File:  [LON-CAPA] / loncom / lond
Revision 1.506: download - view: text, annotated - select for diffs
Fri Jan 3 18:39:43 2014 UTC (10 years, 10 months ago) by raeburn
Branches: MAIN
CVS tags: HEAD
- New routine in localenroll.pm -- &crsreq_updates() -- to support
  domain-specific operations during course request process.
- Tabbed interface used for textbook-type course requests, one tab
  for course creation, one for request logs.
- Column for unique codes included in user's request log display, if
  domain has enabled use of unique codes.
- Correction to LON-CAPA messaging of unique code -- recipient should
  be requestor.

    1: #!/usr/bin/perl
    2: # The LearningOnline Network
    3: # lond "LON Daemon" Server (port "LOND" 5663)
    4: #
    5: # $Id: lond,v 1.506 2014/01/03 18:39:43 raeburn Exp $
    6: #
    7: # Copyright Michigan State University Board of Trustees
    8: #
    9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   10: #
   11: # LON-CAPA is free software; you can redistribute it and/or modify
   12: # it under the terms of the GNU General Public License as published by
   13: # the Free Software Foundation; either version 2 of the License, or 
   14: # (at your option) any later version.
   15: #
   16: # LON-CAPA is distributed in the hope that it will be useful,
   17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   18: 
   19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   20: # GNU General Public License for more details.
   21: #
   22: # You should have received a copy of the GNU General Public License
   23: # along with LON-CAPA; if not, write to the Free Software
   24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   25: #
   26: # /home/httpd/html/adm/gpl.txt
   27: #
   28: 
   29: 
   30: # http://www.lon-capa.org/
   31: #
   32: 
   33: use strict;
   34: use lib '/home/httpd/lib/perl/';
   35: use LONCAPA;
   36: use LONCAPA::Configuration;
   37: use LONCAPA::Lond;
   38: 
   39: use IO::Socket;
   40: use IO::File;
   41: #use Apache::File;
   42: use POSIX;
   43: use Crypt::IDEA;
   44: use LWP::UserAgent();
   45: use Digest::MD5 qw(md5_hex);
   46: use GDBM_File;
   47: use Authen::Krb5;
   48: use localauth;
   49: use localenroll;
   50: use localstudentphoto;
   51: use File::Copy;
   52: use File::Find;
   53: use LONCAPA::lonlocal;
   54: use LONCAPA::lonssl;
   55: use Fcntl qw(:flock);
   56: use Apache::lonnet;
   57: use Mail::Send;
   58: 
   59: my $DEBUG = 0;		       # Non zero to enable debug log entries.
   60: 
   61: my $status='';
   62: my $lastlog='';
   63: 
   64: my $VERSION='$Revision: 1.506 $'; #' stupid emacs
   65: my $remoteVERSION;
   66: my $currenthostid="default";
   67: my $currentdomainid;
   68: 
   69: my $client;
   70: my $clientip;			# IP address of client.
   71: my $clientname;			# LonCAPA name of client.
   72: my $clientversion;              # LonCAPA version running on client.
   73: my $clienthomedom;              # LonCAPA domain of homeID for client. 
   74:                                 # primary library server. 
   75: 
   76: my $server;
   77: 
   78: my $keymode;
   79: 
   80: my $cipher;			# Cipher key negotiated with client
   81: my $tmpsnum = 0;		# Id of tmpputs.
   82: 
   83: # 
   84: #   Connection type is:
   85: #      client                   - All client actions are allowed
   86: #      manager                  - only management functions allowed.
   87: #      both                     - Both management and client actions are allowed
   88: #
   89: 
   90: my $ConnectionType;
   91: 
   92: my %managers;			# Ip -> manager names
   93: 
   94: my %perlvar;			# Will have the apache conf defined perl vars.
   95: 
   96: my $dist;
   97: 
   98: #
   99: #   The hash below is used for command dispatching, and is therefore keyed on the request keyword.
  100: #    Each element of the hash contains a reference to an array that contains:
  101: #          A reference to a sub that executes the request corresponding to the keyword.
  102: #          A flag that is true if the request must be encoded to be acceptable.
  103: #          A mask with bits as follows:
  104: #                      CLIENT_OK    - Set when the function is allowed by ordinary clients
  105: #                      MANAGER_OK   - Set when the function is allowed to manager clients.
  106: #
  107: my $CLIENT_OK  = 1;
  108: my $MANAGER_OK = 2;
  109: my %Dispatcher;
  110: 
  111: 
  112: #
  113: #  The array below are password error strings."
  114: #
  115: my $lastpwderror    = 13;		# Largest error number from lcpasswd.
  116: my @passwderrors = ("ok",
  117: 		   "pwchange_failure - lcpasswd must be run as user 'www'",
  118: 		   "pwchange_failure - lcpasswd got incorrect number of arguments",
  119: 		   "pwchange_failure - lcpasswd did not get the right nubmer of input text lines",
  120: 		   "pwchange_failure - lcpasswd too many simultaneous pwd changes in progress",
  121: 		   "pwchange_failure - lcpasswd User does not exist.",
  122: 		   "pwchange_failure - lcpasswd Incorrect current passwd",
  123: 		   "pwchange_failure - lcpasswd Unable to su to root.",
  124: 		   "pwchange_failure - lcpasswd Cannot set new passwd.",
  125: 		   "pwchange_failure - lcpasswd Username has invalid characters",
  126: 		   "pwchange_failure - lcpasswd Invalid characters in password",
  127: 		   "pwchange_failure - lcpasswd User already exists", 
  128:                    "pwchange_failure - lcpasswd Something went wrong with user addition.",
  129: 		   "pwchange_failure - lcpasswd Password mismatch",
  130: 		   "pwchange_failure - lcpasswd Error filename is invalid");
  131: 
  132: 
  133: # This array are the errors from lcinstallfile:
  134: 
  135: my @installerrors = ("ok",
  136: 		     "Initial user id of client not that of www",
  137: 		     "Usage error, not enough command line arguments",
  138: 		     "Source filename does not exist",
  139: 		     "Destination filename does not exist",
  140: 		     "Some file operation failed",
  141: 		     "Invalid table filename."
  142: 		     );
  143: 
  144: #
  145: #   Statistics that are maintained and dislayed in the status line.
  146: #
  147: my $Transactions = 0;		# Number of attempted transactions.
  148: my $Failures     = 0;		# Number of transcations failed.
  149: 
  150: #   ResetStatistics: 
  151: #      Resets the statistics counters:
  152: #
  153: sub ResetStatistics {
  154:     $Transactions = 0;
  155:     $Failures     = 0;
  156: }
  157: 
  158: #------------------------------------------------------------------------
  159: #
  160: #   LocalConnection
  161: #     Completes the formation of a locally authenticated connection.
  162: #     This function will ensure that the 'remote' client is really the
  163: #     local host.  If not, the connection is closed, and the function fails.
  164: #     If so, initcmd is parsed for the name of a file containing the
  165: #     IDEA session key.  The fie is opened, read, deleted and the session
  166: #     key returned to the caller.
  167: #
  168: # Parameters:
  169: #   $Socket      - Socket open on client.
  170: #   $initcmd     - The full text of the init command.
  171: #
  172: # Returns:
  173: #     IDEA session key on success.
  174: #     undef on failure.
  175: #
  176: sub LocalConnection {
  177:     my ($Socket, $initcmd) = @_;
  178:     Debug("Attempting local connection: $initcmd client: $clientip");
  179:     if($clientip ne "127.0.0.1") {
  180: 	&logthis('<font color="red"> LocalConnection rejecting non local: '
  181: 		 ."$clientip ne 127.0.0.1 </font>");
  182: 	close $Socket;
  183: 	return undef;
  184:     }  else {
  185: 	chomp($initcmd);	# Get rid of \n in filename.
  186: 	my ($init, $type, $name) = split(/:/, $initcmd);
  187: 	Debug(" Init command: $init $type $name ");
  188: 
  189: 	# Require that $init = init, and $type = local:  Otherwise
  190: 	# the caller is insane:
  191: 
  192: 	if(($init ne "init") && ($type ne "local")) {
  193: 	    &logthis('<font color = "red"> LocalConnection: caller is insane! '
  194: 		     ."init = $init, and type = $type </font>");
  195: 	    close($Socket);;
  196: 	    return undef;
  197: 		
  198: 	}
  199: 	#  Now get the key filename:
  200: 
  201: 	my $IDEAKey = lonlocal::ReadKeyFile($name);
  202: 	return $IDEAKey;
  203:     }
  204: }
  205: #------------------------------------------------------------------------------
  206: #
  207: #  SSLConnection
  208: #   Completes the formation of an ssh authenticated connection. The
  209: #   socket is promoted to an ssl socket.  If this promotion and the associated
  210: #   certificate exchange are successful, the IDEA key is generated and sent
  211: #   to the remote peer via the SSL tunnel. The IDEA key is also returned to
  212: #   the caller after the SSL tunnel is torn down.
  213: #
  214: # Parameters:
  215: #   Name              Type             Purpose
  216: #   $Socket          IO::Socket::INET  Plaintext socket.
  217: #
  218: # Returns:
  219: #    IDEA key on success.
  220: #    undef on failure.
  221: #
  222: sub SSLConnection {
  223:     my $Socket   = shift;
  224: 
  225:     Debug("SSLConnection: ");
  226:     my $KeyFile         = lonssl::KeyFile();
  227:     if(!$KeyFile) {
  228: 	my $err = lonssl::LastError();
  229: 	&logthis("<font color=\"red\"> CRITICAL"
  230: 		 ."Can't get key file $err </font>");
  231: 	return undef;
  232:     }
  233:     my ($CACertificate,
  234: 	$Certificate) = lonssl::CertificateFile();
  235: 
  236: 
  237:     # If any of the key, certificate or certificate authority 
  238:     # certificate filenames are not defined, this can't work.
  239: 
  240:     if((!$Certificate) || (!$CACertificate)) {
  241: 	my $err = lonssl::LastError();
  242: 	&logthis("<font color=\"red\"> CRITICAL"
  243: 		 ."Can't get certificates: $err </font>");
  244: 
  245: 	return undef;
  246:     }
  247:     Debug("Key: $KeyFile CA: $CACertificate Cert: $Certificate");
  248: 
  249:     # Indicate to our peer that we can procede with
  250:     # a transition to ssl authentication:
  251: 
  252:     print $Socket "ok:ssl\n";
  253: 
  254:     Debug("Approving promotion -> ssl");
  255:     #  And do so:
  256: 
  257:     my $SSLSocket = lonssl::PromoteServerSocket($Socket,
  258: 						$CACertificate,
  259: 						$Certificate,
  260: 						$KeyFile);
  261:     if(! ($SSLSocket) ) {	# SSL socket promotion failed.
  262: 	my $err = lonssl::LastError();
  263: 	&logthis("<font color=\"red\"> CRITICAL "
  264: 		 ."SSL Socket promotion failed: $err </font>");
  265: 	return undef;
  266:     }
  267:     Debug("SSL Promotion successful");
  268: 
  269:     # 
  270:     #  The only thing we'll use the socket for is to send the IDEA key
  271:     #  to the peer:
  272: 
  273:     my $Key = lonlocal::CreateCipherKey();
  274:     print $SSLSocket "$Key\n";
  275: 
  276:     lonssl::Close($SSLSocket); 
  277: 
  278:     Debug("Key exchange complete: $Key");
  279: 
  280:     return $Key;
  281: }
  282: #
  283: #     InsecureConnection: 
  284: #        If insecure connections are allowd,
  285: #        exchange a challenge with the client to 'validate' the
  286: #        client (not really, but that's the protocol):
  287: #        We produce a challenge string that's sent to the client.
  288: #        The client must then echo the challenge verbatim to us.
  289: #
  290: #  Parameter:
  291: #      Socket      - Socket open on the client.
  292: #  Returns:
  293: #      1           - success.
  294: #      0           - failure (e.g.mismatch or insecure not allowed).
  295: #
  296: sub InsecureConnection {
  297:     my $Socket  =  shift;
  298: 
  299:     #   Don't even start if insecure connections are not allowed.
  300: 
  301:     if(! $perlvar{londAllowInsecure}) {	# Insecure connections not allowed.
  302: 	return 0;
  303:     }
  304: 
  305:     #   Fabricate a challenge string and send it..
  306: 
  307:     my $challenge = "$$".time;	# pid + time.
  308:     print $Socket "$challenge\n";
  309:     &status("Waiting for challenge reply");
  310: 
  311:     my $answer = <$Socket>;
  312:     $answer    =~s/\W//g;
  313:     if($challenge eq $answer) {
  314: 	return 1;
  315:     } else {
  316: 	logthis("<font color='blue'>WARNING client did not respond to challenge</font>");
  317: 	&status("No challenge reqply");
  318: 	return 0;
  319:     }
  320:     
  321: 
  322: }
  323: #
  324: #   Safely execute a command (as long as it's not a shel command and doesn
  325: #   not require/rely on shell escapes.   The function operates by doing a
  326: #   a pipe based fork and capturing stdout and stderr  from the pipe.
  327: #
  328: # Formal Parameters:
  329: #     $line                    - A line of text to be executed as a command.
  330: # Returns:
  331: #     The output from that command.  If the output is multiline the caller
  332: #     must know how to split up the output.
  333: #
  334: #
  335: sub execute_command {
  336:     my ($line)    = @_;
  337:     my @words     = split(/\s/, $line);	# Bust the command up into words.
  338:     my $output    = "";
  339: 
  340:     my $pid = open(CHILD, "-|");
  341:     
  342:     if($pid) {			# Parent process
  343: 	Debug("In parent process for execute_command");
  344: 	my @data = <CHILD>;	# Read the child's outupt...
  345: 	close CHILD;
  346: 	foreach my $output_line (@data) {
  347: 	    Debug("Adding $output_line");
  348: 	    $output .= $output_line; # Presumably has a \n on it.
  349: 	}
  350: 
  351:     } else {			# Child process
  352: 	close (STDERR);
  353: 	open  (STDERR, ">&STDOUT");# Combine stderr, and stdout...
  354: 	exec(@words);		# won't return.
  355:     }
  356:     return $output;
  357: }
  358: 
  359: 
  360: #   GetCertificate: Given a transaction that requires a certificate,
  361: #   this function will extract the certificate from the transaction
  362: #   request.  Note that at this point, the only concept of a certificate
  363: #   is the hostname to which we are connected.
  364: #
  365: #   Parameter:
  366: #      request   - The request sent by our client (this parameterization may
  367: #                  need to change when we really use a certificate granting
  368: #                  authority.
  369: #
  370: sub GetCertificate {
  371:     my $request = shift;
  372: 
  373:     return $clientip;
  374: }
  375: 
  376: #
  377: #   Return true if client is a manager.
  378: #
  379: sub isManager {
  380:     return (($ConnectionType eq "manager") || ($ConnectionType eq "both"));
  381: }
  382: #
  383: #   Return tru if client can do client functions
  384: #
  385: sub isClient {
  386:     return (($ConnectionType eq "client") || ($ConnectionType eq "both"));
  387: }
  388: 
  389: 
  390: #
  391: #   ReadManagerTable: Reads in the current manager table. For now this is
  392: #                     done on each manager authentication because:
  393: #                     - These authentications are not frequent
  394: #                     - This allows dynamic changes to the manager table
  395: #                       without the need to signal to the lond.
  396: #
  397: sub ReadManagerTable {
  398: 
  399:     &Debug("Reading manager table");
  400:     #   Clean out the old table first..
  401: 
  402:    foreach my $key (keys %managers) {
  403:       delete $managers{$key};
  404:    }
  405: 
  406:    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
  407:    if (!open (MANAGERS, $tablename)) {
  408:        my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
  409:        if (&Apache::lonnet::is_LC_dns($hostname)) {
  410:            &logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
  411:        }
  412:        return;
  413:    }
  414:    while(my $host = <MANAGERS>) {
  415:       chomp($host);
  416:       if ($host =~ "^#") {                  # Comment line.
  417:          next;
  418:       }
  419:       if (!defined &Apache::lonnet::get_host_ip($host)) { # This is a non cluster member
  420: 	    #  The entry is of the form:
  421: 	    #    cluname:hostname
  422: 	    #  cluname - A 'cluster hostname' is needed in order to negotiate
  423: 	    #            the host key.
  424: 	    #  hostname- The dns name of the host.
  425: 	    #
  426:           my($cluname, $dnsname) = split(/:/, $host);
  427:           
  428:           my $ip = gethostbyname($dnsname);
  429:           if(defined($ip)) {                 # bad names don't deserve entry.
  430:             my $hostip = inet_ntoa($ip);
  431:             $managers{$hostip} = $cluname;
  432:             logthis('<font color="green"> registering manager '.
  433:                     "$dnsname as $cluname with $hostip </font>\n");
  434:          }
  435:       } else {
  436:          logthis('<font color="green"> existing host'." $host</font>\n");
  437:          $managers{&Apache::lonnet::get_host_ip($host)} = $host;  # Use info from cluster tab if cluster memeber
  438:       }
  439:    }
  440: }
  441: 
  442: #
  443: #  ValidManager: Determines if a given certificate represents a valid manager.
  444: #                in this primitive implementation, the 'certificate' is
  445: #                just the connecting loncapa client name.  This is checked
  446: #                against a valid client list in the configuration.
  447: #
  448: #                  
  449: sub ValidManager {
  450:     my $certificate = shift; 
  451: 
  452:     return isManager;
  453: }
  454: #
  455: #  CopyFile:  Called as part of the process of installing a 
  456: #             new configuration file.  This function copies an existing
  457: #             file to a backup file.
  458: # Parameters:
  459: #     oldfile  - Name of the file to backup.
  460: #     newfile  - Name of the backup file.
  461: # Return:
  462: #     0   - Failure (errno has failure reason).
  463: #     1   - Success.
  464: #
  465: sub CopyFile {
  466: 
  467:     my ($oldfile, $newfile) = @_;
  468: 
  469:     if (! copy($oldfile,$newfile)) {
  470:         return 0;
  471:     }
  472:     chmod(0660, $newfile);
  473:     return 1;
  474: }
  475: #
  476: #  Host files are passed out with externally visible host IPs.
  477: #  If, for example, we are behind a fire-wall or NAT host, our 
  478: #  internally visible IP may be different than the externally
  479: #  visible IP.  Therefore, we always adjust the contents of the
  480: #  host file so that the entry for ME is the IP that we believe
  481: #  we have.  At present, this is defined as the entry that
  482: #  DNS has for us.  If by some chance we are not able to get a
  483: #  DNS translation for us, then we assume that the host.tab file
  484: #  is correct.  
  485: #    BUGBUGBUG - in the future, we really should see if we can
  486: #       easily query the interface(s) instead.
  487: # Parameter(s):
  488: #     contents    - The contents of the host.tab to check.
  489: # Returns:
  490: #     newcontents - The adjusted contents.
  491: #
  492: #
  493: sub AdjustHostContents {
  494:     my $contents  = shift;
  495:     my $adjusted;
  496:     my $me        = $perlvar{'lonHostID'};
  497: 
  498:     foreach my $line (split(/\n/,$contents)) {
  499: 	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/) ||
  500:              ($line =~ /^\s*\^/))) {
  501: 	    chomp($line);
  502: 	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
  503: 	    if ($id eq $me) {
  504: 		my $ip = gethostbyname($name);
  505: 		my $ipnew = inet_ntoa($ip);
  506: 		$ip = $ipnew;
  507: 		#  Reconstruct the host line and append to adjusted:
  508: 		
  509: 		my $newline = "$id:$domain:$role:$name:$ip";
  510: 		if($maxcon ne "") { # Not all hosts have loncnew tuning params
  511: 		    $newline .= ":$maxcon:$idleto:$mincon";
  512: 		}
  513: 		$adjusted .= $newline."\n";
  514: 		
  515: 	    } else {		# Not me, pass unmodified.
  516: 		$adjusted .= $line."\n";
  517: 	    }
  518: 	} else {                  # Blank or comment never re-written.
  519: 	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
  520: 	}
  521:     }
  522:     return $adjusted;
  523: }
  524: #
  525: #   InstallFile: Called to install an administrative file:
  526: #       - The file is created int a temp directory called <name>.tmp
  527: #       - lcinstall file is called to install the file.
  528: #         since the web app has no direct write access to the table directory
  529: #
  530: #  Parameters:
  531: #       Name of the file
  532: #       File Contents.
  533: #  Return:
  534: #      nonzero - success.
  535: #      0       - failure and $! has an errno.
  536: # Assumptions:
  537: #    File installtion is a relatively infrequent
  538: #
  539: sub InstallFile {
  540: 
  541:     my ($Filename, $Contents) = @_;
  542: #     my $TempFile = $Filename.".tmp";
  543:     my $exedir = $perlvar{'lonDaemons'};
  544:     my $tmpdir = $exedir.'/tmp/';
  545:     my $TempFile = $tmpdir."TempTableFile.tmp";
  546: 
  547:     #  Open the file for write:
  548: 
  549:     my $fh = IO::File->new("> $TempFile"); # Write to temp.
  550:     if(!(defined $fh)) {
  551: 	&logthis('<font color="red"> Unable to create '.$TempFile."</font>");
  552: 	return 0;
  553:     }
  554:     #  write the contents of the file:
  555: 
  556:     print $fh ($Contents); 
  557:     $fh->close;			# In case we ever have a filesystem w. locking
  558: 
  559:     chmod(0664, $TempFile);	# Everyone can write it.
  560: 
  561:     # Use lcinstall file to put the file in the table directory...
  562: 
  563:     &Debug("Opening pipe to $exedir/lcinstallfile $TempFile $Filename");
  564:     my $pf = IO::File->new("| $exedir/lcinstallfile   $TempFile $Filename > $exedir/logs/lcinstallfile.log");
  565:     close $pf;
  566:     my $err = $?;
  567:     &Debug("Status is $err");
  568:     if ($err != 0) {
  569: 	my $msg = $err;
  570: 	if ($err < @installerrors) {
  571: 	    $msg = $installerrors[$err];
  572: 	}
  573: 	&logthis("Install failed for table file $Filename : $msg");
  574: 	return 0;
  575:     }
  576: 
  577:     # Remove the temp file:
  578: 
  579:     unlink($TempFile);
  580: 
  581:     return 1;
  582: }
  583: 
  584: 
  585: #
  586: #   ConfigFileFromSelector: converts a configuration file selector
  587: #                 into a configuration file pathname.
  588: #                 Supports the following file selectors: 
  589: #                 hosts, domain, dns_hosts, dns_domain  
  590: #
  591: #
  592: #  Parameters:
  593: #      selector  - Configuration file selector.
  594: #  Returns:
  595: #      Full path to the file or undef if the selector is invalid.
  596: #
  597: sub ConfigFileFromSelector {
  598:     my $selector   = shift;
  599:     my $tablefile;
  600: 
  601:     my $tabledir = $perlvar{'lonTabDir'}.'/';
  602:     if (($selector eq "hosts") || ($selector eq "domain") || 
  603:         ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
  604: 	$tablefile =  $tabledir.$selector.'.tab';
  605:     }
  606:     return $tablefile;
  607: }
  608: #
  609: #   PushFile:  Called to do an administrative push of a file.
  610: #              - Ensure the file being pushed is one we support.
  611: #              - Backup the old file to <filename.saved>
  612: #              - Separate the contents of the new file out from the
  613: #                rest of the request.
  614: #              - Write the new file.
  615: #  Parameter:
  616: #     Request - The entire user request.  This consists of a : separated
  617: #               string pushfile:tablename:contents.
  618: #     NOTE:  The contents may have :'s in it as well making things a bit
  619: #            more interesting... but not much.
  620: #  Returns:
  621: #     String to send to client ("ok" or "refused" if bad file).
  622: #
  623: sub PushFile {
  624:     my $request = shift;    
  625:     my ($command, $filename, $contents) = split(":", $request, 3);
  626:     &Debug("PushFile");
  627:     
  628:     #  At this point in time, pushes for only the following tables are
  629:     #  supported:
  630:     #   hosts.tab  ($filename eq host).
  631:     #   domain.tab ($filename eq domain).
  632:     #   dns_hosts.tab ($filename eq dns_host).
  633:     #   dns_domain.tab ($filename eq dns_domain). 
  634:     # Construct the destination filename or reject the request.
  635:     #
  636:     # lonManage is supposed to ensure this, however this session could be
  637:     # part of some elaborate spoof that managed somehow to authenticate.
  638:     #
  639: 
  640: 
  641:     my $tablefile = ConfigFileFromSelector($filename);
  642:     if(! (defined $tablefile)) {
  643: 	return "refused";
  644:     }
  645: 
  646:     #  If the file being pushed is the host file, we adjust the entry for ourself so that the
  647:     #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
  648:     #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a 
  649:     #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
  650:     #  that possibilty.
  651: 
  652:     if($filename eq "host") {
  653: 	$contents = AdjustHostContents($contents);
  654:     }
  655: 
  656:     #  Install the new file:
  657: 
  658:     &logthis("Installing new $tablefile contents:\n$contents");
  659:     if(!InstallFile($tablefile, $contents)) {
  660: 	&logthis('<font color="red"> Pushfile: unable to install '
  661: 	 .$tablefile." $! </font>");
  662: 	return "error:$!";
  663:     } else {
  664: 	&logthis('<font color="green"> Installed new '.$tablefile
  665: 		 ." - transaction by: $clientname ($clientip)</font>");
  666:         my $adminmail = $perlvar{'lonAdmEMail'};
  667:         my $admindom = &Apache::lonnet::host_domain($perlvar{'lonHostID'});
  668:         if ($admindom ne '') {
  669:             my %domconfig =
  670:                 &Apache::lonnet::get_dom('configuration',['contacts'],$admindom);
  671:             if (ref($domconfig{'contacts'}) eq 'HASH') {
  672:                 if ($domconfig{'contacts'}{'adminemail'} ne '') {
  673:                     $adminmail = $domconfig{'contacts'}{'adminemail'};
  674:                 }
  675:             }
  676:         }
  677:         if ($adminmail =~ /^[^\@]+\@[^\@]+$/) {
  678:             my $msg = new Mail::Send;
  679:             $msg->to($adminmail);
  680:             $msg->subject('LON-CAPA DNS update on '.$perlvar{'lonHostID'});
  681:             $msg->add('Content-type','text/plain; charset=UTF-8');
  682:             if (my $fh = $msg->open()) {
  683:                 print $fh 'Update to '.$tablefile.' from Cluster Manager '.
  684:                           "$clientname ($clientip)\n";
  685:                 $fh->close;
  686:             }
  687:         }
  688:     }
  689: 
  690:     #  Indicate success:
  691:  
  692:     return "ok";
  693: 
  694: }
  695: 
  696: #
  697: #  Called to re-init either lonc or lond.
  698: #
  699: #  Parameters:
  700: #    request   - The full request by the client.  This is of the form
  701: #                reinit:<process>  
  702: #                where <process> is allowed to be either of 
  703: #                lonc or lond
  704: #
  705: #  Returns:
  706: #     The string to be sent back to the client either:
  707: #   ok         - Everything worked just fine.
  708: #   error:why  - There was a failure and why describes the reason.
  709: #
  710: #
  711: sub ReinitProcess {
  712:     my $request = shift;
  713: 
  714: 
  715:     # separate the request (reinit) from the process identifier and
  716:     # validate it producing the name of the .pid file for the process.
  717:     #
  718:     #
  719:     my ($junk, $process) = split(":", $request);
  720:     my $processpidfile = $perlvar{'lonDaemons'}.'/logs/';
  721:     if($process eq 'lonc') {
  722: 	$processpidfile = $processpidfile."lonc.pid";
  723: 	if (!open(PIDFILE, "< $processpidfile")) {
  724: 	    return "error:Open failed for $processpidfile";
  725: 	}
  726: 	my $loncpid = <PIDFILE>;
  727: 	close(PIDFILE);
  728: 	logthis('<font color="red"> Reinitializing lonc pid='.$loncpid
  729: 		."</font>");
  730: 	kill("USR2", $loncpid);
  731:     } elsif ($process eq 'lond') {
  732: 	logthis('<font color="red"> Reinitializing self (lond) </font>');
  733: 	&UpdateHosts;			# Lond is us!!
  734:     } else {
  735: 	&logthis('<font color="yellow" Invalid reinit request for '.$process
  736: 		 ."</font>");
  737: 	return "error:Invalid process identifier $process";
  738:     }
  739:     return 'ok';
  740: }
  741: #   Validate a line in a configuration file edit script:
  742: #   Validation includes:
  743: #     - Ensuring the command is valid.
  744: #     - Ensuring the command has sufficient parameters
  745: #   Parameters:
  746: #     scriptline - A line to validate (\n has been stripped for what it's worth).
  747: #
  748: #   Return:
  749: #      0     - Invalid scriptline.
  750: #      1     - Valid scriptline
  751: #  NOTE:
  752: #     Only the command syntax is checked, not the executability of the
  753: #     command.
  754: #
  755: sub isValidEditCommand {
  756:     my $scriptline = shift;
  757: 
  758:     #   Line elements are pipe separated:
  759: 
  760:     my ($command, $key, $newline)  = split(/\|/, $scriptline);
  761:     &logthis('<font color="green"> isValideditCommand checking: '.
  762: 	     "Command = '$command', Key = '$key', Newline = '$newline' </font>\n");
  763:     
  764:     if ($command eq "delete") {
  765: 	#
  766: 	#   key with no newline.
  767: 	#
  768: 	if( ($key eq "") || ($newline ne "")) {
  769: 	    return 0;		# Must have key but no newline.
  770: 	} else {
  771: 	    return 1;		# Valid syntax.
  772: 	}
  773:     } elsif ($command eq "replace") {
  774: 	#
  775: 	#   key and newline:
  776: 	#
  777: 	if (($key eq "") || ($newline eq "")) {
  778: 	    return 0;
  779: 	} else {
  780: 	    return 1;
  781: 	}
  782:     } elsif ($command eq "append") {
  783: 	if (($key ne "") && ($newline eq "")) {
  784: 	    return 1;
  785: 	} else {
  786: 	    return 0;
  787: 	}
  788:     } else {
  789: 	return 0;		# Invalid command.
  790:     }
  791:     return 0;			# Should not get here!!!
  792: }
  793: #
  794: #   ApplyEdit - Applies an edit command to a line in a configuration 
  795: #               file.  It is the caller's responsiblity to validate the
  796: #               edit line.
  797: #   Parameters:
  798: #      $directive - A single edit directive to apply.  
  799: #                   Edit directives are of the form:
  800: #                  append|newline      - Appends a new line to the file.
  801: #                  replace|key|newline - Replaces the line with key value 'key'
  802: #                  delete|key          - Deletes the line with key value 'key'.
  803: #      $editor   - A config file editor object that contains the
  804: #                  file being edited.
  805: #
  806: sub ApplyEdit {
  807: 
  808:     my ($directive, $editor) = @_;
  809: 
  810:     # Break the directive down into its command and its parameters
  811:     # (at most two at this point.  The meaning of the parameters, if in fact
  812:     #  they exist depends on the command).
  813: 
  814:     my ($command, $p1, $p2) = split(/\|/, $directive);
  815: 
  816:     if($command eq "append") {
  817: 	$editor->Append($p1);	          # p1 - key p2 null.
  818:     } elsif ($command eq "replace") {
  819: 	$editor->ReplaceLine($p1, $p2);   # p1 - key p2 = newline.
  820:     } elsif ($command eq "delete") {
  821: 	$editor->DeleteLine($p1);         # p1 - key p2 null.
  822:     } else {			          # Should not get here!!!
  823: 	die "Invalid command given to ApplyEdit $command"
  824:     }
  825: }
  826: #
  827: # AdjustOurHost:
  828: #           Adjusts a host file stored in a configuration file editor object
  829: #           for the true IP address of this host. This is necessary for hosts
  830: #           that live behind a firewall.
  831: #           Those hosts have a publicly distributed IP of the firewall, but
  832: #           internally must use their actual IP.  We assume that a given
  833: #           host only has a single IP interface for now.
  834: # Formal Parameters:
  835: #     editor   - The configuration file editor to adjust.  This
  836: #                editor is assumed to contain a hosts.tab file.
  837: # Strategy:
  838: #    - Figure out our hostname.
  839: #    - Lookup the entry for this host.
  840: #    - Modify the line to contain our IP
  841: #    - Do a replace for this host.
  842: sub AdjustOurHost {
  843:     my $editor        = shift;
  844: 
  845:     # figure out who I am.
  846: 
  847:     my $myHostName    = $perlvar{'lonHostID'}; # LonCAPA hostname.
  848: 
  849:     #  Get my host file entry.
  850: 
  851:     my $ConfigLine    = $editor->Find($myHostName);
  852:     if(! (defined $ConfigLine)) {
  853: 	die "AdjustOurHost - no entry for me in hosts file $myHostName";
  854:     }
  855:     # figure out my IP:
  856:     #   Use the config line to get my hostname.
  857:     #   Use gethostbyname to translate that into an IP address.
  858:     #
  859:     my ($id,$domain,$role,$name,$maxcon,$idleto,$mincon) = split(/:/,$ConfigLine);
  860:     #
  861:     #  Reassemble the config line from the elements in the list.
  862:     #  Note that if the loncnew items were not present before, they will
  863:     #  be now even if they would be empty
  864:     #
  865:     my $newConfigLine = $id;
  866:     foreach my $item ($domain, $role, $name, $maxcon, $idleto, $mincon) {
  867: 	$newConfigLine .= ":".$item;
  868:     }
  869:     #  Replace the line:
  870: 
  871:     $editor->ReplaceLine($id, $newConfigLine);
  872:     
  873: }
  874: #
  875: #   ReplaceConfigFile:
  876: #              Replaces a configuration file with the contents of a
  877: #              configuration file editor object.
  878: #              This is done by:
  879: #              - Copying the target file to <filename>.old
  880: #              - Writing the new file to <filename>.tmp
  881: #              - Moving <filename.tmp>  -> <filename>
  882: #              This laborious process ensures that the system is never without
  883: #              a configuration file that's at least valid (even if the contents
  884: #              may be dated).
  885: #   Parameters:
  886: #        filename   - Name of the file to modify... this is a full path.
  887: #        editor     - Editor containing the file.
  888: #
  889: sub ReplaceConfigFile {
  890:     
  891:     my ($filename, $editor) = @_;
  892: 
  893:     CopyFile ($filename, $filename.".old");
  894: 
  895:     my $contents  = $editor->Get(); # Get the contents of the file.
  896: 
  897:     InstallFile($filename, $contents);
  898: }
  899: #   
  900: #
  901: #   Called to edit a configuration table  file
  902: #   Parameters:
  903: #      request           - The entire command/request sent by lonc or lonManage
  904: #   Return:
  905: #      The reply to send to the client.
  906: #
  907: sub EditFile {
  908:     my $request = shift;
  909: 
  910:     #  Split the command into it's pieces:  edit:filetype:script
  911: 
  912:     my ($cmd, $filetype, $script) = split(/:/, $request,3);	# : in script
  913: 
  914:     #  Check the pre-coditions for success:
  915: 
  916:     if($cmd != "edit") {	# Something is amiss afoot alack.
  917: 	return "error:edit request detected, but request != 'edit'\n";
  918:     }
  919:     if( ($filetype ne "hosts")  &&
  920: 	($filetype ne "domain")) {
  921: 	return "error:edit requested with invalid file specifier: $filetype \n";
  922:     }
  923: 
  924:     #   Split the edit script and check it's validity.
  925: 
  926:     my @scriptlines = split(/\n/, $script);  # one line per element.
  927:     my $linecount   = scalar(@scriptlines);
  928:     for(my $i = 0; $i < $linecount; $i++) {
  929: 	chomp($scriptlines[$i]);
  930: 	if(!isValidEditCommand($scriptlines[$i])) {
  931: 	    return "error:edit with bad script line: '$scriptlines[$i]' \n";
  932: 	}
  933:     }
  934: 
  935:     #   Execute the edit operation.
  936:     #   - Create a config file editor for the appropriate file and 
  937:     #   - execute each command in the script:
  938:     #
  939:     my $configfile = ConfigFileFromSelector($filetype);
  940:     if (!(defined $configfile)) {
  941: 	return "refused\n";
  942:     }
  943:     my $editor = ConfigFileEdit->new($configfile);
  944: 
  945:     for (my $i = 0; $i < $linecount; $i++) {
  946: 	ApplyEdit($scriptlines[$i], $editor);
  947:     }
  948:     # If the file is the host file, ensure that our host is
  949:     # adjusted to have our ip:
  950:     #
  951:     if($filetype eq "host") {
  952: 	AdjustOurHost($editor);
  953:     }
  954:     #  Finally replace the current file with our file.
  955:     #
  956:     ReplaceConfigFile($configfile, $editor);
  957: 
  958:     return "ok\n";
  959: }
  960: 
  961: #   read_profile
  962: #
  963: #   Returns a set of specific entries from a user's profile file.
  964: #   this is a utility function that is used by both get_profile_entry and
  965: #   get_profile_entry_encrypted.
  966: #
  967: # Parameters:
  968: #    udom       - Domain in which the user exists.
  969: #    uname      - User's account name (loncapa account)
  970: #    namespace  - The profile namespace to open.
  971: #    what       - A set of & separated queries.
  972: # Returns:
  973: #    If all ok: - The string that needs to be shipped back to the user.
  974: #    If failure - A string that starts with error: followed by the failure
  975: #                 reason.. note that this probabyl gets shipped back to the
  976: #                 user as well.
  977: #
  978: sub read_profile {
  979:     my ($udom, $uname, $namespace, $what) = @_;
  980:     
  981:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
  982: 				 &GDBM_READER());
  983:     if ($hashref) {
  984:         my @queries=split(/\&/,$what);
  985:         if ($namespace eq 'roles') {
  986:             @queries = map { &unescape($_); } @queries; 
  987:         }
  988:         my $qresult='';
  989: 	
  990: 	for (my $i=0;$i<=$#queries;$i++) {
  991: 	    $qresult.="$hashref->{$queries[$i]}&";    # Presumably failure gives empty string.
  992: 	}
  993: 	$qresult=~s/\&$//;              # Remove trailing & from last lookup.
  994: 	if (&untie_user_hash($hashref)) {
  995: 	    return $qresult;
  996: 	} else {
  997: 	    return "error: ".($!+0)." untie (GDBM) Failed";
  998: 	}
  999:     } else {
 1000: 	if ($!+0 == 2) {
 1001: 	    return "error:No such file or GDBM reported bad block error";
 1002: 	} else {
 1003: 	    return "error: ".($!+0)." tie (GDBM) Failed";
 1004: 	}
 1005:     }
 1006: 
 1007: }
 1008: #--------------------- Request Handlers --------------------------------------------
 1009: #
 1010: #   By convention each request handler registers itself prior to the sub 
 1011: #   declaration:
 1012: #
 1013: 
 1014: #++
 1015: #
 1016: #  Handles ping requests.
 1017: #  Parameters:
 1018: #      $cmd    - the actual keyword that invoked us.
 1019: #      $tail   - the tail of the request that invoked us.
 1020: #      $replyfd- File descriptor connected to the client
 1021: #  Implicit Inputs:
 1022: #      $currenthostid - Global variable that carries the name of the host we are
 1023: #                       known as.
 1024: #  Returns:
 1025: #      1       - Ok to continue processing.
 1026: #      0       - Program should exit.
 1027: #  Side effects:
 1028: #      Reply information is sent to the client.
 1029: sub ping_handler {
 1030:     my ($cmd, $tail, $client) = @_;
 1031:     Debug("$cmd $tail $client .. $currenthostid:");
 1032:    
 1033:     Reply( $client,\$currenthostid,"$cmd:$tail");
 1034:    
 1035:     return 1;
 1036: }
 1037: &register_handler("ping", \&ping_handler, 0, 1, 1);       # Ping unencoded, client or manager.
 1038: 
 1039: #++
 1040: #
 1041: # Handles pong requests.  Pong replies with our current host id, and
 1042: #                         the results of a ping sent to us via our lonc.
 1043: #
 1044: # Parameters:
 1045: #      $cmd    - the actual keyword that invoked us.
 1046: #      $tail   - the tail of the request that invoked us.
 1047: #      $replyfd- File descriptor connected to the client
 1048: #  Implicit Inputs:
 1049: #      $currenthostid - Global variable that carries the name of the host we are
 1050: #                       connected to.
 1051: #  Returns:
 1052: #      1       - Ok to continue processing.
 1053: #      0       - Program should exit.
 1054: #  Side effects:
 1055: #      Reply information is sent to the client.
 1056: sub pong_handler {
 1057:     my ($cmd, $tail, $replyfd) = @_;
 1058: 
 1059:     my $reply=&Apache::lonnet::reply("ping",$clientname);
 1060:     &Reply( $replyfd, "$currenthostid:$reply\n", "$cmd:$tail"); 
 1061:     return 1;
 1062: }
 1063: &register_handler("pong", \&pong_handler, 0, 1, 1);       # Pong unencoded, client or manager
 1064: 
 1065: #++
 1066: #      Called to establish an encrypted session key with the remote client.
 1067: #      Note that with secure lond, in most cases this function is never
 1068: #      invoked.  Instead, the secure session key is established either
 1069: #      via a local file that's locked down tight and only lives for a short
 1070: #      time, or via an ssl tunnel...and is generated from a bunch-o-random
 1071: #      bits from /dev/urandom, rather than the predictable pattern used by
 1072: #      by this sub.  This sub is only used in the old-style insecure
 1073: #      key negotiation.
 1074: # Parameters:
 1075: #      $cmd    - the actual keyword that invoked us.
 1076: #      $tail   - the tail of the request that invoked us.
 1077: #      $replyfd- File descriptor connected to the client
 1078: #  Implicit Inputs:
 1079: #      $currenthostid - Global variable that carries the name of the host
 1080: #                       known as.
 1081: #      $clientname    - Global variable that carries the name of the host we're connected to.
 1082: #  Returns:
 1083: #      1       - Ok to continue processing.
 1084: #      0       - Program should exit.
 1085: #  Implicit Outputs:
 1086: #      Reply information is sent to the client.
 1087: #      $cipher is set with a reference to a new IDEA encryption object.
 1088: #
 1089: sub establish_key_handler {
 1090:     my ($cmd, $tail, $replyfd) = @_;
 1091: 
 1092:     my $buildkey=time.$$.int(rand 100000);
 1093:     $buildkey=~tr/1-6/A-F/;
 1094:     $buildkey=int(rand 100000).$buildkey.int(rand 100000);
 1095:     my $key=$currenthostid.$clientname;
 1096:     $key=~tr/a-z/A-Z/;
 1097:     $key=~tr/G-P/0-9/;
 1098:     $key=~tr/Q-Z/0-9/;
 1099:     $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
 1100:     $key=substr($key,0,32);
 1101:     my $cipherkey=pack("H32",$key);
 1102:     $cipher=new IDEA $cipherkey;
 1103:     &Reply($replyfd, \$buildkey, "$cmd:$tail"); 
 1104:    
 1105:     return 1;
 1106: 
 1107: }
 1108: &register_handler("ekey", \&establish_key_handler, 0, 1,1);
 1109: 
 1110: #     Handler for the load command.  Returns the current system load average
 1111: #     to the requestor.
 1112: #
 1113: # Parameters:
 1114: #      $cmd    - the actual keyword that invoked us.
 1115: #      $tail   - the tail of the request that invoked us.
 1116: #      $replyfd- File descriptor connected to the client
 1117: #  Implicit Inputs:
 1118: #      $currenthostid - Global variable that carries the name of the host
 1119: #                       known as.
 1120: #      $clientname    - Global variable that carries the name of the host we're connected to.
 1121: #  Returns:
 1122: #      1       - Ok to continue processing.
 1123: #      0       - Program should exit.
 1124: #  Side effects:
 1125: #      Reply information is sent to the client.
 1126: sub load_handler {
 1127:     my ($cmd, $tail, $replyfd) = @_;
 1128: 
 1129: 
 1130: 
 1131:    # Get the load average from /proc/loadavg and calculate it as a percentage of
 1132:    # the allowed load limit as set by the perl global variable lonLoadLim
 1133: 
 1134:     my $loadavg;
 1135:     my $loadfile=IO::File->new('/proc/loadavg');
 1136:    
 1137:     $loadavg=<$loadfile>;
 1138:     $loadavg =~ s/\s.*//g;                      # Extract the first field only.
 1139:    
 1140:     my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
 1141: 
 1142:     &Reply( $replyfd, \$loadpercent, "$cmd:$tail");
 1143:    
 1144:     return 1;
 1145: }
 1146: &register_handler("load", \&load_handler, 0, 1, 0);
 1147: 
 1148: #
 1149: #   Process the userload request.  This sub returns to the client the current
 1150: #  user load average.  It can be invoked either by clients or managers.
 1151: #
 1152: # Parameters:
 1153: #      $cmd    - the actual keyword that invoked us.
 1154: #      $tail   - the tail of the request that invoked us.
 1155: #      $replyfd- File descriptor connected to the client
 1156: #  Implicit Inputs:
 1157: #      $currenthostid - Global variable that carries the name of the host
 1158: #                       known as.
 1159: #      $clientname    - Global variable that carries the name of the host we're connected to.
 1160: #  Returns:
 1161: #      1       - Ok to continue processing.
 1162: #      0       - Program should exit
 1163: # Implicit inputs:
 1164: #     whatever the userload() function requires.
 1165: #  Implicit outputs:
 1166: #     the reply is written to the client.
 1167: #
 1168: sub user_load_handler {
 1169:     my ($cmd, $tail, $replyfd) = @_;
 1170: 
 1171:     my $userloadpercent=&Apache::lonnet::userload();
 1172:     &Reply($replyfd, \$userloadpercent, "$cmd:$tail");
 1173:     
 1174:     return 1;
 1175: }
 1176: &register_handler("userload", \&user_load_handler, 0, 1, 0);
 1177: 
 1178: #   Process a request for the authorization type of a user:
 1179: #   (userauth).
 1180: #
 1181: # Parameters:
 1182: #      $cmd    - the actual keyword that invoked us.
 1183: #      $tail   - the tail of the request that invoked us.
 1184: #      $replyfd- File descriptor connected to the client
 1185: #  Returns:
 1186: #      1       - Ok to continue processing.
 1187: #      0       - Program should exit
 1188: # Implicit outputs:
 1189: #    The user authorization type is written to the client.
 1190: #
 1191: sub user_authorization_type {
 1192:     my ($cmd, $tail, $replyfd) = @_;
 1193:    
 1194:     my $userinput = "$cmd:$tail";
 1195:    
 1196:     #  Pull the domain and username out of the command tail.
 1197:     # and call get_auth_type to determine the authentication type.
 1198:    
 1199:     my ($udom,$uname)=split(/:/,$tail);
 1200:     my $result = &get_auth_type($udom, $uname);
 1201:     if($result eq "nouser") {
 1202: 	&Failure( $replyfd, "unknown_user\n", $userinput);
 1203:     } else {
 1204: 	#
 1205: 	# We only want to pass the second field from get_auth_type
 1206: 	# for ^krb.. otherwise we'll be handing out the encrypted
 1207: 	# password for internals e.g.
 1208: 	#
 1209: 	my ($type,$otherinfo) = split(/:/,$result);
 1210: 	if($type =~ /^krb/) {
 1211: 	    $type = $result;
 1212: 	} else {
 1213:             $type .= ':';
 1214:         }
 1215: 	&Reply( $replyfd, \$type, $userinput);
 1216:     }
 1217:   
 1218:     return 1;
 1219: }
 1220: &register_handler("currentauth", \&user_authorization_type, 1, 1, 0);
 1221: 
 1222: #   Process a request by a manager to push a hosts or domain table 
 1223: #   to us.  We pick apart the command and pass it on to the subs
 1224: #   that already exist to do this.
 1225: #
 1226: # Parameters:
 1227: #      $cmd    - the actual keyword that invoked us.
 1228: #      $tail   - the tail of the request that invoked us.
 1229: #      $client - File descriptor connected to the client
 1230: #  Returns:
 1231: #      1       - Ok to continue processing.
 1232: #      0       - Program should exit
 1233: # Implicit Output:
 1234: #    a reply is written to the client.
 1235: sub push_file_handler {
 1236:     my ($cmd, $tail, $client) = @_;
 1237:     &Debug("In push file handler");
 1238:     my $userinput = "$cmd:$tail";
 1239: 
 1240:     # At this time we only know that the IP of our partner is a valid manager
 1241:     # the code below is a hook to do further authentication (e.g. to resolve
 1242:     # spoofing).
 1243: 
 1244:     my $cert = &GetCertificate($userinput);
 1245:     if(&ValidManager($cert)) {
 1246: 	&Debug("Valid manager: $client");
 1247: 
 1248: 	# Now presumably we have the bona fides of both the peer host and the
 1249: 	# process making the request.
 1250:       
 1251: 	my $reply = &PushFile($userinput);
 1252: 	&Reply($client, \$reply, $userinput);
 1253: 
 1254:     } else {
 1255: 	&logthis("push_file_handler $client is not valid");
 1256: 	&Failure( $client, "refused\n", $userinput);
 1257:     } 
 1258:     return 1;
 1259: }
 1260: &register_handler("pushfile", \&push_file_handler, 1, 0, 1);
 1261: 
 1262: # The du_handler routine should be considered obsolete and is retained
 1263: # for communication with legacy servers.  Please see the du2_handler.
 1264: #
 1265: #   du  - list the disk usage of a directory recursively. 
 1266: #    
 1267: #   note: stolen code from the ls file handler
 1268: #   under construction by Rick Banghart 
 1269: #    .
 1270: # Parameters:
 1271: #    $cmd        - The command that dispatched us (du).
 1272: #    $ududir     - The directory path to list... I'm not sure what this
 1273: #                  is relative as things like ls:. return e.g.
 1274: #                  no_such_dir.
 1275: #    $client     - Socket open on the client.
 1276: # Returns:
 1277: #     1 - indicating that the daemon should not disconnect.
 1278: # Side Effects:
 1279: #   The reply is written to  $client.
 1280: #
 1281: sub du_handler {
 1282:     my ($cmd, $ududir, $client) = @_;
 1283:     ($ududir) = split(/:/,$ududir); # Make 'telnet' testing easier.
 1284:     my $userinput = "$cmd:$ududir";
 1285: 
 1286:     if ($ududir=~/\.\./ || $ududir!~m|^/home/httpd/|) {
 1287: 	&Failure($client,"refused\n","$cmd:$ududir");
 1288: 	return 1;
 1289:     }
 1290:     #  Since $ududir could have some nasties in it,
 1291:     #  we will require that ududir is a valid
 1292:     #  directory.  Just in case someone tries to
 1293:     #  slip us a  line like .;(cd /home/httpd rm -rf*)
 1294:     #  etc.
 1295:     #
 1296:     if (-d $ududir) {
 1297: 	my $total_size=0;
 1298: 	my $code=sub { 
 1299: 	    if ($_=~/\.\d+\./) { return;} 
 1300: 	    if ($_=~/\.meta$/) { return;}
 1301: 	    if (-d $_)         { return;}
 1302: 	    $total_size+=(stat($_))[7];
 1303: 	};
 1304: 	chdir($ududir);
 1305: 	find($code,$ududir);
 1306: 	$total_size=int($total_size/1024);
 1307: 	&Reply($client,\$total_size,"$cmd:$ududir");
 1308:     } else {
 1309: 	&Failure($client, "bad_directory:$ududir\n","$cmd:$ududir"); 
 1310:     }
 1311:     return 1;
 1312: }
 1313: &register_handler("du", \&du_handler, 0, 1, 0);
 1314: 
 1315: # Please also see the du_handler, which is obsoleted by du2. 
 1316: # du2_handler differs from du_handler in that required path to directory
 1317: # provided by &propath() is prepended in the handler instead of on the 
 1318: # client side.
 1319: #
 1320: #   du2  - list the disk usage of a directory recursively.
 1321: #
 1322: # Parameters:
 1323: #    $cmd        - The command that dispatched us (du).
 1324: #    $tail       - The tail of the request that invoked us.
 1325: #                  $tail is a : separated list of the following:
 1326: #                   - $ududir - directory path to list (before prepending)
 1327: #                   - $getpropath = 1 if &propath() should prepend
 1328: #                   - $uname - username to use for &propath or user dir
 1329: #                   - $udom - domain to use for &propath or user dir
 1330: #                   All are escaped.
 1331: #    $client     - Socket open on the client.
 1332: # Returns:
 1333: #     1 - indicating that the daemon should not disconnect.
 1334: # Side Effects:
 1335: #   The reply is written to $client.
 1336: #
 1337: 
 1338: sub du2_handler {
 1339:     my ($cmd, $tail, $client) = @_;
 1340:     my ($ududir,$getpropath,$uname,$udom) = map { &unescape($_) } (split(/:/, $tail));
 1341:     my $userinput = "$cmd:$tail";
 1342:     if (($ududir=~/\.\./) || (($ududir!~m|^/home/httpd/|) && (!$getpropath))) {
 1343:         &Failure($client,"refused\n","$cmd:$tail");
 1344:         return 1;
 1345:     }
 1346:     if ($getpropath) {
 1347:         if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) {
 1348:             $ududir = &propath($udom,$uname).'/'.$ududir;
 1349:         } else {
 1350:             &Failure($client,"refused\n","$cmd:$tail");
 1351:             return 1;
 1352:         }
 1353:     }
 1354:     #  Since $ududir could have some nasties in it,
 1355:     #  we will require that ududir is a valid
 1356:     #  directory.  Just in case someone tries to
 1357:     #  slip us a  line like .;(cd /home/httpd rm -rf*)
 1358:     #  etc.
 1359:     #
 1360:     if (-d $ududir) {
 1361:         my $total_size=0;
 1362:         my $code=sub {
 1363:             if ($_=~/\.\d+\./) { return;}
 1364:             if ($_=~/\.meta$/) { return;}
 1365:             if (-d $_)         { return;}
 1366:             $total_size+=(stat($_))[7];
 1367:         };
 1368:         chdir($ududir);
 1369:         find($code,$ududir);
 1370:         $total_size=int($total_size/1024);
 1371:         &Reply($client,\$total_size,"$cmd:$ududir");
 1372:     } else {
 1373:         &Failure($client, "bad_directory:$ududir\n","$cmd:$tail");
 1374:     }
 1375:     return 1;
 1376: }
 1377: &register_handler("du2", \&du2_handler, 0, 1, 0);
 1378: 
 1379: #
 1380: # The ls_handler routine should be considered obsolete and is retained
 1381: # for communication with legacy servers.  Please see the ls3_handler.
 1382: #
 1383: #   ls  - list the contents of a directory.  For each file in the
 1384: #    selected directory the filename followed by the full output of
 1385: #    the stat function is returned.  The returned info for each
 1386: #    file are separated by ':'.  The stat fields are separated by &'s.
 1387: # Parameters:
 1388: #    $cmd        - The command that dispatched us (ls).
 1389: #    $ulsdir     - The directory path to list... I'm not sure what this
 1390: #                  is relative as things like ls:. return e.g.
 1391: #                  no_such_dir.
 1392: #    $client     - Socket open on the client.
 1393: # Returns:
 1394: #     1 - indicating that the daemon should not disconnect.
 1395: # Side Effects:
 1396: #   The reply is written to  $client.
 1397: #
 1398: sub ls_handler {
 1399:     # obsoleted by ls2_handler
 1400:     my ($cmd, $ulsdir, $client) = @_;
 1401: 
 1402:     my $userinput = "$cmd:$ulsdir";
 1403: 
 1404:     my $obs;
 1405:     my $rights;
 1406:     my $ulsout='';
 1407:     my $ulsfn;
 1408:     if (-e $ulsdir) {
 1409: 	if(-d $ulsdir) {
 1410: 	    if (opendir(LSDIR,$ulsdir)) {
 1411: 		while ($ulsfn=readdir(LSDIR)) {
 1412: 		    undef($obs);
 1413: 		    undef($rights); 
 1414: 		    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
 1415: 		    #We do some obsolete checking here
 1416: 		    if(-e $ulsdir.'/'.$ulsfn.".meta") { 
 1417: 			open(FILE, $ulsdir.'/'.$ulsfn.".meta");
 1418: 			my @obsolete=<FILE>;
 1419: 			foreach my $obsolete (@obsolete) {
 1420: 			    if($obsolete =~ m/(<obsolete>)(on|1)/) { $obs = 1; } 
 1421: 			    if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
 1422: 			}
 1423: 		    }
 1424: 		    $ulsout.=$ulsfn.'&'.join('&',@ulsstats);
 1425: 		    if($obs eq '1') { $ulsout.="&1"; }
 1426: 		    else { $ulsout.="&0"; }
 1427: 		    if($rights eq '1') { $ulsout.="&1:"; }
 1428: 		    else { $ulsout.="&0:"; }
 1429: 		}
 1430: 		closedir(LSDIR);
 1431: 	    }
 1432: 	} else {
 1433: 	    my @ulsstats=stat($ulsdir);
 1434: 	    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
 1435: 	}
 1436:     } else {
 1437: 	$ulsout='no_such_dir';
 1438:     }
 1439:     if ($ulsout eq '') { $ulsout='empty'; }
 1440:     &Reply($client, \$ulsout, $userinput); # This supports debug logging.
 1441:     
 1442:     return 1;
 1443: 
 1444: }
 1445: &register_handler("ls", \&ls_handler, 0, 1, 0);
 1446: 
 1447: # The ls2_handler routine should be considered obsolete and is retained
 1448: # for communication with legacy servers.  Please see the ls3_handler.
 1449: # Please also see the ls_handler, which was itself obsoleted by ls2.
 1450: # ls2_handler differs from ls_handler in that it escapes its return 
 1451: # values before concatenating them together with ':'s.
 1452: #
 1453: #   ls2  - list the contents of a directory.  For each file in the
 1454: #    selected directory the filename followed by the full output of
 1455: #    the stat function is returned.  The returned info for each
 1456: #    file are separated by ':'.  The stat fields are separated by &'s.
 1457: # Parameters:
 1458: #    $cmd        - The command that dispatched us (ls).
 1459: #    $ulsdir     - The directory path to list... I'm not sure what this
 1460: #                  is relative as things like ls:. return e.g.
 1461: #                  no_such_dir.
 1462: #    $client     - Socket open on the client.
 1463: # Returns:
 1464: #     1 - indicating that the daemon should not disconnect.
 1465: # Side Effects:
 1466: #   The reply is written to  $client.
 1467: #
 1468: sub ls2_handler {
 1469:     my ($cmd, $ulsdir, $client) = @_;
 1470: 
 1471:     my $userinput = "$cmd:$ulsdir";
 1472: 
 1473:     my $obs;
 1474:     my $rights;
 1475:     my $ulsout='';
 1476:     my $ulsfn;
 1477:     if (-e $ulsdir) {
 1478:         if(-d $ulsdir) {
 1479:             if (opendir(LSDIR,$ulsdir)) {
 1480:                 while ($ulsfn=readdir(LSDIR)) {
 1481:                     undef($obs);
 1482: 		    undef($rights); 
 1483:                     my @ulsstats=stat($ulsdir.'/'.$ulsfn);
 1484:                     #We do some obsolete checking here
 1485:                     if(-e $ulsdir.'/'.$ulsfn.".meta") { 
 1486:                         open(FILE, $ulsdir.'/'.$ulsfn.".meta");
 1487:                         my @obsolete=<FILE>;
 1488:                         foreach my $obsolete (@obsolete) {
 1489:                             if($obsolete =~ m/(<obsolete>)(on|1)/) { $obs = 1; } 
 1490:                             if($obsolete =~ m|(<copyright>)(default)|) {
 1491:                                 $rights = 1;
 1492:                             }
 1493:                         }
 1494:                     }
 1495:                     my $tmp = $ulsfn.'&'.join('&',@ulsstats);
 1496:                     if ($obs    eq '1') { $tmp.="&1"; } else { $tmp.="&0"; }
 1497:                     if ($rights eq '1') { $tmp.="&1"; } else { $tmp.="&0"; }
 1498:                     $ulsout.= &escape($tmp).':';
 1499:                 }
 1500:                 closedir(LSDIR);
 1501:             }
 1502:         } else {
 1503:             my @ulsstats=stat($ulsdir);
 1504:             $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
 1505:         }
 1506:     } else {
 1507:         $ulsout='no_such_dir';
 1508:    }
 1509:    if ($ulsout eq '') { $ulsout='empty'; }
 1510:    &Reply($client, \$ulsout, $userinput); # This supports debug logging.
 1511:    return 1;
 1512: }
 1513: &register_handler("ls2", \&ls2_handler, 0, 1, 0);
 1514: #
 1515: #   ls3  - list the contents of a directory.  For each file in the
 1516: #    selected directory the filename followed by the full output of
 1517: #    the stat function is returned.  The returned info for each
 1518: #    file are separated by ':'.  The stat fields are separated by &'s.
 1519: # Parameters:
 1520: #    $cmd        - The command that dispatched us (ls).
 1521: #    $tail       - The tail of the request that invoked us.
 1522: #                  $tail is a : separated list of the following:
 1523: #                   - $ulsdir - directory path to list (before prepending)
 1524: #                   - $getpropath = 1 if &propath() should prepend
 1525: #                   - $getuserdir = 1 if path to user dir in lonUsers should
 1526: #                                     prepend
 1527: #                   - $alternate_root - path to prepend
 1528: #                   - $uname - username to use for &propath or user dir
 1529: #                   - $udom - domain to use for &propath or user dir
 1530: #            All of these except $getpropath and &getuserdir are escaped.    
 1531: #                  no_such_dir.
 1532: #    $client     - Socket open on the client.
 1533: # Returns:
 1534: #     1 - indicating that the daemon should not disconnect.
 1535: # Side Effects:
 1536: #   The reply is written to $client.
 1537: #
 1538: 
 1539: sub ls3_handler {
 1540:     my ($cmd, $tail, $client) = @_;
 1541:     my $userinput = "$cmd:$tail";
 1542:     my ($ulsdir,$getpropath,$getuserdir,$alternate_root,$uname,$udom) =
 1543:         split(/:/,$tail);
 1544:     if (defined($ulsdir)) {
 1545:         $ulsdir = &unescape($ulsdir);
 1546:     }
 1547:     if (defined($alternate_root)) {
 1548:         $alternate_root = &unescape($alternate_root);
 1549:     }
 1550:     if (defined($uname)) {
 1551:         $uname = &unescape($uname);
 1552:     }
 1553:     if (defined($udom)) {
 1554:         $udom = &unescape($udom);
 1555:     }
 1556: 
 1557:     my $dir_root = $perlvar{'lonDocRoot'};
 1558:     if ($getpropath) {
 1559:         if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) {
 1560:             $dir_root = &propath($udom,$uname);
 1561:             $dir_root =~ s/\/$//;
 1562:         } else {
 1563:             &Failure($client,"refused\n","$cmd:$tail");
 1564:             return 1;
 1565:         }
 1566:     } elsif ($getuserdir) {
 1567:         if (($uname =~ /^$LONCAPA::match_name$/) && ($udom =~ /^$LONCAPA::match_domain$/)) {
 1568:             my $subdir=$uname.'__';
 1569:             $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
 1570:             $dir_root = $Apache::lonnet::perlvar{'lonUsersDir'}
 1571:                        ."/$udom/$subdir/$uname";
 1572:         } else {
 1573:             &Failure($client,"refused\n","$cmd:$tail");
 1574:             return 1;
 1575:         }
 1576:     } elsif ($alternate_root ne '') {
 1577:         $dir_root = $alternate_root;
 1578:     }
 1579:     if (($dir_root ne '') && ($dir_root ne '/')) {
 1580:         if ($ulsdir =~ /^\//) {
 1581:             $ulsdir = $dir_root.$ulsdir;
 1582:         } else {
 1583:             $ulsdir = $dir_root.'/'.$ulsdir;
 1584:         }
 1585:     }
 1586:     my $obs;
 1587:     my $rights;
 1588:     my $ulsout='';
 1589:     my $ulsfn;
 1590:     if (-e $ulsdir) {
 1591:         if(-d $ulsdir) {
 1592:             if (opendir(LSDIR,$ulsdir)) {
 1593:                 while ($ulsfn=readdir(LSDIR)) {
 1594:                     undef($obs);
 1595:                     undef($rights);
 1596:                     my @ulsstats=stat($ulsdir.'/'.$ulsfn);
 1597:                     #We do some obsolete checking here
 1598:                     if(-e $ulsdir.'/'.$ulsfn.".meta") {
 1599:                         open(FILE, $ulsdir.'/'.$ulsfn.".meta");
 1600:                         my @obsolete=<FILE>;
 1601:                         foreach my $obsolete (@obsolete) {
 1602:                             if($obsolete =~ m/(<obsolete>)(on|1)/) { $obs = 1; }
 1603:                             if($obsolete =~ m|(<copyright>)(default)|) {
 1604:                                 $rights = 1;
 1605:                             }
 1606:                         }
 1607:                     }
 1608:                     my $tmp = $ulsfn.'&'.join('&',@ulsstats);
 1609:                     if ($obs    eq '1') { $tmp.="&1"; } else { $tmp.="&0"; }
 1610:                     if ($rights eq '1') { $tmp.="&1"; } else { $tmp.="&0"; }
 1611:                     $ulsout.= &escape($tmp).':';
 1612:                 }
 1613:                 closedir(LSDIR);
 1614:             }
 1615:         } else {
 1616:             my @ulsstats=stat($ulsdir);
 1617:             $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
 1618:         }
 1619:     } else {
 1620:         $ulsout='no_such_dir';
 1621:     }
 1622:     if ($ulsout eq '') { $ulsout='empty'; }
 1623:     &Reply($client, \$ulsout, $userinput); # This supports debug logging.
 1624:     return 1;
 1625: }
 1626: &register_handler("ls3", \&ls3_handler, 0, 1, 0);
 1627: 
 1628: sub read_lonnet_global {
 1629:     my ($cmd,$tail,$client) = @_;
 1630:     my $userinput = "$cmd:$tail";
 1631:     my $requested = &Apache::lonnet::thaw_unescape($tail);
 1632:     my $result;
 1633:     my %packagevars = (
 1634:                         spareid => \%Apache::lonnet::spareid,
 1635:                         perlvar => \%Apache::lonnet::perlvar,
 1636:                       );
 1637:     my %limit_to = (
 1638:                     perlvar => {
 1639:                                  lonOtherAuthen => 1,
 1640:                                  lonBalancer    => 1,
 1641:                                  lonVersion     => 1,
 1642:                                  lonSysEMail    => 1,
 1643:                                  lonHostID      => 1,
 1644:                                  lonRole        => 1,
 1645:                                  lonDefDomain   => 1,
 1646:                                  lonLoadLim     => 1,
 1647:                                  lonUserLoadLim => 1,
 1648:                                }
 1649:                   );
 1650:     if (ref($requested) eq 'HASH') {
 1651:         foreach my $what (keys(%{$requested})) {
 1652:             my $response;
 1653:             my $items = {};
 1654:             if (exists($packagevars{$what})) {
 1655:                 if (ref($limit_to{$what}) eq 'HASH') {
 1656:                     foreach my $varname (keys(%{$packagevars{$what}})) {
 1657:                         if ($limit_to{$what}{$varname}) {
 1658:                             $items->{$varname} = $packagevars{$what}{$varname};
 1659:                         }
 1660:                     }
 1661:                 } else {
 1662:                     $items = $packagevars{$what};
 1663:                 }
 1664:                 if ($what eq 'perlvar') {
 1665:                     if (!exists($packagevars{$what}{'lonBalancer'})) {
 1666:                         if ($dist =~ /^(centos|rhes|fedora|scientific)/) {
 1667:                             my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
 1668:                             if (ref($othervarref) eq 'HASH') {
 1669:                                 $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
 1670:                             }
 1671:                         }
 1672:                     }
 1673:                 }
 1674:                 $response = &Apache::lonnet::freeze_escape($items);
 1675:             }
 1676:             $result .= &escape($what).'='.$response.'&';
 1677:         }
 1678:     }
 1679:     $result =~ s/\&$//;
 1680:     &Reply($client,\$result,$userinput);
 1681:     return 1;
 1682: }
 1683: &register_handler("readlonnetglobal", \&read_lonnet_global, 0, 1, 0);
 1684: 
 1685: sub server_devalidatecache_handler {
 1686:     my ($cmd,$tail,$client) = @_;
 1687:     my $userinput = "$cmd:$tail";
 1688:     my $items = &unescape($tail);
 1689:     my @cached = split(/\&/,$items);
 1690:     foreach my $key (@cached) {
 1691:         if ($key =~ /:/) {
 1692:             my ($name,$id) = map { &unescape($_); } split(/:/,$key);
 1693:             &Apache::lonnet::devalidate_cache_new($name,$id);
 1694:         }
 1695:     }
 1696:     my $result = 'ok';
 1697:     &Reply($client,\$result,$userinput);
 1698:     return 1;
 1699: }
 1700: &register_handler("devalidatecache", \&server_devalidatecache_handler, 0, 1, 0);
 1701: 
 1702: sub server_timezone_handler {
 1703:     my ($cmd,$tail,$client) = @_;
 1704:     my $userinput = "$cmd:$tail";
 1705:     my $timezone;
 1706:     my $clockfile = '/etc/sysconfig/clock'; # Fedora/CentOS/SuSE
 1707:     my $tzfile = '/etc/timezone'; # Debian/Ubuntu
 1708:     if (-e $clockfile) {
 1709:         if (open(my $fh,"<$clockfile")) {
 1710:             while (<$fh>) {
 1711:                 next if (/^[\#\s]/);
 1712:                 if (/^(?:TIME)?ZONE\s*=\s*['"]?\s*([\w\/]+)/) {
 1713:                     $timezone = $1;
 1714:                     last;
 1715:                 }
 1716:             }
 1717:             close($fh);
 1718:         }
 1719:     } elsif (-e $tzfile) {
 1720:         if (open(my $fh,"<$tzfile")) {
 1721:             $timezone = <$fh>;
 1722:             close($fh);
 1723:             chomp($timezone);
 1724:             if ($timezone =~ m{^Etc/(\w+)$}) {
 1725:                 $timezone = $1;
 1726:             }
 1727:         }
 1728:     }
 1729:     &Reply($client,\$timezone,$userinput); # This supports debug logging.
 1730:     return 1;
 1731: }
 1732: &register_handler("servertimezone", \&server_timezone_handler, 0, 1, 0);
 1733: 
 1734: sub server_loncaparev_handler {
 1735:     my ($cmd,$tail,$client) = @_;
 1736:     my $userinput = "$cmd:$tail";
 1737:     &Reply($client,\$perlvar{'lonVersion'},$userinput);
 1738:     return 1;
 1739: }
 1740: &register_handler("serverloncaparev", \&server_loncaparev_handler, 0, 1, 0);
 1741: 
 1742: sub server_homeID_handler {
 1743:     my ($cmd,$tail,$client) = @_;
 1744:     my $userinput = "$cmd:$tail";
 1745:     &Reply($client,\$perlvar{'lonHostID'},$userinput);
 1746:     return 1;
 1747: }
 1748: &register_handler("serverhomeID", \&server_homeID_handler, 0, 1, 0);
 1749: 
 1750: sub server_distarch_handler {
 1751:     my ($cmd,$tail,$client) = @_;
 1752:     my $userinput = "$cmd:$tail";
 1753:     my $reply = &distro_and_arch();
 1754:     &Reply($client,\$reply,$userinput);
 1755:     return 1;
 1756: }
 1757: &register_handler("serverdistarch", \&server_distarch_handler, 0, 1, 0);
 1758: 
 1759: #   Process a reinit request.  Reinit requests that either
 1760: #   lonc or lond be reinitialized so that an updated 
 1761: #   host.tab or domain.tab can be processed.
 1762: #
 1763: # Parameters:
 1764: #      $cmd    - the actual keyword that invoked us.
 1765: #      $tail   - the tail of the request that invoked us.
 1766: #      $client - File descriptor connected to the client
 1767: #  Returns:
 1768: #      1       - Ok to continue processing.
 1769: #      0       - Program should exit
 1770: #  Implicit output:
 1771: #     a reply is sent to the client.
 1772: #
 1773: sub reinit_process_handler {
 1774:     my ($cmd, $tail, $client) = @_;
 1775:    
 1776:     my $userinput = "$cmd:$tail";
 1777:    
 1778:     my $cert = &GetCertificate($userinput);
 1779:     if(&ValidManager($cert)) {
 1780: 	chomp($userinput);
 1781: 	my $reply = &ReinitProcess($userinput);
 1782: 	&Reply( $client,  \$reply, $userinput);
 1783:     } else {
 1784: 	&Failure( $client, "refused\n", $userinput);
 1785:     }
 1786:     return 1;
 1787: }
 1788: &register_handler("reinit", \&reinit_process_handler, 1, 0, 1);
 1789: 
 1790: #  Process the editing script for a table edit operation.
 1791: #  the editing operation must be encrypted and requested by
 1792: #  a manager host.
 1793: #
 1794: # Parameters:
 1795: #      $cmd    - the actual keyword that invoked us.
 1796: #      $tail   - the tail of the request that invoked us.
 1797: #      $client - File descriptor connected to the client
 1798: #  Returns:
 1799: #      1       - Ok to continue processing.
 1800: #      0       - Program should exit
 1801: #  Implicit output:
 1802: #     a reply is sent to the client.
 1803: #
 1804: sub edit_table_handler {
 1805:     my ($command, $tail, $client) = @_;
 1806:    
 1807:     my $userinput = "$command:$tail";
 1808: 
 1809:     my $cert = &GetCertificate($userinput);
 1810:     if(&ValidManager($cert)) {
 1811: 	my($filetype, $script) = split(/:/, $tail);
 1812: 	if (($filetype eq "hosts") || 
 1813: 	    ($filetype eq "domain")) {
 1814: 	    if($script ne "") {
 1815: 		&Reply($client,              # BUGBUG - EditFile
 1816: 		      &EditFile($userinput), #   could fail.
 1817: 		      $userinput);
 1818: 	    } else {
 1819: 		&Failure($client,"refused\n",$userinput);
 1820: 	    }
 1821: 	} else {
 1822: 	    &Failure($client,"refused\n",$userinput);
 1823: 	}
 1824:     } else {
 1825: 	&Failure($client,"refused\n",$userinput);
 1826:     }
 1827:     return 1;
 1828: }
 1829: &register_handler("edit", \&edit_table_handler, 1, 0, 1);
 1830: 
 1831: #
 1832: #   Authenticate a user against the LonCAPA authentication
 1833: #   database.  Note that there are several authentication
 1834: #   possibilities:
 1835: #   - unix     - The user can be authenticated against the unix
 1836: #                password file.
 1837: #   - internal - The user can be authenticated against a purely 
 1838: #                internal per user password file.
 1839: #   - kerberos - The user can be authenticated against either a kerb4 or kerb5
 1840: #                ticket granting authority.
 1841: #   - user     - The person tailoring LonCAPA can supply a user authentication
 1842: #                mechanism that is per system.
 1843: #
 1844: # Parameters:
 1845: #    $cmd      - The command that got us here.
 1846: #    $tail     - Tail of the command (remaining parameters).
 1847: #    $client   - File descriptor connected to client.
 1848: # Returns
 1849: #     0        - Requested to exit, caller should shut down.
 1850: #     1        - Continue processing.
 1851: # Implicit inputs:
 1852: #    The authentication systems describe above have their own forms of implicit
 1853: #    input into the authentication process that are described above.
 1854: #
 1855: sub authenticate_handler {
 1856:     my ($cmd, $tail, $client) = @_;
 1857: 
 1858:     
 1859:     #  Regenerate the full input line 
 1860:     
 1861:     my $userinput  = $cmd.":".$tail;
 1862:     
 1863:     #  udom    - User's domain.
 1864:     #  uname   - Username.
 1865:     #  upass   - User's password.
 1866:     #  checkdefauth - Pass to validate_user() to try authentication
 1867:     #                 with default auth type(s) if no user account.
 1868:     #  clientcancheckhost - Passed by clients with functionality in lonauth.pm
 1869:     #                       to check if session can be hosted.
 1870:     
 1871:     my ($udom, $uname, $upass, $checkdefauth, $clientcancheckhost)=split(/:/,$tail);
 1872:     &Debug(" Authenticate domain = $udom, user = $uname, password = $upass,  checkdefauth = $checkdefauth");
 1873:     chomp($upass);
 1874:     $upass=&unescape($upass);
 1875: 
 1876:     my $pwdcorrect = &validate_user($udom,$uname,$upass,$checkdefauth);
 1877:     if($pwdcorrect) {
 1878:         my $canhost = 1;
 1879:         unless ($clientcancheckhost) {
 1880:             my $uprimary_id = &Apache::lonnet::domain($udom,'primary');
 1881:             my $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
 1882:             my @intdoms;
 1883:             my $internet_names = &Apache::lonnet::get_internet_names($clientname);
 1884:             if (ref($internet_names) eq 'ARRAY') {
 1885:                 @intdoms = @{$internet_names};
 1886:             }
 1887:             unless ($uint_dom ne '' && grep(/^\Q$uint_dom\E$/,@intdoms)) {
 1888:                 my ($remote,$hosted);
 1889:                 my $remotesession = &get_usersession_config($udom,'remotesession');
 1890:                 if (ref($remotesession) eq 'HASH') {
 1891:                     $remote = $remotesession->{'remote'}
 1892:                 }
 1893:                 my $hostedsession = &get_usersession_config($clienthomedom,'hostedsession');
 1894:                 if (ref($hostedsession) eq 'HASH') {
 1895:                     $hosted = $hostedsession->{'hosted'};
 1896:                 }
 1897:                 $canhost = &Apache::lonnet::can_host_session($udom,$clientname,
 1898:                                                              $clientversion,
 1899:                                                              $remote,$hosted);
 1900:             }
 1901:         }
 1902:         if ($canhost) {               
 1903:             &Reply( $client, "authorized\n", $userinput);
 1904:         } else {
 1905:             &Reply( $client, "not_allowed_to_host\n", $userinput);
 1906:         }
 1907: 	#
 1908: 	#  Bad credentials: Failed to authorize
 1909: 	#
 1910:     } else {
 1911: 	&Failure( $client, "non_authorized\n", $userinput);
 1912:     }
 1913: 
 1914:     return 1;
 1915: }
 1916: &register_handler("auth", \&authenticate_handler, 1, 1, 0);
 1917: 
 1918: #
 1919: #   Change a user's password.  Note that this function is complicated by
 1920: #   the fact that a user may be authenticated in more than one way:
 1921: #   At present, we are not able to change the password for all types of
 1922: #   authentication methods.  Only for:
 1923: #      unix    - unix password or shadow passoword style authentication.
 1924: #      local   - Locally written authentication mechanism.
 1925: #   For now, kerb4 and kerb5 password changes are not supported and result
 1926: #   in an error.
 1927: # FUTURE WORK:
 1928: #    Support kerberos passwd changes?
 1929: # Parameters:
 1930: #    $cmd      - The command that got us here.
 1931: #    $tail     - Tail of the command (remaining parameters).
 1932: #    $client   - File descriptor connected to client.
 1933: # Returns
 1934: #     0        - Requested to exit, caller should shut down.
 1935: #     1        - Continue processing.
 1936: # Implicit inputs:
 1937: #    The authentication systems describe above have their own forms of implicit
 1938: #    input into the authentication process that are described above.
 1939: sub change_password_handler {
 1940:     my ($cmd, $tail, $client) = @_;
 1941: 
 1942:     my $userinput = $cmd.":".$tail;           # Reconstruct client's string.
 1943: 
 1944:     #
 1945:     #  udom  - user's domain.
 1946:     #  uname - Username.
 1947:     #  upass - Current password.
 1948:     #  npass - New password.
 1949:     #  context - Context in which this was called 
 1950:     #            (preferences or reset_by_email).
 1951:     #  lonhost - HostID of server where request originated 
 1952:    
 1953:     my ($udom,$uname,$upass,$npass,$context,$lonhost)=split(/:/,$tail);
 1954: 
 1955:     $upass=&unescape($upass);
 1956:     $npass=&unescape($npass);
 1957:     &Debug("Trying to change password for $uname");
 1958: 
 1959:     # First require that the user can be authenticated with their
 1960:     # old password unless context was 'reset_by_email':
 1961:     
 1962:     my ($validated,$failure);
 1963:     if ($context eq 'reset_by_email') {
 1964:         if ($lonhost eq '') {
 1965:             $failure = 'invalid_client';
 1966:         } else {
 1967:             $validated = 1;
 1968:         }
 1969:     } else {
 1970:         $validated = &validate_user($udom, $uname, $upass);
 1971:     }
 1972:     if($validated) {
 1973: 	my $realpasswd  = &get_auth_type($udom, $uname); # Defined since authd.
 1974: 	
 1975: 	my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
 1976: 	if ($howpwd eq 'internal') {
 1977: 	    &Debug("internal auth");
 1978: 	    my $salt=time;
 1979: 	    $salt=substr($salt,6,2);
 1980: 	    my $ncpass=crypt($npass,$salt);
 1981: 	    if(&rewrite_password_file($udom, $uname, "internal:$ncpass")) {
 1982: 		my $msg="Result of password change for $uname: pwchange_success";
 1983:                 if ($lonhost) {
 1984:                     $msg .= " - request originated from: $lonhost";
 1985:                 }
 1986:                 &logthis($msg);
 1987: 		&Reply($client, "ok\n", $userinput);
 1988: 	    } else {
 1989: 		&logthis("Unable to open $uname passwd "               
 1990: 			 ."to change password");
 1991: 		&Failure( $client, "non_authorized\n",$userinput);
 1992: 	    }
 1993: 	} elsif ($howpwd eq 'unix' && $context ne 'reset_by_email') {
 1994: 	    my $result = &change_unix_password($uname, $npass);
 1995: 	    &logthis("Result of password change for $uname: ".
 1996: 		     $result);
 1997: 	    &Reply($client, \$result, $userinput);
 1998: 	} else {
 1999: 	    # this just means that the current password mode is not
 2000: 	    # one we know how to change (e.g the kerberos auth modes or
 2001: 	    # locally written auth handler).
 2002: 	    #
 2003: 	    &Failure( $client, "auth_mode_error\n", $userinput);
 2004: 	}  
 2005: 	
 2006:     } else {
 2007: 	if ($failure eq '') {
 2008: 	    $failure = 'non_authorized';
 2009: 	}
 2010: 	&Failure( $client, "$failure\n", $userinput);
 2011:     }
 2012: 
 2013:     return 1;
 2014: }
 2015: &register_handler("passwd", \&change_password_handler, 1, 1, 0);
 2016: 
 2017: #
 2018: #   Create a new user.  User in this case means a lon-capa user.
 2019: #   The user must either already exist in some authentication realm
 2020: #   like kerberos or the /etc/passwd.  If not, a user completely local to
 2021: #   this loncapa system is created.
 2022: #
 2023: # Parameters:
 2024: #    $cmd      - The command that got us here.
 2025: #    $tail     - Tail of the command (remaining parameters).
 2026: #    $client   - File descriptor connected to client.
 2027: # Returns
 2028: #     0        - Requested to exit, caller should shut down.
 2029: #     1        - Continue processing.
 2030: # Implicit inputs:
 2031: #    The authentication systems describe above have their own forms of implicit
 2032: #    input into the authentication process that are described above.
 2033: sub add_user_handler {
 2034: 
 2035:     my ($cmd, $tail, $client) = @_;
 2036: 
 2037: 
 2038:     my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
 2039:     my $userinput = $cmd.":".$tail; # Reconstruct the full request line.
 2040: 
 2041:     &Debug("cmd =".$cmd." $udom =".$udom." uname=".$uname);
 2042: 
 2043: 
 2044:     if($udom eq $currentdomainid) { # Reject new users for other domains...
 2045: 	
 2046: 	my $oldumask=umask(0077);
 2047: 	chomp($npass);
 2048: 	$npass=&unescape($npass);
 2049: 	my $passfilename  = &password_path($udom, $uname);
 2050: 	&Debug("Password file created will be:".$passfilename);
 2051: 	if (-e $passfilename) {
 2052: 	    &Failure( $client, "already_exists\n", $userinput);
 2053: 	} else {
 2054: 	    my $fperror='';
 2055: 	    if (!&mkpath($passfilename)) {
 2056: 		$fperror="error: ".($!+0)." mkdir failed while attempting "
 2057: 		    ."makeuser";
 2058: 	    }
 2059: 	    unless ($fperror) {
 2060: 		my $result=&make_passwd_file($uname,$udom,$umode,$npass, $passfilename);
 2061: 		&Reply($client,\$result, $userinput);     #BUGBUG - could be fail
 2062: 	    } else {
 2063: 		&Failure($client, \$fperror, $userinput);
 2064: 	    }
 2065: 	}
 2066: 	umask($oldumask);
 2067:     }  else {
 2068: 	&Failure($client, "not_right_domain\n",
 2069: 		$userinput);	# Even if we are multihomed.
 2070:     
 2071:     }
 2072:     return 1;
 2073: 
 2074: }
 2075: &register_handler("makeuser", \&add_user_handler, 1, 1, 0);
 2076: 
 2077: #
 2078: #   Change the authentication method of a user.  Note that this may
 2079: #   also implicitly change the user's password if, for example, the user is
 2080: #   joining an existing authentication realm.  Known authentication realms at
 2081: #   this time are:
 2082: #    internal   - Purely internal password file (only loncapa knows this user)
 2083: #    local      - Institutionally written authentication module.
 2084: #    unix       - Unix user (/etc/passwd with or without /etc/shadow).
 2085: #    kerb4      - kerberos version 4
 2086: #    kerb5      - kerberos version 5
 2087: #
 2088: # Parameters:
 2089: #    $cmd      - The command that got us here.
 2090: #    $tail     - Tail of the command (remaining parameters).
 2091: #    $client   - File descriptor connected to client.
 2092: # Returns
 2093: #     0        - Requested to exit, caller should shut down.
 2094: #     1        - Continue processing.
 2095: # Implicit inputs:
 2096: #    The authentication systems describe above have their own forms of implicit
 2097: #    input into the authentication process that are described above.
 2098: # NOTE:
 2099: #   This is also used to change the authentication credential values (e.g. passwd).
 2100: #   
 2101: #
 2102: sub change_authentication_handler {
 2103: 
 2104:     my ($cmd, $tail, $client) = @_;
 2105:    
 2106:     my $userinput  = "$cmd:$tail";              # Reconstruct user input.
 2107: 
 2108:     my ($udom,$uname,$umode,$npass)=split(/:/,$tail);
 2109:     &Debug("cmd = ".$cmd." domain= ".$udom."uname =".$uname." umode= ".$umode);
 2110:     if ($udom ne $currentdomainid) {
 2111: 	&Failure( $client, "not_right_domain\n", $client);
 2112:     } else {
 2113: 	
 2114: 	chomp($npass);
 2115: 	
 2116: 	$npass=&unescape($npass);
 2117: 	my $oldauth = &get_auth_type($udom, $uname); # Get old auth info.
 2118: 	my $passfilename = &password_path($udom, $uname);
 2119: 	if ($passfilename) {	# Not allowed to create a new user!!
 2120: 	    # If just changing the unix passwd. need to arrange to run
 2121: 	    # passwd since otherwise make_passwd_file will fail as 
 2122: 	    # creation of unix authenticated users is no longer supported
 2123:             # except from the command line, when running make_domain_coordinator.pl
 2124: 
 2125: 	    if(($oldauth =~/^unix/) && ($umode eq "unix")) {
 2126: 		my $result = &change_unix_password($uname, $npass);
 2127: 		&logthis("Result of password change for $uname: ".$result);
 2128: 		if ($result eq "ok") {
 2129: 		    &Reply($client, \$result);
 2130: 		} else {
 2131: 		    &Failure($client, \$result);
 2132: 		}
 2133: 	    } else {
 2134: 		my $result=&make_passwd_file($uname,$udom,$umode,$npass,$passfilename);
 2135: 		#
 2136: 		#  If the current auth mode is internal, and the old auth mode was
 2137: 		#  unix, or krb*,  and the user is an author for this domain,
 2138: 		#  re-run manage_permissions for that role in order to be able
 2139: 		#  to take ownership of the construction space back to www:www
 2140: 		#
 2141: 
 2142: 
 2143: 		&Reply($client, \$result, $userinput);
 2144: 	    }
 2145: 	       
 2146: 
 2147: 	} else {	       
 2148: 	    &Failure($client, "non_authorized\n", $userinput); # Fail the user now.
 2149: 	}
 2150:     }
 2151:     return 1;
 2152: }
 2153: &register_handler("changeuserauth", \&change_authentication_handler, 1,1, 0);
 2154: 
 2155: #
 2156: #   Determines if this is the home server for a user.  The home server
 2157: #   for a user will have his/her lon-capa passwd file.  Therefore all we need
 2158: #   to do is determine if this file exists.
 2159: #
 2160: # Parameters:
 2161: #    $cmd      - The command that got us here.
 2162: #    $tail     - Tail of the command (remaining parameters).
 2163: #    $client   - File descriptor connected to client.
 2164: # Returns
 2165: #     0        - Requested to exit, caller should shut down.
 2166: #     1        - Continue processing.
 2167: # Implicit inputs:
 2168: #    The authentication systems describe above have their own forms of implicit
 2169: #    input into the authentication process that are described above.
 2170: #
 2171: sub is_home_handler {
 2172:     my ($cmd, $tail, $client) = @_;
 2173:    
 2174:     my $userinput  = "$cmd:$tail";
 2175:    
 2176:     my ($udom,$uname)=split(/:/,$tail);
 2177:     chomp($uname);
 2178:     my $passfile = &password_filename($udom, $uname);
 2179:     if($passfile) {
 2180: 	&Reply( $client, "found\n", $userinput);
 2181:     } else {
 2182: 	&Failure($client, "not_found\n", $userinput);
 2183:     }
 2184:     return 1;
 2185: }
 2186: &register_handler("home", \&is_home_handler, 0,1,0);
 2187: 
 2188: #
 2189: #   Process an update request for a resource.
 2190: #   A resource has been modified that we hold a subscription to.
 2191: #   If the resource is not local, then we must update, or at least invalidate our
 2192: #   cached copy of the resource. 
 2193: # Parameters:
 2194: #    $cmd      - The command that got us here.
 2195: #    $tail     - Tail of the command (remaining parameters).
 2196: #    $client   - File descriptor connected to client.
 2197: # Returns
 2198: #     0        - Requested to exit, caller should shut down.
 2199: #     1        - Continue processing.
 2200: # Implicit inputs:
 2201: #    The authentication systems describe above have their own forms of implicit
 2202: #    input into the authentication process that are described above.
 2203: #
 2204: sub update_resource_handler {
 2205: 
 2206:     my ($cmd, $tail, $client) = @_;
 2207:    
 2208:     my $userinput = "$cmd:$tail";
 2209:    
 2210:     my $fname= $tail;		# This allows interactive testing
 2211: 
 2212: 
 2213:     my $ownership=ishome($fname);
 2214:     if ($ownership eq 'not_owner') {
 2215: 	if (-e $fname) {
 2216:             # Delete preview file, if exists
 2217:             unlink("$fname.tmp");
 2218:             # Get usage stats
 2219: 	    my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,
 2220: 		$atime,$mtime,$ctime,$blksize,$blocks)=stat($fname);
 2221: 	    my $now=time;
 2222: 	    my $since=$now-$atime;
 2223:             # If the file has not been used within lonExpire seconds,
 2224:             # unsubscribe from it and delete local copy
 2225: 	    if ($since>$perlvar{'lonExpire'}) {
 2226: 		my $reply=&Apache::lonnet::reply("unsub:$fname","$clientname");
 2227: 		&devalidate_meta_cache($fname);
 2228: 		unlink("$fname");
 2229: 		unlink("$fname.meta");
 2230: 	    } else {
 2231:             # Yes, this is in active use. Get a fresh copy. Since it might be in
 2232:             # very active use and huge (like a movie), copy it to "in.transfer" filename first.
 2233: 		my $transname="$fname.in.transfer";
 2234: 		my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname");
 2235: 		my $response;
 2236: # FIXME: cannot replicate files that take more than two minutes to transfer?
 2237: #		alarm(120);
 2238: # FIXME: this should use the LWP mechanism, not internal alarms.
 2239:                 alarm(1200);
 2240: 		{
 2241: 		    my $ua=new LWP::UserAgent;
 2242: 		    my $request=new HTTP::Request('GET',"$remoteurl");
 2243: 		    $response=$ua->request($request,$transname);
 2244: 		}
 2245: 		alarm(0);
 2246: 		if ($response->is_error()) {
 2247: # FIXME: we should probably clean up here instead of just whine
 2248: 		    unlink($transname);
 2249: 		    my $message=$response->status_line;
 2250: 		    &logthis("LWP GET: $message for $fname ($remoteurl)");
 2251: 		} else {
 2252: 		    if ($remoteurl!~/\.meta$/) {
 2253: # FIXME: isn't there an internal LWP mechanism for this?
 2254: 			alarm(120);
 2255: 			{
 2256: 			    my $ua=new LWP::UserAgent;
 2257: 			    my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
 2258: 			    my $mresponse=$ua->request($mrequest,$fname.'.meta');
 2259: 			    if ($mresponse->is_error()) {
 2260: 				unlink($fname.'.meta');
 2261: 			    }
 2262: 			}
 2263: 			alarm(0);
 2264: 		    }
 2265:                     # we successfully transfered, copy file over to real name
 2266: 		    rename($transname,$fname);
 2267: 		    &devalidate_meta_cache($fname);
 2268: 		}
 2269: 	    }
 2270: 	    &Reply( $client, "ok\n", $userinput);
 2271: 	} else {
 2272: 	    &Failure($client, "not_found\n", $userinput);
 2273: 	}
 2274:     } else {
 2275: 	&Failure($client, "rejected\n", $userinput);
 2276:     }
 2277:     return 1;
 2278: }
 2279: &register_handler("update", \&update_resource_handler, 0 ,1, 0);
 2280: 
 2281: sub devalidate_meta_cache {
 2282:     my ($url) = @_;
 2283:     use Cache::Memcached;
 2284:     my $memcache = new Cache::Memcached({'servers'=>['127.0.0.1:11211']});
 2285:     $url = &Apache::lonnet::declutter($url);
 2286:     $url =~ s-\.meta$--;
 2287:     my $id = &escape('meta:'.$url);
 2288:     $memcache->delete($id);
 2289: }
 2290: 
 2291: #
 2292: #   Fetch a user file from a remote server to the user's home directory
 2293: #   userfiles subdir.
 2294: # Parameters:
 2295: #    $cmd      - The command that got us here.
 2296: #    $tail     - Tail of the command (remaining parameters).
 2297: #    $client   - File descriptor connected to client.
 2298: # Returns
 2299: #     0        - Requested to exit, caller should shut down.
 2300: #     1        - Continue processing.
 2301: #
 2302: sub fetch_user_file_handler {
 2303: 
 2304:     my ($cmd, $tail, $client) = @_;
 2305: 
 2306:     my $userinput = "$cmd:$tail";
 2307:     my $fname           = $tail;
 2308:     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
 2309:     my $udir=&propath($udom,$uname).'/userfiles';
 2310:     unless (-e $udir) {
 2311: 	mkdir($udir,0770); 
 2312:     }
 2313:     Debug("fetch user file for $fname");
 2314:     if (-e $udir) {
 2315: 	$ufile=~s/^[\.\~]+//;
 2316: 
 2317: 	# IF necessary, create the path right down to the file.
 2318: 	# Note that any regular files in the way of this path are
 2319: 	# wiped out to deal with some earlier folly of mine.
 2320: 
 2321: 	if (!&mkpath($udir.'/'.$ufile)) {
 2322: 	    &Failure($client, "unable_to_create\n", $userinput);	    
 2323: 	}
 2324: 
 2325: 	my $destname=$udir.'/'.$ufile;
 2326: 	my $transname=$udir.'/'.$ufile.'.in.transit';
 2327:         my $clientprotocol=$Apache::lonnet::protocol{$clientname};
 2328:         $clientprotocol = 'http' if ($clientprotocol ne 'https');
 2329: 	my $clienthost = &Apache::lonnet::hostname($clientname);
 2330: 	my $remoteurl=$clientprotocol.'://'.$clienthost.'/userfiles/'.$fname;
 2331: 	my $response;
 2332: 	Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");
 2333: 	alarm(120);
 2334: 	{
 2335: 	    my $ua=new LWP::UserAgent;
 2336: 	    my $request=new HTTP::Request('GET',"$remoteurl");
 2337: 	    $response=$ua->request($request,$transname);
 2338: 	}
 2339: 	alarm(0);
 2340: 	if ($response->is_error()) {
 2341: 	    unlink($transname);
 2342: 	    my $message=$response->status_line;
 2343: 	    &logthis("LWP GET: $message for $fname ($remoteurl)");
 2344: 	    &Failure($client, "failed\n", $userinput);
 2345: 	} else {
 2346: 	    Debug("Renaming $transname to $destname");
 2347: 	    if (!rename($transname,$destname)) {
 2348: 		&logthis("Unable to move $transname to $destname");
 2349: 		unlink($transname);
 2350: 		&Failure($client, "failed\n", $userinput);
 2351: 	    } else {
 2352:                 if ($fname =~ /^default.+\.(page|sequence)$/) {
 2353:                     my ($major,$minor) = split(/\./,$clientversion);
 2354:                     if (($major < 2) || ($major == 2 && $minor < 11)) {
 2355:                         my $now = time;
 2356:                         &Apache::lonnet::do_cache_new('crschange',$udom.'_'.$uname,$now,600);
 2357:                         my $key = &escape('internal.contentchange');
 2358:                         my $what = "$key=$now";
 2359:                         my $hashref = &tie_user_hash($udom,$uname,'environment',
 2360:                                                      &GDBM_WRCREAT(),"P",$what);
 2361:                         if ($hashref) {
 2362:                             $hashref->{$key}=$now;
 2363:                             if (!&untie_user_hash($hashref)) {
 2364:                                 &logthis("error: ".($!+0)." untie (GDBM) failed ".
 2365:                                          "when updating internal.contentchange");
 2366:                             }
 2367:                         }
 2368:                     }
 2369:                 }
 2370: 		&Reply($client, "ok\n", $userinput);
 2371: 	    }
 2372: 	}   
 2373:     } else {
 2374: 	&Failure($client, "not_home\n", $userinput);
 2375:     }
 2376:     return 1;
 2377: }
 2378: &register_handler("fetchuserfile", \&fetch_user_file_handler, 0, 1, 0);
 2379: 
 2380: #
 2381: #   Remove a file from a user's home directory userfiles subdirectory.
 2382: # Parameters:
 2383: #    cmd   - the Lond request keyword that got us here.
 2384: #    tail  - the part of the command past the keyword.
 2385: #    client- File descriptor connected with the client.
 2386: #
 2387: # Returns:
 2388: #    1    - Continue processing.
 2389: sub remove_user_file_handler {
 2390:     my ($cmd, $tail, $client) = @_;
 2391: 
 2392:     my ($fname) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
 2393: 
 2394:     my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
 2395:     if ($ufile =~m|/\.\./|) {
 2396: 	# any files paths with /../ in them refuse 
 2397: 	# to deal with
 2398: 	&Failure($client, "refused\n", "$cmd:$tail");
 2399:     } else {
 2400: 	my $udir = &propath($udom,$uname);
 2401: 	if (-e $udir) {
 2402: 	    my $file=$udir.'/userfiles/'.$ufile;
 2403: 	    if (-e $file) {
 2404: 		#
 2405: 		#   If the file is a regular file unlink is fine...
 2406: 		#   However it's possible the client wants a dir.
 2407: 		#   removed, in which case rmdir is more approprate:
 2408: 		#
 2409: 	        if (-f $file){
 2410: 		    unlink($file);
 2411: 		} elsif(-d $file) {
 2412: 		    rmdir($file);
 2413: 		}
 2414: 		if (-e $file) {
 2415: 		    #  File is still there after we deleted it ?!?
 2416: 
 2417: 		    &Failure($client, "failed\n", "$cmd:$tail");
 2418: 		} else {
 2419: 		    &Reply($client, "ok\n", "$cmd:$tail");
 2420: 		}
 2421: 	    } else {
 2422: 		&Failure($client, "not_found\n", "$cmd:$tail");
 2423: 	    }
 2424: 	} else {
 2425: 	    &Failure($client, "not_home\n", "$cmd:$tail");
 2426: 	}
 2427:     }
 2428:     return 1;
 2429: }
 2430: &register_handler("removeuserfile", \&remove_user_file_handler, 0,1,0);
 2431: 
 2432: #
 2433: #   make a directory in a user's home directory userfiles subdirectory.
 2434: # Parameters:
 2435: #    cmd   - the Lond request keyword that got us here.
 2436: #    tail  - the part of the command past the keyword.
 2437: #    client- File descriptor connected with the client.
 2438: #
 2439: # Returns:
 2440: #    1    - Continue processing.
 2441: sub mkdir_user_file_handler {
 2442:     my ($cmd, $tail, $client) = @_;
 2443: 
 2444:     my ($dir) = split(/:/, $tail); # Get rid of any tailing :'s lonc may have sent.
 2445:     $dir=&unescape($dir);
 2446:     my ($udom,$uname,$ufile) = ($dir =~ m|^([^/]+)/([^/]+)/(.+)$|);
 2447:     if ($ufile =~m|/\.\./|) {
 2448: 	# any files paths with /../ in them refuse 
 2449: 	# to deal with
 2450: 	&Failure($client, "refused\n", "$cmd:$tail");
 2451:     } else {
 2452: 	my $udir = &propath($udom,$uname);
 2453: 	if (-e $udir) {
 2454: 	    my $newdir=$udir.'/userfiles/'.$ufile.'/';
 2455: 	    if (!&mkpath($newdir)) {
 2456: 		&Failure($client, "failed\n", "$cmd:$tail");
 2457: 	    }
 2458: 	    &Reply($client, "ok\n", "$cmd:$tail");
 2459: 	} else {
 2460: 	    &Failure($client, "not_home\n", "$cmd:$tail");
 2461: 	}
 2462:     }
 2463:     return 1;
 2464: }
 2465: &register_handler("mkdiruserfile", \&mkdir_user_file_handler, 0,1,0);
 2466: 
 2467: #
 2468: #   rename a file in a user's home directory userfiles subdirectory.
 2469: # Parameters:
 2470: #    cmd   - the Lond request keyword that got us here.
 2471: #    tail  - the part of the command past the keyword.
 2472: #    client- File descriptor connected with the client.
 2473: #
 2474: # Returns:
 2475: #    1    - Continue processing.
 2476: sub rename_user_file_handler {
 2477:     my ($cmd, $tail, $client) = @_;
 2478: 
 2479:     my ($udom,$uname,$old,$new) = split(/:/, $tail);
 2480:     $old=&unescape($old);
 2481:     $new=&unescape($new);
 2482:     if ($new =~m|/\.\./| || $old =~m|/\.\./|) {
 2483: 	# any files paths with /../ in them refuse to deal with
 2484: 	&Failure($client, "refused\n", "$cmd:$tail");
 2485:     } else {
 2486: 	my $udir = &propath($udom,$uname);
 2487: 	if (-e $udir) {
 2488: 	    my $oldfile=$udir.'/userfiles/'.$old;
 2489: 	    my $newfile=$udir.'/userfiles/'.$new;
 2490: 	    if (-e $newfile) {
 2491: 		&Failure($client, "exists\n", "$cmd:$tail");
 2492: 	    } elsif (! -e $oldfile) {
 2493: 		&Failure($client, "not_found\n", "$cmd:$tail");
 2494: 	    } else {
 2495: 		if (!rename($oldfile,$newfile)) {
 2496: 		    &Failure($client, "failed\n", "$cmd:$tail");
 2497: 		} else {
 2498: 		    &Reply($client, "ok\n", "$cmd:$tail");
 2499: 		}
 2500: 	    }
 2501: 	} else {
 2502: 	    &Failure($client, "not_home\n", "$cmd:$tail");
 2503: 	}
 2504:     }
 2505:     return 1;
 2506: }
 2507: &register_handler("renameuserfile", \&rename_user_file_handler, 0,1,0);
 2508: 
 2509: #
 2510: #  Checks if the specified user has an active session on the server
 2511: #  return ok if so, not_found if not
 2512: #
 2513: # Parameters:
 2514: #   cmd      - The request keyword that dispatched to tus.
 2515: #   tail     - The tail of the request (colon separated parameters).
 2516: #   client   - Filehandle open on the client.
 2517: # Return:
 2518: #    1.
 2519: sub user_has_session_handler {
 2520:     my ($cmd, $tail, $client) = @_;
 2521: 
 2522:     my ($udom, $uname) = map { &unescape($_) } (split(/:/, $tail));
 2523:     
 2524:     opendir(DIR,$perlvar{'lonIDsDir'});
 2525:     my $filename;
 2526:     while ($filename=readdir(DIR)) {
 2527: 	last if ($filename=~/^\Q$uname\E_\d+_\Q$udom\E_/);
 2528:     }
 2529:     if ($filename) {
 2530: 	&Reply($client, "ok\n", "$cmd:$tail");
 2531:     } else {
 2532: 	&Failure($client, "not_found\n", "$cmd:$tail");
 2533:     }
 2534:     return 1;
 2535: 
 2536: }
 2537: &register_handler("userhassession", \&user_has_session_handler, 0,1,0);
 2538: 
 2539: #
 2540: #  Authenticate access to a user file by checking that the token the user's 
 2541: #  passed also exists in their session file
 2542: #
 2543: # Parameters:
 2544: #   cmd      - The request keyword that dispatched to tus.
 2545: #   tail     - The tail of the request (colon separated parameters).
 2546: #   client   - Filehandle open on the client.
 2547: # Return:
 2548: #    1.
 2549: sub token_auth_user_file_handler {
 2550:     my ($cmd, $tail, $client) = @_;
 2551: 
 2552:     my ($fname, $session) = split(/:/, $tail);
 2553:     
 2554:     chomp($session);
 2555:     my $reply="non_auth";
 2556:     my $file = $perlvar{'lonIDsDir'}.'/'.$session.'.id';
 2557:     if (open(ENVIN,"$file")) {
 2558: 	flock(ENVIN,LOCK_SH);
 2559: 	tie(my %disk_env,'GDBM_File',"$file",&GDBM_READER(),0640);
 2560: 	if (exists($disk_env{"userfile.$fname"})) {
 2561: 	    $reply="ok";
 2562: 	} else {
 2563: 	    foreach my $envname (keys(%disk_env)) {
 2564: 		if ($envname=~ m|^userfile\.\Q$fname\E|) {
 2565: 		    $reply="ok";
 2566: 		    last;
 2567: 		}
 2568: 	    }
 2569: 	}
 2570: 	untie(%disk_env);
 2571: 	close(ENVIN);
 2572: 	&Reply($client, \$reply, "$cmd:$tail");
 2573:     } else {
 2574: 	&Failure($client, "invalid_token\n", "$cmd:$tail");
 2575:     }
 2576:     return 1;
 2577: 
 2578: }
 2579: &register_handler("tokenauthuserfile", \&token_auth_user_file_handler, 0,1,0);
 2580: 
 2581: #
 2582: #   Unsubscribe from a resource.
 2583: #
 2584: # Parameters:
 2585: #    $cmd      - The command that got us here.
 2586: #    $tail     - Tail of the command (remaining parameters).
 2587: #    $client   - File descriptor connected to client.
 2588: # Returns
 2589: #     0        - Requested to exit, caller should shut down.
 2590: #     1        - Continue processing.
 2591: #
 2592: sub unsubscribe_handler {
 2593:     my ($cmd, $tail, $client) = @_;
 2594: 
 2595:     my $userinput= "$cmd:$tail";
 2596:     
 2597:     my ($fname) = split(/:/,$tail); # Split in case there's extrs.
 2598: 
 2599:     &Debug("Unsubscribing $fname");
 2600:     if (-e $fname) {
 2601: 	&Debug("Exists");
 2602: 	&Reply($client, &unsub($fname,$clientip), $userinput);
 2603:     } else {
 2604: 	&Failure($client, "not_found\n", $userinput);
 2605:     }
 2606:     return 1;
 2607: }
 2608: &register_handler("unsub", \&unsubscribe_handler, 0, 1, 0);
 2609: 
 2610: #   Subscribe to a resource
 2611: #
 2612: # Parameters:
 2613: #    $cmd      - The command that got us here.
 2614: #    $tail     - Tail of the command (remaining parameters).
 2615: #    $client   - File descriptor connected to client.
 2616: # Returns
 2617: #     0        - Requested to exit, caller should shut down.
 2618: #     1        - Continue processing.
 2619: #
 2620: sub subscribe_handler {
 2621:     my ($cmd, $tail, $client)= @_;
 2622: 
 2623:     my $userinput  = "$cmd:$tail";
 2624: 
 2625:     &Reply( $client, &subscribe($userinput,$clientip), $userinput);
 2626: 
 2627:     return 1;
 2628: }
 2629: &register_handler("sub", \&subscribe_handler, 0, 1, 0);
 2630: 
 2631: #
 2632: #   Determine the latest version of a resource (it looks for the highest
 2633: #   past version and then returns that +1)
 2634: #
 2635: # Parameters:
 2636: #    $cmd      - The command that got us here.
 2637: #    $tail     - Tail of the command (remaining parameters).
 2638: #                 (Should consist of an absolute path to a file)
 2639: #    $client   - File descriptor connected to client.
 2640: # Returns
 2641: #     0        - Requested to exit, caller should shut down.
 2642: #     1        - Continue processing.
 2643: #
 2644: sub current_version_handler {
 2645:     my ($cmd, $tail, $client) = @_;
 2646: 
 2647:     my $userinput= "$cmd:$tail";
 2648:    
 2649:     my $fname   = $tail;
 2650:     &Reply( $client, &currentversion($fname)."\n", $userinput);
 2651:     return 1;
 2652: 
 2653: }
 2654: &register_handler("currentversion", \&current_version_handler, 0, 1, 0);
 2655: 
 2656: #  Make an entry in a user's activity log.
 2657: #
 2658: # Parameters:
 2659: #    $cmd      - The command that got us here.
 2660: #    $tail     - Tail of the command (remaining parameters).
 2661: #    $client   - File descriptor connected to client.
 2662: # Returns
 2663: #     0        - Requested to exit, caller should shut down.
 2664: #     1        - Continue processing.
 2665: #
 2666: sub activity_log_handler {
 2667:     my ($cmd, $tail, $client) = @_;
 2668: 
 2669: 
 2670:     my $userinput= "$cmd:$tail";
 2671: 
 2672:     my ($udom,$uname,$what)=split(/:/,$tail);
 2673:     chomp($what);
 2674:     my $proname=&propath($udom,$uname);
 2675:     my $now=time;
 2676:     my $hfh;
 2677:     if ($hfh=IO::File->new(">>$proname/activity.log")) { 
 2678: 	print $hfh "$now:$clientname:$what\n";
 2679: 	&Reply( $client, "ok\n", $userinput); 
 2680:     } else {
 2681: 	&Failure($client, "error: ".($!+0)." IO::File->new Failed "
 2682: 		 ."while attempting log\n", 
 2683: 		 $userinput);
 2684:     }
 2685: 
 2686:     return 1;
 2687: }
 2688: &register_handler("log", \&activity_log_handler, 0, 1, 0);
 2689: 
 2690: #
 2691: #   Put a namespace entry in a user profile hash.
 2692: #   My druthers would be for this to be an encrypted interaction too.
 2693: #   anything that might be an inadvertent covert channel about either
 2694: #   user authentication or user personal information....
 2695: #
 2696: # Parameters:
 2697: #    $cmd      - The command that got us here.
 2698: #    $tail     - Tail of the command (remaining parameters).
 2699: #    $client   - File descriptor connected to client.
 2700: # Returns
 2701: #     0        - Requested to exit, caller should shut down.
 2702: #     1        - Continue processing.
 2703: #
 2704: sub put_user_profile_entry {
 2705:     my ($cmd, $tail, $client)  = @_;
 2706: 
 2707:     my $userinput = "$cmd:$tail";
 2708:     
 2709:     my ($udom,$uname,$namespace,$what) =split(/:/,$tail,4);
 2710:     if ($namespace ne 'roles') {
 2711: 	chomp($what);
 2712: 	my $hashref = &tie_user_hash($udom, $uname, $namespace,
 2713: 				  &GDBM_WRCREAT(),"P",$what);
 2714: 	if($hashref) {
 2715: 	    my @pairs=split(/\&/,$what);
 2716: 	    foreach my $pair (@pairs) {
 2717: 		my ($key,$value)=split(/=/,$pair);
 2718: 		$hashref->{$key}=$value;
 2719: 	    }
 2720: 	    if (&untie_user_hash($hashref)) {
 2721: 		&Reply( $client, "ok\n", $userinput);
 2722: 	    } else {
 2723: 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
 2724: 			"while attempting put\n", 
 2725: 			$userinput);
 2726: 	    }
 2727: 	} else {
 2728: 	    &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 2729: 		     "while attempting put\n", $userinput);
 2730: 	}
 2731:     } else {
 2732:         &Failure( $client, "refused\n", $userinput);
 2733:     }
 2734:     
 2735:     return 1;
 2736: }
 2737: &register_handler("put", \&put_user_profile_entry, 0, 1, 0);
 2738: 
 2739: #   Put a piece of new data in hash, returns error if entry already exists
 2740: # Parameters:
 2741: #    $cmd      - The command that got us here.
 2742: #    $tail     - Tail of the command (remaining parameters).
 2743: #    $client   - File descriptor connected to client.
 2744: # Returns
 2745: #     0        - Requested to exit, caller should shut down.
 2746: #     1        - Continue processing.
 2747: #
 2748: sub newput_user_profile_entry {
 2749:     my ($cmd, $tail, $client)  = @_;
 2750: 
 2751:     my $userinput = "$cmd:$tail";
 2752: 
 2753:     my ($udom,$uname,$namespace,$what) =split(/:/,$tail,4);
 2754:     if ($namespace eq 'roles') {
 2755:         &Failure( $client, "refused\n", $userinput);
 2756: 	return 1;
 2757:     }
 2758: 
 2759:     chomp($what);
 2760: 
 2761:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 2762: 				 &GDBM_WRCREAT(),"N",$what);
 2763:     if(!$hashref) {
 2764: 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 2765: 		  "while attempting put\n", $userinput);
 2766: 	return 1;
 2767:     }
 2768: 
 2769:     my @pairs=split(/\&/,$what);
 2770:     foreach my $pair (@pairs) {
 2771: 	my ($key,$value)=split(/=/,$pair);
 2772: 	if (exists($hashref->{$key})) {
 2773: 	    &Failure($client, "key_exists: ".$key."\n",$userinput);
 2774: 	    return 1;
 2775: 	}
 2776:     }
 2777: 
 2778:     foreach my $pair (@pairs) {
 2779: 	my ($key,$value)=split(/=/,$pair);
 2780: 	$hashref->{$key}=$value;
 2781:     }
 2782: 
 2783:     if (&untie_user_hash($hashref)) {
 2784: 	&Reply( $client, "ok\n", $userinput);
 2785:     } else {
 2786: 	&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
 2787: 		 "while attempting put\n", 
 2788: 		 $userinput);
 2789:     }
 2790:     return 1;
 2791: }
 2792: &register_handler("newput", \&newput_user_profile_entry, 0, 1, 0);
 2793: 
 2794: # 
 2795: #   Increment a profile entry in the user history file.
 2796: #   The history contains keyword value pairs.  In this case,
 2797: #   The value itself is a pair of numbers.  The first, the current value
 2798: #   the second an increment that this function applies to the current
 2799: #   value.
 2800: #
 2801: # Parameters:
 2802: #    $cmd      - The command that got us here.
 2803: #    $tail     - Tail of the command (remaining parameters).
 2804: #    $client   - File descriptor connected to client.
 2805: # Returns
 2806: #     0        - Requested to exit, caller should shut down.
 2807: #     1        - Continue processing.
 2808: #
 2809: sub increment_user_value_handler {
 2810:     my ($cmd, $tail, $client) = @_;
 2811:     
 2812:     my $userinput   = "$cmd:$tail";
 2813:     
 2814:     my ($udom,$uname,$namespace,$what) =split(/:/,$tail);
 2815:     if ($namespace ne 'roles') {
 2816:         chomp($what);
 2817: 	my $hashref = &tie_user_hash($udom, $uname,
 2818: 				     $namespace, &GDBM_WRCREAT(),
 2819: 				     "P",$what);
 2820: 	if ($hashref) {
 2821: 	    my @pairs=split(/\&/,$what);
 2822: 	    foreach my $pair (@pairs) {
 2823: 		my ($key,$value)=split(/=/,$pair);
 2824:                 $value = &unescape($value);
 2825: 		# We could check that we have a number...
 2826: 		if (! defined($value) || $value eq '') {
 2827: 		    $value = 1;
 2828: 		}
 2829: 		$hashref->{$key}+=$value;
 2830:                 if ($namespace eq 'nohist_resourcetracker') {
 2831:                     if ($hashref->{$key} < 0) {
 2832:                         $hashref->{$key} = 0;
 2833:                     }
 2834:                 }
 2835: 	    }
 2836: 	    if (&untie_user_hash($hashref)) {
 2837: 		&Reply( $client, "ok\n", $userinput);
 2838: 	    } else {
 2839: 		&Failure($client, "error: ".($!+0)." untie(GDBM) failed ".
 2840: 			 "while attempting inc\n", $userinput);
 2841: 	    }
 2842: 	} else {
 2843: 	    &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 2844: 		     "while attempting inc\n", $userinput);
 2845: 	}
 2846:     } else {
 2847: 	&Failure($client, "refused\n", $userinput);
 2848:     }
 2849:     
 2850:     return 1;
 2851: }
 2852: &register_handler("inc", \&increment_user_value_handler, 0, 1, 0);
 2853: 
 2854: #
 2855: #   Put a new role for a user.  Roles are LonCAPA's packaging of permissions.
 2856: #   Each 'role' a user has implies a set of permissions.  Adding a new role
 2857: #   for a person grants the permissions packaged with that role
 2858: #   to that user when the role is selected.
 2859: #
 2860: # Parameters:
 2861: #    $cmd       - The command string (rolesput).
 2862: #    $tail      - The remainder of the request line.  For rolesput this
 2863: #                 consists of a colon separated list that contains:
 2864: #                 The domain and user that is granting the role (logged).
 2865: #                 The domain and user that is getting the role.
 2866: #                 The roles being granted as a set of & separated pairs.
 2867: #                 each pair a key value pair.
 2868: #    $client    - File descriptor connected to the client.
 2869: # Returns:
 2870: #     0         - If the daemon should exit
 2871: #     1         - To continue processing.
 2872: #
 2873: #
 2874: sub roles_put_handler {
 2875:     my ($cmd, $tail, $client) = @_;
 2876: 
 2877:     my $userinput  = "$cmd:$tail";
 2878: 
 2879:     my ( $exedom, $exeuser, $udom, $uname,  $what) = split(/:/,$tail);
 2880:     
 2881: 
 2882:     my $namespace='roles';
 2883:     chomp($what);
 2884:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 2885: 				 &GDBM_WRCREAT(), "P",
 2886: 				 "$exedom:$exeuser:$what");
 2887:     #
 2888:     #  Log the attempt to set a role.  The {}'s here ensure that the file 
 2889:     #  handle is open for the minimal amount of time.  Since the flush
 2890:     #  is done on close this improves the chances the log will be an un-
 2891:     #  corrupted ordered thing.
 2892:     if ($hashref) {
 2893: 	my $pass_entry = &get_auth_type($udom, $uname);
 2894: 	my ($auth_type,$pwd)  = split(/:/, $pass_entry);
 2895: 	$auth_type = $auth_type.":";
 2896: 	my @pairs=split(/\&/,$what);
 2897: 	foreach my $pair (@pairs) {
 2898: 	    my ($key,$value)=split(/=/,$pair);
 2899: 	    &manage_permissions($key, $udom, $uname,
 2900: 			       $auth_type);
 2901: 	    $hashref->{$key}=$value;
 2902: 	}
 2903: 	if (&untie_user_hash($hashref)) {
 2904: 	    &Reply($client, "ok\n", $userinput);
 2905: 	} else {
 2906: 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
 2907: 		     "while attempting rolesput\n", $userinput);
 2908: 	}
 2909:     } else {
 2910: 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 2911: 		 "while attempting rolesput\n", $userinput);
 2912:     }
 2913:     return 1;
 2914: }
 2915: &register_handler("rolesput", \&roles_put_handler, 1,1,0);  # Encoded client only.
 2916: 
 2917: #
 2918: #   Deletes (removes) a role for a user.   This is equivalent to removing
 2919: #  a permissions package associated with the role from the user's profile.
 2920: #
 2921: # Parameters:
 2922: #     $cmd                 - The command (rolesdel)
 2923: #     $tail                - The remainder of the request line. This consists
 2924: #                             of:
 2925: #                             The domain and user requesting the change (logged)
 2926: #                             The domain and user being changed.
 2927: #                             The roles being revoked.  These are shipped to us
 2928: #                             as a bunch of & separated role name keywords.
 2929: #     $client              - The file handle open on the client.
 2930: # Returns:
 2931: #     1                    - Continue processing
 2932: #     0                    - Exit.
 2933: #
 2934: sub roles_delete_handler {
 2935:     my ($cmd, $tail, $client)  = @_;
 2936: 
 2937:     my $userinput    = "$cmd:$tail";
 2938:    
 2939:     my ($exedom,$exeuser,$udom,$uname,$what)=split(/:/,$tail);
 2940:     &Debug("cmd = ".$cmd." exedom= ".$exedom."user = ".$exeuser." udom=".$udom.
 2941: 	   "what = ".$what);
 2942:     my $namespace='roles';
 2943:     chomp($what);
 2944:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 2945: 				 &GDBM_WRCREAT(), "D",
 2946: 				 "$exedom:$exeuser:$what");
 2947:     
 2948:     if ($hashref) {
 2949: 	my @rolekeys=split(/\&/,$what);
 2950: 	
 2951: 	foreach my $key (@rolekeys) {
 2952: 	    delete $hashref->{$key};
 2953: 	}
 2954: 	if (&untie_user_hash($hashref)) {
 2955: 	    &Reply($client, "ok\n", $userinput);
 2956: 	} else {
 2957: 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
 2958: 		     "while attempting rolesdel\n", $userinput);
 2959: 	}
 2960:     } else {
 2961:         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 2962: 		 "while attempting rolesdel\n", $userinput);
 2963:     }
 2964:     
 2965:     return 1;
 2966: }
 2967: &register_handler("rolesdel", \&roles_delete_handler, 1,1, 0); # Encoded client only
 2968: 
 2969: # Unencrypted get from a user's profile database.  See 
 2970: # GetProfileEntryEncrypted for a version that does end-to-end encryption.
 2971: # This function retrieves a keyed item from a specific named database in the
 2972: # user's directory.
 2973: #
 2974: # Parameters:
 2975: #   $cmd             - Command request keyword (get).
 2976: #   $tail            - Tail of the command.  This is a colon separated list
 2977: #                      consisting of the domain and username that uniquely
 2978: #                      identifies the profile,
 2979: #                      The 'namespace' which selects the gdbm file to 
 2980: #                      do the lookup in, 
 2981: #                      & separated list of keys to lookup.  Note that
 2982: #                      the values are returned as an & separated list too.
 2983: #   $client          - File descriptor open on the client.
 2984: # Returns:
 2985: #   1       - Continue processing.
 2986: #   0       - Exit.
 2987: #
 2988: sub get_profile_entry {
 2989:     my ($cmd, $tail, $client) = @_;
 2990: 
 2991:     my $userinput= "$cmd:$tail";
 2992:    
 2993:     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
 2994:     chomp($what);
 2995: 
 2996: 
 2997:     my $replystring = read_profile($udom, $uname, $namespace, $what);
 2998:     my ($first) = split(/:/,$replystring);
 2999:     if($first ne "error") {
 3000: 	&Reply($client, \$replystring, $userinput);
 3001:     } else {
 3002: 	&Failure($client, $replystring." while attempting get\n", $userinput);
 3003:     }
 3004:     return 1;
 3005: 
 3006: 
 3007: }
 3008: &register_handler("get", \&get_profile_entry, 0,1,0);
 3009: 
 3010: #
 3011: #  Process the encrypted get request.  Note that the request is sent
 3012: #  in clear, but the reply is encrypted.  This is a small covert channel:
 3013: #  information about the sensitive keys is given to the snooper.  Just not
 3014: #  information about the values of the sensitive key.  Hmm if I wanted to
 3015: #  know these I'd snoop for the egets. Get the profile item names from them
 3016: #  and then issue a get for them since there's no enforcement of the
 3017: #  requirement of an encrypted get for particular profile items.  If I
 3018: #  were re-doing this, I'd force the request to be encrypted as well as the
 3019: #  reply.  I'd also just enforce encrypted transactions for all gets since
 3020: #  that would prevent any covert channel snooping.
 3021: #
 3022: #  Parameters:
 3023: #     $cmd               - Command keyword of request (eget).
 3024: #     $tail              - Tail of the command.  See GetProfileEntry
#                          for more information about this.
 3025: #     $client            - File open on the client.
 3026: #  Returns:
 3027: #     1      - Continue processing
 3028: #     0      - server should exit.
 3029: sub get_profile_entry_encrypted {
 3030:     my ($cmd, $tail, $client) = @_;
 3031: 
 3032:     my $userinput = "$cmd:$tail";
 3033:    
 3034:     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
 3035:     chomp($what);
 3036:     my $qresult = read_profile($udom, $uname, $namespace, $what);
 3037:     my ($first) = split(/:/, $qresult);
 3038:     if($first ne "error") {
 3039: 	
 3040: 	if ($cipher) {
 3041: 	    my $cmdlength=length($qresult);
 3042: 	    $qresult.="         ";
 3043: 	    my $encqresult='';
 3044: 	    for(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
 3045: 		$encqresult.= unpack("H16", 
 3046: 				     $cipher->encrypt(substr($qresult,
 3047: 							     $encidx,
 3048: 							     8)));
 3049: 	    }
 3050: 	    &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
 3051: 	} else {
 3052: 		&Failure( $client, "error:no_key\n", $userinput);
 3053: 	    }
 3054:     } else {
 3055: 	&Failure($client, "$qresult while attempting eget\n", $userinput);
 3056: 
 3057:     }
 3058:     
 3059:     return 1;
 3060: }
 3061: &register_handler("eget", \&get_profile_entry_encrypted, 0, 1, 0);
 3062: 
 3063: #
 3064: #   Deletes a key in a user profile database.
 3065: #   
 3066: #   Parameters:
 3067: #       $cmd                  - Command keyword (del).
 3068: #       $tail                 - Command tail.  IN this case a colon
 3069: #                               separated list containing:
 3070: #                               The domain and user that identifies uniquely
 3071: #                               the identity of the user.
 3072: #                               The profile namespace (name of the profile
 3073: #                               database file).
 3074: #                               & separated list of keywords to delete.
 3075: #       $client              - File open on client socket.
 3076: # Returns:
 3077: #     1   - Continue processing
 3078: #     0   - Exit server.
 3079: #
 3080: #
 3081: sub delete_profile_entry {
 3082:     my ($cmd, $tail, $client) = @_;
 3083: 
 3084:     my $userinput = "cmd:$tail";
 3085: 
 3086:     my ($udom,$uname,$namespace,$what) = split(/:/,$tail);
 3087:     chomp($what);
 3088:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 3089: 				 &GDBM_WRCREAT(),
 3090: 				 "D",$what);
 3091:     if ($hashref) {
 3092:         my @keys=split(/\&/,$what);
 3093: 	foreach my $key (@keys) {
 3094: 	    delete($hashref->{$key});
 3095: 	}
 3096: 	if (&untie_user_hash($hashref)) {
 3097: 	    &Reply($client, "ok\n", $userinput);
 3098: 	} else {
 3099: 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3100: 		    "while attempting del\n", $userinput);
 3101: 	}
 3102:     } else {
 3103: 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 3104: 		 "while attempting del\n", $userinput);
 3105:     }
 3106:     return 1;
 3107: }
 3108: &register_handler("del", \&delete_profile_entry, 0, 1, 0);
 3109: 
 3110: #
 3111: #  List the set of keys that are defined in a profile database file.
 3112: #  A successful reply from this will contain an & separated list of
 3113: #  the keys. 
 3114: # Parameters:
 3115: #     $cmd              - Command request (keys).
 3116: #     $tail             - Remainder of the request, a colon separated
 3117: #                         list containing domain/user that identifies the
 3118: #                         user being queried, and the database namespace
 3119: #                         (database filename essentially).
 3120: #     $client           - File open on the client.
 3121: #  Returns:
 3122: #    1    - Continue processing.
 3123: #    0    - Exit the server.
 3124: #
 3125: sub get_profile_keys {
 3126:     my ($cmd, $tail, $client) = @_;
 3127: 
 3128:     my $userinput = "$cmd:$tail";
 3129: 
 3130:     my ($udom,$uname,$namespace)=split(/:/,$tail);
 3131:     my $qresult='';
 3132:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 3133: 				  &GDBM_READER());
 3134:     if ($hashref) {
 3135: 	foreach my $key (keys %$hashref) {
 3136: 	    $qresult.="$key&";
 3137: 	}
 3138: 	if (&untie_user_hash($hashref)) {
 3139: 	    $qresult=~s/\&$//;
 3140: 	    &Reply($client, \$qresult, $userinput);
 3141: 	} else {
 3142: 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3143: 		    "while attempting keys\n", $userinput);
 3144: 	}
 3145:     } else {
 3146: 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 3147: 		 "while attempting keys\n", $userinput);
 3148:     }
 3149:    
 3150:     return 1;
 3151: }
 3152: &register_handler("keys", \&get_profile_keys, 0, 1, 0);
 3153: 
 3154: #
 3155: #   Dump the contents of a user profile database.
 3156: #   Note that this constitutes a very large covert channel too since
 3157: #   the dump will return sensitive information that is not encrypted.
 3158: #   The naive security assumption is that the session negotiation ensures
 3159: #   our client is trusted and I don't believe that's assured at present.
 3160: #   Sure want badly to go to ssl or tls.  Of course if my peer isn't really
 3161: #   a LonCAPA node they could have negotiated an encryption key too so >sigh<.
 3162: # 
 3163: #  Parameters:
 3164: #     $cmd           - The command request keyword (currentdump).
 3165: #     $tail          - Remainder of the request, consisting of a colon
 3166: #                      separated list that has the domain/username and
 3167: #                      the namespace to dump (database file).
 3168: #     $client        - file open on the remote client.
 3169: # Returns:
 3170: #     1    - Continue processing.
 3171: #     0    - Exit the server.
 3172: #
 3173: sub dump_profile_database {
 3174:     my ($cmd, $tail, $client) = @_;
 3175: 
 3176:     my $res = LONCAPA::Lond::dump_profile_database($tail);
 3177: 
 3178:     if ($res =~ /^error:/) {
 3179:         Failure($client, \$res, "$cmd:$tail");
 3180:     } else {
 3181:         Reply($client, \$res, "$cmd:$tail");
 3182:     }
 3183: 
 3184:     return 1;  
 3185: 
 3186:     #TODO remove 
 3187:     my $userinput = "$cmd:$tail";
 3188:    
 3189:     my ($udom,$uname,$namespace) = split(/:/,$tail);
 3190:     my $hashref = &tie_user_hash($udom, $uname, $namespace,
 3191: 				 &GDBM_READER());
 3192:     if ($hashref) {
 3193: 	# Structure of %data:
 3194: 	# $data{$symb}->{$parameter}=$value;
 3195: 	# $data{$symb}->{'v.'.$parameter}=$version;
 3196: 	# since $parameter will be unescaped, we do not
 3197:  	# have to worry about silly parameter names...
 3198: 	
 3199:         my $qresult='';
 3200: 	my %data = ();                     # A hash of anonymous hashes..
 3201: 	while (my ($key,$value) = each(%$hashref)) {
 3202: 	    my ($v,$symb,$param) = split(/:/,$key);
 3203: 	    next if ($v eq 'version' || $symb eq 'keys');
 3204: 	    next if (exists($data{$symb}) && 
 3205: 		     exists($data{$symb}->{$param}) &&
 3206: 		     $data{$symb}->{'v.'.$param} > $v);
 3207: 	    $data{$symb}->{$param}=$value;
 3208: 	    $data{$symb}->{'v.'.$param}=$v;
 3209: 	}
 3210: 	if (&untie_user_hash($hashref)) {
 3211: 	    while (my ($symb,$param_hash) = each(%data)) {
 3212: 		while(my ($param,$value) = each (%$param_hash)){
 3213: 		    next if ($param =~ /^v\./);       # Ignore versions...
 3214: 		    #
 3215: 		    #   Just dump the symb=value pairs separated by &
 3216: 		    #
 3217: 		    $qresult.=$symb.':'.$param.'='.$value.'&';
 3218: 		}
 3219: 	    }
 3220: 	    chop($qresult);
 3221: 	    &Reply($client , \$qresult, $userinput);
 3222: 	} else {
 3223: 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
 3224: 		     "while attempting currentdump\n", $userinput);
 3225: 	}
 3226:     } else {
 3227: 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 3228: 		"while attempting currentdump\n", $userinput);
 3229:     }
 3230: 
 3231:     return 1;
 3232: }
 3233: &register_handler("currentdump", \&dump_profile_database, 0, 1, 0);
 3234: 
 3235: #
 3236: #   Dump a profile database with an optional regular expression
 3237: #   to match against the keys.  In this dump, no effort is made
 3238: #   to separate symb from version information. Presumably the
 3239: #   databases that are dumped by this command are of a different
 3240: #   structure.  Need to look at this and improve the documentation of
 3241: #   both this and the currentdump handler.
 3242: # Parameters:
 3243: #    $cmd                     - The command keyword.
 3244: #    $tail                    - All of the characters after the $cmd:
 3245: #                               These are expected to be a colon
 3246: #                               separated list containing:
 3247: #                               domain/user - identifying the user.
 3248: #                               namespace   - identifying the database.
 3249: #                               regexp      - optional regular expression
 3250: #                                             that is matched against
 3251: #                                             database keywords to do
 3252: #                                             selective dumps.
 3253: #                               range       - optional range of entries
 3254: #                                             e.g., 10-20 would return the
 3255: #                                             10th to 19th items, etc.  
 3256: #   $client                   - Channel open on the client.
 3257: # Returns:
 3258: #    1    - Continue processing.
 3259: # Side effects:
 3260: #    response is written to $client.
 3261: #
 3262: sub dump_with_regexp {
 3263:     my ($cmd, $tail, $client) = @_;
 3264: 
 3265:     my $res = LONCAPA::Lond::dump_with_regexp($tail, $clientversion);
 3266:     
 3267:     if ($res =~ /^error:/) {
 3268:         Failure($client, \$res, "$cmd:$tail");
 3269:     } else {
 3270:         Reply($client, \$res, "$cmd:$tail");
 3271:     }
 3272: 
 3273:     return 1;
 3274: }
 3275: &register_handler("dump", \&dump_with_regexp, 0, 1, 0);
 3276: 
 3277: #  Store a set of key=value pairs associated with a versioned name.
 3278: #
 3279: #  Parameters:
 3280: #    $cmd                - Request command keyword.
 3281: #    $tail               - Tail of the request.  This is a colon
 3282: #                          separated list containing:
 3283: #                          domain/user - User and authentication domain.
 3284: #                          namespace   - Name of the database being modified
 3285: #                          rid         - Resource keyword to modify.
 3286: #                          what        - new value associated with rid.
 3287: #
 3288: #    $client             - Socket open on the client.
 3289: #
 3290: #
 3291: #  Returns:
 3292: #      1 (keep on processing).
 3293: #  Side-Effects:
 3294: #    Writes to the client
 3295: sub store_handler {
 3296:     my ($cmd, $tail, $client) = @_;
 3297:  
 3298:     my $userinput = "$cmd:$tail";
 3299: 
 3300:     my ($udom,$uname,$namespace,$rid,$what) =split(/:/,$tail);
 3301:     if ($namespace ne 'roles') {
 3302: 
 3303: 	chomp($what);
 3304: 	my @pairs=split(/\&/,$what);
 3305: 	my $hashref  = &tie_user_hash($udom, $uname, $namespace,
 3306: 				       &GDBM_WRCREAT(), "S",
 3307: 				       "$rid:$what");
 3308: 	if ($hashref) {
 3309: 	    my $now = time;
 3310: 	    my @previouskeys=split(/&/,$hashref->{"keys:$rid"});
 3311: 	    my $key;
 3312: 	    $hashref->{"version:$rid"}++;
 3313: 	    my $version=$hashref->{"version:$rid"};
 3314: 	    my $allkeys=''; 
 3315: 	    foreach my $pair (@pairs) {
 3316: 		my ($key,$value)=split(/=/,$pair);
 3317: 		$allkeys.=$key.':';
 3318: 		$hashref->{"$version:$rid:$key"}=$value;
 3319: 	    }
 3320: 	    $hashref->{"$version:$rid:timestamp"}=$now;
 3321: 	    $allkeys.='timestamp';
 3322: 	    $hashref->{"$version:keys:$rid"}=$allkeys;
 3323: 	    if (&untie_user_hash($hashref)) {
 3324: 		&Reply($client, "ok\n", $userinput);
 3325: 	    } else {
 3326: 		&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3327: 			"while attempting store\n", $userinput);
 3328: 	    }
 3329: 	} else {
 3330: 	    &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 3331: 		     "while attempting store\n", $userinput);
 3332: 	}
 3333:     } else {
 3334: 	&Failure($client, "refused\n", $userinput);
 3335:     }
 3336: 
 3337:     return 1;
 3338: }
 3339: &register_handler("store", \&store_handler, 0, 1, 0);
 3340: 
 3341: #  Modify a set of key=value pairs associated with a versioned name.
 3342: #
 3343: #  Parameters:
 3344: #    $cmd                - Request command keyword.
 3345: #    $tail               - Tail of the request.  This is a colon
 3346: #                          separated list containing:
 3347: #                          domain/user - User and authentication domain.
 3348: #                          namespace   - Name of the database being modified
 3349: #                          rid         - Resource keyword to modify.
 3350: #                          v           - Version item to modify
 3351: #                          what        - new value associated with rid.
 3352: #
 3353: #    $client             - Socket open on the client.
 3354: #
 3355: #
 3356: #  Returns:
 3357: #      1 (keep on processing).
 3358: #  Side-Effects:
 3359: #    Writes to the client
 3360: sub putstore_handler {
 3361:     my ($cmd, $tail, $client) = @_;
 3362:  
 3363:     my $userinput = "$cmd:$tail";
 3364: 
 3365:     my ($udom,$uname,$namespace,$rid,$v,$what) =split(/:/,$tail);
 3366:     if ($namespace ne 'roles') {
 3367: 
 3368: 	chomp($what);
 3369: 	my $hashref  = &tie_user_hash($udom, $uname, $namespace,
 3370: 				       &GDBM_WRCREAT(), "M",
 3371: 				       "$rid:$v:$what");
 3372: 	if ($hashref) {
 3373: 	    my $now = time;
 3374: 	    my %data = &hash_extract($what);
 3375: 	    my @allkeys;
 3376: 	    while (my($key,$value) = each(%data)) {
 3377: 		push(@allkeys,$key);
 3378: 		$hashref->{"$v:$rid:$key"} = $value;
 3379: 	    }
 3380: 	    my $allkeys = join(':',@allkeys);
 3381: 	    $hashref->{"$v:keys:$rid"}=$allkeys;
 3382: 
 3383: 	    if (&untie_user_hash($hashref)) {
 3384: 		&Reply($client, "ok\n", $userinput);
 3385: 	    } else {
 3386: 		&Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3387: 			"while attempting store\n", $userinput);
 3388: 	    }
 3389: 	} else {
 3390: 	    &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 3391: 		     "while attempting store\n", $userinput);
 3392: 	}
 3393:     } else {
 3394: 	&Failure($client, "refused\n", $userinput);
 3395:     }
 3396: 
 3397:     return 1;
 3398: }
 3399: &register_handler("putstore", \&putstore_handler, 0, 1, 0);
 3400: 
 3401: sub hash_extract {
 3402:     my ($str)=@_;
 3403:     my %hash;
 3404:     foreach my $pair (split(/\&/,$str)) {
 3405: 	my ($key,$value)=split(/=/,$pair);
 3406: 	$hash{$key}=$value;
 3407:     }
 3408:     return (%hash);
 3409: }
 3410: sub hash_to_str {
 3411:     my ($hash_ref)=@_;
 3412:     my $str;
 3413:     foreach my $key (keys(%$hash_ref)) {
 3414: 	$str.=$key.'='.$hash_ref->{$key}.'&';
 3415:     }
 3416:     $str=~s/\&$//;
 3417:     return $str;
 3418: }
 3419: 
 3420: #
 3421: #  Dump out all versions of a resource that has key=value pairs associated
 3422: # with it for each version.  These resources are built up via the store
 3423: # command.
 3424: #
 3425: #  Parameters:
 3426: #     $cmd               - Command keyword.
 3427: #     $tail              - Remainder of the request which consists of:
 3428: #                          domain/user   - User and auth. domain.
 3429: #                          namespace     - name of resource database.
 3430: #                          rid           - Resource id.
 3431: #    $client             - socket open on the client.
 3432: #
 3433: # Returns:
 3434: #      1  indicating the caller should not yet exit.
 3435: # Side-effects:
 3436: #   Writes a reply to the client.
 3437: #   The reply is a string of the following shape:
 3438: #   version=current&version:keys=k1:k2...&1:k1=v1&1:k2=v2...
 3439: #    Where the 1 above represents version 1.
 3440: #    this continues for all pairs of keys in all versions.
 3441: #
 3442: #
 3443: #    
 3444: #
 3445: sub restore_handler {
 3446:     my ($cmd, $tail, $client) = @_;
 3447: 
 3448:     my $userinput = "$cmd:$tail";	# Only used for logging purposes.
 3449:     my ($udom,$uname,$namespace,$rid) = split(/:/,$tail);
 3450:     $namespace=~s/\//\_/g;
 3451:     $namespace = &LONCAPA::clean_username($namespace);
 3452: 
 3453:     chomp($rid);
 3454:     my $qresult='';
 3455:     my $hashref = &tie_user_hash($udom, $uname, $namespace, &GDBM_READER());
 3456:     if ($hashref) {
 3457: 	my $version=$hashref->{"version:$rid"};
 3458: 	$qresult.="version=$version&";
 3459: 	my $scope;
 3460: 	for ($scope=1;$scope<=$version;$scope++) {
 3461: 	    my $vkeys=$hashref->{"$scope:keys:$rid"};
 3462: 	    my @keys=split(/:/,$vkeys);
 3463: 	    my $key;
 3464: 	    $qresult.="$scope:keys=$vkeys&";
 3465: 	    foreach $key (@keys) {
 3466: 		$qresult.="$scope:$key=".$hashref->{"$scope:$rid:$key"}."&";
 3467: 	    }                                  
 3468: 	}
 3469: 	if (&untie_user_hash($hashref)) {
 3470: 	    $qresult=~s/\&$//;
 3471: 	    &Reply( $client, \$qresult, $userinput);
 3472: 	} else {
 3473: 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3474: 		    "while attempting restore\n", $userinput);
 3475: 	}
 3476:     } else {
 3477: 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 3478: 		"while attempting restore\n", $userinput);
 3479:     }
 3480:   
 3481:     return 1;
 3482: 
 3483: 
 3484: }
 3485: &register_handler("restore", \&restore_handler, 0,1,0);
 3486: 
 3487: #
 3488: #   Add a chat message to a synchronous discussion board.
 3489: #
 3490: # Parameters:
 3491: #    $cmd                - Request keyword.
 3492: #    $tail               - Tail of the command. A colon separated list
 3493: #                          containing:
 3494: #                          cdom    - Domain on which the chat board lives
 3495: #                          cnum    - Course containing the chat board.
 3496: #                          newpost - Body of the posting.
 3497: #                          group   - Optional group, if chat board is only 
 3498: #                                    accessible in a group within the course 
 3499: #   $client              - Socket open on the client.
 3500: # Returns:
 3501: #   1    - Indicating caller should keep on processing.
 3502: #
 3503: # Side-effects:
 3504: #   writes a reply to the client.
 3505: #
 3506: #
 3507: sub send_chat_handler {
 3508:     my ($cmd, $tail, $client) = @_;
 3509: 
 3510:     
 3511:     my $userinput = "$cmd:$tail";
 3512: 
 3513:     my ($cdom,$cnum,$newpost,$group)=split(/\:/,$tail);
 3514:     &chat_add($cdom,$cnum,$newpost,$group);
 3515:     &Reply($client, "ok\n", $userinput);
 3516: 
 3517:     return 1;
 3518: }
 3519: &register_handler("chatsend", \&send_chat_handler, 0, 1, 0);
 3520: 
 3521: #
 3522: #   Retrieve the set of chat messages from a discussion board.
 3523: #
 3524: #  Parameters:
 3525: #    $cmd             - Command keyword that initiated the request.
 3526: #    $tail            - Remainder of the request after the command
 3527: #                       keyword.  In this case a colon separated list of
 3528: #                       chat domain    - Which discussion board.
 3529: #                       chat id        - Discussion thread(?)
 3530: #                       domain/user    - Authentication domain and username
 3531: #                                        of the requesting person.
 3532: #                       group          - Optional course group containing
 3533: #                                        the board.      
 3534: #   $client           - Socket open on the client program.
 3535: # Returns:
 3536: #    1     - continue processing
 3537: # Side effects:
 3538: #    Response is written to the client.
 3539: #
 3540: sub retrieve_chat_handler {
 3541:     my ($cmd, $tail, $client) = @_;
 3542: 
 3543: 
 3544:     my $userinput = "$cmd:$tail";
 3545: 
 3546:     my ($cdom,$cnum,$udom,$uname,$group)=split(/\:/,$tail);
 3547:     my $reply='';
 3548:     foreach (&get_chat($cdom,$cnum,$udom,$uname,$group)) {
 3549: 	$reply.=&escape($_).':';
 3550:     }
 3551:     $reply=~s/\:$//;
 3552:     &Reply($client, \$reply, $userinput);
 3553: 
 3554: 
 3555:     return 1;
 3556: }
 3557: &register_handler("chatretr", \&retrieve_chat_handler, 0, 1, 0);
 3558: 
 3559: #
 3560: #  Initiate a query of an sql database.  SQL query repsonses get put in
 3561: #  a file for later retrieval.  This prevents sql query results from
 3562: #  bottlenecking the system.  Note that with loncnew, perhaps this is
 3563: #  less of an issue since multiple outstanding requests can be concurrently
 3564: #  serviced.
 3565: #
 3566: #  Parameters:
 3567: #     $cmd       - COmmand keyword that initiated the request.
 3568: #     $tail      - Remainder of the command after the keyword.
 3569: #                  For this function, this consists of a query and
 3570: #                  3 arguments that are self-documentingly labelled
 3571: #                  in the original arg1, arg2, arg3.
 3572: #     $client    - Socket open on the client.
 3573: # Return:
 3574: #    1   - Indicating processing should continue.
 3575: # Side-effects:
 3576: #    a reply is written to $client.
 3577: #
 3578: sub send_query_handler {
 3579:     my ($cmd, $tail, $client) = @_;
 3580: 
 3581: 
 3582:     my $userinput = "$cmd:$tail";
 3583: 
 3584:     my ($query,$arg1,$arg2,$arg3)=split(/\:/,$tail);
 3585:     $query=~s/\n*$//g;
 3586:     &Reply($client, "". &sql_reply("$clientname\&$query".
 3587: 				"\&$arg1"."\&$arg2"."\&$arg3")."\n",
 3588: 	  $userinput);
 3589:     
 3590:     return 1;
 3591: }
 3592: &register_handler("querysend", \&send_query_handler, 0, 1, 0);
 3593: 
 3594: #
 3595: #   Add a reply to an sql query.  SQL queries are done asyncrhonously.
 3596: #   The query is submitted via a "querysend" transaction.
 3597: #   There it is passed on to the lonsql daemon, queued and issued to
 3598: #   mysql.
 3599: #     This transaction is invoked when the sql transaction is complete
 3600: #   it stores the query results in flie and indicates query completion.
 3601: #   presumably local software then fetches this response... I'm guessing
 3602: #   the sequence is: lonc does a querysend, we ask lonsql to do it.
 3603: #   lonsql on completion of the query interacts with the lond of our
 3604: #   client to do a query reply storing two files:
 3605: #    - id     - The results of the query.
 3606: #    - id.end - Indicating the transaction completed. 
 3607: #    NOTE: id is a unique id assigned to the query and querysend time.
 3608: # Parameters:
 3609: #    $cmd        - Command keyword that initiated this request.
 3610: #    $tail       - Remainder of the tail.  In this case that's a colon
 3611: #                  separated list containing the query Id and the 
 3612: #                  results of the query.
 3613: #    $client     - Socket open on the client.
 3614: # Return:
 3615: #    1           - Indicating that we should continue processing.
 3616: # Side effects:
 3617: #    ok written to the client.
 3618: #
 3619: sub reply_query_handler {
 3620:     my ($cmd, $tail, $client) = @_;
 3621: 
 3622: 
 3623:     my $userinput = "$cmd:$tail";
 3624: 
 3625:     my ($id,$reply)=split(/:/,$tail); 
 3626:     my $store;
 3627:     my $execdir=$perlvar{'lonDaemons'};
 3628:     if ($store=IO::File->new(">$execdir/tmp/$id")) {
 3629: 	$reply=~s/\&/\n/g;
 3630: 	print $store $reply;
 3631: 	close $store;
 3632: 	my $store2=IO::File->new(">$execdir/tmp/$id.end");
 3633: 	print $store2 "done\n";
 3634: 	close $store2;
 3635: 	&Reply($client, "ok\n", $userinput);
 3636:     } else {
 3637: 	&Failure($client, "error: ".($!+0)
 3638: 		." IO::File->new Failed ".
 3639: 		"while attempting queryreply\n", $userinput);
 3640:     }
 3641:  
 3642: 
 3643:     return 1;
 3644: }
 3645: &register_handler("queryreply", \&reply_query_handler, 0, 1, 0);
 3646: 
 3647: #
 3648: #  Process the courseidput request.  Not quite sure what this means
 3649: #  at the system level sense.  It appears a gdbm file in the 
 3650: #  /home/httpd/lonUsers/$domain/nohist_courseids is tied and
 3651: #  a set of entries made in that database.
 3652: #
 3653: # Parameters:
 3654: #   $cmd      - The command keyword that initiated this request.
 3655: #   $tail     - Tail of the command.  In this case consists of a colon
 3656: #               separated list contaning the domain to apply this to and
 3657: #               an ampersand separated list of keyword=value pairs.
 3658: #               Each value is a colon separated list that includes:  
 3659: #               description, institutional code and course owner.
 3660: #               For backward compatibility with versions included
 3661: #               in LON-CAPA 1.1.X (and earlier) and 1.2.X, institutional
 3662: #               code and/or course owner are preserved from the existing 
 3663: #               record when writing a new record in response to 1.1 or 
 3664: #               1.2 implementations of lonnet::flushcourselogs().   
 3665: #                      
 3666: #   $client   - Socket open on the client.
 3667: # Returns:
 3668: #   1    - indicating that processing should continue
 3669: #
 3670: # Side effects:
 3671: #   reply is written to the client.
 3672: #
 3673: sub put_course_id_handler {
 3674:     my ($cmd, $tail, $client) = @_;
 3675: 
 3676: 
 3677:     my $userinput = "$cmd:$tail";
 3678: 
 3679:     my ($udom, $what) = split(/:/, $tail,2);
 3680:     chomp($what);
 3681:     my $now=time;
 3682:     my @pairs=split(/\&/,$what);
 3683: 
 3684:     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
 3685:     if ($hashref) {
 3686: 	foreach my $pair (@pairs) {
 3687:             my ($key,$courseinfo) = split(/=/,$pair,2);
 3688:             $courseinfo =~ s/=/:/g;
 3689:             if (defined($hashref->{$key})) {
 3690:                 my $value = &Apache::lonnet::thaw_unescape($hashref->{$key});
 3691:                 if (ref($value) eq 'HASH') {
 3692:                     my @items = ('description','inst_code','owner','type');
 3693:                     my @new_items = split(/:/,$courseinfo,-1);
 3694:                     my %storehash; 
 3695:                     for (my $i=0; $i<@new_items; $i++) {
 3696:                         $storehash{$items[$i]} = &unescape($new_items[$i]);
 3697:                     }
 3698:                     $hashref->{$key} = 
 3699:                         &Apache::lonnet::freeze_escape(\%storehash);
 3700:                     my $unesc_key = &unescape($key);
 3701:                     $hashref->{&escape('lasttime:'.$unesc_key)} = $now;
 3702:                     next;
 3703:                 }
 3704:             }
 3705:             my @current_items = split(/:/,$hashref->{$key},-1);
 3706:             shift(@current_items); # remove description
 3707:             pop(@current_items);   # remove last access
 3708:             my $numcurrent = scalar(@current_items);
 3709:             if ($numcurrent > 3) {
 3710:                 $numcurrent = 3;
 3711:             }
 3712:             my @new_items = split(/:/,$courseinfo,-1);
 3713:             my $numnew = scalar(@new_items);
 3714:             if ($numcurrent > 0) {
 3715:                 if ($numnew <= $numcurrent) { # flushcourselogs() from pre 2.2 
 3716:                     for (my $j=$numcurrent-$numnew; $j>=0; $j--) {
 3717:                         $courseinfo .= ':'.$current_items[$numcurrent-$j-1];
 3718:                     }
 3719:                 }
 3720:             }
 3721:             $hashref->{$key}=$courseinfo.':'.$now;
 3722: 	}
 3723: 	if (&untie_domain_hash($hashref)) {
 3724: 	    &Reply( $client, "ok\n", $userinput);
 3725: 	} else {
 3726: 	    &Failure($client, "error: ".($!+0)
 3727: 		     ." untie(GDBM) Failed ".
 3728: 		     "while attempting courseidput\n", $userinput);
 3729: 	}
 3730:     } else {
 3731: 	&Failure($client, "error: ".($!+0)
 3732: 		 ." tie(GDBM) Failed ".
 3733: 		 "while attempting courseidput\n", $userinput);
 3734:     }
 3735: 
 3736:     return 1;
 3737: }
 3738: &register_handler("courseidput", \&put_course_id_handler, 0, 1, 0);
 3739: 
 3740: sub put_course_id_hash_handler {
 3741:     my ($cmd, $tail, $client) = @_;
 3742:     my $userinput = "$cmd:$tail";
 3743:     my ($udom,$mode,$what) = split(/:/, $tail,3);
 3744:     chomp($what);
 3745:     my $now=time;
 3746:     my @pairs=split(/\&/,$what);
 3747:     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
 3748:     if ($hashref) {
 3749:         foreach my $pair (@pairs) {
 3750:             my ($key,$value)=split(/=/,$pair);
 3751:             my $unesc_key = &unescape($key);
 3752:             if ($mode ne 'timeonly') {
 3753:                 if (!defined($hashref->{&escape('lasttime:'.$unesc_key)})) {
 3754:                     my $curritems = &Apache::lonnet::thaw_unescape($key); 
 3755:                     if (ref($curritems) ne 'HASH') {
 3756:                         my @current_items = split(/:/,$hashref->{$key},-1);
 3757:                         my $lasttime = pop(@current_items);
 3758:                         $hashref->{&escape('lasttime:'.$unesc_key)} = $lasttime;
 3759:                     } else {
 3760:                         $hashref->{&escape('lasttime:'.$unesc_key)} = '';
 3761:                     }
 3762:                 } 
 3763:                 $hashref->{$key} = $value;
 3764:             }
 3765:             if ($mode ne 'notime') {
 3766:                 $hashref->{&escape('lasttime:'.$unesc_key)} = $now;
 3767:             }
 3768:         }
 3769:         if (&untie_domain_hash($hashref)) {
 3770:             &Reply($client, "ok\n", $userinput);
 3771:         } else {
 3772:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 3773:                      "while attempting courseidputhash\n", $userinput);
 3774:         }
 3775:     } else {
 3776:         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 3777:                   "while attempting courseidputhash\n", $userinput);
 3778:     }
 3779:     return 1;
 3780: }
 3781: &register_handler("courseidputhash", \&put_course_id_hash_handler, 0, 1, 0);
 3782: 
 3783: #  Retrieves the value of a course id resource keyword pattern
 3784: #  defined since a starting date.  Both the starting date and the
 3785: #  keyword pattern are optional.  If the starting date is not supplied it
 3786: #  is treated as the beginning of time.  If the pattern is not found,
 3787: #  it is treatred as "." matching everything.
 3788: #
 3789: #  Parameters:
 3790: #     $cmd     - Command keyword that resulted in us being dispatched.
 3791: #     $tail    - The remainder of the command that, in this case, consists
 3792: #                of a colon separated list of:
 3793: #                 domain   - The domain in which the course database is 
 3794: #                            defined.
 3795: #                 since    - Optional parameter describing the minimum
 3796: #                            time of definition(?) of the resources that
 3797: #                            will match the dump.
 3798: #                 description - regular expression that is used to filter
 3799: #                            the dump.  Only keywords matching this regexp
 3800: #                            will be used.
 3801: #                 institutional code - optional supplied code to filter 
 3802: #                            the dump. Only courses with an institutional code 
 3803: #                            that match the supplied code will be returned.
 3804: #                 owner    - optional supplied username and domain of owner to
 3805: #                            filter the dump.  Only courses for which the course
 3806: #                            owner matches the supplied username and/or domain
 3807: #                            will be returned. Pre-2.2.0 legacy entries from 
 3808: #                            nohist_courseiddump will only contain usernames.
 3809: #                 type     - optional parameter for selection 
 3810: #                 regexp_ok - if 1 or -1 allow the supplied institutional code
 3811: #                            filter to behave as a regular expression:
 3812: #	                      1 will not exclude the course if the instcode matches the RE 
 3813: #                            -1 will exclude the course if the instcode matches the RE
 3814: #                 rtn_as_hash - whether to return the information available for
 3815: #                            each matched item as a frozen hash of all 
 3816: #                            key, value pairs in the item's hash, or as a 
 3817: #                            colon-separated list of (in order) description,
 3818: #                            institutional code, and course owner.
 3819: #                 selfenrollonly - filter by courses allowing self-enrollment  
 3820: #                                  now or in the future (selfenrollonly = 1).
 3821: #                 catfilter - filter by course category, assigned to a course 
 3822: #                             using manually defined categories (i.e., not
 3823: #                             self-cataloging based on on institutional code).   
 3824: #                 showhidden - include course in results even if course  
 3825: #                              was set to be excluded from course catalog (DC only).
 3826: #                 caller -  if set to 'coursecatalog', courses set to be hidden
 3827: #                           from course catalog will be excluded from results (unless
 3828: #                           overridden by "showhidden".
 3829: #                 cloner - escaped username:domain of course cloner (if picking course to
 3830: #                          clone).
 3831: #                 cc_clone_list - escaped comma separated list of courses for which 
 3832: #                                 course cloner has active CC role (and so can clone
 3833: #                                 automatically).
 3834: #                 cloneonly - filter by courses for which cloner has rights to clone.
 3835: #                 createdbefore - include courses for which creation date preceeded this date.
 3836: #                 createdafter - include courses for which creation date followed this date.
 3837: #                 creationcontext - include courses created in specified context 
 3838: #
 3839: #                 domcloner - flag to indicate if user can create CCs in course's domain.
 3840: #                             If so, ability to clone course is automatic.
 3841: #                 hasuniquecode - filter by courses for which a six character unique code has 
 3842: #                                 been set.
 3843: #
 3844: #     $client  - The socket open on the client.
 3845: # Returns:
 3846: #    1     - Continue processing.
 3847: # Side Effects:
 3848: #   a reply is written to $client.
 3849: sub dump_course_id_handler {
 3850:     my ($cmd, $tail, $client) = @_;
 3851: 
 3852:     my $res = LONCAPA::Lond::dump_course_id_handler($tail);
 3853:     if ($res =~ /^error:/) {
 3854:         Failure($client, \$res, "$cmd:$tail");
 3855:     } else {
 3856:         Reply($client, \$res, "$cmd:$tail");
 3857:     }
 3858: 
 3859:     return 1;  
 3860: 
 3861:     #TODO remove
 3862:     my $userinput = "$cmd:$tail";
 3863: 
 3864:     my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter,
 3865:         $typefilter,$regexp_ok,$rtn_as_hash,$selfenrollonly,$catfilter,$showhidden,
 3866:         $caller,$cloner,$cc_clone_list,$cloneonly,$createdbefore,$createdafter,
 3867:         $creationcontext,$domcloner,$hasuniquecode) =split(/:/,$tail);
 3868:     my $now = time;
 3869:     my ($cloneruname,$clonerudom,%cc_clone);
 3870:     if (defined($description)) {
 3871: 	$description=&unescape($description);
 3872:     } else {
 3873: 	$description='.';
 3874:     }
 3875:     if (defined($instcodefilter)) {
 3876:         $instcodefilter=&unescape($instcodefilter);
 3877:     } else {
 3878:         $instcodefilter='.';
 3879:     }
 3880:     my ($ownerunamefilter,$ownerdomfilter);
 3881:     if (defined($ownerfilter)) {
 3882:         $ownerfilter=&unescape($ownerfilter);
 3883:         if ($ownerfilter ne '.' && defined($ownerfilter)) {
 3884:             if ($ownerfilter =~ /^([^:]*):([^:]*)$/) {
 3885:                  $ownerunamefilter = $1;
 3886:                  $ownerdomfilter = $2;
 3887:             } else {
 3888:                 $ownerunamefilter = $ownerfilter;
 3889:                 $ownerdomfilter = '';
 3890:             }
 3891:         }
 3892:     } else {
 3893:         $ownerfilter='.';
 3894:     }
 3895: 
 3896:     if (defined($coursefilter)) {
 3897:         $coursefilter=&unescape($coursefilter);
 3898:     } else {
 3899:         $coursefilter='.';
 3900:     }
 3901:     if (defined($typefilter)) {
 3902:         $typefilter=&unescape($typefilter);
 3903:     } else {
 3904:         $typefilter='.';
 3905:     }
 3906:     if (defined($regexp_ok)) {
 3907:         $regexp_ok=&unescape($regexp_ok);
 3908:     }
 3909:     if (defined($catfilter)) {
 3910:         $catfilter=&unescape($catfilter);
 3911:     }
 3912:     if (defined($cloner)) {
 3913:         $cloner = &unescape($cloner);
 3914:         ($cloneruname,$clonerudom) = ($cloner =~ /^($LONCAPA::match_username):($LONCAPA::match_domain)$/); 
 3915:     }
 3916:     if (defined($cc_clone_list)) {
 3917:         $cc_clone_list = &unescape($cc_clone_list);
 3918:         my @cc_cloners = split('&',$cc_clone_list);
 3919:         foreach my $cid (@cc_cloners) {
 3920:             my ($clonedom,$clonenum) = split(':',$cid);
 3921:             next if ($clonedom ne $udom); 
 3922:             $cc_clone{$clonedom.'_'.$clonenum} = 1;
 3923:         } 
 3924:     }
 3925:     if ($createdbefore ne '') {
 3926:         $createdbefore = &unescape($createdbefore);
 3927:     } else {
 3928:        $createdbefore = 0;
 3929:     }
 3930:     if ($createdafter ne '') {
 3931:         $createdafter = &unescape($createdafter);
 3932:     } else {
 3933:         $createdafter = 0;
 3934:     }
 3935:     if ($creationcontext ne '') {
 3936:         $creationcontext = &unescape($creationcontext);
 3937:     } else {
 3938:         $creationcontext = '.';
 3939:     }
 3940:     unless ($hasuniquecode) {
 3941:         $hasuniquecode = '.';
 3942:     }
 3943:     my $unpack = 1;
 3944:     if ($description eq '.' && $instcodefilter eq '.' && $ownerfilter eq '.' && 
 3945:         $typefilter eq '.') {
 3946:         $unpack = 0;
 3947:     }
 3948:     if (!defined($since)) { $since=0; }
 3949:     my $qresult='';
 3950:     my $hashref = &tie_domain_hash($udom, "nohist_courseids", &GDBM_WRCREAT());
 3951:     if ($hashref) {
 3952: 	while (my ($key,$value) = each(%$hashref)) {
 3953:             my ($unesc_key,$lasttime_key,$lasttime,$is_hash,%val,
 3954:                 %unesc_val,$selfenroll_end,$selfenroll_types,$created,
 3955:                 $context);
 3956:             $unesc_key = &unescape($key);
 3957:             if ($unesc_key =~ /^lasttime:/) {
 3958:                 next;
 3959:             } else {
 3960:                 $lasttime_key = &escape('lasttime:'.$unesc_key);
 3961:             }
 3962:             if ($hashref->{$lasttime_key} ne '') {
 3963:                 $lasttime = $hashref->{$lasttime_key};
 3964:                 next if ($lasttime<$since);
 3965:             }
 3966:             my ($canclone,$valchange);
 3967:             my $items = &Apache::lonnet::thaw_unescape($value);
 3968:             if (ref($items) eq 'HASH') {
 3969:                 if ($hashref->{$lasttime_key} eq '') {
 3970:                     next if ($since > 1);
 3971:                 }
 3972:                 $is_hash =  1;
 3973:                 if ($domcloner) {
 3974:                     $canclone = 1;
 3975:                 } elsif (defined($clonerudom)) {
 3976:                     if ($items->{'cloners'}) {
 3977:                         my @cloneable = split(',',$items->{'cloners'});
 3978:                         if (@cloneable) {
 3979:                             if (grep(/^\*$/,@cloneable))  {
 3980:                                 $canclone = 1;
 3981:                             } elsif (grep(/^\*:\Q$clonerudom\E$/,@cloneable)) {
 3982:                                 $canclone = 1;
 3983:                             } elsif (grep(/^\Q$cloneruname\E:\Q$clonerudom\E$/,@cloneable)) {
 3984:                                 $canclone = 1;
 3985:                             }
 3986:                         }
 3987:                         unless ($canclone) {
 3988:                             if ($cloneruname ne '' && $clonerudom ne '') {
 3989:                                 if ($cc_clone{$unesc_key}) {
 3990:                                     $canclone = 1;
 3991:                                     $items->{'cloners'} .= ','.$cloneruname.':'.
 3992:                                                            $clonerudom;
 3993:                                     $valchange = 1;
 3994:                                 }
 3995:                             }
 3996:                         }
 3997:                     } elsif (defined($cloneruname)) {
 3998:                         if ($cc_clone{$unesc_key}) {
 3999:                             $canclone = 1;
 4000:                             $items->{'cloners'} = $cloneruname.':'.$clonerudom;
 4001:                             $valchange = 1;
 4002:                         }
 4003:                         unless ($canclone) {
 4004:                             if ($items->{'owner'} =~ /:/) {
 4005:                                 if ($items->{'owner'} eq $cloner) {
 4006:                                     $canclone = 1;
 4007:                                 }
 4008:                             } elsif ($cloner eq $items->{'owner'}.':'.$udom) {
 4009:                                 $canclone = 1;
 4010:                             }
 4011:                             if ($canclone) {
 4012:                                 $items->{'cloners'} = $cloneruname.':'.$clonerudom;
 4013:                                 $valchange = 1;
 4014:                             }
 4015:                         }
 4016:                     }
 4017:                 }
 4018:                 if ($unpack || !$rtn_as_hash) {
 4019:                     $unesc_val{'descr'} = $items->{'description'};
 4020:                     $unesc_val{'inst_code'} = $items->{'inst_code'};
 4021:                     $unesc_val{'owner'} = $items->{'owner'};
 4022:                     $unesc_val{'type'} = $items->{'type'};
 4023:                     $unesc_val{'cloners'} = $items->{'cloners'};
 4024:                     $unesc_val{'created'} = $items->{'created'};
 4025:                     $unesc_val{'context'} = $items->{'context'};
 4026:                 }
 4027:                 $selfenroll_types = $items->{'selfenroll_types'};
 4028:                 $selfenroll_end = $items->{'selfenroll_end_date'};
 4029:                 $created = $items->{'created'};
 4030:                 $context = $items->{'context'};
 4031:                 if ($hasuniquecode ne '.') {
 4032:                     next unless ($items->{'uniquecode'});
 4033:                 }
 4034:                 if ($selfenrollonly) {
 4035:                     next if (!$selfenroll_types);
 4036:                     if (($selfenroll_end > 0) && ($selfenroll_end <= $now)) {
 4037:                         next;
 4038:                     }
 4039:                 }
 4040:                 if ($creationcontext ne '.') {
 4041:                     next if (($context ne '') && ($context ne $creationcontext));  
 4042:                 }
 4043:                 if ($createdbefore > 0) {
 4044:                     next if (($created eq '') || ($created > $createdbefore));   
 4045:                 }
 4046:                 if ($createdafter > 0) {
 4047:                     next if (($created eq '') || ($created <= $createdafter)); 
 4048:                 }
 4049:                 if ($catfilter ne '') {
 4050:                     next if ($items->{'categories'} eq '');
 4051:                     my @categories = split('&',$items->{'categories'}); 
 4052:                     next if (@categories == 0);
 4053:                     my @subcats = split('&',$catfilter);
 4054:                     my $matchcat = 0;
 4055:                     foreach my $cat (@categories) {
 4056:                         if (grep(/^\Q$cat\E$/,@subcats)) {
 4057:                             $matchcat = 1;
 4058:                             last;
 4059:                         }
 4060:                     }
 4061:                     next if (!$matchcat);
 4062:                 }
 4063:                 if ($caller eq 'coursecatalog') {
 4064:                     if ($items->{'hidefromcat'} eq 'yes') {
 4065:                         next if !$showhidden;
 4066:                     }
 4067:                 }
 4068:             } else {
 4069:                 next if ($catfilter ne '');
 4070:                 next if ($selfenrollonly);
 4071:                 next if ($createdbefore || $createdafter);
 4072:                 next if ($creationcontext ne '.');
 4073:                 if ((defined($clonerudom)) && (defined($cloneruname)))  {
 4074:                     if ($cc_clone{$unesc_key}) {
 4075:                         $canclone = 1;
 4076:                         $val{'cloners'} = &escape($cloneruname.':'.$clonerudom);
 4077:                     }
 4078:                 }
 4079:                 $is_hash =  0;
 4080:                 my @courseitems = split(/:/,$value);
 4081:                 $lasttime = pop(@courseitems);
 4082:                 if ($hashref->{$lasttime_key} eq '') {
 4083:                     next if ($lasttime<$since);
 4084:                 }
 4085: 	        ($val{'descr'},$val{'inst_code'},$val{'owner'},$val{'type'}) = @courseitems;
 4086:             }
 4087:             if ($cloneonly) {
 4088:                next unless ($canclone);
 4089:             }
 4090:             my $match = 1;
 4091: 	    if ($description ne '.') {
 4092:                 if (!$is_hash) {
 4093:                     $unesc_val{'descr'} = &unescape($val{'descr'});
 4094:                 }
 4095:                 if (eval{$unesc_val{'descr'} !~ /\Q$description\E/i}) {
 4096:                     $match = 0;
 4097:                 }
 4098:             }
 4099:             if ($instcodefilter ne '.') {
 4100:                 if (!$is_hash) {
 4101:                     $unesc_val{'inst_code'} = &unescape($val{'inst_code'});
 4102:                 }
 4103:                 if ($regexp_ok == 1) {
 4104:                     if (eval{$unesc_val{'inst_code'} !~ /$instcodefilter/}) {
 4105:                         $match = 0;
 4106:                     }
 4107:                 } elsif ($regexp_ok == -1) {
 4108:                     if (eval{$unesc_val{'inst_code'} =~ /$instcodefilter/}) {
 4109:                         $match = 0;
 4110:                     }
 4111:                 } else {
 4112:                     if (eval{$unesc_val{'inst_code'} !~ /\Q$instcodefilter\E/i}) {
 4113:                         $match = 0;
 4114:                     }
 4115:                 }
 4116: 	    }
 4117:             if ($ownerfilter ne '.') {
 4118:                 if (!$is_hash) {
 4119:                     $unesc_val{'owner'} = &unescape($val{'owner'});
 4120:                 }
 4121:                 if (($ownerunamefilter ne '') && ($ownerdomfilter ne '')) {
 4122:                     if ($unesc_val{'owner'} =~ /:/) {
 4123:                         if (eval{$unesc_val{'owner'} !~ 
 4124:                              /\Q$ownerunamefilter\E:\Q$ownerdomfilter\E$/i}) {
 4125:                             $match = 0;
 4126:                         } 
 4127:                     } else {
 4128:                         if (eval{$unesc_val{'owner'} !~ /\Q$ownerunamefilter\E/i}) {
 4129:                             $match = 0;
 4130:                         }
 4131:                     }
 4132:                 } elsif ($ownerunamefilter ne '') {
 4133:                     if ($unesc_val{'owner'} =~ /:/) {
 4134:                         if (eval{$unesc_val{'owner'} !~ /\Q$ownerunamefilter\E:[^:]+$/i}) {
 4135:                              $match = 0;
 4136:                         }
 4137:                     } else {
 4138:                         if (eval{$unesc_val{'owner'} !~ /\Q$ownerunamefilter\E/i}) {
 4139:                             $match = 0;
 4140:                         }
 4141:                     }
 4142:                 } elsif ($ownerdomfilter ne '') {
 4143:                     if ($unesc_val{'owner'} =~ /:/) {
 4144:                         if (eval{$unesc_val{'owner'} !~ /^[^:]+:\Q$ownerdomfilter\E/}) {
 4145:                              $match = 0;
 4146:                         }
 4147:                     } else {
 4148:                         if ($ownerdomfilter ne $udom) {
 4149:                             $match = 0;
 4150:                         }
 4151:                     }
 4152:                 }
 4153:             }
 4154:             if ($coursefilter ne '.') {
 4155:                 if (eval{$unesc_key !~ /^$udom(_)\Q$coursefilter\E$/}) {
 4156:                     $match = 0;
 4157:                 }
 4158:             }
 4159:             if ($typefilter ne '.') {
 4160:                 if (!$is_hash) {
 4161:                     $unesc_val{'type'} = &unescape($val{'type'});
 4162:                 }
 4163:                 if ($unesc_val{'type'} eq '') {
 4164:                     if ($typefilter ne 'Course') {
 4165:                         $match = 0;
 4166:                     }
 4167:                 } else {
 4168:                     if (eval{$unesc_val{'type'} !~ /^\Q$typefilter\E$/}) {
 4169:                         $match = 0;
 4170:                     }
 4171:                 }
 4172:             }
 4173:             if ($match == 1) {
 4174:                 if ($rtn_as_hash) {
 4175:                     if ($is_hash) {
 4176:                         if ($valchange) {
 4177:                             my $newvalue = &Apache::lonnet::freeze_escape($items);
 4178:                             $qresult.=$key.'='.$newvalue.'&';
 4179:                         } else {
 4180:                             $qresult.=$key.'='.$value.'&';
 4181:                         }
 4182:                     } else {
 4183:                         my %rtnhash = ( 'description' => &unescape($val{'descr'}),
 4184:                                         'inst_code' => &unescape($val{'inst_code'}),
 4185:                                         'owner'     => &unescape($val{'owner'}),
 4186:                                         'type'      => &unescape($val{'type'}),
 4187:                                         'cloners'   => &unescape($val{'cloners'}),
 4188:                                       );
 4189:                         my $items = &Apache::lonnet::freeze_escape(\%rtnhash);
 4190:                         $qresult.=$key.'='.$items.'&';
 4191:                     }
 4192:                 } else {
 4193:                     if ($is_hash) {
 4194:                         $qresult .= $key.'='.&escape($unesc_val{'descr'}).':'.
 4195:                                     &escape($unesc_val{'inst_code'}).':'.
 4196:                                     &escape($unesc_val{'owner'}).'&';
 4197:                     } else {
 4198:                         $qresult .= $key.'='.$val{'descr'}.':'.$val{'inst_code'}.
 4199:                                     ':'.$val{'owner'}.'&';
 4200:                     }
 4201:                 }
 4202:             }
 4203: 	}
 4204: 	if (&untie_domain_hash($hashref)) {
 4205: 	    chop($qresult);
 4206: 	    &Reply($client, \$qresult, $userinput);
 4207: 	} else {
 4208: 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4209: 		    "while attempting courseiddump\n", $userinput);
 4210: 	}
 4211:     } else {
 4212: 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4213: 		"while attempting courseiddump\n", $userinput);
 4214:     }
 4215:     return 1;
 4216: }
 4217: &register_handler("courseiddump", \&dump_course_id_handler, 0, 1, 0);
 4218: 
 4219: sub course_lastaccess_handler {
 4220:     my ($cmd, $tail, $client) = @_;
 4221:     my $userinput = "$cmd:$tail";
 4222:     my ($cdom,$cnum) = split(':',$tail); 
 4223:     my (%lastaccess,$qresult);
 4224:     my $hashref = &tie_domain_hash($cdom, "nohist_courseids", &GDBM_WRCREAT());
 4225:     if ($hashref) {
 4226:         while (my ($key,$value) = each(%$hashref)) {
 4227:             my ($unesc_key,$lasttime);
 4228:             $unesc_key = &unescape($key);
 4229:             if ($cnum) {
 4230:                 next unless ($unesc_key =~ /\Q$cdom\E_\Q$cnum\E$/);
 4231:             }
 4232:             if ($unesc_key =~ /^lasttime:($LONCAPA::match_domain\_$LONCAPA::match_courseid)/) {
 4233:                 $lastaccess{$1} = $value;
 4234:             } else {
 4235:                 my $items = &Apache::lonnet::thaw_unescape($value);
 4236:                 if (ref($items) eq 'HASH') {
 4237:                     unless ($lastaccess{$unesc_key}) {
 4238:                         $lastaccess{$unesc_key} = '';
 4239:                     }
 4240:                 } else {
 4241:                     my @courseitems = split(':',$value);
 4242:                     $lastaccess{$unesc_key} = pop(@courseitems);
 4243:                 }
 4244:             }
 4245:         }
 4246:         foreach my $cid (sort(keys(%lastaccess))) {
 4247:             $qresult.=&escape($cid).'='.$lastaccess{$cid}.'&'; 
 4248:         }
 4249:         if (&untie_domain_hash($hashref)) {
 4250:             if ($qresult) {
 4251:                 chop($qresult);
 4252:             }
 4253:             &Reply($client, \$qresult, $userinput);
 4254:         } else {
 4255:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4256:                     "while attempting lastacourseaccess\n", $userinput);
 4257:         }
 4258:     } else {
 4259:         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4260:                 "while attempting lastcourseaccess\n", $userinput);
 4261:     }
 4262:     return 1;
 4263: }
 4264: &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
 4265: 
 4266: #
 4267: # Puts an unencrypted entry in a namespace db file at the domain level 
 4268: #
 4269: # Parameters:
 4270: #    $cmd      - The command that got us here.
 4271: #    $tail     - Tail of the command (remaining parameters).
 4272: #    $client   - File descriptor connected to client.
 4273: # Returns
 4274: #     0        - Requested to exit, caller should shut down.
 4275: #     1        - Continue processing.
 4276: #  Side effects:
 4277: #     reply is written to $client.
 4278: #
 4279: sub put_domain_handler {
 4280:     my ($cmd,$tail,$client) = @_;
 4281: 
 4282:     my $userinput = "$cmd:$tail";
 4283: 
 4284:     my ($udom,$namespace,$what) =split(/:/,$tail,3);
 4285:     chomp($what);
 4286:     my @pairs=split(/\&/,$what);
 4287:     my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_WRCREAT(),
 4288:                                    "P", $what);
 4289:     if ($hashref) {
 4290:         foreach my $pair (@pairs) {
 4291:             my ($key,$value)=split(/=/,$pair);
 4292:             $hashref->{$key}=$value;
 4293:         }
 4294:         if (&untie_domain_hash($hashref)) {
 4295:             &Reply($client, "ok\n", $userinput);
 4296:         } else {
 4297:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4298:                      "while attempting putdom\n", $userinput);
 4299:         }
 4300:     } else {
 4301:         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 4302:                   "while attempting putdom\n", $userinput);
 4303:     }
 4304: 
 4305:     return 1;
 4306: }
 4307: &register_handler("putdom", \&put_domain_handler, 0, 1, 0);
 4308: 
 4309: # Unencrypted get from the namespace database file at the domain level.
 4310: # This function retrieves a keyed item from a specific named database in the
 4311: # domain directory.
 4312: #
 4313: # Parameters:
 4314: #   $cmd             - Command request keyword (get).
 4315: #   $tail            - Tail of the command.  This is a colon separated list
 4316: #                      consisting of the domain and the 'namespace' 
 4317: #                      which selects the gdbm file to do the lookup in,
 4318: #                      & separated list of keys to lookup.  Note that
 4319: #                      the values are returned as an & separated list too.
 4320: #   $client          - File descriptor open on the client.
 4321: # Returns:
 4322: #   1       - Continue processing.
 4323: #   0       - Exit.
 4324: #  Side effects:
 4325: #     reply is written to $client.
 4326: #
 4327: 
 4328: sub get_domain_handler {
 4329:     my ($cmd, $tail, $client) = @_;
 4330: 
 4331: 
 4332:     my $userinput = "$client:$tail";
 4333: 
 4334:     my ($udom,$namespace,$what)=split(/:/,$tail,3);
 4335:     chomp($what);
 4336:     my @queries=split(/\&/,$what);
 4337:     my $qresult='';
 4338:     my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
 4339:     if ($hashref) {
 4340:         for (my $i=0;$i<=$#queries;$i++) {
 4341:             $qresult.="$hashref->{$queries[$i]}&";
 4342:         }
 4343:         if (&untie_domain_hash($hashref)) {
 4344:             $qresult=~s/\&$//;
 4345:             &Reply($client, \$qresult, $userinput);
 4346:         } else {
 4347:             &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
 4348:                       "while attempting getdom\n",$userinput);
 4349:         }
 4350:     } else {
 4351:         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4352:                  "while attempting getdom\n",$userinput);
 4353:     }
 4354: 
 4355:     return 1;
 4356: }
 4357: &register_handler("getdom", \&get_domain_handler, 0, 1, 0);
 4358: 
 4359: #
 4360: #  Puts an id to a domains id database. 
 4361: #
 4362: #  Parameters:
 4363: #   $cmd     - The command that triggered us.
 4364: #   $tail    - Remainder of the request other than the command. This is a 
 4365: #              colon separated list containing:
 4366: #              $domain  - The domain for which we are writing the id.
 4367: #              $pairs  - The id info to write... this is and & separated list
 4368: #                        of keyword=value.
 4369: #   $client  - Socket open on the client.
 4370: #  Returns:
 4371: #    1   - Continue processing.
 4372: #  Side effects:
 4373: #     reply is written to $client.
 4374: #
 4375: sub put_id_handler {
 4376:     my ($cmd,$tail,$client) = @_;
 4377: 
 4378: 
 4379:     my $userinput = "$cmd:$tail";
 4380: 
 4381:     my ($udom,$what)=split(/:/,$tail);
 4382:     chomp($what);
 4383:     my @pairs=split(/\&/,$what);
 4384:     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
 4385: 				   "P", $what);
 4386:     if ($hashref) {
 4387: 	foreach my $pair (@pairs) {
 4388: 	    my ($key,$value)=split(/=/,$pair);
 4389: 	    $hashref->{$key}=$value;
 4390: 	}
 4391: 	if (&untie_domain_hash($hashref)) {
 4392: 	    &Reply($client, "ok\n", $userinput);
 4393: 	} else {
 4394: 	    &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4395: 		     "while attempting idput\n", $userinput);
 4396: 	}
 4397:     } else {
 4398: 	&Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 4399: 		  "while attempting idput\n", $userinput);
 4400:     }
 4401: 
 4402:     return 1;
 4403: }
 4404: &register_handler("idput", \&put_id_handler, 0, 1, 0);
 4405: 
 4406: #
 4407: #  Retrieves a set of id values from the id database.
 4408: #  Returns an & separated list of results, one for each requested id to the
 4409: #  client.
 4410: #
 4411: # Parameters:
 4412: #   $cmd       - Command keyword that caused us to be dispatched.
 4413: #   $tail      - Tail of the command.  Consists of a colon separated:
 4414: #               domain - the domain whose id table we dump
 4415: #               ids      Consists of an & separated list of
 4416: #                        id keywords whose values will be fetched.
 4417: #                        nonexisting keywords will have an empty value.
 4418: #   $client    - Socket open on the client.
 4419: #
 4420: # Returns:
 4421: #    1 - indicating processing should continue.
 4422: # Side effects:
 4423: #   An & separated list of results is written to $client.
 4424: #
 4425: sub get_id_handler {
 4426:     my ($cmd, $tail, $client) = @_;
 4427: 
 4428:     
 4429:     my $userinput = "$client:$tail";
 4430:     
 4431:     my ($udom,$what)=split(/:/,$tail);
 4432:     chomp($what);
 4433:     my @queries=split(/\&/,$what);
 4434:     my $qresult='';
 4435:     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_READER());
 4436:     if ($hashref) {
 4437: 	for (my $i=0;$i<=$#queries;$i++) {
 4438: 	    $qresult.="$hashref->{$queries[$i]}&";
 4439: 	}
 4440: 	if (&untie_domain_hash($hashref)) {
 4441: 	    $qresult=~s/\&$//;
 4442: 	    &Reply($client, \$qresult, $userinput);
 4443: 	} else {
 4444: 	    &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
 4445: 		      "while attempting idget\n",$userinput);
 4446: 	}
 4447:     } else {
 4448: 	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4449: 		 "while attempting idget\n",$userinput);
 4450:     }
 4451:     
 4452:     return 1;
 4453: }
 4454: &register_handler("idget", \&get_id_handler, 0, 1, 0);
 4455: 
 4456: #   Deletes one or more ids in a domain's id database.
 4457: #
 4458: #   Parameters:
 4459: #       $cmd                  - Command keyword (iddel).
 4460: #       $tail                 - Command tail.  In this case a colon
 4461: #                               separated list containing:
 4462: #                               The domain for which we are deleting the id(s).
 4463: #                               &-separated list of id(s) to delete.
 4464: #       $client               - File open on client socket.
 4465: # Returns:
 4466: #     1   - Continue processing
 4467: #     0   - Exit server.
 4468: #     
 4469: #
 4470: 
 4471: sub del_id_handler {
 4472:     my ($cmd,$tail,$client) = @_;
 4473: 
 4474:     my $userinput = "$cmd:$tail";
 4475: 
 4476:     my ($udom,$what)=split(/:/,$tail);
 4477:     chomp($what);
 4478:     my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
 4479:                                    "D", $what);
 4480:     if ($hashref) {
 4481:         my @keys=split(/\&/,$what);
 4482:         foreach my $key (@keys) {
 4483:             delete($hashref->{$key});
 4484:         }
 4485:         if (&untie_user_hash($hashref)) {
 4486:             &Reply($client, "ok\n", $userinput);
 4487:         } else {
 4488:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4489:                     "while attempting iddel\n", $userinput);
 4490:         }
 4491:     } else {
 4492:         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 4493:                  "while attempting iddel\n", $userinput);
 4494:     }
 4495:     return 1;
 4496: }
 4497: &register_handler("iddel", \&del_id_handler, 0, 1, 0);
 4498: 
 4499: #
 4500: # Puts broadcast e-mail sent by Domain Coordinator in nohist_dcmail database 
 4501: #
 4502: # Parameters
 4503: #   $cmd       - Command keyword that caused us to be dispatched.
 4504: #   $tail      - Tail of the command.  Consists of a colon separated:
 4505: #               domain - the domain whose dcmail we are recording
 4506: #               email    Consists of key=value pair 
 4507: #                        where key is unique msgid
 4508: #                        and value is message (in XML)
 4509: #   $client    - Socket open on the client.
 4510: #
 4511: # Returns:
 4512: #    1 - indicating processing should continue.
 4513: # Side effects
 4514: #     reply is written to $client.
 4515: #
 4516: sub put_dcmail_handler {
 4517:     my ($cmd,$tail,$client) = @_;
 4518:     my $userinput = "$cmd:$tail";
 4519: 
 4520: 
 4521:     my ($udom,$what)=split(/:/,$tail);
 4522:     chomp($what);
 4523:     my $hashref = &tie_domain_hash($udom, "nohist_dcmail", &GDBM_WRCREAT());
 4524:     if ($hashref) {
 4525:         my ($key,$value)=split(/=/,$what);
 4526:         $hashref->{$key}=$value;
 4527:     }
 4528:     if (&untie_domain_hash($hashref)) {
 4529:         &Reply($client, "ok\n", $userinput);
 4530:     } else {
 4531:         &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4532:                  "while attempting dcmailput\n", $userinput);
 4533:     }
 4534:     return 1;
 4535: }
 4536: &register_handler("dcmailput", \&put_dcmail_handler, 0, 1, 0);
 4537: 
 4538: #
 4539: # Retrieves broadcast e-mail from nohist_dcmail database
 4540: # Returns to client an & separated list of key=value pairs,
 4541: # where key is msgid and value is message information.
 4542: #
 4543: # Parameters
 4544: #   $cmd       - Command keyword that caused us to be dispatched.
 4545: #   $tail      - Tail of the command.  Consists of a colon separated:
 4546: #               domain - the domain whose dcmail table we dump
 4547: #               startfilter - beginning of time window 
 4548: #               endfilter - end of time window
 4549: #               sendersfilter - & separated list of username:domain 
 4550: #                 for senders to search for.
 4551: #   $client    - Socket open on the client.
 4552: #
 4553: # Returns:
 4554: #    1 - indicating processing should continue.
 4555: # Side effects
 4556: #     reply (& separated list of msgid=messageinfo pairs) is 
 4557: #     written to $client.
 4558: #
 4559: sub dump_dcmail_handler {
 4560:     my ($cmd, $tail, $client) = @_;
 4561:                                                                                 
 4562:     my $userinput = "$cmd:$tail";
 4563:     my ($udom,$startfilter,$endfilter,$sendersfilter) = split(/:/,$tail);
 4564:     chomp($sendersfilter);
 4565:     my @senders = ();
 4566:     if (defined($startfilter)) {
 4567:         $startfilter=&unescape($startfilter);
 4568:     } else {
 4569:         $startfilter='.';
 4570:     }
 4571:     if (defined($endfilter)) {
 4572:         $endfilter=&unescape($endfilter);
 4573:     } else {
 4574:         $endfilter='.';
 4575:     }
 4576:     if (defined($sendersfilter)) {
 4577:         $sendersfilter=&unescape($sendersfilter);
 4578: 	@senders = map { &unescape($_) } split(/\&/,$sendersfilter);
 4579:     }
 4580: 
 4581:     my $qresult='';
 4582:     my $hashref = &tie_domain_hash($udom, "nohist_dcmail", &GDBM_WRCREAT());
 4583:     if ($hashref) {
 4584:         while (my ($key,$value) = each(%$hashref)) {
 4585:             my $match = 1;
 4586:             my ($timestamp,$subj,$uname,$udom) = 
 4587: 		split(/:/,&unescape(&unescape($key)),5); # yes, twice really
 4588:             $subj = &unescape($subj);
 4589:             unless ($startfilter eq '.' || !defined($startfilter)) {
 4590:                 if ($timestamp < $startfilter) {
 4591:                     $match = 0;
 4592:                 }
 4593:             }
 4594:             unless ($endfilter eq '.' || !defined($endfilter)) {
 4595:                 if ($timestamp > $endfilter) {
 4596:                     $match = 0;
 4597:                 }
 4598:             }
 4599:             unless (@senders < 1) {
 4600:                 unless (grep/^$uname:$udom$/,@senders) {
 4601:                     $match = 0;
 4602:                 }
 4603:             }
 4604:             if ($match == 1) {
 4605:                 $qresult.=$key.'='.$value.'&';
 4606:             }
 4607:         }
 4608:         if (&untie_domain_hash($hashref)) {
 4609:             chop($qresult);
 4610:             &Reply($client, \$qresult, $userinput);
 4611:         } else {
 4612:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4613:                     "while attempting dcmaildump\n", $userinput);
 4614:         }
 4615:     } else {
 4616:         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4617:                 "while attempting dcmaildump\n", $userinput);
 4618:     }
 4619:     return 1;
 4620: }
 4621: 
 4622: &register_handler("dcmaildump", \&dump_dcmail_handler, 0, 1, 0);
 4623: 
 4624: #
 4625: # Puts domain roles in nohist_domainroles database
 4626: #
 4627: # Parameters
 4628: #   $cmd       - Command keyword that caused us to be dispatched.
 4629: #   $tail      - Tail of the command.  Consists of a colon separated:
 4630: #               domain - the domain whose roles we are recording  
 4631: #               role -   Consists of key=value pair
 4632: #                        where key is unique role
 4633: #                        and value is start/end date information
 4634: #   $client    - Socket open on the client.
 4635: #
 4636: # Returns:
 4637: #    1 - indicating processing should continue.
 4638: # Side effects
 4639: #     reply is written to $client.
 4640: #
 4641: 
 4642: sub put_domainroles_handler {
 4643:     my ($cmd,$tail,$client) = @_;
 4644: 
 4645:     my $userinput = "$cmd:$tail";
 4646:     my ($udom,$what)=split(/:/,$tail);
 4647:     chomp($what);
 4648:     my @pairs=split(/\&/,$what);
 4649:     my $hashref = &tie_domain_hash($udom, "nohist_domainroles", &GDBM_WRCREAT());
 4650:     if ($hashref) {
 4651:         foreach my $pair (@pairs) {
 4652:             my ($key,$value)=split(/=/,$pair);
 4653:             $hashref->{$key}=$value;
 4654:         }
 4655:         if (&untie_domain_hash($hashref)) {
 4656:             &Reply($client, "ok\n", $userinput);
 4657:         } else {
 4658:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4659:                      "while attempting domroleput\n", $userinput);
 4660:         }
 4661:     } else {
 4662:         &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
 4663:                   "while attempting domroleput\n", $userinput);
 4664:     }
 4665:                                                                                   
 4666:     return 1;
 4667: }
 4668: 
 4669: &register_handler("domroleput", \&put_domainroles_handler, 0, 1, 0);
 4670: 
 4671: #
 4672: # Retrieves domain roles from nohist_domainroles database
 4673: # Returns to client an & separated list of key=value pairs,
 4674: # where key is role and value is start and end date information.
 4675: #
 4676: # Parameters
 4677: #   $cmd       - Command keyword that caused us to be dispatched.
 4678: #   $tail      - Tail of the command.  Consists of a colon separated:
 4679: #               domain - the domain whose domain roles table we dump
 4680: #   $client    - Socket open on the client.
 4681: #
 4682: # Returns:
 4683: #    1 - indicating processing should continue.
 4684: # Side effects
 4685: #     reply (& separated list of role=start/end info pairs) is
 4686: #     written to $client.
 4687: #
 4688: sub dump_domainroles_handler {
 4689:     my ($cmd, $tail, $client) = @_;
 4690:                                                                                            
 4691:     my $userinput = "$cmd:$tail";
 4692:     my ($udom,$startfilter,$endfilter,$rolesfilter) = split(/:/,$tail);
 4693:     chomp($rolesfilter);
 4694:     my @roles = ();
 4695:     if (defined($startfilter)) {
 4696:         $startfilter=&unescape($startfilter);
 4697:     } else {
 4698:         $startfilter='.';
 4699:     }
 4700:     if (defined($endfilter)) {
 4701:         $endfilter=&unescape($endfilter);
 4702:     } else {
 4703:         $endfilter='.';
 4704:     }
 4705:     if (defined($rolesfilter)) {
 4706:         $rolesfilter=&unescape($rolesfilter);
 4707: 	@roles = split(/\&/,$rolesfilter);
 4708:     }
 4709: 
 4710:     my $hashref = &tie_domain_hash($udom, "nohist_domainroles", &GDBM_WRCREAT());
 4711:     if ($hashref) {
 4712:         my $qresult = '';
 4713:         while (my ($key,$value) = each(%$hashref)) {
 4714:             my $match = 1;
 4715:             my ($end,$start) = split(/:/,&unescape($value));
 4716:             my ($trole,$uname,$udom,$runame,$rudom,$rsec) = split(/:/,&unescape($key));
 4717:             unless (@roles < 1) {
 4718:                 unless (grep/^\Q$trole\E$/,@roles) {
 4719:                     $match = 0;
 4720:                     next;
 4721:                 }
 4722:             }
 4723:             unless ($startfilter eq '.' || !defined($startfilter)) {
 4724:                 if ((defined($start)) && ($start >= $startfilter)) {
 4725:                     $match = 0;
 4726:                     next;
 4727:                 }
 4728:             }
 4729:             unless ($endfilter eq '.' || !defined($endfilter)) {
 4730:                 if ((defined($end)) && (($end > 0) && ($end <= $endfilter))) {
 4731:                     $match = 0;
 4732:                     next;
 4733:                 }
 4734:             }
 4735:             if ($match == 1) {
 4736:                 $qresult.=$key.'='.$value.'&';
 4737:             }
 4738:         }
 4739:         if (&untie_domain_hash($hashref)) {
 4740:             chop($qresult);
 4741:             &Reply($client, \$qresult, $userinput);
 4742:         } else {
 4743:             &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
 4744:                     "while attempting domrolesdump\n", $userinput);
 4745:         }
 4746:     } else {
 4747:         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
 4748:                 "while attempting domrolesdump\n", $userinput);
 4749:     }
 4750:     return 1;
 4751: }
 4752: 
 4753: &register_handler("domrolesdump", \&dump_domainroles_handler, 0, 1, 0);
 4754: 
 4755: 
 4756: #  Process the tmpput command I'm not sure what this does.. Seems to
 4757: #  create a file in the lonDaemons/tmp directory of the form $id.tmp
 4758: # where Id is the client's ip concatenated with a sequence number.
 4759: # The file will contain some value that is passed in.  Is this e.g.
 4760: # a login token?
 4761: #
 4762: # Parameters:
 4763: #    $cmd     - The command that got us dispatched.
 4764: #    $tail    - The remainder of the request following $cmd:
 4765: #               In this case this will be the contents of the file.
 4766: #    $client  - Socket connected to the client.
 4767: # Returns:
 4768: #    1 indicating processing can continue.
 4769: # Side effects:
 4770: #   A file is created in the local filesystem.
 4771: #   A reply is sent to the client.
 4772: sub tmp_put_handler {
 4773:     my ($cmd, $what, $client) = @_;
 4774: 
 4775:     my $userinput = "$cmd:$what";	# Reconstruct for logging.
 4776: 
 4777:     my ($record,$context) = split(/:/,$what);
 4778:     if ($context ne '') {
 4779:         chomp($context);
 4780:         $context = &unescape($context);
 4781:     }
 4782:     my ($id,$store);
 4783:     $tmpsnum++;
 4784:     if (($context eq 'resetpw') || ($context eq 'createaccount')) {
 4785:         $id = &md5_hex(&md5_hex(time.{}.rand().$$));
 4786:     } else {
 4787:         $id = $$.'_'.$clientip.'_'.$tmpsnum;
 4788:     }
 4789:     $id=~s/\W/\_/g;
 4790:     $record=~s/\n//g;
 4791:     my $execdir=$perlvar{'lonDaemons'};
 4792:     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
 4793: 	print $store $record;
 4794: 	close $store;
 4795: 	&Reply($client, \$id, $userinput);
 4796:     } else {
 4797: 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
 4798: 		  "while attempting tmpput\n", $userinput);
 4799:     }
 4800:     return 1;
 4801:   
 4802: }
 4803: &register_handler("tmpput", \&tmp_put_handler, 0, 1, 0);
 4804: 
 4805: #   Processes the tmpget command.  This command returns the contents
 4806: #  of a temporary resource file(?) created via tmpput.
 4807: #
 4808: # Paramters:
 4809: #    $cmd      - Command that got us dispatched.
 4810: #    $id       - Tail of the command, contain the id of the resource
 4811: #                we want to fetch.
 4812: #    $client   - socket open on the client.
 4813: # Return:
 4814: #    1         - Inidcating processing can continue.
 4815: # Side effects:
 4816: #   A reply is sent to the client.
 4817: #
 4818: sub tmp_get_handler {
 4819:     my ($cmd, $id, $client) = @_;
 4820: 
 4821:     my $userinput = "$cmd:$id"; 
 4822:     
 4823: 
 4824:     $id=~s/\W/\_/g;
 4825:     my $store;
 4826:     my $execdir=$perlvar{'lonDaemons'};
 4827:     if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
 4828: 	my $reply=<$store>;
 4829: 	&Reply( $client, \$reply, $userinput);
 4830: 	close $store;
 4831:     } else {
 4832: 	&Failure( $client, "error: ".($!+0)."IO::File->new Failed ".
 4833: 		  "while attempting tmpget\n", $userinput);
 4834:     }
 4835: 
 4836:     return 1;
 4837: }
 4838: &register_handler("tmpget", \&tmp_get_handler, 0, 1, 0);
 4839: 
 4840: #
 4841: #  Process the tmpdel command.  This command deletes a temp resource
 4842: #  created by the tmpput command.
 4843: #
 4844: # Parameters:
 4845: #   $cmd      - Command that got us here.
 4846: #   $id       - Id of the temporary resource created.
 4847: #   $client   - socket open on the client process.
 4848: #
 4849: # Returns:
 4850: #   1     - Indicating processing should continue.
 4851: # Side Effects:
 4852: #   A file is deleted
 4853: #   A reply is sent to the client.
 4854: sub tmp_del_handler {
 4855:     my ($cmd, $id, $client) = @_;
 4856:     
 4857:     my $userinput= "$cmd:$id";
 4858:     
 4859:     chomp($id);
 4860:     $id=~s/\W/\_/g;
 4861:     my $execdir=$perlvar{'lonDaemons'};
 4862:     if (unlink("$execdir/tmp/$id.tmp")) {
 4863: 	&Reply($client, "ok\n", $userinput);
 4864:     } else {
 4865: 	&Failure( $client, "error: ".($!+0)."Unlink tmp Failed ".
 4866: 		  "while attempting tmpdel\n", $userinput);
 4867:     }
 4868:     
 4869:     return 1;
 4870: 
 4871: }
 4872: &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
 4873: 
 4874: #
 4875: #   Processes the setannounce command.  This command
 4876: #   creates a file named announce.txt in the top directory of
 4877: #   the documentn root and sets its contents.  The announce.txt file is
 4878: #   printed in its entirety at the LonCAPA login page.  Note:
 4879: #   once the announcement.txt fileis created it cannot be deleted.
 4880: #   However, setting the contents of the file to empty removes the
 4881: #   announcement from the login page of loncapa so who cares.
 4882: #
 4883: # Parameters:
 4884: #    $cmd          - The command that got us dispatched.
 4885: #    $announcement - The text of the announcement.
 4886: #    $client       - Socket open on the client process.
 4887: # Retunrns:
 4888: #   1             - Indicating request processing should continue
 4889: # Side Effects:
 4890: #   The file {DocRoot}/announcement.txt is created.
 4891: #   A reply is sent to $client.
 4892: #
 4893: sub set_announce_handler {
 4894:     my ($cmd, $announcement, $client) = @_;
 4895:   
 4896:     my $userinput    = "$cmd:$announcement";
 4897: 
 4898:     chomp($announcement);
 4899:     $announcement=&unescape($announcement);
 4900:     if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
 4901: 				'/announcement.txt')) {
 4902: 	print $store $announcement;
 4903: 	close $store;
 4904: 	&Reply($client, "ok\n", $userinput);
 4905:     } else {
 4906: 	&Failure($client, "error: ".($!+0)."\n", $userinput);
 4907:     }
 4908: 
 4909:     return 1;
 4910: }
 4911: &register_handler("setannounce", \&set_announce_handler, 0, 1, 0);
 4912: 
 4913: #
 4914: #  Return the version of the daemon.  This can be used to determine
 4915: #  the compatibility of cross version installations or, alternatively to
 4916: #  simply know who's out of date and who isn't.  Note that the version
 4917: #  is returned concatenated with the tail.
 4918: # Parameters:
 4919: #   $cmd        - the request that dispatched to us.
 4920: #   $tail       - Tail of the request (client's version?).
 4921: #   $client     - Socket open on the client.
 4922: #Returns:
 4923: #   1 - continue processing requests.
 4924: # Side Effects:
 4925: #   Replies with version to $client.
 4926: sub get_version_handler {
 4927:     my ($cmd, $tail, $client) = @_;
 4928: 
 4929:     my $userinput  = $cmd.$tail;
 4930:     
 4931:     &Reply($client, &version($userinput)."\n", $userinput);
 4932: 
 4933: 
 4934:     return 1;
 4935: }
 4936: &register_handler("version", \&get_version_handler, 0, 1, 0);
 4937: 
 4938: #  Set the current host and domain.  This is used to support
 4939: #  multihomed systems.  Each IP of the system, or even separate daemons
 4940: #  on the same IP can be treated as handling a separate lonCAPA virtual
 4941: #  machine.  This command selects the virtual lonCAPA.  The client always
 4942: #  knows the right one since it is lonc and it is selecting the domain/system
 4943: #  from the hosts.tab file.
 4944: # Parameters:
 4945: #    $cmd      - Command that dispatched us.
 4946: #    $tail     - Tail of the command (domain/host requested).
 4947: #    $socket   - Socket open on the client.
 4948: #
 4949: # Returns:
 4950: #     1   - Indicates the program should continue to process requests.
 4951: # Side-effects:
 4952: #     The default domain/system context is modified for this daemon.
 4953: #     a reply is sent to the client.
 4954: #
 4955: sub set_virtual_host_handler {
 4956:     my ($cmd, $tail, $socket) = @_;
 4957:   
 4958:     my $userinput  ="$cmd:$tail";
 4959: 
 4960:     &Reply($client, &sethost($userinput)."\n", $userinput);
 4961: 
 4962: 
 4963:     return 1;
 4964: }
 4965: &register_handler("sethost", \&set_virtual_host_handler, 0, 1, 0);
 4966: 
 4967: #  Process a request to exit:
 4968: #   - "bye" is sent to the client.
 4969: #   - The client socket is shutdown and closed.
 4970: #   - We indicate to the caller that we should exit.
 4971: # Formal Parameters:
 4972: #   $cmd                - The command that got us here.
 4973: #   $tail               - Tail of the command (empty).
 4974: #   $client             - Socket open on the tail.
 4975: # Returns:
 4976: #   0      - Indicating the program should exit!!
 4977: #
 4978: sub exit_handler {
 4979:     my ($cmd, $tail, $client) = @_;
 4980: 
 4981:     my $userinput = "$cmd:$tail";
 4982: 
 4983:     &logthis("Client $clientip ($clientname) hanging up: $userinput");
 4984:     &Reply($client, "bye\n", $userinput);
 4985:     $client->shutdown(2);        # shutdown the socket forcibly.
 4986:     $client->close();
 4987: 
 4988:     return 0;
 4989: }
 4990: &register_handler("exit", \&exit_handler, 0,1,1);
 4991: &register_handler("init", \&exit_handler, 0,1,1);
 4992: &register_handler("quit", \&exit_handler, 0,1,1);
 4993: 
 4994: #  Determine if auto-enrollment is enabled.
 4995: #  Note that the original had what I believe to be a defect.
 4996: #  The original returned 0 if the requestor was not a registerd client.
 4997: #  It should return "refused".
 4998: # Formal Parameters:
 4999: #   $cmd       - The command that invoked us.
 5000: #   $tail      - The tail of the command (Extra command parameters.
 5001: #   $client    - The socket open on the client that issued the request.
 5002: # Returns:
 5003: #    1         - Indicating processing should continue.
 5004: #
 5005: sub enrollment_enabled_handler {
 5006:     my ($cmd, $tail, $client) = @_;
 5007:     my $userinput = $cmd.":".$tail; # For logging purposes.
 5008: 
 5009:     
 5010:     my ($cdom) = split(/:/, $tail, 2);   # Domain we're asking about.
 5011: 
 5012:     my $outcome  = &localenroll::run($cdom);
 5013:     &Reply($client, \$outcome, $userinput);
 5014: 
 5015:     return 1;
 5016: }
 5017: &register_handler("autorun", \&enrollment_enabled_handler, 0, 1, 0);
 5018: 
 5019: #
 5020: #   Validate an institutional code used for a LON-CAPA course.          
 5021: #
 5022: # Formal Parameters:
 5023: #   $cmd          - The command request that got us dispatched.
 5024: #   $tail         - The tail of the command.  In this case,
 5025: #                   this is a colon separated set of words that will be split
 5026: #                   into:
 5027: #                        $dom      - The domain for which the check of 
 5028: #                                    institutional course code will occur.
 5029: #
 5030: #                        $instcode - The institutional code for the course
 5031: #                                    being requested, or validated for rights
 5032: #                                    to request.
 5033: #
 5034: #                        $owner    - The course requestor (who will be the
 5035: #                                    course owner, in the form username:domain
 5036: #
 5037: #   $client       - Socket open on the client.
 5038: # Returns:
 5039: #    1           - Indicating processing should continue.
 5040: #
 5041: sub validate_instcode_handler {
 5042:     my ($cmd, $tail, $client) = @_;
 5043:     my $userinput = "$cmd:$tail";
 5044:     my ($dom,$instcode,$owner) = split(/:/, $tail);
 5045:     $instcode = &unescape($instcode);
 5046:     $owner = &unescape($owner);
 5047:     my ($outcome,$description,$credits) = 
 5048:         &localenroll::validate_instcode($dom,$instcode,$owner);
 5049:     my $result = &escape($outcome).'&'.&escape($description).'&'.
 5050:                  &escape($credits);
 5051:     &Reply($client, \$result, $userinput);
 5052: 
 5053:     return 1;
 5054: }
 5055: &register_handler("autovalidateinstcode", \&validate_instcode_handler, 0, 1, 0);
 5056: 
 5057: #   Get the official sections for which auto-enrollment is possible.
 5058: #   Since the admin people won't know about 'unofficial sections' 
 5059: #   we cannot auto-enroll on them.
 5060: # Formal Parameters:
 5061: #    $cmd     - The command request that got us dispatched here.
 5062: #    $tail    - The remainder of the request.  In our case this
 5063: #               will be split into:
 5064: #               $coursecode   - The course name from the admin point of view.
 5065: #               $cdom         - The course's domain(?).
 5066: #    $client  - Socket open on the client.
 5067: # Returns:
 5068: #    1    - Indiciting processing should continue.
 5069: #
 5070: sub get_sections_handler {
 5071:     my ($cmd, $tail, $client) = @_;
 5072:     my $userinput = "$cmd:$tail";
 5073: 
 5074:     my ($coursecode, $cdom) = split(/:/, $tail);
 5075:     my @secs = &localenroll::get_sections($coursecode,$cdom);
 5076:     my $seclist = &escape(join(':',@secs));
 5077: 
 5078:     &Reply($client, \$seclist, $userinput);
 5079:     
 5080: 
 5081:     return 1;
 5082: }
 5083: &register_handler("autogetsections", \&get_sections_handler, 0, 1, 0);
 5084: 
 5085: #   Validate the owner of a new course section.  
 5086: #
 5087: # Formal Parameters:
 5088: #   $cmd      - Command that got us dispatched.
 5089: #   $tail     - the remainder of the command.  For us this consists of a
 5090: #               colon separated string containing:
 5091: #                  $inst    - Course Id from the institutions point of view.
 5092: #                  $owner   - Proposed owner of the course.
 5093: #                  $cdom    - Domain of the course (from the institutions
 5094: #                             point of view?)..
 5095: #   $client   - Socket open on the client.
 5096: #
 5097: # Returns:
 5098: #   1        - Processing should continue.
 5099: #
 5100: sub validate_course_owner_handler {
 5101:     my ($cmd, $tail, $client)  = @_;
 5102:     my $userinput = "$cmd:$tail";
 5103:     my ($inst_course_id, $owner, $cdom, $coowners) = split(/:/, $tail);
 5104:     
 5105:     $owner = &unescape($owner);
 5106:     $coowners = &unescape($coowners);
 5107:     my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom,$coowners);
 5108:     &Reply($client, \$outcome, $userinput);
 5109: 
 5110: 
 5111: 
 5112:     return 1;
 5113: }
 5114: &register_handler("autonewcourse", \&validate_course_owner_handler, 0, 1, 0);
 5115: 
 5116: #
 5117: #   Validate a course section in the official schedule of classes
 5118: #   from the institutions point of view (part of autoenrollment).
 5119: #
 5120: # Formal Parameters:
 5121: #   $cmd          - The command request that got us dispatched.
 5122: #   $tail         - The tail of the command.  In this case,
 5123: #                   this is a colon separated set of words that will be split
 5124: #                   into:
 5125: #                        $inst_course_id - The course/section id from the
 5126: #                                          institutions point of view.
 5127: #                        $cdom           - The domain from the institutions
 5128: #                                          point of view.
 5129: #   $client       - Socket open on the client.
 5130: # Returns:
 5131: #    1           - Indicating processing should continue.
 5132: #
 5133: sub validate_course_section_handler {
 5134:     my ($cmd, $tail, $client) = @_;
 5135:     my $userinput = "$cmd:$tail";
 5136:     my ($inst_course_id, $cdom) = split(/:/, $tail);
 5137: 
 5138:     my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
 5139:     &Reply($client, \$outcome, $userinput);
 5140: 
 5141: 
 5142:     return 1;
 5143: }
 5144: &register_handler("autovalidatecourse", \&validate_course_section_handler, 0, 1, 0);
 5145: 
 5146: #
 5147: #   Validate course owner's access to enrollment data for specific class section. 
 5148: #   
 5149: #
 5150: # Formal Parameters:
 5151: #    $cmd     - The command request that got us dispatched.
 5152: #    $tail    - The tail of the command.   In this case this is a colon separated
 5153: #               set of words that will be split into:
 5154: #               $inst_class  - Institutional code for the specific class section   
 5155: #               $courseowner - The escaped username:domain of the course owner 
 5156: #               $cdom        - The domain of the course from the institution's
 5157: #                              point of view.
 5158: #    $client  - The socket open on the client.
 5159: # Returns:
 5160: #    1 - continue processing.
 5161: #
 5162: 
 5163: sub validate_class_access_handler {
 5164:     my ($cmd, $tail, $client) = @_;
 5165:     my $userinput = "$cmd:$tail";
 5166:     my ($inst_class,$ownerlist,$cdom) = split(/:/, $tail);
 5167:     my $owners = &unescape($ownerlist);
 5168:     my $outcome;
 5169:     eval {
 5170: 	local($SIG{__DIE__})='DEFAULT';
 5171: 	$outcome=&localenroll::check_section($inst_class,$owners,$cdom);
 5172:     };
 5173:     &Reply($client,\$outcome, $userinput);
 5174: 
 5175:     return 1;
 5176: }
 5177: &register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);
 5178: 
 5179: #
 5180: #   Create a password for a new LON-CAPA user added by auto-enrollment.
 5181: #   Only used for case where authentication method for new user is localauth
 5182: #
 5183: # Formal Parameters:
 5184: #    $cmd     - The command request that got us dispatched.
 5185: #    $tail    - The tail of the command.   In this case this is a colon separated
 5186: #               set of words that will be split into:
 5187: #               $authparam - An authentication parameter (localauth parameter).
 5188: #               $cdom      - The domain of the course from the institution's
 5189: #                            point of view.
 5190: #    $client  - The socket open on the client.
 5191: # Returns:
 5192: #    1 - continue processing.
 5193: #
 5194: sub create_auto_enroll_password_handler {
 5195:     my ($cmd, $tail, $client) = @_;
 5196:     my $userinput = "$cmd:$tail";
 5197: 
 5198:     my ($authparam, $cdom) = split(/:/, $userinput);
 5199: 
 5200:     my ($create_passwd,$authchk);
 5201:     ($authparam,
 5202:      $create_passwd,
 5203:      $authchk) = &localenroll::create_password($authparam,$cdom);
 5204: 
 5205:     &Reply($client, &escape($authparam.':'.$create_passwd.':'.$authchk)."\n",
 5206: 	   $userinput);
 5207: 
 5208: 
 5209:     return 1;
 5210: }
 5211: &register_handler("autocreatepassword", \&create_auto_enroll_password_handler, 
 5212: 		  0, 1, 0);
 5213: 
 5214: #   Retrieve and remove temporary files created by/during autoenrollment.
 5215: #
 5216: # Formal Parameters:
 5217: #    $cmd      - The command that got us dispatched.
 5218: #    $tail     - The tail of the command.  In our case this is a colon 
 5219: #                separated list that will be split into:
 5220: #                $filename - The name of the file to remove.
 5221: #                            The filename is given as a path relative to
 5222: #                            the LonCAPA temp file directory.
 5223: #    $client   - Socket open on the client.
 5224: #
 5225: # Returns:
 5226: #   1     - Continue processing.
 5227: sub retrieve_auto_file_handler {
 5228:     my ($cmd, $tail, $client)    = @_;
 5229:     my $userinput                = "cmd:$tail";
 5230: 
 5231:     my ($filename)   = split(/:/, $tail);
 5232: 
 5233:     my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
 5234:     if ( (-e $source) && ($filename ne '') ) {
 5235: 	my $reply = '';
 5236: 	if (open(my $fh,$source)) {
 5237: 	    while (<$fh>) {
 5238: 		chomp($_);
 5239: 		$_ =~ s/^\s+//g;
 5240: 		$_ =~ s/\s+$//g;
 5241: 		$reply .= $_;
 5242: 	    }
 5243: 	    close($fh);
 5244: 	    &Reply($client, &escape($reply)."\n", $userinput);
 5245: 
 5246: #   Does this have to be uncommented??!?  (RF).
 5247: #
 5248: #                                unlink($source);
 5249: 	} else {
 5250: 	    &Failure($client, "error\n", $userinput);
 5251: 	}
 5252:     } else {
 5253: 	&Failure($client, "error\n", $userinput);
 5254:     }
 5255:     
 5256: 
 5257:     return 1;
 5258: }
 5259: &register_handler("autoretrieve", \&retrieve_auto_file_handler, 0,1,0);
 5260: 
 5261: sub crsreq_checks_handler {
 5262:     my ($cmd, $tail, $client) = @_;
 5263:     my $userinput = "$cmd:$tail";
 5264:     my $dom = $tail;
 5265:     my $result;
 5266:     my @reqtypes = ('official','unofficial','community');
 5267:     eval {
 5268:         local($SIG{__DIE__})='DEFAULT';
 5269:         my %validations;
 5270:         my $response = &localenroll::crsreq_checks($dom,\@reqtypes,
 5271:                                                    \%validations);
 5272:         if ($response eq 'ok') { 
 5273:             foreach my $key (keys(%validations)) {
 5274:                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&';
 5275:             }
 5276:             $result =~ s/\&$//;
 5277:         } else {
 5278:             $result = 'error';
 5279:         }
 5280:     };
 5281:     if (!$@) {
 5282:         &Reply($client, \$result, $userinput);
 5283:     } else {
 5284:         &Failure($client,"unknown_cmd\n",$userinput);
 5285:     }
 5286:     return 1;
 5287: }
 5288: &register_handler("autocrsreqchecks", \&crsreq_checks_handler, 0, 1, 0);
 5289: 
 5290: sub validate_crsreq_handler {
 5291:     my ($cmd, $tail, $client) = @_;
 5292:     my $userinput = "$cmd:$tail";
 5293:     my ($dom,$owner,$crstype,$inststatuslist,$instcode,$instseclist) = split(/:/, $tail);
 5294:     $instcode = &unescape($instcode);
 5295:     $owner = &unescape($owner);
 5296:     $crstype = &unescape($crstype);
 5297:     $inststatuslist = &unescape($inststatuslist);
 5298:     $instcode = &unescape($instcode);
 5299:     $instseclist = &unescape($instseclist);
 5300:     my $outcome;
 5301:     eval {
 5302:         local($SIG{__DIE__})='DEFAULT';
 5303:         $outcome = &localenroll::validate_crsreq($dom,$owner,$crstype,
 5304:                                                  $inststatuslist,$instcode,
 5305:                                                  $instseclist);
 5306:     };
 5307:     if (!$@) {
 5308:         &Reply($client, \$outcome, $userinput);
 5309:     } else {
 5310:         &Failure($client,"unknown_cmd\n",$userinput);
 5311:     }
 5312:     return 1;
 5313: }
 5314: &register_handler("autocrsreqvalidation", \&validate_crsreq_handler, 0, 1, 0);
 5315: 
 5316: sub crsreq_update_handler {
 5317:     my ($cmd, $tail, $client) = @_;
 5318:     my $userinput = "$cmd:$tail";
 5319:     my ($cdom,$cnum,$crstype,$action,$ownername,$ownerdomain,$fullname,$title,$code,$infohashref) =
 5320:         split(/:/, $tail);
 5321:     $crstype = &unescape($crstype);
 5322:     $action = &unescape($action);
 5323:     $ownername = &unescape($ownername);
 5324:     $ownerdomain = &unescape($ownerdomain);
 5325:     $fullname = &unescape($fullname);
 5326:     $title = &unescape($title);
 5327:     $code = &unescape($code);
 5328:     my $incoming = &Apache::lonnet::thaw_unescape($infohashref);
 5329:     my ($result,$outcome);
 5330:     eval {
 5331:         local($SIG{__DIE__})='DEFAULT';
 5332:         my %rtnhash;
 5333:         $outcome = &localenroll::crsreq_updates($cdom,$cnum,$crstype,$action,
 5334:                                                 $ownername,$ownerdomain,$fullname,
 5335:                                                 $title,$code,$incoming,\%rtnhash);
 5336:         if ($outcome eq 'ok') {
 5337:             my @posskeys = qw(createdweb createdmsg queuedweb queuedmsg formitems reviewweb);
 5338:             foreach my $key (keys(%rtnhash)) {
 5339:                 if (grep(/^\Q$key\E/,@posskeys)) {
 5340:                     $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rtnhash{$key}).'&';
 5341:                 }
 5342:             }
 5343:             $result =~ s/\&$//;
 5344:         }
 5345:     };
 5346:     if (!$@) {
 5347:         if ($outcome eq 'ok') {
 5348:             &Reply($client, \$result, $userinput);
 5349:         } else {
 5350:             &Reply($client, "format_error\n", $userinput);
 5351:         }
 5352:     } else {
 5353:         &Failure($client,"unknown_cmd\n",$userinput);
 5354:     }
 5355:     return 1;
 5356: }
 5357: &register_handler("autocrsrequpdate", \&crsreq_update_handler, 0, 1, 0);
 5358: 
 5359: #
 5360: #   Read and retrieve institutional code format (for support form).
 5361: # Formal Parameters:
 5362: #    $cmd        - Command that dispatched us.
 5363: #    $tail       - Tail of the command.  In this case it conatins 
 5364: #                  the course domain and the coursename.
 5365: #    $client     - Socket open on the client.
 5366: # Returns:
 5367: #    1     - Continue processing.
 5368: #
 5369: sub get_institutional_code_format_handler {
 5370:     my ($cmd, $tail, $client)   = @_;
 5371:     my $userinput               = "$cmd:$tail";
 5372: 
 5373:     my $reply;
 5374:     my($cdom,$course) = split(/:/,$tail);
 5375:     my @pairs = split/\&/,$course;
 5376:     my %instcodes = ();
 5377:     my %codes = ();
 5378:     my @codetitles = ();
 5379:     my %cat_titles = ();
 5380:     my %cat_order = ();
 5381:     foreach (@pairs) {
 5382: 	my ($key,$value) = split/=/,$_;
 5383: 	$instcodes{&unescape($key)} = &unescape($value);
 5384:     }
 5385:     my $formatreply = &localenroll::instcode_format($cdom,
 5386: 						    \%instcodes,
 5387: 						    \%codes,
 5388: 						    \@codetitles,
 5389: 						    \%cat_titles,
 5390: 						    \%cat_order);
 5391:     if ($formatreply eq 'ok') {
 5392: 	my $codes_str = &Apache::lonnet::hash2str(%codes);
 5393: 	my $codetitles_str = &Apache::lonnet::array2str(@codetitles);
 5394: 	my $cat_titles_str = &Apache::lonnet::hash2str(%cat_titles);
 5395: 	my $cat_order_str = &Apache::lonnet::hash2str(%cat_order);
 5396: 	&Reply($client,
 5397: 	       $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'
 5398: 	       .$cat_order_str."\n",
 5399: 	       $userinput);
 5400:     } else {
 5401: 	# this else branch added by RF since if not ok, lonc will
 5402: 	# hang waiting on reply until timeout.
 5403: 	#
 5404: 	&Reply($client, "format_error\n", $userinput);
 5405:     }
 5406:     
 5407:     return 1;
 5408: }
 5409: &register_handler("autoinstcodeformat",
 5410: 		  \&get_institutional_code_format_handler,0,1,0);
 5411: 
 5412: sub get_institutional_defaults_handler {
 5413:     my ($cmd, $tail, $client)   = @_;
 5414:     my $userinput               = "$cmd:$tail";
 5415: 
 5416:     my $dom = $tail;
 5417:     my %defaults_hash;
 5418:     my @code_order;
 5419:     my $outcome;
 5420:     eval {
 5421:         local($SIG{__DIE__})='DEFAULT';
 5422:         $outcome = &localenroll::instcode_defaults($dom,\%defaults_hash,
 5423:                                                    \@code_order);
 5424:     };
 5425:     if (!$@) {
 5426:         if ($outcome eq 'ok') {
 5427:             my $result='';
 5428:             while (my ($key,$value) = each(%defaults_hash)) {
 5429:                 $result.=&escape($key).'='.&escape($value).'&';
 5430:             }
 5431:             $result .= 'code_order='.&escape(join('&',@code_order));
 5432:             &Reply($client,\$result,$userinput);
 5433:         } else {
 5434:             &Reply($client,"error\n", $userinput);
 5435:         }
 5436:     } else {
 5437:         &Failure($client,"unknown_cmd\n",$userinput);
 5438:     }
 5439: }
 5440: &register_handler("autoinstcodedefaults",
 5441:                   \&get_institutional_defaults_handler,0,1,0);
 5442: 
 5443: sub get_possible_instcodes_handler {
 5444:     my ($cmd, $tail, $client)   = @_;
 5445:     my $userinput               = "$cmd:$tail";
 5446: 
 5447:     my $reply;
 5448:     my $cdom = $tail;
 5449:     my (@codetitles,%cat_titles,%cat_order,@code_order);
 5450:     my $formatreply = &localenroll::possible_instcodes($cdom,
 5451:                                                        \@codetitles,
 5452:                                                        \%cat_titles,
 5453:                                                        \%cat_order,
 5454:                                                        \@code_order);
 5455:     if ($formatreply eq 'ok') {
 5456:         my $result = join('&',map {&escape($_);} (@codetitles)).':';
 5457:         $result .= join('&',map {&escape($_);} (@code_order)).':';
 5458:         foreach my $key (keys(%cat_titles)) {
 5459:             $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($cat_titles{$key}).'&';
 5460:         }
 5461:         $result =~ s/\&$//;
 5462:         $result .= ':';
 5463:         foreach my $key (keys(%cat_order)) {
 5464:             $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($cat_order{$key}).'&';
 5465:         }
 5466:         $result =~ s/\&$//;
 5467:         &Reply($client,\$result,$userinput);
 5468:     } else {
 5469:         &Reply($client, "format_error\n", $userinput);
 5470:     }
 5471:     return 1;
 5472: }
 5473: &register_handler("autopossibleinstcodes",
 5474:                   \&get_possible_instcodes_handler,0,1,0);
 5475: 
 5476: sub get_institutional_user_rules {
 5477:     my ($cmd, $tail, $client)   = @_;
 5478:     my $userinput               = "$cmd:$tail";
 5479:     my $dom = &unescape($tail);
 5480:     my (%rules_hash,@rules_order);
 5481:     my $outcome;
 5482:     eval {
 5483:         local($SIG{__DIE__})='DEFAULT';
 5484:         $outcome = &localenroll::username_rules($dom,\%rules_hash,\@rules_order);
 5485:     };
 5486:     if (!$@) {
 5487:         if ($outcome eq 'ok') {
 5488:             my $result;
 5489:             foreach my $key (keys(%rules_hash)) {
 5490:                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
 5491:             }
 5492:             $result =~ s/\&$//;
 5493:             $result .= ':';
 5494:             if (@rules_order > 0) {
 5495:                 foreach my $item (@rules_order) {
 5496:                     $result .= &escape($item).'&';
 5497:                 }
 5498:             }
 5499:             $result =~ s/\&$//;
 5500:             &Reply($client,\$result,$userinput);
 5501:         } else {
 5502:             &Reply($client,"error\n", $userinput);
 5503:         }
 5504:     } else {
 5505:         &Failure($client,"unknown_cmd\n",$userinput);
 5506:     }
 5507: }
 5508: &register_handler("instuserrules",\&get_institutional_user_rules,0,1,0);
 5509: 
 5510: sub get_institutional_id_rules {
 5511:     my ($cmd, $tail, $client)   = @_;
 5512:     my $userinput               = "$cmd:$tail";
 5513:     my $dom = &unescape($tail);
 5514:     my (%rules_hash,@rules_order);
 5515:     my $outcome;
 5516:     eval {
 5517:         local($SIG{__DIE__})='DEFAULT';
 5518:         $outcome = &localenroll::id_rules($dom,\%rules_hash,\@rules_order);
 5519:     };
 5520:     if (!$@) {
 5521:         if ($outcome eq 'ok') {
 5522:             my $result;
 5523:             foreach my $key (keys(%rules_hash)) {
 5524:                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
 5525:             }
 5526:             $result =~ s/\&$//;
 5527:             $result .= ':';
 5528:             if (@rules_order > 0) {
 5529:                 foreach my $item (@rules_order) {
 5530:                     $result .= &escape($item).'&';
 5531:                 }
 5532:             }
 5533:             $result =~ s/\&$//;
 5534:             &Reply($client,\$result,$userinput);
 5535:         } else {
 5536:             &Reply($client,"error\n", $userinput);
 5537:         }
 5538:     } else {
 5539:         &Failure($client,"unknown_cmd\n",$userinput);
 5540:     }
 5541: }
 5542: &register_handler("instidrules",\&get_institutional_id_rules,0,1,0);
 5543: 
 5544: sub get_institutional_selfcreate_rules {
 5545:     my ($cmd, $tail, $client)   = @_;
 5546:     my $userinput               = "$cmd:$tail";
 5547:     my $dom = &unescape($tail);
 5548:     my (%rules_hash,@rules_order);
 5549:     my $outcome;
 5550:     eval {
 5551:         local($SIG{__DIE__})='DEFAULT';
 5552:         $outcome = &localenroll::selfcreate_rules($dom,\%rules_hash,\@rules_order);
 5553:     };
 5554:     if (!$@) {
 5555:         if ($outcome eq 'ok') {
 5556:             my $result;
 5557:             foreach my $key (keys(%rules_hash)) {
 5558:                 $result .= &escape($key).'='.&Apache::lonnet::freeze_escape($rules_hash{$key}).'&';
 5559:             }
 5560:             $result =~ s/\&$//;
 5561:             $result .= ':';
 5562:             if (@rules_order > 0) {
 5563:                 foreach my $item (@rules_order) {
 5564:                     $result .= &escape($item).'&';
 5565:                 }
 5566:             }
 5567:             $result =~ s/\&$//;
 5568:             &Reply($client,\$result,$userinput);
 5569:         } else {
 5570:             &Reply($client,"error\n", $userinput);
 5571:         }
 5572:     } else {
 5573:         &Failure($client,"unknown_cmd\n",$userinput);
 5574:     }
 5575: }
 5576: &register_handler("instemailrules",\&get_institutional_selfcreate_rules,0,1,0);
 5577: 
 5578: 
 5579: sub institutional_username_check {
 5580:     my ($cmd, $tail, $client)   = @_;
 5581:     my $userinput               = "$cmd:$tail";
 5582:     my %rulecheck;
 5583:     my $outcome;
 5584:     my ($udom,$uname,@rules) = split(/:/,$tail);
 5585:     $udom = &unescape($udom);
 5586:     $uname = &unescape($uname);
 5587:     @rules = map {&unescape($_);} (@rules);
 5588:     eval {
 5589:         local($SIG{__DIE__})='DEFAULT';
 5590:         $outcome = &localenroll::username_check($udom,$uname,\@rules,\%rulecheck);
 5591:     };
 5592:     if (!$@) {
 5593:         if ($outcome eq 'ok') {
 5594:             my $result='';
 5595:             foreach my $key (keys(%rulecheck)) {
 5596:                 $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
 5597:             }
 5598:             &Reply($client,\$result,$userinput);
 5599:         } else {
 5600:             &Reply($client,"error\n", $userinput);
 5601:         }
 5602:     } else {
 5603:         &Failure($client,"unknown_cmd\n",$userinput);
 5604:     }
 5605: }
 5606: &register_handler("instrulecheck",\&institutional_username_check,0,1,0);
 5607: 
 5608: sub institutional_id_check {
 5609:     my ($cmd, $tail, $client)   = @_;
 5610:     my $userinput               = "$cmd:$tail";
 5611:     my %rulecheck;
 5612:     my $outcome;
 5613:     my ($udom,$id,@rules) = split(/:/,$tail);
 5614:     $udom = &unescape($udom);
 5615:     $id = &unescape($id);
 5616:     @rules = map {&unescape($_);} (@rules);
 5617:     eval {
 5618:         local($SIG{__DIE__})='DEFAULT';
 5619:         $outcome = &localenroll::id_check($udom,$id,\@rules,\%rulecheck);
 5620:     };
 5621:     if (!$@) {
 5622:         if ($outcome eq 'ok') {
 5623:             my $result='';
 5624:             foreach my $key (keys(%rulecheck)) {
 5625:                 $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
 5626:             }
 5627:             &Reply($client,\$result,$userinput);
 5628:         } else {
 5629:             &Reply($client,"error\n", $userinput);
 5630:         }
 5631:     } else {
 5632:         &Failure($client,"unknown_cmd\n",$userinput);
 5633:     }
 5634: }
 5635: &register_handler("instidrulecheck",\&institutional_id_check,0,1,0);
 5636: 
 5637: sub institutional_selfcreate_check {
 5638:     my ($cmd, $tail, $client)   = @_;
 5639:     my $userinput               = "$cmd:$tail";
 5640:     my %rulecheck;
 5641:     my $outcome;
 5642:     my ($udom,$email,@rules) = split(/:/,$tail);
 5643:     $udom = &unescape($udom);
 5644:     $email = &unescape($email);
 5645:     @rules = map {&unescape($_);} (@rules);
 5646:     eval {
 5647:         local($SIG{__DIE__})='DEFAULT';
 5648:         $outcome = &localenroll::selfcreate_check($udom,$email,\@rules,\%rulecheck);
 5649:     };
 5650:     if (!$@) {
 5651:         if ($outcome eq 'ok') {
 5652:             my $result='';
 5653:             foreach my $key (keys(%rulecheck)) {
 5654:                 $result.=&escape($key).'='.&Apache::lonnet::freeze_escape($rulecheck{$key}).'&';
 5655:             }
 5656:             &Reply($client,\$result,$userinput);
 5657:         } else {
 5658:             &Reply($client,"error\n", $userinput);
 5659:         }
 5660:     } else {
 5661:         &Failure($client,"unknown_cmd\n",$userinput);
 5662:     }
 5663: }
 5664: &register_handler("instselfcreatecheck",\&institutional_selfcreate_check,0,1,0);
 5665: 
 5666: # Get domain specific conditions for import of student photographs to a course
 5667: #
 5668: # Retrieves information from photo_permission subroutine in localenroll.
 5669: # Returns outcome (ok) if no processing errors, and whether course owner is 
 5670: # required to accept conditions of use (yes/no).
 5671: #
 5672: #    
 5673: sub photo_permission_handler {
 5674:     my ($cmd, $tail, $client)   = @_;
 5675:     my $userinput               = "$cmd:$tail";
 5676:     my $cdom = $tail;
 5677:     my ($perm_reqd,$conditions);
 5678:     my $outcome;
 5679:     eval {
 5680: 	local($SIG{__DIE__})='DEFAULT';
 5681: 	$outcome = &localenroll::photo_permission($cdom,\$perm_reqd,
 5682: 						  \$conditions);
 5683:     };
 5684:     if (!$@) {
 5685: 	&Reply($client, &escape($outcome.':'.$perm_reqd.':'. $conditions)."\n",
 5686: 	       $userinput);
 5687:     } else {
 5688: 	&Failure($client,"unknown_cmd\n",$userinput);
 5689:     }
 5690:     return 1;
 5691: }
 5692: &register_handler("autophotopermission",\&photo_permission_handler,0,1,0);
 5693: 
 5694: #
 5695: # Checks if student photo is available for a user in the domain, in the user's
 5696: # directory (in /userfiles/internal/studentphoto.jpg).
 5697: # Uses localstudentphoto:fetch() to ensure there is an up to date copy of
 5698: # the student's photo.   
 5699: 
 5700: sub photo_check_handler {
 5701:     my ($cmd, $tail, $client)   = @_;
 5702:     my $userinput               = "$cmd:$tail";
 5703:     my ($udom,$uname,$pid) = split(/:/,$tail);
 5704:     $udom = &unescape($udom);
 5705:     $uname = &unescape($uname);
 5706:     $pid = &unescape($pid);
 5707:     my $path=&propath($udom,$uname).'/userfiles/internal/';
 5708:     if (!-e $path) {
 5709:         &mkpath($path);
 5710:     }
 5711:     my $response;
 5712:     my $result = &localstudentphoto::fetch($udom,$uname,$pid,\$response);
 5713:     $result .= ':'.$response;
 5714:     &Reply($client, &escape($result)."\n",$userinput);
 5715:     return 1;
 5716: }
 5717: &register_handler("autophotocheck",\&photo_check_handler,0,1,0);
 5718: 
 5719: #
 5720: # Retrieve information from localenroll about whether to provide a button     
 5721: # for users who have enbled import of student photos to initiate an 
 5722: # update of photo files for registered students. Also include 
 5723: # comment to display alongside button.  
 5724: 
 5725: sub photo_choice_handler {
 5726:     my ($cmd, $tail, $client) = @_;
 5727:     my $userinput             = "$cmd:$tail";
 5728:     my $cdom                  = &unescape($tail);
 5729:     my ($update,$comment);
 5730:     eval {
 5731: 	local($SIG{__DIE__})='DEFAULT';
 5732: 	($update,$comment)    = &localenroll::manager_photo_update($cdom);
 5733:     };
 5734:     if (!$@) {
 5735: 	&Reply($client,&escape($update).':'.&escape($comment)."\n",$userinput);
 5736:     } else {
 5737: 	&Failure($client,"unknown_cmd\n",$userinput);
 5738:     }
 5739:     return 1;
 5740: }
 5741: &register_handler("autophotochoice",\&photo_choice_handler,0,1,0);
 5742: 
 5743: #
 5744: # Gets a student's photo to exist (in the correct image type) in the user's 
 5745: # directory.
 5746: # Formal Parameters:
 5747: #    $cmd     - The command request that got us dispatched.
 5748: #    $tail    - A colon separated set of words that will be split into:
 5749: #               $domain - student's domain
 5750: #               $uname  - student username
 5751: #               $type   - image type desired
 5752: #    $client  - The socket open on the client.
 5753: # Returns:
 5754: #    1 - continue processing.
 5755: 
 5756: sub student_photo_handler {
 5757:     my ($cmd, $tail, $client) = @_;
 5758:     my ($domain,$uname,$ext,$type) = split(/:/, $tail);
 5759: 
 5760:     my $path=&propath($domain,$uname). '/userfiles/internal/';
 5761:     my $filename = 'studentphoto.'.$ext;
 5762:     if ($type eq 'thumbnail') {
 5763:         $filename = 'studentphoto_tn.'.$ext;
 5764:     }
 5765:     if (-e $path.$filename) {
 5766: 	&Reply($client,"ok\n","$cmd:$tail");
 5767: 	return 1;
 5768:     }
 5769:     &mkpath($path);
 5770:     my $file;
 5771:     if ($type eq 'thumbnail') {
 5772: 	eval {
 5773: 	    local($SIG{__DIE__})='DEFAULT';
 5774: 	    $file=&localstudentphoto::fetch_thumbnail($domain,$uname);
 5775: 	};
 5776:     } else {
 5777:         $file=&localstudentphoto::fetch($domain,$uname);
 5778:     }
 5779:     if (!$file) {
 5780: 	&Failure($client,"unavailable\n","$cmd:$tail");
 5781: 	return 1;
 5782:     }
 5783:     if (!-e $path.$filename) { &convert_photo($file,$path.$filename); }
 5784:     if (-e $path.$filename) {
 5785: 	&Reply($client,"ok\n","$cmd:$tail");
 5786: 	return 1;
 5787:     }
 5788:     &Failure($client,"unable_to_convert\n","$cmd:$tail");
 5789:     return 1;
 5790: }
 5791: &register_handler("studentphoto", \&student_photo_handler, 0, 1, 0);
 5792: 
 5793: sub inst_usertypes_handler {
 5794:     my ($cmd, $domain, $client) = @_;
 5795:     my $res;
 5796:     my $userinput = $cmd.":".$domain; # For logging purposes.
 5797:     my (%typeshash,@order,$result);
 5798:     eval {
 5799: 	local($SIG{__DIE__})='DEFAULT';
 5800: 	$result=&localenroll::inst_usertypes($domain,\%typeshash,\@order);
 5801:     };
 5802:     if ($result eq 'ok') {
 5803:         if (keys(%typeshash) > 0) {
 5804:             foreach my $key (keys(%typeshash)) {
 5805:                 $res.=&escape($key).'='.&escape($typeshash{$key}).'&';
 5806:             }
 5807:         }
 5808:         $res=~s/\&$//;
 5809:         $res .= ':';
 5810:         if (@order > 0) {
 5811:             foreach my $item (@order) {
 5812:                 $res .= &escape($item).'&';
 5813:             }
 5814:         }
 5815:         $res=~s/\&$//;
 5816:     }
 5817:     &Reply($client, \$res, $userinput);
 5818:     return 1;
 5819: }
 5820: &register_handler("inst_usertypes", \&inst_usertypes_handler, 0, 1, 0);
 5821: 
 5822: # mkpath makes all directories for a file, expects an absolute path with a
 5823: # file or a trailing / if just a dir is passed
 5824: # returns 1 on success 0 on failure
 5825: sub mkpath {
 5826:     my ($file)=@_;
 5827:     my @parts=split(/\//,$file,-1);
 5828:     my $now=$parts[0].'/'.$parts[1].'/'.$parts[2];
 5829:     for (my $i=3;$i<= ($#parts-1);$i++) {
 5830: 	$now.='/'.$parts[$i]; 
 5831: 	if (!-e $now) {
 5832: 	    if  (!mkdir($now,0770)) { return 0; }
 5833: 	}
 5834:     }
 5835:     return 1;
 5836: }
 5837: 
 5838: #---------------------------------------------------------------
 5839: #
 5840: #   Getting, decoding and dispatching requests:
 5841: #
 5842: #
 5843: #   Get a Request:
 5844: #   Gets a Request message from the client.  The transaction
 5845: #   is defined as a 'line' of text.  We remove the new line
 5846: #   from the text line.  
 5847: #
 5848: sub get_request {
 5849:     my $input = <$client>;
 5850:     chomp($input);
 5851: 
 5852:     &Debug("get_request: Request = $input\n");
 5853: 
 5854:     &status('Processing '.$clientname.':'.$input);
 5855: 
 5856:     return $input;
 5857: }
 5858: #---------------------------------------------------------------
 5859: #
 5860: #  Process a request.  This sub should shrink as each action
 5861: #  gets farmed out into a separat sub that is registered 
 5862: #  with the dispatch hash.  
 5863: #
 5864: # Parameters:
 5865: #    user_input   - The request received from the client (lonc).
 5866: # Returns:
 5867: #    true to keep processing, false if caller should exit.
 5868: #
 5869: sub process_request {
 5870:     my ($userinput) = @_;      # Easier for now to break style than to
 5871:                                 # fix all the userinput -> user_input.
 5872:     my $wasenc    = 0;		# True if request was encrypted.
 5873: # ------------------------------------------------------------ See if encrypted
 5874:     # for command
 5875:     # sethost:<server>
 5876:     # <command>:<args>
 5877:     #   we just send it to the processor
 5878:     # for
 5879:     # sethost:<server>:<command>:<args>
 5880:     #  we do the implict set host and then do the command
 5881:     if ($userinput =~ /^sethost:/) {
 5882: 	(my $cmd,my $newid,$userinput) = split(':',$userinput,3);
 5883: 	if (defined($userinput)) {
 5884: 	    &sethost("$cmd:$newid");
 5885: 	} else {
 5886: 	    $userinput = "$cmd:$newid";
 5887: 	}
 5888:     }
 5889: 
 5890:     if ($userinput =~ /^enc/) {
 5891: 	$userinput = decipher($userinput);
 5892: 	$wasenc=1;
 5893: 	if(!$userinput) {	# Cipher not defined.
 5894: 	    &Failure($client, "error: Encrypted data without negotated key\n");
 5895: 	    return 0;
 5896: 	}
 5897:     }
 5898:     Debug("process_request: $userinput\n");
 5899:     
 5900:     #  
 5901:     #   The 'correct way' to add a command to lond is now to
 5902:     #   write a sub to execute it and Add it to the command dispatch
 5903:     #   hash via a call to register_handler..  The comments to that
 5904:     #   sub should give you enough to go on to show how to do this
 5905:     #   along with the examples that are building up as this code
 5906:     #   is getting refactored.   Until all branches of the
 5907:     #   if/elseif monster below have been factored out into
 5908:     #   separate procesor subs, if the dispatch hash is missing
 5909:     #   the command keyword, we will fall through to the remainder
 5910:     #   of the if/else chain below in order to keep this thing in 
 5911:     #   working order throughout the transmogrification.
 5912: 
 5913:     my ($command, $tail) = split(/:/, $userinput, 2);
 5914:     chomp($command);
 5915:     chomp($tail);
 5916:     $tail =~ s/(\r)//;		# This helps people debugging with e.g. telnet.
 5917:     $command =~ s/(\r)//;	# And this too for parameterless commands.
 5918:     if(!$tail) {
 5919: 	$tail ="";		# defined but blank.
 5920:     }
 5921: 
 5922:     &Debug("Command received: $command, encoded = $wasenc");
 5923: 
 5924:     if(defined $Dispatcher{$command}) {
 5925: 
 5926: 	my $dispatch_info = $Dispatcher{$command};
 5927: 	my $handler       = $$dispatch_info[0];
 5928: 	my $need_encode   = $$dispatch_info[1];
 5929: 	my $client_types  = $$dispatch_info[2];
 5930: 	Debug("Matched dispatch hash: mustencode: $need_encode "
 5931: 	      ."ClientType $client_types");
 5932:       
 5933: 	#  Validate the request:
 5934:       
 5935: 	my $ok = 1;
 5936: 	my $requesterprivs = 0;
 5937: 	if(&isClient()) {
 5938: 	    $requesterprivs |= $CLIENT_OK;
 5939: 	}
 5940: 	if(&isManager()) {
 5941: 	    $requesterprivs |= $MANAGER_OK;
 5942: 	}
 5943: 	if($need_encode && (!$wasenc)) {
 5944: 	    Debug("Must encode but wasn't: $need_encode $wasenc");
 5945: 	    $ok = 0;
 5946: 	}
 5947: 	if(($client_types & $requesterprivs) == 0) {
 5948: 	    Debug("Client not privileged to do this operation");
 5949: 	    $ok = 0;
 5950: 	}
 5951: 
 5952: 	if($ok) {
 5953: 	    Debug("Dispatching to handler $command $tail");
 5954: 	    my $keep_going = &$handler($command, $tail, $client);
 5955: 	    return $keep_going;
 5956: 	} else {
 5957: 	    Debug("Refusing to dispatch because client did not match requirements");
 5958: 	    Failure($client, "refused\n", $userinput);
 5959: 	    return 1;
 5960: 	}
 5961: 
 5962:     }    
 5963: 
 5964:     print $client "unknown_cmd\n";
 5965: # -------------------------------------------------------------------- complete
 5966:     Debug("process_request - returning 1");
 5967:     return 1;
 5968: }
 5969: #
 5970: #   Decipher encoded traffic
 5971: #  Parameters:
 5972: #     input      - Encoded data.
 5973: #  Returns:
 5974: #     Decoded data or undef if encryption key was not yet negotiated.
 5975: #  Implicit input:
 5976: #     cipher  - This global holds the negotiated encryption key.
 5977: #
 5978: sub decipher {
 5979:     my ($input)  = @_;
 5980:     my $output = '';
 5981:     
 5982:     
 5983:     if($cipher) {
 5984: 	my($enc, $enclength, $encinput) = split(/:/, $input);
 5985: 	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
 5986: 	    $output .= 
 5987: 		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
 5988: 	}
 5989: 	return substr($output, 0, $enclength);
 5990:     } else {
 5991: 	return undef;
 5992:     }
 5993: }
 5994: 
 5995: #
 5996: #   Register a command processor.  This function is invoked to register a sub
 5997: #   to process a request.  Once registered, the ProcessRequest sub can automatically
 5998: #   dispatch requests to an appropriate sub, and do the top level validity checking
 5999: #   as well:
 6000: #    - Is the keyword recognized.
 6001: #    - Is the proper client type attempting the request.
 6002: #    - Is the request encrypted if it has to be.
 6003: #   Parameters:
 6004: #    $request_name         - Name of the request being registered.
 6005: #                           This is the command request that will match
 6006: #                           against the hash keywords to lookup the information
 6007: #                           associated with the dispatch information.
 6008: #    $procedure           - Reference to a sub to call to process the request.
 6009: #                           All subs get called as follows:
 6010: #                             Procedure($cmd, $tail, $replyfd, $key)
 6011: #                             $cmd    - the actual keyword that invoked us.
 6012: #                             $tail   - the tail of the request that invoked us.
 6013: #                             $replyfd- File descriptor connected to the client
 6014: #    $must_encode          - True if the request must be encoded to be good.
 6015: #    $client_ok            - True if it's ok for a client to request this.
 6016: #    $manager_ok           - True if it's ok for a manager to request this.
 6017: # Side effects:
 6018: #      - On success, the Dispatcher hash has an entry added for the key $RequestName
 6019: #      - On failure, the program will die as it's a bad internal bug to try to 
 6020: #        register a duplicate command handler.
 6021: #
 6022: sub register_handler {
 6023:     my ($request_name,$procedure,$must_encode,	$client_ok,$manager_ok)   = @_;
 6024: 
 6025:     #  Don't allow duplication#
 6026:    
 6027:     if (defined $Dispatcher{$request_name}) {
 6028: 	die "Attempting to define a duplicate request handler for $request_name\n";
 6029:     }
 6030:     #   Build the client type mask:
 6031:     
 6032:     my $client_type_mask = 0;
 6033:     if($client_ok) {
 6034: 	$client_type_mask  |= $CLIENT_OK;
 6035:     }
 6036:     if($manager_ok) {
 6037: 	$client_type_mask  |= $MANAGER_OK;
 6038:     }
 6039:    
 6040:     #  Enter the hash:
 6041:       
 6042:     my @entry = ($procedure, $must_encode, $client_type_mask);
 6043:    
 6044:     $Dispatcher{$request_name} = \@entry;
 6045:    
 6046: }
 6047: 
 6048: 
 6049: #------------------------------------------------------------------
 6050: 
 6051: 
 6052: 
 6053: 
 6054: #
 6055: #  Convert an error return code from lcpasswd to a string value.
 6056: #
 6057: sub lcpasswdstrerror {
 6058:     my $ErrorCode = shift;
 6059:     if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) {
 6060: 	return "lcpasswd Unrecognized error return value ".$ErrorCode;
 6061:     } else {
 6062: 	return $passwderrors[$ErrorCode];
 6063:     }
 6064: }
 6065: 
 6066: # grabs exception and records it to log before exiting
 6067: sub catchexception {
 6068:     my ($error)=@_;
 6069:     $SIG{'QUIT'}='DEFAULT';
 6070:     $SIG{__DIE__}='DEFAULT';
 6071:     &status("Catching exception");
 6072:     &logthis("<font color='red'>CRITICAL: "
 6073:      ."ABNORMAL EXIT. Child $$ for server ".$perlvar{'lonHostID'}." died through "
 6074:      ."a crash with this error msg->[$error]</font>");
 6075:     &logthis('Famous last words: '.$status.' - '.$lastlog);
 6076:     if ($client) { print $client "error: $error\n"; }
 6077:     $server->close();
 6078:     die($error);
 6079: }
 6080: sub timeout {
 6081:     &status("Handling Timeout");
 6082:     &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
 6083:     &catchexception('Timeout');
 6084: }
 6085: # -------------------------------- Set signal handlers to record abnormal exits
 6086: 
 6087: 
 6088: $SIG{'QUIT'}=\&catchexception;
 6089: $SIG{__DIE__}=\&catchexception;
 6090: 
 6091: # ---------------------------------- Read loncapa_apache.conf and loncapa.conf
 6092: &status("Read loncapa.conf and loncapa_apache.conf");
 6093: my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf');
 6094: %perlvar=%{$perlvarref};
 6095: undef $perlvarref;
 6096: 
 6097: # ----------------------------- Make sure this process is running from user=www
 6098: my $wwwid=getpwnam('www');
 6099: if ($wwwid!=$<) {
 6100:    my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
 6101:    my $subj="LON: $currenthostid User ID mismatch";
 6102:    system("echo 'User ID mismatch.  lond must be run as user www.' |\
 6103:  mailto $emailto -s '$subj' > /dev/null");
 6104:    exit 1;
 6105: }
 6106: 
 6107: # --------------------------------------------- Check if other instance running
 6108: 
 6109: my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
 6110: 
 6111: if (-e $pidfile) {
 6112:    my $lfh=IO::File->new("$pidfile");
 6113:    my $pide=<$lfh>;
 6114:    chomp($pide);
 6115:    if (kill 0 => $pide) { die "already running"; }
 6116: }
 6117: 
 6118: # ------------------------------------------------------------- Read hosts file
 6119: 
 6120: 
 6121: 
 6122: # establish SERVER socket, bind and listen.
 6123: $server = IO::Socket::INET->new(LocalPort => $perlvar{'londPort'},
 6124:                                 Type      => SOCK_STREAM,
 6125:                                 Proto     => 'tcp',
 6126:                                 ReuseAddr     => 1,
 6127:                                 Listen    => 10 )
 6128:   or die "making socket: $@\n";
 6129: 
 6130: # --------------------------------------------------------- Do global variables
 6131: 
 6132: # global variables
 6133: 
 6134: my %children               = ();       # keys are current child process IDs
 6135: 
 6136: sub REAPER {                        # takes care of dead children
 6137:     $SIG{CHLD} = \&REAPER;
 6138:     &status("Handling child death");
 6139:     my $pid;
 6140:     do {
 6141: 	$pid = waitpid(-1,&WNOHANG());
 6142: 	if (defined($children{$pid})) {
 6143: 	    &logthis("Child $pid died");
 6144: 	    delete($children{$pid});
 6145: 	} elsif ($pid > 0) {
 6146: 	    &logthis("Unknown Child $pid died");
 6147: 	}
 6148:     } while ( $pid > 0 );
 6149:     foreach my $child (keys(%children)) {
 6150: 	$pid = waitpid($child,&WNOHANG());
 6151: 	if ($pid > 0) {
 6152: 	    &logthis("Child $child - $pid looks like we missed it's death");
 6153: 	    delete($children{$pid});
 6154: 	}
 6155:     }
 6156:     &status("Finished Handling child death");
 6157: }
 6158: 
 6159: sub HUNTSMAN {                      # signal handler for SIGINT
 6160:     &status("Killing children (INT)");
 6161:     local($SIG{CHLD}) = 'IGNORE';   # we're going to kill our children
 6162:     kill 'INT' => keys %children;
 6163:     &logthis("Free socket: ".shutdown($server,2)); # free up socket
 6164:     my $execdir=$perlvar{'lonDaemons'};
 6165:     unlink("$execdir/logs/lond.pid");
 6166:     &logthis("<font color='red'>CRITICAL: Shutting down</font>");
 6167:     &status("Done killing children");
 6168:     exit;                           # clean up with dignity
 6169: }
 6170: 
 6171: sub HUPSMAN {                      # signal handler for SIGHUP
 6172:     local($SIG{CHLD}) = 'IGNORE';  # we're going to kill our children
 6173:     &status("Killing children for restart (HUP)");
 6174:     kill 'INT' => keys %children;
 6175:     &logthis("Free socket: ".shutdown($server,2)); # free up socket
 6176:     &logthis("<font color='red'>CRITICAL: Restarting</font>");
 6177:     my $execdir=$perlvar{'lonDaemons'};
 6178:     unlink("$execdir/logs/lond.pid");
 6179:     &status("Restarting self (HUP)");
 6180:     exec("$execdir/lond");         # here we go again
 6181: }
 6182: 
 6183: #
 6184: #  Reload the Apache daemon's state.
 6185: #  This is done by invoking /home/httpd/perl/apachereload
 6186: #  a setuid perl script that can be root for us to do this job.
 6187: #
 6188: sub ReloadApache {
 6189: # --------------------------- Handle case of another apachereload process (locking)
 6190:     if (&LONCAPA::try_to_lock('/tmp/lock_apachereload')) {
 6191:         my $execdir = $perlvar{'lonDaemons'};
 6192:         my $script  = $execdir."/apachereload";
 6193:         system($script);
 6194:         unlink('/tmp/lock_apachereload'); #  Remove the lock file.
 6195:     }
 6196: }
 6197: 
 6198: #
 6199: #   Called in response to a USR2 signal.
 6200: #   - Reread hosts.tab
 6201: #   - All children connected to hosts that were removed from hosts.tab
 6202: #     are killed via SIGINT
 6203: #   - All children connected to previously existing hosts are sent SIGUSR1
 6204: #   - Our internal hosts hash is updated to reflect the new contents of
 6205: #     hosts.tab causing connections from hosts added to hosts.tab to
 6206: #     now be honored.
 6207: #
 6208: sub UpdateHosts {
 6209:     &status("Reload hosts.tab");
 6210:     logthis('<font color="blue"> Updating connections </font>');
 6211:     #
 6212:     #  The %children hash has the set of IP's we currently have children
 6213:     #  on.  These need to be matched against records in the hosts.tab
 6214:     #  Any ip's no longer in the table get killed off they correspond to
 6215:     #  either dropped or changed hosts.  Note that the re-read of the table
 6216:     #  will take care of new and changed hosts as connections come into being.
 6217: 
 6218:     &Apache::lonnet::reset_hosts_info();
 6219: 
 6220:     foreach my $child (keys(%children)) {
 6221: 	my $childip = $children{$child};
 6222: 	if ($childip ne '127.0.0.1'
 6223: 	    && !defined(&Apache::lonnet::get_hosts_from_ip($childip))) {
 6224: 	    logthis('<font color="blue"> UpdateHosts killing child '
 6225: 		    ." $child for ip $childip </font>");
 6226: 	    kill('INT', $child);
 6227: 	} else {
 6228: 	    logthis('<font color="green"> keeping child for ip '
 6229: 		    ." $childip (pid=$child) </font>");
 6230: 	}
 6231:     }
 6232:     ReloadApache;
 6233:     &status("Finished reloading hosts.tab");
 6234: }
 6235: 
 6236: 
 6237: sub checkchildren {
 6238:     &status("Checking on the children (sending signals)");
 6239:     &initnewstatus();
 6240:     &logstatus();
 6241:     &logthis('Going to check on the children');
 6242:     my $docdir=$perlvar{'lonDocRoot'};
 6243:     foreach (sort keys %children) {
 6244: 	#sleep 1;
 6245:         unless (kill 'USR1' => $_) {
 6246: 	    &logthis ('Child '.$_.' is dead');
 6247:             &logstatus($$.' is dead');
 6248: 	    delete($children{$_});
 6249:         } 
 6250:     }
 6251:     sleep 5;
 6252:     $SIG{ALRM} = sub { Debug("timeout"); 
 6253: 		       die "timeout";  };
 6254:     $SIG{__DIE__} = 'DEFAULT';
 6255:     &status("Checking on the children (waiting for reports)");
 6256:     foreach (sort keys %children) {
 6257:         unless (-e "$docdir/lon-status/londchld/$_.txt") {
 6258:           eval {
 6259:             alarm(300);
 6260: 	    &logthis('Child '.$_.' did not respond');
 6261: 	    kill 9 => $_;
 6262: 	    #$emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
 6263: 	    #$subj="LON: $currenthostid killed lond process $_";
 6264: 	    #my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
 6265: 	    #$execdir=$perlvar{'lonDaemons'};
 6266: 	    #$result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`;
 6267: 	    delete($children{$_});
 6268: 	    alarm(0);
 6269: 	  }
 6270:         }
 6271:     }
 6272:     $SIG{ALRM} = 'DEFAULT';
 6273:     $SIG{__DIE__} = \&catchexception;
 6274:     &status("Finished checking children");
 6275:     &logthis('Finished Checking children');
 6276: }
 6277: 
 6278: # --------------------------------------------------------------------- Logging
 6279: 
 6280: sub logthis {
 6281:     my $message=shift;
 6282:     my $execdir=$perlvar{'lonDaemons'};
 6283:     my $fh=IO::File->new(">>$execdir/logs/lond.log");
 6284:     my $now=time;
 6285:     my $local=localtime($now);
 6286:     $lastlog=$local.': '.$message;
 6287:     print $fh "$local ($$): $message\n";
 6288: }
 6289: 
 6290: # ------------------------- Conditional log if $DEBUG true.
 6291: sub Debug {
 6292:     my $message = shift;
 6293:     if($DEBUG) {
 6294: 	&logthis($message);
 6295:     }
 6296: }
 6297: 
 6298: #
 6299: #   Sub to do replies to client.. this gives a hook for some
 6300: #   debug tracing too:
 6301: #  Parameters:
 6302: #     fd      - File open on client.
 6303: #     reply   - Text to send to client.
 6304: #     request - Original request from client.
 6305: #
 6306: #NOTE $reply must be terminated by exactly *one* \n. If $reply is a reference
 6307: #this is done automatically ($$reply must not contain any \n in this case). 
 6308: #If $reply is a string the caller has to ensure this.
 6309: sub Reply {
 6310:     my ($fd, $reply, $request) = @_;
 6311:     if (ref($reply)) {
 6312: 	print $fd $$reply;
 6313: 	print $fd "\n";
 6314: 	if ($DEBUG) { Debug("Request was $request  Reply was $$reply"); }
 6315:     } else {
 6316: 	print $fd $reply;
 6317: 	if ($DEBUG) { Debug("Request was $request  Reply was $reply"); }
 6318:     }
 6319:     $Transactions++;
 6320: }
 6321: 
 6322: 
 6323: #
 6324: #    Sub to report a failure.
 6325: #    This function:
 6326: #     -   Increments the failure statistic counters.
 6327: #     -   Invokes Reply to send the error message to the client.
 6328: # Parameters:
 6329: #    fd       - File descriptor open on the client
 6330: #    reply    - Reply text to emit.
 6331: #    request  - The original request message (used by Reply
 6332: #               to debug if that's enabled.
 6333: # Implicit outputs:
 6334: #    $Failures- The number of failures is incremented.
 6335: #    Reply (invoked here) sends a message to the 
 6336: #    client:
 6337: #
 6338: sub Failure {
 6339:     my $fd      = shift;
 6340:     my $reply   = shift;
 6341:     my $request = shift;
 6342:    
 6343:     $Failures++;
 6344:     Reply($fd, $reply, $request);      # That's simple eh?
 6345: }
 6346: # ------------------------------------------------------------------ Log status
 6347: 
 6348: sub logstatus {
 6349:     &status("Doing logging");
 6350:     my $docdir=$perlvar{'lonDocRoot'};
 6351:     {
 6352: 	my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
 6353:         print $fh $status."\n".$lastlog."\n".time."\n$keymode";
 6354:         $fh->close();
 6355:     }
 6356:     &status("Finished $$.txt");
 6357:     {
 6358: 	open(LOG,">>$docdir/lon-status/londstatus.txt");
 6359: 	flock(LOG,LOCK_EX);
 6360: 	print LOG $$."\t".$clientname."\t".$currenthostid."\t"
 6361: 	    .$status."\t".$lastlog."\t $keymode\n";
 6362: 	flock(LOG,LOCK_UN);
 6363: 	close(LOG);
 6364:     }
 6365:     &status("Finished logging");
 6366: }
 6367: 
 6368: sub initnewstatus {
 6369:     my $docdir=$perlvar{'lonDocRoot'};
 6370:     my $fh=IO::File->new(">$docdir/lon-status/londstatus.txt");
 6371:     my $now=time();
 6372:     my $local=localtime($now);
 6373:     print $fh "LOND status $local - parent $$\n\n";
 6374:     opendir(DIR,"$docdir/lon-status/londchld");
 6375:     while (my $filename=readdir(DIR)) {
 6376:         unlink("$docdir/lon-status/londchld/$filename");
 6377:     }
 6378:     closedir(DIR);
 6379: }
 6380: 
 6381: # -------------------------------------------------------------- Status setting
 6382: 
 6383: sub status {
 6384:     my $what=shift;
 6385:     my $now=time;
 6386:     my $local=localtime($now);
 6387:     $status=$local.': '.$what;
 6388:     $0='lond: '.$what.' '.$local;
 6389: }
 6390: 
 6391: # -------------------------------------------------------------- Talk to lonsql
 6392: 
 6393: sub sql_reply {
 6394:     my ($cmd)=@_;
 6395:     my $answer=&sub_sql_reply($cmd);
 6396:     if ($answer eq 'con_lost') { $answer=&sub_sql_reply($cmd); }
 6397:     return $answer;
 6398: }
 6399: 
 6400: sub sub_sql_reply {
 6401:     my ($cmd)=@_;
 6402:     my $unixsock="mysqlsock";
 6403:     my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
 6404:     my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
 6405:                                       Type    => SOCK_STREAM,
 6406:                                       Timeout => 10)
 6407:        or return "con_lost";
 6408:     print $sclient "$cmd:$currentdomainid\n";
 6409:     my $answer=<$sclient>;
 6410:     chomp($answer);
 6411:     if (!$answer) { $answer="con_lost"; }
 6412:     return $answer;
 6413: }
 6414: 
 6415: # --------------------------------------- Is this the home server of an author?
 6416: 
 6417: sub ishome {
 6418:     my $author=shift;
 6419:     $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
 6420:     my ($udom,$uname)=split(/\//,$author);
 6421:     my $proname=propath($udom,$uname);
 6422:     if (-e $proname) {
 6423: 	return 'owner';
 6424:     } else {
 6425:         return 'not_owner';
 6426:     }
 6427: }
 6428: 
 6429: # ======================================================= Continue main program
 6430: # ---------------------------------------------------- Fork once and dissociate
 6431: 
 6432: my $fpid=fork;
 6433: exit if $fpid;
 6434: die "Couldn't fork: $!" unless defined ($fpid);
 6435: 
 6436: POSIX::setsid() or die "Can't start new session: $!";
 6437: 
 6438: # ------------------------------------------------------- Write our PID on disk
 6439: 
 6440: my $execdir=$perlvar{'lonDaemons'};
 6441: open (PIDSAVE,">$execdir/logs/lond.pid");
 6442: print PIDSAVE "$$\n";
 6443: close(PIDSAVE);
 6444: &logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
 6445: &status('Starting');
 6446: 
 6447: 
 6448: 
 6449: # ----------------------------------------------------- Install signal handlers
 6450: 
 6451: 
 6452: $SIG{CHLD} = \&REAPER;
 6453: $SIG{INT}  = $SIG{TERM} = \&HUNTSMAN;
 6454: $SIG{HUP}  = \&HUPSMAN;
 6455: $SIG{USR1} = \&checkchildren;
 6456: $SIG{USR2} = \&UpdateHosts;
 6457: 
 6458: #  Read the host hashes:
 6459: &Apache::lonnet::load_hosts_tab();
 6460: my %iphost = &Apache::lonnet::get_iphost(1);
 6461: 
 6462: $dist=`$perlvar{'lonDaemons'}/distprobe`;
 6463: 
 6464: my $arch = `uname -i`;
 6465: chomp($arch);
 6466: if ($arch eq 'unknown') {
 6467:     $arch = `uname -m`;
 6468:     chomp($arch);
 6469: }
 6470: 
 6471: # --------------------------------------------------------------
 6472: #   Accept connections.  When a connection comes in, it is validated
 6473: #   and if good, a child process is created to process transactions
 6474: #   along the connection.
 6475: 
 6476: while (1) {
 6477:     &status('Starting accept');
 6478:     $client = $server->accept() or next;
 6479:     &status('Accepted '.$client.' off to spawn');
 6480:     make_new_child($client);
 6481:     &status('Finished spawning');
 6482: }
 6483: 
 6484: sub make_new_child {
 6485:     my $pid;
 6486: #    my $cipher;     # Now global
 6487:     my $sigset;
 6488: 
 6489:     $client = shift;
 6490:     &status('Starting new child '.$client);
 6491:     &logthis('<font color="green"> Attempting to start child ('.$client.
 6492: 	     ")</font>");    
 6493:     # block signal for fork
 6494:     $sigset = POSIX::SigSet->new(SIGINT);
 6495:     sigprocmask(SIG_BLOCK, $sigset)
 6496:         or die "Can't block SIGINT for fork: $!\n";
 6497: 
 6498:     die "fork: $!" unless defined ($pid = fork);
 6499: 
 6500:     $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
 6501: 	                               # connection liveness.
 6502: 
 6503:     #
 6504:     #  Figure out who we're talking to so we can record the peer in 
 6505:     #  the pid hash.
 6506:     #
 6507:     my $caller = getpeername($client);
 6508:     my ($port,$iaddr);
 6509:     if (defined($caller) && length($caller) > 0) {
 6510: 	($port,$iaddr)=unpack_sockaddr_in($caller);
 6511:     } else {
 6512: 	&logthis("Unable to determine who caller was, getpeername returned nothing");
 6513:     }
 6514:     if (defined($iaddr)) {
 6515: 	$clientip  = inet_ntoa($iaddr);
 6516: 	Debug("Connected with $clientip");
 6517:     } else {
 6518: 	&logthis("Unable to determine clientip");
 6519: 	$clientip='Unavailable';
 6520:     }
 6521:     
 6522:     if ($pid) {
 6523:         # Parent records the child's birth and returns.
 6524:         sigprocmask(SIG_UNBLOCK, $sigset)
 6525:             or die "Can't unblock SIGINT for fork: $!\n";
 6526:         $children{$pid} = $clientip;
 6527:         &status('Started child '.$pid);
 6528: 	close($client);
 6529:         return;
 6530:     } else {
 6531:         # Child can *not* return from this subroutine.
 6532:         $SIG{INT} = 'DEFAULT';      # make SIGINT kill us as it did before
 6533:         $SIG{CHLD} = 'DEFAULT'; #make this default so that pwauth returns 
 6534:                                 #don't get intercepted
 6535:         $SIG{USR1}= \&logstatus;
 6536:         $SIG{ALRM}= \&timeout;
 6537: 	#
 6538: 	# Block sigpipe as it gets thrownon socket disconnect and we want to 
 6539: 	# deal with that as a read faiure instead.
 6540: 	#
 6541: 	my $blockset = POSIX::SigSet->new(SIGPIPE);
 6542: 	sigprocmask(SIG_BLOCK, $blockset);
 6543: 
 6544:         $lastlog='Forked ';
 6545:         $status='Forked';
 6546: 
 6547:         # unblock signals
 6548:         sigprocmask(SIG_UNBLOCK, $sigset)
 6549:             or die "Can't unblock SIGINT for fork: $!\n";
 6550: 
 6551: #        my $tmpsnum=0;            # Now global
 6552: #---------------------------------------------------- kerberos 5 initialization
 6553:         &Authen::Krb5::init_context();
 6554: 	unless (($dist eq 'fedora5') || ($dist eq 'fedora4') ||  
 6555: 		($dist eq 'fedora6') || ($dist eq 'suse9.3') ||
 6556:                 ($dist eq 'suse12.2') || ($dist eq 'suse12.3') ||
 6557:                 ($dist eq 'suse13.1')) {
 6558: 	    &Authen::Krb5::init_ets();
 6559: 	}
 6560: 
 6561: 	&status('Accepted connection');
 6562: # =============================================================================
 6563:             # do something with the connection
 6564: # -----------------------------------------------------------------------------
 6565: 	# see if we know client and 'check' for spoof IP by ineffective challenge
 6566: 
 6567: 	my $outsideip=$clientip;
 6568: 	if ($clientip eq '127.0.0.1') {
 6569: 	    $outsideip=&Apache::lonnet::get_host_ip($perlvar{'lonHostID'});
 6570: 	}
 6571: 	&ReadManagerTable();
 6572: 	my $clientrec=defined(&Apache::lonnet::get_hosts_from_ip($outsideip));
 6573: 	my $ismanager=($managers{$outsideip}    ne undef);
 6574: 	$clientname  = "[unknown]";
 6575: 	if($clientrec) {	# Establish client type.
 6576: 	    $ConnectionType = "client";
 6577: 	    $clientname = (&Apache::lonnet::get_hosts_from_ip($outsideip))[-1];
 6578: 	    if($ismanager) {
 6579: 		$ConnectionType = "both";
 6580: 	    }
 6581: 	} else {
 6582: 	    $ConnectionType = "manager";
 6583: 	    $clientname = $managers{$outsideip};
 6584: 	}
 6585: 	my $clientok;
 6586: 
 6587: 	if ($clientrec || $ismanager) {
 6588: 	    &status("Waiting for init from $clientip $clientname");
 6589: 	    &logthis('<font color="yellow">INFO: Connection, '.
 6590: 		     $clientip.
 6591: 		  " ($clientname) connection type = $ConnectionType </font>" );
 6592: 	    &status("Connecting $clientip  ($clientname))"); 
 6593: 	    my $remotereq=<$client>;
 6594: 	    chomp($remotereq);
 6595: 	    Debug("Got init: $remotereq");
 6596: 
 6597: 	    if ($remotereq =~ /^init/) {
 6598: 		&sethost("sethost:$perlvar{'lonHostID'}");
 6599: 		#
 6600: 		#  If the remote is attempting a local init... give that a try:
 6601: 		#
 6602:         logthis("remotereq: $remotereq");
 6603: 		(my $i, my $inittype, $clientversion) = split(/:/, $remotereq);
 6604:         # For LON-CAPA 2.9, the  client session will have sent its LON-CAPA
 6605:         # version when initiating the connection. For LON-CAPA 2.8 and older,
 6606:         # the version is retrieved from the global %loncaparevs in lonnet.pm.            
 6607:         # $clientversion contains path to keyfile if $inittype eq 'local'
 6608:         # it's overridden below in this case
 6609:         $clientversion ||= $Apache::lonnet::loncaparevs{$clientname};
 6610: 
 6611: 		# If the connection type is ssl, but I didn't get my
 6612: 		# certificate files yet, then I'll drop  back to 
 6613: 		# insecure (if allowed).
 6614: 		
 6615: 		if($inittype eq "ssl") {
 6616: 		    my ($ca, $cert) = lonssl::CertificateFile;
 6617: 		    my $kfile       = lonssl::KeyFile;
 6618: 		    if((!$ca)   || 
 6619: 		       (!$cert) || 
 6620: 		       (!$kfile)) {
 6621: 			$inittype = ""; # This forces insecure attempt.
 6622: 			&logthis("<font color=\"blue\"> Certificates not "
 6623: 				 ."installed -- trying insecure auth</font>");
 6624: 		    } else {	# SSL certificates are in place so
 6625: 		    }		# Leave the inittype alone.
 6626: 		}
 6627: 
 6628: 		if($inittype eq "local") {
 6629:                     $clientversion = $perlvar{'lonVersion'};
 6630: 		    my $key = LocalConnection($client, $remotereq);
 6631: 		    if($key) {
 6632: 			Debug("Got local key $key");
 6633: 			$clientok     = 1;
 6634: 			my $cipherkey = pack("H32", $key);
 6635: 			$cipher       = new IDEA($cipherkey);
 6636: 			print $client "ok:local\n";
 6637: 			&logthis('<font color="green">'
 6638: 				 . "Successful local authentication </font>");
 6639: 			$keymode = "local"
 6640: 		    } else {
 6641: 			Debug("Failed to get local key");
 6642: 			$clientok = 0;
 6643: 			shutdown($client, 3);
 6644: 			close $client;
 6645: 		    }
 6646: 		} elsif ($inittype eq "ssl") {
 6647: 		    my $key = SSLConnection($client);
 6648: 		    if ($key) {
 6649: 			$clientok = 1;
 6650: 			my $cipherkey = pack("H32", $key);
 6651: 			$cipher       = new IDEA($cipherkey);
 6652: 			&logthis('<font color="green">'
 6653: 				 ."Successfull ssl authentication with $clientname </font>");
 6654: 			$keymode = "ssl";
 6655: 	     
 6656: 		    } else {
 6657: 			$clientok = 0;
 6658: 			close $client;
 6659: 		    }
 6660: 	   
 6661: 		} else {
 6662: 		    my $ok = InsecureConnection($client);
 6663: 		    if($ok) {
 6664: 			$clientok = 1;
 6665: 			&logthis('<font color="green">'
 6666: 				 ."Successful insecure authentication with $clientname </font>");
 6667: 			print $client "ok\n";
 6668: 			$keymode = "insecure";
 6669: 		    } else {
 6670: 			&logthis('<font color="yellow">'
 6671: 				  ."Attempted insecure connection disallowed </font>");
 6672: 			close $client;
 6673: 			$clientok = 0;
 6674: 			
 6675: 		    }
 6676: 		}
 6677: 	    } else {
 6678: 		&logthis(
 6679: 			 "<font color='blue'>WARNING: "
 6680: 			 ."$clientip failed to initialize: >$remotereq< </font>");
 6681: 		&status('No init '.$clientip);
 6682: 	    }
 6683: 	    
 6684: 	} else {
 6685: 	    &logthis(
 6686: 		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
 6687: 	    &status('Hung up on '.$clientip);
 6688: 	}
 6689:  
 6690: 	if ($clientok) {
 6691: # ---------------- New known client connecting, could mean machine online again
 6692: 	    if (&Apache::lonnet::get_host_ip($currenthostid) ne $clientip 
 6693: 		&& $clientip ne '127.0.0.1') {
 6694: 		&Apache::lonnet::reconlonc($clientname);
 6695: 	    }
 6696: 	    &logthis("<font color='green'>Established connection: $clientname</font>");
 6697: 	    &status('Will listen to '.$clientname);
 6698: # ------------------------------------------------------------ Process requests
 6699: 	    my $keep_going = 1;
 6700: 	    my $user_input;
 6701:             my $clienthost = &Apache::lonnet::hostname($clientname);
 6702:             my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost);
 6703:             $clienthomedom = &Apache::lonnet::host_domain($clientserverhomeID);
 6704: 	    while(($user_input = get_request) && $keep_going) {
 6705: 		alarm(120);
 6706: 		Debug("Main: Got $user_input\n");
 6707: 		$keep_going = &process_request($user_input);
 6708: 		alarm(0);
 6709: 		&status('Listening to '.$clientname." ($keymode)");	   
 6710: 	    }
 6711: 
 6712: # --------------------------------------------- client unknown or fishy, refuse
 6713: 	}  else {
 6714: 	    print $client "refused\n";
 6715: 	    $client->close();
 6716: 	    &logthis("<font color='blue'>WARNING: "
 6717: 		     ."Rejected client $clientip, closing connection</font>");
 6718: 	}
 6719:     }            
 6720:     
 6721: # =============================================================================
 6722:     
 6723:     &logthis("<font color='red'>CRITICAL: "
 6724: 	     ."Disconnect from $clientip ($clientname)</font>");    
 6725:     
 6726:     
 6727:     # this exit is VERY important, otherwise the child will become
 6728:     # a producer of more and more children, forking yourself into
 6729:     # process death.
 6730:     exit;
 6731:     
 6732: }
 6733: #
 6734: #   Determine if a user is an author for the indicated domain.
 6735: #
 6736: # Parameters:
 6737: #    domain          - domain to check in .
 6738: #    user            - Name of user to check.
 6739: #
 6740: # Return:
 6741: #     1             - User is an author for domain.
 6742: #     0             - User is not an author for domain.
 6743: sub is_author {
 6744:     my ($domain, $user) = @_;
 6745: 
 6746:     &Debug("is_author: $user @ $domain");
 6747: 
 6748:     my $hashref = &tie_user_hash($domain, $user, "roles",
 6749: 				 &GDBM_READER());
 6750: 
 6751:     #  Author role should show up as a key /domain/_au
 6752: 
 6753:     my $value;
 6754:     if ($hashref) {
 6755: 
 6756: 	my $key    = "/$domain/_au";
 6757: 	if (defined($hashref)) {
 6758: 	    $value = $hashref->{$key};
 6759: 	    if(!untie_user_hash($hashref)) {
 6760: 		return 'error: ' .  ($!+0)." untie (GDBM) Failed";
 6761: 	    }
 6762: 	}
 6763: 	
 6764: 	if(defined($value)) {
 6765: 	    &Debug("$user @ $domain is an author");
 6766: 	}
 6767:     } else {
 6768: 	return 'error: '.($!+0)." tie (GDBM) Failed";
 6769:     }
 6770: 
 6771:     return defined($value);
 6772: }
 6773: #
 6774: #   Checks to see if the input roleput request was to set
 6775: # an author role.  If so, creates construction space 
 6776: # Parameters:
 6777: #    request   - The request sent to the rolesput subchunk.
 6778: #                We're looking for  /domain/_au
 6779: #    domain    - The domain in which the user is having roles doctored.
 6780: #    user      - Name of the user for which the role is being put.
 6781: #    authtype  - The authentication type associated with the user.
 6782: #
 6783: sub manage_permissions {
 6784:     my ($request, $domain, $user, $authtype) = @_;
 6785:     # See if the request is of the form /$domain/_au
 6786:     if($request =~ /^(\/\Q$domain\E\/_au)$/) { # It's an author rolesput...
 6787:         my $path=$perlvar{'lonDocRoot'}."/priv/$domain";
 6788:         unless (-e $path) {        
 6789:            mkdir($path);
 6790:         }
 6791:         unless (-e $path.'/'.$user) {
 6792:            mkdir($path.'/'.$user);
 6793:         }
 6794:     }
 6795: }
 6796: 
 6797: 
 6798: #
 6799: #  Return the full path of a user password file, whether it exists or not.
 6800: # Parameters:
 6801: #   domain     - Domain in which the password file lives.
 6802: #   user       - name of the user.
 6803: # Returns:
 6804: #    Full passwd path:
 6805: #
 6806: sub password_path {
 6807:     my ($domain, $user) = @_;
 6808:     return &propath($domain, $user).'/passwd';
 6809: }
 6810: 
 6811: #   Password Filename
 6812: #   Returns the path to a passwd file given domain and user... only if
 6813: #  it exists.
 6814: # Parameters:
 6815: #   domain    - Domain in which to search.
 6816: #   user      - username.
 6817: # Returns:
 6818: #   - If the password file exists returns its path.
 6819: #   - If the password file does not exist, returns undefined.
 6820: #
 6821: sub password_filename {
 6822:     my ($domain, $user) = @_;
 6823: 
 6824:     Debug ("PasswordFilename called: dom = $domain user = $user");
 6825: 
 6826:     my $path  = &password_path($domain, $user);
 6827:     Debug("PasswordFilename got path: $path");
 6828:     if(-e $path) {
 6829: 	return $path;
 6830:     } else {
 6831: 	return undef;
 6832:     }
 6833: }
 6834: 
 6835: #
 6836: #   Rewrite the contents of the user's passwd file.
 6837: #  Parameters:
 6838: #    domain    - domain of the user.
 6839: #    name      - User's name.
 6840: #    contents  - New contents of the file.
 6841: # Returns:
 6842: #   0    - Failed.
 6843: #   1    - Success.
 6844: #
 6845: sub rewrite_password_file {
 6846:     my ($domain, $user, $contents) = @_;
 6847: 
 6848:     my $file = &password_filename($domain, $user);
 6849:     if (defined $file) {
 6850: 	my $pf = IO::File->new(">$file");
 6851: 	if($pf) {
 6852: 	    print $pf "$contents\n";
 6853: 	    return 1;
 6854: 	} else {
 6855: 	    return 0;
 6856: 	}
 6857:     } else {
 6858: 	return 0;
 6859:     }
 6860: 
 6861: }
 6862: 
 6863: #
 6864: #   get_auth_type - Determines the authorization type of a user in a domain.
 6865: 
 6866: #     Returns the authorization type or nouser if there is no such user.
 6867: #
 6868: sub get_auth_type {
 6869:     my ($domain, $user)  = @_;
 6870: 
 6871:     Debug("get_auth_type( $domain, $user ) \n");
 6872:     my $proname    = &propath($domain, $user); 
 6873:     my $passwdfile = "$proname/passwd";
 6874:     if( -e $passwdfile ) {
 6875: 	my $pf = IO::File->new($passwdfile);
 6876: 	my $realpassword = <$pf>;
 6877: 	chomp($realpassword);
 6878: 	Debug("Password info = $realpassword\n");
 6879: 	my ($authtype, $contentpwd) = split(/:/, $realpassword);
 6880: 	Debug("Authtype = $authtype, content = $contentpwd\n");
 6881: 	return "$authtype:$contentpwd";     
 6882:     } else {
 6883: 	Debug("Returning nouser");
 6884: 	return "nouser";
 6885:     }
 6886: }
 6887: 
 6888: #
 6889: #  Validate a user given their domain, name and password.  This utility
 6890: #  function is used by both  AuthenticateHandler and ChangePasswordHandler
 6891: #  to validate the login credentials of a user.
 6892: # Parameters:
 6893: #    $domain    - The domain being logged into (this is required due to
 6894: #                 the capability for multihomed systems.
 6895: #    $user      - The name of the user being validated.
 6896: #    $password  - The user's propoposed password.
 6897: #
 6898: # Returns:
 6899: #     1        - The domain,user,pasword triplet corresponds to a valid
 6900: #                user.
 6901: #     0        - The domain,user,password triplet is not a valid user.
 6902: #
 6903: sub validate_user {
 6904:     my ($domain, $user, $password, $checkdefauth) = @_;
 6905: 
 6906:     # Why negative ~pi you may well ask?  Well this function is about
 6907:     # authentication, and therefore very important to get right.
 6908:     # I've initialized the flag that determines whether or not I've 
 6909:     # validated correctly to a value it's not supposed to get.
 6910:     # At the end of this function. I'll ensure that it's not still that
 6911:     # value so we don't just wind up returning some accidental value
 6912:     # as a result of executing an unforseen code path that
 6913:     # did not set $validated.  At the end of valid execution paths,
 6914:     # validated shoule be 1 for success or 0 for failuer.
 6915: 
 6916:     my $validated = -3.14159;
 6917: 
 6918:     #  How we authenticate is determined by the type of authentication
 6919:     #  the user has been assigned.  If the authentication type is
 6920:     #  "nouser", the user does not exist so we will return 0.
 6921: 
 6922:     my $contents = &get_auth_type($domain, $user);
 6923:     my ($howpwd, $contentpwd) = split(/:/, $contents);
 6924: 
 6925:     my $null = pack("C",0);	# Used by kerberos auth types.
 6926: 
 6927:     if ($howpwd eq 'nouser') {
 6928:         if ($checkdefauth) {
 6929:             my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
 6930:             if ($domdefaults{'auth_def'} eq 'localauth') {
 6931:                 $howpwd = $domdefaults{'auth_def'};
 6932:                 $contentpwd = $domdefaults{'auth_arg_def'};
 6933:             } elsif ((($domdefaults{'auth_def'} eq 'krb4') || 
 6934:                       ($domdefaults{'auth_def'} eq 'krb5')) &&
 6935:                      ($domdefaults{'auth_arg_def'} ne '')) {
 6936:                 $howpwd = $domdefaults{'auth_def'};
 6937:                 $contentpwd = $domdefaults{'auth_arg_def'}; 
 6938:             }
 6939:         }
 6940:     } 
 6941:     if ($howpwd ne 'nouser') {
 6942: 	if($howpwd eq "internal") { # Encrypted is in local password file.
 6943: 	    $validated = (crypt($password, $contentpwd) eq $contentpwd);
 6944: 	}
 6945: 	elsif ($howpwd eq "unix") { # User is a normal unix user.
 6946: 	    $contentpwd = (getpwnam($user))[1];
 6947: 	    if($contentpwd) {
 6948: 		if($contentpwd eq 'x') { # Shadow password file...
 6949: 		    my $pwauth_path = "/usr/local/sbin/pwauth";
 6950: 		    open PWAUTH,  "|$pwauth_path" or
 6951: 			die "Cannot invoke authentication";
 6952: 		    print PWAUTH "$user\n$password\n";
 6953: 		    close PWAUTH;
 6954: 		    $validated = ! $?;
 6955: 
 6956: 		} else { 	         # Passwords in /etc/passwd. 
 6957: 		    $validated = (crypt($password,
 6958: 					$contentpwd) eq $contentpwd);
 6959: 		}
 6960: 	    } else {
 6961: 		$validated = 0;
 6962: 	    }
 6963: 	} elsif ($howpwd eq "krb4") { # user is in kerberos 4 auth. domain.
 6964:             my $checkwithkrb5 = 0;
 6965:             if ($dist =~/^fedora(\d+)$/) {
 6966:                 if ($1 > 11) {
 6967:                     $checkwithkrb5 = 1;
 6968:                 }
 6969:             } elsif ($dist =~ /^suse([\d.]+)$/) {
 6970:                 if ($1 > 11.1) {
 6971:                     $checkwithkrb5 = 1; 
 6972:                 }
 6973:             }
 6974:             if ($checkwithkrb5) {
 6975:                 $validated = &krb5_authen($password,$null,$user,$contentpwd);
 6976:             } else {
 6977:                 $validated = &krb4_authen($password,$null,$user,$contentpwd);
 6978:             }
 6979: 	} elsif ($howpwd eq "krb5") { # User is in kerberos 5 auth. domain.
 6980:             $validated = &krb5_authen($password,$null,$user,$contentpwd);
 6981: 	} elsif ($howpwd eq "localauth") { 
 6982: 	    #  Authenticate via installation specific authentcation method:
 6983: 	    $validated = &localauth::localauth($user, 
 6984: 					       $password, 
 6985: 					       $contentpwd,
 6986: 					       $domain);
 6987: 	    if ($validated < 0) {
 6988: 		&logthis("localauth for $contentpwd $user:$domain returned a $validated");
 6989: 		$validated = 0;
 6990: 	    }
 6991: 	} else {			# Unrecognized auth is also bad.
 6992: 	    $validated = 0;
 6993: 	}
 6994:     } else {
 6995: 	$validated = 0;
 6996:     }
 6997:     #
 6998:     #  $validated has the correct stat of the authentication:
 6999:     #
 7000: 
 7001:     unless ($validated != -3.14159) {
 7002: 	#  I >really really< want to know if this happens.
 7003: 	#  since it indicates that user authentication is badly
 7004: 	#  broken in some code path.
 7005:         #
 7006: 	die "ValidateUser - failed to set the value of validated $domain, $user $password";
 7007:     }
 7008:     return $validated;
 7009: }
 7010: 
 7011: sub krb4_authen {
 7012:     my ($password,$null,$user,$contentpwd) = @_;
 7013:     my $validated = 0;
 7014:     if (!($password =~ /$null/) ) {  # Null password not allowed.
 7015:         eval {
 7016:             require Authen::Krb4;
 7017:         };
 7018:         if (!$@) {
 7019:             my $k4error = &Authen::Krb4::get_pw_in_tkt($user,
 7020:                                                        "",
 7021:                                                        $contentpwd,,
 7022:                                                        'krbtgt',
 7023:                                                        $contentpwd,
 7024:                                                        1,
 7025:                                                        $password);
 7026:             if(!$k4error) {
 7027:                 $validated = 1;
 7028:             } else {
 7029:                 $validated = 0;
 7030:                 &logthis('krb4: '.$user.', '.$contentpwd.', '.
 7031:                           &Authen::Krb4::get_err_txt($Authen::Krb4::error));
 7032:             }
 7033:         } else {
 7034:             $validated = krb5_authen($password,$null,$user,$contentpwd);
 7035:         }
 7036:     }
 7037:     return $validated;
 7038: }
 7039: 
 7040: sub krb5_authen {
 7041:     my ($password,$null,$user,$contentpwd) = @_;
 7042:     my $validated = 0;
 7043:     if(!($password =~ /$null/)) { # Null password not allowed.
 7044:         my $krbclient = &Authen::Krb5::parse_name($user.'@'
 7045:                                                   .$contentpwd);
 7046:         my $krbservice = "krbtgt/".$contentpwd."\@".$contentpwd;
 7047:         my $krbserver  = &Authen::Krb5::parse_name($krbservice);
 7048:         my $credentials= &Authen::Krb5::cc_default();
 7049:         $credentials->initialize(&Authen::Krb5::parse_name($user.'@'
 7050:                                                             .$contentpwd));
 7051:         my $krbreturn;
 7052:         if (exists(&Authen::Krb5::get_init_creds_password)) {
 7053:             $krbreturn =
 7054:                 &Authen::Krb5::get_init_creds_password($krbclient,$password,
 7055:                                                           $krbservice);
 7056:             $validated = (ref($krbreturn) eq 'Authen::Krb5::Creds');
 7057:         } else {
 7058:             $krbreturn  =
 7059:                 &Authen::Krb5::get_in_tkt_with_password($krbclient,$krbserver,
 7060:                                                          $password,$credentials);
 7061:             $validated = ($krbreturn == 1);
 7062:         }
 7063:         if (!$validated) {
 7064:             &logthis('krb5: '.$user.', '.$contentpwd.', '.
 7065:                      &Authen::Krb5::error());
 7066:         }
 7067:     }
 7068:     return $validated;
 7069: }
 7070: 
 7071: sub addline {
 7072:     my ($fname,$hostid,$ip,$newline)=@_;
 7073:     my $contents;
 7074:     my $found=0;
 7075:     my $expr='^'.quotemeta($hostid).':'.quotemeta($ip).':';
 7076:     my $sh;
 7077:     if ($sh=IO::File->new("$fname.subscription")) {
 7078: 	while (my $subline=<$sh>) {
 7079: 	    if ($subline !~ /$expr/) {$contents.= $subline;} else {$found=1;}
 7080: 	}
 7081: 	$sh->close();
 7082:     }
 7083:     $sh=IO::File->new(">$fname.subscription");
 7084:     if ($contents) { print $sh $contents; }
 7085:     if ($newline) { print $sh $newline; }
 7086:     $sh->close();
 7087:     return $found;
 7088: }
 7089: 
 7090: sub get_chat {
 7091:     my ($cdom,$cname,$udom,$uname,$group)=@_;
 7092: 
 7093:     my @entries=();
 7094:     my $namespace = 'nohist_chatroom';
 7095:     my $namespace_inroom = 'nohist_inchatroom';
 7096:     if ($group ne '') {
 7097:         $namespace .= '_'.$group;
 7098:         $namespace_inroom .= '_'.$group;
 7099:     }
 7100:     my $hashref = &tie_user_hash($cdom, $cname, $namespace,
 7101: 				 &GDBM_READER());
 7102:     if ($hashref) {
 7103: 	@entries=map { $_.':'.$hashref->{$_} } sort(keys(%$hashref));
 7104: 	&untie_user_hash($hashref);
 7105:     }
 7106:     my @participants=();
 7107:     my $cutoff=time-60;
 7108:     $hashref = &tie_user_hash($cdom, $cname, $namespace_inroom,
 7109: 			      &GDBM_WRCREAT());
 7110:     if ($hashref) {
 7111:         $hashref->{$uname.':'.$udom}=time;
 7112:         foreach my $user (sort(keys(%$hashref))) {
 7113: 	    if ($hashref->{$user}>$cutoff) {
 7114: 		push(@participants, 'active_participant:'.$user);
 7115:             }
 7116:         }
 7117:         &untie_user_hash($hashref);
 7118:     }
 7119:     return (@participants,@entries);
 7120: }
 7121: 
 7122: sub chat_add {
 7123:     my ($cdom,$cname,$newchat,$group)=@_;
 7124:     my @entries=();
 7125:     my $time=time;
 7126:     my $namespace = 'nohist_chatroom';
 7127:     my $logfile = 'chatroom.log';
 7128:     if ($group ne '') {
 7129:         $namespace .= '_'.$group;
 7130:         $logfile = 'chatroom_'.$group.'.log';
 7131:     }
 7132:     my $hashref = &tie_user_hash($cdom, $cname, $namespace,
 7133: 				 &GDBM_WRCREAT());
 7134:     if ($hashref) {
 7135: 	@entries=map { $_.':'.$hashref->{$_} } sort(keys(%$hashref));
 7136: 	my ($lastid)=($entries[$#entries]=~/^(\w+)\:/);
 7137: 	my ($thentime,$idnum)=split(/\_/,$lastid);
 7138: 	my $newid=$time.'_000000';
 7139: 	if ($thentime==$time) {
 7140: 	    $idnum=~s/^0+//;
 7141: 	    $idnum++;
 7142: 	    $idnum=substr('000000'.$idnum,-6,6);
 7143: 	    $newid=$time.'_'.$idnum;
 7144: 	}
 7145: 	$hashref->{$newid}=$newchat;
 7146: 	my $expired=$time-3600;
 7147: 	foreach my $comment (keys(%$hashref)) {
 7148: 	    my ($thistime) = ($comment=~/(\d+)\_/);
 7149: 	    if ($thistime<$expired) {
 7150: 		delete $hashref->{$comment};
 7151: 	    }
 7152: 	}
 7153: 	{
 7154: 	    my $proname=&propath($cdom,$cname);
 7155: 	    if (open(CHATLOG,">>$proname/$logfile")) { 
 7156: 		print CHATLOG ("$time:".&unescape($newchat)."\n");
 7157: 	    }
 7158: 	    close(CHATLOG);
 7159: 	}
 7160: 	&untie_user_hash($hashref);
 7161:     }
 7162: }
 7163: 
 7164: sub unsub {
 7165:     my ($fname,$clientip)=@_;
 7166:     my $result;
 7167:     my $unsubs = 0;		# Number of successful unsubscribes:
 7168: 
 7169: 
 7170:     # An old way subscriptions were handled was to have a 
 7171:     # subscription marker file:
 7172: 
 7173:     Debug("Attempting unlink of $fname.$clientname");
 7174:     if (unlink("$fname.$clientname")) {
 7175: 	$unsubs++;		# Successful unsub via marker file.
 7176:     } 
 7177: 
 7178:     # The more modern way to do it is to have a subscription list
 7179:     # file:
 7180: 
 7181:     if (-e "$fname.subscription") {
 7182: 	my $found=&addline($fname,$clientname,$clientip,'');
 7183: 	if ($found) { 
 7184: 	    $unsubs++;
 7185: 	}
 7186:     } 
 7187: 
 7188:     #  If either or both of these mechanisms succeeded in unsubscribing a 
 7189:     #  resource we can return ok:
 7190: 
 7191:     if($unsubs) {
 7192: 	$result = "ok\n";
 7193:     } else {
 7194: 	$result = "not_subscribed\n";
 7195:     }
 7196: 
 7197:     return $result;
 7198: }
 7199: 
 7200: sub currentversion {
 7201:     my $fname=shift;
 7202:     my $version=-1;
 7203:     my $ulsdir='';
 7204:     if ($fname=~/^(.+)\/[^\/]+$/) {
 7205:        $ulsdir=$1;
 7206:     }
 7207:     my ($fnamere1,$fnamere2);
 7208:     # remove version if already specified
 7209:     $fname=~s/\.\d+\.(\w+(?:\.meta)*)$/\.$1/;
 7210:     # get the bits that go before and after the version number
 7211:     if ( $fname=~/^(.*\.)(\w+(?:\.meta)*)$/ ) {
 7212: 	$fnamere1=$1;
 7213: 	$fnamere2='.'.$2;
 7214:     }
 7215:     if (-e $fname) { $version=1; }
 7216:     if (-e $ulsdir) {
 7217: 	if(-d $ulsdir) {
 7218: 	    if (opendir(LSDIR,$ulsdir)) {
 7219: 		my $ulsfn;
 7220: 		while ($ulsfn=readdir(LSDIR)) {
 7221: # see if this is a regular file (ignore links produced earlier)
 7222: 		    my $thisfile=$ulsdir.'/'.$ulsfn;
 7223: 		    unless (-l $thisfile) {
 7224: 			if ($thisfile=~/\Q$fnamere1\E(\d+)\Q$fnamere2\E$/) {
 7225: 			    if ($1>$version) { $version=$1; }
 7226: 			}
 7227: 		    }
 7228: 		}
 7229: 		closedir(LSDIR);
 7230: 		$version++;
 7231: 	    }
 7232: 	}
 7233:     }
 7234:     return $version;
 7235: }
 7236: 
 7237: sub thisversion {
 7238:     my $fname=shift;
 7239:     my $version=-1;
 7240:     if ($fname=~/\.(\d+)\.\w+(?:\.meta)*$/) {
 7241: 	$version=$1;
 7242:     }
 7243:     return $version;
 7244: }
 7245: 
 7246: sub subscribe {
 7247:     my ($userinput,$clientip)=@_;
 7248:     my $result;
 7249:     my ($cmd,$fname)=split(/:/,$userinput,2);
 7250:     my $ownership=&ishome($fname);
 7251:     if ($ownership eq 'owner') {
 7252: # explitly asking for the current version?
 7253:         unless (-e $fname) {
 7254:             my $currentversion=&currentversion($fname);
 7255: 	    if (&thisversion($fname)==$currentversion) {
 7256:                 if ($fname=~/^(.+)\.\d+\.(\w+(?:\.meta)*)$/) {
 7257: 		    my $root=$1;
 7258:                     my $extension=$2;
 7259:                     symlink($root.'.'.$extension,
 7260:                             $root.'.'.$currentversion.'.'.$extension);
 7261:                     unless ($extension=~/\.meta$/) {
 7262:                        symlink($root.'.'.$extension.'.meta',
 7263:                             $root.'.'.$currentversion.'.'.$extension.'.meta');
 7264: 		    }
 7265:                 }
 7266:             }
 7267:         }
 7268: 	if (-e $fname) {
 7269: 	    if (-d $fname) {
 7270: 		$result="directory\n";
 7271: 	    } else {
 7272: 		if (-e "$fname.$clientname") {&unsub($fname,$clientip);}
 7273: 		my $now=time;
 7274: 		my $found=&addline($fname,$clientname,$clientip,
 7275: 				   "$clientname:$clientip:$now\n");
 7276: 		if ($found) { $result="$fname\n"; }
 7277: 		# if they were subscribed to only meta data, delete that
 7278:                 # subscription, when you subscribe to a file you also get
 7279:                 # the metadata
 7280: 		unless ($fname=~/\.meta$/) { &unsub("$fname.meta",$clientip); }
 7281: 		$fname=~s/\/home\/httpd\/html\/res/raw/;
 7282:                 my $protocol = $Apache::lonnet::protocol{$perlvar{'lonHostID'}};
 7283:                 $protocol = 'http' if ($protocol ne 'https');
 7284: 		$fname=$protocol.'://'.&Apache::lonnet::hostname($perlvar{'lonHostID'})."/".$fname;
 7285: 		$result="$fname\n";
 7286: 	    }
 7287: 	} else {
 7288: 	    $result="not_found\n";
 7289: 	}
 7290:     } else {
 7291: 	$result="rejected\n";
 7292:     }
 7293:     return $result;
 7294: }
 7295: #  Change the passwd of a unix user.  The caller must have
 7296: #  first verified that the user is a loncapa user.
 7297: #
 7298: # Parameters:
 7299: #    user      - Unix user name to change.
 7300: #    pass      - New password for the user.
 7301: # Returns:
 7302: #    ok    - if success
 7303: #    other - Some meaningfule error message string.
 7304: # NOTE:
 7305: #    invokes a setuid script to change the passwd.
 7306: sub change_unix_password {
 7307:     my ($user, $pass) = @_;
 7308: 
 7309:     &Debug("change_unix_password");
 7310:     my $execdir=$perlvar{'lonDaemons'};
 7311:     &Debug("Opening lcpasswd pipeline");
 7312:     my $pf = IO::File->new("|$execdir/lcpasswd > "
 7313: 			   ."$perlvar{'lonDaemons'}"
 7314: 			   ."/logs/lcpasswd.log");
 7315:     print $pf "$user\n$pass\n$pass\n";
 7316:     close $pf;
 7317:     my $err = $?;
 7318:     return ($err < @passwderrors) ? $passwderrors[$err] : 
 7319: 	"pwchange_falure - unknown error";
 7320: 
 7321:     
 7322: }
 7323: 
 7324: 
 7325: sub make_passwd_file {
 7326:     my ($uname,$udom,$umode,$npass,$passfilename)=@_;
 7327:     my $result="ok";
 7328:     if ($umode eq 'krb4' or $umode eq 'krb5') {
 7329: 	{
 7330: 	    my $pf = IO::File->new(">$passfilename");
 7331: 	    if ($pf) {
 7332: 		print $pf "$umode:$npass\n";
 7333: 	    } else {
 7334: 		$result = "pass_file_failed_error";
 7335: 	    }
 7336: 	}
 7337:     } elsif ($umode eq 'internal') {
 7338: 	my $salt=time;
 7339: 	$salt=substr($salt,6,2);
 7340: 	my $ncpass=crypt($npass,$salt);
 7341: 	{
 7342: 	    &Debug("Creating internal auth");
 7343: 	    my $pf = IO::File->new(">$passfilename");
 7344: 	    if($pf) {
 7345: 		print $pf "internal:$ncpass\n"; 
 7346: 	    } else {
 7347: 		$result = "pass_file_failed_error";
 7348: 	    }
 7349: 	}
 7350:     } elsif ($umode eq 'localauth') {
 7351: 	{
 7352: 	    my $pf = IO::File->new(">$passfilename");
 7353: 	    if($pf) {
 7354: 		print $pf "localauth:$npass\n";
 7355: 	    } else {
 7356: 		$result = "pass_file_failed_error";
 7357: 	    }
 7358: 	}
 7359:     } elsif ($umode eq 'unix') {
 7360: 	&logthis(">>>Attempt to create unix account blocked -- unix auth not available for new users.");
 7361: 	$result="no_new_unix_accounts";
 7362:     } elsif ($umode eq 'none') {
 7363: 	{
 7364: 	    my $pf = IO::File->new("> $passfilename");
 7365: 	    if($pf) {
 7366: 		print $pf "none:\n";
 7367: 	    } else {
 7368: 		$result = "pass_file_failed_error";
 7369: 	    }
 7370: 	}
 7371:     } else {
 7372: 	$result="auth_mode_error";
 7373:     }
 7374:     return $result;
 7375: }
 7376: 
 7377: sub convert_photo {
 7378:     my ($start,$dest)=@_;
 7379:     system("convert $start $dest");
 7380: }
 7381: 
 7382: sub sethost {
 7383:     my ($remotereq) = @_;
 7384:     my (undef,$hostid)=split(/:/,$remotereq);
 7385:     # ignore sethost if we are already correct
 7386:     if ($hostid eq $currenthostid) {
 7387: 	return 'ok';
 7388:     }
 7389: 
 7390:     if (!defined($hostid)) { $hostid=$perlvar{'lonHostID'}; }
 7391:     if (&Apache::lonnet::get_host_ip($perlvar{'lonHostID'}) 
 7392: 	eq &Apache::lonnet::get_host_ip($hostid)) {
 7393: 	$currenthostid  =$hostid;
 7394: 	$currentdomainid=&Apache::lonnet::host_domain($hostid);
 7395: #	&logthis("Setting hostid to $hostid, and domain to $currentdomainid");
 7396:     } else {
 7397: 	&logthis("Requested host id $hostid not an alias of ".
 7398: 		 $perlvar{'lonHostID'}." refusing connection");
 7399: 	return 'unable_to_set';
 7400:     }
 7401:     return 'ok';
 7402: }
 7403: 
 7404: sub version {
 7405:     my ($userinput)=@_;
 7406:     $remoteVERSION=(split(/:/,$userinput))[1];
 7407:     return "version:$VERSION";
 7408: }
 7409: 
 7410: sub get_usersession_config {
 7411:     my ($dom,$name) = @_;
 7412:     my ($usersessionconf,$cached)=&Apache::lonnet::is_cached_new($name,$dom);
 7413:     if (defined($cached)) {
 7414:         return $usersessionconf;
 7415:     } else {
 7416:         my %domconfig = &Apache::lonnet::get_dom('configuration',['usersessions'],$dom);
 7417:         if (ref($domconfig{'usersessions'}) eq 'HASH') {
 7418:             &Apache::lonnet::do_cache_new($name,$dom,$domconfig{'usersessions'},3600);
 7419:             return $domconfig{'usersessions'};
 7420:         }
 7421:     }
 7422:     return;
 7423: }
 7424: 
 7425: 
 7426: 
 7427: 
 7428: sub distro_and_arch {
 7429:     return $dist.':'.$arch;
 7430: }
 7431: 
 7432: # ----------------------------------- POD (plain old documentation, CPAN style)
 7433: 
 7434: =head1 NAME
 7435: 
 7436: lond - "LON Daemon" Server (port "LOND" 5663)
 7437: 
 7438: =head1 SYNOPSIS
 7439: 
 7440: Usage: B<lond>
 7441: 
 7442: Should only be run as user=www.  This is a command-line script which
 7443: is invoked by B<loncron>.  There is no expectation that a typical user
 7444: will manually start B<lond> from the command-line.  (In other words,
 7445: DO NOT START B<lond> YOURSELF.)
 7446: 
 7447: =head1 DESCRIPTION
 7448: 
 7449: There are two characteristics associated with the running of B<lond>,
 7450: PROCESS MANAGEMENT (starting, stopping, handling child processes)
 7451: and SERVER-SIDE ACTIVITIES (password authentication, user creation,
 7452: subscriptions, etc).  These are described in two large
 7453: sections below.
 7454: 
 7455: B<PROCESS MANAGEMENT>
 7456: 
 7457: Preforker - server who forks first. Runs as a daemon. HUPs.
 7458: Uses IDEA encryption
 7459: 
 7460: B<lond> forks off children processes that correspond to the other servers
 7461: in the network.  Management of these processes can be done at the
 7462: parent process level or the child process level.
 7463: 
 7464: B<logs/lond.log> is the location of log messages.
 7465: 
 7466: The process management is now explained in terms of linux shell commands,
 7467: subroutines internal to this code, and signal assignments:
 7468: 
 7469: =over 4
 7470: 
 7471: =item *
 7472: 
 7473: PID is stored in B<logs/lond.pid>
 7474: 
 7475: This is the process id number of the parent B<lond> process.
 7476: 
 7477: =item *
 7478: 
 7479: SIGTERM and SIGINT
 7480: 
 7481: Parent signal assignment:
 7482:  $SIG{INT}  = $SIG{TERM} = \&HUNTSMAN;
 7483: 
 7484: Child signal assignment:
 7485:  $SIG{INT}  = 'DEFAULT'; (and SIGTERM is DEFAULT also)
 7486: (The child dies and a SIGALRM is sent to parent, awaking parent from slumber
 7487:  to restart a new child.)
 7488: 
 7489: Command-line invocations:
 7490:  B<kill> B<-s> SIGTERM I<PID>
 7491:  B<kill> B<-s> SIGINT I<PID>
 7492: 
 7493: Subroutine B<HUNTSMAN>:
 7494:  This is only invoked for the B<lond> parent I<PID>.
 7495: This kills all the children, and then the parent.
 7496: The B<lonc.pid> file is cleared.
 7497: 
 7498: =item *
 7499: 
 7500: SIGHUP
 7501: 
 7502: Current bug:
 7503:  This signal can only be processed the first time
 7504: on the parent process.  Subsequent SIGHUP signals
 7505: have no effect.
 7506: 
 7507: Parent signal assignment:
 7508:  $SIG{HUP}  = \&HUPSMAN;
 7509: 
 7510: Child signal assignment:
 7511:  none (nothing happens)
 7512: 
 7513: Command-line invocations:
 7514:  B<kill> B<-s> SIGHUP I<PID>
 7515: 
 7516: Subroutine B<HUPSMAN>:
 7517:  This is only invoked for the B<lond> parent I<PID>,
 7518: This kills all the children, and then the parent.
 7519: The B<lond.pid> file is cleared.
 7520: 
 7521: =item *
 7522: 
 7523: SIGUSR1
 7524: 
 7525: Parent signal assignment:
 7526:  $SIG{USR1} = \&USRMAN;
 7527: 
 7528: Child signal assignment:
 7529:  $SIG{USR1}= \&logstatus;
 7530: 
 7531: Command-line invocations:
 7532:  B<kill> B<-s> SIGUSR1 I<PID>
 7533: 
 7534: Subroutine B<USRMAN>:
 7535:  When invoked for the B<lond> parent I<PID>,
 7536: SIGUSR1 is sent to all the children, and the status of
 7537: each connection is logged.
 7538: 
 7539: =item *
 7540: 
 7541: SIGUSR2
 7542: 
 7543: Parent Signal assignment:
 7544:     $SIG{USR2} = \&UpdateHosts
 7545: 
 7546: Child signal assignment:
 7547:     NONE
 7548: 
 7549: 
 7550: =item *
 7551: 
 7552: SIGCHLD
 7553: 
 7554: Parent signal assignment:
 7555:  $SIG{CHLD} = \&REAPER;
 7556: 
 7557: Child signal assignment:
 7558:  none
 7559: 
 7560: Command-line invocations:
 7561:  B<kill> B<-s> SIGCHLD I<PID>
 7562: 
 7563: Subroutine B<REAPER>:
 7564:  This is only invoked for the B<lond> parent I<PID>.
 7565: Information pertaining to the child is removed.
 7566: The socket port is cleaned up.
 7567: 
 7568: =back
 7569: 
 7570: B<SERVER-SIDE ACTIVITIES>
 7571: 
 7572: Server-side information can be accepted in an encrypted or non-encrypted
 7573: method.
 7574: 
 7575: =over 4
 7576: 
 7577: =item ping
 7578: 
 7579: Query a client in the hosts.tab table; "Are you there?"
 7580: 
 7581: =item pong
 7582: 
 7583: Respond to a ping query.
 7584: 
 7585: =item ekey
 7586: 
 7587: Read in encrypted key, make cipher.  Respond with a buildkey.
 7588: 
 7589: =item load
 7590: 
 7591: Respond with CPU load based on a computation upon /proc/loadavg.
 7592: 
 7593: =item currentauth
 7594: 
 7595: Reply with current authentication information (only over an
 7596: encrypted channel).
 7597: 
 7598: =item auth
 7599: 
 7600: Only over an encrypted channel, reply as to whether a user's
 7601: authentication information can be validated.
 7602: 
 7603: =item passwd
 7604: 
 7605: Allow for a password to be set.
 7606: 
 7607: =item makeuser
 7608: 
 7609: Make a user.
 7610: 
 7611: =item passwd
 7612: 
 7613: Allow for authentication mechanism and password to be changed.
 7614: 
 7615: =item home
 7616: 
 7617: Respond to a question "are you the home for a given user?"
 7618: 
 7619: =item update
 7620: 
 7621: Update contents of a subscribed resource.
 7622: 
 7623: =item unsubscribe
 7624: 
 7625: The server is unsubscribing from a resource.
 7626: 
 7627: =item subscribe
 7628: 
 7629: The server is subscribing to a resource.
 7630: 
 7631: =item log
 7632: 
 7633: Place in B<logs/lond.log>
 7634: 
 7635: =item put
 7636: 
 7637: stores hash in namespace
 7638: 
 7639: =item rolesput
 7640: 
 7641: put a role into a user's environment
 7642: 
 7643: =item get
 7644: 
 7645: returns hash with keys from array
 7646: reference filled in from namespace
 7647: 
 7648: =item eget
 7649: 
 7650: returns hash with keys from array
 7651: reference filled in from namesp (encrypts the return communication)
 7652: 
 7653: =item rolesget
 7654: 
 7655: get a role from a user's environment
 7656: 
 7657: =item del
 7658: 
 7659: deletes keys out of array from namespace
 7660: 
 7661: =item keys
 7662: 
 7663: returns namespace keys
 7664: 
 7665: =item dump
 7666: 
 7667: dumps the complete (or key matching regexp) namespace into a hash
 7668: 
 7669: =item store
 7670: 
 7671: stores hash permanently
 7672: for this url; hashref needs to be given and should be a \%hashname; the
 7673: remaining args aren't required and if they aren't passed or are '' they will
 7674: be derived from the ENV
 7675: 
 7676: =item restore
 7677: 
 7678: returns a hash for a given url
 7679: 
 7680: =item querysend
 7681: 
 7682: Tells client about the lonsql process that has been launched in response
 7683: to a sent query.
 7684: 
 7685: =item queryreply
 7686: 
 7687: Accept information from lonsql and make appropriate storage in temporary
 7688: file space.
 7689: 
 7690: =item idput
 7691: 
 7692: Defines usernames as corresponding to IDs.  (These "IDs" are unique identifiers
 7693: for each student, defined perhaps by the institutional Registrar.)
 7694: 
 7695: =item idget
 7696: 
 7697: Returns usernames corresponding to IDs.  (These "IDs" are unique identifiers
 7698: for each student, defined perhaps by the institutional Registrar.)
 7699: 
 7700: =item tmpput
 7701: 
 7702: Accept and store information in temporary space.
 7703: 
 7704: =item tmpget
 7705: 
 7706: Send along temporarily stored information.
 7707: 
 7708: =item ls
 7709: 
 7710: List part of a user's directory.
 7711: 
 7712: =item pushtable
 7713: 
 7714: Pushes a file in /home/httpd/lonTab directory.  Currently limited to:
 7715: hosts.tab and domain.tab. The old file is copied to  *.tab.backup but
 7716: must be restored manually in case of a problem with the new table file.
 7717: pushtable requires that the request be encrypted and validated via
 7718: ValidateManager.  The form of the command is:
 7719: enc:pushtable tablename <tablecontents> \n
 7720: where pushtable, tablename and <tablecontents> will be encrypted, but \n is a 
 7721: cleartext newline.
 7722: 
 7723: =item Hanging up (exit or init)
 7724: 
 7725: What to do when a client tells the server that they (the client)
 7726: are leaving the network.
 7727: 
 7728: =item unknown command
 7729: 
 7730: If B<lond> is sent an unknown command (not in the list above),
 7731: it replys to the client "unknown_cmd".
 7732: 
 7733: 
 7734: =item UNKNOWN CLIENT
 7735: 
 7736: If the anti-spoofing algorithm cannot verify the client,
 7737: the client is rejected (with a "refused" message sent
 7738: to the client, and the connection is closed.
 7739: 
 7740: =back
 7741: 
 7742: =head1 PREREQUISITES
 7743: 
 7744: IO::Socket
 7745: IO::File
 7746: Apache::File
 7747: POSIX
 7748: Crypt::IDEA
 7749: LWP::UserAgent()
 7750: GDBM_File
 7751: Authen::Krb4
 7752: Authen::Krb5
 7753: 
 7754: =head1 COREQUISITES
 7755: 
 7756: none
 7757: 
 7758: =head1 OSNAMES
 7759: 
 7760: linux
 7761: 
 7762: =head1 SCRIPT CATEGORIES
 7763: 
 7764: Server/Process
 7765: 
 7766: =cut
 7767: 
 7768: 
 7769: =pod
 7770: 
 7771: =head1 LOG MESSAGES
 7772: 
 7773: The messages below can be emitted in the lond log.  This log is located
 7774: in ~httpd/perl/logs/lond.log  Many log messages have HTML encapsulation
 7775: to provide coloring if examined from inside a web page. Some do not.
 7776: Where color is used, the colors are; Red for sometihhng to get excited
 7777: about and to follow up on. Yellow for something to keep an eye on to
 7778: be sure it does not get worse, Green,and Blue for informational items.
 7779: 
 7780: In the discussions below, sometimes reference is made to ~httpd
 7781: when describing file locations.  There isn't really an httpd 
 7782: user, however there is an httpd directory that gets installed in the
 7783: place that user home directories go.  On linux, this is usually
 7784: (always?) /home/httpd.
 7785: 
 7786: 
 7787: Some messages are colorless.  These are usually (not always)
 7788: Green/Blue color level messages.
 7789: 
 7790: =over 2
 7791: 
 7792: =item (Red)  LocalConnection rejecting non local: <ip> ne 127.0.0.1
 7793: 
 7794: A local connection negotiation was attempted by
 7795: a host whose IP address was not 127.0.0.1.
 7796: The socket is closed and the child will exit.
 7797: lond has three ways to establish an encyrption
 7798: key with a client:
 7799: 
 7800: =over 2
 7801: 
 7802: =item local 
 7803: 
 7804: The key is written and read from a file.
 7805: This is only valid for connections from localhost.
 7806: 
 7807: =item insecure 
 7808: 
 7809: The key is generated by the server and
 7810: transmitted to the client.
 7811: 
 7812: =item  ssl (secure)
 7813: 
 7814: An ssl connection is negotiated with the client,
 7815: the key is generated by the server and sent to the 
 7816: client across this ssl connection before the
 7817: ssl connectionis terminated and clear text
 7818: transmission resumes.
 7819: 
 7820: =back
 7821: 
 7822: =item (Red) LocalConnection: caller is insane! init = <init> and type = <type>
 7823: 
 7824: The client is local but has not sent an initialization
 7825: string that is the literal "init:local"  The connection
 7826: is closed and the child exits.
 7827: 
 7828: =item Red CRITICAL Can't get key file <error>        
 7829: 
 7830: SSL key negotiation is being attempted but the call to
 7831: lonssl::KeyFile  failed.  This usually means that the
 7832: configuration file is not correctly defining or protecting
 7833: the directories/files lonCertificateDirectory or
 7834: lonnetPrivateKey
 7835: <error> is a string that describes the reason that
 7836: the key file could not be located.
 7837: 
 7838: =item (Red) CRITICAL  Can't get certificates <error>  
 7839: 
 7840: SSL key negotiation failed because we were not able to retrives our certificate
 7841: or the CA's certificate in the call to lonssl::CertificateFile
 7842: <error> is the textual reason this failed.  Usual reasons:
 7843: 
 7844: =over 2
 7845: 
 7846: =item Apache config file for loncapa  incorrect:
 7847: 
 7848: one of the variables 
 7849: lonCertificateDirectory, lonnetCertificateAuthority, or lonnetCertificate
 7850: undefined or incorrect
 7851: 
 7852: =item Permission error:
 7853: 
 7854: The directory pointed to by lonCertificateDirectory is not readable by lond
 7855: 
 7856: =item Permission error:
 7857: 
 7858: Files in the directory pointed to by lonCertificateDirectory are not readable by lond.
 7859: 
 7860: =item Installation error:                         
 7861: 
 7862: Either the certificate authority file or the certificate have not
 7863: been installed in lonCertificateDirectory.
 7864: 
 7865: =item (Red) CRITICAL SSL Socket promotion failed:  <err> 
 7866: 
 7867: The promotion of the connection from plaintext to SSL failed
 7868: <err> is the reason for the failure.  There are two
 7869: system calls involved in the promotion (one of which failed), 
 7870: a dup to produce
 7871: a second fd on the raw socket over which the encrypted data
 7872: will flow and IO::SOcket::SSL->new_from_fd which creates
 7873: the SSL connection on the duped fd.
 7874: 
 7875: =item (Blue)   WARNING client did not respond to challenge 
 7876: 
 7877: This occurs on an insecure (non SSL) connection negotiation request.
 7878: lond generates some number from the time, the PID and sends it to
 7879: the client.  The client must respond by echoing this information back.
 7880: If the client does not do so, that's a violation of the challenge
 7881: protocols and the connection will be failed.
 7882: 
 7883: =item (Red) No manager table. Nobody can manage!!    
 7884: 
 7885: lond has the concept of privileged hosts that
 7886: can perform remote management function such
 7887: as update the hosts.tab.   The manager hosts
 7888: are described in the 
 7889: ~httpd/lonTabs/managers.tab file.
 7890: this message is logged if this file is missing.
 7891: 
 7892: 
 7893: =item (Green) Registering manager <dnsname> as <cluster_name> with <ipaddress>
 7894: 
 7895: Reports the successful parse and registration
 7896: of a specific manager. 
 7897: 
 7898: =item Green existing host <clustername:dnsname>  
 7899: 
 7900: The manager host is already defined in the hosts.tab
 7901: the information in that table, rather than the info in the
 7902: manager table will be used to determine the manager's ip.
 7903: 
 7904: =item (Red) Unable to craete <filename>                 
 7905: 
 7906: lond has been asked to create new versions of an administrative
 7907: file (by a manager).  When this is done, the new file is created
 7908: in a temp file and then renamed into place so that there are always
 7909: usable administrative files, even if the update fails.  This failure
 7910: message means that the temp file could not be created.
 7911: The update is abandoned, and the old file is available for use.
 7912: 
 7913: =item (Green) CopyFile from <oldname> to <newname> failed
 7914: 
 7915: In an update of administrative files, the copy of the existing file to a
 7916: backup file failed.  The installation of the new file may still succeed,
 7917: but there will not be a back up file to rever to (this should probably
 7918: be yellow).
 7919: 
 7920: =item (Green) Pushfile: backed up <oldname> to <newname>
 7921: 
 7922: See above, the backup of the old administrative file succeeded.
 7923: 
 7924: =item (Red)  Pushfile: Unable to install <filename> <reason>
 7925: 
 7926: The new administrative file could not be installed.  In this case,
 7927: the old administrative file is still in use.
 7928: 
 7929: =item (Green) Installed new < filename>.                      
 7930: 
 7931: The new administrative file was successfullly installed.                                               
 7932: 
 7933: =item (Red) Reinitializing lond pid=<pid>                    
 7934: 
 7935: The lonc child process <pid> will be sent a USR2 
 7936: signal.
 7937: 
 7938: =item (Red) Reinitializing self                                    
 7939: 
 7940: We've been asked to re-read our administrative files,and
 7941: are doing so.
 7942: 
 7943: =item (Yellow) error:Invalid process identifier <ident>  
 7944: 
 7945: A reinit command was received, but the target part of the 
 7946: command was not valid.  It must be either
 7947: 'lond' or 'lonc' but was <ident>
 7948: 
 7949: =item (Green) isValideditCommand checking: Command = <command> Key = <key> newline = <newline>
 7950: 
 7951: Checking to see if lond has been handed a valid edit
 7952: command.  It is possible the edit command is not valid
 7953: in that case there are no log messages to indicate that.
 7954: 
 7955: =item Result of password change for  <username> pwchange_success
 7956: 
 7957: The password for <username> was
 7958: successfully changed.
 7959: 
 7960: =item Unable to open <user> passwd to change password
 7961: 
 7962: Could not rewrite the 
 7963: internal password file for a user
 7964: 
 7965: =item Result of password change for <user> : <result>
 7966: 
 7967: A unix password change for <user> was attempted 
 7968: and the pipe returned <result>  
 7969: 
 7970: =item LWP GET: <message> for <fname> (<remoteurl>)
 7971: 
 7972: The lightweight process fetch for a resource failed
 7973: with <message> the local filename that should
 7974: have existed/been created was  <fname> the
 7975: corresponding URI: <remoteurl>  This is emitted in several
 7976: places.
 7977: 
 7978: =item Unable to move <transname> to <destname>     
 7979: 
 7980: From fetch_user_file_handler - the user file was replicated but could not
 7981: be mv'd to its final location.
 7982: 
 7983: =item Looking for <domain> <username>              
 7984: 
 7985: From user_has_session_handler - This should be a Debug call instead
 7986: it indicates lond is about to check whether the specified user has a 
 7987: session active on the specified domain on the local host.
 7988: 
 7989: =item Client <ip> (<name>) hanging up: <input>     
 7990: 
 7991: lond has been asked to exit by its client.  The <ip> and <name> identify the
 7992: client systemand <input> is the full exit command sent to the server.
 7993: 
 7994: =item Red CRITICAL: ABNORMAL EXIT. child <pid> for server <hostname> died through a crass with this error->[<message>].
 7995: 
 7996: A lond child terminated.  NOte that this termination can also occur when the
 7997: child receives the QUIT or DIE signals.  <pid> is the process id of the child,
 7998: <hostname> the host lond is working for, and <message> the reason the child died
 7999: to the best of our ability to get it (I would guess that any numeric value
 8000: represents and errno value).  This is immediately followed by
 8001: 
 8002: =item  Famous last words: Catching exception - <log> 
 8003: 
 8004: Where log is some recent information about the state of the child.
 8005: 
 8006: =item Red CRITICAL: TIME OUT <pid>                     
 8007: 
 8008: Some timeout occured for server <pid>.  THis is normally a timeout on an LWP
 8009: doing an HTTP::GET.
 8010: 
 8011: =item child <pid> died                              
 8012: 
 8013: The reaper caught a SIGCHILD for the lond child process <pid>
 8014: This should be modified to also display the IP of the dying child
 8015: $children{$pid}
 8016: 
 8017: =item Unknown child 0 died                           
 8018: A child died but the wait for it returned a pid of zero which really should not
 8019: ever happen. 
 8020: 
 8021: =item Child <which> - <pid> looks like we missed it's death 
 8022: 
 8023: When a sigchild is received, the reaper process checks all children to see if they are
 8024: alive.  If children are dying quite quickly, the lack of signal queuing can mean
 8025: that a signal hearalds the death of more than one child.  If so this message indicates
 8026: which other one died. <which> is the ip of a dead child
 8027: 
 8028: =item Free socket: <shutdownretval>                
 8029: 
 8030: The HUNTSMAN sub was called due to a SIGINT in a child process.  The socket is being shutdown.
 8031: for whatever reason, <shutdownretval> is printed but in fact shutdown() is not documented
 8032: to return anything. This is followed by: 
 8033: 
 8034: =item Red CRITICAL: Shutting down                       
 8035: 
 8036: Just prior to exit.
 8037: 
 8038: =item Free socket: <shutdownretval>                 
 8039: 
 8040: The HUPSMAN sub was called due to a SIGHUP.  all children get killsed, and lond execs itself.
 8041: This is followed by:
 8042: 
 8043: =item (Red) CRITICAL: Restarting                         
 8044: 
 8045: lond is about to exec itself to restart.
 8046: 
 8047: =item (Blue) Updating connections                        
 8048: 
 8049: (In response to a USR2).  All the children (except the one for localhost)
 8050: are about to be killed, the hosts tab reread, and Apache reloaded via apachereload.
 8051: 
 8052: =item (Blue) UpdateHosts killing child <pid> for ip <ip>   
 8053: 
 8054: Due to USR2 as above.
 8055: 
 8056: =item (Green) keeping child for ip <ip> (pid = <pid>)    
 8057: 
 8058: In response to USR2 as above, the child indicated is not being restarted because
 8059: it's assumed that we'll always need a child for the localhost.
 8060: 
 8061: 
 8062: =item Going to check on the children                
 8063: 
 8064: Parent is about to check on the health of the child processes.
 8065: Note that this is in response to a USR1 sent to the parent lond.
 8066: there may be one or more of the next two messages:
 8067: 
 8068: =item <pid> is dead                                 
 8069: 
 8070: A child that we have in our child hash as alive has evidently died.
 8071: 
 8072: =item  Child <pid> did not respond                   
 8073: 
 8074: In the health check the child <pid> did not update/produce a pid_.txt
 8075: file when sent it's USR1 signal.  That process is killed with a 9 signal, as it's
 8076: assumed to be hung in some un-fixable way.
 8077: 
 8078: =item Finished checking children                   
 8079: 
 8080: Master processs's USR1 processing is cojmplete.
 8081: 
 8082: =item (Red) CRITICAL: ------- Starting ------            
 8083: 
 8084: (There are more '-'s on either side).  Lond has forked itself off to 
 8085: form a new session and is about to start actual initialization.
 8086: 
 8087: =item (Green) Attempting to start child (<client>)       
 8088: 
 8089: Started a new child process for <client>.  Client is IO::Socket object
 8090: connected to the child.  This was as a result of a TCP/IP connection from a client.
 8091: 
 8092: =item Unable to determine who caller was, getpeername returned nothing
 8093: 
 8094: In child process initialization.  either getpeername returned undef or
 8095: a zero sized object was returned.  Processing continues, but in my opinion,
 8096: this should be cause for the child to exit.
 8097: 
 8098: =item Unable to determine clientip                  
 8099: 
 8100: In child process initialization.  The peer address from getpeername was not defined.
 8101: The client address is stored as "Unavailable" and processing continues.
 8102: 
 8103: =item (Yellow) INFO: Connection <ip> <name> connection type = <type>
 8104: 
 8105: In child initialization.  A good connectionw as received from <ip>.
 8106: 
 8107: =over 2
 8108: 
 8109: =item <name> 
 8110: 
 8111: is the name of the client from hosts.tab.
 8112: 
 8113: =item <type> 
 8114: 
 8115: Is the connection type which is either 
 8116: 
 8117: =over 2
 8118: 
 8119: =item manager 
 8120: 
 8121: The connection is from a manager node, not in hosts.tab
 8122: 
 8123: =item client  
 8124: 
 8125: the connection is from a non-manager in the hosts.tab
 8126: 
 8127: =item both
 8128: 
 8129: The connection is from a manager in the hosts.tab.
 8130: 
 8131: =back
 8132: 
 8133: =back
 8134: 
 8135: =item (Blue) Certificates not installed -- trying insecure auth
 8136: 
 8137: One of the certificate file, key file or
 8138: certificate authority file could not be found for a client attempting
 8139: SSL connection intiation.  COnnection will be attemptied in in-secure mode.
 8140: (this would be a system with an up to date lond that has not gotten a 
 8141: certificate from us).
 8142: 
 8143: =item (Green)  Successful local authentication            
 8144: 
 8145: A local connection successfully negotiated the encryption key. 
 8146: In this case the IDEA key is in a file (that is hopefully well protected).
 8147: 
 8148: =item (Green) Successful ssl authentication with <client>  
 8149: 
 8150: The client (<client> is the peer's name in hosts.tab), has successfully
 8151: negotiated an SSL connection with this child process.
 8152: 
 8153: =item (Green) Successful insecure authentication with <client>
 8154: 
 8155: 
 8156: The client has successfully negotiated an  insecure connection withthe child process.
 8157: 
 8158: =item (Yellow) Attempted insecure connection disallowed    
 8159: 
 8160: The client attempted and failed to successfully negotiate a successful insecure
 8161: connection.  This can happen either because the variable londAllowInsecure is false
 8162: or undefined, or becuse the child did not successfully echo back the challenge
 8163: string.
 8164: 
 8165: 
 8166: =back
 8167: 
 8168: =back
 8169: 
 8170: 
 8171: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>