[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Mon, 13 Oct 2003 08:49:55 -0000 

foxr		Mon Oct 13 04:49:55 2003 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Add host based authentication.
  
  
Index: loncom/lond
diff -u loncom/lond:1.155 loncom/lond:1.156
--- loncom/lond:1.155	Wed Oct  8 16:37:48 2003
+++ loncom/lond	Mon Oct 13 04:49:54 2003
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.155 2003/10/08 20:37:48 albertel Exp $
+# $Id: lond,v 1.156 2003/10/13 08:49:54 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -85,7 +85,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.155 $'; #' stupid emacs
+my $VERSION='$Revision: 1.156 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -99,6 +99,7 @@
 my %hostid;
 my %hostdom;
 my %hostip;
+my %managers;			# If defined $managers{hostname} is a manager
 my %perlvar;			# Will have the apache conf defined perl vars.
 
 #
@@ -155,7 +156,37 @@
 
     return $clientip;
 }
-
+#
+#   ReadManagerTable: Reads in the current manager table. For now this is
+#                     done on each manager authentication because:
+#                     - These authentications are not frequent
+#                     - This allows dynamic changes to the manager table
+#                       without the need to signal to the lond.
+#
+
+sub ReadManagerTable {
+
+    #   Clean out the old table first..
+
+    foreach my $key (keys %managers) {
+	delete $managers{$key};
+    }
+
+    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+    if (!open (MANAGERS, $tablename)) {
+	logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
+	return;
+    }
+    while(my $host = <MANAGERS>) {
+	chomp($host);
+	if (!defined $hostip{$host}) {
+	    logthis('<font color="red"> manager '.$host.
+		    " not in hosts.tab, rejected as manager</font>");
+	} else {
+	    $managers{$host} = $hostip{$host}; # Whatever for now.
+	}
+    }
+}
 
 #
 #  ValidManager: Determines if a given certificate represents a valid manager.
@@ -167,14 +198,25 @@
 sub ValidManager {
     my $certificate = shift; 
 
-    my $hostentry   = $hostid{$certificate};
-    if ($hostentry ne undef) {
-	&logthis('<font color="yellow">Authenticating manager'.
-		 " $hostentry</font>");
-	return 1;
+    ReadManagerTable;
+
+    my $hostname   = $hostid{$certificate};
+
+
+    if ($hostname ne undef) {
+	if($managers{$hostname} ne undef) {
+	    &logthis('<font color="yellow">Authenticating manager'.
+		     " $hostname</font>");
+	    return 1;
+	} else {
+	    &logthis('<font color="red" failed manager authentication '.
+		     $hostname." is not a valid manager host</font>");
+	    return 0;
+	}
     } else {
 	&logthis('<font color="red"> Failed manager authentication '.
 		 "$certificate </font>");
+	return 0;
     }
 }
 #