[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Tue, 27 Jul 2004 11:34:50 -0000


foxr		Tue Jul 27 07:34:50 2004 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Added ekey to the set of hash dispatched command handlers.
  
  
Index: loncom/lond
diff -u loncom/lond:1.215 loncom/lond:1.216
--- loncom/lond:1.215	Tue Jul 27 07:21:48 2004
+++ loncom/lond	Tue Jul 27 07:34:49 2004
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.215 2004/07/27 11:21:48 foxr Exp $
+# $Id: lond,v 1.216 2004/07/27 11:34:49 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -56,7 +56,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.215 $'; #' stupid emacs
+my $VERSION='$Revision: 1.216 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -1039,6 +1039,8 @@
 #   declaration:
 #
 
+#++
+#
 #  Handles ping requests.
 #  Parameters:
 #      $cmd    - the actual keyword that invoked us.
@@ -1063,6 +1065,7 @@
 }
 &register_handler("ping", \&ping_handler, 0, 1, 1);       # Ping unencoded, client or manager.
 
+#++
 #
 # Handles pong requests.  Pong replies with our current host id, and
 #                         the results of a ping sent to us via our lonc.
@@ -1089,6 +1092,51 @@
 }
 &register_handler("pong", \&pong_handler, 0, 1, 1);       # Pong unencoded, client or manager
 
+#++
+#      Called to establish an encrypted session key with the remote client.
+#      Note that with secure lond, in most cases this function is never
+#      invoked.  Instead, the secure session key is established either
+#      via a local file that's locked down tight and only lives for a short
+#      time, or via an ssl tunnel...and is generated from a bunch-o-random
+#      bits from /dev/urandom, rather than the predictable pattern used by
+#      by this sub.  This sub is only used in the old-style insecure
+#      key negotiation.
+# Parameters:
+#      $cmd    - the actual keyword that invoked us.
+#      $tail   - the tail of the request that invoked us.
+#      $replyfd- File descriptor connected to the client
+#  Implicit Inputs:
+#      $currenthostid - Global variable that carries the name of the host
+#                       known as.
+#      $clientname    - Global variable that carries the name of the hsot we're connected to.
+#  Returns:
+#      1       - Ok to continue processing.
+#      0       - Program should exit.
+#  Implicit Outputs:
+#      Reply information is sent to the client.
+#      $cipher is set with a reference to a new IDEA encryption object.
+#
+sub establish_key_handler {
+    my ($cmd, $tail, $replyfd) = @_;
+
+    my $buildkey=time.$$.int(rand 100000);
+    $buildkey=~tr/1-6/A-F/;
+    $buildkey=int(rand 100000).$buildkey.int(rand 100000);
+    my $key=$currenthostid.$clientname;
+    $key=~tr/a-z/A-Z/;
+    $key=~tr/G-P/0-9/;
+    $key=~tr/Q-Z/0-9/;
+    $key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
+    $key=substr($key,0,32);
+    my $cipherkey=pack("H32",$key);
+    $cipher=new IDEA $cipherkey;
+    &Reply($replyfd, "$buildkey\n", "$cmd:$tail"); 
+   
+    return 1;
+
+}
+&register_handler("ekey", \&establish_key_handler, 0, 1,1);
+
 
 
 #---------------------------------------------------------------
@@ -1204,22 +1252,8 @@
 
 #------------------- Commands not yet in spearate handlers. --------------
 
-# ------------------------------------------------------------------------ ekey
-    if ($userinput =~ /^ekey/) { # ok for both clients & mgrs
-	my $buildkey=time.$$.int(rand 100000);
-	$buildkey=~tr/1-6/A-F/;
-	$buildkey=int(rand 100000).$buildkey.int(rand 100000);
-	my $key=$currenthostid.$clientname;
-	$key=~tr/a-z/A-Z/;
-	$key=~tr/G-P/0-9/;
-	$key=~tr/Q-Z/0-9/;
-	$key=$key.$buildkey.$key.$buildkey.$key.$buildkey;
-	$key=substr($key,0,32);
-	my $cipherkey=pack("H32",$key);
-	$cipher=new IDEA $cipherkey;
-	print $client "$buildkey\n"; 
 # ------------------------------------------------------------------------ load
-    } elsif ($userinput =~ /^load/) { # client only
+    if ($userinput =~ /^load/) { # client only
 	if (isClient) {
 	    my $loadavg;
 	    {