[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Tue, 27 Jul 2004 10:25:07 -0000


This is a MIME encoded message

--foxr1090923907
Content-Type: text/plain

foxr		Tue Jul 27 06:25:07 2004 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Separate processing/request getting into subs get_request, 
  process_request.  Plan: To further separate each operation into
  a sub.  If you are editing lond, and want to make life simpler
  for everyone in the long run... take your request processing
  section of the big long ugly if/else if chain in process_request
  and sub it out.  
  
  
  
--foxr1090923907
Content-Type: text/plain
Content-Disposition: attachment; filename="foxr-20040727062507.txt"

Index: loncom/lond
diff -u loncom/lond:1.211 loncom/lond:1.212
--- loncom/lond:1.211	Fri Jul 23 12:14:19 2004
+++ loncom/lond	Tue Jul 27 06:25:07 2004
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.211 2004/07/23 16:14:19 albertel Exp $
+# $Id: lond,v 1.212 2004/07/27 10:25:07 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -56,7 +56,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.211 $'; #' stupid emacs
+my $VERSION='$Revision: 1.212 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -148,8 +148,8 @@
 #
 #   Statistics that are maintained and dislayed in the status line.
 #
-my $Transactions;		# Number of attempted transactions.
-my $Failures;			# Number of transcations failed.
+my $Transactions = 0;		# Number of attempted transactions.
+my $Failures     = 0;		# Number of transcations failed.
 
 #   ResetStatistics: 
 #      Resets the statistics counters:
@@ -1047,259 +1047,1879 @@
     my $input = <$client>;
     chomp($input);
 
-    Debug("Request = $input\n");
+    Debug("get_request: Request = $input\n");
 
     &status('Processing '.$clientname.':'.$input);
 
     return $input;
 }
+#---------------------------------------------------------------
 #
-#   Decipher encoded traffic
-#  Parameters:
-#     input      - Encoded data.
-#  Returns:
-#     Decoded data or undef if encryption key was not yet negotiated.
-#  Implicit input:
-#     cipher  - This global holds the negotiated encryption key.
-#
-sub decipher {
-    my ($input)  = @_;
-    my $output = '';
-   
-   
-    if($cipher) {
-	my($enc, $enclength, $encinput) = split(/:/, $input);
-	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
-	    $output .= 
-		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
-	}
-	return substr($output, 0, $enclength);
-    } else {
-	return undef;
-    }
-}
-
+#  Process a request.  This sub should shrink as each action
+#  gets farmed out into a separat sub that is registered 
+#  with the dispatch hash.  
 #
-#   Register a command processor.  This function is invoked to register a sub
-#   to process a request.  Once registered, the ProcessRequest sub can automatically
-#   dispatch requests to an appropriate sub, and do the top level validity checking
-#   as well:
-#    - Is the keyword recognized.
-#    - Is the proper client type attempting the request.
-#    - Is the request encrypted if it has to be.
-#   Parameters:
-#    $request_name         - Name of the request being registered.
-#                           This is the command request that will match
-#                           against the hash keywords to lookup the information
-#                           associated with the dispatch information.
-#    $procedure           - Reference to a sub to call to process the request.
-#                           All subs get called as follows:
-#                             Procedure($cmd, $tail, $replyfd, $key)
-#                             $cmd    - the actual keyword that invoked us.
-#                             $tail   - the tail of the request that invoked us.
-#                             $replyfd- File descriptor connected to the client
-#    $must_encode          - True if the request must be encoded to be good.
-#    $client_ok            - True if it's ok for a client to request this.
-#    $manager_ok           - True if it's ok for a manager to request this.
-# Side effects:
-#      - On success, the Dispatcher hash has an entry added for the key $RequestName
-#      - On failure, the program will die as it's a bad internal bug to try to 
-#        register a duplicate command handler.
+# Parameters:
+#    user_input   - The request received from the client (lonc).
+# Returns:
+#    true to keep processing, false if caller should exit.
 #
-sub register_handler {
-    my ($request_name,
-	$procedure,
-	$must_encode,
-	$client_ok,
-	$manager_ok)   = @_;
-
-    #  Don't allow duplication#
-   
-    if (defined $Dispatcher{$request_name}) {
-	die "Attempting to define a duplicate request handler for $request_name\n";
+sub process_request {
+    my ($userinput) = @_;      # Easier for now to break style than to
+                                # fix all the userinput -> user_input.
+    my $wasenc    = 0;		# True if request was encrypted.
+# ------------------------------------------------------------ See if encrypted
+    if ($userinput =~ /^enc/) {
+	$userinput = decipher($userinput);
+	$wasenc=1;
+	if(!$userinput) {	# Cipher not defined.
+	    &Failure($client, "error: Encrypted data without negotated key");
+	    return 0;
+	}
     }
-    #   Build the client type mask:
+    Debug("process_request: $userinput\n");
     
-    my $client_type_mask = 0;
-    if($client_ok) {
-	$client_type_mask  |= $CLIENT_OK;
-    }
-    if($manager_ok) {
-	$client_type_mask  |= $MANAGER_OK;
-    }
-   
-    #  Enter the hash:
-      
-    my @entry = ($procedure, $must_encode, $client_type_mask);
-   
-    $Dispatcher{$request_name} = \@entry;
-   
-   
-}
-
-
-#------------------------------------------------------------------
-
-
-
-
-#
-#  Convert an error return code from lcpasswd to a string value.
-#
-sub lcpasswdstrerror {
-    my $ErrorCode = shift;
-    if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) {
-	return "lcpasswd Unrecognized error return value ".$ErrorCode;
-    } else {
-	return $passwderrors[$ErrorCode];
-    }
-}
-
-#
-# Convert an error return code from lcuseradd to a string value:
-#
-sub lcuseraddstrerror {
-    my $ErrorCode = shift;
-    if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) {
-	return "lcuseradd - Unrecognized error code: ".$ErrorCode;
-    } else {
-	return $adderrors[$ErrorCode];
-    }
-}
-
-# grabs exception and records it to log before exiting
-sub catchexception {
-    my ($error)=@_;
-    $SIG{'QUIT'}='DEFAULT';
-    $SIG{__DIE__}='DEFAULT';
-    &status("Catching exception");
-    &logthis("<font color='red'>CRITICAL: "
-     ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
-     ."a crash with this error msg->[$error]</font>");
-    &logthis('Famous last words: '.$status.' - '.$lastlog);
-    if ($client) { print $client "error: $error\n"; }
-    $server->close();
-    die($error);
-}
-
-sub timeout {
-    &status("Handling Timeout");
-    &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
-    &catchexception('Timeout');
-}
-# -------------------------------- Set signal handlers to record abnormal exits
-
-$SIG{'QUIT'}=\&catchexception;
-$SIG{__DIE__}=\&catchexception;
-
-# ---------------------------------- Read loncapa_apache.conf and loncapa.conf
-&status("Read loncapa.conf and loncapa_apache.conf");
-my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf');
-%perlvar=%{$perlvarref};
-undef $perlvarref;
-
-# ----------------------------- Make sure this process is running from user=www
-my $wwwid=getpwnam('www');
-if ($wwwid!=$<) {
-   my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
-   my $subj="LON: $currenthostid User ID mismatch";
-   system("echo 'User ID mismatch.  lond must be run as user www.' |\
- mailto $emailto -s '$subj' > /dev/null");
-   exit 1;
-}
-
-# --------------------------------------------- Check if other instance running
-
-my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
-
-if (-e $pidfile) {
-   my $lfh=IO::File->new("$pidfile");
-   my $pide=<$lfh>;
-   chomp($pide);
-   if (kill 0 => $pide) { die "already running"; }
-}
-
-# ------------------------------------------------------------- Read hosts file
-
-
-
-# establish SERVER socket, bind and listen.
-$server = IO::Socket::INET->new(LocalPort => $perlvar{'londPort'},
-                                Type      => SOCK_STREAM,
-                                Proto     => 'tcp',
-                                Reuse     => 1,
-                                Listen    => 10 )
-  or die "making socket: $@\n";
-
-# --------------------------------------------------------- Do global variables
-
-# global variables
-
-my %children               = ();       # keys are current child process IDs
-
-sub REAPER {                        # takes care of dead children
-    $SIG{CHLD} = \&REAPER;
-    &status("Handling child death");
-    my $pid;
-    do {
-	$pid = waitpid(-1,&WNOHANG());
-	if (defined($children{$pid})) {
-	    &logthis("Child $pid died");
-	    delete($children{$pid});
-	} elsif ($pid > 0) {
-	    &logthis("Unknown Child $pid died");
+# ------------------------------------------------------------- Normal commands
+# ------------------------------------------------------------------------ ping
+    if ($userinput =~ /^ping/) {	# client only
+	if(isClient) {
+	    print $client "$currenthostid\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
 	}
-    } while ( $pid > 0 );
-    foreach my $child (keys(%children)) {
-	$pid = waitpid($child,&WNOHANG());
-	if ($pid > 0) {
-	    &logthis("Child $child - $pid looks like we missed it's death");
-	    delete($children{$pid});
+# ------------------------------------------------------------------------ pong
+    }elsif ($userinput =~ /^pong/) { # client only
+	if(isClient) {
+	    my $reply=&reply("ping",$clientname);
+	    print $client "$currenthostid:$reply\n"; 
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+# ------------------------------------------------------------------------ ekey
+    } elsif ($userinput =~ /^ekey/) { # ok for both clients & mgrs
+	my $buildkey=time.$$.int(rand 100000);
+	$buildkey=~tr/1-6/A-F/;
+	$buildkey=int(rand 100000).$buildkey.int(rand 100000);
+	my $key=$currenthostid.$clientname;
+	$key=~tr/a-z/A-Z/;
+	$key=~tr/G-P/0-9/;
+	$key=~tr/Q-Z/0-9/;
+	$key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
+	$key=substr($key,0,32);
+	my $cipherkey=pack("H32",$key);
+	$cipher=new IDEA $cipherkey;
+	print $client "$buildkey\n"; 
+# ------------------------------------------------------------------------ load
+    } elsif ($userinput =~ /^load/) { # client only
+	if (isClient) {
+	    my $loadavg;
+	    {
+		my $loadfile=IO::File->new('/proc/loadavg');
+		$loadavg=<$loadfile>;
+	    }
+	    $loadavg =~ s/\s.*//g;
+	    my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
+	    print $client "$loadpercent\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- userload
+    } elsif ($userinput =~ /^userload/) { # client only
+	if(isClient) {
+	    my $userloadpercent=&userload();
+	    print $client "$userloadpercent\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
 	}
-    }
-    &status("Finished Handling child death");
-}
-
-sub HUNTSMAN {                      # signal handler for SIGINT
-    &status("Killing children (INT)");
-    local($SIG{CHLD}) = 'IGNORE';   # we're going to kill our children
-    kill 'INT' => keys %children;
-    &logthis("Free socket: ".shutdown($server,2)); # free up socket
-    my $execdir=$perlvar{'lonDaemons'};
-    unlink("$execdir/logs/lond.pid");
-    &logthis("<font color='red'>CRITICAL: Shutting down</font>");
-    &status("Done killing children");
-    exit;                           # clean up with dignity
-}
-
-sub HUPSMAN {                      # signal handler for SIGHUP
-    local($SIG{CHLD}) = 'IGNORE';  # we're going to kill our children
-    &status("Killing children for restart (HUP)");
-    kill 'INT' => keys %children;
-    &logthis("Free socket: ".shutdown($server,2)); # free up socket
-    &logthis("<font color='red'>CRITICAL: Restarting</font>");
-    my $execdir=$perlvar{'lonDaemons'};
-    unlink("$execdir/logs/lond.pid");
-    &status("Restarting self (HUP)");
-    exec("$execdir/lond");         # here we go again
-}
-
 #
-#    Kill off hashes that describe the host table prior to re-reading it.
-#    Hashes affected are:
-#       %hostid, %hostdom %hostip %hostdns.
+#        Transactions requiring encryption:
 #
-sub KillHostHashes {
-    foreach my $key (keys %hostid) {
-	delete $hostid{$key};
-    }
-    foreach my $key (keys %hostdom) {
-	delete $hostdom{$key};
-    }
-    foreach my $key (keys %hostip) {
-	delete $hostip{$key};
-    }
-    foreach my $key (keys %hostdns) {
+# ----------------------------------------------------------------- currentauth
+    } elsif ($userinput =~ /^currentauth/) {
+	if (($wasenc==1)  && isClient) { # Encoded & client only.
+	    my ($cmd,$udom,$uname)=split(/:/,$userinput);
+	    my $result = GetAuthType($udom, $uname);
+	    if($result eq "nouser") {
+		print $client "unknown_user\n";
+	    }
+	    else {
+		print $client "$result\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+#--------------------------------------------------------------------- pushfile
+    } elsif($userinput =~ /^pushfile/) {	# encoded & manager.
+	if(($wasenc == 1) && isManager) {
+	    my $cert = GetCertificate($userinput);
+	    if(ValidManager($cert)) {
+		my $reply = PushFile($userinput);
+		print $client "$reply\n";
+	    } else {
+		print $client "refused\n";
+	    } 
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+#--------------------------------------------------------------------- reinit
+    } elsif($userinput =~ /^reinit/) { # Encoded and manager
+	if (($wasenc == 1) && isManager) {
+	    my $cert = GetCertificate($userinput);
+	    if(ValidManager($cert)) {
+		chomp($userinput);
+		my $reply = ReinitProcess($userinput);
+		print $client  "$reply\n";
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+#------------------------------------------------------------------------- edit
+    } elsif ($userinput =~ /^edit/) {    # encoded and manager:
+	if(($wasenc ==1) && (isManager)) {
+	    my $cert = GetCertificate($userinput);
+	    if(ValidManager($cert)) {
+		my($command, $filetype, $script) = split(/:/, $userinput);
+		if (($filetype eq "hosts") || ($filetype eq "domain")) {
+		    if($script ne "") {
+			Reply($client, EditFile($userinput));
+		    } else {
+			Reply($client,"refused\n",$userinput);
+		    }
+		} else {
+		    Reply($client,"refused\n",$userinput);
+		}
+            } else {
+		Reply($client,"refused\n",$userinput);
+            }
+	} else {
+	    Reply($client,"refused\n",$userinput);
+	}
+# ------------------------------------------------------------------------ auth
+    } elsif ($userinput =~ /^auth/) { # Encoded and client only.
+	if (($wasenc==1) && isClient) {
+	    my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
+	    chomp($upass);
+	    $upass=unescape($upass);
+	    my $proname=propath($udom,$uname);
+	    my $passfilename="$proname/passwd";
+	    if (-e $passfilename) {
+		my $pf = IO::File->new($passfilename);
+		my $realpasswd=<$pf>;
+		chomp($realpasswd);
+		my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+		my $pwdcorrect=0;
+		if ($howpwd eq 'internal') {
+		    &Debug("Internal auth");
+		    $pwdcorrect=
+			(crypt($upass,$contentpwd) eq $contentpwd);
+		} elsif ($howpwd eq 'unix') {
+		    &Debug("Unix auth");
+		    if((getpwnam($uname))[1] eq "") { #no such user!
+			$pwdcorrect = 0;
+		    } else {
+			$contentpwd=(getpwnam($uname))[1];
+			my $pwauth_path="/usr/local/sbin/pwauth";
+			unless ($contentpwd eq 'x') {
+			    $pwdcorrect=
+				(crypt($upass,$contentpwd) eq 
+				 $contentpwd);
+			}
+			
+			elsif (-e $pwauth_path) {
+			    open PWAUTH, "|$pwauth_path" or
+				die "Cannot invoke authentication";
+			    print PWAUTH "$uname\n$upass\n";
+			    close PWAUTH;
+			    $pwdcorrect=!$?;
+			}
+		    }
+		} elsif ($howpwd eq 'krb4') {
+		    my $null=pack("C",0);
+		    unless ($upass=~/$null/) {
+			my $krb4_error = &Authen::Krb4::get_pw_in_tkt
+			    ($uname,"",$contentpwd,'krbtgt',
+			     $contentpwd,1,$upass);
+			if (!$krb4_error) {
+			    $pwdcorrect = 1;
+			} else { 
+			    $pwdcorrect=0; 
+			    # log error if it is not a bad password
+			    if ($krb4_error != 62) {
+				&logthis('krb4:'.$uname.','.
+					 &Authen::Krb4::get_err_txt($Authen::Krb4::error));
+			    }
+			}
+		    }
+		} elsif ($howpwd eq 'krb5') {
+		    my $null=pack("C",0);
+		    unless ($upass=~/$null/) {
+			my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
+			my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
+			my $krbserver=&Authen::Krb5::parse_name($krbservice);
+			my $credentials=&Authen::Krb5::cc_default();
+			$credentials->initialize($krbclient);
+			my $krbreturn = 
+			    &Authen::Krb5::get_in_tkt_with_password(
+								    $krbclient,$krbserver,$upass,$credentials);
+#				  unless ($krbreturn) {
+#				      &logthis("Krb5 Error: ".
+#					       &Authen::Krb5::error());
+#				  }
+			$pwdcorrect = ($krbreturn == 1);
+		    } else { $pwdcorrect=0; }
+		} elsif ($howpwd eq 'localauth') {
+		    $pwdcorrect=&localauth::localauth($uname,$upass,
+						      $contentpwd);
+		}
+		if ($pwdcorrect) {
+		    print $client "authorized\n";
+		} else {
+		    print $client "non_authorized\n";
+		}  
+	    } else {
+		print $client "unknown_user\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ---------------------------------------------------------------------- passwd
+    } elsif ($userinput =~ /^passwd/) { # encoded and client
+	if (($wasenc==1) && isClient) {
+	    my 
+		($cmd,$udom,$uname,$upass,$npass)=split(/:/,$userinput);
+	    chomp($npass);
+	    $upass=&unescape($upass);
+	    $npass=&unescape($npass);
+	    &Debug("Trying to change password for $uname");
+	    my $proname=propath($udom,$uname);
+	    my $passfilename="$proname/passwd";
+	    if (-e $passfilename) {
+		my $realpasswd;
+		{ my $pf = IO::File->new($passfilename);
+		  $realpasswd=<$pf>; }
+		chomp($realpasswd);
+		my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+		if ($howpwd eq 'internal') {
+		    &Debug("internal auth");
+		    if (crypt($upass,$contentpwd) eq $contentpwd) {
+			my $salt=time;
+			$salt=substr($salt,6,2);
+			my $ncpass=crypt($npass,$salt);
+			{
+			    my $pf;
+			    if ($pf = IO::File->new(">$passfilename")) {
+				print $pf "internal:$ncpass\n";
+				&logthis("Result of password change for $uname: pwchange_success");
+				print $client "ok\n";
+			    } else {
+				&logthis("Unable to open $uname passwd to change password");
+				print $client "non_authorized\n";
+			    }
+			}             
+			
+		    } else {
+			print $client "non_authorized\n";
+		    }
+		} elsif ($howpwd eq 'unix') {
+		    # Unix means we have to access /etc/password
+		    # one way or another.
+		    # First: Make sure the current password is
+		    #        correct
+		    &Debug("auth is unix");
+		    $contentpwd=(getpwnam($uname))[1];
+		    my $pwdcorrect = "0";
+		    my $pwauth_path="/usr/local/sbin/pwauth";
+		    unless ($contentpwd eq 'x') {
+			$pwdcorrect=
+			    (crypt($upass,$contentpwd) eq $contentpwd);
+		    } elsif (-e $pwauth_path) {
+			open PWAUTH, "|$pwauth_path" or
+			    die "Cannot invoke authentication";
+			print PWAUTH "$uname\n$upass\n";
+			close PWAUTH;
+			&Debug("exited pwauth with $? ($uname,$upass) ");
+			$pwdcorrect=($? == 0);
+		    }
+		    if ($pwdcorrect) {
+			my $execdir=$perlvar{'lonDaemons'};
+			&Debug("Opening lcpasswd pipeline");
+			my $pf = IO::File->new("|$execdir/lcpasswd > $perlvar{'lonDaemons'}/logs/lcpasswd.log");
+			print $pf "$uname\n$npass\n$npass\n";
+			close $pf;
+			my $err = $?;
+			my $result = ($err>0 ? 'pwchange_failure' 
+				      : 'ok');
+			&logthis("Result of password change for $uname: ".
+				 &lcpasswdstrerror($?));
+			print $client "$result\n";
+		    } else {
+			print $client "non_authorized\n";
+		    }
+		} else {
+		    print $client "auth_mode_error\n";
+		}  
+	    } else {
+		print $client "unknown_user\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- makeuser
+    } elsif ($userinput =~ /^makeuser/) { # encoded and client.
+	&Debug("Make user received");
+	my $oldumask=umask(0077);
+	if (($wasenc==1) && isClient) {
+	    my 
+		($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+	    &Debug("cmd =".$cmd." $udom =".$udom.
+		   " uname=".$uname);
+	    chomp($npass);
+	    $npass=&unescape($npass);
+	    my $proname=propath($udom,$uname);
+	    my $passfilename="$proname/passwd";
+	    &Debug("Password file created will be:".
+		   $passfilename);
+	    if (-e $passfilename) {
+		print $client "already_exists\n";
+	    } elsif ($udom ne $currentdomainid) {
+		print $client "not_right_domain\n";
+	    } else {
+		my @fpparts=split(/\//,$proname);
+		my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
+		my $fperror='';
+		for (my $i=3;$i<=$#fpparts;$i++) {
+		    $fpnow.='/'.$fpparts[$i]; 
+		    unless (-e $fpnow) {
+			unless (mkdir($fpnow,0777)) {
+			    $fperror="error: ".($!+0)
+				." mkdir failed while attempting "
+				."makeuser";
+			}
+		    }
+		}
+		unless ($fperror) {
+		    my $result=&make_passwd_file($uname, $umode,$npass,
+						 $passfilename);
+		    print $client $result;
+		} else {
+		    print $client "$fperror\n";
+		}
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+	umask($oldumask);
+# -------------------------------------------------------------- changeuserauth
+    } elsif ($userinput =~ /^changeuserauth/) { # encoded & client
+	&Debug("Changing authorization");
+	if (($wasenc==1) && isClient) {
+	    my 
+		($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+	    chomp($npass);
+	    &Debug("cmd = ".$cmd." domain= ".$udom.
+		   "uname =".$uname." umode= ".$umode);
+	    $npass=&unescape($npass);
+	    my $proname=&propath($udom,$uname);
+	    my $passfilename="$proname/passwd";
+	    if ($udom ne $currentdomainid) {
+		print $client "not_right_domain\n";
+	    } else {
+		my $result=&make_passwd_file($uname, $umode,$npass,
+					     $passfilename);
+		print $client $result;
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------ home
+    } elsif ($userinput =~ /^home/) { # client clear or encoded
+	if(isClient) {
+	    my ($cmd,$udom,$uname)=split(/:/,$userinput);
+	    chomp($uname);
+	    my $proname=propath($udom,$uname);
+	    if (-e $proname) {
+		print $client "found\n";
+	    } else {
+		print $client "not_found\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ---------------------------------------------------------------------- update
+    } elsif ($userinput =~ /^update/) { # client clear or encoded.
+	if(isClient) {
+	    my ($cmd,$fname)=split(/:/,$userinput);
+	    my $ownership=ishome($fname);
+	    if ($ownership eq 'not_owner') {
+		if (-e $fname) {
+		    my ($dev,$ino,$mode,$nlink,
+			$uid,$gid,$rdev,$size,
+			$atime,$mtime,$ctime,
+			$blksize,$blocks)=stat($fname);
+		    my $now=time;
+		    my $since=$now-$atime;
+		    if ($since>$perlvar{'lonExpire'}) {
+			my $reply=
+			    &reply("unsub:$fname","$clientname");
+				    unlink("$fname");
+		    } else {
+			my $transname="$fname.in.transfer";
+			my $remoteurl=
+			    &reply("sub:$fname","$clientname");
+			my $response;
+			{
+			    my $ua=new LWP::UserAgent;
+			    my $request=new HTTP::Request('GET',"$remoteurl");
+			    $response=$ua->request($request,$transname);
+			}
+			if ($response->is_error()) {
+			    unlink($transname);
+			    my $message=$response->status_line;
+			    &logthis(
+				     "LWP GET: $message for $fname ($remoteurl)");
+			} else {
+			    if ($remoteurl!~/\.meta$/) {
+				my $ua=new LWP::UserAgent;
+				my $mrequest=
+				    new HTTP::Request('GET',$remoteurl.'.meta');
+				my $mresponse=
+				    $ua->request($mrequest,$fname.'.meta');
+				if ($mresponse->is_error()) {
+				    unlink($fname.'.meta');
+				}
+			    }
+			    rename($transname,$fname);
+			}
+		    }
+		    print $client "ok\n";
+		} else {
+		    print $client "not_found\n";
+		}
+	    } else {
+		print $client "rejected\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------- fetch a user file from a remote server
+    } elsif ($userinput =~ /^fetchuserfile/) { # Client clear or enc.
+	if(isClient) {
+	    my ($cmd,$fname)=split(/:/,$userinput);
+	    my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
+	    my $udir=propath($udom,$uname).'/userfiles';
+	    unless (-e $udir) { mkdir($udir,0770); }
+	    if (-e $udir) {
+		$ufile=~s/^[\.\~]+//;
+		my $path = $udir;
+		if ($ufile =~m|(.+)/([^/]+)$|) {
+		    my @parts=split('/',$1);
+		    foreach my $part (@parts) {
+			$path .= '/'.$part;
+			if ((-e $path)!=1) {
+			    mkdir($path,0770);
+			}
+		    }
+		}
+		my $destname=$udir.'/'.$ufile;
+		my $transname=$udir.'/'.$ufile.'.in.transit';
+		my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
+		my $response;
+		{
+		    my $ua=new LWP::UserAgent;
+		    my $request=new HTTP::Request('GET',"$remoteurl");
+		    $response=$ua->request($request,$transname);
+		}
+		if ($response->is_error()) {
+		    unlink($transname);
+		    my $message=$response->status_line;
+		    &logthis("LWP GET: $message for $fname ($remoteurl)");
+		    print $client "failed\n";
+		} else {
+		    if (!rename($transname,$destname)) {
+			&logthis("Unable to move $transname to $destname");
+			unlink($transname);
+			print $client "failed\n";
+		    } else {
+			print $client "ok\n";
+		    }
+		}
+	    } else {
+		print $client "not_home\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+# --------------------------------------------------------- remove a user file 
+    } elsif ($userinput =~ /^removeuserfile/) { # Client clear or enc.
+	if(isClient) {
+	    my ($cmd,$fname)=split(/:/,$userinput);
+	    my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
+	    &logthis("$udom - $uname - $ufile");
+	    if ($ufile =~m|/\.\./|) {
+		# any files paths with /../ in them refuse 
+		# to deal with
+		print $client "refused\n";
+	    } else {
+		my $udir=propath($udom,$uname);
+		if (-e $udir) {
+		    my $file=$udir.'/userfiles/'.$ufile;
+		    if (-e $file) {
+			unlink($file);
+			if (-e $file) {
+			    print $client "failed\n";
+			} else {
+			    print $client "ok\n";
+			}
+		    } else {
+			print $client "not_found\n";
+		    }
+		} else {
+		    print $client "not_home\n";
+		}
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+# ------------------------------------------ authenticate access to a user file
+    } elsif ($userinput =~ /^tokenauthuserfile/) { # Client only
+	if(isClient) {
+	    my ($cmd,$fname,$session)=split(/:/,$userinput);
+	    chomp($session);
+	    my $reply='non_auth';
+	    if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
+		     $session.'.id')) {
+		while (my $line=<ENVIN>) {
+		    if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; }
+			    }
+		close(ENVIN);
+		print $client $reply."\n";
+	    } else {
+		print $client "invalid_token\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------- unsubscribe
+    } elsif ($userinput =~ /^unsub/) {
+	if(isClient) {
+	    my ($cmd,$fname)=split(/:/,$userinput);
+	    if (-e $fname) {
+		print $client &unsub($fname,$clientip);
+	    } else {
+		print $client "not_found\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------- subscribe
+    } elsif ($userinput =~ /^sub/) {
+	if(isClient) {
+	    print $client &subscribe($userinput,$clientip);
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------- current version
+    } elsif ($userinput =~ /^currentversion/) {
+	if(isClient) {
+	    my ($cmd,$fname)=split(/:/,$userinput);
+	    print $client &currentversion($fname)."\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------- log
+    } elsif ($userinput =~ /^log/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
+	    chomp($what);
+	    my $proname=propath($udom,$uname);
+	    my $now=time;
+	    {
+		my $hfh;
+		if ($hfh=IO::File->new(">>$proname/activity.log")) { 
+		    print $hfh "$now:$clientname:$what\n";
+		    print $client "ok\n"; 
+		} else {
+		    print $client "error: ".($!+0)
+			." IO::File->new Failed "
+			."while attempting log\n";
+		}
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------- put
+    } elsif ($userinput =~ /^put/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$what)
+		=split(/:/,$userinput,5);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    if ($namespace ne 'roles') {
+		chomp($what);
+		my $proname=propath($udom,$uname);
+		my $now=time;
+		my @pairs=split(/\&/,$what);
+		my %hash;
+		if (tie(%hash,'GDBM_File',
+			"$proname/$namespace.db",
+			&GDBM_WRCREAT(),0640)) {
+		    unless ($namespace=~/^nohist\_/) {
+			my $hfh;
+			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
+		    }
+		    
+		    foreach my $pair (@pairs) {
+			my ($key,$value)=split(/=/,$pair);
+			$hash{$key}=$value;
+		    }
+		    if (untie(%hash)) {
+			print $client "ok\n";
+		    } else {
+			print $client "error: ".($!+0)
+			    ." untie(GDBM) failed ".
+			    "while attempting put\n";
+		    }
+		} else {
+		    print $client "error: ".($!)
+			." tie(GDBM) Failed ".
+			"while attempting put\n";
+		}
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------- inc
+    } elsif ($userinput =~ /^inc:/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$what)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    if ($namespace ne 'roles') {
+		chomp($what);
+		my $proname=propath($udom,$uname);
+		my $now=time;
+		my @pairs=split(/\&/,$what);
+		my %hash;
+		if (tie(%hash,'GDBM_File',
+			"$proname/$namespace.db",
+			&GDBM_WRCREAT(),0640)) {
+		    unless ($namespace=~/^nohist\_/) {
+			my $hfh;
+			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
+		    }
+		    foreach my $pair (@pairs) {
+			my ($key,$value)=split(/=/,$pair);
+			# We could check that we have a number...
+			if (! defined($value) || $value eq '') {
+			    $value = 1;
+			}
+			$hash{$key}+=$value;
+		    }
+		    if (untie(%hash)) {
+			print $client "ok\n";
+		    } else {
+			print $client "error: ".($!+0)
+			    ." untie(GDBM) failed ".
+			    "while attempting inc\n";
+		    }
+		} else {
+		    print $client "error: ".($!)
+			." tie(GDBM) Failed ".
+			"while attempting inc\n";
+		}
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- rolesput
+    } elsif ($userinput =~ /^rolesput/) {
+	if(isClient) {
+	    &Debug("rolesput");
+	    if ($wasenc==1) {
+		my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
+		    =split(/:/,$userinput);
+		&Debug("cmd = ".$cmd." exedom= ".$exedom.
+		       "user = ".$exeuser." udom=".$udom.
+		       "what = ".$what);
+		my $namespace='roles';
+		chomp($what);
+		my $proname=propath($udom,$uname);
+		my $now=time;
+		my @pairs=split(/\&/,$what);
+		my %hash;
+		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+		    {
+			my $hfh;
+			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { 
+			    print $hfh "P:$now:$exedom:$exeuser:$what\n";
+			}
+		    }
+		    
+		    foreach my $pair (@pairs) {
+			my ($key,$value)=split(/=/,$pair);
+			&ManagePermissions($key, $udom, $uname,
+					   &GetAuthType( $udom, 
+							 $uname));
+			$hash{$key}=$value;
+		    }
+		    if (untie(%hash)) {
+			print $client "ok\n";
+		    } else {
+			print $client "error: ".($!+0)
+			    ." untie(GDBM) Failed ".
+			    "while attempting rolesput\n";
+		    }
+		} else {
+		    print $client "error: ".($!+0)
+			." tie(GDBM) Failed ".
+			"while attempting rolesput\n";
+			    }
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- rolesdel
+    } elsif ($userinput =~ /^rolesdel/) {
+	if(isClient) {
+	    &Debug("rolesdel");
+	    if ($wasenc==1) {
+		my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
+		    =split(/:/,$userinput);
+		&Debug("cmd = ".$cmd." exedom= ".$exedom.
+		       "user = ".$exeuser." udom=".$udom.
+		       "what = ".$what);
+		my $namespace='roles';
+		chomp($what);
+		my $proname=propath($udom,$uname);
+		my $now=time;
+		my @rolekeys=split(/\&/,$what);
+		my %hash;
+		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+		    {
+			my $hfh;
+			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { 
+			    print $hfh "D:$now:$exedom:$exeuser:$what\n";
+			}
+		    }
+		    foreach my $key (@rolekeys) {
+			delete $hash{$key};
+		    }
+		    if (untie(%hash)) {
+			print $client "ok\n";
+		    } else {
+			print $client "error: ".($!+0)
+			    ." untie(GDBM) Failed ".
+			    "while attempting rolesdel\n";
+		    }
+		} else {
+		    print $client "error: ".($!+0)
+			." tie(GDBM) Failed ".
+			"while attempting rolesdel\n";
+		}
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------- get
+    } elsif ($userinput =~ /^get/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$what)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    chomp($what);
+	    my @queries=split(/\&/,$what);
+	    my $proname=propath($udom,$uname);
+	    my $qresult='';
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+		for (my $i=0;$i<=$#queries;$i++) {
+		    $qresult.="$hash{$queries[$i]}&";
+		}
+		if (untie(%hash)) {
+		    $qresult=~s/\&$//;
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting get\n";
+		}
+	    } else {
+		if ($!+0 == 2) {
+		    print $client "error:No such file or ".
+			"GDBM reported bad block error\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." tie(GDBM) Failed ".
+			"while attempting get\n";
+		}
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------ eget
+    } elsif ($userinput =~ /^eget/) {
+	if (isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$what)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    chomp($what);
+	    my @queries=split(/\&/,$what);
+	    my $proname=propath($udom,$uname);
+	    my $qresult='';
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+		for (my $i=0;$i<=$#queries;$i++) {
+		    $qresult.="$hash{$queries[$i]}&";
+		}
+		if (untie(%hash)) {
+		    $qresult=~s/\&$//;
+		    if ($cipher) {
+			my $cmdlength=length($qresult);
+			$qresult.="         ";
+			my $encqresult='';
+			for 
+			    (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+				$encqresult.=
+				    unpack("H16",
+					   $cipher->encrypt(substr($qresult,$encidx,8)));
+			    }
+			print $client "enc:$cmdlength:$encqresult\n";
+		    } else {
+			print $client "error:no_key\n";
+		    }
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting eget\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting eget\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------- del
+    } elsif ($userinput =~ /^del/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$what)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    chomp($what);
+	    my $proname=propath($udom,$uname);
+	    my $now=time;
+	    my @keys=split(/\&/,$what);
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+		unless ($namespace=~/^nohist\_/) {
+		    my $hfh;
+		    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "D:$now:$what\n"; }
+		}
+		foreach my $key (@keys) {
+		    delete($hash{$key});
+		}
+		if (untie(%hash)) {
+		    print $client "ok\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting del\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting del\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------------ keys
+    } elsif ($userinput =~ /^keys/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    my $proname=propath($udom,$uname);
+	    my $qresult='';
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+		foreach my $key (keys %hash) {
+		    $qresult.="$key&";
+		}
+		if (untie(%hash)) {
+		    $qresult=~s/\&$//;
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting keys\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting keys\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------- dumpcurrent
+    } elsif ($userinput =~ /^currentdump/) {
+	if (isClient) {
+	    my ($cmd,$udom,$uname,$namespace)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    my $qresult='';
+	    my $proname=propath($udom,$uname);
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',
+		    "$proname/$namespace.db",
+		    &GDBM_READER(),0640)) {
+			    # Structure of %data:
+		# $data{$symb}->{$parameter}=$value;
+		# $data{$symb}->{'v.'.$parameter}=$version;
+		# since $parameter will be unescaped, we do not
+		# have to worry about silly parameter names...
+		my %data = ();
+		while (my ($key,$value) = each(%hash)) {
+		    my ($v,$symb,$param) = split(/:/,$key);
+		    next if ($v eq 'version' || $symb eq 'keys');
+		    next if (exists($data{$symb}) && 
+			     exists($data{$symb}->{$param}) &&
+			     $data{$symb}->{'v.'.$param} > $v);
+		    $data{$symb}->{$param}=$value;
+		    $data{$symb}->{'v.'.$param}=$v;
+		}
+		if (untie(%hash)) {
+		    while (my ($symb,$param_hash) = each(%data)) {
+			while(my ($param,$value) = each (%$param_hash)){
+			    next if ($param =~ /^v\./);
+			    $qresult.=$symb.':'.$param.'='.$value.'&';
+			}
+		    }
+		    chop($qresult);
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting currentdump\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting currentdump\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+# ------------------------------------------------------------------------ dump
+    } elsif ($userinput =~ /^dump/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$regexp)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    if (defined($regexp)) {
+		$regexp=&unescape($regexp);
+	    } else {
+		$regexp='.';
+	    }
+	    my $qresult='';
+	    my $proname=propath($udom,$uname);
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+		while (my ($key,$value) = each(%hash)) {
+		    if ($regexp eq '.') {
+			$qresult.=$key.'='.$value.'&';
+		    } else {
+			my $unescapeKey = &unescape($key);
+			if (eval('$unescapeKey=~/$regexp/')) {
+			    $qresult.="$key=$value&";
+			}
+		    }
+		}
+		if (untie(%hash)) {
+		    chop($qresult);
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting dump\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting dump\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------------- store
+    } elsif ($userinput =~ /^store/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$rid,$what)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    if ($namespace ne 'roles') {
+		chomp($what);
+		my $proname=propath($udom,$uname);
+		my $now=time;
+		my @pairs=split(/\&/,$what);
+		my %hash;
+		if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+		    unless ($namespace=~/^nohist\_/) {
+			my $hfh;
+			if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
+			    print $hfh "P:$now:$rid:$what\n";
+			}
+		    }
+		    my @previouskeys=split(/&/,$hash{"keys:$rid"});
+		    my $key;
+		    $hash{"version:$rid"}++;
+		    my $version=$hash{"version:$rid"};
+		    my $allkeys=''; 
+		    foreach my $pair (@pairs) {
+			my ($key,$value)=split(/=/,$pair);
+			$allkeys.=$key.':';
+			$hash{"$version:$rid:$key"}=$value;
+		    }
+		    $hash{"$version:$rid:timestamp"}=$now;
+		    $allkeys.='timestamp';
+		    $hash{"$version:keys:$rid"}=$allkeys;
+		    if (untie(%hash)) {
+			print $client "ok\n";
+		    } else {
+			print $client "error: ".($!+0)
+			    ." untie(GDBM) Failed ".
+			    "while attempting store\n";
+				}
+		} else {
+		    print $client "error: ".($!+0)
+			." tie(GDBM) Failed ".
+			"while attempting store\n";
+		}
+	    } else {
+		print $client "refused\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# --------------------------------------------------------------------- restore
+    } elsif ($userinput =~ /^restore/) {
+	if(isClient) {
+	    my ($cmd,$udom,$uname,$namespace,$rid)
+		=split(/:/,$userinput);
+	    $namespace=~s/\//\_/g;
+	    $namespace=~s/\W//g;
+	    chomp($rid);
+	    my $proname=propath($udom,$uname);
+	    my $qresult='';
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+		my $version=$hash{"version:$rid"};
+		$qresult.="version=$version&";
+		my $scope;
+		for ($scope=1;$scope<=$version;$scope++) {
+		    my $vkeys=$hash{"$scope:keys:$rid"};
+		    my @keys=split(/:/,$vkeys);
+		    my $key;
+		    $qresult.="$scope:keys=$vkeys&";
+		    foreach $key (@keys) {
+			$qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
+		    }                                  
+		}
+		if (untie(%hash)) {
+		    $qresult=~s/\&$//;
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting restore\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting restore\n";
+	    }
+	} else  {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- chatsend
+    } elsif ($userinput =~ /^chatsend/) {
+	if(isClient) {
+	    my ($cmd,$cdom,$cnum,$newpost)=split(/\:/,$userinput);
+	    &chatadd($cdom,$cnum,$newpost);
+	    print $client "ok\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# -------------------------------------------------------------------- chatretr
+    } elsif ($userinput =~ /^chatretr/) {
+	if(isClient) {
+	    my 
+		($cmd,$cdom,$cnum,$udom,$uname)=split(/\:/,$userinput);
+	    my $reply='';
+	    foreach (&getchat($cdom,$cnum,$udom,$uname)) {
+		$reply.=&escape($_).':';
+	    }
+	    $reply=~s/\:$//;
+	    print $client $reply."\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------- querysend
+    } elsif ($userinput =~ /^querysend/) {
+	if (isClient) {
+	    my ($cmd,$query,
+		$arg1,$arg2,$arg3)=split(/\:/,$userinput);
+	    $query=~s/\n*$//g;
+	    print $client "".
+		sqlreply("$clientname\&$query".
+			 "\&$arg1"."\&$arg2"."\&$arg3")."\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------ queryreply
+    } elsif ($userinput =~ /^queryreply/) {
+	if(isClient) {
+	    my ($cmd,$id,$reply)=split(/:/,$userinput); 
+	    my $store;
+	    my $execdir=$perlvar{'lonDaemons'};
+	    if ($store=IO::File->new(">$execdir/tmp/$id")) {
+		$reply=~s/\&/\n/g;
+		print $store $reply;
+		close $store;
+		my $store2=IO::File->new(">$execdir/tmp/$id.end");
+		print $store2 "done\n";
+		close $store2;
+		print $client "ok\n";
+	    }
+	    else {
+		print $client "error: ".($!+0)
+		    ." IO::File->new Failed ".
+		    "while attempting queryreply\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------- courseidput
+    } elsif ($userinput =~ /^courseidput/) {
+	if(isClient) {
+	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+	    chomp($what);
+			$udom=~s/\W//g;
+	    my $proname=
+		"$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
+	    my $now=time;
+	    my @pairs=split(/\&/,$what);
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+		foreach my $pair (@pairs) {
+		    my ($key,$descr,$inst_code)=split(/=/,$pair);
+		    $hash{$key}=$descr.':'.$inst_code.':'.$now;
+		}
+		if (untie(%hash)) {
+		    print $client "ok\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting courseidput\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting courseidput\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ---------------------------------------------------------------- courseiddump
+    } elsif ($userinput =~ /^courseiddump/) {
+	if(isClient) {
+	    my ($cmd,$udom,$since,$description)
+		=split(/:/,$userinput);
+	    if (defined($description)) {
+		$description=&unescape($description);
+	    } else {
+		$description='.';
+	    }
+	    unless (defined($since)) { $since=0; }
+	    my $qresult='';
+	    my $proname=
+		"$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+		while (my ($key,$value) = each(%hash)) {
+		    my ($descr,$lasttime,$inst_code);
+		    if ($value =~ m/^([^\:]*):([^\:]*):(\d+)$/) {
+			($descr,$inst_code,$lasttime)=($1,$2,$3);
+		    } else {
+			($descr,$lasttime) = split(/\:/,$value);
+		    }
+		    if ($lasttime<$since) { next; }
+		    if ($description eq '.') {
+			$qresult.=$key.'='.$descr.':'.$inst_code.'&';
+		    } else {
+			my $unescapeVal = &unescape($descr);
+			if (eval('$unescapeVal=~/\Q$description\E/i')) {
+			    $qresult.=$key.'='.$descr.':'.$inst_code.'&';
+			}
+		    }
+		}
+		if (untie(%hash)) {
+		    chop($qresult);
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting courseiddump\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting courseiddump\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------------- idput
+    } elsif ($userinput =~ /^idput/) {
+	if(isClient) {
+	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+	    chomp($what);
+	    $udom=~s/\W//g;
+	    my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+	    my $now=time;
+	    my @pairs=split(/\&/,$what);
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+		{
+		    my $hfh;
+		    if ($hfh=IO::File->new(">>$proname.hist")) {
+			print $hfh "P:$now:$what\n";
+		    }
+		}
+		foreach my $pair (@pairs) {
+		    my ($key,$value)=split(/=/,$pair);
+		    $hash{$key}=$value;
+		}
+		if (untie(%hash)) {
+		    print $client "ok\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting idput\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting idput\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------------- idget
+    } elsif ($userinput =~ /^idget/) {
+	if(isClient) {
+	    my ($cmd,$udom,$what)=split(/:/,$userinput);
+	    chomp($what);
+	    $udom=~s/\W//g;
+	    my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+	    my @queries=split(/\&/,$what);
+	    my $qresult='';
+	    my %hash;
+	    if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+		for (my $i=0;$i<=$#queries;$i++) {
+		    $qresult.="$hash{$queries[$i]}&";
+		}
+		if (untie(%hash)) {
+		    $qresult=~s/\&$//;
+		    print $client "$qresult\n";
+		} else {
+		    print $client "error: ".($!+0)
+			." untie(GDBM) Failed ".
+			"while attempting idget\n";
+		}
+	    } else {
+		print $client "error: ".($!+0)
+		    ." tie(GDBM) Failed ".
+		    "while attempting idget\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ---------------------------------------------------------------------- tmpput
+    } elsif ($userinput =~ /^tmpput/) {
+	if(isClient) {
+	    my ($cmd,$what)=split(/:/,$userinput);
+	    my $store;
+	    $tmpsnum++;
+	    my $id=$$.'_'.$clientip.'_'.$tmpsnum;
+	    $id=~s/\W/\_/g;
+	    $what=~s/\n//g;
+	    my $execdir=$perlvar{'lonDaemons'};
+	    if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
+		print $store $what;
+		close $store;
+		print $client "$id\n";
+	    }
+	    else {
+		print $client "error: ".($!+0)
+		    ."IO::File->new Failed ".
+		    "while attempting tmpput\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+	
+# ---------------------------------------------------------------------- tmpget
+    } elsif ($userinput =~ /^tmpget/) {
+	if(isClient) {
+	    my ($cmd,$id)=split(/:/,$userinput);
+	    chomp($id);
+	    $id=~s/\W/\_/g;
+	    my $store;
+	    my $execdir=$perlvar{'lonDaemons'};
+	    if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
+		my $reply=<$store>;
+			    print $client "$reply\n";
+		close $store;
+	    }
+	    else {
+		print $client "error: ".($!+0)
+		    ."IO::File->new Failed ".
+		    "while attempting tmpget\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ---------------------------------------------------------------------- tmpdel
+    } elsif ($userinput =~ /^tmpdel/) {
+	if(isClient) {
+	    my ($cmd,$id)=split(/:/,$userinput);
+	    chomp($id);
+	    $id=~s/\W/\_/g;
+	    my $execdir=$perlvar{'lonDaemons'};
+	    if (unlink("$execdir/tmp/$id.tmp")) {
+		print $client "ok\n";
+	    } else {
+		print $client "error: ".($!+0)
+		    ."Unlink tmp Failed ".
+		    "while attempting tmpdel\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------- portfolio directory list (portls)
+    } elsif ($userinput =~ /^portls/) {
+	if(isClient) {
+	    my ($cmd,$uname,$udom)=split(/:/,$userinput);
+	    my $udir=propath($udom,$uname).'/userfiles/portfolio';
+	    my $dirLine='';
+	    my $dirContents='';
+	    if (opendir(LSDIR,$udir.'/')){
+		while ($dirLine = readdir(LSDIR)){
+		    $dirContents = $dirContents.$dirLine.'<br />';
+		}
+	    } else {
+		$dirContents = "No directory found\n";
+	    }
+	    print $client $dirContents."\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	}
+# -------------------------------------------------------------------------- ls
+    } elsif ($userinput =~ /^ls/) {
+	if(isClient) {
+	    my $obs;
+	    my $rights;
+	    my ($cmd,$ulsdir)=split(/:/,$userinput);
+	    my $ulsout='';
+	    my $ulsfn;
+	    if (-e $ulsdir) {
+		if(-d $ulsdir) {
+		    if (opendir(LSDIR,$ulsdir)) {
+			while ($ulsfn=readdir(LSDIR)) {
+			    undef $obs, $rights; 
+			    my @ulsstats=stat($ulsdir.'/'.$ulsfn);
+			    #We do some obsolete checking here
+			    if(-e $ulsdir.'/'.$ulsfn.".meta") { 
+				open(FILE, $ulsdir.'/'.$ulsfn.".meta");
+				my @obsolete=<FILE>;
+				foreach my $obsolete (@obsolete) {
+				    if($obsolete =~ m|(<obsolete>)(on)|) { $obs = 1; } 
+				    if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
+				}
+			    }
+			    $ulsout.=$ulsfn.'&'.join('&',@ulsstats);
+			    if($obs eq '1') { $ulsout.="&1"; }
+			    else { $ulsout.="&0"; }
+			    if($rights eq '1') { $ulsout.="&1:"; }
+			    else { $ulsout.="&0:"; }
+			}
+			closedir(LSDIR);
+		    }
+		} else {
+		    my @ulsstats=stat($ulsdir);
+		    $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
+		}
+	    } else {
+		$ulsout='no_such_dir';
+	    }
+	    if ($ulsout eq '') { $ulsout='empty'; }
+	    print $client "$ulsout\n";
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ----------------------------------------------------------------- setannounce
+    } elsif ($userinput =~ /^setannounce/) {
+	if (isClient) {
+	    my ($cmd,$announcement)=split(/:/,$userinput);
+	    chomp($announcement);
+	    $announcement=&unescape($announcement);
+	    if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
+					'/announcement.txt')) {
+		print $store $announcement;
+		close $store;
+		print $client "ok\n";
+	    } else {
+		print $client "error: ".($!+0)."\n";
+	    }
+	} else {
+	    Reply($client, "refused\n", $userinput);
+	    
+	}
+# ------------------------------------------------------------------ Hanging up
+    } elsif (($userinput =~ /^exit/) ||
+	     ($userinput =~ /^init/)) { # no restrictions.
+	&logthis(
+		 "Client $clientip ($clientname) hanging up: $userinput");
+	print $client "bye\n";
+	$client->shutdown(2);        # shutdown the socket forcibly.
+	$client->close();
+	return 0;
+	
+# ---------------------------------- set current host/domain
+    } elsif ($userinput =~ /^sethost:/) {
+	if (isClient) {
+	    print $client &sethost($userinput)."\n";
+	} else {
+	    print $client "refused\n";
+	}
+#---------------------------------- request file (?) version.
+    } elsif ($userinput =~/^version:/) {
+	if (isClient) {
+	    print $client &version($userinput)."\n";
+	} else {
+	    print $client "refused\n";
+	}
+#------------------------------- is auto-enrollment enabled?
+    } elsif ($userinput =~/^autorun:/) {
+	if (isClient) {
+	    my ($cmd,$cdom) = split(/:/,$userinput);
+	    my $outcome = &localenroll::run($cdom);
+	    print $client "$outcome\n";
+	} else {
+	    print $client "0\n";
+	}
+#------------------------------- get official sections (for auto-enrollment).
+    } elsif ($userinput =~/^autogetsections:/) {
+	if (isClient) {
+	    my ($cmd,$coursecode,$cdom)=split(/:/,$userinput);
+	    my @secs = &localenroll::get_sections($coursecode,$cdom);
+	    my $seclist = &escape(join(':',@secs));
+	    print $client "$seclist\n";
+	} else {
+	    print $client "refused\n";
+	}
+#----------------------- validate owner of new course section (for auto-enrollment).
+    } elsif ($userinput =~/^autonewcourse:/) {
+	if (isClient) {
+	    my ($cmd,$inst_course_id,$owner,$cdom)=split(/:/,$userinput);
+	    my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
+	    print $client "$outcome\n";
+	} else {
+	    print $client "refused\n";
+	}
+#-------------- validate course section in schedule of classes (for auto-enrollment).
+    } elsif ($userinput =~/^autovalidatecourse:/) {
+	if (isClient) {
+	    my ($cmd,$inst_course_id,$cdom)=split(/:/,$userinput);
+	    my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
+	    print $client "$outcome\n";
+	} else {
+	    print $client "refused\n";
+	}
+#--------------------------- create password for new user (for auto-enrollment).
+    } elsif ($userinput =~/^autocreatepassword:/) {
+	if (isClient) {
+	    my ($cmd,$authparam,$cdom)=split(/:/,$userinput);
+	    my ($create_passwd,$authchk);
+	    ($authparam,$create_passwd,$authchk) = &localenroll::create_password($authparam,$cdom);
+	    print $client &escape($authparam.':'.$create_passwd.':'.$authchk)."\n";
+	} else {
+	    print $client "refused\n";
+	}
+#---------------------------  read and remove temporary files (for auto-enrollment).
+    } elsif ($userinput =~/^autoretrieve:/) {
+	if (isClient) {
+	    my ($cmd,$filename) = split(/:/,$userinput);
+	    my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
+	    if ( (-e $source) && ($filename ne '') ) {
+		my $reply = '';
+		if (open(my $fh,$source)) {
+		    while (<$fh>) {
+			chomp($_);
+			$_ =~ s/^\s+//g;
+			$_ =~ s/\s+$//g;
+			$reply .= $_;
+		    }
+		    close($fh);
+		    print $client &escape($reply)."\n";
+#                                unlink($source);
+		} else {
+		    print $client "error\n";
+		}
+	    } else {
+		print $client "error\n";
+	    }
+	} else {
+	    print $client "refused\n";
+	}
+#---------------------  read and retrieve institutional code format (for support form).
+    } elsif ($userinput =~/^autoinstcodeformat:/) {
+	if (isClient) {
+	    my $reply;
+	    my($cmd,$cdom,$course) = split(/:/,$userinput);
+	    my @pairs = split/\&/,$course;
+	    my %instcodes = ();
+	    my %codes = ();
+	    my @codetitles = ();
+	    my %cat_titles = ();
+	    my %cat_order = ();
+	    foreach (@pairs) {
+		my ($key,$value) = split/=/,$_;
+		$instcodes{&unescape($key)} = &unescape($value);
+	    }
+	    my $formatreply = &localenroll::instcode_format($cdom,\%instcodes,\%codes,\@codetitles,\%cat_titles,\%cat_order);
+	    if ($formatreply eq 'ok') {
+		my $codes_str = &hash2str(%codes);
+		my $codetitles_str = &array2str(@codetitles);
+		my $cat_titles_str = &hash2str(%cat_titles);
+		my $cat_order_str = &hash2str(%cat_order);
+		print $client $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'.$cat_order_str."\n";
+	    }
+	} else {
+	    print $client "refused\n";
+	}
+# ------------------------------------------------------------- unknown command
+	
+    } else {
+	# unknown command
+	print $client "unknown_cmd\n";
+    }
+# -------------------------------------------------------------------- complete
+    Debug("process_request - returning 1");
+    return 1;
+}
+#
+#   Decipher encoded traffic
+#  Parameters:
+#     input      - Encoded data.
+#  Returns:
+#     Decoded data or undef if encryption key was not yet negotiated.
+#  Implicit input:
+#     cipher  - This global holds the negotiated encryption key.
+#
+sub decipher {
+    my ($input)  = @_;
+    my $output = '';
+    
+    
+    if($cipher) {
+	my($enc, $enclength, $encinput) = split(/:/, $input);
+	for(my $encidx = 0; $encidx < length($encinput); $encidx += 16) {
+	    $output .= 
+		$cipher->decrypt(pack("H16", substr($encinput, $encidx, 16)));
+	}
+	return substr($output, 0, $enclength);
+    } else {
+	return undef;
+    }
+}
+
+#
+#   Register a command processor.  This function is invoked to register a sub
+#   to process a request.  Once registered, the ProcessRequest sub can automatically
+#   dispatch requests to an appropriate sub, and do the top level validity checking
+#   as well:
+#    - Is the keyword recognized.
+#    - Is the proper client type attempting the request.
+#    - Is the request encrypted if it has to be.
+#   Parameters:
+#    $request_name         - Name of the request being registered.
+#                           This is the command request that will match
+#                           against the hash keywords to lookup the information
+#                           associated with the dispatch information.
+#    $procedure           - Reference to a sub to call to process the request.
+#                           All subs get called as follows:
+#                             Procedure($cmd, $tail, $replyfd, $key)
+#                             $cmd    - the actual keyword that invoked us.
+#                             $tail   - the tail of the request that invoked us.
+#                             $replyfd- File descriptor connected to the client
+#    $must_encode          - True if the request must be encoded to be good.
+#    $client_ok            - True if it's ok for a client to request this.
+#    $manager_ok           - True if it's ok for a manager to request this.
+# Side effects:
+#      - On success, the Dispatcher hash has an entry added for the key $RequestName
+#      - On failure, the program will die as it's a bad internal bug to try to 
+#        register a duplicate command handler.
+#
+sub register_handler {
+    my ($request_name,$procedure,$must_encode,	$client_ok,$manager_ok)   = @_;
+
+    #  Don't allow duplication#
+   
+    if (defined $Dispatcher{$request_name}) {
+	die "Attempting to define a duplicate request handler for $request_name\n";
+    }
+    #   Build the client type mask:
+    
+    my $client_type_mask = 0;
+    if($client_ok) {
+	$client_type_mask  |= $CLIENT_OK;
+    }
+    if($manager_ok) {
+	$client_type_mask  |= $MANAGER_OK;
+    }
+   
+    #  Enter the hash:
+      
+    my @entry = ($procedure, $must_encode, $client_type_mask);
+   
+    $Dispatcher{$request_name} = \@entry;
+   
+   
+}
+
+
+#------------------------------------------------------------------
+
+
+
+
+#
+#  Convert an error return code from lcpasswd to a string value.
+#
+sub lcpasswdstrerror {
+    my $ErrorCode = shift;
+    if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) {
+	return "lcpasswd Unrecognized error return value ".$ErrorCode;
+    } else {
+	return $passwderrors[$ErrorCode];
+    }
+}
+
+#
+# Convert an error return code from lcuseradd to a string value:
+#
+sub lcuseraddstrerror {
+    my $ErrorCode = shift;
+    if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) {
+	return "lcuseradd - Unrecognized error code: ".$ErrorCode;
+    } else {
+	return $adderrors[$ErrorCode];
+    }
+}
+
+# grabs exception and records it to log before exiting
+sub catchexception {
+    my ($error)=@_;
+    $SIG{'QUIT'}='DEFAULT';
+    $SIG{__DIE__}='DEFAULT';
+    &status("Catching exception");
+    &logthis("<font color='red'>CRITICAL: "
+     ."ABNORMAL EXIT. Child $$ for server $thisserver died through "
+     ."a crash with this error msg->[$error]</font>");
+    &logthis('Famous last words: '.$status.' - '.$lastlog);
+    if ($client) { print $client "error: $error\n"; }
+    $server->close();
+    die($error);
+}
+
+sub timeout {
+    &status("Handling Timeout");
+    &logthis("<font color='red'>CRITICAL: TIME OUT ".$$."</font>");
+    &catchexception('Timeout');
+}
+# -------------------------------- Set signal handlers to record abnormal exits
+
+$SIG{'QUIT'}=\&catchexception;
+$SIG{__DIE__}=\&catchexception;
+
+# ---------------------------------- Read loncapa_apache.conf and loncapa.conf
+&status("Read loncapa.conf and loncapa_apache.conf");
+my $perlvarref=LONCAPA::Configuration::read_conf('loncapa.conf');
+%perlvar=%{$perlvarref};
+undef $perlvarref;
+
+# ----------------------------- Make sure this process is running from user=www
+my $wwwid=getpwnam('www');
+if ($wwwid!=$<) {
+   my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
+   my $subj="LON: $currenthostid User ID mismatch";
+   system("echo 'User ID mismatch.  lond must be run as user www.' |\
+ mailto $emailto -s '$subj' > /dev/null");
+   exit 1;
+}
+
+# --------------------------------------------- Check if other instance running
+
+my $pidfile="$perlvar{'lonDaemons'}/logs/lond.pid";
+
+if (-e $pidfile) {
+   my $lfh=IO::File->new("$pidfile");
+   my $pide=<$lfh>;
+   chomp($pide);
+   if (kill 0 => $pide) { die "already running"; }
+}
+
+# ------------------------------------------------------------- Read hosts file
+
+
+
+# establish SERVER socket, bind and listen.
+$server = IO::Socket::INET->new(LocalPort => $perlvar{'londPort'},
+                                Type      => SOCK_STREAM,
+                                Proto     => 'tcp',
+                                Reuse     => 1,
+                                Listen    => 10 )
+  or die "making socket: $@\n";
+
+# --------------------------------------------------------- Do global variables
+
+# global variables
+
+my %children               = ();       # keys are current child process IDs
+
+sub REAPER {                        # takes care of dead children
+    $SIG{CHLD} = \&REAPER;
+    &status("Handling child death");
+    my $pid;
+    do {
+	$pid = waitpid(-1,&WNOHANG());
+	if (defined($children{$pid})) {
+	    &logthis("Child $pid died");
+	    delete($children{$pid});
+	} elsif ($pid > 0) {
+	    &logthis("Unknown Child $pid died");
+	}
+    } while ( $pid > 0 );
+    foreach my $child (keys(%children)) {
+	$pid = waitpid($child,&WNOHANG());
+	if ($pid > 0) {
+	    &logthis("Child $child - $pid looks like we missed it's death");
+	    delete($children{$pid});
+	}
+    }
+    &status("Finished Handling child death");
+}
+
+sub HUNTSMAN {                      # signal handler for SIGINT
+    &status("Killing children (INT)");
+    local($SIG{CHLD}) = 'IGNORE';   # we're going to kill our children
+    kill 'INT' => keys %children;
+    &logthis("Free socket: ".shutdown($server,2)); # free up socket
+    my $execdir=$perlvar{'lonDaemons'};
+    unlink("$execdir/logs/lond.pid");
+    &logthis("<font color='red'>CRITICAL: Shutting down</font>");
+    &status("Done killing children");
+    exit;                           # clean up with dignity
+}
+
+sub HUPSMAN {                      # signal handler for SIGHUP
+    local($SIG{CHLD}) = 'IGNORE';  # we're going to kill our children
+    &status("Killing children for restart (HUP)");
+    kill 'INT' => keys %children;
+    &logthis("Free socket: ".shutdown($server,2)); # free up socket
+    &logthis("<font color='red'>CRITICAL: Restarting</font>");
+    my $execdir=$perlvar{'lonDaemons'};
+    unlink("$execdir/logs/lond.pid");
+    &status("Restarting self (HUP)");
+    exec("$execdir/lond");         # here we go again
+}
+
+#
+#    Kill off hashes that describe the host table prior to re-reading it.
+#    Hashes affected are:
+#       %hostid, %hostdom %hostip %hostdns.
+#
+sub KillHostHashes {
+    foreach my $key (keys %hostid) {
+	delete $hostid{$key};
+    }
+    foreach my $key (keys %hostdom) {
+	delete $hostdom{$key};
+    }
+    foreach my $key (keys %hostip) {
+	delete $hostip{$key};
+    }
+    foreach my $key (keys %hostdns) {
 	delete $hostdns{$key};
     }
 }
@@ -1396,7 +3016,8 @@
         } 
     }
     sleep 5;
-    $SIG{ALRM} = sub { die "timeout" };
+    $SIG{ALRM} = sub { Debug("timeout"); 
+		       die "timeout";  };
     $SIG{__DIE__} = 'DEFAULT';
     &status("Checking on the children (waiting for reports)");
     foreach (sort keys %children) {
@@ -1448,12 +3069,44 @@
 #     request - Original request from client.
 #
 sub Reply {
+    alarm(120);
+    my $fd      = shift;
+    my $reply   = shift;
+    my $request = shift;
 
     my ($fd, $reply, $request) = @_;
-
     print $fd $reply;
     Debug("Request was $request  Reply was $reply");
 
+    $Transactions++;
+    alarm(0);
+
+
+}
+
+
+#
+#    Sub to report a failure.
+#    This function:
+#     -   Increments the failure statistic counters.
+#     -   Invokes Reply to send the error message to the client.
+# Parameters:
+#    fd       - File descriptor open on the client
+#    reply    - Reply text to emit.
+#    request  - The original request message (used by Reply
+#               to debug if that's enabled.
+# Implicit outputs:
+#    $Failures- The number of failures is incremented.
+#    Reply (invoked here) sends a message to the 
+#    client:
+#
+sub Failure {
+    my $fd      = shift;
+    my $reply   = shift;
+    my $request = shift;
+   
+    $Failures++;
+    Reply($fd, $reply, $request);      # That's simple eh?
 }
 # ------------------------------------------------------------------ Log status
 
@@ -1567,1933 +3220,323 @@
     }
   } else {
     $answer='self_reply';
-  } 
-  return $answer;
-}
-
-# -------------------------------------------------------------- Talk to lonsql
-
-sub sqlreply {
-    my ($cmd)=@_;
-    my $answer=subsqlreply($cmd);
-    if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
-    return $answer;
-}
-
-sub subsqlreply {
-    my ($cmd)=@_;
-    my $unixsock="mysqlsock";
-    my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
-    my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
-                                      Type    => SOCK_STREAM,
-                                      Timeout => 10)
-       or return "con_lost";
-    print $sclient "$cmd\n";
-    my $answer=<$sclient>;
-    chomp($answer);
-    if (!$answer) { $answer="con_lost"; }
-    return $answer;
-}
-
-# -------------------------------------------- Return path to profile directory
-
-sub propath {
-    my ($udom,$uname)=@_;
-    $udom=~s/\W//g;
-    $uname=~s/\W//g;
-    my $subdir=$uname.'__';
-    $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
-    my $proname="$perlvar{'lonUsersDir'}/$udom/$subdir/$uname";
-    return $proname;
-} 
-
-# --------------------------------------- Is this the home server of an author?
-
-sub ishome {
-    my $author=shift;
-    $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
-    my ($udom,$uname)=split(/\//,$author);
-    my $proname=propath($udom,$uname);
-    if (-e $proname) {
-	return 'owner';
-    } else {
-        return 'not_owner';
-    }
-}
-
-# ======================================================= Continue main program
-# ---------------------------------------------------- Fork once and dissociate
-
-my $fpid=fork;
-exit if $fpid;
-die "Couldn't fork: $!" unless defined ($fpid);
-
-POSIX::setsid() or die "Can't start new session: $!";
-
-# ------------------------------------------------------- Write our PID on disk
-
-my $execdir=$perlvar{'lonDaemons'};
-open (PIDSAVE,">$execdir/logs/lond.pid");
-print PIDSAVE "$$\n";
-close(PIDSAVE);
-&logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
-&status('Starting');
-
-
-
-# ----------------------------------------------------- Install signal handlers
-
-
-$SIG{CHLD} = \&REAPER;
-$SIG{INT}  = $SIG{TERM} = \&HUNTSMAN;
-$SIG{HUP}  = \&HUPSMAN;
-$SIG{USR1} = \&checkchildren;
-$SIG{USR2} = \&UpdateHosts;
-
-#  Read the host hashes:
-
-ReadHostTable;
-
-# --------------------------------------------------------------
-#   Accept connections.  When a connection comes in, it is validated
-#   and if good, a child process is created to process transactions
-#   along the connection.
-
-while (1) {
-    &status('Starting accept');
-    $client = $server->accept() or next;
-    &status('Accepted '.$client.' off to spawn');
-    make_new_child($client);
-    &status('Finished spawning');
-}
-
-sub make_new_child {
-    my $pid;
-#    my $cipher;     # Now global
-    my $sigset;
-
-    $client = shift;
-    &status('Starting new child '.$client);
-    &logthis('<font color="green"> Attempting to start child ('.$client.
-	     ")</font>");    
-    # block signal for fork
-    $sigset = POSIX::SigSet->new(SIGINT);
-    sigprocmask(SIG_BLOCK, $sigset)
-        or die "Can't block SIGINT for fork: $!\n";
-
-    die "fork: $!" unless defined ($pid = fork);
-
-    $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
-	                               # connection liveness.
-
-    #
-    #  Figure out who we're talking to so we can record the peer in 
-    #  the pid hash.
-    #
-    my $caller = getpeername($client);
-    my ($port,$iaddr);
-    if (defined($caller) && length($caller) > 0) {
-	($port,$iaddr)=unpack_sockaddr_in($caller);
-    } else {
-	&logthis("Unable to determine who caller was, getpeername returned nothing");
-    }
-    if (defined($iaddr)) {
-	$clientip  = inet_ntoa($iaddr);
-	Debug("Connected with $clientip");
-	$clientdns = gethostbyaddr($iaddr, AF_INET);
-	Debug("Connected with $clientdns by name");
-    } else {
-	&logthis("Unable to determine clientip");
-	$clientip='Unavailable';
-    }
-    
-    if ($pid) {
-        # Parent records the child's birth and returns.
-        sigprocmask(SIG_UNBLOCK, $sigset)
-            or die "Can't unblock SIGINT for fork: $!\n";
-        $children{$pid} = $clientip;
-        &status('Started child '.$pid);
-        return;
-    } else {
-        # Child can *not* return from this subroutine.
-        $SIG{INT} = 'DEFAULT';      # make SIGINT kill us as it did before
-        $SIG{CHLD} = 'DEFAULT'; #make this default so that pwauth returns 
-                                #don't get intercepted
-        $SIG{USR1}= \&logstatus;
-        $SIG{ALRM}= \&timeout;
-        $lastlog='Forked ';
-        $status='Forked';
+  } 
+  return $answer;
+}
 
-        # unblock signals
-        sigprocmask(SIG_UNBLOCK, $sigset)
-            or die "Can't unblock SIGINT for fork: $!\n";
+# -------------------------------------------------------------- Talk to lonsql
 
-#        my $tmpsnum=0;            # Now global
-#---------------------------------------------------- kerberos 5 initialization
-        &Authen::Krb5::init_context();
-        &Authen::Krb5::init_ets();
+sub sqlreply {
+    my ($cmd)=@_;
+    my $answer=subsqlreply($cmd);
+    if ($answer eq 'con_lost') { $answer=subsqlreply($cmd); }
+    return $answer;
+}
 
-	&status('Accepted connection');
-# =============================================================================
-            # do something with the connection
-# -----------------------------------------------------------------------------
-	# see if we know client and 'check' for spoof IP by ineffective challenge
+sub subsqlreply {
+    my ($cmd)=@_;
+    my $unixsock="mysqlsock";
+    my $peerfile="$perlvar{'lonSockDir'}/$unixsock";
+    my $sclient=IO::Socket::UNIX->new(Peer    =>"$peerfile",
+                                      Type    => SOCK_STREAM,
+                                      Timeout => 10)
+       or return "con_lost";
+    print $sclient "$cmd\n";
+    my $answer=<$sclient>;
+    chomp($answer);
+    if (!$answer) { $answer="con_lost"; }
+    return $answer;
+}
 
-	ReadManagerTable;	# May also be a manager!!
-	
-	my $clientrec=($hostid{$clientip}     ne undef);
-	my $ismanager=($managers{$clientip}    ne undef);
-	$clientname  = "[unknonwn]";
-	if($clientrec) {	# Establish client type.
-	    $ConnectionType = "client";
-	    $clientname = $hostid{$clientip};
-	    if($ismanager) {
-		$ConnectionType = "both";
-	    }
-	} else {
-	    $ConnectionType = "manager";
-	    $clientname = $managers{$clientip};
-	}
-	my $clientok;
+# -------------------------------------------- Return path to profile directory
 
-	if ($clientrec || $ismanager) {
-	    &status("Waiting for init from $clientip $clientname");
-	    &logthis('<font color="yellow">INFO: Connection, '.
-		     $clientip.
-		  " ($clientname) connection type = $ConnectionType </font>" );
-	    &status("Connecting $clientip  ($clientname))"); 
-	    my $remotereq=<$client>;
-	    chomp($remotereq);
-	    Debug("Got init: $remotereq");
-	    my $inikeyword = split(/:/, $remotereq);
-	    if ($remotereq =~ /^init/) {
-		&sethost("sethost:$perlvar{'lonHostID'}");
-		#
-		#  If the remote is attempting a local init... give that a try:
-		#
-		my ($i, $inittype) = split(/:/, $remotereq);
+sub propath {
+    my ($udom,$uname)=@_;
+    $udom=~s/\W//g;
+    $uname=~s/\W//g;
+    my $subdir=$uname.'__';
+    $subdir =~ s/(.)(.)(.).*/$1\/$2\/$3/;
+    my $proname="$perlvar{'lonUsersDir'}/$udom/$subdir/$uname";
+    return $proname;
+} 
 
-		# If the connection type is ssl, but I didn't get my
-		# certificate files yet, then I'll drop  back to 
-		# insecure (if allowed).
-		
-		if($inittype eq "ssl") {
-		    my ($ca, $cert) = lonssl::CertificateFile;
-		    my $kfile       = lonssl::KeyFile;
-		    if((!$ca)   || 
-		       (!$cert) || 
-		       (!$kfile)) {
-			$inittype = ""; # This forces insecure attempt.
-			&logthis("<font color=\"blue\"> Certificates not "
-				 ."installed -- trying insecure auth</font>");
-		    }
-		    else {	# SSL certificates are in place so
-		    }		# Leave the inittype alone.
-		}
+# --------------------------------------- Is this the home server of an author?
 
-		if($inittype eq "local") {
-		    my $key = LocalConnection($client, $remotereq);
-		    if($key) {
-			Debug("Got local key $key");
-			$clientok     = 1;
-			my $cipherkey = pack("H32", $key);
-			$cipher       = new IDEA($cipherkey);
-			print $client "ok:local\n";
-			&logthis('<font color="green"'
-				 . "Successful local authentication </font>");
-			$keymode = "local"
-		    } else {
-			Debug("Failed to get local key");
-			$clientok = 0;
-			shutdown($client, 3);
-			close $client;
-		    }
-		} elsif ($inittype eq "ssl") {
-		    my $key = SSLConnection($client);
-		    if ($key) {
-			$clientok = 1;
-			my $cipherkey = pack("H32", $key);
-			$cipher       = new IDEA($cipherkey);
-			&logthis('<font color="green">'
-				 ."Successfull ssl authentication with $clientname </font>");
-			$keymode = "ssl";
-	     
-		    } else {
-			$clientok = 0;
-			close $client;
-		    }
-	   
-		} else {
-		    my $ok = InsecureConnection($client);
-		    if($ok) {
-			$clientok = 1;
-			&logthis('<font color="green">'
-				 ."Successful insecure authentication with $clientname </font>");
-			print $client "ok\n";
-			$keymode = "insecure";
-		    } else {
-			&logthis('<font color="yellow">'
-				  ."Attempted insecure connection disallowed </font>");
-			close $client;
-			$clientok = 0;
-			
-		    }
-		}
-	    } else {
-		&logthis(
-			 "<font color='blue'>WARNING: "
-			 ."$clientip failed to initialize: >$remotereq< </font>");
-		&status('No init '.$clientip);
-	    }
-	    
-	} else {
-	    &logthis(
-		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
-	    &status('Hung up on '.$clientip);
-	}
- 
-	if ($clientok) {
-# ---------------- New known client connecting, could mean machine online again
-	    
-	    foreach my $id (keys(%hostip)) {
-		if ($hostip{$id} ne $clientip ||
-		    $hostip{$currenthostid} eq $clientip) {
-		    # no need to try to do recon's to myself
-		    next;
-		}
-		&reconlonc("$perlvar{'lonSockDir'}/$id");
-	    }
-	    &logthis("<font color='green'>Established connection: $clientname</font>");
-	    &status('Will listen to '.$clientname);
-# ------------------------------------------------------------ Process requests
-	    while (my $userinput=<$client>) {
-                chomp($userinput);
-		Debug("Request = $userinput\n");
-                &status('Processing '.$clientname.': '.$userinput);
-                my $wasenc=0;
-                alarm(120);
-# ------------------------------------------------------------ See if encrypted
-		if ($userinput =~ /^enc/) {
-		    if ($cipher) {
-			my ($cmd,$cmdlength,$encinput)=split(/:/,$userinput);
-			$userinput='';
-			for (my $encidx=0;$encidx<length($encinput);$encidx+=16) {
-			    $userinput.=
-				$cipher->decrypt(
-						 pack("H16",substr($encinput,$encidx,16))
-						 );
-			}
-			$userinput=substr($userinput,0,$cmdlength);
-			$wasenc=1;
-		    }
-		}
-		
-# ------------------------------------------------------------- Normal commands
-# ------------------------------------------------------------------------ ping
-		if ($userinput =~ /^ping/) {	# client only
-		    if(isClient) {
-			print $client "$currenthostid\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    }
-# ------------------------------------------------------------------------ pong
-		}elsif ($userinput =~ /^pong/) { # client only
-		    if(isClient) {
-			my $reply=&reply("ping",$clientname);
-			print $client "$currenthostid:$reply\n"; 
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    }
-# ------------------------------------------------------------------------ ekey
-		} elsif ($userinput =~ /^ekey/) { # ok for both clients & mgrs
-		    my $buildkey=time.$$.int(rand 100000);
-		    $buildkey=~tr/1-6/A-F/;
-		    $buildkey=int(rand 100000).$buildkey.int(rand 100000);
-		    my $key=$currenthostid.$clientname;
-		    $key=~tr/a-z/A-Z/;
-		    $key=~tr/G-P/0-9/;
-		    $key=~tr/Q-Z/0-9/;
-		    $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
-		    $key=substr($key,0,32);
-		    my $cipherkey=pack("H32",$key);
-		    $cipher=new IDEA $cipherkey;
-		    print $client "$buildkey\n"; 
-# ------------------------------------------------------------------------ load
-		} elsif ($userinput =~ /^load/) { # client only
-		    if (isClient) {
-			my $loadavg;
-			{
-			    my $loadfile=IO::File->new('/proc/loadavg');
-			    $loadavg=<$loadfile>;
-			}
-			$loadavg =~ s/\s.*//g;
-			my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
-			print $client "$loadpercent\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-	       
-		    }
-# -------------------------------------------------------------------- userload
-		} elsif ($userinput =~ /^userload/) { # client only
-		    if(isClient) {
-			my $userloadpercent=&userload();
-			print $client "$userloadpercent\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		     
-		    }
-#
-#        Transactions requiring encryption:
-#
-# ----------------------------------------------------------------- currentauth
-		} elsif ($userinput =~ /^currentauth/) {
-		    if (($wasenc==1)  && isClient) { # Encoded & client only.
-			my ($cmd,$udom,$uname)=split(/:/,$userinput);
-			my $result = GetAuthType($udom, $uname);
-			if($result eq "nouser") {
-			    print $client "unknown_user\n";
-			}
-			else {
-			    print $client "$result\n"
-			    }
-		    } else {
-			Reply($client, "refused\n", $userinput);
-			
-		    }
-#--------------------------------------------------------------------- pushfile
-		} elsif($userinput =~ /^pushfile/) {	# encoded & manager.
-		    if(($wasenc == 1) && isManager) {
-			my $cert = GetCertificate($userinput);
-			if(ValidManager($cert)) {
-			    my $reply = PushFile($userinput);
-			    print $client "$reply\n";
-			} else {
-			    print $client "refused\n";
-			} 
-		    } else {
-			Reply($client, "refused\n", $userinput);
-			
-		    }
-#--------------------------------------------------------------------- reinit
-		} elsif($userinput =~ /^reinit/) { # Encoded and manager
-			if (($wasenc == 1) && isManager) {
-				my $cert = GetCertificate($userinput);
-				if(ValidManager($cert)) {
-					chomp($userinput);
-					my $reply = ReinitProcess($userinput);
-					print $client  "$reply\n";
-				} else {
-					 print $client "refused\n";
-				}
-			} else {
-				Reply($client, "refused\n", $userinput);
-			}
-#------------------------------------------------------------------------- edit
-		    } elsif ($userinput =~ /^edit/) {    # encoded and manager:
-			if(($wasenc ==1) && (isManager)) {
-			    my $cert = GetCertificate($userinput);
-			    if(ValidManager($cert)) {
-               my($command, $filetype, $script) = split(/:/, $userinput);
-               if (($filetype eq "hosts") || ($filetype eq "domain")) {
-                  if($script ne "") {
-		      Reply($client, EditFile($userinput));
-                  } else {
-                     Reply($client,"refused\n",$userinput);
-                  }
-               } else {
-                  Reply($client,"refused\n",$userinput);
-               }
-            } else {
-               Reply($client,"refused\n",$userinput);
-            }
-         } else {
-	     Reply($client,"refused\n",$userinput);
-	 }
-# ------------------------------------------------------------------------ auth
-		    } elsif ($userinput =~ /^auth/) { # Encoded and client only.
-		    if (($wasenc==1) && isClient) {
-			my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
-			chomp($upass);
-			$upass=unescape($upass);
-			my $proname=propath($udom,$uname);
-			my $passfilename="$proname/passwd";
-			if (-e $passfilename) {
-			    my $pf = IO::File->new($passfilename);
-			    my $realpasswd=<$pf>;
-			    chomp($realpasswd);
-			    my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-			    my $pwdcorrect=0;
-			    if ($howpwd eq 'internal') {
-				&Debug("Internal auth");
-				$pwdcorrect=
-				    (crypt($upass,$contentpwd) eq $contentpwd);
-			    } elsif ($howpwd eq 'unix') {
-				&Debug("Unix auth");
-				if((getpwnam($uname))[1] eq "") { #no such user!
-				    $pwdcorrect = 0;
-				} else {
-				    $contentpwd=(getpwnam($uname))[1];
-				    my $pwauth_path="/usr/local/sbin/pwauth";
-				    unless ($contentpwd eq 'x') {
-					$pwdcorrect=
-					    (crypt($upass,$contentpwd) eq 
-					     $contentpwd);
-				    }
-				    
-				    elsif (-e $pwauth_path) {
-					open PWAUTH, "|$pwauth_path" or
-					    die "Cannot invoke authentication";
-					print PWAUTH "$uname\n$upass\n";
-					close PWAUTH;
-					$pwdcorrect=!$?;
-				    }
-				}
-			    } elsif ($howpwd eq 'krb4') {
-				my $null=pack("C",0);
-				unless ($upass=~/$null/) {
-				    my $krb4_error = &Authen::Krb4::get_pw_in_tkt
-					($uname,"",$contentpwd,'krbtgt',
-					 $contentpwd,1,$upass);
-				    if (!$krb4_error) {
-					$pwdcorrect = 1;
-				    } else { 
-					$pwdcorrect=0; 
-					# log error if it is not a bad password
-					if ($krb4_error != 62) {
-					    &logthis('krb4:'.$uname.','.
-						     &Authen::Krb4::get_err_txt($Authen::Krb4::error));
-					}
-				    }
-				}
-			    } elsif ($howpwd eq 'krb5') {
-				my $null=pack("C",0);
-				unless ($upass=~/$null/) {
-				    my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
-				    my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
-				    my $krbserver=&Authen::Krb5::parse_name($krbservice);
-				    my $credentials=&Authen::Krb5::cc_default();
-				    $credentials->initialize($krbclient);
-				    my $krbreturn = 
-					&Authen::Krb5::get_in_tkt_with_password(
-										$krbclient,$krbserver,$upass,$credentials);
-#				  unless ($krbreturn) {
-#				      &logthis("Krb5 Error: ".
-#					       &Authen::Krb5::error());
-#				  }
-				    $pwdcorrect = ($krbreturn == 1);
-				} else { $pwdcorrect=0; }
-			    } elsif ($howpwd eq 'localauth') {
-				$pwdcorrect=&localauth::localauth($uname,$upass,
-								  $contentpwd);
-			    }
-			    if ($pwdcorrect) {
-				print $client "authorized\n";
-			    } else {
-				print $client "non_authorized\n";
-			    }  
-			} else {
-			    print $client "unknown_user\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ---------------------------------------------------------------------- passwd
-		} elsif ($userinput =~ /^passwd/) { # encoded and client
-		    if (($wasenc==1) && isClient) {
-			my 
-			    ($cmd,$udom,$uname,$upass,$npass)=split(/:/,$userinput);
-			chomp($npass);
-			$upass=&unescape($upass);
-			$npass=&unescape($npass);
-			&Debug("Trying to change password for $uname");
-			my $proname=propath($udom,$uname);
-			my $passfilename="$proname/passwd";
-			if (-e $passfilename) {
-			    my $realpasswd;
-			    { my $pf = IO::File->new($passfilename);
-			      $realpasswd=<$pf>; }
-			    chomp($realpasswd);
-			    my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-			    if ($howpwd eq 'internal') {
-				&Debug("internal auth");
-				if (crypt($upass,$contentpwd) eq $contentpwd) {
-				    my $salt=time;
-				    $salt=substr($salt,6,2);
-				    my $ncpass=crypt($npass,$salt);
-				    {
-					my $pf;
-					if ($pf = IO::File->new(">$passfilename")) {
-					    print $pf "internal:$ncpass\n";
-					    &logthis("Result of password change for $uname: pwchange_success");
-					    print $client "ok\n";
-					} else {
-					    &logthis("Unable to open $uname passwd to change password");
-					    print $client "non_authorized\n";
-					}
-				    }             
-				    
-				} else {
-				    print $client "non_authorized\n";
-				}
-			    } elsif ($howpwd eq 'unix') {
-				# Unix means we have to access /etc/password
-				# one way or another.
-				# First: Make sure the current password is
-				#        correct
-				&Debug("auth is unix");
-				$contentpwd=(getpwnam($uname))[1];
-				my $pwdcorrect = "0";
-				my $pwauth_path="/usr/local/sbin/pwauth";
-				unless ($contentpwd eq 'x') {
-				    $pwdcorrect=
-					(crypt($upass,$contentpwd) eq $contentpwd);
-				} elsif (-e $pwauth_path) {
-				    open PWAUTH, "|$pwauth_path" or
-					die "Cannot invoke authentication";
-				    print PWAUTH "$uname\n$upass\n";
-				    close PWAUTH;
-				    &Debug("exited pwauth with $? ($uname,$upass) ");
-				    $pwdcorrect=($? == 0);
-				}
-				if ($pwdcorrect) {
-				    my $execdir=$perlvar{'lonDaemons'};
-				    &Debug("Opening lcpasswd pipeline");
-				    my $pf = IO::File->new("|$execdir/lcpasswd > $perlvar{'lonDaemons'}/logs/lcpasswd.log");
-				    print $pf "$uname\n$npass\n$npass\n";
-				    close $pf;
-				    my $err = $?;
-				    my $result = ($err>0 ? 'pwchange_failure' 
-						  : 'ok');
-				    &logthis("Result of password change for $uname: ".
-					     &lcpasswdstrerror($?));
-				    print $client "$result\n";
-				} else {
-				    print $client "non_authorized\n";
-				}
-			    } else {
-				print $client "auth_mode_error\n";
-			    }  
-			} else {
-			    print $client "unknown_user\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# -------------------------------------------------------------------- makeuser
-		} elsif ($userinput =~ /^makeuser/) { # encoded and client.
-		    &Debug("Make user received");
-		    my $oldumask=umask(0077);
-		    if (($wasenc==1) && isClient) {
-			my 
-			    ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
-			&Debug("cmd =".$cmd." $udom =".$udom.
-			       " uname=".$uname);
-			chomp($npass);
-			$npass=&unescape($npass);
-			my $proname=propath($udom,$uname);
-			my $passfilename="$proname/passwd";
-			&Debug("Password file created will be:".
-			       $passfilename);
-			if (-e $passfilename) {
-			    print $client "already_exists\n";
-			} elsif ($udom ne $currentdomainid) {
-			    print $client "not_right_domain\n";
-			} else {
-			    my @fpparts=split(/\//,$proname);
-			    my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
-			    my $fperror='';
-			    for (my $i=3;$i<=$#fpparts;$i++) {
-				$fpnow.='/'.$fpparts[$i]; 
-				unless (-e $fpnow) {
-				    unless (mkdir($fpnow,0777)) {
-					$fperror="error: ".($!+0)
-					    ." mkdir failed while attempting "
-					    ."makeuser";
-				    }
-				}
-			    }
-			    unless ($fperror) {
-				my $result=&make_passwd_file($uname, $umode,$npass,
-							     $passfilename);
-				print $client $result;
-			    } else {
-				print $client "$fperror\n";
-			    }
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-	      
-		    }
-		    umask($oldumask);
-# -------------------------------------------------------------- changeuserauth
-		} elsif ($userinput =~ /^changeuserauth/) { # encoded & client
-		    &Debug("Changing authorization");
-		    if (($wasenc==1) && isClient) {
-			my 
-			    ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
-			chomp($npass);
-			&Debug("cmd = ".$cmd." domain= ".$udom.
-			       "uname =".$uname." umode= ".$umode);
-			$npass=&unescape($npass);
-			my $proname=&propath($udom,$uname);
-			my $passfilename="$proname/passwd";
-			if ($udom ne $currentdomainid) {
-			    print $client "not_right_domain\n";
-			} else {
-			    my $result=&make_passwd_file($uname, $umode,$npass,
-							 $passfilename);
-			    print $client $result;
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		   
-		    }
-# ------------------------------------------------------------------------ home
-		} elsif ($userinput =~ /^home/) { # client clear or encoded
-		    if(isClient) {
-			my ($cmd,$udom,$uname)=split(/:/,$userinput);
-			chomp($uname);
-			my $proname=propath($udom,$uname);
-			if (-e $proname) {
-			    print $client "found\n";
-			} else {
-			    print $client "not_found\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+sub ishome {
+    my $author=shift;
+    $author=~s/\/home\/httpd\/html\/res\/([^\/]*)\/([^\/]*).*/$1\/$2/;
+    my ($udom,$uname)=split(/\//,$author);
+    my $proname=propath($udom,$uname);
+    if (-e $proname) {
+	return 'owner';
+    } else {
+        return 'not_owner';
+    }
+}
 
-		    }
-# ---------------------------------------------------------------------- update
-		} elsif ($userinput =~ /^update/) { # client clear or encoded.
-		    if(isClient) {
-			my ($cmd,$fname)=split(/:/,$userinput);
-			my $ownership=ishome($fname);
-			if ($ownership eq 'not_owner') {
-			    if (-e $fname) {
-				my ($dev,$ino,$mode,$nlink,
-				    $uid,$gid,$rdev,$size,
-				    $atime,$mtime,$ctime,
-				    $blksize,$blocks)=stat($fname);
-				my $now=time;
-				my $since=$now-$atime;
-				if ($since>$perlvar{'lonExpire'}) {
-				    my $reply=
-					&reply("unsub:$fname","$clientname");
-				    unlink("$fname");
-				} else {
-				    my $transname="$fname.in.transfer";
-				    my $remoteurl=
-					&reply("sub:$fname","$clientname");
-				    my $response;
-				    {
-					my $ua=new LWP::UserAgent;
-					my $request=new HTTP::Request('GET',"$remoteurl");
-					$response=$ua->request($request,$transname);
-				    }
-				    if ($response->is_error()) {
-					unlink($transname);
-					my $message=$response->status_line;
-					&logthis(
-						 "LWP GET: $message for $fname ($remoteurl)");
-				    } else {
-					if ($remoteurl!~/\.meta$/) {
-					    my $ua=new LWP::UserAgent;
-					    my $mrequest=
-						new HTTP::Request('GET',$remoteurl.'.meta');
-					    my $mresponse=
-						$ua->request($mrequest,$fname.'.meta');
-					    if ($mresponse->is_error()) {
-						unlink($fname.'.meta');
-					    }
-					}
-					rename($transname,$fname);
-				    }
-				}
-				print $client "ok\n";
-			    } else {
-				print $client "not_found\n";
-			    }
-			} else {
-			    print $client "rejected\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+# ======================================================= Continue main program
+# ---------------------------------------------------- Fork once and dissociate
 
-		    }
-# -------------------------------------- fetch a user file from a remote server
-		} elsif ($userinput =~ /^fetchuserfile/) { # Client clear or enc.
-		    if(isClient) {
-			my ($cmd,$fname)=split(/:/,$userinput);
-			my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
-			my $udir=propath($udom,$uname).'/userfiles';
-			unless (-e $udir) { mkdir($udir,0770); }
-			if (-e $udir) {
-                            $ufile=~s/^[\.\~]+//;
-                            my $path = $udir;
-                            if ($ufile =~m|(.+)/([^/]+)$|) {
-                                my @parts=split('/',$1);
-                                foreach my $part (@parts) {
-                                    $path .= '/'.$part;
-                                    if ((-e $path)!=1) {
-                                        mkdir($path,0770);
-                                    }
-                                }
-                            }
-			    my $destname=$udir.'/'.$ufile;
-			    my $transname=$udir.'/'.$ufile.'.in.transit';
-			    my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
-			    my $response;
-			    {
-				my $ua=new LWP::UserAgent;
-				my $request=new HTTP::Request('GET',"$remoteurl");
-				$response=$ua->request($request,$transname);
-			    }
-			    if ($response->is_error()) {
-				unlink($transname);
-				my $message=$response->status_line;
-				&logthis("LWP GET: $message for $fname ($remoteurl)");
-				print $client "failed\n";
-			    } else {
-				if (!rename($transname,$destname)) {
-				    &logthis("Unable to move $transname to $destname");
-				    unlink($transname);
-				    print $client "failed\n";
-				} else {
-				    print $client "ok\n";
-				}
-			    }
-			} else {
-			    print $client "not_home\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    }
-# --------------------------------------------------------- remove a user file 
-		} elsif ($userinput =~ /^removeuserfile/) { # Client clear or enc.
-		    if(isClient) {
-			my ($cmd,$fname)=split(/:/,$userinput);
-			my ($udom,$uname,$ufile) = ($fname =~ m|^([^/]+)/([^/]+)/(.+)$|);
-			&logthis("$udom - $uname - $ufile");
-			if ($ufile =~m|/\.\./|) {
-			    # any files paths with /../ in them refuse 
-                            # to deal with
-			    print $client "refused\n";
-			} else {
-			    my $udir=propath($udom,$uname);
-			    if (-e $udir) {
-				my $file=$udir.'/userfiles/'.$ufile;
-				if (-e $file) {
-				    unlink($file);
-				    if (-e $file) {
-					print $client "failed\n";
-				    } else {
-					print $client "ok\n";
-				    }
-				} else {
-				    print $client "not_found\n";
-				}
-			    } else {
-				print $client "not_home\n";
-			    }
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    }
-# ------------------------------------------ authenticate access to a user file
-		} elsif ($userinput =~ /^tokenauthuserfile/) { # Client only
-		    if(isClient) {
-			my ($cmd,$fname,$session)=split(/:/,$userinput);
-			chomp($session);
-			my $reply='non_auth';
-			if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
-				 $session.'.id')) {
-			    while (my $line=<ENVIN>) {
-				if ($line=~ m|userfile\.\Q$fname\E\=|) { $reply='ok'; }
-			    }
-			    close(ENVIN);
-			    print $client $reply."\n";
-			} else {
-			    print $client "invalid_token\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+my $fpid=fork;
+exit if $fpid;
+die "Couldn't fork: $!" unless defined ($fpid);
 
-		    }
-# ----------------------------------------------------------------- unsubscribe
-		} elsif ($userinput =~ /^unsub/) {
-		    if(isClient) {
-			my ($cmd,$fname)=split(/:/,$userinput);
-			if (-e $fname) {
-			    print $client &unsub($fname,$clientip);
-			} else {
-			    print $client "not_found\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+POSIX::setsid() or die "Can't start new session: $!";
 
-		    }
-# ------------------------------------------------------------------- subscribe
-		} elsif ($userinput =~ /^sub/) {
-		    if(isClient) {
-			print $client &subscribe($userinput,$clientip);
-		    } else {
-			Reply($client, "refused\n", $userinput);
+# ------------------------------------------------------- Write our PID on disk
 
-		    }
-# ------------------------------------------------------------- current version
-		} elsif ($userinput =~ /^currentversion/) {
-		    if(isClient) {
-			my ($cmd,$fname)=split(/:/,$userinput);
-			print $client &currentversion($fname)."\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
+my $execdir=$perlvar{'lonDaemons'};
+open (PIDSAVE,">$execdir/logs/lond.pid");
+print PIDSAVE "$$\n";
+close(PIDSAVE);
+&logthis("<font color='red'>CRITICAL: ---------- Starting ----------</font>");
+&status('Starting');
 
-		    }
-# ------------------------------------------------------------------------- log
-		} elsif ($userinput =~ /^log/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
-			chomp($what);
-			my $proname=propath($udom,$uname);
-			my $now=time;
-			{
-			    my $hfh;
-			    if ($hfh=IO::File->new(">>$proname/activity.log")) { 
-				print $hfh "$now:$clientname:$what\n";
-				print $client "ok\n"; 
-			    } else {
-				print $client "error: ".($!+0)
-				    ." IO::File->new Failed "
-				    ."while attempting log\n";
-			    }
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
 
-		    }
-# ------------------------------------------------------------------------- put
-		} elsif ($userinput =~ /^put/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$what)
-			    =split(/:/,$userinput,5);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			if ($namespace ne 'roles') {
-			    chomp($what);
-			    my $proname=propath($udom,$uname);
-			    my $now=time;
-			    my @pairs=split(/\&/,$what);
-			    my %hash;
-			    if (tie(%hash,'GDBM_File',
-				    "$proname/$namespace.db",
-				    &GDBM_WRCREAT(),0640)) {
-				unless ($namespace=~/^nohist\_/) {
-				    my $hfh;
-				    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
-				}
 
-				foreach my $pair (@pairs) {
-				    my ($key,$value)=split(/=/,$pair);
-				    $hash{$key}=$value;
-				}
-				if (untie(%hash)) {
-				    print $client "ok\n";
-				} else {
-				    print $client "error: ".($!+0)
-					." untie(GDBM) failed ".
-					"while attempting put\n";
-				}
-			    } else {
-				print $client "error: ".($!)
-				    ." tie(GDBM) Failed ".
-				    "while attempting put\n";
-			    }
-			} else {
-			    print $client "refused\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+# ----------------------------------------------------- Install signal handlers
 
-		    }
-# ------------------------------------------------------------------- inc
-		} elsif ($userinput =~ /^inc:/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$what)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			if ($namespace ne 'roles') {
-			    chomp($what);
-			    my $proname=propath($udom,$uname);
-			    my $now=time;
-			    my @pairs=split(/\&/,$what);
-			    my %hash;
-			    if (tie(%hash,'GDBM_File',
-				    "$proname/$namespace.db",
-				    &GDBM_WRCREAT(),0640)) {
-				unless ($namespace=~/^nohist\_/) {
-				    my $hfh;
-				    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "P:$now:$what\n"; }
-				}
-				foreach my $pair (@pairs) {
-				    my ($key,$value)=split(/=/,$pair);
-                                    # We could check that we have a number...
-                                    if (! defined($value) || $value eq '') {
-                                        $value = 1;
-                                    }
-				    $hash{$key}+=$value;
-				}
-				if (untie(%hash)) {
-				    print $client "ok\n";
-				} else {
-				    print $client "error: ".($!+0)
-					." untie(GDBM) failed ".
-					"while attempting inc\n";
-				}
-			    } else {
-				print $client "error: ".($!)
-				    ." tie(GDBM) Failed ".
-				    "while attempting inc\n";
-			    }
-			} else {
-			    print $client "refused\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
 
-		    }
-# -------------------------------------------------------------------- rolesput
-		} elsif ($userinput =~ /^rolesput/) {
-		    if(isClient) {
-			&Debug("rolesput");
-			if ($wasenc==1) {
-			    my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
-				=split(/:/,$userinput);
-			    &Debug("cmd = ".$cmd." exedom= ".$exedom.
-				   "user = ".$exeuser." udom=".$udom.
-				   "what = ".$what);
-			    my $namespace='roles';
-			    chomp($what);
-			    my $proname=propath($udom,$uname);
-			    my $now=time;
-			    my @pairs=split(/\&/,$what);
-			    my %hash;
-			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-				{
-				    my $hfh;
-				    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { 
-					print $hfh "P:$now:$exedom:$exeuser:$what\n";
-				    }
-				}
+$SIG{CHLD} = \&REAPER;
+$SIG{INT}  = $SIG{TERM} = \&HUNTSMAN;
+$SIG{HUP}  = \&HUPSMAN;
+$SIG{USR1} = \&checkchildren;
+$SIG{USR2} = \&UpdateHosts;
 
-				foreach my $pair (@pairs) {
-				    my ($key,$value)=split(/=/,$pair);
-				    &ManagePermissions($key, $udom, $uname,
-						       &GetAuthType( $udom, 
-								     $uname));
-				    $hash{$key}=$value;
-				}
-				if (untie(%hash)) {
-				    print $client "ok\n";
-				} else {
-				    print $client "error: ".($!+0)
-					." untie(GDBM) Failed ".
-					"while attempting rolesput\n";
-				}
-			    } else {
-				print $client "error: ".($!+0)
-				    ." tie(GDBM) Failed ".
-				    "while attempting rolesput\n";
-			    }
-			} else {
-			    print $client "refused\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		  
-		    }
-# -------------------------------------------------------------------- rolesdel
-		} elsif ($userinput =~ /^rolesdel/) {
-		    if(isClient) {
-			&Debug("rolesdel");
-			if ($wasenc==1) {
-			    my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
-				=split(/:/,$userinput);
-			    &Debug("cmd = ".$cmd." exedom= ".$exedom.
-				   "user = ".$exeuser." udom=".$udom.
-				   "what = ".$what);
-			    my $namespace='roles';
-			    chomp($what);
-			    my $proname=propath($udom,$uname);
-			    my $now=time;
-			    my @rolekeys=split(/\&/,$what);
-			    my %hash;
-			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-				{
-				    my $hfh;
-				    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { 
-					print $hfh "D:$now:$exedom:$exeuser:$what\n";
-				    }
-				}
-				foreach my $key (@rolekeys) {
-				    delete $hash{$key};
-				}
-				if (untie(%hash)) {
-				    print $client "ok\n";
-				} else {
-				    print $client "error: ".($!+0)
-					." untie(GDBM) Failed ".
-					"while attempting rolesdel\n";
-				}
-			    } else {
-				print $client "error: ".($!+0)
-				    ." tie(GDBM) Failed ".
-				    "while attempting rolesdel\n";
-			    }
-			} else {
-			    print $client "refused\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		      
-		    }
-# ------------------------------------------------------------------------- get
-		} elsif ($userinput =~ /^get/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$what)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			chomp($what);
-			my @queries=split(/\&/,$what);
-			my $proname=propath($udom,$uname);
-			my $qresult='';
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-			    for (my $i=0;$i<=$#queries;$i++) {
-				$qresult.="$hash{$queries[$i]}&";
-			    }
-			    if (untie(%hash)) {
-				$qresult=~s/\&$//;
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting get\n";
-			    }
-			} else {
-			    if ($!+0 == 2) {
-				print $client "error:No such file or ".
-				    "GDBM reported bad block error\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." tie(GDBM) Failed ".
-				    "while attempting get\n";
-			    }
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ------------------------------------------------------------------------ eget
-		} elsif ($userinput =~ /^eget/) {
-		    if (isClient) {
-			my ($cmd,$udom,$uname,$namespace,$what)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			chomp($what);
-			my @queries=split(/\&/,$what);
-			my $proname=propath($udom,$uname);
-			my $qresult='';
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-			    for (my $i=0;$i<=$#queries;$i++) {
-				$qresult.="$hash{$queries[$i]}&";
-			    }
-			    if (untie(%hash)) {
-				$qresult=~s/\&$//;
-				if ($cipher) {
-				    my $cmdlength=length($qresult);
-				    $qresult.="         ";
-				    my $encqresult='';
-				    for 
-					(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
-					    $encqresult.=
-						unpack("H16",
-						       $cipher->encrypt(substr($qresult,$encidx,8)));
-					}
-				    print $client "enc:$cmdlength:$encqresult\n";
-				} else {
-				    print $client "error:no_key\n";
-				}
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting eget\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting eget\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    
-		    }
-# ------------------------------------------------------------------------- del
-		} elsif ($userinput =~ /^del/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$what)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			chomp($what);
-			my $proname=propath($udom,$uname);
-			my $now=time;
-			my @keys=split(/\&/,$what);
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-			    unless ($namespace=~/^nohist\_/) {
-				my $hfh;
-				if ($hfh=IO::File->new(">>$proname/$namespace.hist")) { print $hfh "D:$now:$what\n"; }
-			    }
-			    foreach my $key (@keys) {
-				delete($hash{$key});
-			    }
-			    if (untie(%hash)) {
-				print $client "ok\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting del\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting del\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-			
-		    }
-# ------------------------------------------------------------------------ keys
-		} elsif ($userinput =~ /^keys/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			my $proname=propath($udom,$uname);
-			my $qresult='';
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-			    foreach my $key (keys %hash) {
-				$qresult.="$key&";
-			    }
-			    if (untie(%hash)) {
-				$qresult=~s/\&$//;
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting keys\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting keys\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		   
-		    }
-# ----------------------------------------------------------------- dumpcurrent
-		} elsif ($userinput =~ /^currentdump/) {
-		    if (isClient) {
-			my ($cmd,$udom,$uname,$namespace)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			my $qresult='';
-			my $proname=propath($udom,$uname);
-			my %hash;
-			if (tie(%hash,'GDBM_File',
-				"$proname/$namespace.db",
-				&GDBM_READER(),0640)) {
-			    # Structure of %data:
-			    # $data{$symb}->{$parameter}=$value;
-			    # $data{$symb}->{'v.'.$parameter}=$version;
-			    # since $parameter will be unescaped, we do not
-			    # have to worry about silly parameter names...
-			    my %data = ();
-			    while (my ($key,$value) = each(%hash)) {
-				my ($v,$symb,$param) = split(/:/,$key);
-				next if ($v eq 'version' || $symb eq 'keys');
-				next if (exists($data{$symb}) && 
-					 exists($data{$symb}->{$param}) &&
-					 $data{$symb}->{'v.'.$param} > $v);
-				$data{$symb}->{$param}=$value;
-				$data{$symb}->{'v.'.$param}=$v;
-			    }
-			    if (untie(%hash)) {
-				while (my ($symb,$param_hash) = each(%data)) {
-				    while(my ($param,$value) = each (%$param_hash)){
-					next if ($param =~ /^v\./);
-					$qresult.=$symb.':'.$param.'='.$value.'&';
-				    }
-				}
-				chop($qresult);
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting currentdump\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting currentdump\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
+#  Read the host hashes:
+
+ReadHostTable;
+
+# --------------------------------------------------------------
+#   Accept connections.  When a connection comes in, it is validated
+#   and if good, a child process is created to process transactions
+#   along the connection.
+
+while (1) {
+    &status('Starting accept');
+    $client = $server->accept() or next;
+    &status('Accepted '.$client.' off to spawn');
+    make_new_child($client);
+    &status('Finished spawning');
+}
+
+sub make_new_child {
+    my $pid;
+#    my $cipher;     # Now global
+    my $sigset;
+
+    $client = shift;
+    &status('Starting new child '.$client);
+    &logthis('<font color="green"> Attempting to start child ('.$client.
+	     ")</font>");    
+    # block signal for fork
+    $sigset = POSIX::SigSet->new(SIGINT);
+    sigprocmask(SIG_BLOCK, $sigset)
+        or die "Can't block SIGINT for fork: $!\n";
+
+    die "fork: $!" unless defined ($pid = fork);
+
+    $client->sockopt(SO_KEEPALIVE, 1); # Enable monitoring of
+	                               # connection liveness.
+
+    #
+    #  Figure out who we're talking to so we can record the peer in 
+    #  the pid hash.
+    #
+    my $caller = getpeername($client);
+    my ($port,$iaddr);
+    if (defined($caller) && length($caller) > 0) {
+	($port,$iaddr)=unpack_sockaddr_in($caller);
+    } else {
+	&logthis("Unable to determine who caller was, getpeername returned nothing");
+    }
+    if (defined($iaddr)) {
+	$clientip  = inet_ntoa($iaddr);
+	Debug("Connected with $clientip");
+	$clientdns = gethostbyaddr($iaddr, AF_INET);
+	Debug("Connected with $clientdns by name");
+    } else {
+	&logthis("Unable to determine clientip");
+	$clientip='Unavailable';
+    }
+    
+    if ($pid) {
+        # Parent records the child's birth and returns.
+        sigprocmask(SIG_UNBLOCK, $sigset)
+            or die "Can't unblock SIGINT for fork: $!\n";
+        $children{$pid} = $clientip;
+        &status('Started child '.$pid);
+        return;
+    } else {
+        # Child can *not* return from this subroutine.
+        $SIG{INT} = 'DEFAULT';      # make SIGINT kill us as it did before
+        $SIG{CHLD} = 'DEFAULT'; #make this default so that pwauth returns 
+                                #don't get intercepted
+        $SIG{USR1}= \&logstatus;
+        $SIG{ALRM}= \&timeout;
+        $lastlog='Forked ';
+        $status='Forked';
+
+        # unblock signals
+        sigprocmask(SIG_UNBLOCK, $sigset)
+            or die "Can't unblock SIGINT for fork: $!\n";
+
+#        my $tmpsnum=0;            # Now global
+#---------------------------------------------------- kerberos 5 initialization
+        &Authen::Krb5::init_context();
+        &Authen::Krb5::init_ets();
+
+	&status('Accepted connection');
+# =============================================================================
+            # do something with the connection
+# -----------------------------------------------------------------------------
+	# see if we know client and 'check' for spoof IP by ineffective challenge
+
+	ReadManagerTable;	# May also be a manager!!
+	
+	my $clientrec=($hostid{$clientip}     ne undef);
+	my $ismanager=($managers{$clientip}    ne undef);
+	$clientname  = "[unknonwn]";
+	if($clientrec) {	# Establish client type.
+	    $ConnectionType = "client";
+	    $clientname = $hostid{$clientip};
+	    if($ismanager) {
+		$ConnectionType = "both";
+	    }
+	} else {
+	    $ConnectionType = "manager";
+	    $clientname = $managers{$clientip};
+	}
+	my $clientok;
+
+	if ($clientrec || $ismanager) {
+	    &status("Waiting for init from $clientip $clientname");
+	    &logthis('<font color="yellow">INFO: Connection, '.
+		     $clientip.
+		  " ($clientname) connection type = $ConnectionType </font>" );
+	    &status("Connecting $clientip  ($clientname))"); 
+	    my $remotereq=<$client>;
+	    chomp($remotereq);
+	    Debug("Got init: $remotereq");
+	    my $inikeyword = split(/:/, $remotereq);
+	    if ($remotereq =~ /^init/) {
+		&sethost("sethost:$perlvar{'lonHostID'}");
+		#
+		#  If the remote is attempting a local init... give that a try:
+		#
+		my ($i, $inittype) = split(/:/, $remotereq);
+
+		# If the connection type is ssl, but I didn't get my
+		# certificate files yet, then I'll drop  back to 
+		# insecure (if allowed).
+		
+		if($inittype eq "ssl") {
+		    my ($ca, $cert) = lonssl::CertificateFile;
+		    my $kfile       = lonssl::KeyFile;
+		    if((!$ca)   || 
+		       (!$cert) || 
+		       (!$kfile)) {
+			$inittype = ""; # This forces insecure attempt.
+			&logthis("<font color=\"blue\"> Certificates not "
+				 ."installed -- trying insecure auth</font>");
 		    }
-# ------------------------------------------------------------------------ dump
-		} elsif ($userinput =~ /^dump/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$regexp)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			if (defined($regexp)) {
-			    $regexp=&unescape($regexp);
-			} else {
-			    $regexp='.';
-			}
-			my $qresult='';
-			my $proname=propath($udom,$uname);
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-			       while (my ($key,$value) = each(%hash)) {
-				   if ($regexp eq '.') {
-				       $qresult.=$key.'='.$value.'&';
-				   } else {
-				       my $unescapeKey = &unescape($key);
-				       if (eval('$unescapeKey=~/$regexp/')) {
-					   $qresult.="$key=$value&";
-				       }
-				   }
-			       }
-			       if (untie(%hash)) {
-				   chop($qresult);
-				   print $client "$qresult\n";
-			       } else {
-				   print $client "error: ".($!+0)
-				       ." untie(GDBM) Failed ".
-                                       "while attempting dump\n";
-			       }
-			   } else {
-			       print $client "error: ".($!+0)
-				   ." tie(GDBM) Failed ".
-				   "while attempting dump\n";
-			   }
+		    else {	# SSL certificates are in place so
+		    }		# Leave the inittype alone.
+		}
+
+		if($inittype eq "local") {
+		    my $key = LocalConnection($client, $remotereq);
+		    if($key) {
+			Debug("Got local key $key");
+			$clientok     = 1;
+			my $cipherkey = pack("H32", $key);
+			$cipher       = new IDEA($cipherkey);
+			print $client "ok:local\n";
+			&logthis('<font color="green"'
+				 . "Successful local authentication </font>");
+			$keymode = "local"
 		    } else {
-			Reply($client, "refused\n", $userinput);
-		 
+			Debug("Failed to get local key");
+			$clientok = 0;
+			shutdown($client, 3);
+			close $client;
 		    }
-# ----------------------------------------------------------------------- store
-		} elsif ($userinput =~ /^store/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$rid,$what)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			if ($namespace ne 'roles') {
-			    chomp($what);
-			    my $proname=propath($udom,$uname);
-			    my $now=time;
-			    my @pairs=split(/\&/,$what);
-			    my %hash;
-			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-				unless ($namespace=~/^nohist\_/) {
-				    my $hfh;
-				    if ($hfh=IO::File->new(">>$proname/$namespace.hist")) {
-					print $hfh "P:$now:$rid:$what\n";
-				    }
-				}
-				my @previouskeys=split(/&/,$hash{"keys:$rid"});
-				my $key;
-				$hash{"version:$rid"}++;
-				my $version=$hash{"version:$rid"};
-				my $allkeys=''; 
-				foreach my $pair (@pairs) {
-				    my ($key,$value)=split(/=/,$pair);
-				    $allkeys.=$key.':';
-				    $hash{"$version:$rid:$key"}=$value;
-				}
-				$hash{"$version:$rid:timestamp"}=$now;
-				$allkeys.='timestamp';
-				$hash{"$version:keys:$rid"}=$allkeys;
-				if (untie(%hash)) {
-				    print $client "ok\n";
-				} else {
-				    print $client "error: ".($!+0)
-					." untie(GDBM) Failed ".
-					"while attempting store\n";
-				}
-			    } else {
-				print $client "error: ".($!+0)
-				    ." tie(GDBM) Failed ".
-				    "while attempting store\n";
-			    }
-			} else {
-			    print $client "refused\n";
-			}
+		} elsif ($inittype eq "ssl") {
+		    my $key = SSLConnection($client);
+		    if ($key) {
+			$clientok = 1;
+			my $cipherkey = pack("H32", $key);
+			$cipher       = new IDEA($cipherkey);
+			&logthis('<font color="green">'
+				 ."Successfull ssl authentication with $clientname </font>");
+			$keymode = "ssl";
+	     
 		    } else {
-			Reply($client, "refused\n", $userinput);
-		     
-		    }
-# --------------------------------------------------------------------- restore
-		} elsif ($userinput =~ /^restore/) {
-		    if(isClient) {
-			my ($cmd,$udom,$uname,$namespace,$rid)
-			    =split(/:/,$userinput);
-			$namespace=~s/\//\_/g;
-			$namespace=~s/\W//g;
-			chomp($rid);
-			my $proname=propath($udom,$uname);
-			my $qresult='';
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-			    my $version=$hash{"version:$rid"};
-			    $qresult.="version=$version&";
-			    my $scope;
-			    for ($scope=1;$scope<=$version;$scope++) {
-				my $vkeys=$hash{"$scope:keys:$rid"};
-				my @keys=split(/:/,$vkeys);
-				my $key;
-				$qresult.="$scope:keys=$vkeys&";
-				foreach $key (@keys) {
-				    $qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
-				}                                  
-			    }
-			    if (untie(%hash)) {
-				$qresult=~s/\&$//;
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting restore\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting restore\n";
-			}
-		    } else  {
-			Reply($client, "refused\n", $userinput);
-		       
+			$clientok = 0;
+			close $client;
 		    }
-# -------------------------------------------------------------------- chatsend
-		} elsif ($userinput =~ /^chatsend/) {
-		    if(isClient) {
-			my ($cmd,$cdom,$cnum,$newpost)=split(/\:/,$userinput);
-			&chatadd($cdom,$cnum,$newpost);
+	   
+		} else {
+		    my $ok = InsecureConnection($client);
+		    if($ok) {
+			$clientok = 1;
+			&logthis('<font color="green">'
+				 ."Successful insecure authentication with $clientname </font>");
 			print $client "ok\n";
+			$keymode = "insecure";
 		    } else {
-			Reply($client, "refused\n", $userinput);
-		      
-		    }
-# -------------------------------------------------------------------- chatretr
-		} elsif ($userinput =~ /^chatretr/) {
-		    if(isClient) {
-			my 
-			    ($cmd,$cdom,$cnum,$udom,$uname)=split(/\:/,$userinput);
-			my $reply='';
-			foreach (&getchat($cdom,$cnum,$udom,$uname)) {
-			    $reply.=&escape($_).':';
-			}
-			$reply=~s/\:$//;
-			print $client $reply."\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ------------------------------------------------------------------- querysend
-		} elsif ($userinput =~ /^querysend/) {
-		    if (isClient) {
-			my ($cmd,$query,
-			    $arg1,$arg2,$arg3)=split(/\:/,$userinput);
-			$query=~s/\n*$//g;
-			print $client "".
-			    sqlreply("$clientname\&$query".
-				     "\&$arg1"."\&$arg2"."\&$arg3")."\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		      
-		    }
-# ------------------------------------------------------------------ queryreply
-		} elsif ($userinput =~ /^queryreply/) {
-		    if(isClient) {
-			my ($cmd,$id,$reply)=split(/:/,$userinput); 
-			my $store;
-			my $execdir=$perlvar{'lonDaemons'};
-			if ($store=IO::File->new(">$execdir/tmp/$id")) {
-			    $reply=~s/\&/\n/g;
-			    print $store $reply;
-			    close $store;
-			    my $store2=IO::File->new(">$execdir/tmp/$id.end");
-			    print $store2 "done\n";
-			    close $store2;
-			    print $client "ok\n";
-			}
-			else {
-			    print $client "error: ".($!+0)
-				." IO::File->new Failed ".
-				"while attempting queryreply\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		     
-		    }
-# ----------------------------------------------------------------- courseidput
-		} elsif ($userinput =~ /^courseidput/) {
-		    if(isClient) {
-			my ($cmd,$udom,$what)=split(/:/,$userinput);
-			chomp($what);
-			$udom=~s/\W//g;
-			my $proname=
-			    "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
-			my $now=time;
-			my @pairs=split(/\&/,$what);
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
-			    foreach my $pair (@pairs) {
-				my ($key,$descr,$inst_code)=split(/=/,$pair);
-				$hash{$key}=$descr.':'.$inst_code.':'.$now;
-			    }
-			    if (untie(%hash)) {
-				print $client "ok\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting courseidput\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting courseidput\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ---------------------------------------------------------------- courseiddump
-		} elsif ($userinput =~ /^courseiddump/) {
-		    if(isClient) {
-			my ($cmd,$udom,$since,$description)
-			    =split(/:/,$userinput);
-			if (defined($description)) {
-			    $description=&unescape($description);
-			} else {
-			    $description='.';
-			}
-			unless (defined($since)) { $since=0; }
-			my $qresult='';
-			my $proname=
-			    "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
-			    while (my ($key,$value) = each(%hash)) {
-                                my ($descr,$lasttime,$inst_code);
-                                if ($value =~ m/^([^\:]*):([^\:]*):(\d+)$/) {
-				    ($descr,$inst_code,$lasttime)=($1,$2,$3);
-                                } else {
-                                    ($descr,$lasttime) = split(/\:/,$value);
-                                }
-				if ($lasttime<$since) { next; }
-				if ($description eq '.') {
-				    $qresult.=$key.'='.$descr.':'.$inst_code.'&';
-				} else {
-				    my $unescapeVal = &unescape($descr);
-				    if (eval('$unescapeVal=~/\Q$description\E/i')) {
-					$qresult.=$key.'='.$descr.':'.$inst_code.'&';
-				    }
-				}
-			    }
-			    if (untie(%hash)) {
-				chop($qresult);
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting courseiddump\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting courseiddump\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ----------------------------------------------------------------------- idput
-		} elsif ($userinput =~ /^idput/) {
-		    if(isClient) {
-			my ($cmd,$udom,$what)=split(/:/,$userinput);
-			chomp($what);
-			$udom=~s/\W//g;
-			my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
-			my $now=time;
-			my @pairs=split(/\&/,$what);
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
-			    {
-				my $hfh;
-				if ($hfh=IO::File->new(">>$proname.hist")) {
-				    print $hfh "P:$now:$what\n";
-				}
-			    }
-			    foreach my $pair (@pairs) {
-				my ($key,$value)=split(/=/,$pair);
-				$hash{$key}=$value;
-			    }
-			    if (untie(%hash)) {
-				print $client "ok\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting idput\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting idput\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ----------------------------------------------------------------------- idget
-		} elsif ($userinput =~ /^idget/) {
-		    if(isClient) {
-			my ($cmd,$udom,$what)=split(/:/,$userinput);
-			chomp($what);
-			$udom=~s/\W//g;
-			my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
-			my @queries=split(/\&/,$what);
-			my $qresult='';
-			my %hash;
-			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
-			    for (my $i=0;$i<=$#queries;$i++) {
-				$qresult.="$hash{$queries[$i]}&";
-			    }
-			    if (untie(%hash)) {
-				$qresult=~s/\&$//;
-				print $client "$qresult\n";
-			    } else {
-				print $client "error: ".($!+0)
-				    ." untie(GDBM) Failed ".
-				    "while attempting idget\n";
-			    }
-			} else {
-			    print $client "error: ".($!+0)
-				." tie(GDBM) Failed ".
-				"while attempting idget\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ---------------------------------------------------------------------- tmpput
-		} elsif ($userinput =~ /^tmpput/) {
-		    if(isClient) {
-			my ($cmd,$what)=split(/:/,$userinput);
-			my $store;
-			$tmpsnum++;
-			my $id=$$.'_'.$clientip.'_'.$tmpsnum;
-			$id=~s/\W/\_/g;
-			$what=~s/\n//g;
-			my $execdir=$perlvar{'lonDaemons'};
-			if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
-			    print $store $what;
-			    close $store;
-			    print $client "$id\n";
-			}
-			else {
-			    print $client "error: ".($!+0)
-				."IO::File->new Failed ".
-				"while attempting tmpput\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		    
-		    }
-		    
-# ---------------------------------------------------------------------- tmpget
-		} elsif ($userinput =~ /^tmpget/) {
-		    if(isClient) {
-			my ($cmd,$id)=split(/:/,$userinput);
-			chomp($id);
-			$id=~s/\W/\_/g;
-			my $store;
-			my $execdir=$perlvar{'lonDaemons'};
-			if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
-			    my $reply=<$store>;
-			    print $client "$reply\n";
-			    close $store;
-			}
-			else {
-			    print $client "error: ".($!+0)
-				."IO::File->new Failed ".
-				"while attempting tmpget\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		      
-		    }
-# ---------------------------------------------------------------------- tmpdel
-		} elsif ($userinput =~ /^tmpdel/) {
-		    if(isClient) {
-			my ($cmd,$id)=split(/:/,$userinput);
-			chomp($id);
-			$id=~s/\W/\_/g;
-			my $execdir=$perlvar{'lonDaemons'};
-			if (unlink("$execdir/tmp/$id.tmp")) {
-			    print $client "ok\n";
-			} else {
-			    print $client "error: ".($!+0)
-				."Unlink tmp Failed ".
-				"while attempting tmpdel\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		     
-		    }
-# ----------------------------------------- portfolio directory list (portls)
-                } elsif ($userinput =~ /^portls/) {
-                    if(isClient) {
-                        my ($cmd,$uname,$udom)=split(/:/,$userinput);
-                        my $udir=propath($udom,$uname).'/userfiles/portfolio';
-                        my $dirLine='';
-                        my $dirContents='';
-                        if (opendir(LSDIR,$udir.'/')){
-                            while ($dirLine = readdir(LSDIR)){
-                                $dirContents = $dirContents.$dirLine.'<br />';
-                            }
-                        } else {
-                            $dirContents = "No directory found\n";
-                        }
-                        print $client $dirContents."\n";
-                    } else {
-                        Reply($client, "refused\n", $userinput);
-                    }
-# -------------------------------------------------------------------------- ls
-		} elsif ($userinput =~ /^ls/) {
-		    if(isClient) {
-			my $obs;
-			my $rights;
-			my ($cmd,$ulsdir)=split(/:/,$userinput);
-			my $ulsout='';
-			my $ulsfn;
-			if (-e $ulsdir) {
-			    if(-d $ulsdir) {
-				if (opendir(LSDIR,$ulsdir)) {
-				    while ($ulsfn=readdir(LSDIR)) {
-					undef $obs, $rights; 
-					my @ulsstats=stat($ulsdir.'/'.$ulsfn);
-					#We do some obsolete checking here
-					if(-e $ulsdir.'/'.$ulsfn.".meta") { 
-					    open(FILE, $ulsdir.'/'.$ulsfn.".meta");
-					    my @obsolete=<FILE>;
-					    foreach my $obsolete (@obsolete) {
-					        if($obsolete =~ m|(<obsolete>)(on)|) { $obs = 1; } 
-						if($obsolete =~ m|(<copyright>)(default)|) { $rights = 1; }
-					    }
-					}
-					$ulsout.=$ulsfn.'&'.join('&',@ulsstats);
-					if($obs eq '1') { $ulsout.="&1"; }
-					else { $ulsout.="&0"; }
-					if($rights eq '1') { $ulsout.="&1:"; }
-					else { $ulsout.="&0:"; }
-				    }
-				    closedir(LSDIR);
-				}
-			    } else {
-				my @ulsstats=stat($ulsdir);
-				$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
-			    }
-			} else {
-			    $ulsout='no_such_dir';
-			}
-			if ($ulsout eq '') { $ulsout='empty'; }
-			print $client "$ulsout\n";
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		     
-		    }
-# ----------------------------------------------------------------- setannounce
-		} elsif ($userinput =~ /^setannounce/) {
-		    if (isClient) {
-			my ($cmd,$announcement)=split(/:/,$userinput);
-			chomp($announcement);
-			$announcement=&unescape($announcement);
-			if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
-						    '/announcement.txt')) {
-			    print $store $announcement;
-			    close $store;
-			    print $client "ok\n";
-			} else {
-			    print $client "error: ".($!+0)."\n";
-			}
-		    } else {
-			Reply($client, "refused\n", $userinput);
-		       
-		    }
-# ------------------------------------------------------------------ Hanging up
-		} elsif (($userinput =~ /^exit/) ||
-			 ($userinput =~ /^init/)) { # no restrictions.
-		    &logthis(
-			     "Client $clientip ($clientname) hanging up: $userinput");
-		    print $client "bye\n";
-		    $client->shutdown(2);        # shutdown the socket forcibly.
-		    $client->close();
-		    last;
-
-# ---------------------------------- set current host/domain
-		} elsif ($userinput =~ /^sethost:/) {
-		    if (isClient) {
-			print $client &sethost($userinput)."\n";
-		    } else {
-			print $client "refused\n";
-		    }
-#---------------------------------- request file (?) version.
-		} elsif ($userinput =~/^version:/) {
-		    if (isClient) {
-			print $client &version($userinput)."\n";
-		    } else {
-			print $client "refused\n";
+			&logthis('<font color="yellow">'
+				  ."Attempted insecure connection disallowed </font>");
+			close $client;
+			$clientok = 0;
+			
 		    }
-#------------------------------- is auto-enrollment enabled?
-                } elsif ($userinput =~/^autorun:/) {
-                    if (isClient) {
-                        my ($cmd,$cdom) = split(/:/,$userinput);
-                        my $outcome = &localenroll::run($cdom);
-                        print $client "$outcome\n";
-                    } else {
-                        print $client "0\n";
-                    }
-#------------------------------- get official sections (for auto-enrollment).
-                } elsif ($userinput =~/^autogetsections:/) {
-                    if (isClient) {
-                        my ($cmd,$coursecode,$cdom)=split(/:/,$userinput);
-                        my @secs = &localenroll::get_sections($coursecode,$cdom);
-                        my $seclist = &escape(join(':',@secs));
-                        print $client "$seclist\n";
-                    } else {
-                        print $client "refused\n";
-                    }
-#----------------------- validate owner of new course section (for auto-enrollment).
-                } elsif ($userinput =~/^autonewcourse:/) {
-                    if (isClient) {
-                        my ($cmd,$inst_course_id,$owner,$cdom)=split(/:/,$userinput);
-                        my $outcome = &localenroll::new_course($inst_course_id,$owner,$cdom);
-                        print $client "$outcome\n";
-                    } else {
-                        print $client "refused\n";
-                    }
-#-------------- validate course section in schedule of classes (for auto-enrollment).
-                } elsif ($userinput =~/^autovalidatecourse:/) {
-                    if (isClient) {
-                        my ($cmd,$inst_course_id,$cdom)=split(/:/,$userinput);
-                        my $outcome=&localenroll::validate_courseID($inst_course_id,$cdom);
-                        print $client "$outcome\n";
-                    } else {
-                        print $client "refused\n";
-                    }
-#--------------------------- create password for new user (for auto-enrollment).
-                } elsif ($userinput =~/^autocreatepassword:/) {
-                    if (isClient) {
-                        my ($cmd,$authparam,$cdom)=split(/:/,$userinput);
-                        my ($create_passwd,$authchk);
-                        ($authparam,$create_passwd,$authchk) = &localenroll::create_password($authparam,$cdom);
-                        print $client &escape($authparam.':'.$create_passwd.':'.$authchk)."\n";
-                    } else {
-                        print $client "refused\n";
-                    }
-#---------------------------  read and remove temporary files (for auto-enrollment).
-                } elsif ($userinput =~/^autoretrieve:/) {
-                    if (isClient) {
-                        my ($cmd,$filename) = split(/:/,$userinput);
-                        my $source = $perlvar{'lonDaemons'}.'/tmp/'.$filename;
-                        if ( (-e $source) && ($filename ne '') ) {
-                            my $reply = '';
-                            if (open(my $fh,$source)) {
-                                while (<$fh>) {
-                                    chomp($_);
-                                    $_ =~ s/^\s+//g;
-                                    $_ =~ s/\s+$//g;
-                                    $reply .= $_;
-                                }
-                                close($fh);
-                                print $client &escape($reply)."\n";
-#                                unlink($source);
-                            } else {
-                                print $client "error\n";
-                            }
-                        } else {
-                            print $client "error\n";
-                        }
-                    } else {
-                        print $client "refused\n";
-                    }
-#---------------------  read and retrieve institutional code format (for support form).
-                } elsif ($userinput =~/^autoinstcodeformat:/) {
-                    if (isClient) {
-                        my $reply;
-                        my($cmd,$cdom,$course) = split(/:/,$userinput);
-                        my @pairs = split/\&/,$course;
-                        my %instcodes = ();
-                        my %codes = ();
-                        my @codetitles = ();
-                        my %cat_titles = ();
-                        my %cat_order = ();
-                        foreach (@pairs) {
-                            my ($key,$value) = split/=/,$_;
-                            $instcodes{&unescape($key)} = &unescape($value);
-                        }
-                        my $formatreply = &localenroll::instcode_format($cdom,\%instcodes,\%codes,\@codetitles,\%cat_titles,\%cat_order);
-                        if ($formatreply eq 'ok') {
-                            my $codes_str = &hash2str(%codes);
-                            my $codetitles_str = &array2str(@codetitles);
-                            my $cat_titles_str = &hash2str(%cat_titles);
-                            my $cat_order_str = &hash2str(%cat_order);
-                            print $client $codes_str.':'.$codetitles_str.':'.$cat_titles_str.':'.$cat_order_str."\n";
-                        }
-                    } else {
-                        print $client "refused\n";
-                    }
-# ------------------------------------------------------------- unknown command
-
-		} else {
-		    # unknown command
-		    print $client "unknown_cmd\n";
 		}
-# -------------------------------------------------------------------- complete
+	    } else {
+		&logthis(
+			 "<font color='blue'>WARNING: "
+			 ."$clientip failed to initialize: >$remotereq< </font>");
+		&status('No init '.$clientip);
+	    }
+	    
+	} else {
+	    &logthis(
+		     "<font color='blue'>WARNING: Unknown client $clientip</font>");
+	    &status('Hung up on '.$clientip);
+	}
+ 
+	if ($clientok) {
+# ---------------- New known client connecting, could mean machine online again
+	    
+	    foreach my $id (keys(%hostip)) {
+		if ($hostip{$id} ne $clientip ||
+		    $hostip{$currenthostid} eq $clientip) {
+		    # no need to try to do recon's to myself
+		    next;
+		}
+		&reconlonc("$perlvar{'lonSockDir'}/$id");
+	    }
+	    &logthis("<font color='green'>Established connection: $clientname</font>");
+	    &status('Will listen to '.$clientname);
+# ------------------------------------------------------------ Process requests
+	    my $keep_going = 1;
+	    my $user_input;
+	    while(($user_input = get_request) && $keep_going) {
+		alarm(120);
+		Debug("Main: Got $user_input\n");
+		$keep_going = &process_request($user_input);
 		alarm(0);
-		&status('Listening to '.$clientname." ($keymode)");
+		&status('Listening to '.$clientname." ($keymode)");	   
 	    }
+
 # --------------------------------------------- client unknown or fishy, refuse
-	} else {
+	}  else {
 	    print $client "refused\n";
 	    $client->close();
 	    &logthis("<font color='blue'>WARNING: "
 		     ."Rejected client $clientip, closing connection</font>");
 	}
-    }             
+    }            
     
 # =============================================================================
     

--foxr1090923907--