version 1.97, 2002/09/16 13:26:21
|
version 1.107, 2003/01/15 19:34:02
|
Line 54
|
Line 54
|
# 02/19 Matthew Hall |
# 02/19 Matthew Hall |
# 02/25 Gerd Kortemeyer |
# 02/25 Gerd Kortemeyer |
# 05/11 Scott Harrison |
# 05/11 Scott Harrison |
|
# 01/xx/2003 Ron Fox.. Remove preforking. This makes the general daemon |
|
# logic simpler (and there were problems maintaining the preforked |
|
# population). Since the time averaged connection rate is close to zero |
|
# because lonc's purpose is to maintain near continuous connnections, |
|
# preforking is not really needed. |
### |
### |
|
|
# based on "Perl Cookbook" ISBN 1-56592-243-3 |
|
# preforker - server who forks first |
|
# runs as a daemon |
|
# HUPs |
|
# uses IDEA encryption |
|
|
|
use lib '/home/httpd/lib/perl/'; |
use lib '/home/httpd/lib/perl/'; |
use LONCAPA::Configuration; |
use LONCAPA::Configuration; |
Line 129 sub lcpasswdstrerror {
|
Line 129 sub lcpasswdstrerror {
|
if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) { |
if(($ErrorCode < 0) || ($ErrorCode > $lastpwderror)) { |
return "lcpasswd Unrecognized error return value ".$ErrorCode; |
return "lcpasswd Unrecognized error return value ".$ErrorCode; |
} else { |
} else { |
return $passwderrors($ErrorCode); |
return $passwderrors[$ErrorCode]; |
} |
} |
} |
} |
|
|
Line 141 sub lcuseraddstrerror {
|
Line 141 sub lcuseraddstrerror {
|
if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) { |
if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) { |
return "lcuseradd - Unrecognized error code: ".$ErrorCode; |
return "lcuseradd - Unrecognized error code: ".$ErrorCode; |
} else { |
} else { |
return $adderrors($ErrorCode); |
return $adderrors[$ErrorCode]; |
} |
} |
} |
} |
|
|
Line 340 sub status {
|
Line 340 sub status {
|
my $now=time; |
my $now=time; |
my $local=localtime($now); |
my $local=localtime($now); |
$status=$local.': '.$what; |
$status=$local.': '.$what; |
|
$0='lond: '.$what.' '.$local; |
} |
} |
|
|
# -------------------------------------------------------- Escape Special Chars |
# -------------------------------------------------------- Escape Special Chars |
Line 490 close(PIDSAVE);
|
Line 491 close(PIDSAVE);
|
&logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>"); |
&logthis("<font color=red>CRITICAL: ---------- Starting ----------</font>"); |
&status('Starting'); |
&status('Starting'); |
|
|
# ------------------------------------------------------- Now we are on our own |
|
|
|
# Fork off our children. |
|
for (1 .. $PREFORK) { |
|
make_new_child(); |
|
} |
|
|
|
# ----------------------------------------------------- Install signal handlers |
# ----------------------------------------------------- Install signal handlers |
|
|
&status('Forked children'); |
|
|
|
$SIG{CHLD} = \&REAPER; |
$SIG{CHLD} = \&REAPER; |
$SIG{INT} = $SIG{TERM} = \&HUNTSMAN; |
$SIG{INT} = $SIG{TERM} = \&HUNTSMAN; |
$SIG{HUP} = \&HUPSMAN; |
$SIG{HUP} = \&HUPSMAN; |
$SIG{USR1} = \&checkchildren; |
$SIG{USR1} = \&checkchildren; |
|
|
# And maintain the population. |
|
|
|
|
# -------------------------------------------------------------- |
|
# Accept connections. When a connection comes in, it is validated |
|
# and if good, a child process is created to process transactions |
|
# along the connection. |
|
|
while (1) { |
while (1) { |
&status('Sleeping'); |
$client = $server->accept() or next; |
sleep; # wait for a signal (i.e., child's death) |
make_new_child($client); |
&logthis('Woke up'); |
|
&status('Woke up'); |
|
for ($i = $children; $i < $PREFORK; $i++) { |
|
make_new_child(); # top up the child pool |
|
} |
|
} |
} |
|
|
sub make_new_child { |
sub make_new_child { |
|
my $client; |
my $pid; |
my $pid; |
my $cipher; |
my $cipher; |
my $sigset; |
my $sigset; |
|
|
|
$client = shift; |
&logthis("Attempting to start child"); |
&logthis("Attempting to start child"); |
# block signal for fork |
# block signal for fork |
$sigset = POSIX::SigSet->new(SIGINT); |
$sigset = POSIX::SigSet->new(SIGINT); |
Line 554 sub make_new_child {
|
Line 553 sub make_new_child {
|
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_context(); |
&Authen::Krb5::init_ets(); |
&Authen::Krb5::init_ets(); |
|
|
# handle connections until we've reached $MAX_CLIENTS_PER_CHILD |
|
for ($i=0; $i < $MAX_CLIENTS_PER_CHILD; $i++) { |
|
&status('Idle, waiting for connection'); |
|
$client = $server->accept() or last; |
|
&status('Accepted connection'); |
&status('Accepted connection'); |
# ============================================================================= |
# ============================================================================= |
# do something with the connection |
# do something with the connection |
Line 565 sub make_new_child {
|
Line 560 sub make_new_child {
|
$client->sockopt(SO_KEEPALIVE, 1);# Enable monitoring of |
$client->sockopt(SO_KEEPALIVE, 1);# Enable monitoring of |
# connection liveness. |
# connection liveness. |
# see if we know client and check for spoof IP by challenge |
# see if we know client and check for spoof IP by challenge |
my $caller=getpeername($client); |
my $caller = getpeername($client); |
my ($port,$iaddr)=unpack_sockaddr_in($caller); |
my ($port,$iaddr)=unpack_sockaddr_in($caller); |
my $clientip=inet_ntoa($iaddr); |
my $clientip=inet_ntoa($iaddr); |
my $clientrec=($hostid{$clientip} ne undef); |
my $clientrec=($hostid{$clientip} ne undef); |
Line 695 sub make_new_child {
|
Line 690 sub make_new_child {
|
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my $pwdcorrect=0; |
my $pwdcorrect=0; |
if ($howpwd eq 'internal') { |
if ($howpwd eq 'internal') { |
|
&Debug("Internal auth"); |
$pwdcorrect= |
$pwdcorrect= |
(crypt($upass,$contentpwd) eq $contentpwd); |
(crypt($upass,$contentpwd) eq $contentpwd); |
} elsif ($howpwd eq 'unix') { |
} elsif ($howpwd eq 'unix') { |
$contentpwd=(getpwnam($uname))[1]; |
&Debug("Unix auth"); |
my $pwauth_path="/usr/local/sbin/pwauth"; |
if((getpwnam($uname))[1] eq "") { #no such user! |
unless ($contentpwd eq 'x') { |
$pwdcorrect = 0; |
$pwdcorrect= |
} else { |
(crypt($upass,$contentpwd) eq $contentpwd); |
$contentpwd=(getpwnam($uname))[1]; |
} |
my $pwauth_path="/usr/local/sbin/pwauth"; |
|
unless ($contentpwd eq 'x') { |
|
$pwdcorrect= |
|
(crypt($upass,$contentpwd) eq |
|
$contentpwd); |
|
} |
|
|
elsif (-e $pwauth_path) { |
elsif (-e $pwauth_path) { |
open PWAUTH, "|$pwauth_path" or |
open PWAUTH, "|$pwauth_path" or |
die "Cannot invoke authentication"; |
die "Cannot invoke authentication"; |
Line 711 sub make_new_child {
|
Line 713 sub make_new_child {
|
close PWAUTH; |
close PWAUTH; |
$pwdcorrect=!$?; |
$pwdcorrect=!$?; |
} |
} |
|
} |
} elsif ($howpwd eq 'krb4') { |
} elsif ($howpwd eq 'krb4') { |
$null=pack("C",0); |
$null=pack("C",0); |
unless ($upass=~/$null/) { |
unless ($upass=~/$null/) { |
$pwdcorrect=( |
my $krb4_error = &Authen::Krb4::get_pw_in_tkt |
Authen::Krb4::get_pw_in_tkt($uname,"", |
($uname,"",$contentpwd,'krbtgt', |
$contentpwd,'krbtgt',$contentpwd,1, |
$contentpwd,1,$upass); |
$upass) == 0); |
if (!$krb4_error) { |
} else { $pwdcorrect=0; } |
$pwdcorrect = 1; |
|
} else { |
|
$pwdcorrect=0; |
|
# log error if it is not a bad password |
|
if ($krb4_error != 62) { |
|
&logthis('krb4:'.$uname.','.$contentpwd.','. |
|
&Authen::Krb4::get_err_txt($Authen::Krb4::error)); |
|
} |
|
} |
|
} |
} elsif ($howpwd eq 'krb5') { |
} elsif ($howpwd eq 'krb5') { |
$null=pack("C",0); |
$null=pack("C",0); |
unless ($upass=~/$null/) { |
unless ($upass=~/$null/) { |
Line 759 sub make_new_child {
|
Line 771 sub make_new_child {
|
chomp($npass); |
chomp($npass); |
$upass=&unescape($upass); |
$upass=&unescape($upass); |
$npass=&unescape($npass); |
$npass=&unescape($npass); |
&logthis("Trying to change password for $uname"); |
&Debug("Trying to change password for $uname"); |
my $proname=propath($udom,$uname); |
my $proname=propath($udom,$uname); |
my $passfilename="$proname/passwd"; |
my $passfilename="$proname/passwd"; |
if (-e $passfilename) { |
if (-e $passfilename) { |
Line 769 sub make_new_child {
|
Line 781 sub make_new_child {
|
chomp($realpasswd); |
chomp($realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
if ($howpwd eq 'internal') { |
if ($howpwd eq 'internal') { |
|
&Debug("internal auth"); |
if (crypt($upass,$contentpwd) eq $contentpwd) { |
if (crypt($upass,$contentpwd) eq $contentpwd) { |
my $salt=time; |
my $salt=time; |
$salt=substr($salt,6,2); |
$salt=substr($salt,6,2); |
Line 785 sub make_new_child {
|
Line 798 sub make_new_child {
|
# one way or another. |
# one way or another. |
# First: Make sure the current password is |
# First: Make sure the current password is |
# correct |
# correct |
|
&Debug("auth is unix"); |
$contentpwd=(getpwnam($uname))[1]; |
$contentpwd=(getpwnam($uname))[1]; |
my $pwdcorrect = "0"; |
my $pwdcorrect = "0"; |
my $pwauth_path="/usr/local/sbin/pwauth"; |
my $pwauth_path="/usr/local/sbin/pwauth"; |
Line 796 sub make_new_child {
|
Line 810 sub make_new_child {
|
die "Cannot invoke authentication"; |
die "Cannot invoke authentication"; |
print PWAUTH "$uname\n$upass\n"; |
print PWAUTH "$uname\n$upass\n"; |
close PWAUTH; |
close PWAUTH; |
my $pwdcorrect=!$?; |
&Debug("exited pwauth with $? ($uname,$upass) "); |
|
$pwdcorrect=($? == 0); |
} |
} |
if ($pwdcorrect) { |
if ($pwdcorrect) { |
my $execdir=$perlvar{'lonDaemons'}; |
my $execdir=$perlvar{'lonDaemons'}; |
my $pf = IO::File->new("|$execdir/lcpasswd"); |
&Debug("Opening lcpasswd pipeline"); |
|
my $pf = IO::File->new("|$execdir/lcpasswd > /home/www/lcpasswd.log"); |
print $pf "$uname\n$npass\n$npass\n"; |
print $pf "$uname\n$npass\n$npass\n"; |
close $pf; |
close $pf; |
my $err = $?; |
my $err = $?; |
Line 853 sub make_new_child {
|
Line 869 sub make_new_child {
|
} |
} |
} |
} |
unless ($fperror) { |
unless ($fperror) { |
my $result=&make_passwd_file($umode,$npass, |
my $result=&make_passwd_file($uname, $umode,$npass, |
$passfilename); |
$passfilename); |
print $client $result; |
print $client $result; |
} else { |
} else { |
Line 879 sub make_new_child {
|
Line 895 sub make_new_child {
|
if ($udom ne $perlvar{'lonDefDomain'}) { |
if ($udom ne $perlvar{'lonDefDomain'}) { |
print $client "not_right_domain\n"; |
print $client "not_right_domain\n"; |
} else { |
} else { |
my $result=&make_passwd_file($umode,$npass, |
my $result=&make_passwd_file($uname, $umode,$npass, |
$passfilename); |
$passfilename); |
print $client $result; |
print $client $result; |
} |
} |
Line 1003 sub make_new_child {
|
Line 1019 sub make_new_child {
|
# ------------------------------------------------------------------- subscribe |
# ------------------------------------------------------------------- subscribe |
} elsif ($userinput =~ /^sub/) { |
} elsif ($userinput =~ /^sub/) { |
print $client &subscribe($userinput,$clientip); |
print $client &subscribe($userinput,$clientip); |
|
# ------------------------------------------------------------- current version |
|
} elsif ($userinput =~ /^currentversion/) { |
|
my ($cmd,$fname)=split(/:/,$userinput); |
|
print $client ¤tversion($fname)."\n"; |
# ------------------------------------------------------------------------- log |
# ------------------------------------------------------------------------- log |
} elsif ($userinput =~ /^log/) { |
} elsif ($userinput =~ /^log/) { |
my ($cmd,$udom,$uname,$what)=split(/:/,$userinput); |
my ($cmd,$udom,$uname,$what)=split(/:/,$userinput); |
Line 1201 sub make_new_child {
|
Line 1221 sub make_new_child {
|
} else { |
} else { |
print $client "error:$!\n"; |
print $client "error:$!\n"; |
} |
} |
|
# ----------------------------------------------------------------- dumpcurrent |
|
} elsif ($userinput =~ /^currentdump/) { |
|
my ($cmd,$udom,$uname,$namespace) |
|
=split(/:/,$userinput); |
|
$namespace=~s/\//\_/g; |
|
$namespace=~s/\W//g; |
|
my $qresult=''; |
|
my $proname=propath($udom,$uname); |
|
if (tie(%hash,'GDBM_File', |
|
"$proname/$namespace.db", |
|
&GDBM_READER(),0640)) { |
|
# Structure of %data: |
|
# $data{$symb}->{$parameter}=$value; |
|
# $data{$symb}->{'v.'.$parameter}=$version; |
|
# since $parameter will be unescaped, we do not |
|
# have to worry about silly parameter names... |
|
my %data = (); |
|
while (my ($key,$value) = each(%hash)) { |
|
my ($v,$symb,$param) = split(/:/,$key); |
|
next if ($v eq 'version' || $symb eq 'keys'); |
|
next if (exists($data{$symb}) && |
|
exists($data{$symb}->{$param}) && |
|
$data{$symb}->{'v.'.$param} > $v); |
|
$data{$symb}->{$param}=$value; |
|
$data{$symb}->{'v.'.$param}=$v; |
|
} |
|
if (untie(%hash)) { |
|
while (my ($symb,$param_hash) = each(%data)) { |
|
while(my ($param,$value) = each (%$param_hash)){ |
|
next if ($param =~ /^v\./); |
|
$qresult.=$symb.':'.$param.'='.$value.'&'; |
|
} |
|
} |
|
chop($qresult); |
|
print $client "$qresult\n"; |
|
} else { |
|
print $client "error:$!\n"; |
|
} |
|
} else { |
|
print $client "error:$!\n"; |
|
} |
# ------------------------------------------------------------------------ dump |
# ------------------------------------------------------------------------ dump |
} elsif ($userinput =~ /^dump/) { |
} elsif ($userinput =~ /^dump/) { |
my ($cmd,$udom,$uname,$namespace,$regexp) |
my ($cmd,$udom,$uname,$namespace,$regexp) |
Line 1212 sub make_new_child {
|
Line 1273 sub make_new_child {
|
} else { |
} else { |
$regexp='.'; |
$regexp='.'; |
} |
} |
my $proname=propath($udom,$uname); |
|
my $qresult=''; |
my $qresult=''; |
if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER,0640)) { |
my $proname=propath($udom,$uname); |
|
if (tie(%hash,'GDBM_File',"$proname/$namespace.db",&GDBM_READER(),0640)) { |
study($regexp); |
study($regexp); |
foreach $key (keys %hash) { |
while (($key,$value) = each(%hash)) { |
my $unescapeKey = &unescape($key); |
if ($regexp eq '.') { |
if (eval('$unescapeKey=~/$regexp/')) { |
$qresult.=$key.'='.$value.'&'; |
$qresult.="$key=$hash{$key}&"; |
} else { |
} |
my $unescapeKey = &unescape($key); |
|
if (eval('$unescapeKey=~/$regexp/')) { |
|
$qresult.="$key=$value&"; |
|
} |
|
} |
} |
} |
if (untie(%hash)) { |
if (untie(%hash)) { |
$qresult=~s/\&$//; |
chop($qresult); |
print $client "$qresult\n"; |
print $client "$qresult\n"; |
} else { |
} else { |
print $client "error:$!\n"; |
print $client "error:$!\n"; |
} |
} |
} else { |
} else { |
print $client "error:$!\n"; |
print $client "error:$!\n"; |
Line 1474 sub make_new_child {
|
Line 1539 sub make_new_child {
|
&logthis("<font color=blue>WARNING: " |
&logthis("<font color=blue>WARNING: " |
."Rejected client $clientip, closing connection</font>"); |
."Rejected client $clientip, closing connection</font>"); |
} |
} |
} |
} |
|
|
# ============================================================================= |
# ============================================================================= |
|
|
&logthis("<font color=red>CRITICAL: " |
&logthis("<font color=red>CRITICAL: " |
."Disconnect from $clientip ($hostid{$clientip})</font>"); |
."Disconnect from $clientip ($hostid{$clientip})</font>"); |
# tidy up gracefully and finish |
|
|
|
$server->close(); |
|
|
|
# this exit is VERY important, otherwise the child will become |
# this exit is VERY important, otherwise the child will become |
# a producer of more and more children, forking yourself into |
# a producer of more and more children, forking yourself into |
# process death. |
# process death. |
exit; |
exit; |
} |
|
} |
} |
|
|
|
|
Line 1631 sub unsub {
|
Line 1694 sub unsub {
|
return $result; |
return $result; |
} |
} |
|
|
|
sub currentversion { |
|
my $fname=shift; |
|
my $version=-1; |
|
my $ulsdir=''; |
|
if ($fname=~/^(.+)\/[^\/]+$/) { |
|
$ulsdir=$1; |
|
} |
|
$fname=~s/\.\d+\.(\w+(?:\.meta)*)$/\.$1/; |
|
$fname=~s/\.(\w+(?:\.meta)*)$/\.\(\\d\+\)\.$1\$/; |
|
|
|
if (-e $fname) { $version=1; } |
|
if (-e $ulsdir) { |
|
if(-d $ulsdir) { |
|
if (opendir(LSDIR,$ulsdir)) { |
|
while ($ulsfn=readdir(LSDIR)) { |
|
# see if this is a regular file (ignore links produced earlier) |
|
my $thisfile=$ulsdir.'/'.$ulsfn; |
|
unless (-l $thisfile) { |
|
if ($thisfile=~/$fname/) { |
|
if ($1>$version) { $version=$1; } |
|
} |
|
} |
|
} |
|
closedir(LSDIR); |
|
$version++; |
|
} |
|
} |
|
} |
|
return $version; |
|
} |
|
|
|
sub thisversion { |
|
my $fname=shift; |
|
my $version=-1; |
|
if ($fname=~/\.(\d+)\.\w+(?:\.meta)*$/) { |
|
$version=$1; |
|
} |
|
return $version; |
|
} |
|
|
sub subscribe { |
sub subscribe { |
my ($userinput,$clientip)=@_; |
my ($userinput,$clientip)=@_; |
my $result; |
my $result; |
my ($cmd,$fname)=split(/:/,$userinput); |
my ($cmd,$fname)=split(/:/,$userinput); |
my $ownership=&ishome($fname); |
my $ownership=&ishome($fname); |
if ($ownership eq 'owner') { |
if ($ownership eq 'owner') { |
|
# explitly asking for the current version? |
|
unless (-e $fname) { |
|
my $currentversion=¤tversion($fname); |
|
if (&thisversion($fname)==$currentversion) { |
|
if ($fname=~/^(.+)\.\d+\.(\w+(?:\.meta)*)$/) { |
|
my $root=$1; |
|
my $extension=$2; |
|
symlink($root.'.'.$extension, |
|
$root.'.'.$currentversion.'.'.$extension); |
|
unless ($extension=~/\.meta$/) { |
|
symlink($root.'.'.$extension.'.meta', |
|
$root.'.'.$currentversion.'.'.$extension.'.meta'); |
|
} |
|
} |
|
} |
|
} |
if (-e $fname) { |
if (-e $fname) { |
if (-d $fname) { |
if (-d $fname) { |
$result="directory\n"; |
$result="directory\n"; |
Line 1664 sub subscribe {
|
Line 1783 sub subscribe {
|
} |
} |
|
|
sub make_passwd_file { |
sub make_passwd_file { |
my ($umode,$npass,$passfilename)=@_; |
my ($uname, $umode,$npass,$passfilename)=@_; |
my $result="ok\n"; |
my $result="ok\n"; |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
if ($umode eq 'krb4' or $umode eq 'krb5') { |
{ |
{ |
Line 1690 sub make_passwd_file {
|
Line 1809 sub make_passwd_file {
|
my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; |
my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd"; |
{ |
{ |
&Debug("Executing external: ".$execpath); |
&Debug("Executing external: ".$execpath); |
my $se = IO::File->new("|$execpath"); |
&Debug("user = ".$uname.", Password =". $npass); |
|
my $se = IO::File->new("|$execpath > /home/www/lcuseradd.log"); |
print $se "$uname\n"; |
print $se "$uname\n"; |
print $se "$npass\n"; |
print $se "$npass\n"; |
print $se "$npass\n"; |
print $se "$npass\n"; |