$ulsdir=$1;
+        $ulsdir=$1;
      }
      my ($fnamere1,$fnamere2);
      # remove version if already specified
- Line 4402  sub subscribe {
+ Line 5317  sub subscribe {
                      symlink($root.'.'.$extension,
                              $root.'.'.$currentversion.'.'.$extension);
                      unless ($extension=~/\.meta$/) {
- 			symlink($root.'.'.$extension.'.meta',
+                        symlink($root.'.'.$extension.'.meta',
- 				$root.'.'.$currentversion.'.'.$extension.'.meta');
+                             $root.'.'.$currentversion.'.'.$extension.'.meta');
  		    }
                  }
              }
- Line 4440  sub make_passwd_file {
+ Line 5355  sub make_passwd_file {
      if ($umode eq 'krb4' or $umode eq 'krb5') {
  	{
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "$umode:$npass\n";
+ 	    if ($pf) {
+ 		print $pf "$umode:$npass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'internal') {
  	my $salt=time;
- Line 4449  sub make_passwd_file {
+ Line 5368  sub make_passwd_file {
  	{
  	    &Debug("Creating internal auth");
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "internal:$ncpass\n";
+ 	    if($pf) {
+ 		print $pf "internal:$ncpass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'localauth') {
  	{
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "localauth:$npass\n";
+ 	    if($pf) {
+ 		print $pf "localauth:$npass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'unix') {
  	{
- 	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    #
+ 	    #  Don't allow the creation of privileged accounts!!! that would
+ 	    #  be real bad!!!
+ 	    #
+ 	    my $uid = getpwnam($uname);
+ 	    if((defined $uid) && ($uid == 0)) {
+ 		&logthis(">>>Attempted to create privilged account blocked");
+ 		return "no_priv_account_error\n";
+ 	    }
+ 	    my $execpath       ="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    my $lc_error_file  = $execdir."/tmp/lcuseradd".$$.".status";
  	    {
  		&Debug("Executing external: ".$execpath);
  		&Debug("user  = ".$uname.", Password =". $npass);
- Line 4466  sub make_passwd_file {
+ Line 5405  sub make_passwd_file {
  		print $se "$uname\n";
  		print $se "$npass\n";
  		print $se "$npass\n";
+ 		print $se "$lc_error_file\n"; # Status -> unique file.
  	    }
- 	    my $useraddok = $?;
+ 	    my $error = IO::File->new("< $lc_error_file");
+ 	    my $useraddok = <$error>;
+ 	    $error->close;
+ 	    unlink($lc_error_file);
+ 	    chomp $useraddok;
  	    if($useraddok > 0) {
- 		&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
+ 		my $error_text = &lcuseraddstrerror($useraddok);
+ 		&logthis("Failed lcuseradd: $error_text");
+ 		$result = "lcuseradd_failed:$error_text\n";
+ 	    }  else {
+ 		my $pf = IO::File->new(">$passfilename");
+ 		if($pf) {
+ 		    print $pf "unix:\n";
+ 		} else {
+ 		    $result = "pass_file_failed_error";
+ 		}
  	    }
- 	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "unix:\n";
  	}
      } elsif ($umode eq 'none') {
  	{
- 	    my $pf = IO::File->new(">$passfilename");
+ 	    my $pf = IO::File->new("> $passfilename");
- 	    print $pf "none:\n";
+ 	    if($pf) {
+ 		print $pf "none:\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } else {
  	$result="auth_mode_error\n";
- Line 4485  sub make_passwd_file {
+ Line 5442  sub make_passwd_file {
      return $result;
  }
+ sub convert_photo {
+     my ($start,$dest)=@_;
+     system("convert $start $dest");
+ }
  sub sethost {
      my ($remotereq) = @_;
      my (undef,$hostid)=split(/:/,$remotereq);
      if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
      if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) {
- 	$currenthostid=$hostid;
+ 	$currenthostid  =$hostid;
  	$currentdomainid=$hostdom{$hostid};
  	&logthis("Setting hostid to $hostid, and domain to $currentdomainid");
      } else {
- Line 4506  sub version {
+ Line 5468  sub version {
      $remoteVERSION=(split(/:/,$userinput))[1];
      return "version:$VERSION";
  }
- ############## >>>>>>>>>>>>>>>>>>>>>>>>>> FUTUREWORK <<<<<<<<<<<<<<<<<<<<<<<<<<<<
  #There is a copy of this in lonnet.pm
- #   Can we hoist these lil' things out into common places?
- #
  sub userload {
      my $numusers=0;
      {
- Line 4532  sub userload {
+ Line 5492  sub userload {
      return $userloadpercent;
  }
+ # Routines for serializing arrays and hashes (copies from lonnet)
+ sub array2str {
+   my (@array) = @_;
+   my $result=&arrayref2str(\@array);
+   $result=~s/^__ARRAY_REF__//;
+   $result=~s/__END_ARRAY_REF__$//;
+   return $result;
+ }
+ sub arrayref2str {
+   my ($arrayref) = @_;
+   my $result='__ARRAY_REF__';
+   foreach my $elem (@$arrayref) {
+     if(ref($elem) eq 'ARRAY') {
+       $result.=&arrayref2str($elem).'&';
+     } elsif(ref($elem) eq 'HASH') {
+       $result.=&hashref2str($elem).'&';
+     } elsif(ref($elem)) {
+       #print("Got a ref of ".(ref($elem))." skipping.");
+     } else {
+       $result.=&escape($elem).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_ARRAY_REF__';
+   return $result;
+ }
+ sub hash2str {
+   my (%hash) = @_;
+   my $result=&hashref2str(\%hash);
+   $result=~s/^__HASH_REF__//;
+   $result=~s/__END_HASH_REF__$//;
+   return $result;
+ }
+ sub hashref2str {
+   my ($hashref)=@_;
+   my $result='__HASH_REF__';
+   foreach (sort(keys(%$hashref))) {
+     if (ref($_) eq 'ARRAY') {
+       $result.=&arrayref2str($_).'=';
+     } elsif (ref($_) eq 'HASH') {
+       $result.=&hashref2str($_).'=';
+     } elsif (ref($_)) {
+       $result.='=';
+       #print("Got a ref of ".(ref($_))." skipping.");
+     } else {
+         if ($_) {$result.=&escape($_).'=';} else { last; }
+     }
+     if(ref($hashref->{$_}) eq 'ARRAY') {
+       $result.=&arrayref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_}) eq 'HASH') {
+       $result.=&hashref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_})) {
+        $result.='&';
+       #print("Got a ref of ".(ref($hashref->{$_}))." skipping.");
+     } else {
+       $result.=&escape($hashref->{$_}).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_HASH_REF__';
+   return $result;
+ }
  # ----------------------------------- POD (plain old documentation, CPAN style)
  =head1 NAME
- Line 4739  Place in B<logs/lond.log>
+ Line 5767  Place in B<logs/lond.log>
  stores hash in namespace
- =item rolesput
+ =item rolesputy
  put a role into a user's environment

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.178.2.10
changed lines
	Added in v.1.267