[LON-CAPA-cvs] cvs: loncom / lond
foxr
lon-capa-cvs@mail.lon-capa.org
Thu, 29 Jul 2004 10:50:55 -0000
This is a MIME encoded message
--foxr1091098255
Content-Type: text/plain
foxr Thu Jul 29 06:50:55 2004 EDT
Modified files:
/loncom lond
Log:
Factored:
currentauth,
pushfile,
reinit
edit
into the hashed request handler dispatcher.
--foxr1091098255
Content-Type: text/plain
Content-Disposition: attachment; filename="foxr-20040729065055.txt"
Index: loncom/lond
diff -u loncom/lond:1.217 loncom/lond:1.218
--- loncom/lond:1.217 Wed Jul 28 17:33:22 2004
+++ loncom/lond Thu Jul 29 06:50:54 2004
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.217 2004/07/28 21:33:22 foxr Exp $
+# $Id: lond,v 1.218 2004/07/29 10:50:54 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -56,7 +56,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.217 $'; #' stupid emacs
+my $VERSION='$Revision: 1.218 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -1204,6 +1204,163 @@
}
register_handler("userload", \&user_load_handler, 0, 1, 0);
+# Process a request for the authorization type of a user:
+# (userauth).
+#
+# Parameters:
+# $cmd - the actual keyword that invoked us.
+# $tail - the tail of the request that invoked us.
+# $replyfd- File descriptor connected to the client
+# Returns:
+# 1 - Ok to continue processing.
+# 0 - Program should exit
+# Implicit outputs:
+# The user authorization type is written to the client.
+#
+sub user_authorization_type {
+ my ($cmd, $tail, $replyfd) = @_;
+
+ my $userinput = "$cmd:$tail";
+
+ # Pull the domain and username out of the command tail.
+ # and call GetAuthType to determine the authentication type.
+
+ my ($udom,$uname)=split(/:/,$tail);
+ my $result = &GetAuthType($udom, $uname);
+ if($result eq "nouser") {
+ &Failure( $replyfd, "unknown_user\n", $userinput);
+ } else {
+ #
+ # We only want to pass the second field from GetAuthType
+ # for ^krb.. otherwise we'll be handing out the encrypted
+ # password for internals e.g.
+ #
+ my ($type,$otherinfo) = split(/:/,$result);
+ if($type =~ /^krb/) {
+ $type = $result;
+ }
+ &Reply( $replyfd, "$type\n", $userinput);
+ }
+
+ return 1;
+}
+®ister_handler("currentauth", \&user_authorization_type, 1, 1, 0);
+
+# Process a request by a manager to push a hosts or domain table
+# to us. We pick apart the command and pass it on to the subs
+# that already exist to do this.
+#
+# Parameters:
+# $cmd - the actual keyword that invoked us.
+# $tail - the tail of the request that invoked us.
+# $client - File descriptor connected to the client
+# Returns:
+# 1 - Ok to continue processing.
+# 0 - Program should exit
+# Implicit Output:
+# a reply is written to the client.
+
+sub push_file_handler {
+ my ($cmd, $tail, $client) = @_;
+
+ my $userinput = "$cmd:$tail";
+
+ # At this time we only know that the IP of our partner is a valid manager
+ # the code below is a hook to do further authentication (e.g. to resolve
+ # spoofing).
+
+ my $cert = &GetCertificate($userinput);
+ if(&ValidManager($cert)) {
+
+ # Now presumably we have the bona fides of both the peer host and the
+ # process making the request.
+
+ my $reply = &PushFile($userinput);
+ &Reply($client, "$reply\n", $userinput);
+
+ } else {
+ &Failure( $client, "refused\n", $userinput);
+ }
+}
+®ister_handler("pushfile", \&push_file_handler, 1, 0, 1);
+
+
+
+# Process a reinit request. Reinit requests that either
+# lonc or lond be reinitialized so that an updated
+# host.tab or domain.tab can be processed.
+#
+# Parameters:
+# $cmd - the actual keyword that invoked us.
+# $tail - the tail of the request that invoked us.
+# $client - File descriptor connected to the client
+# Returns:
+# 1 - Ok to continue processing.
+# 0 - Program should exit
+# Implicit output:
+# a reply is sent to the client.
+#
+sub reinit_process_handler {
+ my ($cmd, $tail, $client) = @_;
+
+ my $userinput = "$cmd:$tail";
+
+ my $cert = &GetCertificate($userinput);
+ if(&ValidManager($cert)) {
+ chomp($userinput);
+ my $reply = &ReinitProcess($userinput);
+ &Reply( $client, "$reply\n", $userinput);
+ } else {
+ &Failure( $client, "refused\n", $userinput);
+ }
+ return 1;
+}
+
+®ister_handler("reinit", \&reinit_process_handler, 1, 0, 1);
+
+# Process the editing script for a table edit operation.
+# the editing operation must be encrypted and requested by
+# a manager host.
+#
+# Parameters:
+# $cmd - the actual keyword that invoked us.
+# $tail - the tail of the request that invoked us.
+# $client - File descriptor connected to the client
+# Returns:
+# 1 - Ok to continue processing.
+# 0 - Program should exit
+# Implicit output:
+# a reply is sent to the client.
+#
+sub edit_table_handler {
+ my ($command, $tail, $client) = @_;
+
+ my $userinput = "$command:$tail";
+
+ my $cert = &GetCertificate($userinput);
+ if(&ValidManager($cert)) {
+ my($filetype, $script) = split(/:/, $tail);
+ if (($filetype eq "hosts") ||
+ ($filetype eq "domain")) {
+ if($script ne "") {
+ &Reply($client, # BUGBUG - EditFile
+ &EditFile($userinput), # could fail.
+ $userinput);
+ } else {
+ &Failure($client,"refused\n",$userinput);
+ }
+ } else {
+ &Failure($client,"refused\n",$userinput);
+ }
+ } else {
+ &Failure($client,"refused\n",$userinput);
+ }
+ return 1;
+}
+register_handler("edit", \&edit_table_handler, 1, 0, 1);
+
+
+
#---------------------------------------------------------------
#
@@ -1318,72 +1475,9 @@
#------------------- Commands not yet in spearate handlers. --------------
-# ----------------------------------------------------------------- currentauth
- if ($userinput =~ /^currentauth/) {
- if (($wasenc==1) && isClient) { # Encoded & client only.
- my ($cmd,$udom,$uname)=split(/:/,$userinput);
- my $result = GetAuthType($udom, $uname);
- if($result eq "nouser") {
- print $client "unknown_user\n";
- }
- else {
- print $client "$result\n";
- }
- } else {
- Reply($client, "refused\n", $userinput);
-
- }
-#--------------------------------------------------------------------- pushfile
- } elsif($userinput =~ /^pushfile/) { # encoded & manager.
- if(($wasenc == 1) && isManager) {
- my $cert = GetCertificate($userinput);
- if(ValidManager($cert)) {
- my $reply = PushFile($userinput);
- print $client "$reply\n";
- } else {
- print $client "refused\n";
- }
- } else {
- Reply($client, "refused\n", $userinput);
-
- }
-#--------------------------------------------------------------------- reinit
- } elsif($userinput =~ /^reinit/) { # Encoded and manager
- if (($wasenc == 1) && isManager) {
- my $cert = GetCertificate($userinput);
- if(ValidManager($cert)) {
- chomp($userinput);
- my $reply = ReinitProcess($userinput);
- print $client "$reply\n";
- } else {
- print $client "refused\n";
- }
- } else {
- Reply($client, "refused\n", $userinput);
- }
-#------------------------------------------------------------------------- edit
- } elsif ($userinput =~ /^edit/) { # encoded and manager:
- if(($wasenc ==1) && (isManager)) {
- my $cert = GetCertificate($userinput);
- if(ValidManager($cert)) {
- my($command, $filetype, $script) = split(/:/, $userinput);
- if (($filetype eq "hosts") || ($filetype eq "domain")) {
- if($script ne "") {
- Reply($client, EditFile($userinput));
- } else {
- Reply($client,"refused\n",$userinput);
- }
- } else {
- Reply($client,"refused\n",$userinput);
- }
- } else {
- Reply($client,"refused\n",$userinput);
- }
- } else {
- Reply($client,"refused\n",$userinput);
- }
+
# ------------------------------------------------------------------------ auth
- } elsif ($userinput =~ /^auth/) { # Encoded and client only.
+ if ($userinput =~ /^auth/) { # Encoded and client only.
if (($wasenc==1) && isClient) {
my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
chomp($upass);
--foxr1091098255--