[LON-CAPA-cvs] cvs: loncom / lonlocal.pm
foxr
lon-capa-cvs@mail.lon-capa.org
Thu, 17 Jun 2004 09:27:24 -0000
foxr Thu Jun 17 05:27:24 2004 EDT
Modified files:
/loncom lonlocal.pm
Log:
Debug local secure key exchange support
Index: loncom/lonlocal.pm
diff -u loncom/lonlocal.pm:1.4 loncom/lonlocal.pm:1.5
--- loncom/lonlocal.pm:1.4 Tue Jun 1 05:53:44 2004
+++ loncom/lonlocal.pm Thu Jun 17 05:27:23 2004
@@ -1,5 +1,5 @@
#
-# $Id: lonlocal.pm,v 1.4 2004/06/01 09:53:44 foxr Exp $
+# $Id: lonlocal.pm,v 1.5 2004/06/17 09:27:23 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -56,6 +56,15 @@
my $lastError; # Reason for last failure.
+# Debugging:
+
+my $DEBUG = 1;
+
+sub Debug {
+ my $msg = shift;
+ print STDERR "$msg\n";
+}
+
# Initialization
$perlvar = LONCAPA::Configuration::read_conf('loncapa.conf');
@@ -63,7 +72,7 @@
#------------------------------------------------------------------------
#
-# Name BuildKey
+# Name CreateCipherKey
# Description: Create an encryption key.
# Returns: The key.
#
@@ -73,13 +82,15 @@
my $binaryKey;
my $cipherkey;
- # we'll use the output of /dev/random to produce our key.
+ # we'll use the output of /dev/urandom to produce our key.
# On a system with decent entropy, this ought to be much more
# random than all the playing that used to be done to get a key.
- #
+ # On a system with not so decent entropy we'll still get an ok key.
+ # My concern with /dev/random is that we may block for an indefinite
+ # time period...where for us decent keys are probably good enough.
$keylength = IDEA::keysize();
- open(RANDOM, "</dev/random");
+ open(RANDOM, "</dev/urandom");
sysread(RANDOM, $binaryKey, $keylength);
close RANDOM;
@@ -111,7 +122,7 @@
#
$fileindex++;
my $CertificateDir = $perlvar->{lonCertificateDirectory};
- my $Filename = $CertificateDir.$pathsep.".$fileindex.".$PID;
+ my $Filename = $CertificateDir.$pathsep.".$fileindex.".$$;
# If this file already exists, this is a recoverable error... we just
# delete the earlier incarnation of the file.
@@ -134,7 +145,7 @@
# the file is created with the appropriate locked down permissions.
if(! sysopen(KEYFILE, $Filename, O_CREAT | O_EXCL | O_WRONLY, 0600)) {
- $lastError = "Creation of key file failed ".$ERRNO;
+ $lastError = "Creation of key file failed ".$!;
return undef;
}
# Create the key, write it to the file and close the file:
@@ -143,7 +154,7 @@
print KEYFILE "$key\n";
close KEYFILE;
- return \($key, $Filename);
+ return ($key, $Filename);
}
@@ -165,13 +176,17 @@
#
sub ReadKeyFile {
my $Filename = shift;
+ Debug("ReadKeyFile: $Filename");
+
if(! open(KEYFILE, "<$Filename")) {
+ Debug(" Open of $Filename failed\n");
$lastError = "Key file open failed";
return undef
}
my $key = <KEYFILE>;
- chomp;
+ chomp($key);
+ Debug(" Read key: $key");
close KEYFILE;
unlink $Filename;
#
@@ -179,6 +194,7 @@
# permissions:
#
if(-e $Filename) {
+ Debug("File did not get deleted");
$lastError = "Key file still exists after unlink";
return undef;
}
@@ -189,9 +205,13 @@
# replacing our file... of course if they read this comment they'll
# be too smart to put an incorrectly sized file
#
- if(length($key) != IDEA::keysize*2) {
+ my $keylen = length($key);
+ my $rightlen= IDEA::keysize()*2;
+ if($keylen != $rightlen) {
+ Debug("Key is incorrect length is $keylen sb $rightlen");
$lastError = "Key file has incorrect length";
return undef;
}
+ Debug("Returning key: $key to caller");
return $key;
}