[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Tue, 11 Nov 2003 12:39:14 -0000


This is a MIME encoded message

--foxr1068554354
Content-Type: text/plain

foxr		Tue Nov 11 07:39:14 2003 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Support manager/client distinction.  Connection distinction tested,
  client functionality tested, still need to re-test management 
  functionality.
  
  
  
--foxr1068554354
Content-Type: text/plain
Content-Disposition: attachment; filename="foxr-20031111073914.txt"

Index: loncom/lond
diff -u loncom/lond:1.160 loncom/lond:1.161
--- loncom/lond:1.160	Sat Nov  1 11:32:32 2003
+++ loncom/lond	Tue Nov 11 07:39:14 2003
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.160 2003/11/01 16:32:32 www Exp $
+# $Id: lond,v 1.161 2003/11/11 12:39:14 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -24,6 +24,8 @@
 #
 # /home/httpd/html/adm/gpl.txt
 #
+
+
 # http://www.lon-capa.org/
 #
 
@@ -50,21 +52,33 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.160 $'; #' stupid emacs
+my $VERSION='$Revision: 1.161 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
 
 my $client;
 my $clientip;
+my $clientname;
 
 my $server;
 my $thisserver;
 
+# 
+#   Connection type is:
+#      client                   - All client actions are allowed
+#      manager                  - only management functions allowed.
+#      both                     - Both management and client actions are allowed
+#
+
+my $ConnectionType;
+
 my %hostid;
 my %hostdom;
 my %hostip;
-my %managers;			# If defined $managers{hostname} is a manager
+
+my %managers;			# Ip -> manager names
+
 my %perlvar;			# Will have the apache conf defined perl vars.
 
 #
@@ -121,6 +135,21 @@
 
     return $clientip;
 }
+
+#
+#   Return true if client is a manager.
+#
+sub isManager {
+    return (($ConnectionType eq "manager") || ($ConnectionType eq "both"));
+}
+#
+#   Return tru if client can do client functions
+#
+sub isClient {
+    return (($ConnectionType eq "client") || ($ConnectionType eq "both"));
+}
+
+
 #
 #   ReadManagerTable: Reads in the current manager table. For now this is
 #                     done on each manager authentication because:
@@ -144,11 +173,24 @@
     }
     while(my $host = <MANAGERS>) {
 	chomp($host);
-	if (!defined $hostip{$host}) {
-	    logthis('<font color="red"> manager '.$host.
-		    " not in hosts.tab, rejected as manager</font>");
+	if (!defined $hostip{$host}) { # This is a non cluster member
+
+	    #  The entry is of the form:
+	    #    cluname:hostname
+	    #  cluname - A 'cluster hostname' is needed in order to negotiate
+	    #            the host key.
+	    #  hostname- The dns name of the host.
+	    #
+	    
+	    my($cluname, $dnsname) = split(/:/, $host);
+	    open(MGRPIPE, "/usr/bin/host $dnsname |") || die "Can't make host pipeline";
+	    my $dnsinfo = <MGRPIPE>;
+	    chomp $dnsinfo;
+	    close MGRPIPE;
+	    my($jname, $jhas, $jaddress, $hostip) = split(/ /, $dnsinfo);
+	    $managers{$hostip} = $cluname;
 	} else {
-	    $managers{$host} = $hostip{$host}; # Whatever for now.
+	    $managers{$hostip{$host}} = $host;  # Use info from cluster tab if clumemeber
 	}
     }
 }
@@ -724,6 +766,24 @@
 	&logthis($message);
     }
 }
+
+#
+#   Sub to do replies to client.. this gives a hook for some
+#   debug tracing too:
+#  Parameters:
+#     fd      - File open on client.
+#     reply   - Text to send to client.
+#     request - Original request from client.
+#
+sub Reply {
+    my $fd      = shift;
+    my $reply   = shift;
+    my $request = shift;
+
+    print $fd $reply;
+    Debug("Request was $request  Reply was $reply");
+
+}
 # ------------------------------------------------------------------ Log status
 
 sub logstatus {
@@ -935,7 +995,8 @@
     my $sigset;
 
     $client = shift;
-    &logthis("Attempting to start child");    
+    &logthis('<font color="green"> Attempting to start child ('.$client.
+	     ")</font>");    
     # block signal for fork
     $sigset = POSIX::SigSet->new(SIGINT);
     sigprocmask(SIG_BLOCK, $sigset)
@@ -981,1269 +1042,1480 @@
         &Authen::Krb5::init_context();
         &Authen::Krb5::init_ets();
 
-            &status('Accepted connection');
+	&status('Accepted connection');
 # =============================================================================
             # do something with the connection
 # -----------------------------------------------------------------------------
 	# see if we know client and check for spoof IP by challenge
 
-            my $clientrec=($hostid{$clientip} ne undef);
-            &logthis(
-"<font color=yellow>INFO: Connection, $clientip ($hostid{$clientip})</font>"
-            );
-            &status("Connecting $clientip ($hostid{$clientip})"); 
-            my $clientok;
-            if ($clientrec) {
-	      &status("Waiting for init from $clientip ($hostid{$clientip})");
-	      my $remotereq=<$client>;
-              $remotereq=~s/[^\w:]//g;
-              if ($remotereq =~ /^init/) {
-		  &sethost("sethost:$perlvar{'lonHostID'}");
-		  my $challenge="$$".time;
-                  print $client "$challenge\n";
-                  &status(
-           "Waiting for challenge reply from $clientip ($hostid{$clientip})"); 
-                  $remotereq=<$client>;
-                  $remotereq=~s/\W//g;
-                  if ($challenge eq $remotereq) {
-		      $clientok=1;
-                      print $client "ok\n";
-                  } else {
-		      &logthis(
- "<font color=blue>WARNING: $clientip did not reply challenge</font>");
-                      &status('No challenge reply '.$clientip);
-                  }
-              } else {
-		  &logthis(
-                    "<font color=blue>WARNING: "
-                   ."$clientip failed to initialize: >$remotereq< </font>");
-                  &status('No init '.$clientip);
-              }
+	ReadManagerTable;	# May also be a manager!!
+	
+	my $clientrec=($hostid{$clientip}     ne undef);
+	my $ismanager=($managers{$clientip}    ne undef);
+	$clientname  = "[unknonwn]";
+	if($clientrec) {	# Establish client type.
+	    $ConnectionType = "client";
+	    $clientname = $hostid{$clientip};
+	    if($ismanager) {
+		$ConnectionType = "both";
+	    }
+	} else {
+	    $ConnectionType = "manager";
+	    $clientname = $managers{$clientip};
+	}
+	my $clientok;
+	if ($clientrec || $ismanager) {
+	    &status("Waiting for init from $clientip $clientname");
+	    &logthis('<font color="yellow">INFO: Connection, '.
+		     $clientip.
+		  " ($clientname) connection type = $ConnectionType </font>" );
+	    &status("Connecting $clientip  ($clientname))"); 
+	    my $remotereq=<$client>;
+	    $remotereq=~s/[^\w:]//g;
+	    if ($remotereq =~ /^init/) {
+		&sethost("sethost:$perlvar{'lonHostID'}");
+		my $challenge="$$".time;
+		print $client "$challenge\n";
+		&status(
+			"Waiting for challenge reply from $clientip ($clientname)"); 
+		$remotereq=<$client>;
+		$remotereq=~s/\W//g;
+		if ($challenge eq $remotereq) {
+		    $clientok=1;
+		    print $client "ok\n";
+		} else {
+		    &logthis(
+			     "<font color=blue>WARNING: $clientip did not reply challenge</font>");
+		    &status('No challenge reply '.$clientip);
+		}
 	    } else {
-              &logthis(
- "<font color=blue>WARNING: Unknown client $clientip</font>");
-              &status('Hung up on '.$clientip);
-            }
-            if ($clientok) {
+		&logthis(
+			 "<font color=blue>WARNING: "
+			 ."$clientip failed to initialize: >$remotereq< </font>");
+		&status('No init '.$clientip);
+	    }
+	} else {
+	    &logthis(
+		     "<font color=blue>WARNING: Unknown client $clientip</font>");
+	    &status('Hung up on '.$clientip);
+	}
+	if ($clientok) {
 # ---------------- New known client connecting, could mean machine online again
-
-		foreach my $id (keys(%hostip)) {
-		    if ($hostip{$id} ne $clientip ||
-		       $hostip{$currenthostid} eq $clientip) {
-			# no need to try to do recon's to myself
-			next;
-		    }
-		    &reconlonc("$perlvar{'lonSockDir'}/$id");
+	    
+	    foreach my $id (keys(%hostip)) {
+		if ($hostip{$id} ne $clientip ||
+		    $hostip{$currenthostid} eq $clientip) {
+		    # no need to try to do recon's to myself
+		    next;
 		}
-		&logthis("<font color=green>Established connection: $hostid{$clientip}</font>");
-              &status('Will listen to '.$hostid{$clientip});
+		&reconlonc("$perlvar{'lonSockDir'}/$id");
+	    }
+	    &logthis("<font color=green>Established connection: $clientname</font>");
+	    &status('Will listen to '.$clientname);
 # ------------------------------------------------------------ Process requests
-              while (my $userinput=<$client>) {
+	    while (my $userinput=<$client>) {
                 chomp($userinput);
 		Debug("Request = $userinput\n");
-                &status('Processing '.$hostid{$clientip}.': '.$userinput);
+                &status('Processing '.$clientname.': '.$userinput);
                 my $wasenc=0;
                 alarm(120);
 # ------------------------------------------------------------ See if encrypted
 		if ($userinput =~ /^enc/) {
-		  if ($cipher) {
-                    my ($cmd,$cmdlength,$encinput)=split(/:/,$userinput);
-		    $userinput='';
-                    for (my $encidx=0;$encidx<length($encinput);$encidx+=16) {
-                       $userinput.=
-			   $cipher->decrypt(
-                            pack("H16",substr($encinput,$encidx,16))
-                           );
+		    if ($cipher) {
+			my ($cmd,$cmdlength,$encinput)=split(/:/,$userinput);
+			$userinput='';
+			for (my $encidx=0;$encidx<length($encinput);$encidx+=16) {
+			    $userinput.=
+				$cipher->decrypt(
+						 pack("H16",substr($encinput,$encidx,16))
+						 );
+			}
+			$userinput=substr($userinput,0,$cmdlength);
+			$wasenc=1;
 		    }
-		    $userinput=substr($userinput,0,$cmdlength);
-                    $wasenc=1;
 		}
-	      }
-	  
+		
 # ------------------------------------------------------------- Normal commands
 # ------------------------------------------------------------------------ ping
-		   if ($userinput =~ /^ping/) {
-                       print $client "$currenthostid\n";
+		if ($userinput =~ /^ping/) {	# client only
+		    if(isClient) {
+			print $client "$currenthostid\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    }
 # ------------------------------------------------------------------------ pong
-		   }elsif ($userinput =~ /^pong/) {
-                       my $reply=&reply("ping",$hostid{$clientip});
-                       print $client "$currenthostid:$reply\n"; 
+		}elsif ($userinput =~ /^pong/) { # client only
+		    if(isClient) {
+			my $reply=&reply("ping",$clientname);
+			print $client "$currenthostid:$reply\n"; 
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    }
 # ------------------------------------------------------------------------ ekey
-		   } elsif ($userinput =~ /^ekey/) {
-                       my $buildkey=time.$$.int(rand 100000);
-                       $buildkey=~tr/1-6/A-F/;
-                       $buildkey=int(rand 100000).$buildkey.int(rand 100000);
-                       my $key=$currenthostid.$hostid{$clientip};
-                       $key=~tr/a-z/A-Z/;
-                       $key=~tr/G-P/0-9/;
-                       $key=~tr/Q-Z/0-9/;
-                       $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
-                       $key=substr($key,0,32);
-                       my $cipherkey=pack("H32",$key);
-                       $cipher=new IDEA $cipherkey;
-                       print $client "$buildkey\n"; 
+		} elsif ($userinput =~ /^ekey/) { # ok for both clients & mgrs
+		    my $buildkey=time.$$.int(rand 100000);
+		    $buildkey=~tr/1-6/A-F/;
+		    $buildkey=int(rand 100000).$buildkey.int(rand 100000);
+		    my $key=$currenthostid.$clientname;
+		    $key=~tr/a-z/A-Z/;
+		    $key=~tr/G-P/0-9/;
+		    $key=~tr/Q-Z/0-9/;
+		    $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
+		    $key=substr($key,0,32);
+		    my $cipherkey=pack("H32",$key);
+		    $cipher=new IDEA $cipherkey;
+		    print $client "$buildkey\n"; 
 # ------------------------------------------------------------------------ load
-		   } elsif ($userinput =~ /^load/) {
-                       my $loadavg;
-                       {
-                          my $loadfile=IO::File->new('/proc/loadavg');
-                          $loadavg=<$loadfile>;
-                       }
-                       $loadavg =~ s/\s.*//g;
-		       my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
-		       print $client "$loadpercent\n";
+		} elsif ($userinput =~ /^load/) { # client only
+		    if (isClient) {
+			my $loadavg;
+			{
+			    my $loadfile=IO::File->new('/proc/loadavg');
+			    $loadavg=<$loadfile>;
+			}
+			$loadavg =~ s/\s.*//g;
+			my $loadpercent=100*$loadavg/$perlvar{'lonLoadLim'};
+			print $client "$loadpercent\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+	       
+		    }
 # -------------------------------------------------------------------- userload
-		   } elsif ($userinput =~ /^userload/) {
-		       my $userloadpercent=&userload();
-		       print $client "$userloadpercent\n";
-
+		} elsif ($userinput =~ /^userload/) { # client only
+		    if(isClient) {
+			my $userloadpercent=&userload();
+			print $client "$userloadpercent\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		     
+		    }
 #
 #        Transactions requiring encryption:
 #
 # ----------------------------------------------------------------- currentauth
-		   } elsif ($userinput =~ /^currentauth/) {
-		     if ($wasenc==1) {
-                       my ($cmd,$udom,$uname)=split(/:/,$userinput);
-		       my $result = GetAuthType($udom, $uname);
-		       if($result eq "nouser") {
-			   print $client "unknown_user\n";
-		       }
-		       else {
-			   print $client "$result\n"
-		       }
-		     } else {
-		       print $client "refused\n";
-		     }
+		} elsif ($userinput =~ /^currentauth/) {
+		    if (($wasenc==1)  && isClient) { # Encoded & client only.
+			my ($cmd,$udom,$uname)=split(/:/,$userinput);
+			my $result = GetAuthType($udom, $uname);
+			if($result eq "nouser") {
+			    print $client "unknown_user\n";
+			}
+			else {
+			    print $client "$result\n"
+			    }
+		    } else {
+			Reply($client, "refused\n", $userinput);
+			
+		    }
 #--------------------------------------------------------------------- pushfile
-		   } elsif($userinput =~ /^pushfile/) { 
-		       if($wasenc == 1) {
-			   my $cert = GetCertificate($userinput);
-			   if(ValidManager($cert)) {
-			       my $reply = PushFile($userinput);
-			       print $client "$reply\n";
-			   } else {
-			       print $client "refused\n";
-			   } 
-		       } else {
-			   print $client "refused\n";
-		       }
+		} elsif($userinput =~ /^pushfile/) {	# encoded & manager.
+		    if(($wasenc == 1) && isManager) {
+			my $cert = GetCertificate($userinput);
+			if(ValidManager($cert)) {
+			    my $reply = PushFile($userinput);
+			    print $client "$reply\n";
+			} else {
+			    print $client "refused\n";
+			} 
+		    } else {
+			Reply($client, "refused\n", $userinput);
+			
+		    }
 #--------------------------------------------------------------------- reinit
-		   } elsif($userinput =~ /^reinit/) {
-		       if ($wasenc == 1) {
-			   my $cert = GetCertificate($userinput);
-			   if(ValidManager($cert)) {
-			       chomp($userinput);
-			       my $reply = ReinitProcess($userinput);
-			       print $client  "$reply\n";
-			   } else {
-			       print $client "refused\n";
-			   }
-		       } else {
-			   print $client "refused\n";
-		       }
+		} elsif($userinput =~ /^reinit/) { # Encoded and manager
+		    if (($wasenc == 1) && isManager) {
+			my $cert = GetCertificate($userinput);
+			if(ValidManager($cert)) {
+			    chomp($userinput);
+			    my $reply = ReinitProcess($userinput);
+			    print $client  "$reply\n";
+			} else {
+			    print $client "refused\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+
+		    }
 # ------------------------------------------------------------------------ auth
-                   } elsif ($userinput =~ /^auth/) {
-		     if ($wasenc==1) {
-                       my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
-                       chomp($upass);
-                       $upass=unescape($upass);
-                       my $proname=propath($udom,$uname);
-                       my $passfilename="$proname/passwd";
-                       if (-e $passfilename) {
-                          my $pf = IO::File->new($passfilename);
-                          my $realpasswd=<$pf>;
-                          chomp($realpasswd);
-                          my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-                          my $pwdcorrect=0;
-                          if ($howpwd eq 'internal') {
-			      &Debug("Internal auth");
-			      $pwdcorrect=
-				  (crypt($upass,$contentpwd) eq $contentpwd);
-                          } elsif ($howpwd eq 'unix') {
-			      &Debug("Unix auth");
-                              if((getpwnam($uname))[1] eq "") { #no such user!
-				  $pwdcorrect = 0;
-			      } else {
-				  $contentpwd=(getpwnam($uname))[1];
-				  my $pwauth_path="/usr/local/sbin/pwauth";
-				  unless ($contentpwd eq 'x') {
-				      $pwdcorrect=
-					  (crypt($upass,$contentpwd) eq 
-					   $contentpwd);
-				  }
-		  
-			      elsif (-e $pwauth_path) {
-				  open PWAUTH, "|$pwauth_path" or
-				      die "Cannot invoke authentication";
-				  print PWAUTH "$uname\n$upass\n";
-				  close PWAUTH;
-				  $pwdcorrect=!$?;
-			      }
-			      }
-                          } elsif ($howpwd eq 'krb4') {
-                              my $null=pack("C",0);
-                              unless ($upass=~/$null/) {
-                                  my $krb4_error = &Authen::Krb4::get_pw_in_tkt
-                                      ($uname,"",$contentpwd,'krbtgt',
-                                       $contentpwd,1,$upass);
-                                  if (!$krb4_error) {
-                                      $pwdcorrect = 1;
-                                  } else { 
-                                      $pwdcorrect=0; 
-                                      # log error if it is not a bad password
-                                      if ($krb4_error != 62) {
-       &logthis('krb4:'.$uname.','.$contentpwd.','.
-                &Authen::Krb4::get_err_txt($Authen::Krb4::error));
-                                      }
-                                  }
-                              }
-                          } elsif ($howpwd eq 'krb5') {
-			      my $null=pack("C",0);
-			      unless ($upass=~/$null/) {
-				  my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
-				  my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
-				  my $krbserver=&Authen::Krb5::parse_name($krbservice);
-				  my $credentials=&Authen::Krb5::cc_default();
-				  $credentials->initialize($krbclient);
-				  my $krbreturn = 
-				    &Authen::Krb5::get_in_tkt_with_password(
-				     $krbclient,$krbserver,$upass,$credentials);
+		} elsif ($userinput =~ /^auth/) { # Encoded and client only.
+		    if (($wasenc==1) && isClient) {
+			my ($cmd,$udom,$uname,$upass)=split(/:/,$userinput);
+			chomp($upass);
+			$upass=unescape($upass);
+			my $proname=propath($udom,$uname);
+			my $passfilename="$proname/passwd";
+			if (-e $passfilename) {
+			    my $pf = IO::File->new($passfilename);
+			    my $realpasswd=<$pf>;
+			    chomp($realpasswd);
+			    my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+			    my $pwdcorrect=0;
+			    if ($howpwd eq 'internal') {
+				&Debug("Internal auth");
+				$pwdcorrect=
+				    (crypt($upass,$contentpwd) eq $contentpwd);
+			    } elsif ($howpwd eq 'unix') {
+				&Debug("Unix auth");
+				if((getpwnam($uname))[1] eq "") { #no such user!
+				    $pwdcorrect = 0;
+				} else {
+				    $contentpwd=(getpwnam($uname))[1];
+				    my $pwauth_path="/usr/local/sbin/pwauth";
+				    unless ($contentpwd eq 'x') {
+					$pwdcorrect=
+					    (crypt($upass,$contentpwd) eq 
+					     $contentpwd);
+				    }
+				    
+				    elsif (-e $pwauth_path) {
+					open PWAUTH, "|$pwauth_path" or
+					    die "Cannot invoke authentication";
+					print PWAUTH "$uname\n$upass\n";
+					close PWAUTH;
+					$pwdcorrect=!$?;
+				    }
+				}
+			    } elsif ($howpwd eq 'krb4') {
+				my $null=pack("C",0);
+				unless ($upass=~/$null/) {
+				    my $krb4_error = &Authen::Krb4::get_pw_in_tkt
+					($uname,"",$contentpwd,'krbtgt',
+					 $contentpwd,1,$upass);
+				    if (!$krb4_error) {
+					$pwdcorrect = 1;
+				    } else { 
+					$pwdcorrect=0; 
+					# log error if it is not a bad password
+					if ($krb4_error != 62) {
+					    &logthis('krb4:'.$uname.','.$contentpwd.','.
+						     &Authen::Krb4::get_err_txt($Authen::Krb4::error));
+					}
+				    }
+				}
+			    } elsif ($howpwd eq 'krb5') {
+				my $null=pack("C",0);
+				unless ($upass=~/$null/) {
+				    my $krbclient=&Authen::Krb5::parse_name($uname.'@'.$contentpwd);
+				    my $krbservice="krbtgt/".$contentpwd."\@".$contentpwd;
+				    my $krbserver=&Authen::Krb5::parse_name($krbservice);
+				    my $credentials=&Authen::Krb5::cc_default();
+				    $credentials->initialize($krbclient);
+				    my $krbreturn = 
+					&Authen::Krb5::get_in_tkt_with_password(
+										$krbclient,$krbserver,$upass,$credentials);
 #				  unless ($krbreturn) {
 #				      &logthis("Krb5 Error: ".
 #					       &Authen::Krb5::error());
 #				  }
-				  $pwdcorrect = ($krbreturn == 1);
-			   } else { $pwdcorrect=0; }
-                          } elsif ($howpwd eq 'localauth') {
-			    $pwdcorrect=&localauth::localauth($uname,$upass,
-							      $contentpwd);
-			  }
-                          if ($pwdcorrect) {
-                             print $client "authorized\n";
-                          } else {
-                             print $client "non_authorized\n";
-                          }  
-		       } else {
-                          print $client "unknown_user\n";
-                       }
-		     } else {
-		       print $client "refused\n";
-		     }
+				    $pwdcorrect = ($krbreturn == 1);
+				} else { $pwdcorrect=0; }
+			    } elsif ($howpwd eq 'localauth') {
+				$pwdcorrect=&localauth::localauth($uname,$upass,
+								  $contentpwd);
+			    }
+			    if ($pwdcorrect) {
+				print $client "authorized\n";
+			    } else {
+				print $client "non_authorized\n";
+			    }  
+			} else {
+			    print $client "unknown_user\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ---------------------------------------------------------------------- passwd
-                   } elsif ($userinput =~ /^passwd/) {
-		     if ($wasenc==1) {
-                       my 
-                       ($cmd,$udom,$uname,$upass,$npass)=split(/:/,$userinput);
-                       chomp($npass);
-                       $upass=&unescape($upass);
-                       $npass=&unescape($npass);
-		       &Debug("Trying to change password for $uname");
-		       my $proname=propath($udom,$uname);
-                       my $passfilename="$proname/passwd";
-                       if (-e $passfilename) {
-			   my $realpasswd;
-                          { my $pf = IO::File->new($passfilename);
-			    $realpasswd=<$pf>; }
-                          chomp($realpasswd);
-                          my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
-                          if ($howpwd eq 'internal') {
-			   &Debug("internal auth");
-			   if (crypt($upass,$contentpwd) eq $contentpwd) {
-			     my $salt=time;
-                             $salt=substr($salt,6,2);
-			     my $ncpass=crypt($npass,$salt);
-                             {
-				 my $pf;
-				 if ($pf = IO::File->new(">$passfilename")) {
-				     print $pf "internal:$ncpass\n";
-				     &logthis("Result of password change for $uname: pwchange_success");
-				     print $client "ok\n";
-				 } else {
-				     &logthis("Unable to open $uname passwd to change password");
-				     print $client "non_authorized\n";
-				 }
-			     }             
-			     
-                           } else {
-                             print $client "non_authorized\n";
-                           }
-                          } elsif ($howpwd eq 'unix') {
-			      # Unix means we have to access /etc/password
-			      # one way or another.
-			      # First: Make sure the current password is
-			      #        correct
-			      &Debug("auth is unix");
-			      $contentpwd=(getpwnam($uname))[1];
-			      my $pwdcorrect = "0";
-			      my $pwauth_path="/usr/local/sbin/pwauth";
-			      unless ($contentpwd eq 'x') {
-				  $pwdcorrect=
-                                    (crypt($upass,$contentpwd) eq $contentpwd);
-			      } elsif (-e $pwauth_path) {
-				  open PWAUTH, "|$pwauth_path" or
-				      die "Cannot invoke authentication";
-				  print PWAUTH "$uname\n$upass\n";
-				  close PWAUTH;
-				  &Debug("exited pwauth with $? ($uname,$upass) ");
-				  $pwdcorrect=($? == 0);
-			      }
-			     if ($pwdcorrect) {
-				 my $execdir=$perlvar{'lonDaemons'};
-				 &Debug("Opening lcpasswd pipeline");
-				 my $pf = IO::File->new("|$execdir/lcpasswd > $perlvar{'lonDaemons'}/logs/lcpasswd.log");
-				 print $pf "$uname\n$npass\n$npass\n";
-				 close $pf;
-				 my $err = $?;
-				 my $result = ($err>0 ? 'pwchange_failure' 
-					       : 'ok');
-				 &logthis("Result of password change for $uname: ".
-					  &lcpasswdstrerror($?));
-				 print $client "$result\n";
-			     } else {
-				 print $client "non_authorized\n";
-			     }
-			  } else {
-                            print $client "auth_mode_error\n";
-                          }  
-		       } else {
-                          print $client "unknown_user\n";
-                       }
-		     } else {
-		       print $client "refused\n";
-		     }
+		} elsif ($userinput =~ /^passwd/) { # encoded and client
+		    if (($wasenc==1) && isClient) {
+			my 
+			    ($cmd,$udom,$uname,$upass,$npass)=split(/:/,$userinput);
+			chomp($npass);
+			$upass=&unescape($upass);
+			$npass=&unescape($npass);
+			&Debug("Trying to change password for $uname");
+			my $proname=propath($udom,$uname);
+			my $passfilename="$proname/passwd";
+			if (-e $passfilename) {
+			    my $realpasswd;
+			    { my $pf = IO::File->new($passfilename);
+			      $realpasswd=<$pf>; }
+			    chomp($realpasswd);
+			    my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+			    if ($howpwd eq 'internal') {
+				&Debug("internal auth");
+				if (crypt($upass,$contentpwd) eq $contentpwd) {
+				    my $salt=time;
+				    $salt=substr($salt,6,2);
+				    my $ncpass=crypt($npass,$salt);
+				    {
+					my $pf;
+					if ($pf = IO::File->new(">$passfilename")) {
+					    print $pf "internal:$ncpass\n";
+					    &logthis("Result of password change for $uname: pwchange_success");
+					    print $client "ok\n";
+					} else {
+					    &logthis("Unable to open $uname passwd to change password");
+					    print $client "non_authorized\n";
+					}
+				    }             
+				    
+				} else {
+				    print $client "non_authorized\n";
+				}
+			    } elsif ($howpwd eq 'unix') {
+				# Unix means we have to access /etc/password
+				# one way or another.
+				# First: Make sure the current password is
+				#        correct
+				&Debug("auth is unix");
+				$contentpwd=(getpwnam($uname))[1];
+				my $pwdcorrect = "0";
+				my $pwauth_path="/usr/local/sbin/pwauth";
+				unless ($contentpwd eq 'x') {
+				    $pwdcorrect=
+					(crypt($upass,$contentpwd) eq $contentpwd);
+				} elsif (-e $pwauth_path) {
+				    open PWAUTH, "|$pwauth_path" or
+					die "Cannot invoke authentication";
+				    print PWAUTH "$uname\n$upass\n";
+				    close PWAUTH;
+				    &Debug("exited pwauth with $? ($uname,$upass) ");
+				    $pwdcorrect=($? == 0);
+				}
+				if ($pwdcorrect) {
+				    my $execdir=$perlvar{'lonDaemons'};
+				    &Debug("Opening lcpasswd pipeline");
+				    my $pf = IO::File->new("|$execdir/lcpasswd > $perlvar{'lonDaemons'}/logs/lcpasswd.log");
+				    print $pf "$uname\n$npass\n$npass\n";
+				    close $pf;
+				    my $err = $?;
+				    my $result = ($err>0 ? 'pwchange_failure' 
+						  : 'ok');
+				    &logthis("Result of password change for $uname: ".
+					     &lcpasswdstrerror($?));
+				    print $client "$result\n";
+				} else {
+				    print $client "non_authorized\n";
+				}
+			    } else {
+				print $client "auth_mode_error\n";
+			    }  
+			} else {
+			    print $client "unknown_user\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # -------------------------------------------------------------------- makeuser
-                   } elsif ($userinput =~ /^makeuser/) {
-		     &Debug("Make user received");
-    	             my $oldumask=umask(0077);
-		     if ($wasenc==1) {
-                       my 
-                       ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
-		       &Debug("cmd =".$cmd." $udom =".$udom.
-				    " uname=".$uname);
-                       chomp($npass);
-                       $npass=&unescape($npass);
-                       my $proname=propath($udom,$uname);
-                       my $passfilename="$proname/passwd";
-		       &Debug("Password file created will be:".
-				    $passfilename);
-                       if (-e $passfilename) {
-			   print $client "already_exists\n";
-                       } elsif ($udom ne $currentdomainid) {
-                           print $client "not_right_domain\n";
-                       } else {
-                           my @fpparts=split(/\//,$proname);
-                           my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
-                           my $fperror='';
-                           for (my $i=3;$i<=$#fpparts;$i++) {
-                               $fpnow.='/'.$fpparts[$i]; 
-                               unless (-e $fpnow) {
-				   unless (mkdir($fpnow,0777)) {
-                                      $fperror="error: ".($!+0)
-					  ." mkdir failed while attempting "
-                                              ."makeuser\n";
-                                   }
-                               }
-                           }
-                           unless ($fperror) {
-			       my $result=&make_passwd_file($uname, $umode,$npass,
-							    $passfilename);
-			       print $client $result;
-                           } else {
-                               print $client "$fperror\n";
-                           }
-                       }
-		     } else {
-		       print $client "refused\n";
-		     }
-		     umask($oldumask);
+		} elsif ($userinput =~ /^makeuser/) { # encoded and client.
+		    &Debug("Make user received");
+		    my $oldumask=umask(0077);
+		    if (($wasenc==1) && isClient) {
+			my 
+			    ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+			&Debug("cmd =".$cmd." $udom =".$udom.
+			       " uname=".$uname);
+			chomp($npass);
+			$npass=&unescape($npass);
+			my $proname=propath($udom,$uname);
+			my $passfilename="$proname/passwd";
+			&Debug("Password file created will be:".
+			       $passfilename);
+			if (-e $passfilename) {
+			    print $client "already_exists\n";
+			} elsif ($udom ne $currentdomainid) {
+			    print $client "not_right_domain\n";
+			} else {
+			    my @fpparts=split(/\//,$proname);
+			    my $fpnow=$fpparts[0].'/'.$fpparts[1].'/'.$fpparts[2];
+			    my $fperror='';
+			    for (my $i=3;$i<=$#fpparts;$i++) {
+				$fpnow.='/'.$fpparts[$i]; 
+				unless (-e $fpnow) {
+				    unless (mkdir($fpnow,0777)) {
+					$fperror="error: ".($!+0)
+					    ." mkdir failed while attempting "
+					    ."makeuser\n";
+				    }
+				}
+			    }
+			    unless ($fperror) {
+				my $result=&make_passwd_file($uname, $umode,$npass,
+							     $passfilename);
+				print $client $result;
+			    } else {
+				print $client "$fperror\n";
+			    }
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+	      
+		    }
+		    umask($oldumask);
 # -------------------------------------------------------------- changeuserauth
-                   } elsif ($userinput =~ /^changeuserauth/) {
-		       &Debug("Changing authorization");
-		      if ($wasenc==1) {
-                       my 
-		       ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
-                       chomp($npass);
-		       &Debug("cmd = ".$cmd." domain= ".$udom.
-			      "uname =".$uname." umode= ".$umode);
-                       $npass=&unescape($npass);
-                       my $proname=&propath($udom,$uname);
-                       my $passfilename="$proname/passwd";
-		       if ($udom ne $currentdomainid) {
-                           print $client "not_right_domain\n";
-                       } else {
-			   my $result=&make_passwd_file($uname, $umode,$npass,
-							$passfilename);
-			   print $client $result;
-                       }
-		     } else {
-		       print $client "refused\n";
-		     }
+		} elsif ($userinput =~ /^changeuserauth/) { # encoded & client
+		    &Debug("Changing authorization");
+		    if (($wasenc==1) && isClient) {
+			my 
+			    ($cmd,$udom,$uname,$umode,$npass)=split(/:/,$userinput);
+			chomp($npass);
+			&Debug("cmd = ".$cmd." domain= ".$udom.
+			       "uname =".$uname." umode= ".$umode);
+			$npass=&unescape($npass);
+			my $proname=&propath($udom,$uname);
+			my $passfilename="$proname/passwd";
+			if ($udom ne $currentdomainid) {
+			    print $client "not_right_domain\n";
+			} else {
+			    my $result=&make_passwd_file($uname, $umode,$npass,
+							 $passfilename);
+			    print $client $result;
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		   
+		    }
 # ------------------------------------------------------------------------ home
-                   } elsif ($userinput =~ /^home/) {
-                       my ($cmd,$udom,$uname)=split(/:/,$userinput);
-                       chomp($uname);
-                       my $proname=propath($udom,$uname);
-                       if (-e $proname) {
-                          print $client "found\n";
-                       } else {
-			  print $client "not_found\n";
-                       }
+		} elsif ($userinput =~ /^home/) { # client clear or encoded
+		    if(isClient) {
+			my ($cmd,$udom,$uname)=split(/:/,$userinput);
+			chomp($uname);
+			my $proname=propath($udom,$uname);
+			if (-e $proname) {
+			    print $client "found\n";
+			} else {
+			    print $client "not_found\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ---------------------------------------------------------------------- update
-                   } elsif ($userinput =~ /^update/) {
-                       my ($cmd,$fname)=split(/:/,$userinput);
-                       my $ownership=ishome($fname);
-                       if ($ownership eq 'not_owner') {
-                        if (-e $fname) {
-                          my ($dev,$ino,$mode,$nlink,
-                              $uid,$gid,$rdev,$size,
-                              $atime,$mtime,$ctime,
-                              $blksize,$blocks)=stat($fname);
-                          my $now=time;
-                          my $since=$now-$atime;
-                          if ($since>$perlvar{'lonExpire'}) {
-                              my $reply=
-                                    &reply("unsub:$fname","$hostid{$clientip}");
-                              unlink("$fname");
-                          } else {
-			     my $transname="$fname.in.transfer";
-                             my $remoteurl=
-                                    reply("sub:$fname","$hostid{$clientip}");
-                             my $response;
-                              {
-                             my $ua=new LWP::UserAgent;
-                             my $request=new HTTP::Request('GET',"$remoteurl");
-                             $response=$ua->request($request,$transname);
-			      }
-                             if ($response->is_error()) {
-				 unlink($transname);
-                                 my $message=$response->status_line;
-                                 &logthis(
-                                  "LWP GET: $message for $fname ($remoteurl)");
-                             } else {
-	                         if ($remoteurl!~/\.meta$/) {
-                                  my $ua=new LWP::UserAgent;
-                                  my $mrequest=
-                                   new HTTP::Request('GET',$remoteurl.'.meta');
-                                  my $mresponse=
-                                   $ua->request($mrequest,$fname.'.meta');
-                                  if ($mresponse->is_error()) {
-		                    unlink($fname.'.meta');
-                                  }
-	                         }
-                                 rename($transname,$fname);
-			     }
-                          }
-                          print $client "ok\n";
-                        } else {
-                          print $client "not_found\n";
-                        }
-		       } else {
-			print $client "rejected\n";
-                       }
+		} elsif ($userinput =~ /^update/) { # client clear or encoded.
+		    if(isClient) {
+			my ($cmd,$fname)=split(/:/,$userinput);
+			my $ownership=ishome($fname);
+			if ($ownership eq 'not_owner') {
+			    if (-e $fname) {
+				my ($dev,$ino,$mode,$nlink,
+				    $uid,$gid,$rdev,$size,
+				    $atime,$mtime,$ctime,
+				    $blksize,$blocks)=stat($fname);
+				my $now=time;
+				my $since=$now-$atime;
+				if ($since>$perlvar{'lonExpire'}) {
+				    my $reply=
+					&reply("unsub:$fname","$clientname");
+				    unlink("$fname");
+				} else {
+				    my $transname="$fname.in.transfer";
+				    my $remoteurl=
+					&reply("sub:$fname","$clientname");
+				    my $response;
+				    {
+					my $ua=new LWP::UserAgent;
+					my $request=new HTTP::Request('GET',"$remoteurl");
+					$response=$ua->request($request,$transname);
+				    }
+				    if ($response->is_error()) {
+					unlink($transname);
+					my $message=$response->status_line;
+					&logthis(
+						 "LWP GET: $message for $fname ($remoteurl)");
+				    } else {
+					if ($remoteurl!~/\.meta$/) {
+					    my $ua=new LWP::UserAgent;
+					    my $mrequest=
+						new HTTP::Request('GET',$remoteurl.'.meta');
+					    my $mresponse=
+						$ua->request($mrequest,$fname.'.meta');
+					    if ($mresponse->is_error()) {
+						unlink($fname.'.meta');
+					    }
+					}
+					rename($transname,$fname);
+				    }
+				}
+				print $client "ok\n";
+			    } else {
+				print $client "not_found\n";
+			    }
+			} else {
+			    print $client "rejected\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # -------------------------------------- fetch a user file from a remote server
-                   } elsif ($userinput =~ /^fetchuserfile/) {
-		       my ($cmd,$fname)=split(/:/,$userinput);
-		       my ($udom,$uname,$ufile)=split(/\//,$fname);
-		       my $udir=propath($udom,$uname).'/userfiles';
-		       unless (-e $udir) { mkdir($udir,0770); }
-                       if (-e $udir) {
-			   $ufile=~s/^[\.\~]+//;
-			   $ufile=~s/\///g;
-			   my $destname=$udir.'/'.$ufile;
-			   my $transname=$udir.'/'.$ufile.'.in.transit';
-			   my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
-			   my $response;
-			   {
-			       my $ua=new LWP::UserAgent;
-			       my $request=new HTTP::Request('GET',"$remoteurl");
-			       $response=$ua->request($request,$transname);
-			   }
-			   if ($response->is_error()) {
-			       unlink($transname);
-			       my $message=$response->status_line;
-			       &logthis("LWP GET: $message for $fname ($remoteurl)");
-			       print $client "failed\n";
-			   } else {
-			       if (!rename($transname,$destname)) {
-				   &logthis("Unable to move $transname to $destname");
-				   unlink($transname);
-				   print $client "failed\n";
-			       } else {
-				   print $client "ok\n";
-			       }
-			   }
-		       } else {
-			   print $client "not_home\n";
-		       }
+		} elsif ($userinput =~ /^fetchuserfile/) { # Client clear or enc.
+		    if(isClient) {
+			my ($cmd,$fname)=split(/:/,$userinput);
+			my ($udom,$uname,$ufile)=split(/\//,$fname);
+			my $udir=propath($udom,$uname).'/userfiles';
+			unless (-e $udir) { mkdir($udir,0770); }
+			if (-e $udir) {
+			    $ufile=~s/^[\.\~]+//;
+			    $ufile=~s/\///g;
+			    my $destname=$udir.'/'.$ufile;
+			    my $transname=$udir.'/'.$ufile.'.in.transit';
+			    my $remoteurl='http://'.$clientip.'/userfiles/'.$fname;
+			    my $response;
+			    {
+				my $ua=new LWP::UserAgent;
+				my $request=new HTTP::Request('GET',"$remoteurl");
+				$response=$ua->request($request,$transname);
+			    }
+			    if ($response->is_error()) {
+				unlink($transname);
+				my $message=$response->status_line;
+				&logthis("LWP GET: $message for $fname ($remoteurl)");
+				print $client "failed\n";
+			    } else {
+				if (!rename($transname,$destname)) {
+				    &logthis("Unable to move $transname to $destname");
+				    unlink($transname);
+				    print $client "failed\n";
+				} else {
+				    print $client "ok\n";
+				}
+			    }
+			} else {
+			    print $client "not_home\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ------------------------------------------ authenticate access to a user file
-                   } elsif ($userinput =~ /^tokenauthuserfile/) {
-                       my ($cmd,$fname,$session)=split(/:/,$userinput);
-                       chomp($session);
-                       my $reply='non_auth';
-                       if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
-				$session.'.id')) {
-			   while (my $line=<ENVIN>) {
-			       if ($line=~/userfile\.$fname\=/) { $reply='ok'; }
-			   }
-			   close(ENVIN);
-			   print $client $reply."\n";
-		       } else {
-			   print $client "invalid_token\n";
-                       }
+		} elsif ($userinput =~ /^tokenauthuserfile/) { # Client only
+		    if(isClient) {
+			my ($cmd,$fname,$session)=split(/:/,$userinput);
+			chomp($session);
+			my $reply='non_auth';
+			if (open(ENVIN,$perlvar{'lonIDsDir'}.'/'.
+				 $session.'.id')) {
+			    while (my $line=<ENVIN>) {
+				if ($line=~/userfile\.$fname\=/) { $reply='ok'; }
+			    }
+			    close(ENVIN);
+			    print $client $reply."\n";
+			} else {
+			    print $client "invalid_token\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ----------------------------------------------------------------- unsubscribe
-                   } elsif ($userinput =~ /^unsub/) {
-                       my ($cmd,$fname)=split(/:/,$userinput);
-                       if (-e $fname) {
-			   print $client &unsub($client,$fname,$clientip);
-                       } else {
-			   print $client "not_found\n";
-                       }
+		} elsif ($userinput =~ /^unsub/) {
+		    if(isClient) {
+			my ($cmd,$fname)=split(/:/,$userinput);
+			if (-e $fname) {
+			    print $client &unsub($client,$fname,$clientip);
+			} else {
+			    print $client "not_found\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ------------------------------------------------------------------- subscribe
-                   } elsif ($userinput =~ /^sub/) {
-		       print $client &subscribe($userinput,$clientip);
+		} elsif ($userinput =~ /^sub/) {
+		    if(isClient) {
+			print $client &subscribe($userinput,$clientip);
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ------------------------------------------------------------- current version
-                   } elsif ($userinput =~ /^currentversion/) {
-                       my ($cmd,$fname)=split(/:/,$userinput);
-		       print $client &currentversion($fname)."\n";
+		} elsif ($userinput =~ /^currentversion/) {
+		    if(isClient) {
+			my ($cmd,$fname)=split(/:/,$userinput);
+			print $client &currentversion($fname)."\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ------------------------------------------------------------------------- log
-                   } elsif ($userinput =~ /^log/) {
-                       my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       {
-			 my $hfh;
-			 if ($hfh=IO::File->new(">>$proname/activity.log")) { 
-                            print $hfh "$now:$hostid{$clientip}:$what\n";
-                            print $client "ok\n"; 
-			} else {
-                            print $client "error: ".($!+0)
-				." IO::File->new Failed "
-                                    ."while attempting log\n";
-		        }
-		       }
+		} elsif ($userinput =~ /^log/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$what)=split(/:/,$userinput);
+			chomp($what);
+			my $proname=propath($udom,$uname);
+			my $now=time;
+			{
+			    my $hfh;
+			    if ($hfh=IO::File->new(">>$proname/activity.log")) { 
+				print $hfh "$now:$clientname:$what\n";
+				print $client "ok\n"; 
+			    } else {
+				print $client "error: ".($!+0)
+				    ." IO::File->new Failed "
+				    ."while attempting log\n";
+			    }
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # ------------------------------------------------------------------------- put
-                   } elsif ($userinput =~ /^put/) {
-                      my ($cmd,$udom,$uname,$namespace,$what)
-                          =split(/:/,$userinput);
-                      $namespace=~s/\//\_/g;
-                      $namespace=~s/\W//g;
-                      if ($namespace ne 'roles') {
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       unless ($namespace=~/^nohist\_/) {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname/$namespace.hist")
-			       ) { print $hfh "P:$now:$what\n"; }
-		       }
-                       my @pairs=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $pair (@pairs) {
-			       my ($key,$value)=split(/=/,$pair);
-                               $hash{$key}=$value;
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) failed ".
-                                      "while attempting put\n";
-                           }
-                       } else {
-                           print $client "error: ".($!)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting put\n";
-                       }
-		      } else {
-                          print $client "refused\n";
-                      }
+		} elsif ($userinput =~ /^put/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$what)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			if ($namespace ne 'roles') {
+			    chomp($what);
+			    my $proname=propath($udom,$uname);
+			    my $now=time;
+			    unless ($namespace=~/^nohist\_/) {
+				my $hfh;
+				if (
+				    $hfh=IO::File->new(">>$proname/$namespace.hist")
+				    ) { print $hfh "P:$now:$what\n"; }
+			    }
+			    my @pairs=split(/\&/,$what);
+			    my %hash;
+			    if (tie(%hash,'GDBM_File',
+				    "$proname/$namespace.db",
+				    &GDBM_WRCREAT(),0640)) {
+				foreach my $pair (@pairs) {
+				    my ($key,$value)=split(/=/,$pair);
+				    $hash{$key}=$value;
+				}
+				if (untie(%hash)) {
+				    print $client "ok\n";
+				} else {
+				    print $client "error: ".($!+0)
+					." untie(GDBM) failed ".
+					"while attempting put\n";
+				}
+			    } else {
+				print $client "error: ".($!)
+				    ." tie(GDBM) Failed ".
+				    "while attempting put\n";
+			    }
+			} else {
+			    print $client "refused\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+
+		    }
 # -------------------------------------------------------------------- rolesput
-                   } elsif ($userinput =~ /^rolesput/) {
-		       &Debug("rolesput");
-		    if ($wasenc==1) {
-                       my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
-                          =split(/:/,$userinput);
-		       &Debug("cmd = ".$cmd." exedom= ".$exedom.
-				    "user = ".$exeuser." udom=".$udom.
-				    "what = ".$what);
-                       my $namespace='roles';
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname/$namespace.hist")
-			       ) { 
-                                  print $hfh "P:$now:$exedom:$exeuser:$what\n";
-                                 }
-		       }
-                       my @pairs=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $pair (@pairs) {
-			       my ($key,$value)=split(/=/,$pair);
-			       &ManagePermissions($key, $udom, $uname,
-						  &GetAuthType( $udom, 
-								$uname));
-                               $hash{$key}=$value;
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting rolesput\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting rolesput\n";
-                       }
-		      } else {
-                          print $client "refused\n";
-                      }
+		} elsif ($userinput =~ /^rolesput/) {
+		    if(isClient) {
+			&Debug("rolesput");
+			if ($wasenc==1) {
+			    my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
+				=split(/:/,$userinput);
+			    &Debug("cmd = ".$cmd." exedom= ".$exedom.
+				   "user = ".$exeuser." udom=".$udom.
+				   "what = ".$what);
+			    my $namespace='roles';
+			    chomp($what);
+			    my $proname=propath($udom,$uname);
+			    my $now=time;
+			    {
+				my $hfh;
+				if (
+				    $hfh=IO::File->new(">>$proname/$namespace.hist")
+				    ) { 
+				    print $hfh "P:$now:$exedom:$exeuser:$what\n";
+				}
+			    }
+			    my @pairs=split(/\&/,$what);
+			    my %hash;
+			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+				foreach my $pair (@pairs) {
+				    my ($key,$value)=split(/=/,$pair);
+				    &ManagePermissions($key, $udom, $uname,
+						       &GetAuthType( $udom, 
+								     $uname));
+				    $hash{$key}=$value;
+				}
+				if (untie(%hash)) {
+				    print $client "ok\n";
+				} else {
+				    print $client "error: ".($!+0)
+					." untie(GDBM) Failed ".
+					"while attempting rolesput\n";
+				}
+			    } else {
+				print $client "error: ".($!+0)
+				    ." tie(GDBM) Failed ".
+				    "while attempting rolesput\n";
+			    }
+			} else {
+			    print $client "refused\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		  
+		    }
 # -------------------------------------------------------------------- rolesdel
-                   } elsif ($userinput =~ /^rolesdel/) {
-		       &Debug("rolesdel");
-		    if ($wasenc==1) {
-                       my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
-                          =split(/:/,$userinput);
-		       &Debug("cmd = ".$cmd." exedom= ".$exedom.
-				    "user = ".$exeuser." udom=".$udom.
-				    "what = ".$what);
-                       my $namespace='roles';
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname/$namespace.hist")
-			       ) { 
-                                  print $hfh "D:$now:$exedom:$exeuser:$what\n";
-                                 }
-		       }
-                       my @rolekeys=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $key (@rolekeys) {
-                               delete $hash{$key};
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting rolesdel\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting rolesdel\n";
-                       }
-		      } else {
-                          print $client "refused\n";
-                      }
+		} elsif ($userinput =~ /^rolesdel/) {
+		    if(isClient) {
+			&Debug("rolesdel");
+			if ($wasenc==1) {
+			    my ($cmd,$exedom,$exeuser,$udom,$uname,$what)
+				=split(/:/,$userinput);
+			    &Debug("cmd = ".$cmd." exedom= ".$exedom.
+				   "user = ".$exeuser." udom=".$udom.
+				   "what = ".$what);
+			    my $namespace='roles';
+			    chomp($what);
+			    my $proname=propath($udom,$uname);
+			    my $now=time;
+			    {
+				my $hfh;
+				if (
+				    $hfh=IO::File->new(">>$proname/$namespace.hist")
+				    ) { 
+				    print $hfh "D:$now:$exedom:$exeuser:$what\n";
+				}
+			    }
+			    my @rolekeys=split(/\&/,$what);
+			    my %hash;
+			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+				foreach my $key (@rolekeys) {
+				    delete $hash{$key};
+				}
+				if (untie(%hash)) {
+				    print $client "ok\n";
+				} else {
+				    print $client "error: ".($!+0)
+					." untie(GDBM) Failed ".
+					"while attempting rolesdel\n";
+				}
+			    } else {
+				print $client "error: ".($!+0)
+				    ." tie(GDBM) Failed ".
+				    "while attempting rolesdel\n";
+			    }
+			} else {
+			    print $client "refused\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		      
+		    }
 # ------------------------------------------------------------------------- get
-                   } elsif ($userinput =~ /^get/) {
-                       my ($cmd,$udom,$uname,$namespace,$what)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       chomp($what);
-                       my @queries=split(/\&/,$what);
-                       my $proname=propath($udom,$uname);
-                       my $qresult='';
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-                           for (my $i=0;$i<=$#queries;$i++) {
-                               $qresult.="$hash{$queries[$i]}&";
-                           }
-			   if (untie(%hash)) {
-		              $qresult=~s/\&$//;
-                              print $client "$qresult\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting get\n";
-                           }
-                       } else {
-                           if ($!+0 == 2) {
-                               print $client "error:No such file or ".
-                                   "GDBM reported bad block error\n";
-                           } else {
-                               print $client "error: ".($!+0)
-                                   ." tie(GDBM) Failed ".
-                                       "while attempting get\n";
-                           }
-                       }
+		} elsif ($userinput =~ /^get/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$what)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			chomp($what);
+			my @queries=split(/\&/,$what);
+			my $proname=propath($udom,$uname);
+			my $qresult='';
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+			    for (my $i=0;$i<=$#queries;$i++) {
+				$qresult.="$hash{$queries[$i]}&";
+			    }
+			    if (untie(%hash)) {
+				$qresult=~s/\&$//;
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting get\n";
+			    }
+			} else {
+			    if ($!+0 == 2) {
+				print $client "error:No such file or ".
+				    "GDBM reported bad block error\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." tie(GDBM) Failed ".
+				    "while attempting get\n";
+			    }
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ------------------------------------------------------------------------ eget
-                   } elsif ($userinput =~ /^eget/) {
-                       my ($cmd,$udom,$uname,$namespace,$what)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       chomp($what);
-                       my @queries=split(/\&/,$what);
-                       my $proname=propath($udom,$uname);
-                       my $qresult='';
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-                           for (my $i=0;$i<=$#queries;$i++) {
-                               $qresult.="$hash{$queries[$i]}&";
-                           }
-			   if (untie(%hash)) {
-		              $qresult=~s/\&$//;
-                              if ($cipher) {
-                                my $cmdlength=length($qresult);
-                                $qresult.="         ";
-                                my $encqresult='';
-                                for 
-				(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
-                                 $encqresult.=
-                                 unpack("H16",
-                                 $cipher->encrypt(substr($qresult,$encidx,8)));
-                                }
-                                print $client "enc:$cmdlength:$encqresult\n";
-			      } else {
-			        print $client "error:no_key\n";
-                              }
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting eget\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting eget\n";
-                       }
+		} elsif ($userinput =~ /^eget/) {
+		    if (isClient) {
+			my ($cmd,$udom,$uname,$namespace,$what)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			chomp($what);
+			my @queries=split(/\&/,$what);
+			my $proname=propath($udom,$uname);
+			my $qresult='';
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+			    for (my $i=0;$i<=$#queries;$i++) {
+				$qresult.="$hash{$queries[$i]}&";
+			    }
+			    if (untie(%hash)) {
+				$qresult=~s/\&$//;
+				if ($cipher) {
+				    my $cmdlength=length($qresult);
+				    $qresult.="         ";
+				    my $encqresult='';
+				    for 
+					(my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+					    $encqresult.=
+						unpack("H16",
+						       $cipher->encrypt(substr($qresult,$encidx,8)));
+					}
+				    print $client "enc:$cmdlength:$encqresult\n";
+				} else {
+				    print $client "error:no_key\n";
+				}
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting eget\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting eget\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    
+		    }
 # ------------------------------------------------------------------------- del
-                   } elsif ($userinput =~ /^del/) {
-                       my ($cmd,$udom,$uname,$namespace,$what)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       unless ($namespace=~/^nohist\_/) {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname/$namespace.hist")
-			       ) { print $hfh "D:$now:$what\n"; }
-		       }
-                       my @keys=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $key (@keys) {
-                               delete($hash{$key});
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting del\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting del\n";
-                       }
+		} elsif ($userinput =~ /^del/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$what)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			chomp($what);
+			my $proname=propath($udom,$uname);
+			my $now=time;
+			unless ($namespace=~/^nohist\_/) {
+			    my $hfh;
+			    if (
+				$hfh=IO::File->new(">>$proname/$namespace.hist")
+				) { print $hfh "D:$now:$what\n"; }
+			}
+			my @keys=split(/\&/,$what);
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+			    foreach my $key (@keys) {
+				delete($hash{$key});
+			    }
+			    if (untie(%hash)) {
+				print $client "ok\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting del\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting del\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+			
+		    }
 # ------------------------------------------------------------------------ keys
-                   } elsif ($userinput =~ /^keys/) {
-                       my ($cmd,$udom,$uname,$namespace)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       my $proname=propath($udom,$uname);
-                       my $qresult='';
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-                           foreach my $key (keys %hash) {
-                               $qresult.="$key&";
-                           }
-			   if (untie(%hash)) {
-		              $qresult=~s/\&$//;
-                              print $client "$qresult\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting keys\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting keys\n";
-                       }
+		} elsif ($userinput =~ /^keys/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			my $proname=propath($udom,$uname);
+			my $qresult='';
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+			    foreach my $key (keys %hash) {
+				$qresult.="$key&";
+			    }
+			    if (untie(%hash)) {
+				$qresult=~s/\&$//;
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting keys\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting keys\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		   
+		    }
 # ----------------------------------------------------------------- dumpcurrent
-                   } elsif ($userinput =~ /^currentdump/) {
-                       my ($cmd,$udom,$uname,$namespace)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       my $qresult='';
-                       my $proname=propath($udom,$uname);
-		       my %hash;
-                       if (tie(%hash,'GDBM_File',
-                               "$proname/$namespace.db",
-                               &GDBM_READER(),0640)) {
-                           # Structure of %data:
-                           # $data{$symb}->{$parameter}=$value;
-                           # $data{$symb}->{'v.'.$parameter}=$version;
-                           # since $parameter will be unescaped, we do not
-                           # have to worry about silly parameter names...
-                           my %data = ();
-                           while (my ($key,$value) = each(%hash)) {
-                              my ($v,$symb,$param) = split(/:/,$key);
-                              next if ($v eq 'version' || $symb eq 'keys');
-                              next if (exists($data{$symb}) && 
-                                       exists($data{$symb}->{$param}) &&
-                                       $data{$symb}->{'v.'.$param} > $v);
-                              $data{$symb}->{$param}=$value;
-                              $data{$symb}->{'v.'.$param}=$v;
-                           }
-                           if (untie(%hash)) {
-                             while (my ($symb,$param_hash) = each(%data)) {
-                               while(my ($param,$value) = each (%$param_hash)){
-                                 next if ($param =~ /^v\./);
-                                 $qresult.=$symb.':'.$param.'='.$value.'&';
-                               }
-                             }
-                             chop($qresult);
-                             print $client "$qresult\n";
-                           } else {
-                             print $client "error: ".($!+0)
-				 ." untie(GDBM) Failed ".
-                                     "while attempting currentdump\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                      "while attempting currentdump\n";
-                       }
+		} elsif ($userinput =~ /^currentdump/) {
+		    if (isClient) {
+			my ($cmd,$udom,$uname,$namespace)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			my $qresult='';
+			my $proname=propath($udom,$uname);
+			my %hash;
+			if (tie(%hash,'GDBM_File',
+				"$proname/$namespace.db",
+				&GDBM_READER(),0640)) {
+			    # Structure of %data:
+			    # $data{$symb}->{$parameter}=$value;
+			    # $data{$symb}->{'v.'.$parameter}=$version;
+			    # since $parameter will be unescaped, we do not
+			    # have to worry about silly parameter names...
+			    my %data = ();
+			    while (my ($key,$value) = each(%hash)) {
+				my ($v,$symb,$param) = split(/:/,$key);
+				next if ($v eq 'version' || $symb eq 'keys');
+				next if (exists($data{$symb}) && 
+					 exists($data{$symb}->{$param}) &&
+					 $data{$symb}->{'v.'.$param} > $v);
+				$data{$symb}->{$param}=$value;
+				$data{$symb}->{'v.'.$param}=$v;
+			    }
+			    if (untie(%hash)) {
+				while (my ($symb,$param_hash) = each(%data)) {
+				    while(my ($param,$value) = each (%$param_hash)){
+					next if ($param =~ /^v\./);
+					$qresult.=$symb.':'.$param.'='.$value.'&';
+				    }
+				}
+				chop($qresult);
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting currentdump\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting currentdump\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    }
 # ------------------------------------------------------------------------ dump
-                   } elsif ($userinput =~ /^dump/) {
-                       my ($cmd,$udom,$uname,$namespace,$regexp)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       if (defined($regexp)) {
-                          $regexp=&unescape($regexp);
-		       } else {
-                          $regexp='.';
-		       }
-                       my $qresult='';
-                       my $proname=propath($udom,$uname);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-                           study($regexp);
-                           while (my ($key,$value) = each(%hash)) {
-                               if ($regexp eq '.') {
-                                   $qresult.=$key.'='.$value.'&';
-                               } else {
-                                   my $unescapeKey = &unescape($key);
-                                   if (eval('$unescapeKey=~/$regexp/')) {
-                                       $qresult.="$key=$value&";
-                                   }
-                               }
-                           }
-                           if (untie(%hash)) {
-                               chop($qresult);
-                               print $client "$qresult\n";
-                           } else {
-                               print $client "error: ".($!+0)
-				   ." untie(GDBM) Failed ".
+		} elsif ($userinput =~ /^dump/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$regexp)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			if (defined($regexp)) {
+			    $regexp=&unescape($regexp);
+			} else {
+			    $regexp='.';
+			}
+			my $qresult='';
+			my $proname=propath($udom,$uname);
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+			       study($regexp);
+			       while (my ($key,$value) = each(%hash)) {
+				   if ($regexp eq '.') {
+				       $qresult.=$key.'='.$value.'&';
+				   } else {
+				       my $unescapeKey = &unescape($key);
+				       if (eval('$unescapeKey=~/$regexp/')) {
+					   $qresult.="$key=$value&";
+				       }
+				   }
+			       }
+			       if (untie(%hash)) {
+				   chop($qresult);
+				   print $client "$qresult\n";
+			       } else {
+				   print $client "error: ".($!+0)
+				       ." untie(GDBM) Failed ".
                                        "while attempting dump\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                      "while attempting dump\n";
-                       }
+			       }
+			   } else {
+			       print $client "error: ".($!+0)
+				   ." tie(GDBM) Failed ".
+				   "while attempting dump\n";
+			   }
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		 
+		    }
 # ----------------------------------------------------------------------- store
-                   } elsif ($userinput =~ /^store/) {
-                      my ($cmd,$udom,$uname,$namespace,$rid,$what)
-                          =split(/:/,$userinput);
-                      $namespace=~s/\//\_/g;
-                      $namespace=~s/\W//g;
-                      if ($namespace ne 'roles') {
-                       chomp($what);
-                       my $proname=propath($udom,$uname);
-                       my $now=time;
-                       unless ($namespace=~/^nohist\_/) {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname/$namespace.hist")
-			       ) { print $hfh "P:$now:$rid:$what\n"; }
-		       }
-                       my @pairs=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
-                           my @previouskeys=split(/&/,$hash{"keys:$rid"});
-                           my $key;
-                           $hash{"version:$rid"}++;
-                           my $version=$hash{"version:$rid"};
-                           my $allkeys=''; 
-                           foreach my $pair (@pairs) {
-			       my ($key,$value)=split(/=/,$pair);
-                               $allkeys.=$key.':';
-                               $hash{"$version:$rid:$key"}=$value;
-                           }
-                           $hash{"$version:$rid:timestamp"}=$now;
-                           $allkeys.='timestamp';
-                           $hash{"$version:keys:$rid"}=$allkeys;
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting store\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting store\n";
-                       }
-		      } else {
-                          print $client "refused\n";
-                      }
+		} elsif ($userinput =~ /^store/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$rid,$what)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			if ($namespace ne 'roles') {
+			    chomp($what);
+			    my $proname=propath($udom,$uname);
+			    my $now=time;
+			    unless ($namespace=~/^nohist\_/) {
+				my $hfh;
+				if (
+				    $hfh=IO::File->new(">>$proname/$namespace.hist")
+				    ) { print $hfh "P:$now:$rid:$what\n"; }
+			    }
+			    my @pairs=split(/\&/,$what);
+			    my %hash;
+			    if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_WRCREAT(),0640)) {
+				my @previouskeys=split(/&/,$hash{"keys:$rid"});
+				my $key;
+				$hash{"version:$rid"}++;
+				my $version=$hash{"version:$rid"};
+				my $allkeys=''; 
+				foreach my $pair (@pairs) {
+				    my ($key,$value)=split(/=/,$pair);
+				    $allkeys.=$key.':';
+				    $hash{"$version:$rid:$key"}=$value;
+				}
+				$hash{"$version:$rid:timestamp"}=$now;
+				$allkeys.='timestamp';
+				$hash{"$version:keys:$rid"}=$allkeys;
+				if (untie(%hash)) {
+				    print $client "ok\n";
+				} else {
+				    print $client "error: ".($!+0)
+					." untie(GDBM) Failed ".
+					"while attempting store\n";
+				}
+			    } else {
+				print $client "error: ".($!+0)
+				    ." tie(GDBM) Failed ".
+				    "while attempting store\n";
+			    }
+			} else {
+			    print $client "refused\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		     
+		    }
 # --------------------------------------------------------------------- restore
-                   } elsif ($userinput =~ /^restore/) {
-                       my ($cmd,$udom,$uname,$namespace,$rid)
-                          =split(/:/,$userinput);
-                       $namespace=~s/\//\_/g;
-                       $namespace=~s/\W//g;
-                       chomp($rid);
-                       my $proname=propath($udom,$uname);
-                       my $qresult='';
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
-                	   my $version=$hash{"version:$rid"};
-                           $qresult.="version=$version&";
-                           my $scope;
-                           for ($scope=1;$scope<=$version;$scope++) {
-			      my $vkeys=$hash{"$scope:keys:$rid"};
-                              my @keys=split(/:/,$vkeys);
-                              my $key;
-                              $qresult.="$scope:keys=$vkeys&";
-                              foreach $key (@keys) {
-	     $qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
-                              }                                  
-                           }
-			   if (untie(%hash)) {
-		              $qresult=~s/\&$//;
-                              print $client "$qresult\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting restore\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting restore\n";
-                       }
+		} elsif ($userinput =~ /^restore/) {
+		    if(isClient) {
+			my ($cmd,$udom,$uname,$namespace,$rid)
+			    =split(/:/,$userinput);
+			$namespace=~s/\//\_/g;
+			$namespace=~s/\W//g;
+			chomp($rid);
+			my $proname=propath($udom,$uname);
+			my $qresult='';
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) {
+			    my $version=$hash{"version:$rid"};
+			    $qresult.="version=$version&";
+			    my $scope;
+			    for ($scope=1;$scope<=$version;$scope++) {
+				my $vkeys=$hash{"$scope:keys:$rid"};
+				my @keys=split(/:/,$vkeys);
+				my $key;
+				$qresult.="$scope:keys=$vkeys&";
+				foreach $key (@keys) {
+				    $qresult.="$scope:$key=".$hash{"$scope:$rid:$key"}."&";
+				}                                  
+			    }
+			    if (untie(%hash)) {
+				$qresult=~s/\&$//;
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting restore\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting restore\n";
+			}
+		    } else  {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # -------------------------------------------------------------------- chatsend
-                   } elsif ($userinput =~ /^chatsend/) {
-                       my ($cmd,$cdom,$cnum,$newpost)=split(/\:/,$userinput);
-                       &chatadd($cdom,$cnum,$newpost);
-                       print $client "ok\n";
+		} elsif ($userinput =~ /^chatsend/) {
+		    if(isClient) {
+			my ($cmd,$cdom,$cnum,$newpost)=split(/\:/,$userinput);
+			&chatadd($cdom,$cnum,$newpost);
+			print $client "ok\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		      
+		    }
 # -------------------------------------------------------------------- chatretr
-                   } elsif ($userinput =~ /^chatretr/) {
-                       my 
-                        ($cmd,$cdom,$cnum,$udom,$uname)=split(/\:/,$userinput);
-                       my $reply='';
-                       foreach (&getchat($cdom,$cnum,$udom,$uname)) {
-			   $reply.=&escape($_).':';
-                       }
-                       $reply=~s/\:$//;
-                       print $client $reply."\n";
+		} elsif ($userinput =~ /^chatretr/) {
+		    if(isClient) {
+			my 
+			    ($cmd,$cdom,$cnum,$udom,$uname)=split(/\:/,$userinput);
+			my $reply='';
+			foreach (&getchat($cdom,$cnum,$udom,$uname)) {
+			    $reply.=&escape($_).':';
+			}
+			$reply=~s/\:$//;
+			print $client $reply."\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ------------------------------------------------------------------- querysend
-                   } elsif ($userinput =~ /^querysend/) {
-                       my ($cmd,$query,
-			   $arg1,$arg2,$arg3)=split(/\:/,$userinput);
-		       $query=~s/\n*$//g;
-		       print $client "".
-			       sqlreply("$hostid{$clientip}\&$query".
-					"\&$arg1"."\&$arg2"."\&$arg3")."\n";
+		} elsif ($userinput =~ /^querysend/) {
+		    if(isClient) {
+			my ($cmd,$query,
+			    $arg1,$arg2,$arg3)=split(/\:/,$userinput);
+			$query=~s/\n*$//g;
+			print $client "".
+			    sqlreply("$clientname\&$query".
+				     "\&$arg1"."\&$arg2"."\&$arg3")."\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		      
+		    }
 # ------------------------------------------------------------------ queryreply
-                   } elsif ($userinput =~ /^queryreply/) {
-                       my ($cmd,$id,$reply)=split(/:/,$userinput); 
-		       my $store;
-                       my $execdir=$perlvar{'lonDaemons'};
-                       if ($store=IO::File->new(">$execdir/tmp/$id")) {
-			   $reply=~s/\&/\n/g;
-			   print $store $reply;
-			   close $store;
-			   my $store2=IO::File->new(">$execdir/tmp/$id.end");
-			   print $store2 "done\n";
-			   close $store2;
-			   print $client "ok\n";
-		       }
-		       else {
-			   print $client "error: ".($!+0)
-			       ." IO::File->new Failed ".
-                                   "while attempting queryreply\n";
-		       }
+		} elsif ($userinput =~ /^queryreply/) {
+		    if(isClient) {
+			my ($cmd,$id,$reply)=split(/:/,$userinput); 
+			my $store;
+			my $execdir=$perlvar{'lonDaemons'};
+			if ($store=IO::File->new(">$execdir/tmp/$id")) {
+			    $reply=~s/\&/\n/g;
+			    print $store $reply;
+			    close $store;
+			    my $store2=IO::File->new(">$execdir/tmp/$id.end");
+			    print $store2 "done\n";
+			    close $store2;
+			    print $client "ok\n";
+			}
+			else {
+			    print $client "error: ".($!+0)
+				." IO::File->new Failed ".
+				"while attempting queryreply\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		     
+		    }
 # ----------------------------------------------------------------- courseidput
-                   } elsif ($userinput =~ /^courseidput/) {
-                       my ($cmd,$udom,$what)=split(/:/,$userinput);
-                       chomp($what);
-                       $udom=~s/\W//g;
-                       my $proname=
-                              "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
-                       my $now=time;
-                       my @pairs=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $pair (@pairs) {
-			       my ($key,$value)=split(/=/,$pair);
-                               $hash{$key}=$value.':'.$now;
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting courseidput\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                      "while attempting courseidput\n";
-                       }
+		} elsif ($userinput =~ /^courseidput/) {
+		    if(isClient) {
+			my ($cmd,$udom,$what)=split(/:/,$userinput);
+			chomp($what);
+			$udom=~s/\W//g;
+			my $proname=
+			    "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
+			my $now=time;
+			my @pairs=split(/\&/,$what);
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+			    foreach my $pair (@pairs) {
+				my ($key,$value)=split(/=/,$pair);
+				$hash{$key}=$value.':'.$now;
+			    }
+			    if (untie(%hash)) {
+				print $client "ok\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting courseidput\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting courseidput\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ---------------------------------------------------------------- courseiddump
-                   } elsif ($userinput =~ /^courseiddump/) {
-                       my ($cmd,$udom,$since,$description)
-                          =split(/:/,$userinput);
-                       if (defined($description)) {
-                          $description=&unescape($description);
-		       } else {
-                          $description='.';
-		       }
-                       unless (defined($since)) { $since=0; }
-                       my $qresult='';
-                       my $proname=
-                              "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
-                           while (my ($key,$value) = each(%hash)) {
-                               my ($descr,$lasttime)=split(/\:/,$value);
-                               if ($lasttime<$since) { next; }
-                               if ($description eq '.') {
-                                   $qresult.=$key.'='.$descr.'&';
-                               } else {
-                                   my $unescapeVal = &unescape($descr);
-                                   if (eval('$unescapeVal=~/$description/i')) {
-                                       $qresult.="$key=$descr&";
-                                   }
-                               }
-                           }
-                           if (untie(%hash)) {
-                               chop($qresult);
-                               print $client "$qresult\n";
-                           } else {
-                               print $client "error: ".($!+0)
-				   ." untie(GDBM) Failed ".
-                                       "while attempting courseiddump\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                      "while attempting courseiddump\n";
-                       }
+		} elsif ($userinput =~ /^courseiddump/) {
+		    if(isClient) {
+			my ($cmd,$udom,$since,$description)
+			    =split(/:/,$userinput);
+			if (defined($description)) {
+			    $description=&unescape($description);
+			} else {
+			    $description='.';
+			}
+			unless (defined($since)) { $since=0; }
+			my $qresult='';
+			my $proname=
+			    "$perlvar{'lonUsersDir'}/$udom/nohist_courseids";
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+			    while (my ($key,$value) = each(%hash)) {
+				my ($descr,$lasttime)=split(/\:/,$value);
+				if ($lasttime<$since) { next; }
+				if ($description eq '.') {
+				    $qresult.=$key.'='.$descr.'&';
+				} else {
+				    my $unescapeVal = &unescape($descr);
+				    if (eval('$unescapeVal=~/$description/i')) {
+					$qresult.="$key=$descr&";
+				    }
+				}
+			    }
+			    if (untie(%hash)) {
+				chop($qresult);
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting courseiddump\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting courseiddump\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ----------------------------------------------------------------------- idput
-                   } elsif ($userinput =~ /^idput/) {
-                       my ($cmd,$udom,$what)=split(/:/,$userinput);
-                       chomp($what);
-                       $udom=~s/\W//g;
-                       my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
-                       my $now=time;
-                       {
-			   my $hfh;
-			   if (
-                             $hfh=IO::File->new(">>$proname.hist")
-			       ) { print $hfh "P:$now:$what\n"; }
-		       }
-                       my @pairs=split(/\&/,$what);
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
-                           foreach my $pair (@pairs) {
-			       my ($key,$value)=split(/=/,$pair);
-                               $hash{$key}=$value;
-                           }
-			   if (untie(%hash)) {
-                              print $client "ok\n";
-                           } else {
-                              print $client "error: ".($!+0)
-				  ." untie(GDBM) Failed ".
-                                      "while attempting idput\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                      "while attempting idput\n";
-                       }
+		} elsif ($userinput =~ /^idput/) {
+		    if(isClient) {
+			my ($cmd,$udom,$what)=split(/:/,$userinput);
+			chomp($what);
+			$udom=~s/\W//g;
+			my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+			my $now=time;
+			{
+			    my $hfh;
+			    if (
+				$hfh=IO::File->new(">>$proname.hist")
+				) { print $hfh "P:$now:$what\n"; }
+			}
+			my @pairs=split(/\&/,$what);
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_WRCREAT(),0640)) {
+			    foreach my $pair (@pairs) {
+				my ($key,$value)=split(/=/,$pair);
+				$hash{$key}=$value;
+			    }
+			    if (untie(%hash)) {
+				print $client "ok\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting idput\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting idput\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ----------------------------------------------------------------------- idget
-                   } elsif ($userinput =~ /^idget/) {
-                       my ($cmd,$udom,$what)=split(/:/,$userinput);
-                       chomp($what);
-                       $udom=~s/\W//g;
-                       my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
-                       my @queries=split(/\&/,$what);
-                       my $qresult='';
-		       my %hash;
-		       if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
-                           for (my $i=0;$i<=$#queries;$i++) {
-                               $qresult.="$hash{$queries[$i]}&";
-                           }
-			   if (untie(%hash)) {
-			       $qresult=~s/\&$//;
-			       print $client "$qresult\n";
-                           } else {
-			       print $client "error: ".($!+0)
-				   ." untie(GDBM) Failed ".
-				       "while attempting idget\n";
-                           }
-                       } else {
-                           print $client "error: ".($!+0)
-			       ." tie(GDBM) Failed ".
-                                   "while attempting idget\n";
-                       }
+		} elsif ($userinput =~ /^idget/) {
+		    if(isClient) {
+			my ($cmd,$udom,$what)=split(/:/,$userinput);
+			chomp($what);
+			$udom=~s/\W//g;
+			my $proname="$perlvar{'lonUsersDir'}/$udom/ids";
+			my @queries=split(/\&/,$what);
+			my $qresult='';
+			my %hash;
+			if (tie(%hash,'GDBM_File',"$proname.db",&GDBM_READER(),0640)) {
+			    for (my $i=0;$i<=$#queries;$i++) {
+				$qresult.="$hash{$queries[$i]}&";
+			    }
+			    if (untie(%hash)) {
+				$qresult=~s/\&$//;
+				print $client "$qresult\n";
+			    } else {
+				print $client "error: ".($!+0)
+				    ." untie(GDBM) Failed ".
+				    "while attempting idget\n";
+			    }
+			} else {
+			    print $client "error: ".($!+0)
+				." tie(GDBM) Failed ".
+				"while attempting idget\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ---------------------------------------------------------------------- tmpput
-                   } elsif ($userinput =~ /^tmpput/) {
-                       my ($cmd,$what)=split(/:/,$userinput);
-		       my $store;
-                       $tmpsnum++;
-                       my $id=$$.'_'.$clientip.'_'.$tmpsnum;
-                       $id=~s/\W/\_/g;
-                       $what=~s/\n//g;
-                       my $execdir=$perlvar{'lonDaemons'};
-                       if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
-			   print $store $what;
-			   close $store;
-			   print $client "$id\n";
-		       }
-		       else {
-			   print $client "error: ".($!+0)
-			       ."IO::File->new Failed ".
-                                   "while attempting tmpput\n";
-		       }
-
+		} elsif ($userinput =~ /^tmpput/) {
+		    if(isClient) {
+			my ($cmd,$what)=split(/:/,$userinput);
+			my $store;
+			$tmpsnum++;
+			my $id=$$.'_'.$clientip.'_'.$tmpsnum;
+			$id=~s/\W/\_/g;
+			$what=~s/\n//g;
+			my $execdir=$perlvar{'lonDaemons'};
+			if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
+			    print $store $what;
+			    close $store;
+			    print $client "$id\n";
+			}
+			else {
+			    print $client "error: ".($!+0)
+				."IO::File->new Failed ".
+				"while attempting tmpput\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		    
+		    }
+		    
 # ---------------------------------------------------------------------- tmpget
-                   } elsif ($userinput =~ /^tmpget/) {
-                       my ($cmd,$id)=split(/:/,$userinput);
-                       chomp($id);
-                       $id=~s/\W/\_/g;
-                       my $store;
-                       my $execdir=$perlvar{'lonDaemons'};
-                       if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
-                           my $reply=<$store>;
-			   print $client "$reply\n";
-                           close $store;
-		       }
-		       else {
-			   print $client "error: ".($!+0)
-			       ."IO::File->new Failed ".
-                                   "while attempting tmpget\n";
-		       }
-
+		} elsif ($userinput =~ /^tmpget/) {
+		    if(isClient) {
+			my ($cmd,$id)=split(/:/,$userinput);
+			chomp($id);
+			$id=~s/\W/\_/g;
+			my $store;
+			my $execdir=$perlvar{'lonDaemons'};
+			if ($store=IO::File->new("$execdir/tmp/$id.tmp")) {
+			    my $reply=<$store>;
+			    print $client "$reply\n";
+			    close $store;
+			}
+			else {
+			    print $client "error: ".($!+0)
+				."IO::File->new Failed ".
+				"while attempting tmpget\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		      
+		    }
 # ---------------------------------------------------------------------- tmpdel
-                   } elsif ($userinput =~ /^tmpdel/) {
-                       my ($cmd,$id)=split(/:/,$userinput);
-                       chomp($id);
-                       $id=~s/\W/\_/g;
-                       my $execdir=$perlvar{'lonDaemons'};
-                       if (unlink("$execdir/tmp/$id.tmp")) {
-			   print $client "ok\n";
-		       } else {
-			   print $client "error: ".($!+0)
-			       ."Unlink tmp Failed ".
-                                   "while attempting tmpdel\n";
-		       }
+		} elsif ($userinput =~ /^tmpdel/) {
+		    if(isClient) {
+			my ($cmd,$id)=split(/:/,$userinput);
+			chomp($id);
+			$id=~s/\W/\_/g;
+			my $execdir=$perlvar{'lonDaemons'};
+			if (unlink("$execdir/tmp/$id.tmp")) {
+			    print $client "ok\n";
+			} else {
+			    print $client "error: ".($!+0)
+				."Unlink tmp Failed ".
+				"while attempting tmpdel\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		     
+		    }
 # -------------------------------------------------------------------------- ls
-                   } elsif ($userinput =~ /^ls/) {
-                       my ($cmd,$ulsdir)=split(/:/,$userinput);
-                       my $ulsout='';
-                       my $ulsfn;
-                       if (-e $ulsdir) {
-                           if(-d $ulsdir) {
-                               if (opendir(LSDIR,$ulsdir)) {
-                                   while ($ulsfn=readdir(LSDIR)) {
-                                       my @ulsstats=stat($ulsdir.'/'.$ulsfn);
-                                       $ulsout.=$ulsfn.'&'.
-                                                join('&',@ulsstats).':';
-                                   }
-                                   closedir(LSDIR);
-                               }
-                           } else {
-                               my @ulsstats=stat($ulsdir);
-                               $ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
-                           }
-                       } else {
-                          $ulsout='no_such_dir';
-                       }
-                       if ($ulsout eq '') { $ulsout='empty'; }
-                       print $client "$ulsout\n";
+		} elsif ($userinput =~ /^ls/) {
+		    if(isClient) {
+			my ($cmd,$ulsdir)=split(/:/,$userinput);
+			my $ulsout='';
+			my $ulsfn;
+			if (-e $ulsdir) {
+			    if(-d $ulsdir) {
+				if (opendir(LSDIR,$ulsdir)) {
+				    while ($ulsfn=readdir(LSDIR)) {
+					my @ulsstats=stat($ulsdir.'/'.$ulsfn);
+					$ulsout.=$ulsfn.'&'.
+					    join('&',@ulsstats).':';
+				    }
+				    closedir(LSDIR);
+				}
+			    } else {
+				my @ulsstats=stat($ulsdir);
+				$ulsout.=$ulsfn.'&'.join('&',@ulsstats).':';
+			    }
+			} else {
+			    $ulsout='no_such_dir';
+			}
+			if ($ulsout eq '') { $ulsout='empty'; }
+			print $client "$ulsout\n";
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		     
+		    }
 # ----------------------------------------------------------------- setannounce
-                   } elsif ($userinput =~ /^setannounce/) {
-		       my ($cmd,$announcement)=split(/:/,$userinput);
-		       chomp($announcement);
-		       $announcement=&unescape($announcement);
-                       if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
-						'/announcement.txt')) {
-			   print $store $announcement;
-                           close $store;
-			   print $client "ok\n";
-		       } else {
-			   print $client "error: ".($!+0)."\n";
-		       }
+		} elsif ($userinput =~ /^setannounce/) {
+		    if (isClient) {
+			my ($cmd,$announcement)=split(/:/,$userinput);
+			chomp($announcement);
+			$announcement=&unescape($announcement);
+			if (my $store=IO::File->new('>'.$perlvar{'lonDocRoot'}.
+						    '/announcement.txt')) {
+			    print $store $announcement;
+			    close $store;
+			    print $client "ok\n";
+			} else {
+			    print $client "error: ".($!+0)."\n";
+			}
+		    } else {
+			Reply($client, "refused\n", $userinput);
+		       
+		    }
 # ------------------------------------------------------------------ Hanging up
-                   } elsif (($userinput =~ /^exit/) ||
-                            ($userinput =~ /^init/)) {
-                       &logthis(
-      "Client $clientip ($hostid{$clientip}) hanging up: $userinput");
-                       print $client "bye\n";
-                       $client->close();
-		       last;
+		} elsif (($userinput =~ /^exit/) ||
+			 ($userinput =~ /^init/)) { # no restrictions.
+		    &logthis(
+			     "Client $clientip ($clientname) hanging up: $userinput");
+		    print $client "bye\n";
+		    $client->close();
+		    last;
+
+# ---------------------------------- set current host/domain
+		} elsif ($userinput =~ /^sethost:/) {
+		    if (isClient) {
+			print $client &sethost($userinput)."\n";
+		    } else {
+			print $client "refused\n";
+		    }
+#---------------------------------- request file (?) version.
+		} elsif ($userinput =~/^version:/) {
+		    if (isClient) {
+			print $client &version($userinput)."\n";
+		    } else {
+			print $client "refused\n";
+		    }
 # ------------------------------------------------------------- unknown command
-		   } elsif ($userinput =~ /^sethost:/) {
-		       print $client &sethost($userinput)."\n";
-		   } elsif ($userinput =~/^version:/) {
-		       print $client &version($userinput)."\n";
-                   } else {
-                       # unknown command
-                       print $client "unknown_cmd\n";
-                   }
+
+		} else {
+		    # unknown command
+		    print $client "unknown_cmd\n";
+		}
 # -------------------------------------------------------------------- complete
-		   alarm(0);
-                   &status('Listening to '.$hostid{$clientip});
-	       }
+		alarm(0);
+		&status('Listening to '.$clientname);
+	    }
 # --------------------------------------------- client unknown or fishy, refuse
-            } else {
-	        print $client "refused\n";
-                $client->close();
-                &logthis("<font color=blue>WARNING: "
-                ."Rejected client $clientip, closing connection</font>");
-            }
-	}             
-
+	} else {
+	    print $client "refused\n";
+	    $client->close();
+	    &logthis("<font color=blue>WARNING: "
+		     ."Rejected client $clientip, closing connection</font>");
+	}
+    }             
+    
 # =============================================================================
-       
-	&logthis("<font color=red>CRITICAL: "
-		 ."Disconnect from $clientip ($hostid{$clientip})</font>");    
-
-
-        # this exit is VERY important, otherwise the child will become
-        # a producer of more and more children, forking yourself into
-        # process death.
-        exit;
+    
+    &logthis("<font color=red>CRITICAL: "
+	     ."Disconnect from $clientip ($clientname)</font>");    
+    
+    
+    # this exit is VERY important, otherwise the child will become
+    # a producer of more and more children, forking yourself into
+    # process death.
+    exit;
     
 }
 
@@ -2392,13 +2664,13 @@
 sub unsub {
     my ($fname,$clientip)=@_;
     my $result;
-    if (unlink("$fname.$hostid{$clientip}")) {
+    if (unlink("$fname.$clientname")) {
 	$result="ok\n";
     } else {
 	$result="not_subscribed\n";
     }
     if (-e "$fname.subscription") {
-	my $found=&addline($fname,$hostid{$clientip},$clientip,'');
+	my $found=&addline($fname,$clientname,$clientip,'');
 	if ($found) { $result="ok\n"; }
     } else {
 	if ($result != "ok\n") { $result="not_subscribed\n"; }
@@ -2478,10 +2750,10 @@
 	    if (-d $fname) {
 		$result="directory\n";
 	    } else {
-		if (-e "$fname.$hostid{$clientip}") {&unsub($fname,$clientip);}
+		if (-e "$fname.$clientname") {&unsub($fname,$clientip);}
 		my $now=time;
-		my $found=&addline($fname,$hostid{$clientip},$clientip,
-				   "$hostid{$clientip}:$clientip:$now\n");
+		my $found=&addline($fname,$clientname,$clientip,
+				   "$clientname:$clientip:$now\n");
 		if ($found) { $result="$fname\n"; }
 		# if they were subscribed to only meta data, delete that
                 # subscription, when you subscribe to a file you also get

--foxr1068554354--