1: #!/usr/bin/perl
2: # The LearningOnline Network
3: # lond "LON Daemon" Server (port "LOND" 5663)
4: #
5: # $Id: lond,v 1.80 2002/05/11 21:24:56 harris41 Exp $
6: #
7: # Copyright Michigan State University Board of Trustees
8: #
9: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
10: #
11: # LON-CAPA is free software; you can redistribute it and/or modify
12: # it under the terms of the GNU General Public License as published by
13: # the Free Software Foundation; either version 2 of the License, or
14: # (at your option) any later version.
15: #
16: # LON-CAPA is distributed in the hope that it will be useful,
17: # but WITHOUT ANY WARRANTY; without even the implied warranty of
18: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19: # GNU General Public License for more details.
20: #
21: # You should have received a copy of the GNU General Public License
22: # along with LON-CAPA; if not, write to the Free Software
23: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24: #
25: # /home/httpd/html/adm/gpl.txt
26: #
27: # http://www.lon-capa.org/
28: #
29: # 5/26/99,6/4,6/10,6/11,6/14,6/15,6/26,6/28,6/30,
30: # 7/8,7/9,7/10,7/12,7/17,7/19,9/21,
31: # 10/7,10/8,10/9,10/11,10/13,10/15,11/4,11/16,
32: # 12/7,12/15,01/06,01/11,01/12,01/14,2/8,
33: # 03/07,05/31 Gerd Kortemeyer
34: # 06/26 Scott Harrison
35: # 06/29,06/30,07/14,07/15,07/17,07/20,07/25,09/18 Gerd Kortemeyer
36: # 12/05 Scott Harrison
37: # 12/05,12/13,12/29 Gerd Kortemeyer
38: # YEAR=2001
39: # Jan 01 Scott Harrison
40: # 02/12 Gerd Kortemeyer
41: # 03/15 Scott Harrison
42: # 03/24 Gerd Kortemeyer
43: # 04/02 Scott Harrison
44: # 05/11,05/28,08/30 Gerd Kortemeyer
45: # 9/30,10/22,11/13,11/15,11/16 Scott Harrison
46: # 11/26,11/27 Gerd Kortemeyer
47: # 12/20 Scott Harrison
48: # 12/22 Gerd Kortemeyer
49: # YEAR=2002
50: # 01/20/02,02/05 Gerd Kortemeyer
51: # 02/05 Guy Albertelli
52: # 02/07 Scott Harrison
53: # 02/12 Gerd Kortemeyer
54: # 02/19 Matthew Hall
55: # 02/25 Gerd Kortemeyer
56: # 05/11 Scott Harrison
57: ###
58:
59: # based on "Perl Cookbook" ISBN 1-56592-243-3
60: # preforker - server who forks first
61: # runs as a daemon
62: # HUPs
63: # uses IDEA encryption
64:
65: use lib '/home/httpd/lib/perl/';
66: use LONCAPA::Configuration;
67:
68: use IO::Socket;
69: use IO::File;
70: use Apache::File;
71: use Symbol;
72: use POSIX;
73: use Crypt::IDEA;
74: use LWP::UserAgent();
75: use GDBM_File;
76: use Authen::Krb4;
77: use lib '/home/httpd/lib/perl/';
78: use localauth;
79:
80: my $DEBUG = 0; # Non zero to enable debug log entries.
81:
82: my $status='';
83: my $lastlog='';
84:
85: # grabs exception and records it to log before exiting
86: sub catchexception {
87: my ($error)=@_;
88: $SIG{'QUIT'}='DEFAULT';
89: $SIG{__DIE__}='DEFAULT';
90: &logthis("<font color=red>CRITICAL: "
91: ."ABNORMAL EXIT. Child $$ for server $wasserver died through "
92: ."a crash with this error msg->[$error]</font>");
93: &logthis('Famous last words: '.$status.' - '.$lastlog);
94: if ($client) { print $client "error: $error\n"; }
95: $server->close();
96: die($error);
97: }
98:
99: sub timeout {
100: &logthis("<font color=ref>CRITICAL: TIME OUT ".$$."</font>");
101: &catchexception('Timeout');
102: }
103: # -------------------------------- Set signal handlers to record abnormal exits
104:
105: $SIG{'QUIT'}=\&catchexception;
106: $SIG{__DIE__}=\&catchexception;
107:
108: # ------------------------------------------- Read access.conf and loncapa.conf
109: &status("Read access.conf and loncapa.conf");
110: my $perlvarref=LONCAPA::Configuration::read_conf('access.conf','loncapa.conf');
111: my %perlvar=%{$perlvarref};
112: undef $perlvarref;
113:
114: # ----------------------------- Make sure this process is running from user=www
115: my $wwwid=getpwnam('www');
116: if ($wwwid!=$<) {
117: $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
118: $subj="LON: $perlvar{'lonHostID'} User ID mismatch";
119: system("echo 'User ID mismatch. lond must be run as user www.' |\
120: mailto $emailto -s '$subj' > /dev/null");
121: exit 1;
122: }
123:
124: # --------------------------------------------- Check if other instance running
125:
126: my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
127:
128: if (-e $pidfile) {
129: my $lfh=IO::File->new("$pidfile");
130: my $pide=<$lfh>;
131: chomp($pide);
132: if (kill 0 => $pide) { die "already running"; }
133: }
134:
135: $PREFORK=4; # number of children to maintain, at least four spare
136:
137: # ------------------------------------------------------------- Read hosts file
138:
139: open (CONFIG,"$perlvar{'lonTabDir'}/hosts.tab") || die "Can't read host file";
140:
141: while ($configline=<CONFIG>) {
142: my ($id,$domain,$role,$name,$ip)=split(/:/,$configline);
143: chomp($ip); $ip=~s/\D+$//;
144: $hostid{$ip}=$id;
145: if ($id eq $perlvar{'lonHostID'}) { $thisserver=$name; }
146: $PREFORK++;
147: }
148: close(CONFIG);
149:
150: # establish SERVER socket, bind and listen.
151: $server = IO::Socket::INET->new(LocalPort => $perlvar{'londPort'},
152: Type => SOCK_STREAM,
153: Proto => 'tcp',
154: Reuse => 1,
155: Listen => 10 )
156: or die "making socket: $@\n";
157:
158: # --------------------------------------------------------- Do global variables
159:
160: # global variables
161:
162: $MAX_CLIENTS_PER_CHILD = 50; # number of clients each child should
163: # process
164: %children = (); # keys are current child process IDs
165: $children = 0; # current number of children
166:
167: sub REAPER { # takes care of dead children
168: $SIG{CHLD} = \&REAPER;
169: my $pid = wait;
170: if (defined($children{$pid})) {
171: &logthis("Child $pid died");
172: $children --;
173: delete $children{$pid};
174: } else {
175: &logthis("Unknown Child $pid died");
176: }
177: }
178:
179: sub HUNTSMAN { # signal handler for SIGINT
180: local($SIG{CHLD}) = 'IGNORE'; # we're going to kill our children
181: kill 'INT' => keys %children;
182: &logthis("Free socket: ".shutdown($server,2)); # free up socket
183: my $execdir=$perlvar{'lonDaemons'};
184: unlink("$execdir/logs/lond.pid");
185: &logthis("<font color=red>CRITICAL: Shutting down</font>");
186: exit; # clean up with dignity
187: }
188:
189: sub HUPSMAN { # signal handler for SIGHUP
190: local($SIG{CHLD}) = 'IGNORE'; # we're going to kill our children
191: kill 'INT' => keys %children;
192: &logthis("Free socket: ".shutdown($server,2)); # free up socket
193: &logthis("<font color=red>CRITICAL: Restarting</font>");
194: unlink("$execdir/logs/lond.pid");
195: my $execdir=$perlvar{'lonDaemons'};
196: exec("$execdir/lond"); # here we go again
197: }
198:
199: sub checkchildren {
200: &initnewstatus();
201: &logstatus();
202: &logthis('Going to check on the children');
203: $docdir=$perlvar{'lonDocRoot'};
204: foreach (sort keys %children) {
205: sleep 1;
206: unless (kill 'USR1' => $_) {
207: &logthis ('Child '.$_.' is dead');
208: &logstatus($$.' is dead');
209: }
210: }
211: sleep 5;
212: foreach (sort keys %children) {
213: unless (-e "$docdir/lon-status/londchld/$_.txt") {
214: &logthis('Child '.$_.' did not respond');
215: kill 9 => $_;
216: $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
217: $subj="LON: $perlvar{'lonHostID'} killed lond process $_";
218: my $result=`echo 'Killed lond process $_.' | mailto $emailto -s '$subj' > /dev/null`;
219: $execdir=$perlvar{'lonDaemons'};
220: $result=`/bin/cp $execdir/logs/lond.log $execdir/logs/lond.log.$_`
221: }
222: }
223: }
224:
225: # --------------------------------------------------------------------- Logging
226:
227: sub logthis {
228: my $message=shift;
229: my $execdir=$perlvar{'lonDaemons'};
230: my $fh=IO::File->new(">>$execdir/logs/lond.log");
231: my $now=time;
232: my $local=localtime($now);
233: $lastlog=$local.': '.$message;
234: print $fh "$local ($$): $message\n";
235: }
236:
237: # ------------------------- Conditional log if $DEBUG true.
238: sub Debug {
239: my $message = shift;
240: if($DEBUG) {
241: &logthis($message);
242: }
243: }
244: # ------------------------------------------------------------------ Log status
245:
246: sub logstatus {
247: my $docdir=$perlvar{'lonDocRoot'};
248: {
249: my $fh=IO::File->new(">>$docdir/lon-status/londstatus.txt");
250: print $fh $$."\t".$status."\t".$lastlog."\n";
251: $fh->close();
252: }
253: {
254: my $fh=IO::File->new(">$docdir/lon-status/londchld/$$.txt");
255: print $fh $status."\n".$lastlog."\n".time;
256: $fh->close();
257: }
258: }
259:
260: sub initnewstatus {
261: my $docdir=$perlvar{'lonDocRoot'};
262: my $fh=IO::File->new(">$docdir/lon-status/londstatus.txt");
263: my $now=time;
264: my $local=localtime($now);
265: print $fh "LOND status $local - parent $$\n\n";
266: opendir(DIR,"$docdir/lon-status/londchld");
267: while ($filename=readdir(DIR)) {
268: unlink("$docdir/lon-status/londchld/$filename");
269: }
270: closedir(DIR);
271: }
272:
273: # -------------------------------------------------------------- Status setting
274:
275: sub status {
276: my $what=shift;
277: my $now=time;
278: my $local=localtime($now);
279: $status=$local.': '.$what;
280: }
281:
282: # -------------------------------------------------------- Escape Special Chars
283:
284: sub escape {
285: my $str=shift;
286: $str =~ s/(\W)/"%".unpack('H2',$1)/eg;
287: return $str;
288: }
289:
290: # ----------------------------------------------------- Un-Escape Special Chars
291:
292: sub unescape {
293: my $str=shift;
294: $str =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
295: return $str;
296: }
297:
298: # ----------------------------------------------------------- Send USR1 to lonc
299:
300: sub reconlonc {
301: my $peerfile=shift;
302: &logthis("Trying to reconnect for $peerfile");
303: my $loncfile="$perlvar{'lonDaemons'}/logs/lonc.pid";
304: if (my $fh=IO::File->new("$loncfile")) {
305: my $loncpid=<$fh>;
306: chomp($loncpid);
307: if (kill 0 => $loncpid) {
308: &logthis("lonc at pid $loncpid responding, sending USR1");
309: kill USR1 => $loncpid;
310: sleep 5;
311: if (-e "$peerfile") { return; }
312: &logthis("$peerfile still not there, give it another try");
313: sleep 10;
314: if (-e "$peerfile") { return; }
315: &logthis(
316: "<font color=blue>WARNING: $peerfile still not there, giving up</font>");
317: } else {
318: &logthis(
319: "<font color=red>CRITICAL: "
320: ."lonc at pid $loncpid not responding, giving up</font>");
321: }
322: } else {
323: &logthis('<font color=red>CRITICAL: lonc not running, giving up</font>');
324: }
325: }
326:
327: # -------------------------------------------------- Non-critical communication
328:
329: sub subreply {
330: my ($cmd,$server)=@_;
331: my $peerfile="$perlvar{'lonSockDir'}/$server";
332: my $sclient=IO::Socket::UNIX->new(Peer =>"$peerfile",
333: Type => SOCK_STREAM,
334: Timeout => 10)
335: or return "con_lost";
336: print $sclient "$cmd\n";
337: my $answer=<$sclient>;
338: chomp($answer);
339: if (!$answer) { $answer="con_lost"; }
340: return $answer;
341: }
342:
343: sub reply {
344: my ($cmd,$server)=@_;
345: my $answer;
346: if ($server ne $perlvar{'lonHostID'}) {
347: $answer=subreply($cmd,$server);
348: if ($answer eq 'con_lost') {
349: $answer=subreply("ping",$server);
350: if ($answer ne $server) {
351: &logthis("sub reply: answer != server");
352: &reconlonc("$perlvar{'lonSockDir'}/$server");
353: }
354: $answer=subreply($cmd,$server);
355: }
356: } else {
357: $answer='self_reply';
358: }
359: return $answer;
360: }
361:
362: # -------------------------------------------------------------- Talk to lonsql
363:
364: sub sqlreply {
365: my ($cmd)=@_;
366: my $answer=subsqlreply($cmd);
367: if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
368: return $answer;
369: }
370:
371: sub subsqlreply {
372: my ($cmd)=@_;
373: my $unixsock="mysqlsock";
374: my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
375: my $sclient=IO::Socket::UNIX->new(Peer =>"$peerfile",
376: Type => SOCK_STREAM,
377: Timeout => 10)
378: or return "con_lost";
379: print $sclient "$cmd\n";
380: my $answer=<$sclient>;
381: chomp($answer);
382: if (!$answer) { $answer="con_lost"; }
383: return $answer;
384: }
385:
386: # -------------------------------------------- Return path to profile directory
387:
388: sub propath {
389: my ($udom,$uname)=@_;
390: $udom=~s/\W//g;
391: $uname=~s/\W//g;
392: my $subdir=$uname.'__';
393: $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
394: my $proname="$perlvar{'lonUsersDir'}/$udom/$subdir/$uname";
395: return $proname;
396: }
397:
398: # --------------------------------------- Is this the home server of an author?
399:
400: sub ishome {
401: my $author=shift;
402: $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
403: my ($udom,$uname)=split(/\//,$author);
404: my $proname=propath($udom,$uname);
405: if (-e $proname) {
406: return 'owner';
407: } else {
408: return 'not_owner';
409: }
410: }
411:
412: # ======================================================= Continue main program
413: # ---------------------------------------------------- Fork once and dissociate
414:
415: $fpid=fork;
416: exit if $fpid;
417: die "Couldn't fork: $!" unless defined ($fpid);
418:
419: POSIX::setsid() or die "Can't start new session: $!";
420:
421: # ------------------------------------------------------- Write our PID on disk
422:
423: $execdir=$perlvar{'lonDaemons'};
424: open (PIDSAVE,">$execdir/logs/lond.pid");
425: print PIDSAVE "$$\n";
426: close(PIDSAVE);
427: &logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>");
428: &status('Starting');
429:
430: # ------------------------------------------------------- Now we are on our own
431:
432: # Fork off our children.
433: for (1 .. $PREFORK) {
434: make_new_child();
435: }
436:
437: # ----------------------------------------------------- Install signal handlers
438:
439: &status('Forked children');
440:
441: $SIG{CHLD} = \&REAPER;
442: $SIG{INT} = $SIG{TERM} = \&HUNTSMAN;
443: $SIG{HUP} = \&HUPSMAN;
444: $SIG{USR1} = \&checkchildren;
445:
446: # And maintain the population.
447: while (1) {
448: &status('Sleeping');
449: sleep; # wait for a signal (i.e., child's death)
450: &logthis('Woke up');
451: &status('Woke up');
452: for ($i = $children; $i < $PREFORK; $i++) {
453: make_new_child(); # top up the child pool
454: }
455: }
456:
457: sub make_new_child {
458: my $pid;
459: my $cipher;
460: my $sigset;
461: &logthis("Attempting to start child");
462: # block signal for fork
463: $sigset = POSIX::SigSet->new(SIGINT);
464: sigprocmask(SIG_BLOCK, $sigset)
465: or die "Can't block SIGINT for fork: $!\n";
466:
467: die "fork: $!" unless defined ($pid = fork);
468:
469: if ($pid) {
470: # Parent records the child's birth and returns.
471: sigprocmask(SIG_UNBLOCK, $sigset)
472: or die "Can't unblock SIGINT for fork: $!\n";
473: $children{$pid} = 1;
474: $children++;
475: &status('Started child '.$pid);
476: return;
477: } else {
478: # Child can *not* return from this subroutine.
479: $SIG{INT} = 'DEFAULT'; # make SIGINT kill us as it did before
480: $SIG{USR1}= \&logstatus;
481: $SIG{ALRM}= \&timeout;
482: $lastlog='Forked ';
483: $status='Forked';
484:
485: # unblock signals
486: sigprocmask(SIG_UNBLOCK, $sigset)
487: or die "Can't unblock SIGINT for fork: $!\n";
488:
489: $tmpsnum=0;
490:
491: # handle connections until we've reached $MAX_CLIENTS_PER_CHILD
492: for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) {
493: &status('Idle, waiting for connection');
494: $client = $server->accept() or last;
495: &status('Accepted connection');
496: # =============================================================================
497: # do something with the connection
498: # -----------------------------------------------------------------------------
499: # see if we know client and check for spoof IP by challenge
500: my $caller=getpeername($client);
501: my ($port,$iaddr)=unpack_sockaddr_in($caller);
502: my $clientip=inet_ntoa($iaddr);
503: my $clientrec=($hostid{$clientip} ne undef);
504: &logthis(
505: "<font color=yellow>INFO: Connection $i, $clientip ($hostid{$clientip})</font>"
506: );
507: &status("Connecting $clientip ($hostid{$clientip})");
508: my $clientok;
509: if ($clientrec) {
510: &status("Waiting for init from $clientip ($hostid{$clientip})");
511: my $remotereq=<$client>;
512: $remotereq=~s/\W//g;
513: if ($remotereq eq 'init') {
514: my $challenge="$$".time;
515: print $client "$challenge\n";
516: &status(
517: "Waiting for challenge reply from $clientip ($hostid{$clientip})");
518: $remotereq=<$client>;
519: $remotereq=~s/\W//g;
520: if ($challenge eq $remotereq) {
521: $clientok=1;
522: print $client "ok\n";
523: } else {
524: &logthis(
525: "<font color=blue>WARNING: $clientip did not reply challenge</font>");
526: &status('No challenge reply '.$clientip);
527: }
528: } else {
529: &logthis(
530: "<font color=blue>WARNING: "
531: ."$clientip failed to initialize: >$remotereq< </font>");
532: &status('No init '.$clientip);
533: }
534: } else {
535: &logthis(
536: "<font color=blue>WARNING: Unknown client $clientip</font>");
537: &status('Hung up on '.$clientip);
538: }
539: if ($clientok) {
540: # ---------------- New known client connecting, could mean machine online again
541:
542: &reconlonc("$perlvar{'lonSockDir'}/$hostid{$clientip}");
543: &logthis(
544: "<font color=green>Established connection: $hostid{$clientip}</font>");
545: &status('Will listen to '.$hostid{$clientip});
546: # ------------------------------------------------------------ Process requests
547: while (my $userinput=<$client>) {
548: chomp($userinput);
549: Debug("Request = $userinput\n");
550: &status('Processing '.$hostid{$clientip}.': '.$userinput);
551: my $wasenc=0;
552: alarm(120);
553: # ------------------------------------------------------------ See if encrypted
554: if ($userinput =~ /^enc/) {
555: if ($cipher) {
556: my ($cmd,$cmdlength,$encinput)=split(/:/,$userinput);
557: $userinput='';
558: for (my $encidx=0;$encidx<length($encinput);$encidx+=16) {
559: $userinput.=
560: $cipher->decrypt(
561: pack("H16",substr($encinput,$encidx,16))
562: );
563: }
564: $userinput=substr($userinput,0,$cmdlength);
565: $wasenc=1;
566: }
567: }
568:
569: # ------------------------------------------------------------- Normal commands
570: # ------------------------------------------------------------------------ ping
571: if ($userinput =~ /^ping/) {
572: print $client "$perlvar{'lonHostID'}\n";
573: # ------------------------------------------------------------------------ pong
574: } elsif ($userinput =~ /^pong/) {
575: $reply=reply("ping",$hostid{$clientip});
576: print $client "$perlvar{'lonHostID'}:$reply\n";
577: # ------------------------------------------------------------------------ ekey
578: } elsif ($userinput =~ /^ekey/) {
579: my $buildkey=time.$$.int(rand 100000);
580: $buildkey=~tr/1-6/A-F/;
581: $buildkey=int(rand 100000).$buildkey.int(rand 100000);
582: my $key=$perlvar{'lonHostID'}.$hostid{$clientip};
583: $key=~tr/a-z/A-Z/;
584: $key=~tr/G-P/0-9/;
585: $key=~tr/Q-Z/0-9/;
586: $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
587: $key=substr($key,0,32);
588: my $cipherkey=pack("H32",$key);
589: $cipher=new IDEA $cipherkey;
590: print $client "$buildkey\n";
591: # ------------------------------------------------------------------------ load
592: } elsif ($userinput =~ /^load/) {
593: my $loadavg;
594: {
595: my $loadfile=IO::File->new('/proc/loadavg');
596: $loadavg=<$loadfile>;
597: }
598: $loadavg =~ s/\s.*//g;
599: my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
600: print $client "$loadpercent\n";
601: # ----------------------------------------------------------------- currentauth
602: } elsif ($userinput =~ /^currentauth/) {
603: if ($wasenc==1) {
604: my ($cmd,$udom,$uname)=split(/:/,$userinput);
605: my $result = GetAuthType($udom, $uname);
606: if($result eq "nouser") {
607: print $client "unknown_user\n";
608: }
609: else {
610: print $client "$result\n"
611: }
612: } else {
613: print $client "refused\n";
614: }
615: # ------------------------------------------------------------------------ auth
616: } elsif ($userinput =~ /^auth/) {
617: if ($wasenc==1) {
618: my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
619: chomp($upass);
620: $upass=unescape($upass);
621: my $proname=propath($udom,$uname);
622: my $passfilename="$proname/passwd";
623: if (-e $passfilename) {
624: my $pf = IO::File->new($passfilename);
625: my $realpasswd=<$pf>;
626: chomp($realpasswd);
627: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
628: my $pwdcorrect=0;
629: if ($howpwd eq 'internal') {
630: $pwdcorrect=
631: (crypt($upass,$contentpwd) eq $contentpwd);
632: } elsif ($howpwd eq 'unix') {
633: $contentpwd=(getpwnam($uname))[1];
634: my $pwauth_path="/usr/local/sbin/pwauth";
635: unless ($contentpwd eq 'x') {
636: $pwdcorrect=
637: (crypt($upass,$contentpwd) eq $contentpwd);
638: }
639: elsif (-e $pwauth_path) {
640: open PWAUTH, "|$pwauth_path" or
641: die "Cannot invoke authentication";
642: print PWAUTH "$uname\n$upass\n";
643: close PWAUTH;
644: $pwdcorrect=!$?;
645: }
646: } elsif ($howpwd eq 'krb4') {
647: $null=pack("C",0);
648: unless ($upass=~/$null/) {
649: $pwdcorrect=(
650: Authen::Krb4::get_pw_in_tkt($uname,"",
651: $contentpwd,'krbtgt',$contentpwd,1,
652: $upass) == 0);
653: } else { $pwdcorrect=0; }
654: } elsif ($howpwd eq 'localauth') {
655: $pwdcorrect=&localauth::localauth($uname,$upass,
656: $contentpwd);
657: }
658: if ($pwdcorrect) {
659: print $client "authorized\n";
660: } else {
661: print $client "non_authorized\n";
662: }
663: } else {
664: print $client "unknown_user\n";
665: }
666: } else {
667: print $client "refused\n";
668: }
669: # ---------------------------------------------------------------------- passwd
670: } elsif ($userinput =~ /^passwd/) {
671: if ($wasenc==1) {
672: my
673: ($cmd,$udom,$uname,$upass,$npass)=split(/:/,$userinput);
674: chomp($npass);
675: $upass=&unescape($upass);
676: $npass=&unescape($npass);
677: &logthis("Trying to change password for $uname");
678: my $proname=propath($udom,$uname);
679: my $passfilename="$proname/passwd";
680: if (-e $passfilename) {
681: my $realpasswd;
682: { my $pf = IO::File->new($passfilename);
683: $realpasswd=<$pf>; }
684: chomp($realpasswd);
685: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
686: if ($howpwd eq 'internal') {
687: if (crypt($upass,$contentpwd) eq $contentpwd) {
688: my $salt=time;
689: $salt=substr($salt,6,2);
690: my $ncpass=crypt($npass,$salt);
691: { my $pf = IO::File->new(">$passfilename");
692: print $pf "internal:$ncpass\n"; }
693: &logthis("Result of password change for $uname: pwchange_success");
694: print $client "ok\n";
695: } else {
696: print $client "non_authorized\n";
697: }
698: } elsif ($howpwd eq 'unix') {
699: # Unix means we have to access /etc/password
700: # one way or another.
701: # First: Make sure the current password is
702: # correct
703: $contentpwd=(getpwnam($uname))[1];
704: my $pwdcorrect = "0";
705: my $pwauth_path="/usr/local/sbin/pwauth";
706: unless ($contentpwd eq 'x') {
707: $pwdcorrect=
708: (crypt($upass,$contentpwd) eq $contentpwd);
709: } elsif (-e $pwauth_path) {
710: open PWAUTH, "|$pwauth_path" or
711: die "Cannot invoke authentication";
712: print PWAUTH "$uname\n$upass\n";
713: close PWAUTH;
714: $pwdcorrect=!$?;
715: }
716: if ($pwdcorrect) {
717: my $execdir=$perlvar{'lonDaemons'};
718: my $pf = IO::File->new("|$execdir/lcpasswd");
719: print $pf "$uname\n$npass\n$npass\n";
720: close $pf;
721: my $result = ($?>0 ? 'pwchange_failure'
722: : 'ok');
723: &logthis("Result of password change for $uname: $result");
724: print $client "$result\n";
725: } else {
726: print $client "non_authorized\n";
727: }
728: } else {
729: print $client "auth_mode_error\n";
730: }
731: } else {
732: print $client "unknown_user\n";
733: }
734: } else {
735: print $client "refused\n";
736: }
737: # -------------------------------------------------------------------- makeuser
738: } elsif ($userinput =~ /^makeuser/) {
739: Debug("Make user received");
740: my $oldumask=umask(0077);
741: if ($wasenc==1) {
742: my
743: ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
744: &Debug("cmd =".$cmd." $udom =".$udom.
745: " uname=".$uname);
746: chomp($npass);
747: $npass=&unescape($npass);
748: my $proname=propath($udom,$uname);
749: my $passfilename="$proname/passwd";
750: &Debug("Password file created will be:".
751: $passfilename);
752: if (-e $passfilename) {
753: print $client "already_exists\n";
754: } elsif ($udom ne $perlvar{'lonDefDomain'}) {
755: print $client "not_right_domain\n";
756: } else {
757: @fpparts=split(/\//,$proname);
758: $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
759: $fperror='';
760: for ($i=3;$i<=$#fpparts;$i++) {
761: $fpnow.='/'.$fpparts[$i];
762: unless (-e $fpnow) {
763: unless (mkdir($fpnow,0777)) {
764: $fperror="error:$!";
765: }
766: }
767: }
768: unless ($fperror) {
769: if ($umode eq 'krb4') {
770: {
771: my $pf = IO::File->new(">$passfilename");
772: print $pf "krb4:$npass\n";
773: }
774: print $client "ok\n";
775: } elsif ($umode eq 'internal') {
776: my $salt=time;
777: $salt=substr($salt,6,2);
778: my $ncpass=crypt($npass,$salt);
779: {
780: &Debug("Creating internal auth");
781: my $pf = IO::File->new(">$passfilename");
782: print $pf "internal:$ncpass\n";
783: }
784: print $client "ok\n";
785: } elsif ($umode eq 'localauth') {
786: {
787: my $pf = IO::File->new(">$passfilename");
788: print $pf "localauth:$npass\n";
789: }
790: print $client "ok\n";
791: } elsif ($umode eq 'unix') {
792: {
793: my $execpath="$perlvar{'lonDaemons'}/".
794: "lcuseradd";
795: {
796: &Debug("Executing external: ".
797: $execpath);
798: my $se = IO::File->new("|$execpath");
799: print $se "$uname\n";
800: print $se "$npass\n";
801: print $se "$npass\n";
802: }
803: my $pf = IO::File->new(">$passfilename");
804: print $pf "unix:\n";
805: }
806: print $client "ok\n";
807: } elsif ($umode eq 'none') {
808: {
809: my $pf = IO::File->new(">$passfilename");
810: print $pf "none:\n";
811: }
812: print $client "ok\n";
813: } else {
814: print $client "auth_mode_error\n";
815: }
816: } else {
817: print $client "$fperror\n";
818: }
819: }
820: } else {
821: print $client "refused\n";
822: }
823: umask($oldumask);
824: # -------------------------------------------------------------- changeuserauth
825: } elsif ($userinput =~ /^changeuserauth/) {
826: &Debug("Changing authorization");
827: if ($wasenc==1) {
828: my
829: ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
830: chomp($npass);
831: &Debug("cmd = ".$cmd." domain= ".$udom.
832: "uname =".$uname." umode= ".$umode);
833: $npass=&unescape($npass);
834: my $proname=propath($udom,$uname);
835: my $passfilename="$proname/passwd";
836: if ($udom ne $perlvar{'lonDefDomain'}) {
837: print $client "not_right_domain\n";
838: } else {
839: if ($umode eq 'krb4') {
840: {
841: my $pf = IO::File->new(">$passfilename");
842: print $pf "krb4:$npass\n";
843: }
844: print $client "ok\n";
845: } elsif ($umode eq 'internal') {
846: my $salt=time;
847: $salt=substr($salt,6,2);
848: my $ncpass=crypt($npass,$salt);
849: {
850: my $pf = IO::File->new(">$passfilename");
851: print $pf "internal:$ncpass\n";
852: }
853: print $client "ok\n";
854: } elsif ($umode eq 'localauth') {
855: {
856: my $pf = IO::File->new(">$passfilename");
857: print $pf "localauth:$npass\n";
858: }
859: print $client "ok\n";
860: } elsif ($umode eq 'unix') {
861: {
862: my $execpath="$perlvar{'lonDaemons'}/".
863: "lcuseradd";
864: {
865: my $se = IO::File->new("|$execpath");
866: print $se "$uname\n";
867: print $se "$npass\n";
868: print $se "$npass\n";
869: }
870: my $pf = IO::File->new(">$passfilename");
871: print $pf "unix:\n";
872: }
873: print $client "ok\n";
874: } elsif ($umode eq 'none') {
875: {
876: my $pf = IO::File->new(">$passfilename");
877: print $pf "none:\n";
878: }
879: print $client "ok\n";
880: } else {
881: print $client "auth_mode_error\n";
882: }
883: }
884: } else {
885: print $client "refused\n";
886: }
887: # ------------------------------------------------------------------------ home
888: } elsif ($userinput =~ /^home/) {
889: my ($cmd,$udom,$uname)=split(/:/,$userinput);
890: chomp($uname);
891: my $proname=propath($udom,$uname);
892: if (-e $proname) {
893: print $client "found\n";
894: } else {
895: print $client "not_found\n";
896: }
897: # ---------------------------------------------------------------------- update
898: } elsif ($userinput =~ /^update/) {
899: my ($cmd,$fname)=split(/:/,$userinput);
900: my $ownership=ishome($fname);
901: if ($ownership eq 'not_owner') {
902: if (-e $fname) {
903: my ($dev,$ino,$mode,$nlink,
904: $uid,$gid,$rdev,$size,
905: $atime,$mtime,$ctime,
906: $blksize,$blocks)=stat($fname);
907: $now=time;
908: $since=$now-$atime;
909: if ($since>$perlvar{'lonExpire'}) {
910: $reply=
911: reply("unsub:$fname","$hostid{$clientip}");
912: unlink("$fname");
913: } else {
914: my $transname="$fname.in.transfer";
915: my $remoteurl=
916: reply("sub:$fname","$hostid{$clientip}");
917: my $response;
918: {
919: my $ua=new LWP::UserAgent;
920: my $request=new HTTP::Request('GET',"$remoteurl");
921: $response=$ua->request($request,$transname);
922: }
923: if ($response->is_error()) {
924: unlink($transname);
925: my $message=$response->status_line;
926: &logthis(
927: "LWP GET: $message for $fname ($remoteurl)");
928: } else {
929: if ($remoteurl!~/\.meta$/) {
930: my $ua=new LWP::UserAgent;
931: my $mrequest=
932: new HTTP::Request('GET',$remoteurl.'.meta');
933: my $mresponse=
934: $ua->request($mrequest,$fname.'.meta');
935: if ($mresponse->is_error()) {
936: unlink($fname.'.meta');
937: }
938: }
939: rename($transname,$fname);
940: }
941: }
942: print $client "ok\n";
943: } else {
944: print $client "not_found\n";
945: }
946: } else {
947: print $client "rejected\n";
948: }
949: # ----------------------------------------------------------------- unsubscribe
950: } elsif ($userinput =~ /^unsub/) {
951: my ($cmd,$fname)=split(/:/,$userinput);
952: if (-e $fname) {
953: if (unlink("$fname.$hostid{$clientip}")) {
954: print $client "ok\n";
955: } else {
956: print $client "not_subscribed\n";
957: }
958: } else {
959: print $client "not_found\n";
960: }
961: # ------------------------------------------------------------------- subscribe
962: } elsif ($userinput =~ /^sub/) {
963: my ($cmd,$fname)=split(/:/,$userinput);
964: my $ownership=ishome($fname);
965: if ($ownership eq 'owner') {
966: if (-e $fname) {
967: if (-d $fname) {
968: print $client "directory\n";
969: } else {
970: $now=time;
971: {
972: my $sh;
973: if ($sh=
974: IO::File->new(">$fname.$hostid{$clientip}")) {
975: print $sh "$clientip:$now\n";
976: }
977: }
978: unless ($fname=~/\.meta$/) {
979: unlink("$fname.meta.$hostid{$clientip}");
980: }
981: $fname=~s/\/home\/httpd\/html\/res/raw/;
982: $fname="http://$thisserver/".$fname;
983: print $client "$fname\n";
984: }
985: } else {
986: print $client "not_found\n";
987: }
988: } else {
989: print $client "rejected\n";
990: }
991: # ------------------------------------------------------------------------- log
992: } elsif ($userinput =~ /^log/) {
993: my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
994: chomp($what);
995: my $proname=propath($udom,$uname);
996: my $now=time;
997: {
998: my $hfh;
999: if ($hfh=IO::File->new(">>$proname/activity.log")) {
1000: print $hfh "$now:$hostid{$clientip}:$what\n";
1001: print $client "ok\n";
1002: } else {
1003: print $client "error:$!\n";
1004: }
1005: }
1006: # ------------------------------------------------------------------------- put
1007: } elsif ($userinput =~ /^put/) {
1008: my ($cmd,$udom,$uname,$namespace,$what)
1009: =split(/:/,$userinput);
1010: $namespace=~s/\//\_/g;
1011: $namespace=~s/\W//g;
1012: if ($namespace ne 'roles') {
1013: chomp($what);
1014: my $proname=propath($udom,$uname);
1015: my $now=time;
1016: unless ($namespace=~/^nohist\_/) {
1017: my $hfh;
1018: if (
1019: $hfh=IO::File->new(">>$proname/$namespace.hist")
1020: ) { print $hfh "P:$now:$what\n"; }
1021: }
1022: my @pairs=split(/\&/,$what);
1023: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) {
1024: foreach $pair (@pairs) {
1025: ($key,$value)=split(/=/,$pair);
1026: $hash{$key}=$value;
1027: }
1028: if (untie(%hash)) {
1029: print $client "ok\n";
1030: } else {
1031: print $client "error:$!\n";
1032: }
1033: } else {
1034: print $client "error:$!\n";
1035: }
1036: } else {
1037: print $client "refused\n";
1038: }
1039: # -------------------------------------------------------------------- rolesput
1040: } elsif ($userinput =~ /^rolesput/) {
1041: &Debug("rolesput");
1042: if ($wasenc==1) {
1043: my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
1044: =split(/:/,$userinput);
1045: &Debug("cmd = ".$cmd." exedom= ".$exedom.
1046: "user = ".$exeuser." udom=".$udom.
1047: "what = ".$what);
1048: my $namespace='roles';
1049: chomp($what);
1050: my $proname=propath($udom,$uname);
1051: my $now=time;
1052: {
1053: my $hfh;
1054: if (
1055: $hfh=IO::File->new(">>$proname/$namespace.hist")
1056: ) {
1057: print $hfh "P:$now:$exedom:$exeuser:$what\n";
1058: }
1059: }
1060: my @pairs=split(/\&/,$what);
1061: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) {
1062: foreach $pair (@pairs) {
1063: ($key,$value)=split(/=/,$pair);
1064: &ManagePermissions($key, $udom, $uname,
1065: &GetAuthType( $udom,
1066: $uname));
1067: $hash{$key}=$value;
1068:
1069: }
1070: if (untie(%hash)) {
1071: print $client "ok\n";
1072: } else {
1073: print $client "error:$!\n";
1074: }
1075: } else {
1076: print $client "error:$!\n";
1077: }
1078: } else {
1079: print $client "refused\n";
1080: }
1081: # ------------------------------------------------------------------------- get
1082: } elsif ($userinput =~ /^get/) {
1083: my ($cmd,$udom,$uname,$namespace,$what)
1084: =split(/:/,$userinput);
1085: $namespace=~s/\//\_/g;
1086: $namespace=~s/\W//g;
1087: chomp($what);
1088: my @queries=split(/\&/,$what);
1089: my $proname=propath($udom,$uname);
1090: my $qresult='';
1091: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {
1092: for ($i=0;$i<=$#queries;$i++) {
1093: $qresult.="$hash{$queries[$i]}&";
1094: }
1095: if (untie(%hash)) {
1096: $qresult=~s/\&$//;
1097: print $client "$qresult\n";
1098: } else {
1099: print $client "error:$!\n";
1100: }
1101: } else {
1102: print $client "error:$!\n";
1103: }
1104: # ------------------------------------------------------------------------ eget
1105: } elsif ($userinput =~ /^eget/) {
1106: my ($cmd,$udom,$uname,$namespace,$what)
1107: =split(/:/,$userinput);
1108: $namespace=~s/\//\_/g;
1109: $namespace=~s/\W//g;
1110: chomp($what);
1111: my @queries=split(/\&/,$what);
1112: my $proname=propath($udom,$uname);
1113: my $qresult='';
1114: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {
1115: for ($i=0;$i<=$#queries;$i++) {
1116: $qresult.="$hash{$queries[$i]}&";
1117: }
1118: if (untie(%hash)) {
1119: $qresult=~s/\&$//;
1120: if ($cipher) {
1121: my $cmdlength=length($qresult);
1122: $qresult.=" ";
1123: my $encqresult='';
1124: for
1125: (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
1126: $encqresult.=
1127: unpack("H16",
1128: $cipher->encrypt(substr($qresult,$encidx,8)));
1129: }
1130: print $client "enc:$cmdlength:$encqresult\n";
1131: } else {
1132: print $client "error:no_key\n";
1133: }
1134: } else {
1135: print $client "error:$!\n";
1136: }
1137: } else {
1138: print $client "error:$!\n";
1139: }
1140: # ------------------------------------------------------------------------- del
1141: } elsif ($userinput =~ /^del/) {
1142: my ($cmd,$udom,$uname,$namespace,$what)
1143: =split(/:/,$userinput);
1144: $namespace=~s/\//\_/g;
1145: $namespace=~s/\W//g;
1146: chomp($what);
1147: my $proname=propath($udom,$uname);
1148: my $now=time;
1149: unless ($namespace=~/^nohist\_/) {
1150: my $hfh;
1151: if (
1152: $hfh=IO::File->new(">>$proname/$namespace.hist")
1153: ) { print $hfh "D:$now:$what\n"; }
1154: }
1155: my @keys=split(/\&/,$what);
1156: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) {
1157: foreach $key (@keys) {
1158: delete($hash{$key});
1159: }
1160: if (untie(%hash)) {
1161: print $client "ok\n";
1162: } else {
1163: print $client "error:$!\n";
1164: }
1165: } else {
1166: print $client "error:$!\n";
1167: }
1168: # ------------------------------------------------------------------------ keys
1169: } elsif ($userinput =~ /^keys/) {
1170: my ($cmd,$udom,$uname,$namespace)
1171: =split(/:/,$userinput);
1172: $namespace=~s/\//\_/g;
1173: $namespace=~s/\W//g;
1174: my $proname=propath($udom,$uname);
1175: my $qresult='';
1176: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {
1177: foreach $key (keys %hash) {
1178: $qresult.="$key&";
1179: }
1180: if (untie(%hash)) {
1181: $qresult=~s/\&$//;
1182: print $client "$qresult\n";
1183: } else {
1184: print $client "error:$!\n";
1185: }
1186: } else {
1187: print $client "error:$!\n";
1188: }
1189: # ------------------------------------------------------------------------ dump
1190: } elsif ($userinput =~ /^dump/) {
1191: my ($cmd,$udom,$uname,$namespace,$regexp)
1192: =split(/:/,$userinput);
1193: $namespace=~s/\//\_/g;
1194: $namespace=~s/\W//g;
1195: if (defined($regexp)) {
1196: $regexp=&unescape($regexp);
1197: } else {
1198: $regexp='.';
1199: }
1200: my $proname=propath($udom,$uname);
1201: my $qresult='';
1202: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {
1203: foreach $key (keys %hash) {
1204: if (eval('$key=~/$regexp/')) {
1205: $qresult.="$key=$hash{$key}&";
1206: }
1207: }
1208: if (untie(%hash)) {
1209: $qresult=~s/\&$//;
1210: print $client "$qresult\n";
1211: } else {
1212: print $client "error:$!\n";
1213: }
1214: } else {
1215: print $client "error:$!\n";
1216: }
1217: # ----------------------------------------------------------------------- store
1218: } elsif ($userinput =~ /^store/) {
1219: my ($cmd,$udom,$uname,$namespace,$rid,$what)
1220: =split(/:/,$userinput);
1221: $namespace=~s/\//\_/g;
1222: $namespace=~s/\W//g;
1223: if ($namespace ne 'roles') {
1224: chomp($what);
1225: my $proname=propath($udom,$uname);
1226: my $now=time;
1227: unless ($namespace=~/^nohist\_/) {
1228: my $hfh;
1229: if (
1230: $hfh=IO::File->new(">>$proname/$namespace.hist")
1231: ) { print $hfh "P:$now:$rid:$what\n"; }
1232: }
1233: my @pairs=split(/\&/,$what);
1234:
1235: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT,0640)) {
1236: my @previouskeys=split(/&/,$hash{"keys:$rid"});
1237: my $key;
1238: $hash{"version:$rid"}++;
1239: my $version=$hash{"version:$rid"};
1240: my $allkeys='';
1241: foreach $pair (@pairs) {
1242: ($key,$value)=split(/=/,$pair);
1243: $allkeys.=$key.':';
1244: $hash{"$version:$rid:$key"}=$value;
1245: }
1246: $hash{"$version:$rid:timestamp"}=$now;
1247: $allkeys.='timestamp';
1248: $hash{"$version:keys:$rid"}=$allkeys;
1249: if (untie(%hash)) {
1250: print $client "ok\n";
1251: } else {
1252: print $client "error:$!\n";
1253: }
1254: } else {
1255: print $client "error:$!\n";
1256: }
1257: } else {
1258: print $client "refused\n";
1259: }
1260: # --------------------------------------------------------------------- restore
1261: } elsif ($userinput =~ /^restore/) {
1262: my ($cmd,$udom,$uname,$namespace,$rid)
1263: =split(/:/,$userinput);
1264: $namespace=~s/\//\_/g;
1265: $namespace=~s/\W//g;
1266: chomp($rid);
1267: my $proname=propath($udom,$uname);
1268: my $qresult='';
1269: if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) {
1270: my $version=$hash{"version:$rid"};
1271: $qresult.="version=$version&";
1272: my $scope;
1273: for ($scope=1;$scope<=$version;$scope++) {
1274: my $vkeys=$hash{"$scope:keys:$rid"};
1275: my @keys=split(/:/,$vkeys);
1276: my $key;
1277: $qresult.="$scope:keys=$vkeys&";
1278: foreach $key (@keys) {
1279: $qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
1280: }
1281: }
1282: if (untie(%hash)) {
1283: $qresult=~s/\&$//;
1284: print $client "$qresult\n";
1285: } else {
1286: print $client "error:$!\n";
1287: }
1288: } else {
1289: print $client "error:$!\n";
1290: }
1291: # ------------------------------------------------------------------- querysend
1292: } elsif ($userinput =~ /^querysend/) {
1293: my ($cmd,$query,
1294: $custom,$customshow)=split(/:/,$userinput);
1295: $query=~s/\n*$//g;
1296: unless ($custom or $customshow) {
1297: print $client "".
1298: sqlreply("$hostid{$clientip}\&$query")."\n";
1299: }
1300: else {
1301: print $client "".
1302: sqlreply("$hostid{$clientip}\&$query".
1303: "\&$custom"."\&$customshow")."\n";
1304: }
1305: # ------------------------------------------------------------------ queryreply
1306: } elsif ($userinput =~ /^queryreply/) {
1307: my ($cmd,$id,$reply)=split(/:/,$userinput);
1308: my $store;
1309: my $execdir=$perlvar{'lonDaemons'};
1310: if ($store=IO::File->new(">$execdir/tmp/$id")) {
1311: $reply=~s/\&/\n/g;
1312: print $store $reply;
1313: close $store;
1314: my $store2=IO::File->new(">$execdir/tmp/$id.end");
1315: print $store2 "done\n";
1316: close $store2;
1317: print $client "ok\n";
1318: }
1319: else {
1320: print $client "error:$!\n";
1321: }
1322: # ----------------------------------------------------------------------- idput
1323: } elsif ($userinput =~ /^idput/) {
1324: my ($cmd,$udom,$what)=split(/:/,$userinput);
1325: chomp($what);
1326: $udom=~s/\W//g;
1327: my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
1328: my $now=time;
1329: {
1330: my $hfh;
1331: if (
1332: $hfh=IO::File->new(">>$proname.hist")
1333: ) { print $hfh "P:$now:$what\n"; }
1334: }
1335: my @pairs=split(/\&/,$what);
1336: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT,0640)) {
1337: foreach $pair (@pairs) {
1338: ($key,$value)=split(/=/,$pair);
1339: $hash{$key}=$value;
1340: }
1341: if (untie(%hash)) {
1342: print $client "ok\n";
1343: } else {
1344: print $client "error:$!\n";
1345: }
1346: } else {
1347: print $client "error:$!\n";
1348: }
1349: # ----------------------------------------------------------------------- idget
1350: } elsif ($userinput =~ /^idget/) {
1351: my ($cmd,$udom,$what)=split(/:/,$userinput);
1352: chomp($what);
1353: $udom=~s/\W//g;
1354: my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
1355: my @queries=split(/\&/,$what);
1356: my $qresult='';
1357: if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER,0640)) {
1358: for ($i=0;$i<=$#queries;$i++) {
1359: $qresult.="$hash{$queries[$i]}&";
1360: }
1361: if (untie(%hash)) {
1362: $qresult=~s/\&$//;
1363: print $client "$qresult\n";
1364: } else {
1365: print $client "error:$!\n";
1366: }
1367: } else {
1368: print $client "error:$!\n";
1369: }
1370: # ---------------------------------------------------------------------- tmpput
1371: } elsif ($userinput =~ /^tmpput/) {
1372: my ($cmd,$what)=split(/:/,$userinput);
1373: my $store;
1374: $tmpsnum++;
1375: my $id=$$.'_'.$clientip.'_'.$tmpsnum;
1376: $id=~s/\W/\_/g;
1377: $what=~s/\n//g;
1378: my $execdir=$perlvar{'lonDaemons'};
1379: if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
1380: print $store $what;
1381: close $store;
1382: print $client "$id\n";
1383: }
1384: else {
1385: print $client "error:$!\n";
1386: }
1387:
1388: # ---------------------------------------------------------------------- tmpget
1389: } elsif ($userinput =~ /^tmpget/) {
1390: my ($cmd,$id)=split(/:/,$userinput);
1391: chomp($id);
1392: $id=~s/\W/\_/g;
1393: my $store;
1394: my $execdir=$perlvar{'lonDaemons'};
1395: if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
1396: my $reply=<$store>;
1397: print $client "$reply\n";
1398: close $store;
1399: }
1400: else {
1401: print $client "error:$!\n";
1402: }
1403:
1404: # -------------------------------------------------------------------------- ls
1405: } elsif ($userinput =~ /^ls/) {
1406: my ($cmd,$ulsdir)=split(/:/,$userinput);
1407: my $ulsout='';
1408: my $ulsfn;
1409: if (-e $ulsdir) {
1410: if (opendir(LSDIR,$ulsdir)) {
1411: while ($ulsfn=readdir(LSDIR)) {
1412: my @ulsstats=stat($ulsdir.'/'.$ulsfn);
1413: $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
1414: }
1415: closedir(LSDIR);
1416: }
1417: } else {
1418: $ulsout='no_such_dir';
1419: }
1420: if ($ulsout eq '') { $ulsout='empty'; }
1421: print $client "$ulsout\n";
1422: # ------------------------------------------------------------------ Hanging up
1423: } elsif (($userinput =~ /^exit/) ||
1424: ($userinput =~ /^init/)) {
1425: &logthis(
1426: "Client $clientip ($hostid{$clientip}) hanging up: $userinput");
1427: print $client "bye\n";
1428: $client->close();
1429: last;
1430: # ------------------------------------------------------------- unknown command
1431: } else {
1432: # unknown command
1433: print $client "unknown_cmd\n";
1434: }
1435: # -------------------------------------------------------------------- complete
1436: alarm(0);
1437: &status('Listening to '.$hostid{$clientip});
1438: }
1439: # --------------------------------------------- client unknown or fishy, refuse
1440: } else {
1441: print $client "refused\n";
1442: $client->close();
1443: &logthis("<font color=blue>WARNING: "
1444: ."Rejected client $clientip, closing connection</font>");
1445: }
1446: }
1447:
1448: # =============================================================================
1449:
1450: &logthis("<font color=red>CRITICAL: "
1451: ."Disconnect from $clientip ($hostid{$clientip})</font>");
1452: # tidy up gracefully and finish
1453:
1454: $server->close();
1455:
1456: # this exit is VERY important, otherwise the child will become
1457: # a producer of more and more children, forking yourself into
1458: # process death.
1459: exit;
1460: }
1461: }
1462:
1463:
1464: #
1465: # Checks to see if the input roleput request was to set
1466: # an author role. If so, invokes the lchtmldir script to set
1467: # up a correct public_html
1468: # Parameters:
1469: # request - The request sent to the rolesput subchunk.
1470: # We're looking for /domain/_au
1471: # domain - The domain in which the user is having roles doctored.
1472: # user - Name of the user for which the role is being put.
1473: # authtype - The authentication type associated with the user.
1474: #
1475: sub ManagePermissions
1476: {
1477: my $request = shift;
1478: my $domain = shift;
1479: my $user = shift;
1480: my $authtype= shift;
1481:
1482: # See if the request is of the form /$domain/_au
1483:
1484: if($request =~ /^(\/$domain\/_au)$/) { # It's an author rolesput...
1485: my $execdir = $perlvar{'lonDaemons'};
1486: my $userhome= "/home/$user" ;
1487: Debug("system $execdir/lchtmldir $userhome $system $authtype");
1488: system("$execdir/lchtmldir $userhome $user $authtype");
1489: }
1490: }
1491: #
1492: # GetAuthType - Determines the authorization type of a user in a domain.
1493:
1494: # Returns the authorization type or nouser if there is no such user.
1495: #
1496: sub GetAuthType
1497: {
1498: my $domain = shift;
1499: my $user = shift;
1500:
1501: Debug("GetAuthType( $domain, $user ) \n");
1502: my $proname = &propath($domain, $user);
1503: my $passwdfile = "$proname/passwd";
1504: if( -e $passwdfile ) {
1505: my $pf = IO::File->new($passwdfile);
1506: my $realpassword = <$pf>;
1507: chomp($realpassword);
1508: Debug("Password info = $realpassword\n");
1509: my ($authtype, $contentpwd) = split(/:/, $realpassword);
1510: Debug("Authtype = $authtype, content = $contentpwd\n");
1511: my $availinfo = '';
1512: if($authtype eq 'krb4') {
1513: $availinfo = $contentpwd;
1514: }
1515:
1516: return "$authtype:$availinfo";
1517: }
1518: else {
1519: Debug("Returning nouser");
1520: return "nouser";
1521: }
1522:
1523: }
1524:
1525: # ----------------------------------- POD (plain old documentation, CPAN style)
1526:
1527: =head1 NAME
1528:
1529: lond - "LON Daemon" Server (port "LOND" 5663)
1530:
1531: =head1 SYNOPSIS
1532:
1533: Usage: B<lond>
1534:
1535: Should only be run as user=www. This is a command-line script which
1536: is invoked by B<loncron>. There is no expectation that a typical user
1537: will manually start B<lond> from the command-line. (In other words,
1538: DO NOT START B<lond> YOURSELF.)
1539:
1540: =head1 DESCRIPTION
1541:
1542: There are two characteristics associated with the running of B<lond>,
1543: PROCESS MANAGEMENT (starting, stopping, handling child processes)
1544: and SERVER-SIDE ACTIVITIES (password authentication, user creation,
1545: subscriptions, etc). These are described in two large
1546: sections below.
1547:
1548: B<PROCESS MANAGEMENT>
1549:
1550: Preforker - server who forks first. Runs as a daemon. HUPs.
1551: Uses IDEA encryption
1552:
1553: B<lond> forks off children processes that correspond to the other servers
1554: in the network. Management of these processes can be done at the
1555: parent process level or the child process level.
1556:
1557: B<logs/lond.log> is the location of log messages.
1558:
1559: The process management is now explained in terms of linux shell commands,
1560: subroutines internal to this code, and signal assignments:
1561:
1562: =over 4
1563:
1564: =item *
1565:
1566: PID is stored in B<logs/lond.pid>
1567:
1568: This is the process id number of the parent B<lond> process.
1569:
1570: =item *
1571:
1572: SIGTERM and SIGINT
1573:
1574: Parent signal assignment:
1575: $SIG{INT} = $SIG{TERM} = \&HUNTSMAN;
1576:
1577: Child signal assignment:
1578: $SIG{INT} = 'DEFAULT'; (and SIGTERM is DEFAULT also)
1579: (The child dies and a SIGALRM is sent to parent, awaking parent from slumber
1580: to restart a new child.)
1581:
1582: Command-line invocations:
1583: B<kill> B<-s> SIGTERM I<PID>
1584: B<kill> B<-s> SIGINT I<PID>
1585:
1586: Subroutine B<HUNTSMAN>:
1587: This is only invoked for the B<lond> parent I<PID>.
1588: This kills all the children, and then the parent.
1589: The B<lonc.pid> file is cleared.
1590:
1591: =item *
1592:
1593: SIGHUP
1594:
1595: Current bug:
1596: This signal can only be processed the first time
1597: on the parent process. Subsequent SIGHUP signals
1598: have no effect.
1599:
1600: Parent signal assignment:
1601: $SIG{HUP} = \&HUPSMAN;
1602:
1603: Child signal assignment:
1604: none (nothing happens)
1605:
1606: Command-line invocations:
1607: B<kill> B<-s> SIGHUP I<PID>
1608:
1609: Subroutine B<HUPSMAN>:
1610: This is only invoked for the B<lond> parent I<PID>,
1611: This kills all the children, and then the parent.
1612: The B<lond.pid> file is cleared.
1613:
1614: =item *
1615:
1616: SIGUSR1
1617:
1618: Parent signal assignment:
1619: $SIG{USR1} = \&USRMAN;
1620:
1621: Child signal assignment:
1622: $SIG{USR1}= \&logstatus;
1623:
1624: Command-line invocations:
1625: B<kill> B<-s> SIGUSR1 I<PID>
1626:
1627: Subroutine B<USRMAN>:
1628: When invoked for the B<lond> parent I<PID>,
1629: SIGUSR1 is sent to all the children, and the status of
1630: each connection is logged.
1631:
1632: =item *
1633:
1634: SIGCHLD
1635:
1636: Parent signal assignment:
1637: $SIG{CHLD} = \&REAPER;
1638:
1639: Child signal assignment:
1640: none
1641:
1642: Command-line invocations:
1643: B<kill> B<-s> SIGCHLD I<PID>
1644:
1645: Subroutine B<REAPER>:
1646: This is only invoked for the B<lond> parent I<PID>.
1647: Information pertaining to the child is removed.
1648: The socket port is cleaned up.
1649:
1650: =back
1651:
1652: B<SERVER-SIDE ACTIVITIES>
1653:
1654: Server-side information can be accepted in an encrypted or non-encrypted
1655: method.
1656:
1657: =over 4
1658:
1659: =item ping
1660:
1661: Query a client in the hosts.tab table; "Are you there?"
1662:
1663: =item pong
1664:
1665: Respond to a ping query.
1666:
1667: =item ekey
1668:
1669: Read in encrypted key, make cipher. Respond with a buildkey.
1670:
1671: =item load
1672:
1673: Respond with CPU load based on a computation upon /proc/loadavg.
1674:
1675: =item currentauth
1676:
1677: Reply with current authentication information (only over an
1678: encrypted channel).
1679:
1680: =item auth
1681:
1682: Only over an encrypted channel, reply as to whether a user's
1683: authentication information can be validated.
1684:
1685: =item passwd
1686:
1687: Allow for a password to be set.
1688:
1689: =item makeuser
1690:
1691: Make a user.
1692:
1693: =item passwd
1694:
1695: Allow for authentication mechanism and password to be changed.
1696:
1697: =item home
1698:
1699: Respond to a question "are you the home for a given user?"
1700:
1701: =item update
1702:
1703: Update contents of a subscribed resource.
1704:
1705: =item unsubscribe
1706:
1707: The server is unsubscribing from a resource.
1708:
1709: =item subscribe
1710:
1711: The server is subscribing to a resource.
1712:
1713: =item log
1714:
1715: Place in B<logs/lond.log>
1716:
1717: =item put
1718:
1719: stores hash in namespace
1720:
1721: =item rolesput
1722:
1723: put a role into a user's environment
1724:
1725: =item get
1726:
1727: returns hash with keys from array
1728: reference filled in from namespace
1729:
1730: =item eget
1731:
1732: returns hash with keys from array
1733: reference filled in from namesp (encrypts the return communication)
1734:
1735: =item rolesget
1736:
1737: get a role from a user's environment
1738:
1739: =item del
1740:
1741: deletes keys out of array from namespace
1742:
1743: =item keys
1744:
1745: returns namespace keys
1746:
1747: =item dump
1748:
1749: dumps the complete (or key matching regexp) namespace into a hash
1750:
1751: =item store
1752:
1753: stores hash permanently
1754: for this url; hashref needs to be given and should be a \%hashname; the
1755: remaining args aren't required and if they aren't passed or are '' they will
1756: be derived from the ENV
1757:
1758: =item restore
1759:
1760: returns a hash for a given url
1761:
1762: =item querysend
1763:
1764: Tells client about the lonsql process that has been launched in response
1765: to a sent query.
1766:
1767: =item queryreply
1768:
1769: Accept information from lonsql and make appropriate storage in temporary
1770: file space.
1771:
1772: =item idput
1773:
1774: Defines usernames as corresponding to IDs. (These "IDs" are unique identifiers
1775: for each student, defined perhaps by the institutional Registrar.)
1776:
1777: =item idget
1778:
1779: Returns usernames corresponding to IDs. (These "IDs" are unique identifiers
1780: for each student, defined perhaps by the institutional Registrar.)
1781:
1782: =item tmpput
1783:
1784: Accept and store information in temporary space.
1785:
1786: =item tmpget
1787:
1788: Send along temporarily stored information.
1789:
1790: =item ls
1791:
1792: List part of a user's directory.
1793:
1794: =item Hanging up (exit or init)
1795:
1796: What to do when a client tells the server that they (the client)
1797: are leaving the network.
1798:
1799: =item unknown command
1800:
1801: If B<lond> is sent an unknown command (not in the list above),
1802: it replys to the client "unknown_cmd".
1803:
1804: =item UNKNOWN CLIENT
1805:
1806: If the anti-spoofing algorithm cannot verify the client,
1807: the client is rejected (with a "refused" message sent
1808: to the client, and the connection is closed.
1809:
1810: =back
1811:
1812: =head1 PREREQUISITES
1813:
1814: IO::Socket
1815: IO::File
1816: Apache::File
1817: Symbol
1818: POSIX
1819: Crypt::IDEA
1820: LWP::UserAgent()
1821: GDBM_File
1822: Authen::Krb4
1823:
1824: =head1 COREQUISITES
1825:
1826: =head1 OSNAMES
1827:
1828: linux
1829:
1830: =head1 SCRIPT CATEGORIES
1831:
1832: Server/Process
1833:
1834: =cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lond CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom