loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.178.2.2 and 1.267

-version 1.178.2.2, 2004/02/23 10:25:52
+version 1.267, 2004/12/08 22:45:33
  Line 20
  #
  # You should have received a copy of the GNU General Public License
  # along with LON-CAPA; if not, write to the Free Software
  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  #
  # /home/httpd/html/adm/gpl.txt
  #
  Line 45  use Authen::Krb4;
  use Authen::Krb5;
  use lib '/home/httpd/lib/perl/';
  use localauth;
+ use localenroll;
+ use localstudentphoto;
  use File::Copy;
  use LONCAPA::ConfigFileEdit;
+ use LONCAPA::lonlocal;
+ use LONCAPA::lonssl;
+ use Fcntl qw(:flock);
- my $DEBUG = 1;		       # Non zero to enable debug log entries.
+ my $DEBUG = 0;		       # Non zero to enable debug log entries.
  my $status='';
  my $lastlog='';
  my $VERSION='$Revision$'; #' stupid emacs
  my $remoteVERSION;
- my $currenthostid;
+ my $currenthostid="default";
  my $currentdomainid;
  my $client;
- my $clientip;
+ my $clientip;			# IP address of client.
- my $clientname;
+ my $clientdns;			# DNS name of client.
+ my $clientname;			# LonCAPA name of client.
- my $cipher;			# Cipher key negotiated with client.
- my $tmpsnum = 0;;		# Id of tmpputs.
  my $server;
- my $thisserver;
+ my $thisserver;			# DNS of us.
+ my $keymode;
+ my $cipher;			# Cipher key negotiated with client
+ my $tmpsnum = 0;		# Id of tmpputs.
  #
  #   Connection type is:
- Line 77  my $thisserver;
+ Line 85  my $thisserver;
  my $ConnectionType;
- my %hostid;
+ my %hostid;			# ID's for hosts in cluster by ip.
- my %hostdom;
+ my %hostdom;			# LonCAPA domain for hosts in cluster.
- my %hostip;
+ my %hostip;			# IPs for hosts in cluster.
+ my %hostdns;			# ID's of hosts looked up by DNS name.
  my %managers;			# Ip -> manager names
- Line 98  my $CLIENT_OK  = 1;
+ Line 107  my $CLIENT_OK  = 1;
  my $MANAGER_OK = 2;
  my %Dispatcher;
  #
  #  The array below are password error strings."
  #
- Line 113  my @passwderrors = ("ok",
+ Line 123  my @passwderrors = ("ok",
  		   "lcpasswd Cannot set new passwd.",
  		   "lcpasswd Username has invalid characters",
  		   "lcpasswd Invalid characters in password",
- 		    "11", "12",
+ 		   "lcpasswd User already exists",
- 		    "lcpasswd Password mismatch");
+                    "lcpasswd Something went wrong with user addition.",
+ 		    "lcpasswd Password mismatch",
+ 		    "lcpasswd Error filename is invalid");
  #  The array below are lcuseradd error strings.:
- Line 135  my @adderrors    = ("ok",
+ Line 147  my @adderrors    = ("ok",
  		    "lcuseradd Could not add user.",
  		    "lcuseradd Password mismatch");
  #
  #   Statistics that are maintained and dislayed in the status line.
  #
- my $Transactions;		# Number of attempted transactions.
+ my $Transactions = 0;		# Number of attempted transactions.
- my $Failures;			# Number of transcations failed.
+ my $Failures     = 0;		# Number of transcations failed.
  #   ResetStatistics:
  #      Resets the statistics counters:
- Line 149  sub ResetStatistics {
+ Line 163  sub ResetStatistics {
      $Failures     = 0;
  }
+ #------------------------------------------------------------------------
+ #
+ #   LocalConnection
+ #     Completes the formation of a locally authenticated connection.
+ #     This function will ensure that the 'remote' client is really the
+ #     local host.  If not, the connection is closed, and the function fails.
+ #     If so, initcmd is parsed for the name of a file containing the
+ #     IDEA session key.  The fie is opened, read, deleted and the session
+ #     key returned to the caller.
+ #
+ # Parameters:
+ #   $Socket      - Socket open on client.
+ #   $initcmd     - The full text of the init command.
+ #
+ # Implicit inputs:
+ #    $clientdns  - The DNS name of the remote client.
+ #    $thisserver - Our DNS name.
+ #
+ # Returns:
+ #     IDEA session key on success.
+ #     undef on failure.
+ #
+ sub LocalConnection {
+     my ($Socket, $initcmd) = @_;
+     Debug("Attempting local connection: $initcmd client: $clientdns me: $thisserver");
+     if($clientdns ne $thisserver) {
+ 	&logthis('<font color="red"> LocalConnection rejecting non local: '
+ 		 ."$clientdns ne $thisserver </font>");
+ 	close $Socket;
+ 	return undef;
+     }  else {
+ 	chomp($initcmd);	# Get rid of \n in filename.
+ 	my ($init, $type, $name) = split(/:/, $initcmd);
+ 	Debug(" Init command: $init $type $name ");
+ 	# Require that $init = init, and $type = local:  Otherwise
+ 	# the caller is insane:
+ 	if(($init ne "init") && ($type ne "local")) {
+ 	    &logthis('<font color = "red"> LocalConnection: caller is insane! '
+ 		     ."init = $init, and type = $type </font>");
+ 	    close($Socket);;
+ 	    return undef;
+ 	}
+ 	#  Now get the key filename:
+ 	my $IDEAKey = lonlocal::ReadKeyFile($name);
+ 	return $IDEAKey;
+     }
+ }
+ #------------------------------------------------------------------------------
+ #
+ #  SSLConnection
+ #   Completes the formation of an ssh authenticated connection. The
+ #   socket is promoted to an ssl socket.  If this promotion and the associated
+ #   certificate exchange are successful, the IDEA key is generated and sent
+ #   to the remote peer via the SSL tunnel. The IDEA key is also returned to
+ #   the caller after the SSL tunnel is torn down.
+ #
+ # Parameters:
+ #   Name              Type             Purpose
+ #   $Socket          IO::Socket::INET  Plaintext socket.
+ #
+ # Returns:
+ #    IDEA key on success.
+ #    undef on failure.
+ #
+ sub SSLConnection {
+     my $Socket   = shift;
+     Debug("SSLConnection: ");
+     my $KeyFile         = lonssl::KeyFile();
+     if(!$KeyFile) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get key file $err </font>");
+ 	return undef;
+     }
+     my ($CACertificate,
+ 	$Certificate) = lonssl::CertificateFile();
+     # If any of the key, certificate or certificate authority
+     # certificate filenames are not defined, this can't work.
+     if((!$Certificate) || (!$CACertificate)) {
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL"
+ 		 ."Can't get certificates: $err </font>");
+ 	return undef;
+     }
+     Debug("Key: $KeyFile CA: $CACertificate Cert: $Certificate");
+     # Indicate to our peer that we can procede with
+     # a transition to ssl authentication:
+     print $Socket "ok:ssl\n";
+     Debug("Approving promotion -> ssl");
+     #  And do so:
+     my $SSLSocket = lonssl::PromoteServerSocket($Socket,
+ 						$CACertificate,
+ 						$Certificate,
+ 						$KeyFile);
+     if(! ($SSLSocket) ) {	# SSL socket promotion failed.
+ 	my $err = lonssl::LastError();
+ 	&logthis("<font color=\"red\"> CRITICAL "
+ 		 ."SSL Socket promotion failed: $err </font>");
+ 	return undef;
+     }
+     Debug("SSL Promotion successful");
+     #
+     #  The only thing we'll use the socket for is to send the IDEA key
+     #  to the peer:
+     my $Key = lonlocal::CreateCipherKey();
+     print $SSLSocket "$Key\n";
+     lonssl::Close($SSLSocket);
+     Debug("Key exchange complete: $Key");
+     return $Key;
+ }
+ #
+ #     InsecureConnection:
+ #        If insecure connections are allowd,
+ #        exchange a challenge with the client to 'validate' the
+ #        client (not really, but that's the protocol):
+ #        We produce a challenge string that's sent to the client.
+ #        The client must then echo the challenge verbatim to us.
+ #
+ #  Parameter:
+ #      Socket      - Socket open on the client.
+ #  Returns:
+ #      1           - success.
+ #      0           - failure (e.g.mismatch or insecure not allowed).
+ #
+ sub InsecureConnection {
+     my $Socket  =  shift;
+     #   Don't even start if insecure connections are not allowed.
+     if(! $perlvar{londAllowInsecure}) {	# Insecure connections not allowed.
+ 	return 0;
+     }
+     #   Fabricate a challenge string and send it..
+     my $challenge = "$$".time;	# pid + time.
+     print $Socket "$challenge\n";
+     &status("Waiting for challenge reply");
+     my $answer = <$Socket>;
+     $answer    =~s/\W//g;
+     if($challenge eq $answer) {
+ 	return 1;
+     } else {
+ 	logthis("<font color='blue'>WARNING client did not respond to challenge</font>");
+ 	&status("No challenge reqply");
+ 	return 0;
+     }
+ }
+ #
+ #   Safely execute a command (as long as it's not a shel command and doesn
+ #   not require/rely on shell escapes.   The function operates by doing a
+ #   a pipe based fork and capturing stdout and stderr  from the pipe.
+ #
+ # Formal Parameters:
+ #     $line                    - A line of text to be executed as a command.
+ # Returns:
+ #     The output from that command.  If the output is multiline the caller
+ #     must know how to split up the output.
+ #
+ #
+ sub execute_command {
+     my ($line)    = @_;
+     my @words     = split(/\s/, $line);	# Bust the command up into words.
+     my $output    = "";
+     my $pid = open(CHILD, "-|");
+     if($pid) {			# Parent process
+ 	Debug("In parent process for execute_command");
+ 	my @data = <CHILD>;	# Read the child's outupt...
+ 	close CHILD;
+ 	foreach my $output_line (@data) {
+ 	    Debug("Adding $output_line");
+ 	    $output .= $output_line; # Presumably has a \n on it.
+ 	}
+     } else {			# Child process
+ 	close (STDERR);
+ 	open  (STDERR, ">&STDOUT");# Combine stderr, and stdout...
+ 	exec(@words);		# won't return.
+     }
+     return $output;
+ }
+ #   GetCertificate: Given a transaction that requires a certificate,
+ #   this function will extract the certificate from the transaction
+ #   request.  Note that at this point, the only concept of a certificate
+ #   is the hostname to which we are connected.
+ #
+ #   Parameter:
+ #      request   - The request sent by our client (this parameterization may
+ #                  need to change when we really use a certificate granting
+ #                  authority.
+ #
+ sub GetCertificate {
+     my $request = shift;
+     return $clientip;
+ }
  #
  #   Return true if client is a manager.
  #
- Line 164  sub isClient {
+ Line 400  sub isClient {
  #
- #   Get a Request:
+ #   ReadManagerTable: Reads in the current manager table. For now this is
- #   Gets a Request message from the client.  The transaction
+ #                     done on each manager authentication because:
- #   is defined as a 'line' of text.  We remove the new line
+ #                     - These authentications are not frequent
- #   from the text line.
+ #                     - This allows dynamic changes to the manager table
- #
+ #                       without the need to signal to the lond.
- sub GetRequest {
+ #
-     my $input = <$client>;
+ sub ReadManagerTable {
-     chomp($input);
-     Debug("Request = $input\n");
+     #   Clean out the old table first..
-     &status('Processing '.$clientname.':'.$input);
+    foreach my $key (keys %managers) {
+       delete $managers{$key};
+    }
-     return $input;
+    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+    if (!open (MANAGERS, $tablename)) {
+       logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
+       return;
+    }
+    while(my $host = <MANAGERS>) {
+       chomp($host);
+       if ($host =~ "^#") {                  # Comment line.
+          next;
+       }
+       if (!defined $hostip{$host}) { # This is a non cluster member
+ 	    #  The entry is of the form:
+ 	    #    cluname:hostname
+ 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
+ 	    #            the host key.
+ 	    #  hostname- The dns name of the host.
+ 	    #
+           my($cluname, $dnsname) = split(/:/, $host);
+           my $ip = gethostbyname($dnsname);
+           if(defined($ip)) {                 # bad names don't deserve entry.
+             my $hostip = inet_ntoa($ip);
+             $managers{$hostip} = $cluname;
+             logthis('<font color="green"> registering manager '.
+                     "$dnsname as $cluname with $hostip </font>\n");
+          }
+       } else {
+          logthis('<font color="green"> existing host'." $host</font>\n");
+          $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
+       }
+    }
  }
+ #
+ #  ValidManager: Determines if a given certificate represents a valid manager.
+ #                in this primitive implementation, the 'certificate' is
+ #                just the connecting loncapa client name.  This is checked
+ #                against a valid client list in the configuration.
+ #
+ #
+ sub ValidManager {
+     my $certificate = shift;
+     return isManager;
+ }
+ #
+ #  CopyFile:  Called as part of the process of installing a
+ #             new configuration file.  This function copies an existing
+ #             file to a backup file.
+ # Parameters:
+ #     oldfile  - Name of the file to backup.
+ #     newfile  - Name of the backup file.
+ # Return:
+ #     0   - Failure (errno has failure reason).
+ #     1   - Success.
+ #
+ sub CopyFile {
+     my ($oldfile, $newfile) = @_;
+     #  The file must exist:
+     if(-e $oldfile) {
+ 	 # Read the old file.
+ 	my $oldfh = IO::File->new("< $oldfile");
+ 	if(!$oldfh) {
+ 	    return 0;
+ 	}
+ 	my @contents = <$oldfh>;  # Suck in the entire file.
+ 	# write the backup file:
+ 	my $newfh = IO::File->new("> $newfile");
+ 	if(!(defined $newfh)){
+ 	    return 0;
+ 	}
+ 	my $lines = scalar @contents;
+ 	for (my $i =0; $i < $lines; $i++) {
+ 	    print $newfh ($contents[$i]);
+ 	}
+ 	$oldfh->close;
+ 	$newfh->close;
+ 	chmod(0660, $newfile);
+ 	return 1;
+     } else {
+ 	return 0;
+     }
+ }
+ #
+ #  Host files are passed out with externally visible host IPs.
+ #  If, for example, we are behind a fire-wall or NAT host, our
+ #  internally visible IP may be different than the externally
+ #  visible IP.  Therefore, we always adjust the contents of the
+ #  host file so that the entry for ME is the IP that we believe
+ #  we have.  At present, this is defined as the entry that
+ #  DNS has for us.  If by some chance we are not able to get a
+ #  DNS translation for us, then we assume that the host.tab file
+ #  is correct.
+ #    BUGBUGBUG - in the future, we really should see if we can
+ #       easily query the interface(s) instead.
+ # Parameter(s):
+ #     contents    - The contents of the host.tab to check.
+ # Returns:
+ #     newcontents - The adjusted contents.
+ #
+ #
+ sub AdjustHostContents {
+     my $contents  = shift;
+     my $adjusted;
+     my $me        = $perlvar{'lonHostID'};
+  foreach my $line (split(/\n/,$contents)) {
+ 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+ 	    chomp($line);
+ 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+ 	    if ($id eq $me) {
+           my $ip = gethostbyname($name);
+           my $ipnew = inet_ntoa($ip);
+          $ip = $ipnew;
+ 		#  Reconstruct the host line and append to adjusted:
+ 		   my $newline = "$id:$domain:$role:$name:$ip";
+ 		   if($maxcon ne "") { # Not all hosts have loncnew tuning params
+ 		     $newline .= ":$maxcon:$idleto:$mincon";
+ 		   }
+ 		   $adjusted .= $newline."\n";
+       } else {		# Not me, pass unmodified.
+ 		   $adjusted .= $line."\n";
+       }
+ 	} else {                  # Blank or comment never re-written.
+ 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
+ 	}
+  }
+  return $adjusted;
+ }
+ #
+ #   InstallFile: Called to install an administrative file:
+ #       - The file is created with <name>.tmp
+ #       - The <name>.tmp file is then mv'd to <name>
+ #   This lugubrious procedure is done to ensure that we are never without
+ #   a valid, even if dated, version of the file regardless of who crashes
+ #   and when the crash occurs.
  #
- #   Decipher encoded traffic
  #  Parameters:
- #     input      - Encoded data.
+ #       Name of the file
+ #       File Contents.
+ #  Return:
+ #      nonzero - success.
+ #      0       - failure and $! has an errno.
+ #
+ sub InstallFile {
+     my ($Filename, $Contents) = @_;
+     my $TempFile = $Filename.".tmp";
+     #  Open the file for write:
+     my $fh = IO::File->new("> $TempFile"); # Write to temp.
+     if(!(defined $fh)) {
+ 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
+ 	return 0;
+     }
+     #  write the contents of the file:
+     print $fh ($Contents);
+     $fh->close;			# In case we ever have a filesystem w. locking
+     chmod(0660, $TempFile);
+     # Now we can move install the file in position.
+     move($TempFile, $Filename);
+     return 1;
+ }
+ #
+ #   ConfigFileFromSelector: converts a configuration file selector
+ #                 (one of host or domain at this point) into a
+ #                 configuration file pathname.
+ #
+ #  Parameters:
+ #      selector  - Configuration file selector.
  #  Returns:
- #     Decoded data or undef if encryption key was not yet negotiated.
+ #      Full path to the file or undef if the selector is invalid.
- #  Implicit input:
- #     cipher  - This global holds the negotiated encryption key.
  #
- sub Decipher {
+ sub ConfigFileFromSelector {
-    my $input  = shift;
+     my $selector   = shift;
-    my $output = '';
+     my $tablefile;
+     my $tabledir = $perlvar{'lonTabDir'}.'/';
-    if($cipher) {
+     if ($selector eq "hosts") {
-       my($enc, $enclength, $encinput) = split(/:/, $input);
+ 	$tablefile = $tabledir."hosts.tab";
-       for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
+     } elsif ($selector eq "domain") {
-          $output .=
+ 	$tablefile = $tabledir."domain.tab";
-             $cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
+     } else {
-       }
+ 	return undef;
-       return substr($output, 0, $enclength);
+     }
-    } else {
+     return $tablefile;
-       return undef;
-    }
+ }
+ #
+ #   PushFile:  Called to do an administrative push of a file.
+ #              - Ensure the file being pushed is one we support.
+ #              - Backup the old file to <filename.saved>
+ #              - Separate the contents of the new file out from the
+ #                rest of the request.
+ #              - Write the new file.
+ #  Parameter:
+ #     Request - The entire user request.  This consists of a : separated
+ #               string pushfile:tablename:contents.
+ #     NOTE:  The contents may have :'s in it as well making things a bit
+ #            more interesting... but not much.
+ #  Returns:
+ #     String to send to client ("ok" or "refused" if bad file).
+ #
+ sub PushFile {
+     my $request = shift;
+     my ($command, $filename, $contents) = split(":", $request, 3);
+     #  At this point in time, pushes for only the following tables are
+     #  supported:
+     #   hosts.tab  ($filename eq host).
+     #   domain.tab ($filename eq domain).
+     # Construct the destination filename or reject the request.
+     #
+     # lonManage is supposed to ensure this, however this session could be
+     # part of some elaborate spoof that managed somehow to authenticate.
+     #
+     my $tablefile = ConfigFileFromSelector($filename);
+     if(! (defined $tablefile)) {
+ 	return "refused";
+     }
+     #
+     # >copy< the old table to the backup table
+     #        don't rename in case system crashes/reboots etc. in the time
+     #        window between a rename and write.
+     #
+     my $backupfile = $tablefile;
+     $backupfile    =~ s/\.tab$/.old/;
+     if(!CopyFile($tablefile, $backupfile)) {
+ 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
+ 	return "error:$!";
+     }
+     &logthis('<font color="green"> Pushfile: backed up '
+ 	    .$tablefile." to $backupfile</font>");
+     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
+     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+     #  that possibilty.
+     if($filename eq "host") {
+ 	$contents = AdjustHostContents($contents);
+     }
+     #  Install the new file:
+     if(!InstallFile($tablefile, $contents)) {
+ 	&logthis('<font color="red"> Pushfile: unable to install '
+ 	 .$tablefile." $! </font>");
+ 	return "error:$!";
+     } else {
+ 	&logthis('<font color="green"> Installed new '.$tablefile
+ 		 ."</font>");
+     }
+     #  Indicate success:
+     return "ok";
  }
  #
- #   Register a command processor.  This function is invoked to register a sub
+ #  Called to re-init either lonc or lond.
- #   to process a request.  Once registered, the ProcessRequest sub can automatically
+ #
- #   dispatch requests to an appropriate sub, and do the top level validity checking
+ #  Parameters:
- #   as well:
+ #    request   - The full request by the client.  This is of the form
- #    - Is the keyword recognized.
+ #                reinit:<process>
- #    - Is the proper client type attempting the request.
+ #                where <process> is allowed to be either of
- #    - Is the request encrypted if it has to be.
+ #                lonc or lond
+ #
+ #  Returns:
+ #     The string to be sent back to the client either:
+ #   ok         - Everything worked just fine.
+ #   error:why  - There was a failure and why describes the reason.
+ #
+ #
+ sub ReinitProcess {
+     my $request = shift;
+     # separate the request (reinit) from the process identifier and
+     # validate it producing the name of the .pid file for the process.
+     #
+     #
+     my ($junk, $process) = split(":", $request);
+     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
+     if($process eq 'lonc') {
+ 	$processpidfile = $processpidfile."lonc.pid";
+ 	if (!open(PIDFILE, "< $processpidfile")) {
+ 	    return "error:Open failed for $processpidfile";
+ 	}
+ 	my $loncpid = <PIDFILE>;
+ 	close(PIDFILE);
+ 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
+ 		."</font>");
+ 	kill("USR2", $loncpid);
+     } elsif ($process eq 'lond') {
+ 	logthis('<font color="red"> Reinitializing self (lond) </font>');
+ 	&UpdateHosts;			# Lond is us!!
+     } else {
+ 	&logthis('<font color="yellow" Invalid reinit request for '.$process
+ 		 ."</font>");
+ 	return "error:Invalid process identifier $process";
+     }
+     return 'ok';
+ }
+ #   Validate a line in a configuration file edit script:
+ #   Validation includes:
+ #     - Ensuring the command is valid.
+ #     - Ensuring the command has sufficient parameters
  #   Parameters:
- #    $RequestName         - Name of the request being registered.
+ #     scriptline - A line to validate (\n has been stripped for what it's worth).
- #                           This is the command request that will match
- #                           against the hash keywords to lookup the information
- #                           associated with the dispatch information.
- #    $Procedure           - Reference to a sub to call to process the request.
- #                           All subs get called as follows:
- #                             Procedure($cmd, $tail, $replyfd, $key)
- #                             $cmd    - the actual keyword that invoked us.
- #                             $tail   - the tail of the request that invoked us.
- #                             $replyfd- File descriptor connected to the client
- #    $MustEncode          - True if the request must be encoded to be good.
- #    $ClientOk            - True if it's ok for a client to request this.
- #    $ManagerOk           - True if it's ok for a manager to request this.
- # Side effects:
- #      - On success, the Dispatcher hash has an entry added for the key $RequestName
- #      - On failure, the program will die as it's a bad internal bug to try to
- #        register a duplicate command handler.
  #
- sub RegisterHandler {
+ #   Return:
-    my $RequestName    = shift;
+ #      0     - Invalid scriptline.
-    my $Procedure      = shift;
+ #      1     - Valid scriptline
-    my $MustEncode     = shift;
+ #  NOTE:
-    my $ClientOk       = shift;
+ #     Only the command syntax is checked, not the executability of the
-    my $ManagerOk      = shift;
+ #     command.
+ #
-    #  Don't allow duplication#
+ sub isValidEditCommand {
+     my $scriptline = shift;
-    if (defined $Dispatcher{$RequestName}) {
-       die "Attempting to define a duplicate request handler for $RequestName\n";
+     #   Line elements are pipe separated:
-    }
-    #   Build the client type mask:
+     my ($command, $key, $newline)  = split(/\|/, $scriptline);
+     &logthis('<font color="green"> isValideditCommand checking: '.
-    my $ClientTypeMask = 0;
+ 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
-    if($ClientOk) {
-       $ClientTypeMask  |= $CLIENT_OK;
+     if ($command eq "delete") {
-    }
+ 	#
-    if($ManagerOk) {
+ 	#   key with no newline.
-       $ClientTypeMask  |= $MANAGER_OK;
+ 	#
-    }
+ 	if( ($key eq "") || ($newline ne "")) {
+ 	    return 0;		# Must have key but no newline.
-    #  Enter the hash:
+ 	} else {
+ 	    return 1;		# Valid syntax.
-    my @entry = ($Procedure, $MustEncode, $ClientTypeMask);
+ 	}
+     } elsif ($command eq "replace") {
-    $Dispatcher{$RequestName} = \@entry;
+ 	#
+ 	#   key and newline:
+ 	#
+ 	if (($key eq "") || ($newline eq "")) {
+ 	    return 0;
+ 	} else {
+ 	    return 1;
+ 	}
+     } elsif ($command eq "append") {
+ 	if (($key ne "") && ($newline eq "")) {
+ 	    return 1;
+ 	} else {
+ 	    return 0;
+ 	}
+     } else {
+ 	return 0;		# Invalid command.
+     }
+     return 0;			# Should not get here!!!
+ }
+ #
+ #   ApplyEdit - Applies an edit command to a line in a configuration
+ #               file.  It is the caller's responsiblity to validate the
+ #               edit line.
+ #   Parameters:
+ #      $directive - A single edit directive to apply.
+ #                   Edit directives are of the form:
+ #                  append|newline      - Appends a new line to the file.
+ #                  replace|key|newline - Replaces the line with key value 'key'
+ #                  delete|key          - Deletes the line with key value 'key'.
+ #      $editor   - A config file editor object that contains the
+ #                  file being edited.
+ #
+ sub ApplyEdit {
+     my ($directive, $editor) = @_;
+     # Break the directive down into its command and its parameters
+     # (at most two at this point.  The meaning of the parameters, if in fact
+     #  they exist depends on the command).
+     my ($command, $p1, $p2) = split(/\|/, $directive);
+     if($command eq "append") {
+ 	$editor->Append($p1);	          # p1 - key p2 null.
+     } elsif ($command eq "replace") {
+ 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
+     } elsif ($command eq "delete") {
+ 	$editor->DeleteLine($p1);         # p1 - key p2 null.
+     } else {			          # Should not get here!!!
+ 	die "Invalid command given to ApplyEdit $command"
+     }
+ }
+ #
+ # AdjustOurHost:
+ #           Adjusts a host file stored in a configuration file editor object
+ #           for the true IP address of this host. This is necessary for hosts
+ #           that live behind a firewall.
+ #           Those hosts have a publicly distributed IP of the firewall, but
+ #           internally must use their actual IP.  We assume that a given
+ #           host only has a single IP interface for now.
+ # Formal Parameters:
+ #     editor   - The configuration file editor to adjust.  This
+ #                editor is assumed to contain a hosts.tab file.
+ # Strategy:
+ #    - Figure out our hostname.
+ #    - Lookup the entry for this host.
+ #    - Modify the line to contain our IP
+ #    - Do a replace for this host.
+ sub AdjustOurHost {
+     my $editor        = shift;
+     # figure out who I am.
+     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
+     #  Get my host file entry.
+     my $ConfigLine    = $editor->Find($myHostName);
+     if(! (defined $ConfigLine)) {
+ 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
+     }
+     # figure out my IP:
+     #   Use the config line to get my hostname.
+     #   Use gethostbyname to translate that into an IP address.
+     #
+     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
+     my $BinaryIp = gethostbyname($name);
+     my $ip       = inet_ntoa($ip);
+     #
+     #  Reassemble the config line from the elements in the list.
+     #  Note that if the loncnew items were not present before, they will
+     #  be now even if they would be empty
+     #
+     my $newConfigLine = $id;
+     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
+ 	$newConfigLine .= ":".$item;
+     }
+     #  Replace the line:
+     $editor->ReplaceLine($id, $newConfigLine);
+ }
+ #
+ #   ReplaceConfigFile:
+ #              Replaces a configuration file with the contents of a
+ #              configuration file editor object.
+ #              This is done by:
+ #              - Copying the target file to <filename>.old
+ #              - Writing the new file to <filename>.tmp
+ #              - Moving <filename.tmp>  -> <filename>
+ #              This laborious process ensures that the system is never without
+ #              a configuration file that's at least valid (even if the contents
+ #              may be dated).
+ #   Parameters:
+ #        filename   - Name of the file to modify... this is a full path.
+ #        editor     - Editor containing the file.
+ #
+ sub ReplaceConfigFile {
+     my ($filename, $editor) = @_;
+     CopyFile ($filename, $filename.".old");
+     my $contents  = $editor->Get(); # Get the contents of the file.
+     InstallFile($filename, $contents);
+ }
+ #
+ #
+ #   Called to edit a configuration table  file
+ #   Parameters:
+ #      request           - The entire command/request sent by lonc or lonManage
+ #   Return:
+ #      The reply to send to the client.
+ #
+ sub EditFile {
+     my $request = shift;
+     #  Split the command into it's pieces:  edit:filetype:script
+     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
+     #  Check the pre-coditions for success:
+     if($request != "edit") {	# Something is amiss afoot alack.
+ 	return "error:edit request detected, but request != 'edit'\n";
+     }
+     if( ($filetype ne "hosts")  &&
+ 	($filetype ne "domain")) {
+ 	return "error:edit requested with invalid file specifier: $filetype \n";
+     }
+     #   Split the edit script and check it's validity.
+     my @scriptlines = split(/\n/, $script);  # one line per element.
+     my $linecount   = scalar(@scriptlines);
+     for(my $i = 0; $i < $linecount; $i++) {
+ 	chomp($scriptlines[$i]);
+ 	if(!isValidEditCommand($scriptlines[$i])) {
+ 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
+ 	}
+     }
+     #   Execute the edit operation.
+     #   - Create a config file editor for the appropriate file and
+     #   - execute each command in the script:
+     #
+     my $configfile = ConfigFileFromSelector($filetype);
+     if (!(defined $configfile)) {
+ 	return "refused\n";
+     }
+     my $editor = ConfigFileEdit->new($configfile);
+     for (my $i = 0; $i < $linecount; $i++) {
+ 	ApplyEdit($scriptlines[$i], $editor);
+     }
+     # If the file is the host file, ensure that our host is
+     # adjusted to have our ip:
+     #
+     if($filetype eq "host") {
+ 	AdjustOurHost($editor);
+     }
+     #  Finally replace the current file with our file.
+     #
+     ReplaceConfigFile($configfile, $editor);
+     return "ok\n";
+ }
+ #---------------------------------------------------------------
+ #
+ # Manipulation of hash based databases (factoring out common code
+ # for later use as we refactor.
+ #
+ #  Ties a domain level resource file to a hash.
+ #  If requested a history entry is created in the associated hist file.
+ #
+ #  Parameters:
+ #     domain    - Name of the domain in which the resource file lives.
+ #     namespace - Name of the hash within that domain.
+ #     how       - How to tie the hash (e.g. GDBM_WRCREAT()).
+ #     loghead   - Optional parameter, if present a log entry is created
+ #                 in the associated history file and this is the first part
+ #                  of that entry.
+ #     logtail   - Goes along with loghead,  The actual logentry is of the
+ #                 form $loghead:<timestamp>:logtail.
+ # Returns:
+ #    Reference to a hash bound to the db file or alternatively undef
+ #    if the tie failed.
+ #
+ sub tie_domain_hash {
+     my ($domain,$namespace,$how,$loghead,$logtail) = @_;
+     # Filter out any whitespace in the domain name:
+     $domain =~ s/\W//g;
+     # We have enough to go on to tie the hash:
+     my $user_top_dir   = $perlvar{'lonUsersDir'};
+     my $domain_dir     = $user_top_dir."/$domain";
+     my $resource_file  = $domain_dir."/$namespace.db";
+     my %hash;
+     if(tie(%hash, 'GDBM_File', $resource_file, $how, 0640)) {
+ 	if (defined($loghead)) {	# Need to log the operation.
+ 	    my $logFh = IO::File->new(">>$domain_dir/$namespace.hist");
+ 	    if($logFh) {
+ 		my $timestamp = time;
+ 		print $logFh "$loghead:$timestamp:$logtail\n";
+ 	    }
+ 	    $logFh->close;
+ 	}
+ 	return \%hash;		# Return the tied hash.
+     } else {
+ 	return undef;		# Tie failed.
+     }
+ }
+ #
+ #   Ties a user's resource file to a hash.
+ #   If necessary, an appropriate history
+ #   log file entry is made as well.
+ #   This sub factors out common code from the subs that manipulate
+ #   the various gdbm files that keep keyword value pairs.
+ # Parameters:
+ #   domain       - Name of the domain the user is in.
+ #   user         - Name of the 'current user'.
+ #   namespace    - Namespace representing the file to tie.
+ #   how          - What the tie is done to (e.g. GDBM_WRCREAT().
+ #   loghead      - Optional first part of log entry if there may be a
+ #                  history file.
+ #   what         - Optional tail of log entry if there may be a history
+ #                  file.
+ # Returns:
+ #   hash to which the database is tied.  It's up to the caller to untie.
+ #   undef if the has could not be tied.
+ #
+ sub tie_user_hash {
+     my ($domain,$user,$namespace,$how,$loghead,$what) = @_;
+     $namespace=~s/\//\_/g;	# / -> _
+     $namespace=~s/\W//g;		# whitespace eliminated.
+     my $proname     = propath($domain, $user);
+     #  Tie the database.
+     my %hash;
+     if(tie(%hash, 'GDBM_File', "$proname/$namespace.db",
+ 	   $how, 0640)) {
+ 	# If this is a namespace for which a history is kept,
+ 	# make the history log entry:
+ 	if (($namespace !~/^nohist\_/) && (defined($loghead))) {
+ 	    my $args = scalar @_;
+ 	    Debug(" Opening history: $namespace $args");
+ 	    my $hfh = IO::File->new(">>$proname/$namespace.hist");
+ 	    if($hfh) {
+ 		my $now = time;
+ 		print $hfh "$loghead:$now:$what\n";
+ 	    }
+ 	    $hfh->close;
+ 	}
+ 	return \%hash;
+     } else {
+ 	return undef;
+     }
  }
+ #   read_profile
+ #
+ #   Returns a set of specific entries from a user's profile file.
+ #   this is a utility function that is used by both get_profile_entry and
+ #   get_profile_entry_encrypted.
+ #
+ # Parameters:
+ #    udom       - Domain in which the user exists.
+ #    uname      - User's account name (loncapa account)
+ #    namespace  - The profile namespace to open.
+ #    what       - A set of & separated queries.
+ # Returns:
+ #    If all ok: - The string that needs to be shipped back to the user.
+ #    If failure - A string that starts with error: followed by the failure
+ #                 reason.. note that this probabyl gets shipped back to the
+ #                 user as well.
+ #
+ sub read_profile {
+     my ($udom, $uname, $namespace, $what) = @_;
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
+ 				 &GDBM_READER());
+     if ($hashref) {
+         my @queries=split(/\&/,$what);
+         my $qresult='';
+ 	for (my $i=0;$i<=$#queries;$i++) {
+ 	    $qresult.="$hashref->{$queries[$i]}&";    # Presumably failure gives empty string.
+ 	}
+ 	$qresult=~s/\&$//;              # Remove trailing & from last lookup.
+ 	if (untie %$hashref) {
+ 	    return $qresult;
+ 	} else {
+ 	    return "error: ".($!+0)." untie (GDBM) Failed";
+ 	}
+     } else {
+ 	if ($!+0 == 2) {
+ 	    return "error:No such file or GDBM reported bad block error";
+ 	} else {
+ 	    return "error: ".($!+0)." tie (GDBM) Failed";
+ 	}
+     }
+ }
  #--------------------- Request Handlers --------------------------------------------
  #
- #   By convention each request handler registers itself prior to the sub declaration:
+ #   By convention each request handler registers itself prior to the sub
+ #   declaration:
  #
+ #++
+ #
  #  Handles ping requests.
  #  Parameters:
  #      $cmd    - the actual keyword that invoked us.
- Line 282  sub RegisterHandler {
+ Line 1131  sub RegisterHandler {
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
+ sub ping_handler {
- sub PingHandler {
+     my ($cmd, $tail, $client) = @_;
-    my $cmd    = shift;
+     Debug("$cmd $tail $client .. $currenthostid:");
-    my $tail   = shift;
-    my $client = shift;
-    Reply( $client,"$currenthostid\n","$cmd:$tail");
+     Reply( $client,"$currenthostid\n","$cmd:$tail");
-    return 1;
+     return 1;
  }
- RegisterHandler("ping", \&PingHandler, 0, 1, 1);       # Ping unencoded, client or manager.
+ &register_handler("ping", \&ping_handler, 0, 1, 1);       # Ping unencoded, client or manager.
+ #++
+ #
+ # Handles pong requests.  Pong replies with our current host id, and
+ #                         the results of a ping sent to us via our lonc.
  #
- # Handles pong reequests:
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 307  RegisterHandler("ping", \&PingHandler, 0
+ Line 1158  RegisterHandler("ping", \&PingHandler, 0
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
+ sub pong_handler {
+     my ($cmd, $tail, $replyfd) = @_;
- sub PongHandler {
+     my $reply=&reply("ping",$clientname);
-    my $cmd     = shift;
+     &Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
-    my $tail    = shift;
+     return 1;
-    my $replyfd = shift;
-    my $reply=&reply("ping",$clientname);
-    Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail");
-    return 1;
  }
- RegisterHandler("pong", \&PongHandler, 0, 1, 1);       # Pong unencoded, client or manager
+ &register_handler("pong", \&pong_handler, 0, 1, 1);       # Pong unencoded, client or manager
- #
+ #++
- #   EstablishKeyHandler:
  #      Called to establish an encrypted session key with the remote client.
- #
+ #      Note that with secure lond, in most cases this function is never
+ #      invoked.  Instead, the secure session key is established either
+ #      via a local file that's locked down tight and only lives for a short
+ #      time, or via an ssl tunnel...and is generated from a bunch-o-random
+ #      bits from /dev/urandom, rather than the predictable pattern used by
+ #      by this sub.  This sub is only used in the old-style insecure
+ #      key negotiation.
  # Parameters:
  #      $cmd    - the actual keyword that invoked us.
  #      $tail   - the tail of the request that invoked us.
- Line 338  RegisterHandler("pong", \&PongHandler, 0
+ Line 1191  RegisterHandler("pong", \&PongHandler, 0
  #      Reply information is sent to the client.
  #      $cipher is set with a reference to a new IDEA encryption object.
  #
- sub EstablishKeyHandler {
+ sub establish_key_handler {
-    my $cmd      = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-    my $tail     = shift;
-    my $replyfd  = shift;
+     my $buildkey=time.$$.int(rand 100000);
+     $buildkey=~tr/1-6/A-F/;
-    my $buildkey=time.$$.int(rand 100000);
+     $buildkey=int(rand 100000).$buildkey.int(rand 100000);
-    $buildkey=~tr/1-6/A-F/;
+     my $key=$currenthostid.$clientname;
-    $buildkey=int(rand 100000).$buildkey.int(rand 100000);
+     $key=~tr/a-z/A-Z/;
-    my $key=$currenthostid.$clientname;
+     $key=~tr/G-P/0-9/;
-    $key=~tr/a-z/A-Z/;
+     $key=~tr/Q-Z/0-9/;
-    $key=~tr/G-P/0-9/;
+     $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
-    $key=~tr/Q-Z/0-9/;
+     $key=substr($key,0,32);
-    $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
+     my $cipherkey=pack("H32",$key);
-    $key=substr($key,0,32);
+     $cipher=new IDEA $cipherkey;
-    my $cipherkey=pack("H32",$key);
+     &Reply($replyfd, "$buildkey\n", "$cmd:$tail");
-    $cipher=new IDEA $cipherkey;
-    Reply($replyfd, "$buildkey\n", "$cmd:$tail");
-    return 1;
+     return 1;
  }
- RegisterHandler("ekey", \&EstablishKeyHandler, 0, 1,1);
+ &register_handler("ekey", \&establish_key_handler, 0, 1,1);
- #  LoadHandler:
  #     Handler for the load command.  Returns the current system load average
  #     to the requestor.
  #
- Line 378  RegisterHandler("ekey", \&EstablishKeyHa
+ Line 1228  RegisterHandler("ekey", \&EstablishKeyHa
  #      0       - Program should exit.
  #  Side effects:
  #      Reply information is sent to the client.
- sub LoadHandler {
+ sub load_handler {
-    my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-    my $tail    = shift;
-    my $replyfd = shift;
     # Get the load average from /proc/loadavg and calculate it as a percentage of
     # the allowed load limit as set by the perl global variable lonLoadLim
-    my $loadavg;
+     my $loadavg;
-    my $loadfile=IO::File->new('/proc/loadavg');
+     my $loadfile=IO::File->new('/proc/loadavg');
-    $loadavg=<$loadfile>;
+     $loadavg=<$loadfile>;
-    $loadavg =~ s/\s.*//g;                       # Extract the first field only.
+     $loadavg =~ s/\s.*//g;                      # Extract the first field only.
-    my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
+     my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
-    Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
+     &Reply( $replyfd, "$loadpercent\n", "$cmd:$tail");
-    return 1;
+     return 1;
  }
- RegisterHandler("load", \&LoadHandler, 0, 1, 0);
+ &register_handler("load", \&load_handler, 0, 1, 0);
  #
  #   Process the userload request.  This sub returns to the client the current
- Line 421  RegisterHandler("load", \&LoadHandler, 0
+ Line 1268  RegisterHandler("load", \&LoadHandler, 0
  #  Implicit outputs:
  #     the reply is written to the client.
  #
- sub UserLoadHandler {
+ sub user_load_handler {
-    my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-    my $tail    = shift;
-    my $replyfd = shift;
-    my $userloadpercent=&userload();
+     my $userloadpercent=&userload();
-    Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
+     &Reply($replyfd, "$userloadpercent\n", "$cmd:$tail");
-    return 1;
+     return 1;
  }
- RegisterHandler("userload", \&UserLoadHandler, 0, 1, 0);
+ &register_handler("userload", \&user_load_handler, 0, 1, 0);
  #   Process a request for the authorization type of a user:
  #   (userauth).
- Line 446  RegisterHandler("userload", \&UserLoadHa
+ Line 1291  RegisterHandler("userload", \&UserLoadHa
  # Implicit outputs:
  #    The user authorization type is written to the client.
  #
- sub UserAuthorizationType {
+ sub user_authorization_type {
-    my $cmd     = shift;
+     my ($cmd, $tail, $replyfd) = @_;
-    my $tail    = shift;
-    my $replyfd = shift;
-    my $userinput = "$cmd:$tail";
+     my $userinput = "$cmd:$tail";
-    #  Pull the domain and username out of the command tail.
+     #  Pull the domain and username out of the command tail.
-    # and call GetAuthType to determine the authentication type.
+     # and call get_auth_type to determine the authentication type.
-    my ($udom,$uname)=split(/:/,$tail);
+     my ($udom,$uname)=split(/:/,$tail);
-    my $result = GetAuthType($udom, $uname);
+     my $result = &get_auth_type($udom, $uname);
-    if($result eq "nouser") {
+     if($result eq "nouser") {
-       Failure( $replyfd, "unknown_user\n", $userinput);
+ 	&Failure( $replyfd, "unknown_user\n", $userinput);
-    } else {
+     } else {
-       Reply( $replyfd, "$result\n", $userinput);
+ 	#
-    }
+ 	# We only want to pass the second field from get_auth_type
+ 	# for ^krb.. otherwise we'll be handing out the encrypted
+ 	# password for internals e.g.
+ 	#
+ 	my ($type,$otherinfo) = split(/:/,$result);
+ 	if($type =~ /^krb/) {
+ 	    $type = $result;
+ 	}
+ 	&Reply( $replyfd, "$type:\n", $userinput);
+     }
-    return 1;
+     return 1;
  }
- RegisterHandler("currentauth", \&UserAuthorizationType, 1, 1, 0);
+ &register_handler("currentauth", \&user_authorization_type, 1, 1, 0);
- #
  #   Process a request by a manager to push a hosts or domain table
  #   to us.  We pick apart the command and pass it on to the subs
  #   that already exist to do this.
- Line 481  RegisterHandler("currentauth", \&UserAut
+ Line 1333  RegisterHandler("currentauth", \&UserAut
  #      0       - Program should exit
  # Implicit Output:
  #    a reply is written to the client.
+ sub push_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
- sub PushFileHandler {
+     # At this time we only know that the IP of our partner is a valid manager
-    my $cmd    = shift;
+     # the code below is a hook to do further authentication (e.g. to resolve
-    my $tail   = shift;
+     # spoofing).
-    my $client = shift;
-    my $userinput = "$cmd:$tail";
-    # At this time we only know that the IP of our partner is a valid manager
-    # the code below is a hook to do further authentication (e.g. to resolve
-    # spoofing).
-    my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-    if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
-       # Now presumably we have the bona fides of both the peer host and the
+ 	# Now presumably we have the bona fides of both the peer host and the
-       # process making the request.
+ 	# process making the request.
-       my $reply = PushFile($userinput);
+ 	my $reply = &PushFile($userinput);
-       Reply($client, "$reply\n", $userinput);
+ 	&Reply($client, "$reply\n", $userinput);
+     } else {
+ 	&Failure( $client, "refused\n", $userinput);
+     }
+     return 1;
+ }
+ &register_handler("pushfile", \&push_file_handler, 1, 0, 1);
+ #
+ #   du  - list the disk usuage of a directory recursively.
+ #
+ #   note: stolen code from the ls file handler
+ #   under construction by Rick Banghart
+ #    .
+ # Parameters:
+ #    $cmd        - The command that dispatched us (du).
+ #    $ududir     - The directory path to list... I'm not sure what this
+ #                  is relative as things like ls:. return e.g.
+ #                  no_such_dir.
+ #    $client     - Socket open on the client.
+ # Returns:
+ #     1 - indicating that the daemon should not disconnect.
+ # Side Effects:
+ #   The reply is written to  $client.
+ #
+ sub du_handler {
+     my ($cmd, $ududir, $client) = @_;
+     my ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier.
+     my $userinput = "$cmd:$ududir";
-    } else {
+     if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) {
-       Failure( $client, "refused\n", $userinput);
+ 	&Failure($client,"refused\n","$cmd:$ududir");
-    }
+ 	return 1;
+     }
+     #  Since $ududir could have some nasties in it,
+     #  we will require that ududir is a valid
+     #  directory.  Just in case someone tries to
+     #  slip us a  line like .;(cd /home/httpd rm -rf*)
+     #  etc.
+     #
+     if (-d $ududir) {
+ 	#  And as Shakespeare would say to make
+ 	#  assurance double sure,
+ 	# use execute_command to ensure that the command is not executed in
+ 	# a shell that can screw us up.
+ 	my $duout = execute_command("du -ks $ududir");
+ 	$duout=~s/[^\d]//g; #preserve only the numbers
+ 	&Reply($client,"$duout\n","$cmd:$ududir");
+     } else {
+ 	&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir");
+     }
+     return 1;
  }
- RegisterHandler("pushfile", \&PushFileHandler, 1, 0, 1);
+ &register_handler("du", \&du_handler, 0, 1, 0);
+ #
+ #   ls  - list the contents of a directory.  For each file in the
+ #    selected directory the filename followed by the full output of
+ #    the stat function is returned.  The returned info for each
+ #    file are separated by ':'.  The stat fields are separated by &'s.
+ # Parameters:
+ #    $cmd        - The command that dispatched us (ls).
+ #    $ulsdir     - The directory path to list... I'm not sure what this
+ #                  is relative as things like ls:. return e.g.
+ #                  no_such_dir.
+ #    $client     - Socket open on the client.
+ # Returns:
+ #     1 - indicating that the daemon should not disconnect.
+ # Side Effects:
+ #   The reply is written to  $client.
+ #
+ sub ls_handler {
+     my ($cmd, $ulsdir, $client) = @_;
+     my $userinput = "$cmd:$ulsdir";
+     my $obs;
+     my $rights;
+     my $ulsout='';
+     my $ulsfn;
+     if (-e $ulsdir) {
+ 	if(-d $ulsdir) {
+ 	    if (opendir(LSDIR,$ulsdir)) {
+ 		while ($ulsfn=readdir(LSDIR)) {
+ 		    undef $obs, $rights;
+ 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
+ 		    #We do some obsolete checking here
+ 		    if(-e $ulsdir.'/'.$ulsfn.".meta") {
+ 			open(FILE, $ulsdir.'/'.$ulsfn.".meta");
+ 			my @obsolete=<FILE>;
+ 			foreach my $obsolete (@obsolete) {
+ 			    if($obsolete =~ m|(<obsolete>)(on)|) { $obs = 1; }
+ 			    if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
+ 			}
+ 		    }
+ 		    $ulsout.=$ulsfn.'&'.join('&',@ulsstats);
+ 		    if($obs eq '1') { $ulsout.="&1"; }
+ 		    else { $ulsout.="&0"; }
+ 		    if($rights eq '1') { $ulsout.="&1:"; }
+ 		    else { $ulsout.="&0:"; }
+ 		}
+ 		closedir(LSDIR);
+ 	    }
+ 	} else {
+ 	    my @ulsstats=stat($ulsdir);
+ 	    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
+ 	}
+     } else {
+ 	$ulsout='no_such_dir';
+     }
+     if ($ulsout eq '') { $ulsout='empty'; }
+     &Reply($client, "$ulsout\n", $userinput); # This supports debug logging.
+     return 1;
+ }
+ &register_handler("ls", \&ls_handler, 0, 1, 0);
  #   Process a reinit request.  Reinit requests that either
  #   lonc or lond be reinitialized so that an updated
- Line 524  RegisterHandler("pushfile", \&PushFileHa
+ Line 1485  RegisterHandler("pushfile", \&PushFileHa
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub ReinitProcessHandler {
+ sub reinit_process_handler {
-    my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail   = shift;
-    my $client = shift;
-    my $userinput = "$cmd:$tail";
+     my $userinput = "$cmd:$tail";
-    my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-    if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
-       chomp($userinput);
+ 	chomp($userinput);
-       my $reply = ReinitProcess($userinput);
+ 	my $reply = &ReinitProcess($userinput);
-       Reply( $client,  "$reply\n", $userinput);
+ 	&Reply( $client,  "$reply\n", $userinput);
-    } else {
+     } else {
-       Failure( $client, "refused\n", $userinput);
+ 	&Failure( $client, "refused\n", $userinput);
- 	}
+     }
-    return 1;
+     return 1;
  }
+ &register_handler("reinit", \&reinit_process_handler, 1, 0, 1);
- RegisterHandler("reinit", \&ReinitProcessHandler, 1, 0, 1);
  #  Process the editing script for a table edit operation.
  #  the editing operation must be encrypted and requested by
- Line 558  RegisterHandler("reinit", \&ReinitProces
+ Line 1516  RegisterHandler("reinit", \&ReinitProces
  #  Implicit output:
  #     a reply is sent to the client.
  #
- sub EditTableHandler {
+ sub edit_table_handler {
-    my $command    = shift;
+     my ($command, $tail, $client) = @_;
-    my $tail       = shift;
-    my $client     = shift;
-    my $userinput = "$command:$tail";
+     my $userinput = "$command:$tail";
-    my $cert = GetCertificate($userinput);
+     my $cert = &GetCertificate($userinput);
-    if(ValidManager($cert)) {
+     if(&ValidManager($cert)) {
-       my($filetype, $script) = split(/:/, $tail);
+ 	my($filetype, $script) = split(/:/, $tail);
-       if (($filetype eq "hosts") ||
+ 	if (($filetype eq "hosts") ||
-           ($filetype eq "domain")) {
+ 	    ($filetype eq "domain")) {
-          if($script ne "") {
+ 	    if($script ne "") {
-             Reply($client,            # BUGBUG - EditFile
+ 		&Reply($client,              # BUGBUG - EditFile
-                   EditFile($userinput), #   could fail.
+ 		      &EditFile($userinput), #   could fail.
-                   $userinput);
+ 		      $userinput);
-          } else {
+ 	    } else {
-             Failure($client,"refused\n",$userinput);
+ 		&Failure($client,"refused\n",$userinput);
-          }
+ 	    }
-       } else {
+ 	} else {
-          Failure($client,"refused\n",$userinput);
+ 	    &Failure($client,"refused\n",$userinput);
-       }
+ 	}
-    } else {
+     } else {
-       Failure($client,"refused\n",$userinput);
+ 	&Failure($client,"refused\n",$userinput);
-    }
+     }
-    return 1;
+     return 1;
  }
- RegisterHandler("edit", \&EditTableHandler, 1, 0, 1);
+ &register_handler("edit", \&edit_table_handler, 1, 0, 1);
  #
  #   Authenticate a user against the LonCAPA authentication
- Line 598  RegisterHandler("edit", \&EditTableHandl
+ Line 1553  RegisterHandler("edit", \&EditTableHandl
  #                internal per user password file.
  #   - kerberos - The user can be authenticated against either a kerb4 or kerb5
  #                ticket granting authority.
- #   - user     - The person tailoring LonCAPA can supply a user authentication mechanism
+ #   - user     - The person tailoring LonCAPA can supply a user authentication
- #                that is per system.
+ #                mechanism that is per system.
  #
  # Parameters:
  #    $cmd      - The command that got us here.
- Line 612  RegisterHandler("edit", \&EditTableHandl
+ Line 1567  RegisterHandler("edit", \&EditTableHandl
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub AuthenticateHandler {
+ sub authenticate_handler {
-    my $cmd        = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail       = shift;
-    my $client     = shift;
-    #  Regenerate the full input line
-    my $userinput  = $cmd.":".$tail;
-    #  udom    - User's domain.
-    #  uname   - Username.
+     #  Regenerate the full input line
-    #  upass   - User's password.
+     my $userinput  = $cmd.":".$tail;
-    my ($udom,$uname,$upass)=split(/:/,$tail);
-    Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
+     #  udom    - User's domain.
-    chomp($upass);
+     #  uname   - Username.
-    $upass=unescape($upass);
+     #  upass   - User's password.
-    my $proname=propath($udom,$uname);
-    my $passfilename="$proname/passwd";
+     my ($udom,$uname,$upass)=split(/:/,$tail);
+     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass");
-    #   The user's 'personal' loncapa passworrd file describes how to authenticate:
+     chomp($upass);
+     $upass=&unescape($upass);
-    if (-e $passfilename) {
-      Debug("Located password file: $passfilename");
+     my $pwdcorrect = &validate_user($udom, $uname, $upass);
+     if($pwdcorrect) {
+ 	&Reply( $client, "authorized\n", $userinput);
+ 	#
+ 	#  Bad credentials: Failed to authorize
+ 	#
+     } else {
+ 	&Failure( $client, "non_authorized\n", $userinput);
+     }
-       my $pf = IO::File->new($passfilename);
+     return 1;
-       my $realpasswd=<$pf>;
-       chomp($realpasswd);
-       my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-       my $pwdcorrect=0;
-       #
-       #   Authenticate against password stored in the internal file.
-       #
-      Debug("Authenticating via $howpwd");
-       if ($howpwd eq 'internal') {
-          &Debug("Internal auth");
-          $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
-       #
-       #   Authenticate against the unix password file.
-       #
-       } elsif ($howpwd eq 'unix') {
-          &Debug("Unix auth");
-          if((getpwnam($uname))[1] eq "") { #no such user!
-             $pwdcorrect = 0;
-          } else {
-             $contentpwd=(getpwnam($uname))[1];
-             my $pwauth_path="/usr/local/sbin/pwauth";
-             unless ($contentpwd eq 'x') {
-                $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
-             } elsif (-e $pwauth_path) {
-                open PWAUTH, "|$pwauth_path" or
-                   die "Cannot invoke authentication";
-                print PWAUTH "$uname\n$upass\n";
-                close PWAUTH;
-                $pwdcorrect=!$?;
-             }
-          }
-       #
-       #   Authenticate against a Kerberos 4 server:
-       #
-       } elsif ($howpwd eq 'krb4') {
-          my $null=pack("C",0);
-          unless ($upass=~/$null/) {
-             my $krb4_error = &Authen::Krb4::get_pw_in_tkt($uname,
-                                                           "",
-                                                           $contentpwd,
-                                                           'krbtgt',
-                                                          $contentpwd,
-,
-                                                          $upass);
-             if (!$krb4_error) {
-                $pwdcorrect = 1;
-             } else {
-                $pwdcorrect=0;
-                # log error if it is not a bad password
-                if ($krb4_error != 62) {
-                   &logthis('krb4:'.$uname.','.$contentpwd.','.
-                            &Authen::Krb4::get_err_txt($Authen::Krb4::error));
-                }
-             }
-          }
-       #
-       #   Authenticate against a Kerberos 5 server:
-       #
-       } elsif ($howpwd eq 'krb5') {
-          my $null=pack("C",0);
-          unless ($upass=~/$null/) {
-             my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
-             my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
-             my $krbserver=&Authen::Krb5::parse_name($krbservice);
-             my $credentials=&Authen::Krb5::cc_default();
-             $credentials->initialize($krbclient);
-             my $krbreturn = &Authen::Krb5::get_in_tkt_with_password(
-                                                                     $krbclient,
-                                                                     $krbserver,
-                                                                     $upass,
-                                                                     $credentials);
-             $pwdcorrect = ($krbreturn == 1);
-          } else {
-             $pwdcorrect=0;
-          }
-       #
-       #  Finally, the user may have written in an authentication module.
-       #  in that case, if requested, authenticate against it.
-       #
-       } elsif ($howpwd eq 'localauth') {
-          $pwdcorrect=&localauth::localauth($uname,$upass,$contentpwd);
-       }
-       #
-       #   Successfully authorized.
-       #
-       if ($pwdcorrect) {
-          Reply( $client, "authorized\n", $userinput);
-       #
-       #  Bad credentials: Failed to authorize
-       #
-       } else {
-          Failure( $client, "non_authorized\n", $userinput);
-       }
-    #
-    #  User bad... note it may be bad security practice to differntiate to the
-    #  caller a bad user from a  bad passwd... since that supplies covert channel
-    #  information (you have a good user but bad password e.g.) to guessers.
-    #
-    } else {
-       Failure( $client, "unknown_user\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("auth", \&AuthenticateHandler, 1, 1, 0);
+ &register_handler("auth", \&authenticate_handler, 1, 1, 0);
  #
  #   Change a user's password.  Note that this function is complicated by
- Line 764  RegisterHandler("auth", \&AuthenticateHa
+ Line 1619  RegisterHandler("auth", \&AuthenticateHa
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub ChangePasswordHandler {
+ sub change_password_handler {
-    my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail    = shift;
-    my $client  = shift;
-    my $userinput = $cmd.":".$tail;           # Reconstruct client's string.
-    #
+     my $userinput = $cmd.":".$tail;           # Reconstruct client's string.
-    #  udom  - user's domain.
-    #  uname - Username.
+     #
-    #  upass - Current password.
+     #  udom  - user's domain.
-    #  npass - New password.
+     #  uname - Username.
+     #  upass - Current password.
-    my ($udom,$uname,$upass,$npass)=split(/:/,$tail);
+     #  npass - New password.
-    chomp($npass);
-    $upass=&unescape($upass);
+     my ($udom,$uname,$upass,$npass)=split(/:/,$tail);
-    $npass=&unescape($npass);
-    &Debug("Trying to change password for $uname");
+     $upass=&unescape($upass);
-    my $proname=propath($udom,$uname);
+     $npass=&unescape($npass);
-    my $passfilename="$proname/passwd";
+     &Debug("Trying to change password for $uname");
-    if (-e $passfilename) {
-       my $realpasswd;
+     # First require that the user can be authenticated with their
-       {
+     # old password:
-          my $pf = IO::File->new($passfilename);
-          $realpasswd=<$pf>;
+     my $validated = &validate_user($udom, $uname, $upass);
-       }
+     if($validated) {
-       chomp($realpasswd);
+ 	my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.
-       my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-       if ($howpwd eq 'internal') {
+ 	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-          &Debug("internal auth");
+ 	if ($howpwd eq 'internal') {
-          if (crypt($upass,$contentpwd) eq $contentpwd) {
+ 	    &Debug("internal auth");
-             my $salt=time;
+ 	    my $salt=time;
-             $salt=substr($salt,6,2);
+ 	    $salt=substr($salt,6,2);
-             my $ncpass=crypt($npass,$salt);
+ 	    my $ncpass=crypt($npass,$salt);
-                {
+ 	    if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
-                   my $pf = IO::File->new(">$passfilename");
+ 		&logthis("Result of password change for "
-                   if ($pf) {
+ 			 ."$uname: pwchange_success");
-                      print $pf "internal:$ncpass\n";
+ 		&Reply($client, "ok\n", $userinput);
-                      &logthis("Result of password change for "
+ 	    } else {
-                               ."$uname: pwchange_success");
+ 		&logthis("Unable to open $uname passwd "
-                      Reply($client, "ok\n", $userinput);
+ 			 ."to change password");
-                   } else {
+ 		&Failure( $client, "non_authorized\n",$userinput);
-                      &logthis("Unable to open $uname passwd "
+ 	    }
-                               ."to change password");
+ 	} elsif ($howpwd eq 'unix') {
-                      Failure( $client, "non_authorized\n",$userinput);
+ 	    # Unix means we have to access /etc/password
-                   }
+ 	    &Debug("auth is unix");
-                }
+ 	    my $execdir=$perlvar{'lonDaemons'};
-          } else {
+ 	    &Debug("Opening lcpasswd pipeline");
-             Failure($client, "non_authorized\n", $userinput);
+ 	    my $pf = IO::File->new("|$execdir/lcpasswd > "
-          }
+ 				   ."$perlvar{'lonDaemons'}"
-       } elsif ($howpwd eq 'unix') {
+ 				   ."/logs/lcpasswd.log");
-          # Unix means we have to access /etc/password
+ 	    print $pf "$uname\n$npass\n$npass\n";
-          # one way or another.
+ 	    close $pf;
-          # First: Make sure the current password is
+ 	    my $err = $?;
-          #        correct
+ 	    my $result = ($err>0 ? 'pwchange_failure' : 'ok');
-          &Debug("auth is unix");
+ 	    &logthis("Result of password change for $uname: ".
-          $contentpwd=(getpwnam($uname))[1];
+ 		     &lcpasswdstrerror($?));
-          my $pwdcorrect = "0";
+ 	    &Reply($client, "$result\n", $userinput);
-          my $pwauth_path="/usr/local/sbin/pwauth";
+ 	} else {
-          unless ($contentpwd eq 'x') {
+ 	    # this just means that the current password mode is not
-             $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd);
+ 	    # one we know how to change (e.g the kerberos auth modes or
-          } elsif (-e $pwauth_path) {
+ 	    # locally written auth handler).
-             open PWAUTH, "|$pwauth_path" or
+ 	    #
-                die "Cannot invoke authentication";
+ 	    &Failure( $client, "auth_mode_error\n", $userinput);
-             print PWAUTH "$uname\n$upass\n";
+ 	}
-             close PWAUTH;
-             &Debug("exited pwauth with $? ($uname,$upass) ");
+     } else {
-             $pwdcorrect=($? == 0);
+ 	&Failure( $client, "non_authorized\n", $userinput);
-          }
+     }
-          if ($pwdcorrect) {
-             my $execdir=$perlvar{'lonDaemons'};
+     return 1;
-             &Debug("Opening lcpasswd pipeline");
-             my $pf = IO::File->new("|$execdir/lcpasswd > "
-                                     ."$perlvar{'lonDaemons'}"
-                                     ."/logs/lcpasswd.log");
-             print $pf "$uname\n$npass\n$npass\n";
-             close $pf;
-             my $err = $?;
-             my $result = ($err>0 ? 'pwchange_failure' : 'ok');
-             &logthis("Result of password change for $uname: ".
-             &lcpasswdstrerror($?));
-             Reply($client, "$result\n", $userinput);
-          } else {
-             Reply($client, "non_authorized\n", $userinput);
-          }
-       } else {
-          Reply( $client, "auth_mode_error\n", $userinput);
-       }
-    } else {
-             Reply( $client, "unknown_user\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("passwd", \&ChangePasswordHandler, 1, 1, 0);
+ &register_handler("passwd", \&change_password_handler, 1, 1, 0);
  #
  #   Create a new user.  User in this case means a lon-capa user.
- Line 875  RegisterHandler("passwd", \&ChangePasswo
+ Line 1705  RegisterHandler("passwd", \&ChangePasswo
  # Implicit inputs:
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
- sub AddUserHandler {
+ sub add_user_handler {
-    my $cmd     = shift;
-    my $tail    = shift;
-    my $client  = shift;
-    my $userinput = $cmd.":".$tail;
-    my $oldumask=umask(0077);
+     my ($cmd, $tail, $client) = @_;
-    my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
-    &Debug("cmd =".$cmd." $udom =".$udom." uname=".$uname);
-    chomp($npass);
+     my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
-    $npass=&unescape($npass);
+     my $userinput = $cmd.":".$tail; # Reconstruct the full request line.
-    my $proname=propath($udom,$uname);
-    my $passfilename="$proname/passwd";
+     &Debug("cmd =".$cmd." $udom =".$udom." uname=".$uname);
-    &Debug("Password file created will be:".$passfilename);
-    if (-e $passfilename) {
-       Failure( $client, "already_exists\n", $userinput);
+     if($udom eq $currentdomainid) { # Reject new users for other domains...
-    } elsif ($udom ne $currentdomainid) {
-       Failure($client, "not_right_domain\n", $userinput);
+ 	my $oldumask=umask(0077);
-    } else {
+ 	chomp($npass);
-       my @fpparts=split(/\//,$proname);
+ 	$npass=&unescape($npass);
-       my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
+ 	my $passfilename  = &password_path($udom, $uname);
-       my $fperror='';
+ 	&Debug("Password file created will be:".$passfilename);
-       for (my $i=3;$i<=$#fpparts;$i++) {
+ 	if (-e $passfilename) {
-          $fpnow.='/'.$fpparts[$i];
+ 	    &Failure( $client, "already_exists\n", $userinput);
-          unless (-e $fpnow) {
+ 	} else {
-             unless (mkdir($fpnow,0777)) {
+ 	    my $fperror='';
-                $fperror="error: ".($!+0)." mkdir failed while attempting "
+ 	    if (!&mkpath($passfilename)) {
-                        ."makeuser";
+ 		$fperror="error: ".($!+0)." mkdir failed while attempting "
-             }
+ 		    ."makeuser";
-          }
+ 	    }
-       }
+ 	    unless ($fperror) {
-       unless ($fperror) {
+ 		my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
-          my $result=&make_passwd_file($uname, $umode,$npass, $passfilename);
+ 		&Reply($client, $result, $userinput);     #BUGBUG - could be fail
-          Reply($client, $result, $userinput);     #BUGBUG - could be fail
+ 	    } else {
-       } else {
+ 		&Failure($client, "$fperror\n", $userinput);
-          Failure($client, "$fperror\n", $userinput);
+ 	    }
-       }
+ 	}
-    }
+ 	umask($oldumask);
-    umask($oldumask);
+     }  else {
-    return 1;
+ 	&Failure($client, "not_right_domain\n",
+ 		$userinput);	# Even if we are multihomed.
+     }
+     return 1;
  }
- RegisterHandler("makeuser", \&AddUserHandler, 1, 1, 0);
+ &register_handler("makeuser", \&add_user_handler, 1, 1, 0);
  #
  #   Change the authentication method of a user.  Note that this may
- Line 942  RegisterHandler("makeuser", \&AddUserHan
+ Line 1771  RegisterHandler("makeuser", \&AddUserHan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub ChangeAuthenticationHandler {
+ sub change_authentication_handler {
-    my $cmd     = shift;
-    my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $client  = shift;
-    my $userinput  = "$cmd:$tail";              # Reconstruct user input.
+     my $userinput  = "$cmd:$tail";              # Reconstruct user input.
-    my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
+     my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
-    chomp($npass);
+     &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
-    &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
+     if ($udom ne $currentdomainid) {
-    $npass=&unescape($npass);
+ 	&Failure( $client, "not_right_domain\n", $client);
-    my $proname=&propath($udom,$uname);
+     } else {
-    my $passfilename="$proname/passwd";
-    if ($udom ne $currentdomainid) {
+ 	chomp($npass);
-       Failure( $client, "not_right_domain\n", $client);
-    } else {
+ 	$npass=&unescape($npass);
-       my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
+ 	my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
-       Reply($client, $result, $userinput);
+ 	my $passfilename = &password_path($udom, $uname);
-    }
+ 	if ($passfilename) {	# Not allowed to create a new user!!
-    return 1;
+ 	    my $result=&make_passwd_file($uname, $umode,$npass,$passfilename);
+ 	    #
+ 	    #  If the current auth mode is internal, and the old auth mode was
+ 	    #  unix, or krb*,  and the user is an author for this domain,
+ 	    #  re-run manage_permissions for that role in order to be able
+ 	    #  to take ownership of the construction space back to www:www
+ 	    #
+ 	    if( ($oldauth =~ /^unix/) && ($umode eq "internal")) { # unix -> internal
+ 		if(&is_author($udom, $uname)) {
+ 		    &Debug(" Need to manage author permissions...");
+ 		    &manage_permissions("/$udom/_au", $udom, $uname, "internal:");
+ 		}
+ 	    }
+ 	    &Reply($client, $result, $userinput);
+ 	} else {
+ 	    &Failure($client, "non_authorized\n", $userinput); # Fail the user now.
+ 	}
+     }
+     return 1;
  }
- RegisterHandler("changeuserauth", \&ChangeAuthenticationHandler, 1,1, 0);
+ &register_handler("changeuserauth", \&change_authentication_handler, 1,1, 0);
  #
  #   Determines if this is the home server for a user.  The home server
- Line 981  RegisterHandler("changeuserauth", \&Chan
+ Line 1830  RegisterHandler("changeuserauth", \&Chan
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub IsHomeHandler {
+ sub is_home_handler {
-    my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail    = shift;
-    my $client  = shift;
-    my $userinput  = "$cmd:$tail";
+     my $userinput  = "$cmd:$tail";
-    my ($udom,$uname)=split(/:/,$tail);
+     my ($udom,$uname)=split(/:/,$tail);
-    chomp($uname);
+     chomp($uname);
-    my $proname=propath($udom,$uname);
+     my $passfile = &password_filename($udom, $uname);
-    if (-e $proname) {
+     if($passfile) {
-       Reply( $client, "found\n", $userinput);
+ 	&Reply( $client, "found\n", $userinput);
-    } else {
+     } else {
-       Failure($client, "not_found\n", $userinput);
+ 	&Failure($client, "not_found\n", $userinput);
-    }
+     }
-    return 1;
+     return 1;
  }
- RegisterHandler("home", \&IsHomeHandler, 0,1,0);
+ &register_handler("home", \&is_home_handler, 0,1,0);
  #
  #   Process an update request for a resource?? I think what's going on here is
  #   that a resource has been modified that we hold a subscription to.
- Line 1021  RegisterHandler("home", \&IsHomeHandler,
+ Line 1869  RegisterHandler("home", \&IsHomeHandler,
  #    The authentication systems describe above have their own forms of implicit
  #    input into the authentication process that are described above.
  #
- sub UpdateResourceHandler {
+ sub update_resource_handler {
-    my $cmd    = shift;
-    my $tail   = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $client = shift;
-    my $userinput = "$cmd:$tail";
+     my $userinput = "$cmd:$tail";
-    my $fname=$tail;
+     my $fname= $tail;		# This allows interactive testing
-    my $ownership=ishome($fname);
-    if ($ownership eq 'not_owner') {
-       if (-e $fname) {
+     my $ownership=ishome($fname);
-          my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
+     if ($ownership eq 'not_owner') {
-              $atime,$mtime,$ctime,$blksize,$blocks)=stat($fname);
+ 	if (-e $fname) {
-          my $now=time;
+ 	    my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
-          my $since=$now-$atime;
+ 		$atime,$mtime,$ctime,$blksize,$blocks)=stat($fname);
-          if ($since>$perlvar{'lonExpire'}) {
+ 	    my $now=time;
-             my $reply=&reply("unsub:$fname","$clientname");
+ 	    my $since=$now-$atime;
-             unlink("$fname");
+ 	    if ($since>$perlvar{'lonExpire'}) {
-          } else {
+ 		my $reply=&reply("unsub:$fname","$clientname");
-             my $transname="$fname.in.transfer";
+ 		unlink("$fname");
-             my $remoteurl=&reply("sub:$fname","$clientname");
+ 	    } else {
-             my $response;
+ 		my $transname="$fname.in.transfer";
-             alarm(120);
+ 		my $remoteurl=&reply("sub:$fname","$clientname");
-             {
+ 		my $response;
-                my $ua=new LWP::UserAgent;
+ 		alarm(120);
-                my $request=new HTTP::Request('GET',"$remoteurl");
+ 		{
-                $response=$ua->request($request,$transname);
+ 		    my $ua=new LWP::UserAgent;
-             }
+ 		    my $request=new HTTP::Request('GET',"$remoteurl");
-             alarm(0);
+ 		    $response=$ua->request($request,$transname);
-             if ($response->is_error()) {
+ 		}
-                unlink($transname);
+ 		alarm(0);
-                my $message=$response->status_line;
+ 		if ($response->is_error()) {
-                &logthis("LWP GET: $message for $fname ($remoteurl)");
+ 		    unlink($transname);
-             } else {
+ 		    my $message=$response->status_line;
-                if ($remoteurl!~/\.meta$/) {
+ 		    &logthis("LWP GET: $message for $fname ($remoteurl)");
-                   alarm(120);
+ 		} else {
-                   {
+ 		    if ($remoteurl!~/\.meta$/) {
-                      my $ua=new LWP::UserAgent;
+ 			alarm(120);
-                      my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
+ 			{
-                      my $mresponse=$ua->request($mrequest,$fname.'.meta');
+ 			    my $ua=new LWP::UserAgent;
-                      if ($mresponse->is_error()) {
+ 			    my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
-                         unlink($fname.'.meta');
+ 			    my $mresponse=$ua->request($mrequest,$fname.'.meta');
-                      }
+ 			    if ($mresponse->is_error()) {
-                   }
+ 				unlink($fname.'.meta');
-                   alarm(0);
+ 			    }
-                }
+ 			}
-                rename($transname,$fname);
+ 			alarm(0);
-             }
+ 		    }
-          }
+ 		    rename($transname,$fname);
-                Reply( $client, "ok\n", $userinput);
+ 		}
-       } else {
+ 	    }
-          Failure($client, "not_found\n", $userinput);
+ 	    &Reply( $client, "ok\n", $userinput);
-       }
+ 	} else {
-    } else {
+ 	    &Failure($client, "not_found\n", $userinput);
-       Failure($client, "rejected\n", $userinput);
+ 	}
-    }
+     } else {
-    return 1;
+ 	&Failure($client, "rejected\n", $userinput);
+     }
+     return 1;
  }
- RegisterHandler("update", \&UpdateResourceHandler, 0 ,1, 0);
+ &register_handler("update", \&update_resource_handler, 0 ,1, 0);
  #
- #   Fetch a user file from a remote server:
+ #   Fetch a user file from a remote server to the user's home directory
+ #   userfiles subdir.
  # Parameters:
  #    $cmd      - The command that got us here.
  #    $tail     - Tail of the command (remaining parameters).
- Line 1091  RegisterHandler("update", \&UpdateResour
+ Line 1941  RegisterHandler("update", \&UpdateResour
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub FetchUserFileHandler {
+ sub fetch_user_file_handler {
-    my $cmd     = shift;
-    my $tail    = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $client  = shift;
+     my $userinput = "$cmd:$tail";
-    my $userinput = "$cmd:$tail";
+     my $fname           = $tail;
-    my $fname           = $tail;
+     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
-    my ($udom,$uname,$ufile)=split(/\//,$fname);
+     my $udir=&propath($udom,$uname).'/userfiles';
-    my $udir=propath($udom,$uname).'/userfiles';
+     unless (-e $udir) {
-    unless (-e $udir) {
+ 	mkdir($udir,0770);
-       mkdir($udir,0770);
+     }
-    }
+     Debug("fetch user file for $fname");
-    if (-e $udir) {
+     if (-e $udir) {
-       $ufile=~s/^[\.\~]+//;
+ 	$ufile=~s/^[\.\~]+//;
-       $ufile=~s/\///g;
-       my $destname=$udir.'/'.$ufile;
+ 	# IF necessary, create the path right down to the file.
-       my $transname=$udir.'/'.$ufile.'.in.transit';
+ 	# Note that any regular files in the way of this path are
-       my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
+ 	# wiped out to deal with some earlier folly of mine.
-       my $response;
-       alarm(120);
+ 	if (!&mkpath($udir.'/'.$ufile)) {
-       {
+ 	    &Failure($client, "unable_to_create\n", $userinput);
-          my $ua=new LWP::UserAgent;
+ 	}
-          my $request=new HTTP::Request('GET',"$remoteurl");
-          $response=$ua->request($request,$transname);
+ 	my $destname=$udir.'/'.$ufile;
-       }
+ 	my $transname=$udir.'/'.$ufile.'.in.transit';
-       alarm(0);
+ 	my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
-       if ($response->is_error()) {
+ 	my $response;
-          unlink($transname);
+ 	Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");
-          my $message=$response->status_line;
+ 	alarm(120);
-          &logthis("LWP GET: $message for $fname ($remoteurl)");
+ 	{
-          Failure($client, "failed\n", $userinput);
+ 	    my $ua=new LWP::UserAgent;
-       } else {
+ 	    my $request=new HTTP::Request('GET',"$remoteurl");
-          if (!rename($transname,$destname)) {
+ 	    $response=$ua->request($request,$transname);
-             &logthis("Unable to move $transname to $destname");
+ 	}
-             unlink($transname);
+ 	alarm(0);
-             Failure($client, "failed\n", $userinput);
+ 	if ($response->is_error()) {
-          } else {
+ 	    unlink($transname);
-             Reply($client, "ok\n", $userinput);
+ 	    my $message=$response->status_line;
-          }
+ 	    &logthis("LWP GET: $message for $fname ($remoteurl)");
-       }
+ 	    &Failure($client, "failed\n", $userinput);
-    } else {
+ 	} else {
-       Failure($client, "not_home\n", $userinput);
+ 	    Debug("Renaming $transname to $destname");
-    }
+ 	    if (!rename($transname,$destname)) {
-    return 1;
+ 		&logthis("Unable to move $transname to $destname");
+ 		unlink($transname);
+ 		&Failure($client, "failed\n", $userinput);
+ 	    } else {
+ 		&Reply($client, "ok\n", $userinput);
+ 	    }
+ 	}
+     } else {
+ 	&Failure($client, "not_home\n", $userinput);
+     }
+     return 1;
  }
- RegisterHandler("fetchuserfile", \&FetchUserFileHandler, 0, 1, 0);
+ &register_handler("fetchuserfile", \&fetch_user_file_handler, 0, 1, 0);
+ #
+ #   Remove a file from a user's home directory userfiles subdirectory.
+ # Parameters:
+ #    cmd   - the Lond request keyword that got us here.
+ #    tail  - the part of the command past the keyword.
+ #    client- File descriptor connected with the client.
  #
- #   Authenticate access to a user file.  Question?   The token for athentication
+ # Returns:
- #   is allowed to be sent as cleartext is this really what we want?  This token
+ #    1    - Continue processing.
- #   represents the user's session id.  Once it is forged does this allow too much access??
+ sub remove_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($fname) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
+     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
+     if ($ufile =~m|/\.\./|) {
+ 	# any files paths with /../ in them refuse
+ 	# to deal with
+ 	&Failure($client, "refused\n", "$cmd:$tail");
+     } else {
+ 	my $udir = &propath($udom,$uname);
+ 	if (-e $udir) {
+ 	    my $file=$udir.'/userfiles/'.$ufile;
+ 	    if (-e $file) {
+ 		#
+ 		#   If the file is a regular file unlink is fine...
+ 		#   However it's possible the client wants a dir.
+ 		#   removed, in which case rmdir is more approprate:
+ 		#
+ 	        if (-f $file){
+ 		    unlink($file);
+ 		} elsif(-d $file) {
+ 		    rmdir($file);
+ 		}
+ 		if (-e $file) {
+ 		    #  File is still there after we deleted it ?!?
+ 		    &Failure($client, "failed\n", "$cmd:$tail");
+ 		} else {
+ 		    &Reply($client, "ok\n", "$cmd:$tail");
+ 		}
+ 	    } else {
+ 		&Failure($client, "not_found\n", "$cmd:$tail");
+ 	    }
+ 	} else {
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
+ 	}
+     }
+     return 1;
+ }
+ &register_handler("removeuserfile", \&remove_user_file_handler, 0,1,0);
  #
+ #   make a directory in a user's home directory userfiles subdirectory.
  # Parameters:
- #    $cmd      - The command that got us here.
+ #    cmd   - the Lond request keyword that got us here.
- #    $tail     - Tail of the command (remaining parameters).
+ #    tail  - the part of the command past the keyword.
- #    $client   - File descriptor connected to client.
+ #    client- File descriptor connected with the client.
- # Returns
+ #
- #     0        - Requested to exit, caller should shut down.
+ # Returns:
- #     1        - Continue processing.
+ #    1    - Continue processing.
- sub AuthenticateUserFileAccess {
+ sub mkdir_user_file_handler {
-    my $cmd   = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail    = shift;
-    my $client = shift;
+     my ($dir) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
-    my $userinput = "$cmd:$tail";
+     $dir=&unescape($dir);
+     my ($udom,$uname,$ufile) = ($dir =~ m|^([^/]+)/([^/]+)/(.+)$|);
-    my ($fname,$session)=split(/:/,$tail);
+     if ($ufile =~m|/\.\./|) {
-    chomp($session);
+ 	# any files paths with /../ in them refuse
-    my $reply='non_auth';
+ 	# to deal with
-    if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.$session.'.id')) {
+ 	&Failure($client, "refused\n", "$cmd:$tail");
-       while (my $line=<ENVIN>) {
+     } else {
-          if ($line=~/userfile\.$fname\=/) {
+ 	my $udir = &propath($udom,$uname);
-             $reply='ok';
+ 	if (-e $udir) {
-          }
+ 	    my $newdir=$udir.'/userfiles/'.$ufile.'/';
-       }
+ 	    if (!&mkpath($newdir)) {
-       close(ENVIN);
+ 		&Failure($client, "failed\n", "$cmd:$tail");
-       Reply($client, $reply."\n", $userinput);
+ 	    }
-    } else {
+ 	    &Reply($client, "ok\n", "$cmd:$tail");
-       Failure($client, "invalid_token\n", $userinput);
+ 	} else {
-    }
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
-    return 1;
+ 	}
+     }
+     return 1;
  }
- RegisterHandler("tokenauthuserfile", \&AuthenticateUserFileAccess, 0, 1, 0);
+ &register_handler("mkdiruserfile", \&mkdir_user_file_handler, 0,1,0);
+ #
+ #   rename a file in a user's home directory userfiles subdirectory.
+ # Parameters:
+ #    cmd   - the Lond request keyword that got us here.
+ #    tail  - the part of the command past the keyword.
+ #    client- File descriptor connected with the client.
+ #
+ # Returns:
+ #    1    - Continue processing.
+ sub rename_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($udom,$uname,$old,$new) = split(/:/, $tail);
+     $old=&unescape($old);
+     $new=&unescape($new);
+     if ($new =~m|/\.\./| || $old =~m|/\.\./|) {
+ 	# any files paths with /../ in them refuse to deal with
+ 	&Failure($client, "refused\n", "$cmd:$tail");
+     } else {
+ 	my $udir = &propath($udom,$uname);
+ 	if (-e $udir) {
+ 	    my $oldfile=$udir.'/userfiles/'.$old;
+ 	    my $newfile=$udir.'/userfiles/'.$new;
+ 	    if (-e $newfile) {
+ 		&Failure($client, "exists\n", "$cmd:$tail");
+ 	    } elsif (! -e $oldfile) {
+ 		&Failure($client, "not_found\n", "$cmd:$tail");
+ 	    } else {
+ 		if (!rename($oldfile,$newfile)) {
+ 		    &Failure($client, "failed\n", "$cmd:$tail");
+ 		} else {
+ 		    &Reply($client, "ok\n", "$cmd:$tail");
+ 		}
+ 	    }
+ 	} else {
+ 	    &Failure($client, "not_home\n", "$cmd:$tail");
+ 	}
+     }
+     return 1;
+ }
+ &register_handler("renameuserfile", \&rename_user_file_handler, 0,1,0);
+ #
+ #  Authenticate access to a user file by checking that the token the user's
+ #  passed also exists in their session file
+ #
+ # Parameters:
+ #   cmd      - The request keyword that dispatched to tus.
+ #   tail     - The tail of the request (colon separated parameters).
+ #   client   - Filehandle open on the client.
+ # Return:
+ #    1.
+ sub token_auth_user_file_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($fname, $session) = split(/:/, $tail);
+     chomp($session);
+     my $reply="non_auth\n";
+     if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
+ 	     $session.'.id')) {
+ 	while (my $line=<ENVIN>) {
+ 	    if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply="ok\n"; }
+ 	}
+ 	close(ENVIN);
+ 	&Reply($client, $reply, "$cmd:$tail");
+     } else {
+ 	&Failure($client, "invalid_token\n", "$cmd:$tail");
+     }
+     return 1;
+ }
+ &register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);
  #
  #   Unsubscribe from a resource.
  #
- Line 1184  RegisterHandler("tokenauthuserfile", \&A
+ Line 2170  RegisterHandler("tokenauthuserfile", \&A
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub UnsubscribeHandler {
+ sub unsubscribe_handler {
-    my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail     = shift;
-    my $client   = shift;
+     my $userinput= "$cmd:$tail";
-    my $userinput= "$cmd:$tail";
+     my ($fname) = split(/:/,$tail); # Split in case there's extrs.
-    my $fname = $tail;
-    if (-e $fname) {
+     &Debug("Unsubscribing $fname");
-       Reply($client, &unsub($client,$fname,$clientip), $userinput);
+     if (-e $fname) {
-    } else {
+ 	&Debug("Exists");
-       Failure($client, "not_found\n", $userinput);
+ 	&Reply($client, &unsub($fname,$clientip), $userinput);
-    }
+     } else {
-    return 1;
+ 	&Failure($client, "not_found\n", $userinput);
+     }
+     return 1;
  }
- RegisterHandler("unusb", \&UnsubscribeHandler, 0, 1, 0);
+ &register_handler("unsub", \&unsubscribe_handler, 0, 1, 0);
- #   Subscribe to a resource.
+ #   Subscribe to a resource
  #
  # Parameters:
  #    $cmd      - The command that got us here.
- Line 1210  RegisterHandler("unusb", \&UnsubscribeHa
+ Line 2198  RegisterHandler("unusb", \&UnsubscribeHa
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub SubscribeHandler {
+ sub subscribe_handler {
-    my $cmd        = shift;
+     my ($cmd, $tail, $client)= @_;
-    my $tail       = shift;
-    my $client     = shift;
-    my $userinput  = "$cmd:$tail";
-    Reply( $client, &subscribe($userinput,$clientip), $userinput);
+     my $userinput  = "$cmd:$tail";
-    return 1;
+     &Reply( $client, &subscribe($userinput,$clientip), $userinput);
+     return 1;
  }
- RegisterHandler("sub", \&SubscribeHandler, 0, 1, 0);
+ &register_handler("sub", \&subscribe_handler, 0, 1, 0);
  #
  #   Determine the version of a resource (?) Or is it return
- Line 1235  RegisterHandler("sub", \&SubscribeHandle
+ Line 2222  RegisterHandler("sub", \&SubscribeHandle
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub CurrentVersionHandler {
+ sub current_version_handler {
-    my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail     = shift;
-    my $client   = shift;
+     my $userinput= "$cmd:$tail";
-    my $userinput= "$cmd:$tail";
-    my $fname   = $tail;
+     my $fname   = $tail;
-    Reply( $client, &currentversion($fname)."\n", $userinput);
+     &Reply( $client, &currentversion($fname)."\n", $userinput);
-    return 1;
+     return 1;
  }
- RegisterHandler("currentversion", \&CurrentVersionHandler, 0, 1, 0);
+ &register_handler("currentversion", \&current_version_handler, 0, 1, 0);
  #  Make an entry in a user's activity log.
  #
- Line 1259  RegisterHandler("currentversion", \&Curr
+ Line 2244  RegisterHandler("currentversion", \&Curr
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub ActivityLogEntryHandler {
+ sub activity_log_handler {
-    my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail     = shift;
-    my $client   = shift;
-    my $userinput= "$cmd:$tail";
-    my ($udom,$uname,$what)=split(/:/,$tail);
-    chomp($what);
-    my $proname=propath($udom,$uname);
-    my $now=time;
-    my $hfh;
-    if ($hfh=IO::File->new(">>$proname/activity.log")) {
-       print $hfh "$now:$clientname:$what\n";
-       Reply( $client, "ok\n", $userinput);
-    } else {
-       Reply($client, "error: ".($!+0)." IO::File->new Failed "
-             ."while attempting log\n",
-             $userinput);
-    }
-    return 1;
+     my $userinput= "$cmd:$tail";
+     my ($udom,$uname,$what)=split(/:/,$tail);
+     chomp($what);
+     my $proname=&propath($udom,$uname);
+     my $now=time;
+     my $hfh;
+     if ($hfh=IO::File->new(">>$proname/activity.log")) {
+ 	print $hfh "$now:$clientname:$what\n";
+ 	&Reply( $client, "ok\n", $userinput);
+     } else {
+ 	&Failure($client, "error: ".($!+0)." IO::File->new Failed "
+ 		 ."while attempting log\n",
+ 		 $userinput);
+     }
+     return 1;
  }
- RegisterHandler("log", \&ActivityLogEntryHandler, 0, 1, 0);
+ &register_handler("log", \&activity_log_handler, 0, 1, 0);
  #
  #   Put a namespace entry in a user profile hash.
  #   My druthers would be for this to be an encrypted interaction too.
- Line 1296  RegisterHandler("log", \&ActivityLogEntr
+ Line 2282  RegisterHandler("log", \&ActivityLogEntr
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub PutUserProfileEntry {
+ sub put_user_profile_entry {
-    my $cmd       = shift;
+     my ($cmd, $tail, $client)  = @_;
-    my $tail      = shift;
-    my $client    = shift;
+     my $userinput = "$cmd:$tail";
-    my $userinput = "$cmd:$tail";
+     my ($udom,$uname,$namespace,$what) =split(/:/,$tail,4);
-    my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
+     if ($namespace ne 'roles') {
-    $namespace=~s/\//\_/g;
+ 	chomp($what);
-    $namespace=~s/\W//g;
+ 	my $hashref = &tie_user_hash($udom, $uname, $namespace,
-    if ($namespace ne 'roles') {
+ 				  &GDBM_WRCREAT(),"P",$what);
-       chomp($what);
+ 	if($hashref) {
-       my $proname=propath($udom,$uname);
+ 	    my @pairs=split(/\&/,$what);
-       my $now=time;
+ 	    foreach my $pair (@pairs) {
-       unless ($namespace=~/^nohist\_/) {
+ 		my ($key,$value)=split(/=/,$pair);
-          my $hfh;
+ 		$hashref->{$key}=$value;
-          if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 	    }
-             print $hfh "P:$now:$what\n";
+ 	    if (untie(%$hashref)) {
-          }
+ 		&Reply( $client, "ok\n", $userinput);
-       }
+ 	    } else {
-       my @pairs=split(/\&/,$what);
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
-       my %hash;
+ 			"while attempting put\n",
-       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
+ 			$userinput);
-                   &GDBM_WRCREAT(),0640)) {
+ 	    }
-          foreach my $pair (@pairs) {
+ 	} else {
-             my ($key,$value)=split(/=/,$pair);
+ 	    &Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
-             $hash{$key}=$value;
+ 		     "while attempting put\n", $userinput);
-          }
+ 	}
-          if (untie(%hash)) {
+     } else {
-             Reply( $client, "ok\n", $userinput);
+         &Failure( $client, "refused\n", $userinput);
-          } else {
+     }
-             Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
-                   "while attempting put\n",
+     return 1;
-                   $userinput);
-          }
-       } else {
-          Failure( $client, "error: ".($!)." tie(GDBM) Failed ".
- 			         "while attempting put\n", $userinput);
-       }
-    } else {
-       Failure( $client, "refused\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("put", \&PutUserProfileEntry, 0, 1, 0);
+ &register_handler("put", \&put_user_profile_entry, 0, 1, 0);
  #
  #   Increment a profile entry in the user history file.
- Line 1357  RegisterHandler("put", \&PutUserProfileE
+ Line 2332  RegisterHandler("put", \&PutUserProfileE
  #     0        - Requested to exit, caller should shut down.
  #     1        - Continue processing.
  #
- sub IncrementUserValueHandler {
+ sub increment_user_value_handler {
-    my $cmd         = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail        = shift;
-    my $client      = shift;
+     my $userinput   = "$cmd:$tail";
-    my $userinput   = shift;
+     my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
-    my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
+     if ($namespace ne 'roles') {
-    $namespace=~s/\//\_/g;
+         chomp($what);
-    $namespace=~s/\W//g;
+ 	my $hashref = &tie_user_hash($udom, $uname,
-    if ($namespace ne 'roles') {
+ 				     $namespace, &GDBM_WRCREAT(),
-       chomp($what);
+ 				     "P",$what);
-       my $proname=propath($udom,$uname);
+ 	if ($hashref) {
-       my $now=time;
+ 	    my @pairs=split(/\&/,$what);
-       unless ($namespace=~/^nohist\_/) {
+ 	    foreach my $pair (@pairs) {
-          my $hfh;
+ 		my ($key,$value)=split(/=/,$pair);
-          if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 		# We could check that we have a number...
-             print $hfh "P:$now:$what\n";
+ 		if (! defined($value) || $value eq '') {
-          }
+ 		    $value = 1;
-       }
+ 		}
-       my @pairs=split(/\&/,$what);
+ 		$hashref->{$key}+=$value;
-       my %hash;
+ 	    }
-       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),
+ 	    if (untie(%$hashref)) {
-)) {
+ 		&Reply( $client, "ok\n", $userinput);
-          foreach my $pair (@pairs) {
+ 	    } else {
-             my ($key,$value)=split(/=/,$pair);
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
-             # We could check that we have a number...
+ 			 "while attempting inc\n", $userinput);
-             if (! defined($value) || $value eq '') {
+ 	    }
-                $value = 1;
+ 	} else {
-             }
+ 	    &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-             $hash{$key}+=$value;
+ 		     "while attempting inc\n", $userinput);
-          }
+ 	}
-          if (untie(%hash)) {
+     } else {
-             Reply( $client, "ok\n", $userinput);
+ 	&Failure($client, "refused\n", $userinput);
-          } else {
+     }
-             Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
-                      "while attempting put\n", $userinput);
+     return 1;
-          }
-       } else {
-          Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-                   "while attempting put\n", $userinput);
-       }
-    } else {
-       Failure($client, "refused\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("inc", \&IncrementUserValueHandler, 0, 1, 0);
+ &register_handler("inc", \&increment_user_value_handler, 0, 1, 0);
  #
  #   Put a new role for a user.  Roles are LonCAPA's packaging of permissions.
  #   Each 'role' a user has implies a set of permissions.  Adding a new role
- Line 1425  RegisterHandler("inc", \&IncrementUserVa
+ Line 2391  RegisterHandler("inc", \&IncrementUserVa
  #     1         - To continue processing.
  #
  #
- sub RolesPutHandler {
+ sub roles_put_handler {
-    my $cmd        = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail       = shift;
-    my $client     = shift;
+     my $userinput  = "$cmd:$tail";
-    my $userinput  = "$cmd:$tail";
+     my ( $exedom, $exeuser, $udom, $uname,  $what) = split(/:/,$tail);
-    my ($exedom,$exeuser,$udom,$uname,$what)   =split(/:/,$tail);
-    &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
-           "what = ".$what);
+     my $namespace='roles';
-    my $namespace='roles';
+     chomp($what);
-    chomp($what);
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
-    my $proname=propath($udom,$uname);
+ 				 &GDBM_WRCREAT(), "P",
-    my $now=time;
+ 				 "$exedom:$exeuser:$what");
-    #
+     #
-    #  Log the attempt to set a role.  The {}'s here ensure that the file
+     #  Log the attempt to set a role.  The {}'s here ensure that the file
-    #  handle is open for the minimal amount of time.  Since the flush
+     #  handle is open for the minimal amount of time.  Since the flush
-    #  is done on close this improves the chances the log will be an un-
+     #  is done on close this improves the chances the log will be an un-
-    #  corrupted ordered thing.
+     #  corrupted ordered thing.
-    {
+     if ($hashref) {
-       my $hfh;
+ 	my $pass_entry = &get_auth_type($udom, $uname);
-       if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 	my ($auth_type,$pwd)  = split(/:/, $pass_entry);
-          print $hfh "P:$now:$exedom:$exeuser:$what\n";
+ 	$auth_type = $auth_type.":";
-       }
+ 	my @pairs=split(/\&/,$what);
-    }
+ 	foreach my $pair (@pairs) {
-    my @pairs=split(/\&/,$what);
+ 	    my ($key,$value)=split(/=/,$pair);
-    my %hash;
+ 	    &manage_permissions($key, $udom, $uname,
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_WRCREAT(),0640)) {
+ 			       $auth_type);
-       foreach my $pair (@pairs) {
+ 	    $hashref->{$key}=$value;
-          my ($key,$value)=split(/=/,$pair);
+ 	}
-             &ManagePermissions($key, $udom, $uname,
+ 	if (untie($hashref)) {
-                                &GetAuthType( $udom, $uname));
+ 	    &Reply($client, "ok\n", $userinput);
-             $hash{$key}=$value;
+ 	} else {
-       }
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
-       if (untie(%hash)) {
+ 		     "while attempting rolesput\n", $userinput);
-          Reply($client, "ok\n", $userinput);
+ 	}
-       } else {
+     } else {
-          Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 			                         "while attempting rolesput\n", $userinput);
+ 		 "while attempting rolesput\n", $userinput);
-       }
+     }
-    } else {
+     return 1;
-       Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-                         "while attempting rolesput\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("rolesput", \&RolesPutHandler, 1,1,0);  # Encoded client only.
+ &register_handler("rolesput", \&roles_put_handler, 1,1,0);  # Encoded client only.
  #
  #   Deletes (removes) a role for a user.   This is equivalent to removing
  #  a permissions package associated with the role from the user's profile.
- Line 1488  RegisterHandler("rolesput", \&RolesPutHa
+ Line 2451  RegisterHandler("rolesput", \&RolesPutHa
  #     1                    - Continue processing
  #     0                    - Exit.
  #
- sub RolesDeleteHandler {
+ sub roles_delete_handler {
-    my $cmd          = shift;
+     my ($cmd, $tail, $client)  = @_;
-    my $tail         = shift;
-    my $client       = shift;
-    my $userinput    = "$cmd:$tail";
-    my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
-    &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
-           "what = ".$what);
-    my $namespace='roles';
-    chomp($what);
-    my $proname=propath($udom,$uname);
-    my $now=time;
-    #
-    #   Log the attempt. This {}'ing is done to ensure that the
-    #   logfile is flushed and closed as quickly as possible.  Hopefully
-    #   this preserves both time ordering and reduces the probability that
-    #   messages will be interleaved.
-    #
-    {
-       my $hfh;
-       if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
-          print $hfh "D:$now:$exedom:$exeuser:$what\n";
-       }
-    }
-    my @rolekeys=split(/\&/,$what);
-    my %hash;
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_WRCREAT(),0640)) {
-       foreach my $key (@rolekeys) {
-          delete $hash{$key};
-       }
-       if (untie(%hash)) {
-          Reply($client, "ok\n", $userinput);
-       } else {
-          Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
-                            "while attempting rolesdel\n", $userinput);
-       }
-    } else {
-       Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-                         "while attempting rolesdel\n", $userinput);
-    }
-    return 1;
+     my $userinput    = "$cmd:$tail";
+     my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
+     &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
+ 	   "what = ".$what);
+     my $namespace='roles';
+     chomp($what);
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
+ 				 &GDBM_WRCREAT(), "D",
+ 				 "$exedom:$exeuser:$what");
+     if ($hashref) {
+ 	my @rolekeys=split(/\&/,$what);
+ 	foreach my $key (@rolekeys) {
+ 	    delete $hashref->{$key};
+ 	}
+ 	if (untie(%$hashref)) {
+ 	    &Reply($client, "ok\n", $userinput);
+ 	} else {
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		     "while attempting rolesdel\n", $userinput);
+ 	}
+     } else {
+         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 		 "while attempting rolesdel\n", $userinput);
+     }
+     return 1;
  }
- RegisterHandler("rolesdel", \&RolesDeleteHandler, 1,1, 0); # Encoded client only
+ &register_handler("rolesdel", \&roles_delete_handler, 1,1, 0); # Encoded client only
  # Unencrypted get from a user's profile database.  See
  # GetProfileEntryEncrypted for a version that does end-to-end encryption.
- Line 1553  RegisterHandler("rolesdel", \&RolesDelet
+ Line 2505  RegisterHandler("rolesdel", \&RolesDelet
  #   1       - Continue processing.
  #   0       - Exit.
  #
- sub GetProfileEntry {
+ sub get_profile_entry {
-    my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail     = shift;
-    my $client   = shift;
+     my $userinput= "$cmd:$tail";
-    my $userinput= "$cmd:$tail";
-    my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
+     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
-    $namespace=~s/\//\_/g;
+     chomp($what);
-    $namespace=~s/\W//g;
-    chomp($what);
+     my $replystring = read_profile($udom, $uname, $namespace, $what);
-    my @queries=split(/\&/,$what);
+     my ($first) = split(/:/,$replystring);
-    my $proname=propath($udom,$uname);
+     if($first ne "error") {
-    my $qresult='';
+ 	&Reply($client, "$replystring\n", $userinput);
-    my %hash;
+     } else {
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_READER(),0640)) {
+ 	&Failure($client, $replystring." while attempting get\n", $userinput);
-       for (my $i=0;$i<=$#queries;$i++) {
+     }
-          $qresult.="$hash{$queries[$i]}&";    # Presumably failure gives empty string.
+     return 1;
-       }
-       if (untie(%hash)) {
-          $qresult=~s/\&$//;              # Remove trailing & from last lookup.
-          Reply($client, "$qresult\n", $userinput);
-       } else {
-          Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-                           "while attempting get\n", $userinput);
-       }
-    } else {
-       if ($!+0 == 2) {                # +0 coerces errno -> number 2 is ENOENT
-          Failure($client, "error:No such file or ".
-                           "GDBM reported bad block error\n", $userinput);
-       } else {                        # Some other undifferentiated err.
-          Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-                            "while attempting get\n", $userinput);
-       }
-    }
-    return 1;
  }
- RegisterHandler("get", \&GetProfileEntry, 0,1,0);
+ &register_handler("get", \&get_profile_entry, 0,1,0);
  #
  #  Process the encrypted get request.  Note that the request is sent
  #  in clear, but the reply is encrypted.  This is a small covert channel:
- Line 1609  RegisterHandler("get", \&GetProfileEntry
+ Line 2545  RegisterHandler("get", \&GetProfileEntry
  #  Returns:
  #     1      - Continue processing
  #     0      - server should exit.
- sub GetProfileEntryEncrypted {
+ sub get_profile_entry_encrypted {
-    my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail      = shift;
-    my $client    = shift;
+     my $userinput = "$cmd:$tail";
-    my $userinput = "$cmd:$tail";
-    my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
+     my ($cmd,$udom,$uname,$namespace,$what) = split(/:/,$userinput);
-    $namespace=~s/\//\_/g;
+     chomp($what);
-    $namespace=~s/\W//g;
+     my $qresult = read_profile($udom, $uname, $namespace, $what);
-    chomp($what);
+     my ($first) = split(/:/, $qresult);
-    my @queries=split(/\&/,$what);
+     if($first ne "error") {
-    my $proname=propath($udom,$uname);
-    my $qresult='';
+ 	if ($cipher) {
-    my %hash;
+ 	    my $cmdlength=length($qresult);
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+ 	    $qresult.="         ";
-       for (my $i=0;$i<=$#queries;$i++) {
+ 	    my $encqresult='';
-          $qresult.="$hash{$queries[$i]}&";
+ 	    for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
-       }
+ 		$encqresult.= unpack("H16",
-       if (untie(%hash)) {
+ 				     $cipher->encrypt(substr($qresult,
-          $qresult=~s/\&$//;
+ 							     $encidx,
-          if ($cipher) {
+)));
-             my $cmdlength=length($qresult);
+ 	    }
-             $qresult.="         ";
+ 	    &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
-             my $encqresult='';
+ 	} else {
-             for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+ 		&Failure( $client, "error:no_key\n", $userinput);
-                $encqresult.= unpack("H16", $cipher->encrypt(substr($qresult,
+ 	    }
-                                                                    $encidx,
+     } else {
-)));
+ 	&Failure($client, "$qresult while attempting eget\n", $userinput);
-             }
-             Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
+     }
-          } else {
-             Failure( $client, "error:no_key\n", $userinput);
+     return 1;
-          }
-       } else {
-          Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-                               "while attempting eget\n", $userinput);
-       }
-    } else {
-       Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-                        "while attempting eget\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("eget", \&GetProfileEncrypted, 0, 1, 0);
+ &register_handler("eget", \&get_profile_entry_encrypted, 0, 1, 0);
  #
  #   Deletes a key in a user profile database.
- Line 1673  RegisterHandler("eget", \&GetProfileEncr
+ Line 2597  RegisterHandler("eget", \&GetProfileEncr
  #     0   - Exit server.
  #
  #
- sub DeletProfileEntry {
+ sub delete_profile_entry {
-    my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail     = shift;
-    my $client   = shift;
+     my $userinput = "cmd:$tail";
-    my $userinput = "cmd:$tail";
+     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
-    my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
+     chomp($what);
-    $namespace=~s/\//\_/g;
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
-    $namespace=~s/\W//g;
+ 				 &GDBM_WRCREAT(),
-    chomp($what);
+ 				 "D",$what);
-    my $proname=propath($udom,$uname);
+     if ($hashref) {
-    my $now=time;
+         my @keys=split(/\&/,$what);
-    unless ($namespace=~/^nohist\_/) {
+ 	foreach my $key (@keys) {
-       my $hfh;
+ 	    delete($hashref->{$key});
-       if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 	}
-          print $hfh "D:$now:$what\n";
+ 	if (untie(%$hashref)) {
-       }
+ 	    &Reply($client, "ok\n", $userinput);
-    }
+ 	} else {
-    my @keys=split(/\&/,$what);
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-    my %hash;
+ 		    "while attempting del\n", $userinput);
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+ 	}
-       foreach my $key (@keys) {
+     } else {
-          delete($hash{$key});
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-       }
+ 		 "while attempting del\n", $userinput);
-       if (untie(%hash)) {
+     }
-          Reply($client, "ok\n", $userinput);
+     return 1;
-       } else {
-          Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-                            "while attempting del\n", $userinput);
-       }
-    } else {
-       Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-                         "while attempting del\n", $userinput);
-    }
-    return 1;
  }
- RegisterHandler("del", \&DeleteProfileEntry, 0, 1, 0);
+ &register_handler("del", \&delete_profile_entry, 0, 1, 0);
  #
  #  List the set of keys that are defined in a profile database file.
  #  A successful reply from this will contain an & separated list of
- Line 1725  RegisterHandler("del", \&DeleteProfileEn
+ Line 2641  RegisterHandler("del", \&DeleteProfileEn
  #    1    - Continue processing.
  #    0    - Exit the server.
  #
- sub GetProfileKeys {
+ sub get_profile_keys {
-    my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail      = shift;
-    my $client    = shift;
+     my $userinput = "$cmd:$tail";
-    my $userinput = "$cmd:$tail";
+     my ($udom,$uname,$namespace)=split(/:/,$tail);
-    my ($udom,$uname,$namespace)=split(/:/,$tail);
+     my $qresult='';
-    $namespace=~s/\//\_/g;
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
-    $namespace=~s/\W//g;
+ 				  &GDBM_READER());
-    my $proname=propath($udom,$uname);
+     if ($hashref) {
-    my $qresult='';
+ 	foreach my $key (keys %$hashref) {
-    my %hash;
+ 	    $qresult.="$key&";
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+ 	}
-       foreach my $key (keys %hash) {
+ 	if (untie(%$hashref)) {
-           $qresult.="$key&";
+ 	    $qresult=~s/\&$//;
-       }
+ 	    &Reply($client, "$qresult\n", $userinput);
-       if (untie(%hash)) {
+ 	} else {
-          $qresult=~s/\&$//;
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-          Reply($client, "$qresult\n", $userinput);
+ 		    "while attempting keys\n", $userinput);
-       } else {
+ 	}
-          Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+     } else {
-                           "while attempting keys\n", $userinput);
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-       }
+ 		 "while attempting keys\n", $userinput);
-    } else {
+     }
-       Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
-                         "while attempting keys\n", $userinput);
-    }
-    return 1;
+     return 1;
  }
- RegisterHandler("keys", \&GetProfileKeys, 0, 1, 0);
+ &register_handler("keys", \&get_profile_keys, 0, 1, 0);
  #
  #   Dump the contents of a user profile database.
  #   Note that this constitutes a very large covert channel too since
- Line 1775  RegisterHandler("keys", \&GetProfileKeys
+ Line 2689  RegisterHandler("keys", \&GetProfileKeys
  #     1    - Continue processing.
  #     0    - Exit the server.
  #
- sub DumpProfileDatabase {
+ sub dump_profile_database {
-    my $cmd       = shift;
+     my ($cmd, $tail, $client) = @_;
-    my $tail      = shift;
-    my $client    = shift;
+     my $userinput = "$cmd:$tail";
-    my $userinput = "$cmd:$tail";
-    my ($udom,$uname,$namespace) = split(/:/,$tail);
+     my ($udom,$uname,$namespace) = split(/:/,$tail);
-    $namespace=~s/\//\_/g;
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
-    $namespace=~s/\W//g;
+ 				 &GDBM_READER());
-    my $qresult='';
+     if ($hashref) {
-    my $proname=propath($udom,$uname);
+ 	# Structure of %data:
-    my %hash;
+ 	# $data{$symb}->{$parameter}=$value;
-    if (tie(%hash,'GDBM_File',"$proname/$namespace.db", &GDBM_READER(),0640)) {
+ 	# $data{$symb}->{'v.'.$parameter}=$version;
-       # Structure of %data:
+ 	# since $parameter will be unescaped, we do not
-       # $data{$symb}->{$parameter}=$value;
+  	# have to worry about silly parameter names...
-       # $data{$symb}->{'v.'.$parameter}=$version;
-       # since $parameter will be unescaped, we do not
+         my $qresult='';
-       # have to worry about silly parameter names...
+ 	my %data = ();                     # A hash of anonymous hashes..
-       my %data = ();                     # A hash of anonymous hashes..
+ 	while (my ($key,$value) = each(%$hashref)) {
-       while (my ($key,$value) = each(%hash)) {
+ 	    my ($v,$symb,$param) = split(/:/,$key);
-          my ($v,$symb,$param) = split(/:/,$key);
+ 	    next if ($v eq 'version' || $symb eq 'keys');
-          next if ($v eq 'version' || $symb eq 'keys');
+ 	    next if (exists($data{$symb}) &&
-          next if (exists($data{$symb}) &&
+ 		     exists($data{$symb}->{$param}) &&
-                   exists($data{$symb}->{$param}) &&
+ 		     $data{$symb}->{'v.'.$param} > $v);
-                   $data{$symb}->{'v.'.$param} > $v);
+ 	    $data{$symb}->{$param}=$value;
-          $data{$symb}->{$param}=$value;
+ 	    $data{$symb}->{'v.'.$param}=$v;
-          $data{$symb}->{'v.'.$param}=$v;
+ 	}
-       }
+ 	if (untie(%$hashref)) {
-       if (untie(%hash)) {
+ 	    while (my ($symb,$param_hash) = each(%data)) {
-          while (my ($symb,$param_hash) = each(%data)) {
+ 		while(my ($param,$value) = each (%$param_hash)){
-             while(my ($param,$value) = each (%$param_hash)){
+ 		    next if ($param =~ /^v\./);       # Ignore versions...
-                next if ($param =~ /^v\./);       # Ignore versions...
+ 		    #
-                #
+ 		    #   Just dump the symb=value pairs separated by &
-                #   Just dump the symb=value pairs separated by &
+ 		    #
-                #
+ 		    $qresult.=$symb.':'.$param.'='.$value.'&';
-                $qresult.=$symb.':'.$param.'='.$value.'&';
+ 		}
-             }
+ 	    }
-          }
+ 	    chop($qresult);
-          chop($qresult);
+ 	    &Reply($client , "$qresult\n", $userinput);
-          Reply($client , "$qresult\n", $userinput);
+ 	} else {
-       } else {
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
-          Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		     "while attempting currentdump\n", $userinput);
-                            "while attempting currentdump\n", $userinput);
+ 	}
-       }
+     } else {
-    } else {
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-       Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 		"while attempting currentdump\n", $userinput);
-                         "while attempting currentdump\n", $userinput);
+     }
-    }
-    return 1;
+     return 1;
  }
- RegisterHandler("currentdump", \&DumpProfileDatabase, 0, 1, 0);
+ &register_handler("currentdump", \&dump_profile_database, 0, 1, 0);
  #
  #   Dump a profile database with an optional regular expression
  #   to match against the keys.  In this dump, no effort is made
- Line 1851  RegisterHandler("currentdump", \&DumpPro
+ Line 2764  RegisterHandler("currentdump", \&DumpPro
  # Side effects:
  #    response is written to $client.
  #
- sub DumpWithRegexp {
+ sub dump_with_regexp {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
+     my ($udom,$uname,$namespace,$regexp)=split(/:/,$tail);
-   my ($udom,$uname,$namespace,$regexp)=split(/:/,$tail);
+     if (defined($regexp)) {
-   $namespace=~s/\//\_/g;
+ 	$regexp=&unescape($regexp);
-   $namespace=~s/\W//g;
+     } else {
-   if (defined($regexp)) {
+ 	$regexp='.';
-     $regexp=&unescape($regexp);
-   } else {
-     $regexp='.';
-   }
-   my $qresult='';
-   my $proname=propath($udom,$uname);
-   my %hash;
-   if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
- 	  &GDBM_READER(),0640)) {
-     study($regexp);
-     while (my ($key,$value) = each(%hash)) {
-       if ($regexp eq '.') {
- 	$qresult.=$key.'='.$value.'&';
-       } else {
- 	my $unescapeKey = &unescape($key);
- 	if (eval('$unescapeKey=~/$regexp/')) {
- 	  $qresult.="$key=$value&";
- 	}
-       }
      }
-     if (untie(%hash)) {
+     my $hashref = &tie_user_hash($udom, $uname, $namespace,
-       chop($qresult);
+ 				 &GDBM_READER());
-       Reply($client, "$qresult\n", $userinput);
+     if ($hashref) {
+         my $qresult='';
+ 	while (my ($key,$value) = each(%$hashref)) {
+ 	    if ($regexp eq '.') {
+ 		$qresult.=$key.'='.$value.'&';
+ 	    } else {
+ 		my $unescapeKey = &unescape($key);
+ 		if (eval('$unescapeKey=~/$regexp/')) {
+ 		    $qresult.="$key=$value&";
+ 		}
+ 	    }
+ 	}
+ 	if (untie(%$hashref)) {
+ 	    chop($qresult);
+ 	    &Reply($client, "$qresult\n", $userinput);
+ 	} else {
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		     "while attempting dump\n", $userinput);
+ 	}
      } else {
-       Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	       "while attempting dump\n", $userinput);
+ 		"while attempting dump\n", $userinput);
      }
-   } else {
-     Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	    "while attempting dump\n", $userinput);
-   }
      return 1;
  }
- RegisterHandler("dump", \&DumpWithRegexp, 0, 1, 0);
+ &register_handler("dump", \&dump_with_regexp, 0, 1, 0);
- #  Store an aitem in any database but the roles database.
+ #  Store a set of key=value pairs associated with a versioned name.
  #
  #  Parameters:
  #    $cmd                - Request command keyword.
- Line 1916  RegisterHandler("dump", \&DumpWithRegexp
+ Line 2824  RegisterHandler("dump", \&DumpWithRegexp
  #      1 (keep on processing).
  #  Side-Effects:
  #    Writes to the client
- sub StoreHandler {
+ sub store_handler {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
-   my $userinput = "$cmd:$tail";
+     my $userinput = "$cmd:$tail";
-   my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail);
+     my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail);
-   $namespace=~s/\//\_/g;
+     if ($namespace ne 'roles') {
-   $namespace=~s/\W//g;
-   if ($namespace ne 'roles') {
+ 	chomp($what);
-     chomp($what);
+ 	my @pairs=split(/\&/,$what);
-     my $proname=propath($udom,$uname);
+ 	my $hashref  = &tie_user_hash($udom, $uname, $namespace,
-     my $now=time;
+ 				       &GDBM_WRCREAT(), "P",
-     unless ($namespace=~/^nohist\_/) {
+ 				       "$rid:$what");
-       my $hfh;
+ 	if ($hashref) {
-       if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+ 	    my $now = time;
- 	print $hfh "P:$now:$rid:$what\n";
+ 	    my @previouskeys=split(/&/,$hashref->{"keys:$rid"});
-       }
+ 	    my $key;
-     }
+ 	    $hashref->{"version:$rid"}++;
-     my @pairs=split(/\&/,$what);
+ 	    my $version=$hashref->{"version:$rid"};
-     my %hash;
+ 	    my $allkeys='';
-     if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
+ 	    foreach my $pair (@pairs) {
- 	    &GDBM_WRCREAT(),0640)) {
+ 		my ($key,$value)=split(/=/,$pair);
-       my @previouskeys=split(/&/,$hash{"keys:$rid"});
+ 		$allkeys.=$key.':';
-       my $key;
+ 		$hashref->{"$version:$rid:$key"}=$value;
-       $hash{"version:$rid"}++;
+ 	    }
-       my $version=$hash{"version:$rid"};
+ 	    $hashref->{"$version:$rid:timestamp"}=$now;
-       my $allkeys='';
+ 	    $allkeys.='timestamp';
-       foreach my $pair (@pairs) {
+ 	    $hashref->{"$version:keys:$rid"}=$allkeys;
- 	my ($key,$value)=split(/=/,$pair);
+ 	    if (untie($hashref)) {
- 	$allkeys.=$key.':';
+ 		&Reply($client, "ok\n", $userinput);
- 	$hash{"$version:$rid:$key"}=$value;
+ 	    } else {
-       }
+ 		&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-       $hash{"$version:$rid:timestamp"}=$now;
+ 			"while attempting store\n", $userinput);
-       $allkeys.='timestamp';
+ 	    }
-       $hash{"$version:keys:$rid"}=$allkeys;
+ 	} else {
-       if (untie(%hash)) {
+ 	    &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	Reply($client, "ok\n", $userinput);
+ 		     "while attempting store\n", $userinput);
-       } else {
+ 	}
- 	Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
- 		"while attempting store\n", $userinput);
-       }
      } else {
-       Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 	&Failure($client, "refused\n", $userinput);
- 	       "while attempting store\n", $userinput);
      }
-   } else {
-     Failure($client, "refused\n", $userinput);
-   }
-   return 1;
+     return 1;
  }
- RegisterHandler("store", \&StoreHandler, 0, 1, 0);
+ &register_handler("store", \&store_handler, 0, 1, 0);
  #
- #   Restore a prior version of a resource.
+ #  Dump out all versions of a resource that has key=value pairs associated
+ # with it for each version.  These resources are built up via the store
+ # command.
  #
  #  Parameters:
  #     $cmd               - Command keyword.
- Line 1985  RegisterHandler("store", \&StoreHandler,
+ Line 2887  RegisterHandler("store", \&StoreHandler,
  #      1  indicating the caller should not yet exit.
  # Side-effects:
  #   Writes a reply to the client.
+ #   The reply is a string of the following shape:
+ #   version=current&version:keys=k1:k2...&1:k1=v1&1:k2=v2...
+ #    Where the 1 above represents version 1.
+ #    this continues for all pairs of keys in all versions.
  #
- sub RestoreHandler {
+ #
-   my $cmd     = shift;
+ #
-   my $tail    = shift;
+ #
-   my $client  = shift;
+ sub restore_handler {
+     my ($cmd, $tail, $client) = @_;
-   my $userinput = "$cmd:$tail";	# Only used for logging purposes.
+     my $userinput = "$cmd:$tail";	# Only used for logging purposes.
-   my ($cmd,$udom,$uname,$namespace,$rid) = split(/:/,$userinput);
-   $namespace=~s/\//\_/g;
+     my ($cmd,$udom,$uname,$namespace,$rid) = split(/:/,$userinput);
-   $namespace=~s/\W//g;
+     $namespace=~s/\//\_/g;
-   chomp($rid);
+     $namespace=~s/\W//g;
-   my $proname=propath($udom,$uname);
+     chomp($rid);
- 	  my $qresult='';
+     my $proname=&propath($udom,$uname);
-   my %hash;
+     my $qresult='';
-   if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
+     my %hash;
- 	  &GDBM_READER(),0640)) {
+     if (tie(%hash,'GDBM_File',"$proname/$namespace.db",
-     my $version=$hash{"version:$rid"};
+ 	    &GDBM_READER(),0640)) {
-     $qresult.="version=$version&";
+ 	my $version=$hash{"version:$rid"};
-     my $scope;
+ 	$qresult.="version=$version&";
-     for ($scope=1;$scope<=$version;$scope++) {
+ 	my $scope;
-       my $vkeys=$hash{"$scope:keys:$rid"};
+ 	for ($scope=1;$scope<=$version;$scope++) {
- 		my @keys=split(/:/,$vkeys);
+ 	    my $vkeys=$hash{"$scope:keys:$rid"};
-       my $key;
+ 	    my @keys=split(/:/,$vkeys);
-       $qresult.="$scope:keys=$vkeys&";
+ 	    my $key;
-       foreach $key (@keys) {
+ 	    $qresult.="$scope:keys=$vkeys&";
- 	$qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
+ 	    foreach $key (@keys) {
-       }
+ 		$qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
-     }
+ 	    }
- 	     if (untie(%hash)) {
+ 	}
- 	       $qresult=~s/\&$//;
+ 	if (untie(%hash)) {
- 	       Reply( $client, "$qresult\n", $userinput);
+ 	    $qresult=~s/\&$//;
- 	     } else {
+ 	    &Reply( $client, "$qresult\n", $userinput);
- 	       Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	} else {
- 		       "while attempting restore\n", $userinput);
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
- 	     }
+ 		    "while attempting restore\n", $userinput);
-   } else {
+ 	}
-     Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     } else {
- 	    "while attempting restore\n", $userinput);
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-   }
+ 		"while attempting restore\n", $userinput);
+     }
-   return 1;
+     return 1;
  }
- RegisterHandler("restor", \&RestoreHandler, 0,1,0);
+ &register_handler("restore", \&restore_handler, 0,1,0);
  #
  #   Add a chat message to to a discussion board.
- Line 2050  RegisterHandler("restor", \&RestoreHandl
+ Line 2957  RegisterHandler("restor", \&RestoreHandl
  #   writes a reply to the client.
  #
  #
- sub SendChatHandler {
+ sub send_chat_handler {
-   my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail    = shift;
-   my $client  = shift;
-   my $userinput = "$cmd:$tail";
+     my $userinput = "$cmd:$tail";
-   my ($cdom,$cnum,$newpost)=split(/\:/,$tail);
+     my ($cdom,$cnum,$newpost)=split(/\:/,$tail);
-   &chatadd($cdom,$cnum,$newpost);
+     &chat_add($cdom,$cnum,$newpost);
-   Reply($client, "ok\n", $userinput);
+     &Reply($client, "ok\n", $userinput);
-   return 1;
+     return 1;
  }
- RegisterHandler("chatsend", \&SendChatHandler, 0, 1, 0);
+ &register_handler("chatsend", \&send_chat_handler, 0, 1, 0);
  #
  #   Retrieve the set of chat messagss from a discussion board.
  #
- Line 2081  RegisterHandler("chatsend", \&SendChatHa
+ Line 2988  RegisterHandler("chatsend", \&SendChatHa
  # Side effects:
  #    Response is written to the client.
  #
- sub RetrieveChatHandler {
+ sub retrieve_chat_handler {
-   my $cmd      = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail     = shift;
-   my $client   = shift;
-   my $userinput = "$cmd:$tail";
-   my ($cdom,$cnum,$udom,$uname)=split(/\:/,$tail);
-   my $reply='';
-   foreach (&getchat($cdom,$cnum,$udom,$uname)) {
-     $reply.=&escape($_).':';
-   }
-   $reply=~s/\:$//;
-   Reply($client, $reply."\n", $userinput);
-   return 1;
+     my $userinput = "$cmd:$tail";
+     my ($cdom,$cnum,$udom,$uname)=split(/\:/,$tail);
+     my $reply='';
+     foreach (&get_chat($cdom,$cnum,$udom,$uname)) {
+ 	$reply.=&escape($_).':';
+     }
+     $reply=~s/\:$//;
+     &Reply($client, $reply."\n", $userinput);
+     return 1;
  }
- RegisterHandler("chatretr", \&RetrieveChatHandler, 0, 1, 0);
+ &register_handler("chatretr", \&retrieve_chat_handler, 0, 1, 0);
  #
  #  Initiate a query of an sql database.  SQL query repsonses get put in
  #  a file for later retrieval.  This prevents sql query results from
- Line 2119  RegisterHandler("chatretr", \&RetrieveCh
+ Line 3026  RegisterHandler("chatretr", \&RetrieveCh
  # Side-effects:
  #    a reply is written to $client.
  #
- sub SendQueryHandler {
+ sub send_query_handler {
-   my $cmd     = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail    = shift;
-   my $client  = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
-   my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
-   $query=~s/\n*$//g;
-   Reply($client, "". sqlreply("$clientname\&$query".
- 			      "\&$arg1"."\&$arg2"."\&$arg3")."\n",
- 	$userinput);
-   return 1;
+     my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
+     $query=~s/\n*$//g;
+     &Reply($client, "". &sql_reply("$clientname\&$query".
+ 				"\&$arg1"."\&$arg2"."\&$arg3")."\n",
+ 	  $userinput);
+     return 1;
  }
- RegisterHandler("querysend", \&SendQueryHandler, 0, 1, 0);
+ &register_handler("querysend", \&send_query_handler, 0, 1, 0);
  #
  #   Add a reply to an sql query.  SQL queries are done asyncrhonously.
- Line 2161  RegisterHandler("querysend", \&SendQuery
+ Line 3067  RegisterHandler("querysend", \&SendQuery
  # Side effects:
  #    ok written to the client.
  #
- sub ReplyQueryHandler {
+ sub reply_query_handler {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
+     my ($cmd,$id,$reply)=split(/:/,$userinput);
-   my ($cmd,$id,$reply)=split(/:/,$userinput);
+     my $store;
-   my $store;
+     my $execdir=$perlvar{'lonDaemons'};
-   my $execdir=$perlvar{'lonDaemons'};
+     if ($store=IO::File->new(">$execdir/tmp/$id")) {
-   if ($store=IO::File->new(">$execdir/tmp/$id")) {
+ 	$reply=~s/\&/\n/g;
-     $reply=~s/\&/\n/g;
+ 	print $store $reply;
-          print $store $reply;
+ 	close $store;
-     close $store;
+ 	my $store2=IO::File->new(">$execdir/tmp/$id.end");
-     my $store2=IO::File->new(">$execdir/tmp/$id.end");
+ 	print $store2 "done\n";
-     print $store2 "done\n";
+ 	close $store2;
-     close $store2;
+ 	&Reply($client, "ok\n", $userinput);
-     Reply($client, "ok\n", $userinput);
+     } else {
-   }
+ 	&Failure($client, "error: ".($!+0)
-   else {
+ 		." IO::File->new Failed ".
-     Failure($client, "error: ".($!+0)
+ 		"while attempting queryreply\n", $userinput);
- 	    ." IO::File->new Failed ".
+     }
- 	    "while attempting queryreply\n", $userinput);
-   }
-   return 1;
+     return 1;
  }
- RegisterHandler("queryreply", \&ReplyQueryHandler, 0, 1, 0);
+ &register_handler("queryreply", \&reply_query_handler, 0, 1, 0);
  #
- #  Process the courseidput query.  Not quite sure what this means
+ #  Process the courseidput request.  Not quite sure what this means
  #  at the system level sense.  It appears a gdbm file in the
  #  /home/httpd/lonUsers/$domain/nohist_courseids is tied and
  #  a set of entries made in that database.
- Line 2208  RegisterHandler("queryreply", \&ReplyQue
+ Line 3113  RegisterHandler("queryreply", \&ReplyQue
  # Side effects:
  #   reply is written to the client.
  #
- sub PutCourseIdHandler {
+ sub put_course_id_handler {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
+     my ($udom, $what) = split(/:/, $tail,2);
-   my ($udom,$what)=split(/:/,$tail);
+     chomp($what);
-   chomp($what);
+     my $now=time;
-   $udom=~s/\W//g;
+     my @pairs=split(/\&/,$what);
-   my $proname=
-     "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
+     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
-   my $now=time;
+     if ($hashref) {
-   my @pairs=split(/\&/,$what);
+ 	foreach my $pair (@pairs) {
-   my %hash;
+             my ($key,$courseinfo) = split(/=/,$pair);
-   if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+ 	    $hashref->{$key}=$courseinfo.':'.$now;
-     foreach my $pair (@pairs) {
+ 	}
-       my ($key,$value)=split(/=/,$pair);
+ 	if (untie(%$hashref)) {
-       $hash{$key}=$value.':'.$now;
+ 	    &Reply( $client, "ok\n", $userinput);
-     }
+ 	} else {
-     if (untie(%hash)) {
+ 	    &Failure($client, "error: ".($!+0)
-       Reply($client, "ok\n", $userinput);
+ 		     ." untie(GDBM) Failed ".
-     } else {
+ 		     "while attempting courseidput\n", $userinput);
-       Failure( $client, "error: ".($!+0)
+ 	}
- 	       ." untie(GDBM) Failed ".
+     } else {
- 	       "while attempting courseidput\n", $userinput);
+ 	&Failure($client, "error: ".($!+0)
+ 		 ." tie(GDBM) Failed ".
+ 		 "while attempting courseidput\n", $userinput);
      }
-   } else {
-     Failure( $client, "error: ".($!+0)
- 	     ." tie(GDBM) Failed ".
- 	     "while attempting courseidput\n", $userinput);
-   }
-   return 1;
+     return 1;
  }
- RegisterHandler("courseidput", \&PutCourseIdHandler, 0, 1, 0);
+ &register_handler("courseidput", \&put_course_id_handler, 0, 1, 0);
  #  Retrieves the value of a course id resource keyword pattern
  #  defined since a starting date.  Both the starting date and the
- Line 2268  RegisterHandler("courseidput", \&PutCour
+ Line 3171  RegisterHandler("courseidput", \&PutCour
  #    1     - Continue processing.
  # Side Effects:
  #   a reply is written to $client.
- sub DumpCourseIdHandler {
+ sub dump_course_id_handler {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
+     my ($udom,$since,$description,$instcodefilter,$ownerfilter) =split(/:/,$tail);
+     if (defined($description)) {
-   my ($udom,$since,$description) =split(/:/,$tail);
+ 	$description=&unescape($description);
-   if (defined($description)) {
+     } else {
-     $description=&unescape($description);
+ 	$description='.';
-   } else {
-     $description='.';
-   }
-   unless (defined($since)) { $since=0; }
-   my $qresult='';
-   my $proname = "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
-   my %hash;
-   if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
-     while (my ($key,$value) = each(%hash)) {
-       my ($descr,$lasttime)=split(/\:/,$value);
-       if ($lasttime<$since) {
- 	next;
-       }
-       if ($description eq '.') {
- 	$qresult.=$key.'='.$descr.'&';
-       } else {
- 	my $unescapeVal = &unescape($descr);
- 	if (eval('$unescapeVal=~/$description/i')) {
- 	  $qresult.="$key=$descr&";
- 	}
-       }
      }
-     if (untie(%hash)) {
+     if (defined($instcodefilter)) {
-       chop($qresult);
+         $instcodefilter=&unescape($instcodefilter);
-       Reply($client, "$qresult\n", $userinput);
      } else {
-       Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+         $instcodefilter='.';
- 	      "while attempting courseiddump\n", $userinput);
+     }
+     if (defined($ownerfilter)) {
+         $ownerfilter=&unescape($ownerfilter);
+     } else {
+         $ownerfilter='.';
+     }
+     unless (defined($since)) { $since=0; }
+     my $qresult='';
+     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
+     if ($hashref) {
+ 	while (my ($key,$value) = each(%$hashref)) {
+ 	    my ($descr,$lasttime,$inst_code,$owner);
+             if ($value =~  m/^([^\:]*):([^\:]*):([^\:]*):(\d+)$/) {
+                 ($descr,$inst_code,$owner,$lasttime)=($1,$2,$3,$4);
+ 	    } elsif ($value =~ m/^([^\:]*):([^\:]*):(\d+)$/) {
+ 		($descr,$inst_code,$lasttime)=($1,$2,$3);
+ 	    } else {
+ 		($descr,$lasttime) = split(/\:/,$value);
+ 	    }
+ 	    if ($lasttime<$since) { next; }
+             my $match = 1;
+ 	    unless ($description eq '.') {
+ 		my $unescapeDescr = &unescape($descr);
+ 		unless (eval('$unescapeDescr=~/\Q$description\E/i')) {
+                     $match = 0;
+ 		}
+             }
+             unless ($instcodefilter eq '.' || !defined($instcodefilter)) {
+                 my $unescapeInstcode = &unescape($inst_code);
+                 unless (eval('$unescapeInstcode=~/\Q$instcodefilter\E/i')) {
+                     $match = 0;
+                 }
+ 	    }
+             unless ($ownerfilter eq '.' || !defined($ownerfilter)) {
+                 my $unescapeOwner = &unescape($owner);
+                 unless (eval('$unescapeOwner=~/\Q$ownerfilter\E/i')) {
+                     $match = 0;
+                 }
+             }
+             if ($match == 1) {
+                 $qresult.=$key.'='.$descr.':'.$inst_code.':'.$owner.'&';
+             }
+ 	}
+ 	if (untie(%$hashref)) {
+ 	    chop($qresult);
+ 	    &Reply($client, "$qresult\n", $userinput);
+ 	} else {
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 		    "while attempting courseiddump\n", $userinput);
+ 	}
+     } else {
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+ 		"while attempting courseiddump\n", $userinput);
      }
-   } else {
-     Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	    "while attempting courseiddump\n", $userinput);
-   }
-   return 1;
+     return 1;
  }
- RegisterHandler("courseiddump", \&DumpCourseIdHandler, 0, 1, 0);
+ &register_handler("courseiddump", \&dump_course_id_handler, 0, 1, 0);
  #
  #  Puts an id to a domains id database.
  #
- Line 2332  RegisterHandler("courseiddump", \&DumpCo
+ Line 3263  RegisterHandler("courseiddump", \&DumpCo
  #  Side effects:
  #     reply is written to $client.
  #
- sub PutIdHandler {
+ sub put_id_handler {
-   my $cmd    = shift;
+     my ($cmd,$tail,$client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$cmd:$tail";
-   my $userinput = "$cmd:$tail";
+     my ($udom,$what)=split(/:/,$tail);
-   my ($udom,$what)=split(/:/,$tail);
+     chomp($what);
-   chomp($what);
+     my @pairs=split(/\&/,$what);
-   $udom=~s/\W//g;
+     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
-   my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+ 				   "P", $what);
-   my $now=time;
+     if ($hashref) {
-   {
+ 	foreach my $pair (@pairs) {
-     my $hfh;
+ 	    my ($key,$value)=split(/=/,$pair);
-     if ($hfh=IO::File->new(">>$proname.hist")) {
+ 	    $hashref->{$key}=$value;
-       print $hfh "P:$now:$what\n";
+ 	}
-     }
+ 	if (untie(%$hashref)) {
-   }
+ 	    &Reply($client, "ok\n", $userinput);
-   my @pairs=split(/\&/,$what);
+ 	} else {
-   my %hash;
+ 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
-   if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+ 		     "while attempting idput\n", $userinput);
-     foreach my $pair (@pairs) {
+ 	}
-       my ($key,$value)=split(/=/,$pair);
-       $hash{$key}=$value;
-     }
-     if (untie(%hash)) {
-       Reply($client, "ok\n", $userinput);
      } else {
-       Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	      "while attempting idput\n", $userinput);
+ 		  "while attempting idput\n", $userinput);
      }
-   } else {
-     Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	     "while attempting idput\n", $userinput);
-   }
-   return 1;
+     return 1;
  }
+ &register_handler("idput", \&put_id_handler, 0, 1, 0);
- RegisterHandler("idput", \&PutIdHandler, 0, 1, 0);
  #
  #  Retrieves a set of id values from the id database.
  #  Returns an & separated list of results, one for each requested id to the
- Line 2391  RegisterHandler("idput", \&PutIdHandler,
+ Line 3313  RegisterHandler("idput", \&PutIdHandler,
  # Side effects:
  #   An & separated list of results is written to $client.
  #
- sub GetIdHandler {
+ sub get_id_handler {
-   my $cmd    = shift;
+     my ($cmd, $tail, $client) = @_;
-   my $tail   = shift;
-   my $client = shift;
+     my $userinput = "$client:$tail";
-   my $userinput = "$client:$tail";
+     my ($udom,$what)=split(/:/,$tail);
-   my ($udom,$what)=split(/:/,$tail);
+     chomp($what);
-   chomp($what);
+     my @queries=split(/\&/,$what);
-   $udom=~s/\W//g;
+     my $qresult='';
-   my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_READER());
-   my @queries=split(/\&/,$what);
+     if ($hashref) {
-   my $qresult='';
+ 	for (my $i=0;$i<=$#queries;$i++) {
-   my %hash;
+ 	    $qresult.="$hashref->{$queries[$i]}&";
-   if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+ 	}
-     for (my $i=0;$i<=$#queries;$i++) {
+ 	if (untie(%$hashref)) {
-       $qresult.="$hash{$queries[$i]}&";
+ 	    $qresult=~s/\&$//;
-     }
+ 	    &Reply($client, "$qresult\n", $userinput);
-     if (untie(%hash)) {
+ 	} else {
-       $qresult=~s/\&$//;
+ 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
-       Reply($client, "$qresult\n", $userinput);
+ 		      "while attempting idget\n",$userinput);
+ 	}
      } else {
-       Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+ 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
- 	       "while attempting idget\n",$userinput);
+ 		 "while attempting idget\n",$userinput);
      }
-   } else {
-     Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+     return 1;
-                         "while attempting idget\n",$userinput);
-   }
-   return 1;
  }
- RegisterHandler("idget", \&GetIdHandler, 0, 1, 0);
+ &register_handler("idget", \&get_id_handler, 0, 1, 0);
- #------------------------------------------------------------------------------------
- #
- #   Process a Request.  Takes a request from the client validates
- #   it and performs the operation requested by it.  Returns
- #   a response to the client.
  #
- #  Parameters:
+ #  Process the tmpput command I'm not sure what this does.. Seems to
- #      request      - A string containing the user's request.
+ #  create a file in the lonDaemons/tmp directory of the form $id.tmp
- #  Returns:
+ # where Id is the client's ip concatenated with a sequence number.
- #      0            - Requested to exit, caller should shut down.
+ # The file will contain some value that is passed in.  Is this e.g.
- #      1            - Accept additional requests from the client.
+ # a login token?
  #
- sub ProcessRequest {
+ # Parameters:
-    my $Request      = shift;
+ #    $cmd     - The command that got us dispatched.
-    my $KeepGoing    = 1;	# Assume we're not asked to stop.
+ #    $tail    - The remainder of the request following $cmd:
+ #               In this case this will be the contents of the file.
-    my $wasenc=0;
+ #    $client  - Socket connected to the client.
-    my $userinput = $Request;   # for compatibility with oldcode <yeach>
+ # Returns:
+ #    1 indicating processing can continue.
+ # Side effects:
+ #   A file is created in the local filesystem.
+ #   A reply is sent to the client.
+ sub tmp_put_handler {
+     my ($cmd, $what, $client) = @_;
+     my $userinput = "$cmd:$what";	# Reconstruct for logging.
- # ------------------------------------------------------------ See if encrypted
+     my $store;
+     $tmpsnum++;
-    if($userinput =~ /^enc/) {
+     my $id=$$.'_'.$clientip.'_'.$tmpsnum;
-       $wasenc = 1;
+     $id=~s/\W/\_/g;
-       $userinput = Decipher($userinput);
+     $what=~s/\n//g;
-       if(! $userinput) {
+     my $execdir=$perlvar{'lonDaemons'};
-          Failure($client,"error:Encrypted data without negotiating key");
+     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
-          return 0;                      # Break off with this imposter.
+ 	print $store $what;
-       }
+ 	close $store;
-    }
+ 	&Reply($client, "$id\n", $userinput);
-    # Split off the request keyword from the rest of the stuff.
+     } else {
+ 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
-    my ($command, $tail) = split(/:/, $userinput, 2);
+ 		  "while attempting tmpput\n", $userinput);
+     }
+     return 1;
+ }
+ &register_handler("tmpput", \&tmp_put_handler, 0, 1, 0);
+ #   Processes the tmpget command.  This command returns the contents
+ #  of a temporary resource file(?) created via tmpput.
+ #
+ # Paramters:
+ #    $cmd      - Command that got us dispatched.
+ #    $id       - Tail of the command, contain the id of the resource
+ #                we want to fetch.
+ #    $client   - socket open on the client.
+ # Return:
+ #    1         - Inidcating processing can continue.
+ # Side effects:
+ #   A reply is sent to the client.
+ #
+ sub tmp_get_handler {
+     my ($cmd, $id, $client) = @_;
-    Debug("Command received: $command, encoded = $wasenc");
+     my $userinput = "$cmd:$id";
+     $id=~s/\W/\_/g;
- # ------------------------------------------------------------- Normal commands
+     my $store;
+     my $execdir=$perlvar{'lonDaemons'};
+     if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
+ 	my $reply=<$store>;
+ 	&Reply( $client, "$reply\n", $userinput);
+ 	close $store;
+     } else {
+ 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
+ 		  "while attempting tmpget\n", $userinput);
+     }
-    #
+     return 1;
-    #   If the command is in the hash, then execute it via the hash dispatch:
+ }
-    #
+ &register_handler("tmpget", \&tmp_get_handler, 0, 1, 0);
-    if(defined $Dispatcher{$command}) {
-       my $DispatchInfo = $Dispatcher{$command};
-       my $Handler      = $$DispatchInfo[0];
-       my $NeedEncode   = $$DispatchInfo[1];
-       my $ClientTypes  = $$DispatchInfo[2];
-       Debug("Matched dispatch hash: mustencode: $NeedEncode ClientType $ClientTypes");
-       #  Validate the request:
-       my $ok = 1;
-       my $requesterprivs = 0;
-       if(isClient()) {
- 	$requesterprivs |= $CLIENT_OK;
-       }
-       if(isManager()) {
- 	$requesterprivs |= $MANAGER_OK;
-       }
-       if($NeedEncode && (!$wasenc)) {
- 	Debug("Must encode but wasn't: $NeedEncode $wasenc");
-          $ok = 0;
-       }
-       if(($ClientTypes & $requesterprivs) == 0) {
- 	Debug("Client not privileged to do this operation");
- 	$ok = 0;
-       }
-       if($ok) {
+ #
- 	Debug("Dispatching to handler $command $tail");
+ #  Process the tmpdel command.  This command deletes a temp resource
-          $KeepGoing = &$Handler($command, $tail, $client);
+ #  created by the tmpput command.
-       } else {
+ #
- 	Debug("Refusing to dispatch because ok is false");
+ # Parameters:
- 	Failure($client, "refused", $userinput);
+ #   $cmd      - Command that got us here.
-       }
+ #   $id       - Id of the temporary resource created.
+ #   $client   - socket open on the client process.
+ #
+ # Returns:
+ #   1     - Indicating processing should continue.
+ # Side Effects:
+ #   A file is deleted
+ #   A reply is sent to the client.
+ sub tmp_del_handler {
+     my ($cmd, $id, $client) = @_;
+     my $userinput= "$cmd:$id";
+     chomp($id);
+     $id=~s/\W/\_/g;
+     my $execdir=$perlvar{'lonDaemons'};
+     if (unlink("$execdir/tmp/$id.tmp")) {
+ 	&Reply($client, "ok\n", $userinput);
+     } else {
+ 	&Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
+ 		  "while attempting tmpdel\n", $userinput);
+     }
+     return 1;
+ }
+ &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
+ #
+ #   Processes the setannounce command.  This command
+ #   creates a file named announce.txt in the top directory of
+ #   the documentn root and sets its contents.  The announce.txt file is
+ #   printed in its entirety at the LonCAPA login page.  Note:
+ #   once the announcement.txt fileis created it cannot be deleted.
+ #   However, setting the contents of the file to empty removes the
+ #   announcement from the login page of loncapa so who cares.
+ #
+ # Parameters:
+ #    $cmd          - The command that got us dispatched.
+ #    $announcement - The text of the announcement.
+ #    $client       - Socket open on the client process.
+ # Retunrns:
+ #   1             - Indicating request processing should continue
+ # Side Effects:
+ #   The file {DocRoot}/announcement.txt is created.
+ #   A reply is sent to $client.
+ #
+ sub set_announce_handler {
+     my ($cmd, $announcement, $client) = @_;
+     my $userinput    = "$cmd:$announcement";
+     chomp($announcement);
+     $announcement=&unescape($announcement);
+     if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
+ 				'/announcement.txt')) {
+ 	print $store $announcement;
+ 	close $store;
+ 	&Reply($client, "ok\n", $userinput);
+     } else {
+ 	&Failure($client, "error: ".($!+0)."\n", $userinput);
+     }
+     return 1;
+ }
+ &register_handler("setannounce", \&set_announce_handler, 0, 1, 0);
+ #
+ #  Return the version of the daemon.  This can be used to determine
+ #  the compatibility of cross version installations or, alternatively to
+ #  simply know who's out of date and who isn't.  Note that the version
+ #  is returned concatenated with the tail.
+ # Parameters:
+ #   $cmd        - the request that dispatched to us.
+ #   $tail       - Tail of the request (client's version?).
+ #   $client     - Socket open on the client.
+ #Returns:
+ #   1 - continue processing requests.
+ # Side Effects:
+ #   Replies with version to $client.
+ sub get_version_handler {
+     my ($cmd, $tail, $client) = @_;
- # ---------------------------------------------------------------------- tmpput
+     my $userinput  = $cmd.$tail;
-    } elsif ($userinput =~ /^tmpput/) {
-       if(isClient) {
+     &Reply($client, &version($userinput)."\n", $userinput);
-          my ($cmd,$what)=split(/:/,$userinput);
-          my $store;
-          $tmpsnum++;
-          my $id=$$.'_'.$clientip.'_'.$tmpsnum;
-          $id=~s/\W/\_/g;
-          $what=~s/\n//g;
-          my $execdir=$perlvar{'lonDaemons'};
-          if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
-             print $store $what;
-             close $store;
-             Reply($client, "$id\n", $userinput);
-          }
-          else {
-             Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
-                            "while attempting tmpput\n", $userinput);
-          }
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- # ---------------------------------------------------------------------- tmpget
-    } elsif ($userinput =~ /^tmpget/) {
-       if(isClient) {
-          my ($cmd,$id)=split(/:/,$userinput);
-          chomp($id);
-          $id=~s/\W/\_/g;
-          my $store;
-          my $execdir=$perlvar{'lonDaemons'};
-          if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
-             my $reply=<$store>;
-             Reply( $client, "$reply\n", $userinput);
-             close $store;
-          }
-          else {
-             Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
-                                "while attempting tmpget\n", $userinput);
-          }
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- # ---------------------------------------------------------------------- tmpdel
-    } elsif ($userinput =~ /^tmpdel/) {
-       if(isClient) {
-          my ($cmd,$id)=split(/:/,$userinput);
-          chomp($id);
-          $id=~s/\W/\_/g;
-          my $execdir=$perlvar{'lonDaemons'};
-          if (unlink("$execdir/tmp/$id.tmp")) {
-             Reply($client, "ok\n", $userinput);
-          } else {
-             Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
-                                  "while attempting tmpdel\n", $userinput);
-          }
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- # -------------------------------------------------------------------------- ls
-    } elsif ($userinput =~ /^ls/) {
-       if(isClient) {
-          my ($cmd,$ulsdir)=split(/:/,$userinput);
-          my $ulsout='';
-          my $ulsfn;
-          if (-e $ulsdir) {
-             if(-d $ulsdir) {
-                if (opendir(LSDIR,$ulsdir)) {
-                   while ($ulsfn=readdir(LSDIR)) {
-                      my @ulsstats=stat($ulsdir.'/'.$ulsfn);
-                      $ulsout.=$ulsfn.'&'.
-                      join('&',@ulsstats).':';
-                   }
-                   closedir(LSDIR);
-                }
-             } else {
-                my @ulsstats=stat($ulsdir);
-                $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
-             }
-          } else {
-             $ulsout='no_such_dir';
-          }
-          if ($ulsout eq '') { $ulsout='empty'; }
-          Reply($client, "$ulsout\n", $userinput);
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- # ----------------------------------------------------------------- setannounce
-    } elsif ($userinput =~ /^setannounce/) {
-       if (isClient) {
-          my ($cmd,$announcement)=split(/:/,$userinput);
-          chomp($announcement);
-          $announcement=&unescape($announcement);
-          if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
-                                              '/announcement.txt')) {
-             print $store $announcement;
-             close $store;
-             Reply($client, "ok\n", $userinput);
-          } else {
-             Failure($client, "error: ".($!+0)."\n", $userinput);
-          }
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- # ------------------------------------------------------------------ Hanging up
-    } elsif (($userinput =~ /^exit/) ||
- 	         ($userinput =~ /^init/)) { # no restrictions.
-       &logthis("Client $clientip ($clientname) hanging up: $userinput");
-       Reply($client, "bye\n", $userinput);
-       $client->shutdown(2);        # shutdown the socket forcibly.
-       $client->close();
-       $KeepGoing = 0;		# Flag to exit the program.
- # ---------------------------------- set current host/domain
-    } elsif ($userinput =~ /^sethost:/) {
-       if (isClient) {
-          Reply($client, &sethost($userinput)."\n", $userinput);
-       } else {
-          Failure($client, "refused\n", $userinput);
-       }
- #---------------------------------- request file (?) version.
-     } elsif ($userinput =~/^version:/) {
- 	if (isClient) {
- 	    Reply($client, &version($userinput)."\n", $userinput);
- 	} else {
- 	    Reply( $client, "refused\n", $userinput);
- 	}
- # ------------------------------------------------------------- unknown command
-    } else {
- 	# unknown command
-       Failure($client, "unknown_cmd\n", $userinput);
-    }
-     return $KeepGoing;
+     return 1;
  }
+ &register_handler("version", \&get_version_handler, 0, 1, 0);
+ #  Set the current host and domain.  This is used to support
- #
+ #  multihomed systems.  Each IP of the system, or even separate daemons
- #   GetCertificate: Given a transaction that requires a certificate,
+ #  on the same IP can be treated as handling a separate lonCAPA virtual
- #   this function will extract the certificate from the transaction
+ #  machine.  This command selects the virtual lonCAPA.  The client always
- #   request.  Note that at this point, the only concept of a certificate
+ #  knows the right one since it is lonc and it is selecting the domain/system
- #   is the hostname to which we are connected.
+ #  from the hosts.tab file.
+ # Parameters:
+ #    $cmd      - Command that dispatched us.
+ #    $tail     - Tail of the command (domain/host requested).
+ #    $socket   - Socket open on the client.
  #
- #   Parameter:
+ # Returns:
- #      request   - The request sent by our client (this parameterization may
+ #     1   - Indicates the program should continue to process requests.
- #                  need to change when we really use a certificate granting
+ # Side-effects:
- #                  authority.
+ #     The default domain/system context is modified for this daemon.
+ #     a reply is sent to the client.
  #
- sub GetCertificate {
+ sub set_virtual_host_handler {
-     my $request = shift;
+     my ($cmd, $tail, $socket) = @_;
+     my $userinput  ="$cmd:$tail";
-     return $clientip;
+     &Reply($client, &sethost($userinput)."\n", $userinput);
- }
+     return 1;
+ }
+ &register_handler("sethost", \&set_virtual_host_handler, 0, 1, 0);
+ #  Process a request to exit:
+ #   - "bye" is sent to the client.
+ #   - The client socket is shutdown and closed.
+ #   - We indicate to the caller that we should exit.
+ # Formal Parameters:
+ #   $cmd                - The command that got us here.
+ #   $tail               - Tail of the command (empty).
+ #   $client             - Socket open on the tail.
+ # Returns:
+ #   0      - Indicating the program should exit!!
  #
- #   ReadManagerTable: Reads in the current manager table. For now this is
+ sub exit_handler {
- #                     done on each manager authentication because:
+     my ($cmd, $tail, $client) = @_;
- #                     - These authentications are not frequent
- #                     - This allows dynamic changes to the manager table
- #                       without the need to signal to the lond.
- #
- sub ReadManagerTable {
+     my $userinput = "$cmd:$tail";
-     #   Clean out the old table first..
+     &logthis("Client $clientip ($clientname) hanging up: $userinput");
+     &Reply($client, "bye\n", $userinput);
-    foreach my $key (keys %managers) {
+     $client->shutdown(2);        # shutdown the socket forcibly.
-       delete $managers{$key};
+     $client->close();
-    }
-    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+     return 0;
-    if (!open (MANAGERS, $tablename)) {
-       logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
-       return;
-    }
-    while(my $host = <MANAGERS>) {
-       chomp($host);
-       if ($host =~ "^#") {                  # Comment line.
-          logthis('<font color="green"> Skipping line: '. "$host</font>\n");
-          next;
-       }
-       if (!defined $hostip{$host}) { # This is a non cluster member
- 	    #  The entry is of the form:
- 	    #    cluname:hostname
- 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
- 	    #            the host key.
- 	    #  hostname- The dns name of the host.
- 	    #
-           my($cluname, $dnsname) = split(/:/, $host);
-           my $ip = gethostbyname($dnsname);
-           if(defined($ip)) {                 # bad names don't deserve entry.
-             my $hostip = inet_ntoa($ip);
-             $managers{$hostip} = $cluname;
-             logthis('<font color="green"> registering manager '.
-                     "$dnsname as $cluname with $hostip </font>\n");
-          }
-       } else {
-          logthis('<font color="green"> existing host'." $host</font>\n");
-          $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
-       }
-    }
  }
+ &register_handler("exit", \&exit_handler, 0,1,1);
+ &register_handler("init", \&exit_handler, 0,1,1);
+ &register_handler("quit", \&exit_handler, 0,1,1);
+ #  Determine if auto-enrollment is enabled.
+ #  Note that the original had what I believe to be a defect.
+ #  The original returned 0 if the requestor was not a registerd client.
+ #  It should return "refused".
+ # Formal Parameters:
+ #   $cmd       - The command that invoked us.
+ #   $tail      - The tail of the command (Extra command parameters.
+ #   $client    - The socket open on the client that issued the request.
+ # Returns:
+ #    1         - Indicating processing should continue.
  #
- #  ValidManager: Determines if a given certificate represents a valid manager.
+ sub enrollment_enabled_handler {
- #                in this primitive implementation, the 'certificate' is
+     my ($cmd, $tail, $client) = @_;
- #                just the connecting loncapa client name.  This is checked
+     my $userinput = $cmd.":".$tail; # For logging purposes.
- #                against a valid client list in the configuration.
- #
- #
- sub ValidManager {
-     my $certificate = shift;
-     return isManager;
+     my $cdom = split(/:/, $tail);   # Domain we're asking about.
+     my $outcome  = &localenroll::run($cdom);
+     &Reply($client, "$outcome\n", $userinput);
+     return 1;
  }
- #
+ &register_handler("autorun", \&enrollment_enabled_handler, 0, 1, 0);
- #  CopyFile:  Called as part of the process of installing a
- #             new configuration file.  This function copies an existing
- #             file to a backup file.
- # Parameters:
- #     oldfile  - Name of the file to backup.
- #     newfile  - Name of the backup file.
- # Return:
- #     0   - Failure (errno has failure reason).
- #     1   - Success.
- #
- sub CopyFile {
-     my $oldfile = shift;
-     my $newfile = shift;
-     #  The file must exist:
+ #   Get the official sections for which auto-enrollment is possible.
+ #   Since the admin people won't know about 'unofficial sections'
+ #   we cannot auto-enroll on them.
+ # Formal Parameters:
+ #    $cmd     - The command request that got us dispatched here.
+ #    $tail    - The remainder of the request.  In our case this
+ #               will be split into:
+ #               $coursecode   - The course name from the admin point of view.
+ #               $cdom         - The course's domain(?).
+ #    $client  - Socket open on the client.
+ # Returns:
+ #    1    - Indiciting processing should continue.
+ #
+ sub get_sections_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
-     if(-e $oldfile) {
+     my ($coursecode, $cdom) = split(/:/, $tail);
+     my @secs = &localenroll::get_sections($coursecode,$cdom);
+     my $seclist = &escape(join(':',@secs));
- 	 # Read the old file.
+     &Reply($client, "$seclist\n", $userinput);
- 	my $oldfh = IO::File->new("< $oldfile");
+     return 1;
- 	if(!$oldfh) {
+ }
- 	    return 0;
+ &register_handler("autogetsections", \&get_sections_handler, 0, 1, 0);
- 	}
- 	my @contents = <$oldfh>;  # Suck in the entire file.
- 	# write the backup file:
+ #   Validate the owner of a new course section.
+ #
+ # Formal Parameters:
+ #   $cmd      - Command that got us dispatched.
+ #   $tail     - the remainder of the command.  For us this consists of a
+ #               colon separated string containing:
+ #                  $inst    - Course Id from the institutions point of view.
+ #                  $owner   - Proposed owner of the course.
+ #                  $cdom    - Domain of the course (from the institutions
+ #                             point of view?)..
+ #   $client   - Socket open on the client.
+ #
+ # Returns:
+ #   1        - Processing should continue.
+ #
+ sub validate_course_owner_handler {
+     my ($cmd, $tail, $client)  = @_;
+     my $userinput = "$cmd:$tail";
+     my ($inst_course_id, $owner, $cdom) = split(/:/, $tail);
- 	my $newfh = IO::File->new("> $newfile");
+     my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
- 	if(!(defined $newfh)){
+     &Reply($client, "$outcome\n", $userinput);
- 	    return 0;
- 	}
- 	my $lines = scalar @contents;
- 	for (my $i =0; $i < $lines; $i++) {
- 	    print $newfh ($contents[$i]);
- 	}
- 	$oldfh->close;
- 	$newfh->close;
- 	chmod(0660, $newfile);
- 	return 1;
+     return 1;
-     } else {
- 	return 0;
-     }
  }
+ &register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);
  #
- #  Host files are passed out with externally visible host IPs.
+ #   Validate a course section in the official schedule of classes
- #  If, for example, we are behind a fire-wall or NAT host, our
+ #   from the institutions point of view (part of autoenrollment).
- #  internally visible IP may be different than the externally
- #  visible IP.  Therefore, we always adjust the contents of the
- #  host file so that the entry for ME is the IP that we believe
- #  we have.  At present, this is defined as the entry that
- #  DNS has for us.  If by some chance we are not able to get a
- #  DNS translation for us, then we assume that the host.tab file
- #  is correct.
- #    BUGBUGBUG - in the future, we really should see if we can
- #       easily query the interface(s) instead.
- # Parameter(s):
- #     contents    - The contents of the host.tab to check.
- # Returns:
- #     newcontents - The adjusted contents.
  #
+ # Formal Parameters:
+ #   $cmd          - The command request that got us dispatched.
+ #   $tail         - The tail of the command.  In this case,
+ #                   this is a colon separated set of words that will be split
+ #                   into:
+ #                        $inst_course_id - The course/section id from the
+ #                                          institutions point of view.
+ #                        $cdom           - The domain from the institutions
+ #                                          point of view.
+ #   $client       - Socket open on the client.
+ # Returns:
+ #    1           - Indicating processing should continue.
  #
- sub AdjustHostContents {
+ sub validate_course_section_handler {
-     my $contents  = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $adjusted;
+     my $userinput = "$cmd:$tail";
-     my $me        = $perlvar{'lonHostID'};
+     my ($inst_course_id, $cdom) = split(/:/, $tail);
-  foreach my $line (split(/\n/,$contents)) {
+     my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
- 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+     &Reply($client, "$outcome\n", $userinput);
- 	    chomp($line);
- 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
- 	    if ($id eq $me) {
+     return 1;
-           my $ip = gethostbyname($name);
-           my $ipnew = inet_ntoa($ip);
-          $ip = $ipnew;
- 		#  Reconstruct the host line and append to adjusted:
- 		   my $newline = "$id:$domain:$role:$name:$ip";
- 		   if($maxcon ne "") { # Not all hosts have loncnew tuning params
- 		     $newline .= ":$maxcon:$idleto:$mincon";
- 		   }
- 		   $adjusted .= $newline."\n";
-       } else {		# Not me, pass unmodified.
- 		   $adjusted .= $line."\n";
-       }
- 	} else {                  # Blank or comment never re-written.
- 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
- 	}
-  }
-  return $adjusted;
  }
+ &register_handler("autovalidatecourse", \&validate_course_section_handler, 0, 1, 0);
  #
- #   InstallFile: Called to install an administrative file:
+ #   Create a password for a new auto-enrollment user.
- #       - The file is created with <name>.tmp
+ #   I think/guess, this password allows access to the institutions
- #       - The <name>.tmp file is then mv'd to <name>
+ #   AIS class list server/services.  Stuart can correct this comment
- #   This lugubrious procedure is done to ensure that we are never without
+ #   when he finds out how wrong I am.
- #   a valid, even if dated, version of the file regardless of who crashes
- #   and when the crash occurs.
  #
- #  Parameters:
+ # Formal Parameters:
- #       Name of the file
+ #    $cmd     - The command request that got us dispatched.
- #       File Contents.
+ #    $tail    - The tail of the command.   In this case this is a colon separated
- #  Return:
+ #               set of words that will be split into:
- #      nonzero - success.
+ #               $authparam - An authentication parameter (username??).
- #      0       - failure and $! has an errno.
+ #               $cdom      - The domain of the course from the institution's
+ #                            point of view.
+ #    $client  - The socket open on the client.
+ # Returns:
+ #    1 - continue processing.
  #
- sub InstallFile {
+ sub create_auto_enroll_password_handler {
-     my $Filename = shift;
+     my ($cmd, $tail, $client) = @_;
-     my $Contents = shift;
+     my $userinput = "$cmd:$tail";
-     my $TempFile = $Filename.".tmp";
-     #  Open the file for write:
+     my ($authparam, $cdom) = split(/:/, $userinput);
-     my $fh = IO::File->new("> $TempFile"); # Write to temp.
+     my ($create_passwd,$authchk);
-     if(!(defined $fh)) {
+     ($authparam,
- 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
+      $create_passwd,
- 	return 0;
+      $authchk) = &localenroll::create_password($authparam,$cdom);
-     }
-     #  write the contents of the file:
-     print $fh ($Contents);
-     $fh->close;			# In case we ever have a filesystem w. locking
-     chmod(0660, $TempFile);
+     &Reply($client, &escape($authparam.':'.$create_passwd.':'.$authchk)."\n",
+ 	   $userinput);
-     # Now we can move install the file in position.
-     move($TempFile, $Filename);
      return 1;
  }
+ &register_handler("autocreatepassword", \&create_auto_enroll_password_handler,
+, 1, 0);
+ #   Retrieve and remove temporary files created by/during autoenrollment.
  #
- #   ConfigFileFromSelector: converts a configuration file selector
+ # Formal Parameters:
- #                 (one of host or domain at this point) into a
+ #    $cmd      - The command that got us dispatched.
- #                 configuration file pathname.
+ #    $tail     - The tail of the command.  In our case this is a colon
- #
+ #                separated list that will be split into:
- #  Parameters:
+ #                $filename - The name of the file to remove.
- #      selector  - Configuration file selector.
+ #                            The filename is given as a path relative to
- #  Returns:
+ #                            the LonCAPA temp file directory.
- #      Full path to the file or undef if the selector is invalid.
+ #    $client   - Socket open on the client.
  #
- sub ConfigFileFromSelector {
+ # Returns:
-     my $selector   = shift;
+ #   1     - Continue processing.
-     my $tablefile;
+ sub retrieve_auto_file_handler {
+     my ($cmd, $tail, $client)    = @_;
+     my $userinput                = "cmd:$tail";
+     my ($filename)   = split(/:/, $tail);
+     my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
+     if ( (-e $source) && ($filename ne '') ) {
+ 	my $reply = '';
+ 	if (open(my $fh,$source)) {
+ 	    while (<$fh>) {
+ 		chomp($_);
+ 		$_ =~ s/^\s+//g;
+ 		$_ =~ s/\s+$//g;
+ 		$reply .= $_;
+ 	    }
+ 	    close($fh);
+ 	    &Reply($client, &escape($reply)."\n", $userinput);
-     my $tabledir = $perlvar{'lonTabDir'}.'/';
+ #   Does this have to be uncommented??!?  (RF).
-     if ($selector eq "hosts") {
+ #
- 	$tablefile = $tabledir."hosts.tab";
+ #                                unlink($source);
-     } elsif ($selector eq "domain") {
+ 	} else {
- 	$tablefile = $tabledir."domain.tab";
+ 	    &Failure($client, "error\n", $userinput);
+ 	}
      } else {
- 	return undef;
+ 	&Failure($client, "error\n", $userinput);
      }
-     return $tablefile;
+     return 1;
  }
+ &register_handler("autoretrieve", \&retrieve_auto_file_handler, 0,1,0);
  #
- #   PushFile:  Called to do an administrative push of a file.
+ #   Read and retrieve institutional code format (for support form).
- #              - Ensure the file being pushed is one we support.
+ # Formal Parameters:
- #              - Backup the old file to <filename.saved>
+ #    $cmd        - Command that dispatched us.
- #              - Separate the contents of the new file out from the
+ #    $tail       - Tail of the command.  In this case it conatins
- #                rest of the request.
+ #                  the course domain and the coursename.
- #              - Write the new file.
+ #    $client     - Socket open on the client.
- #  Parameter:
+ # Returns:
- #     Request - The entire user request.  This consists of a : separated
+ #    1     - Continue processing.
- #               string pushfile:tablename:contents.
- #     NOTE:  The contents may have :'s in it as well making things a bit
- #            more interesting... but not much.
- #  Returns:
- #     String to send to client ("ok" or "refused" if bad file).
  #
- sub PushFile {
+ sub get_institutional_code_format_handler {
-     my $request = shift;
+     my ($cmd, $tail, $client)   = @_;
-     my ($command, $filename, $contents) = split(":", $request, 3);
+     my $userinput               = "$cmd:$tail";
-     #  At this point in time, pushes for only the following tables are
+     my $reply;
-     #  supported:
+     my($cdom,$course) = split(/:/,$tail);
-     #   hosts.tab  ($filename eq host).
+     my @pairs = split/\&/,$course;
-     #   domain.tab ($filename eq domain).
+     my %instcodes = ();
-     # Construct the destination filename or reject the request.
+     my %codes = ();
-     #
+     my @codetitles = ();
-     # lonManage is supposed to ensure this, however this session could be
+     my %cat_titles = ();
-     # part of some elaborate spoof that managed somehow to authenticate.
+     my %cat_order = ();
-     #
+     foreach (@pairs) {
+ 	my ($key,$value) = split/=/,$_;
+ 	$instcodes{&unescape($key)} = &unescape($value);
-     my $tablefile = ConfigFileFromSelector($filename);
+     }
-     if(! (defined $tablefile)) {
+     my $formatreply = &localenroll::instcode_format($cdom,
- 	return "refused";
+ 						    \%instcodes,
-     }
+ 						    \%codes,
-     #
+ 						    \@codetitles,
-     # >copy< the old table to the backup table
+ 						    \%cat_titles,
-     #        don't rename in case system crashes/reboots etc. in the time
+ 						    \%cat_order);
-     #        window between a rename and write.
+     if ($formatreply eq 'ok') {
-     #
+ 	my $codes_str = &hash2str(%codes);
-     my $backupfile = $tablefile;
+ 	my $codetitles_str = &array2str(@codetitles);
-     $backupfile    =~ s/\.tab$/.old/;
+ 	my $cat_titles_str = &hash2str(%cat_titles);
-     if(!CopyFile($tablefile, $backupfile)) {
+ 	my $cat_order_str = &hash2str(%cat_order);
- 	&logthis('<font color="green"> CopyFile from '.$tablefile." to ".$backupfile." failed </font>");
+ 	&Reply($client,
- 	return "error:$!";
+ 	       $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'
+ 	       .$cat_order_str."\n",
+ 	       $userinput);
+     } else {
+ 	# this else branch added by RF since if not ok, lonc will
+ 	# hang waiting on reply until timeout.
+ 	#
+ 	&Reply($client, "format_error\n", $userinput);
      }
-     &logthis('<font color="green"> Pushfile: backed up '
- 	    .$tablefile." to $backupfile</font>");
-     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+     return 1;
-     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+ }
-     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a
+ &register_handler("autoinstcodeformat",
-     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+ 		  \&get_institutional_code_format_handler,0,1,0);
-     #  that possibilty.
-     if($filename eq "host") {
+ #
- 	$contents = AdjustHostContents($contents);
+ # Gets a student's photo to exist (in the correct image type) in the user's
+ # directory.
+ # Formal Parameters:
+ #    $cmd     - The command request that got us dispatched.
+ #    $tail    - A colon separated set of words that will be split into:
+ #               $domain - student's domain
+ #               $uname  - student username
+ #               $type   - image type desired
+ #    $client  - The socket open on the client.
+ # Returns:
+ #    1 - continue processing.
+ sub student_photo_handler {
+     my ($cmd, $tail, $client) = @_;
+     my ($domain,$uname,$type) = split(/:/, $tail);
+     my $path=&propath($domain,$uname).
+ 	'/userfiles/internal/studentphoto.'.$type;
+     if (-e $path) {
+ 	&Reply($client,"ok\n","$cmd:$tail");
+ 	return 1;
      }
+     &mkpath($path);
-     #  Install the new file:
+     my $file=&localstudentphoto::fetch($domain,$uname);
+     if (!$file) {
-     if(!InstallFile($tablefile, $contents)) {
+ 	&Failure($client,"unavailable\n","$cmd:$tail");
- 	&logthis('<font color="red"> Pushfile: unable to install '
+ 	return 1;
- 	 .$tablefile." $! </font>");
- 	return "error:$!";
      }
-     else {
+     if (!-e $path) { &convert_photo($file,$path); }
- 	&logthis('<font color="green"> Installed new '.$tablefile
+     if (-e $path) {
- 		 ."</font>");
+ 	&Reply($client,"ok\n","$cmd:$tail");
+ 	return 1;
      }
+     &Failure($client,"unable_to_convert\n","$cmd:$tail");
+     return 1;
+ }
+ &register_handler("studentphoto", \&student_photo_handler, 0, 1, 0);
+ # mkpath makes all directories for a file, expects an absolute path with a
-     #  Indicate success:
+ # file or a trailing / if just a dir is passed
+ # returns 1 on success 0 on failure
-     return "ok";
+ sub mkpath {
+     my ($file)=@_;
+     my @parts=split(/\//,$file,-1);
+     my $now=$parts[0].'/'.$parts[1].'/'.$parts[2];
+     for (my $i=3;$i<= ($#parts-1);$i++) {
+ 	$now.='/'.$parts[$i];
+ 	if (!-e $now) {
+ 	    if  (!mkdir($now,0770)) { return 0; }
+ 	}
+     }
+     return 1;
  }
+ #---------------------------------------------------------------
  #
- #  Called to re-init either lonc or lond.
+ #   Getting, decoding and dispatching requests:
  #
- #  Parameters:
- #    request   - The full request by the client.  This is of the form
- #                reinit:<process>
- #                where <process> is allowed to be either of
- #                lonc or lond
- #
- #  Returns:
- #     The string to be sent back to the client either:
- #   ok         - Everything worked just fine.
- #   error:why  - There was a failure and why describes the reason.
  #
+ #   Get a Request:
+ #   Gets a Request message from the client.  The transaction
+ #   is defined as a 'line' of text.  We remove the new line
+ #   from the text line.
  #
- sub ReinitProcess {
+ sub get_request {
-     my $request = shift;
+     my $input = <$client>;
+     chomp($input);
+     &Debug("get_request: Request = $input\n");
-     # separate the request (reinit) from the process identifier and
+     &status('Processing '.$clientname.':'.$input);
-     # validate it producing the name of the .pid file for the process.
-     #
+     return $input;
-     #
-     my ($junk, $process) = split(":", $request);
-     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
-     if($process eq 'lonc') {
- 	$processpidfile = $processpidfile."lonc.pid";
- 	if (!open(PIDFILE, "< $processpidfile")) {
- 	    return "error:Open failed for $processpidfile";
- 	}
- 	my $loncpid = <PIDFILE>;
- 	close(PIDFILE);
- 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
- 		."</font>");
- 	kill("USR2", $loncpid);
-     } elsif ($process eq 'lond') {
- 	logthis('<font color="red"> Reinitializing self (lond) </font>');
- 	&UpdateHosts;			# Lond is us!!
-     } else {
- 	&logthis('<font color="yellow" Invalid reinit request for '.$process
- 		 ."</font>");
- 	return "error:Invalid process identifier $process";
-     }
-     return 'ok';
  }
- #   Validate a line in a configuration file edit script:
+ #---------------------------------------------------------------
- #   Validation includes:
- #     - Ensuring the command is valid.
- #     - Ensuring the command has sufficient parameters
- #   Parameters:
- #     scriptline - A line to validate (\n has been stripped for what it's worth).
  #
- #   Return:
+ #  Process a request.  This sub should shrink as each action
- #      0     - Invalid scriptline.
+ #  gets farmed out into a separat sub that is registered
- #      1     - Valid scriptline
+ #  with the dispatch hash.
- #  NOTE:
- #     Only the command syntax is checked, not the executability of the
- #     command.
  #
- sub isValidEditCommand {
+ # Parameters:
-     my $scriptline = shift;
+ #    user_input   - The request received from the client (lonc).
+ # Returns:
-     #   Line elements are pipe separated:
+ #    true to keep processing, false if caller should exit.
+ #
-     my ($command, $key, $newline)  = split(/\|/, $scriptline);
+ sub process_request {
-     &logthis('<font color="green"> isValideditCommand checking: '.
+     my ($userinput) = @_;      # Easier for now to break style than to
- 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
+                                 # fix all the userinput -> user_input.
+     my $wasenc    = 0;		# True if request was encrypted.
+ # ------------------------------------------------------------ See if encrypted
+     if ($userinput =~ /^enc/) {
+ 	$userinput = decipher($userinput);
+ 	$wasenc=1;
+ 	if(!$userinput) {	# Cipher not defined.
+ 	    &Failure($client, "error: Encrypted data without negotated key\n");
+ 	    return 0;
+ 	}
+     }
+     Debug("process_request: $userinput\n");
-     if ($command eq "delete") {
+     #
- 	#
+     #   The 'correct way' to add a command to lond is now to
- 	#   key with no newline.
+     #   write a sub to execute it and Add it to the command dispatch
- 	#
+     #   hash via a call to register_handler..  The comments to that
- 	if( ($key eq "") || ($newline ne "")) {
+     #   sub should give you enough to go on to show how to do this
- 	    return 0;		# Must have key but no newline.
+     #   along with the examples that are building up as this code
- 	} else {
+     #   is getting refactored.   Until all branches of the
- 	    return 1;		# Valid syntax.
+     #   if/elseif monster below have been factored out into
+     #   separate procesor subs, if the dispatch hash is missing
+     #   the command keyword, we will fall through to the remainder
+     #   of the if/else chain below in order to keep this thing in
+     #   working order throughout the transmogrification.
+     my ($command, $tail) = split(/:/, $userinput, 2);
+     chomp($command);
+     chomp($tail);
+     $tail =~ s/(\r)//;		# This helps people debugging with e.g. telnet.
+     $command =~ s/(\r)//;	# And this too for parameterless commands.
+     if(!$tail) {
+ 	$tail ="";		# defined but blank.
+     }
+     &Debug("Command received: $command, encoded = $wasenc");
+     if(defined $Dispatcher{$command}) {
+ 	my $dispatch_info = $Dispatcher{$command};
+ 	my $handler       = $$dispatch_info[0];
+ 	my $need_encode   = $$dispatch_info[1];
+ 	my $client_types  = $$dispatch_info[2];
+ 	Debug("Matched dispatch hash: mustencode: $need_encode "
+ 	      ."ClientType $client_types");
+ 	#  Validate the request:
+ 	my $ok = 1;
+ 	my $requesterprivs = 0;
+ 	if(&isClient()) {
+ 	    $requesterprivs |= $CLIENT_OK;
  	}
-     } elsif ($command eq "replace") {
+ 	if(&isManager()) {
- 	#
+ 	    $requesterprivs |= $MANAGER_OK;
- 	#   key and newline:
- 	#
- 	if (($key eq "") || ($newline eq "")) {
- 	    return 0;
- 	} else {
- 	    return 1;
  	}
-     } elsif ($command eq "append") {
+ 	if($need_encode && (!$wasenc)) {
- 	if (($key ne "") && ($newline eq "")) {
+ 	    Debug("Must encode but wasn't: $need_encode $wasenc");
- 	    return 1;
+ 	    $ok = 0;
- 	} else {
+ 	}
- 	    return 0;
+ 	if(($client_types & $requesterprivs) == 0) {
+ 	    Debug("Client not privileged to do this operation");
+ 	    $ok = 0;
  	}
-     } else {
- 	return 0;		# Invalid command.
-     }
-     return 0;			# Should not get here!!!
- }
- #
- #   ApplyEdit - Applies an edit command to a line in a configuration
- #               file.  It is the caller's responsiblity to validate the
- #               edit line.
- #   Parameters:
- #      $directive - A single edit directive to apply.
- #                   Edit directives are of the form:
- #                  append|newline      - Appends a new line to the file.
- #                  replace|key|newline - Replaces the line with key value 'key'
- #                  delete|key          - Deletes the line with key value 'key'.
- #      $editor   - A config file editor object that contains the
- #                  file being edited.
- #
- sub ApplyEdit {
-     my $directive   = shift;
-     my $editor      = shift;
-     # Break the directive down into its command and its parameters
+ 	if($ok) {
-     # (at most two at this point.  The meaning of the parameters, if in fact
+ 	    Debug("Dispatching to handler $command $tail");
-     #  they exist depends on the command).
+ 	    my $keep_going = &$handler($command, $tail, $client);
+ 	    return $keep_going;
+ 	} else {
+ 	    Debug("Refusing to dispatch because client did not match requirements");
+ 	    Failure($client, "refused\n", $userinput);
+ 	    return 1;
+ 	}
-     my ($command, $p1, $p2) = split(/\|/, $directive);
+     }
-     if($command eq "append") {
+     print $client "unknown_cmd\n";
- 	$editor->Append($p1);	          # p1 - key p2 null.
+ # -------------------------------------------------------------------- complete
-     } elsif ($command eq "replace") {
+     Debug("process_request - returning 1");
- 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
+     return 1;
-     } elsif ($command eq "delete") {
- 	$editor->DeleteLine($p1);         # p1 - key p2 null.
-     } else {			          # Should not get here!!!
- 	die "Invalid command given to ApplyEdit $command"
-     }
  }
  #
- # AdjustOurHost:
+ #   Decipher encoded traffic
- #           Adjusts a host file stored in a configuration file editor object
+ #  Parameters:
- #           for the true IP address of this host. This is necessary for hosts
+ #     input      - Encoded data.
- #           that live behind a firewall.
+ #  Returns:
- #           Those hosts have a publicly distributed IP of the firewall, but
+ #     Decoded data or undef if encryption key was not yet negotiated.
- #           internally must use their actual IP.  We assume that a given
+ #  Implicit input:
- #           host only has a single IP interface for now.
+ #     cipher  - This global holds the negotiated encryption key.
- # Formal Parameters:
+ #
- #     editor   - The configuration file editor to adjust.  This
+ sub decipher {
- #                editor is assumed to contain a hosts.tab file.
+     my ($input)  = @_;
- # Strategy:
+     my $output = '';
- #    - Figure out our hostname.
- #    - Lookup the entry for this host.
- #    - Modify the line to contain our IP
- #    - Do a replace for this host.
- sub AdjustOurHost {
-     my $editor        = shift;
-     # figure out who I am.
-     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
-     #  Get my host file entry.
-     my $ConfigLine    = $editor->Find($myHostName);
-     if(! (defined $ConfigLine)) {
- 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
-     }
-     # figure out my IP:
-     #   Use the config line to get my hostname.
-     #   Use gethostbyname to translate that into an IP address.
-     #
-     my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
-     my $BinaryIp = gethostbyname($name);
-     my $ip       = inet_ntoa($ip);
-     #
-     #  Reassemble the config line from the elements in the list.
-     #  Note that if the loncnew items were not present before, they will
-     #  be now even if they would be empty
-     #
-     my $newConfigLine = $id;
-     foreach my $item ($domain, $role, $name, $ip, $maxcon, $idleto, $mincon) {
- 	$newConfigLine .= ":".$item;
-     }
-     #  Replace the line:
-     $editor->ReplaceLine($id, $newConfigLine);
+     if($cipher) {
+ 	my($enc, $enclength, $encinput) = split(/:/, $input);
+ 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
+ 	    $output .=
+ 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
+ 	}
+ 	return substr($output, 0, $enclength);
+     } else {
+ 	return undef;
+     }
  }
- #
- #   ReplaceConfigFile:
- #              Replaces a configuration file with the contents of a
- #              configuration file editor object.
- #              This is done by:
- #              - Copying the target file to <filename>.old
- #              - Writing the new file to <filename>.tmp
- #              - Moving <filename.tmp>  -> <filename>
- #              This laborious process ensures that the system is never without
- #              a configuration file that's at least valid (even if the contents
- #              may be dated).
- #   Parameters:
- #        filename   - Name of the file to modify... this is a full path.
- #        editor     - Editor containing the file.
- #
- sub ReplaceConfigFile {
-     my $filename  = shift;
-     my $editor    = shift;
-     CopyFile ($filename, $filename.".old");
-     my $contents  = $editor->Get(); # Get the contents of the file.
-     InstallFile($filename, $contents);
- }
- #
  #
- #   Called to edit a configuration table  file
+ #   Register a command processor.  This function is invoked to register a sub
+ #   to process a request.  Once registered, the ProcessRequest sub can automatically
+ #   dispatch requests to an appropriate sub, and do the top level validity checking
+ #   as well:
+ #    - Is the keyword recognized.
+ #    - Is the proper client type attempting the request.
+ #    - Is the request encrypted if it has to be.
  #   Parameters:
- #      request           - The entire command/request sent by lonc or lonManage
+ #    $request_name         - Name of the request being registered.
- #   Return:
+ #                           This is the command request that will match
- #      The reply to send to the client.
+ #                           against the hash keywords to lookup the information
+ #                           associated with the dispatch information.
+ #    $procedure           - Reference to a sub to call to process the request.
+ #                           All subs get called as follows:
+ #                             Procedure($cmd, $tail, $replyfd, $key)
+ #                             $cmd    - the actual keyword that invoked us.
+ #                             $tail   - the tail of the request that invoked us.
+ #                             $replyfd- File descriptor connected to the client
+ #    $must_encode          - True if the request must be encoded to be good.
+ #    $client_ok            - True if it's ok for a client to request this.
+ #    $manager_ok           - True if it's ok for a manager to request this.
+ # Side effects:
+ #      - On success, the Dispatcher hash has an entry added for the key $RequestName
+ #      - On failure, the program will die as it's a bad internal bug to try to
+ #        register a duplicate command handler.
  #
- sub EditFile {
+ sub register_handler {
-     my $request = shift;
+     my ($request_name,$procedure,$must_encode,	$client_ok,$manager_ok)   = @_;
-     #  Split the command into it's pieces:  edit:filetype:script
+     #  Don't allow duplication#
-     my ($request, $filetype, $script) = split(/:/, $request,3);	# : in script
+     if (defined $Dispatcher{$request_name}) {
+ 	die "Attempting to define a duplicate request handler for $request_name\n";
-     #  Check the pre-coditions for success:
-     if($request != "edit") {	# Something is amiss afoot alack.
- 	return "error:edit request detected, but request != 'edit'\n";
      }
-     if( ($filetype ne "hosts")  &&
+     #   Build the client type mask:
- 	($filetype ne "domain")) {
- 	return "error:edit requested with invalid file specifier: $filetype \n";
+     my $client_type_mask = 0;
+     if($client_ok) {
+ 	$client_type_mask  |= $CLIENT_OK;
+     }
+     if($manager_ok) {
+ 	$client_type_mask  |= $MANAGER_OK;
      }
+     #  Enter the hash:
+     my @entry = ($procedure, $must_encode, $client_type_mask);
+     $Dispatcher{$request_name} = \@entry;
+ }
-     #   Split the edit script and check it's validity.
-     my @scriptlines = split(/\n/, $script);  # one line per element.
+ #------------------------------------------------------------------
-     my $linecount   = scalar(@scriptlines);
-     for(my $i = 0; $i < $linecount; $i++) {
- 	chomp($scriptlines[$i]);
- 	if(!isValidEditCommand($scriptlines[$i])) {
- 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
- 	}
-     }
-     #   Execute the edit operation.
-     #   - Create a config file editor for the appropriate file and
-     #   - execute each command in the script:
-     #
-     my $configfile = ConfigFileFromSelector($filetype);
-     if (!(defined $configfile)) {
- 	return "refused\n";
-     }
-     my $editor = ConfigFileEdit->new($configfile);
-     for (my $i = 0; $i < $linecount; $i++) {
- 	ApplyEdit($scriptlines[$i], $editor);
-     }
-     # If the file is the host file, ensure that our host is
-     # adjusted to have our ip:
-     #
-     if($filetype eq "host") {
- 	AdjustOurHost($editor);
-     }
-     #  Finally replace the current file with our file.
-     #
-     ReplaceConfigFile($configfile, $editor);
-     return "ok\n";
- }
  #
  #  Convert an error return code from lcpasswd to a string value.
  #
- Line 3264  sub catchexception {
+ Line 4107  sub catchexception {
      $SIG{'QUIT'}='DEFAULT';
      $SIG{__DIE__}='DEFAULT';
      &status("Catching exception");
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
       ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
       ."a crash with this error msg->[$error]</font>");
      &logthis('Famous last words: '.$status.' - '.$lastlog);
- Line 3272  sub catchexception {
+ Line 4115  sub catchexception {
      $server->close();
      die($error);
  }
  sub timeout {
      &status("Handling Timeout");
-     &logthis("<font color=ref>CRITICAL: TIME OUT ".$$."</font>");
+     &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
      &catchexception('Timeout');
  }
  # -------------------------------- Set signal handlers to record abnormal exits
  $SIG{'QUIT'}=\&catchexception;
  $SIG{__DIE__}=\&catchexception;
- Line 3327  $server = IO::Socket::INET->new(LocalPor
+ Line 4170  $server = IO::Socket::INET->new(LocalPor
  # global variables
  my %children               = ();       # keys are current child process IDs
- my $children               = 0;        # current number of children
  sub REAPER {                        # takes care of dead children
      $SIG{CHLD} = \&REAPER;
      &status("Handling child death");
-     my $pid = wait;
+     my $pid;
-     if (defined($children{$pid})) {
+     do {
- 	&logthis("Child $pid died");
+ 	$pid = waitpid(-1,&WNOHANG());
- 	$children --;
+ 	if (defined($children{$pid})) {
- 	delete $children{$pid};
+ 	    &logthis("Child $pid died");
-     } else {
+ 	    delete($children{$pid});
- 	&logthis("Unknown Child $pid died");
+ 	} elsif ($pid > 0) {
+ 	    &logthis("Unknown Child $pid died");
+ 	}
+     } while ( $pid > 0 );
+     foreach my $child (keys(%children)) {
+ 	$pid = waitpid($child,&WNOHANG());
+ 	if ($pid > 0) {
+ 	    &logthis("Child $child - $pid looks like we missed it's death");
+ 	    delete($children{$pid});
+ 	}
      }
      &status("Finished Handling child death");
  }
- Line 3350  sub HUNTSMAN {                      # si
+ Line 4201  sub HUNTSMAN {                      # si
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
-     &logthis("<font color=red>CRITICAL: Shutting down</font>");
+     &logthis("<font color='red'>CRITICAL: Shutting down</font>");
      &status("Done killing children");
      exit;                           # clean up with dignity
  }
- Line 3360  sub HUPSMAN {                      # sig
+ Line 4211  sub HUPSMAN {                      # sig
      &status("Killing children for restart (HUP)");
      kill 'INT' => keys %children;
      &logthis("Free socket: ".shutdown($server,2)); # free up socket
-     &logthis("<font color=red>CRITICAL: Restarting</font>");
+     &logthis("<font color='red'>CRITICAL: Restarting</font>");
      my $execdir=$perlvar{'lonDaemons'};
      unlink("$execdir/logs/lond.pid");
      &status("Restarting self (HUP)");
- Line 3370  sub HUPSMAN {                      # sig
+ Line 4221  sub HUPSMAN {                      # sig
  #
  #    Kill off hashes that describe the host table prior to re-reading it.
  #    Hashes affected are:
- #       %hostid, %hostdom %hostip
+ #       %hostid, %hostdom %hostip %hostdns.
  #
  sub KillHostHashes {
      foreach my $key (keys %hostid) {
- Line 3382  sub KillHostHashes {
+ Line 4233  sub KillHostHashes {
      foreach my $key (keys %hostip) {
  	delete $hostip{$key};
      }
+     foreach my $key (keys %hostdns) {
+ 	delete $hostdns{$key};
+     }
  }
  #
  #   Read in the host table from file and distribute it into the various hashes:
- Line 3392  sub KillHostHashes {
+ Line 4246  sub KillHostHashes {
  sub ReadHostTable {
      open (CONFIG,"$perlvar{'lonTabDir'}/hosts.tab") || die "Can't read host file";
+     my $myloncapaname = $perlvar{'lonHostID'};
+     Debug("My loncapa name is : $myloncapaname");
      while (my $configline=<CONFIG>) {
- 	my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
+ 	if (!($configline =~ /^\s*\#/)) {
- 	chomp($ip); $ip=~s/\D+$//;
+ 	    my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
- 	$hostid{$ip}=$id;
+ 	    chomp($ip); $ip=~s/\D+$//;
- 	$hostdom{$id}=$domain;
+ 	    $hostid{$ip}=$id;         # LonCAPA name of host by IP.
- 	$hostip{$id}=$ip;
+ 	    $hostdom{$id}=$domain;    # LonCAPA domain name of host.
- 	if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; }
+ 	    $hostip{$id}=$ip;	      # IP address of host.
+ 	    $hostdns{$name} = $id;    # LonCAPA name of host by DNS.
+ 	    if ($id eq $perlvar{'lonHostID'}) {
+ 		Debug("Found me in the host table: $name");
+ 		$thisserver=$name;
+ 	    }
+ 	}
      }
      close(CONFIG);
  }
- Line 3461  sub checkchildren {
+ Line 4323  sub checkchildren {
      &logthis('Going to check on the children');
      my $docdir=$perlvar{'lonDocRoot'};
      foreach (sort keys %children) {
- 	sleep 1;
+ 	#sleep 1;
          unless (kill 'USR1' => $_) {
  	    &logthis ('Child '.$_.' is dead');
              &logstatus($$.' is dead');
+ 	    delete($children{$_});
          }
      }
      sleep 5;
-     $SIG{ALRM} = sub { die "timeout" };
+     $SIG{ALRM} = sub { Debug("timeout");
+ 		       die "timeout";  };
      $SIG{__DIE__} = 'DEFAULT';
      &status("Checking on the children (waiting for reports)");
      foreach (sort keys %children) {
- Line 3482  sub checkchildren {
+ Line 4346  sub checkchildren {
  	    #my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
  	    #$execdir=$perlvar{'lonDaemons'};
  	    #$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
+ 	    delete($children{$_});
  	    alarm(0);
  	  }
          }
- Line 3489  sub checkchildren {
+ Line 4354  sub checkchildren {
      $SIG{ALRM} = 'DEFAULT';
      $SIG{__DIE__} = \&catchexception;
      &status("Finished checking children");
+     &logthis('Finished Checking children');
  }
  # --------------------------------------------------------------------- Logging
- Line 3519  sub Debug {
+ Line 4385  sub Debug {
  #     reply   - Text to send to client.
  #     request - Original request from client.
  #
- #  Note: This increments Transactions
- #
  sub Reply {
-     alarm(120);
+     my ($fd, $reply, $request) = @_;
-     my $fd      = shift;
-     my $reply   = shift;
-     my $request = shift;
      print $fd $reply;
      Debug("Request was $request  Reply was $reply");
      $Transactions++;
-     alarm(0);
  }
  #
  #    Sub to report a failure.
  #    This function:
- Line 3551  sub Reply {
+ Line 4412  sub Reply {
  #    client:
  #
  sub Failure {
-    my $fd      = shift;
+     my $fd      = shift;
-    my $reply   = shift;
+     my $reply   = shift;
-    my $request = shift;
+     my $request = shift;
-    $Failures++;
+     $Failures++;
-    Reply($fd, $reply, $request);      # That's simple eh?
+     Reply($fd, $reply, $request);      # That's simple eh?
  }
  # ------------------------------------------------------------------ Log status
  sub logstatus {
-    &status("Doing logging");
+     &status("Doing logging");
-    my $docdir=$perlvar{'lonDocRoot'};
+     my $docdir=$perlvar{'lonDocRoot'};
-    {
+     {
-       my $fh=IO::File->new(">>$docdir/lon-status/londstatus.txt");
+ 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
-       print $fh $$."\t".$currenthostid."\t".$status."\t".$lastlog."\n";
+         print $fh $status."\n".$lastlog."\n".time."\n$keymode";
-       $fh->close();
+         $fh->close();
-    }
+     }
-    &status("Finished londstatus.txt");
+     &status("Finished $$.txt");
-    {
+     {
-       my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
+ 	open(LOG,">>$docdir/lon-status/londstatus.txt");
-       print $fh $status."\n".$lastlog."\n".time;
+ 	flock(LOG,LOCK_EX);
-       $fh->close();
+ 	print LOG $$."\t".$clientname."\t".$currenthostid."\t"
-    }
+ 	    .$status."\t".$lastlog."\t $keymode\n";
-    ResetStatistics;
+ 	flock(DB,LOCK_UN);
-    &status("Finished logging");
+ 	close(LOG);
+     }
+     &status("Finished logging");
  }
  sub initnewstatus {
- Line 3598  sub status {
+ Line 4460  sub status {
      my $what=shift;
      my $now=time;
      my $local=localtime($now);
-     my $status = "lond: $what $local ";
+     $status=$local.': '.$what;
-     if($Transactions) {
+     $0='lond: '.$what.' '.$local;
-        $status .= " Transactions: $Transactions Failed; $Failures";
-     }
-     $0=$status;
  }
  # -------------------------------------------------------- Escape Special Chars
- Line 3635  sub reconlonc {
+ Line 4494  sub reconlonc {
              kill USR1 => $loncpid;
          } else {
  	    &logthis(
-               "<font color=red>CRITICAL: "
+               "<font color='red'>CRITICAL: "
               ."lonc at pid $loncpid not responding, giving up</font>");
          }
      } else {
-       &logthis('<font color=red>CRITICAL: lonc not running, giving up</font>');
+       &logthis('<font color="red">CRITICAL: lonc not running, giving up</font>');
      }
  }
- Line 3680  sub reply {
+ Line 4539  sub reply {
  # -------------------------------------------------------------- Talk to lonsql
- sub sqlreply {
+ sub sql_reply {
      my ($cmd)=@_;
-     my $answer=subsqlreply($cmd);
+     my $answer=&sub_sql_reply($cmd);
-     if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
+     if ($answer eq 'con_lost') { $answer=&sub_sql_reply($cmd); }
      return $answer;
  }
- sub subsqlreply {
+ sub sub_sql_reply {
      my ($cmd)=@_;
      my $unixsock="mysqlsock";
      my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
- Line 3743  my $execdir=$perlvar{'lonDaemons'};
+ Line 4602  my $execdir=$perlvar{'lonDaemons'};
  open (PIDSAVE,">$execdir/logs/lond.pid");
  print PIDSAVE "$$\n";
  close(PIDSAVE);
- &logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
+ &logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
  &status('Starting');
- Line 3761  $SIG{USR2} = \&UpdateHosts;
+ Line 4620  $SIG{USR2} = \&UpdateHosts;
  ReadHostTable;
  # --------------------------------------------------------------
  #   Accept connections.  When a connection comes in, it is validated
  #   and if good, a child process is created to process transactions
- Line 3777  while (1) {
+ Line 4635  while (1) {
  sub make_new_child {
      my $pid;
+ #    my $cipher;     # Now global
      my $sigset;
      $client = shift;
- Line 3798  sub make_new_child {
+ Line 4657  sub make_new_child {
      #  the pid hash.
      #
      my $caller = getpeername($client);
-     my ($port,$iaddr)=unpack_sockaddr_in($caller);
+     my ($port,$iaddr);
-     $clientip=inet_ntoa($iaddr);
+     if (defined($caller) && length($caller) > 0) {
+ 	($port,$iaddr)=unpack_sockaddr_in($caller);
+     } else {
+ 	&logthis("Unable to determine who caller was, getpeername returned nothing");
+     }
+     if (defined($iaddr)) {
+ 	$clientip  = inet_ntoa($iaddr);
+ 	Debug("Connected with $clientip");
+ 	$clientdns = gethostbyaddr($iaddr, AF_INET);
+ 	Debug("Connected with $clientdns by name");
+     } else {
+ 	&logthis("Unable to determine clientip");
+ 	$clientip='Unavailable';
+     }
      if ($pid) {
          # Parent records the child's birth and returns.
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
          $children{$pid} = $clientip;
-         $children++;
          &status('Started child '.$pid);
          return;
      } else {
- Line 3823  sub make_new_child {
+ Line 4694  sub make_new_child {
          sigprocmask(SIG_UNBLOCK, $sigset)
              or die "Can't unblock SIGINT for fork: $!\n";
+ #        my $tmpsnum=0;            # Now global
+ #---------------------------------------------------- kerberos 5 initialization
          &Authen::Krb5::init_context();
          &Authen::Krb5::init_ets();
- Line 3832  sub make_new_child {
+ Line 4703  sub make_new_child {
  # =============================================================================
              # do something with the connection
  # -----------------------------------------------------------------------------
- 	# see if we know client and check for spoof IP by challenge
+ 	# see if we know client and 'check' for spoof IP by ineffective challenge
  	ReadManagerTable;	# May also be a manager!!
- Line 3850  sub make_new_child {
+ Line 4721  sub make_new_child {
  	    $clientname = $managers{$clientip};
  	}
  	my $clientok;
  	if ($clientrec || $ismanager) {
  	    &status("Waiting for init from $clientip $clientname");
  	    &logthis('<font color="yellow">INFO: Connection, '.
- Line 3857  sub make_new_child {
+ Line 4729  sub make_new_child {
  		  " ($clientname) connection type = $ConnectionType </font>" );
  	    &status("Connecting $clientip  ($clientname))");
  	    my $remotereq=<$client>;
- 	    $remotereq=~s/[^\w:]//g;
+ 	    chomp($remotereq);
+ 	    Debug("Got init: $remotereq");
+ 	    my $inikeyword = split(/:/, $remotereq);
  	    if ($remotereq =~ /^init/) {
  		&sethost("sethost:$perlvar{'lonHostID'}");
- 		my $challenge="$$".time;
+ 		#
- 		print $client "$challenge\n";
+ 		#  If the remote is attempting a local init... give that a try:
- 		&status(
+ 		#
- 			"Waiting for challenge reply from $clientip ($clientname)");
+ 		my ($i, $inittype) = split(/:/, $remotereq);
- 		$remotereq=<$client>;
- 		$remotereq=~s/\W//g;
+ 		# If the connection type is ssl, but I didn't get my
- 		if ($challenge eq $remotereq) {
+ 		# certificate files yet, then I'll drop  back to
- 		    $clientok=1;
+ 		# insecure (if allowed).
- 		    print $client "ok\n";
+ 		if($inittype eq "ssl") {
+ 		    my ($ca, $cert) = lonssl::CertificateFile;
+ 		    my $kfile       = lonssl::KeyFile;
+ 		    if((!$ca)   ||
+ 		       (!$cert) ||
+ 		       (!$kfile)) {
+ 			$inittype = ""; # This forces insecure attempt.
+ 			&logthis("<font color=\"blue\"> Certificates not "
+ 				 ."installed -- trying insecure auth</font>");
+ 		    } else {	# SSL certificates are in place so
+ 		    }		# Leave the inittype alone.
+ 		}
+ 		if($inittype eq "local") {
+ 		    my $key = LocalConnection($client, $remotereq);
+ 		    if($key) {
+ 			Debug("Got local key $key");
+ 			$clientok     = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			print $client "ok:local\n";
+ 			&logthis('<font color="green"'
+ 				 . "Successful local authentication </font>");
+ 			$keymode = "local"
+ 		    } else {
+ 			Debug("Failed to get local key");
+ 			$clientok = 0;
+ 			shutdown($client, 3);
+ 			close $client;
+ 		    }
+ 		} elsif ($inittype eq "ssl") {
+ 		    my $key = SSLConnection($client);
+ 		    if ($key) {
+ 			$clientok = 1;
+ 			my $cipherkey = pack("H32", $key);
+ 			$cipher       = new IDEA($cipherkey);
+ 			&logthis('<font color="green">'
+ 				 ."Successfull ssl authentication with $clientname </font>");
+ 			$keymode = "ssl";
+ 		    } else {
+ 			$clientok = 0;
+ 			close $client;
+ 		    }
  		} else {
- 		    &logthis(
+ 		    my $ok = InsecureConnection($client);
- 			     "<font color=blue>WARNING: $clientip did not reply challenge</font>");
+ 		    if($ok) {
- 		    &status('No challenge reply '.$clientip);
+ 			$clientok = 1;
+ 			&logthis('<font color="green">'
+ 				 ."Successful insecure authentication with $clientname </font>");
+ 			print $client "ok\n";
+ 			$keymode = "insecure";
+ 		    } else {
+ 			&logthis('<font color="yellow">'
+ 				  ."Attempted insecure connection disallowed </font>");
+ 			close $client;
+ 			$clientok = 0;
+ 		    }
  		}
  	    } else {
  		&logthis(
- 			 "<font color=blue>WARNING: "
+ 			 "<font color='blue'>WARNING: "
  			 ."$clientip failed to initialize: >$remotereq< </font>");
  		&status('No init '.$clientip);
  	    }
  	} else {
  	    &logthis(
- 		     "<font color=blue>WARNING: Unknown client $clientip</font>");
+ 		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
  	    &status('Hung up on '.$clientip);
  	}
  	if ($clientok) {
  # ---------------- New known client connecting, could mean machine online again
- Line 3896  sub make_new_child {
+ Line 4828  sub make_new_child {
  		}
  		&reconlonc("$perlvar{'lonSockDir'}/$id");
  	    }
- 	    &logthis("<font color=green>Established connection: $clientname</font>");
+ 	    &logthis("<font color='green'>Established connection: $clientname</font>");
  	    &status('Will listen to '.$clientname);
- 	    ResetStatistics();
  # ------------------------------------------------------------ Process requests
- 	    my $KeepGoing = 1;
+ 	    my $keep_going = 1;
- 	    while ((my $userinput=GetRequest) && $KeepGoing) {
+ 	    my $user_input;
- 		$KeepGoing = ProcessRequest($userinput);
+ 	    while(($user_input = get_request) && $keep_going) {
- # -------------------------------------------------------------------- complete
+ 		alarm(120);
+ 		Debug("Main: Got $user_input\n");
- 		&status('Listening to '.$clientname);
+ 		$keep_going = &process_request($user_input);
+ 		alarm(0);
+ 		&status('Listening to '.$clientname." ($keymode)");
  	    }
  # --------------------------------------------- client unknown or fishy, refuse
- 	} else {
+ 	}  else {
  	    print $client "refused\n";
  	    $client->close();
- 	    &logthis("<font color=blue>WARNING: "
+ 	    &logthis("<font color='blue'>WARNING: "
  		     ."Rejected client $clientip, closing connection</font>");
  	}
      }
  # =============================================================================
-     &logthis("<font color=red>CRITICAL: "
+     &logthis("<font color='red'>CRITICAL: "
  	     ."Disconnect from $clientip ($clientname)</font>");
- Line 3930  sub make_new_child {
+ Line 4862  sub make_new_child {
      exit;
  }
+ #
+ #   Determine if a user is an author for the indicated domain.
+ #
+ # Parameters:
+ #    domain          - domain to check in .
+ #    user            - Name of user to check.
+ #
+ # Return:
+ #     1             - User is an author for domain.
+ #     0             - User is not an author for domain.
+ sub is_author {
+     my ($domain, $user) = @_;
+     &Debug("is_author: $user @ $domain");
+     my $hashref = &tie_user_hash($domain, $user, "roles",
+ 				 &GDBM_READER());
+     #  Author role should show up as a key /domain/_au
+     my $key   = "/$domain/_au";
+     my $value = $hashref->{$key};
+     if(defined($value)) {
+ 	&Debug("$user @ $domain is an author");
+     }
+     return defined($value);
+ }
  #
  #   Checks to see if the input roleput request was to set
  # an author role.  If so, invokes the lchtmldir script to set
- Line 3943  sub make_new_child {
+ Line 4902  sub make_new_child {
  #    user      - Name of the user for which the role is being put.
  #    authtype  - The authentication type associated with the user.
  #
- sub ManagePermissions
+ sub manage_permissions
  {
-     my $request = shift;
-     my $domain  = shift;
-     my $user    = shift;
+     my ($request, $domain, $user, $authtype) = @_;
-     my $authtype= shift;
+     &Debug("manage_permissions: $request $domain $user $authtype");
      # See if the request is of the form /$domain/_au
-     &logthis("ruequest is $request");
      if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
  	my $execdir = $perlvar{'lonDaemons'};
  	my $userhome= "/home/$user" ;
  	&logthis("system $execdir/lchtmldir $userhome $user $authtype");
+ 	&Debug("Setting homedir permissions for $userhome");
  	system("$execdir/lchtmldir $userhome $user $authtype");
      }
  }
+ #
+ #  Return the full path of a user password file, whether it exists or not.
+ # Parameters:
+ #   domain     - Domain in which the password file lives.
+ #   user       - name of the user.
+ # Returns:
+ #    Full passwd path:
+ #
+ sub password_path {
+     my ($domain, $user) = @_;
+     return &propath($domain, $user).'/passwd';
+ }
+ #   Password Filename
+ #   Returns the path to a passwd file given domain and user... only if
+ #  it exists.
+ # Parameters:
+ #   domain    - Domain in which to search.
+ #   user      - username.
+ # Returns:
+ #   - If the password file exists returns its path.
+ #   - If the password file does not exist, returns undefined.
+ #
+ sub password_filename {
+     my ($domain, $user) = @_;
+     Debug ("PasswordFilename called: dom = $domain user = $user");
+     my $path  = &password_path($domain, $user);
+     Debug("PasswordFilename got path: $path");
+     if(-e $path) {
+ 	return $path;
+     } else {
+ 	return undef;
+     }
+ }
  #
- #   GetAuthType - Determines the authorization type of a user in a domain.
+ #   Rewrite the contents of the user's passwd file.
+ #  Parameters:
+ #    domain    - domain of the user.
+ #    name      - User's name.
+ #    contents  - New contents of the file.
+ # Returns:
+ #   0    - Failed.
+ #   1    - Success.
+ #
+ sub rewrite_password_file {
+     my ($domain, $user, $contents) = @_;
+     my $file = &password_filename($domain, $user);
+     if (defined $file) {
+ 	my $pf = IO::File->new(">$file");
+ 	if($pf) {
+ 	    print $pf "$contents\n";
+ 	    return 1;
+ 	} else {
+ 	    return 0;
+ 	}
+     } else {
+ 	return 0;
+     }
+ }
+ #
+ #   get_auth_type - Determines the authorization type of a user in a domain.
  #     Returns the authorization type or nouser if there is no such user.
  #
- sub GetAuthType
+ sub get_auth_type
  {
-     my $domain = shift;
-     my $user   = shift;
-     Debug("GetAuthType( $domain, $user ) \n");
+     my ($domain, $user)  = @_;
+     Debug("get_auth_type( $domain, $user ) \n");
      my $proname    = &propath($domain, $user);
      my $passwdfile = "$proname/passwd";
      if( -e $passwdfile ) {
- Line 3979  sub GetAuthType
+ Line 5006  sub GetAuthType
  	Debug("Password info = $realpassword\n");
  	my ($authtype, $contentpwd) = split(/:/, $realpassword);
  	Debug("Authtype = $authtype, content = $contentpwd\n");
- 	my $availinfo = '';
+ 	return "$authtype:$contentpwd";
- 	if($authtype eq 'krb4' or $authtype eq 'krb5') {
+     } else {
- 	    $availinfo = $contentpwd;
- 	}
- 	return "$authtype:$availinfo";
-     }
-     else {
  	Debug("Returning nouser");
  	return "nouser";
      }
  }
+ #
+ #  Validate a user given their domain, name and password.  This utility
+ #  function is used by both  AuthenticateHandler and ChangePasswordHandler
+ #  to validate the login credentials of a user.
+ # Parameters:
+ #    $domain    - The domain being logged into (this is required due to
+ #                 the capability for multihomed systems.
+ #    $user      - The name of the user being validated.
+ #    $password  - The user's propoposed password.
+ #
+ # Returns:
+ #     1        - The domain,user,pasword triplet corresponds to a valid
+ #                user.
+ #     0        - The domain,user,password triplet is not a valid user.
+ #
+ sub validate_user {
+     my ($domain, $user, $password) = @_;
+     # Why negative ~pi you may well ask?  Well this function is about
+     # authentication, and therefore very important to get right.
+     # I've initialized the flag that determines whether or not I've
+     # validated correctly to a value it's not supposed to get.
+     # At the end of this function. I'll ensure that it's not still that
+     # value so we don't just wind up returning some accidental value
+     # as a result of executing an unforseen code path that
+     # did not set $validated.  At the end of valid execution paths,
+     # validated shoule be 1 for success or 0 for failuer.
+     my $validated = -3.14159;
+     #  How we authenticate is determined by the type of authentication
+     #  the user has been assigned.  If the authentication type is
+     #  "nouser", the user does not exist so we will return 0.
+     my $contents = &get_auth_type($domain, $user);
+     my ($howpwd, $contentpwd) = split(/:/, $contents);
+     my $null = pack("C",0);	# Used by kerberos auth types.
+     if ($howpwd ne 'nouser') {
+ 	if($howpwd eq "internal") { # Encrypted is in local password file.
+ 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
+ 	}
+ 	elsif ($howpwd eq "unix") { # User is a normal unix user.
+ 	    $contentpwd = (getpwnam($user))[1];
+ 	    if($contentpwd) {
+ 		if($contentpwd eq 'x') { # Shadow password file...
+ 		    my $pwauth_path = "/usr/local/sbin/pwauth";
+ 		    open PWAUTH,  "|$pwauth_path" or
+ 			die "Cannot invoke authentication";
+ 		    print PWAUTH "$user\n$password\n";
+ 		    close PWAUTH;
+ 		    $validated = ! $?;
+ 		} else { 	         # Passwords in /etc/passwd.
+ 		    $validated = (crypt($password,
+ 					$contentpwd) eq $contentpwd);
+ 		}
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	}
+ 	elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain.
+ 	    if(! ($password =~ /$null/) ) {
+ 		my $k4error = &Authen::Krb4::get_pw_in_tkt($user,
+ 							   "",
+ 							   $contentpwd,,
+ 							   'krbtgt',
+ 							   $contentpwd,
+,
+ 							   $password);
+ 		if(!$k4error) {
+ 		    $validated = 1;
+ 		} else {
+ 		    $validated = 0;
+ 		    &logthis('krb4: '.$user.', '.$contentpwd.', '.
+ 			     &Authen::Krb4::get_err_txt($Authen::Krb4::error));
+ 		}
+ 	    } else {
+ 		$validated = 0; # Password has a match with null.
+ 	    }
+ 	} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain.
+ 	    if(!($password =~ /$null/)) { # Null password not allowed.
+ 		my $krbclient = &Authen::Krb5::parse_name($user.'@'
+ 							  .$contentpwd);
+ 		my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd;
+ 		my $krbserver  = &Authen::Krb5::parse_name($krbservice);
+ 		my $credentials= &Authen::Krb5::cc_default();
+ 		$credentials->initialize($krbclient);
+ 		my $krbreturn  = &Authen::KRb5::get_in_tkt_with_password($krbclient,
+ 									 $krbserver,
+ 									 $password,
+ 									 $credentials);
+ 		$validated = ($krbreturn == 1);
+ 	    } else {
+ 		$validated = 0;
+ 	    }
+ 	} elsif ($howpwd eq "localauth") {
+ 	    #  Authenticate via installation specific authentcation method:
+ 	    $validated = &localauth::localauth($user,
+ 					       $password,
+ 					       $contentpwd);
+ 	} else {			# Unrecognized auth is also bad.
+ 	    $validated = 0;
+ 	}
+     } else {
+ 	$validated = 0;
+     }
+     #
+     #  $validated has the correct stat of the authentication:
+     #
+     unless ($validated != -3.14159) {
+ 	#  I >really really< want to know if this happens.
+ 	#  since it indicates that user authentication is badly
+ 	#  broken in some code path.
+         #
+ 	die "ValidateUser - failed to set the value of validated $domain, $user $password";
+     }
+     return $validated;
+ }
  sub addline {
      my ($fname,$hostid,$ip,$newline)=@_;
      my $contents;
- Line 4012  sub addline {
+ Line 5158  sub addline {
      return $found;
  }
- sub getchat {
+ sub get_chat {
      my ($cdom,$cname,$udom,$uname)=@_;
      my %hash;
      my $proname=&propath($cdom,$cname);
- Line 4037  sub getchat {
+ Line 5183  sub getchat {
      return (@participants,@entries);
  }
- sub chatadd {
+ sub chat_add {
      my ($cdom,$cname,$newchat)=@_;
      my %hash;
      my $proname=&propath($cdom,$cname);
- Line 4076  sub chatadd {
+ Line 5222  sub chatadd {
  sub unsub {
      my ($fname,$clientip)=@_;
      my $result;
+     my $unsubs = 0;		# Number of successful unsubscribes:
+     # An old way subscriptions were handled was to have a
+     # subscription marker file:
+     Debug("Attempting unlink of $fname.$clientname");
      if (unlink("$fname.$clientname")) {
- 	$result="ok\n";
+ 	$unsubs++;		# Successful unsub via marker file.
-     } else {
+     }
- 	$result="not_subscribed\n";
-     }
+     # The more modern way to do it is to have a subscription list
+     # file:
      if (-e "$fname.subscription") {
  	my $found=&addline($fname,$clientname,$clientip,'');
- 	if ($found) { $result="ok\n"; }
+ 	if ($found) {
+ 	    $unsubs++;
+ 	}
+     }
+     #  If either or both of these mechanisms succeeded in unsubscribing a
+     #  resource we can return ok:
+     if($unsubs) {
+ 	$result = "ok\n";
      } else {
- 	if ($result != "ok\n") { $result="not_subscribed\n"; }
+ 	$result = "not_subscribed\n";
      }
      return $result;
  }
- Line 4190  sub make_passwd_file {
+ Line 5355  sub make_passwd_file {
      if ($umode eq 'krb4' or $umode eq 'krb5') {
  	{
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "$umode:$npass\n";
+ 	    if ($pf) {
+ 		print $pf "$umode:$npass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'internal') {
  	my $salt=time;
- Line 4199  sub make_passwd_file {
+ Line 5368  sub make_passwd_file {
  	{
  	    &Debug("Creating internal auth");
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "internal:$ncpass\n";
+ 	    if($pf) {
+ 		print $pf "internal:$ncpass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'localauth') {
  	{
  	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "localauth:$npass\n";
+ 	    if($pf) {
+ 		print $pf "localauth:$npass\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } elsif ($umode eq 'unix') {
  	{
- 	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    #
+ 	    #  Don't allow the creation of privileged accounts!!! that would
+ 	    #  be real bad!!!
+ 	    #
+ 	    my $uid = getpwnam($uname);
+ 	    if((defined $uid) && ($uid == 0)) {
+ 		&logthis(">>>Attempted to create privilged account blocked");
+ 		return "no_priv_account_error\n";
+ 	    }
+ 	    my $execpath       ="$perlvar{'lonDaemons'}/"."lcuseradd";
+ 	    my $lc_error_file  = $execdir."/tmp/lcuseradd".$$.".status";
  	    {
  		&Debug("Executing external: ".$execpath);
  		&Debug("user  = ".$uname.", Password =". $npass);
- Line 4216  sub make_passwd_file {
+ Line 5405  sub make_passwd_file {
  		print $se "$uname\n";
  		print $se "$npass\n";
  		print $se "$npass\n";
+ 		print $se "$lc_error_file\n"; # Status -> unique file.
  	    }
- 	    my $useraddok = $?;
+ 	    my $error = IO::File->new("< $lc_error_file");
+ 	    my $useraddok = <$error>;
+ 	    $error->close;
+ 	    unlink($lc_error_file);
+ 	    chomp $useraddok;
  	    if($useraddok > 0) {
- 		&logthis("Failed lcuseradd: ".&lcuseraddstrerror($useraddok));
+ 		my $error_text = &lcuseraddstrerror($useraddok);
+ 		&logthis("Failed lcuseradd: $error_text");
+ 		$result = "lcuseradd_failed:$error_text\n";
+ 	    }  else {
+ 		my $pf = IO::File->new(">$passfilename");
+ 		if($pf) {
+ 		    print $pf "unix:\n";
+ 		} else {
+ 		    $result = "pass_file_failed_error";
+ 		}
  	    }
- 	    my $pf = IO::File->new(">$passfilename");
- 	    print $pf "unix:\n";
  	}
      } elsif ($umode eq 'none') {
  	{
- 	    my $pf = IO::File->new(">$passfilename");
+ 	    my $pf = IO::File->new("> $passfilename");
- 	    print $pf "none:\n";
+ 	    if($pf) {
+ 		print $pf "none:\n";
+ 	    } else {
+ 		$result = "pass_file_failed_error";
+ 	    }
  	}
      } else {
  	$result="auth_mode_error\n";
- Line 4235  sub make_passwd_file {
+ Line 5442  sub make_passwd_file {
      return $result;
  }
+ sub convert_photo {
+     my ($start,$dest)=@_;
+     system("convert $start $dest");
+ }
  sub sethost {
      my ($remotereq) = @_;
      my (undef,$hostid)=split(/:/,$remotereq);
      if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
      if ($hostip{$perlvar{'lonHostID'}} eq $hostip{$hostid}) {
- 	$currenthostid=$hostid;
+ 	$currenthostid  =$hostid;
  	$currentdomainid=$hostdom{$hostid};
  	&logthis("Setting hostid to $hostid, and domain to $currentdomainid");
      } else {
- Line 4256  sub version {
+ Line 5468  sub version {
      $remoteVERSION=(split(/:/,$userinput))[1];
      return "version:$VERSION";
  }
- ############## >>>>>>>>>>>>>>>>>>>>>>>>>> FUTUREWORK <<<<<<<<<<<<<<<<<<<<<<<<<<<<
  #There is a copy of this in lonnet.pm
- #   Can we hoist these lil' things out into common places?
- #
  sub userload {
      my $numusers=0;
      {
- Line 4282  sub userload {
+ Line 5492  sub userload {
      return $userloadpercent;
  }
+ # Routines for serializing arrays and hashes (copies from lonnet)
+ sub array2str {
+   my (@array) = @_;
+   my $result=&arrayref2str(\@array);
+   $result=~s/^__ARRAY_REF__//;
+   $result=~s/__END_ARRAY_REF__$//;
+   return $result;
+ }
+ sub arrayref2str {
+   my ($arrayref) = @_;
+   my $result='__ARRAY_REF__';
+   foreach my $elem (@$arrayref) {
+     if(ref($elem) eq 'ARRAY') {
+       $result.=&arrayref2str($elem).'&';
+     } elsif(ref($elem) eq 'HASH') {
+       $result.=&hashref2str($elem).'&';
+     } elsif(ref($elem)) {
+       #print("Got a ref of ".(ref($elem))." skipping.");
+     } else {
+       $result.=&escape($elem).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_ARRAY_REF__';
+   return $result;
+ }
+ sub hash2str {
+   my (%hash) = @_;
+   my $result=&hashref2str(\%hash);
+   $result=~s/^__HASH_REF__//;
+   $result=~s/__END_HASH_REF__$//;
+   return $result;
+ }
+ sub hashref2str {
+   my ($hashref)=@_;
+   my $result='__HASH_REF__';
+   foreach (sort(keys(%$hashref))) {
+     if (ref($_) eq 'ARRAY') {
+       $result.=&arrayref2str($_).'=';
+     } elsif (ref($_) eq 'HASH') {
+       $result.=&hashref2str($_).'=';
+     } elsif (ref($_)) {
+       $result.='=';
+       #print("Got a ref of ".(ref($_))." skipping.");
+     } else {
+         if ($_) {$result.=&escape($_).'=';} else { last; }
+     }
+     if(ref($hashref->{$_}) eq 'ARRAY') {
+       $result.=&arrayref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_}) eq 'HASH') {
+       $result.=&hashref2str($hashref->{$_}).'&';
+     } elsif(ref($hashref->{$_})) {
+        $result.='&';
+       #print("Got a ref of ".(ref($hashref->{$_}))." skipping.");
+     } else {
+       $result.=&escape($hashref->{$_}).'&';
+     }
+   }
+   $result=~s/\&$//;
+   $result .= '__END_HASH_REF__';
+   return $result;
+ }
  # ----------------------------------- POD (plain old documentation, CPAN style)
  =head1 NAME
- Line 4489  Place in B<logs/lond.log>
+ Line 5767  Place in B<logs/lond.log>
  stores hash in namespace
- =item rolesput
+ =item rolesputy
  put a role into a user's environment

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.178.2.2
changed lines
	Added in v.1.267