--- loncom/lond 2013/05/11 22:42:22 1.489.2.5
+++ loncom/lond 2013/12/05 13:16:00 1.504
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.489.2.5 2013/05/11 22:42:22 raeburn Exp $
+# $Id: lond,v 1.504 2013/12/05 13:16:00 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -61,7 +61,7 @@ my $DEBUG = 0; # Non zero to ena
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.489.2.5 $'; #' stupid emacs
+my $VERSION='$Revision: 1.504 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -130,25 +130,6 @@ my @passwderrors = ("ok",
"pwchange_failure - lcpasswd Error filename is invalid");
-# The array below are lcuseradd error strings.:
-
-my $lastadderror = 13;
-my @adderrors = ("ok",
- "User ID mismatch, lcuseradd must run as user www",
- "lcuseradd Incorrect number of command line parameters must be 3",
- "lcuseradd Incorrect number of stdinput lines, must be 3",
- "lcuseradd Too many other simultaneous pwd changes in progress",
- "lcuseradd User does not exist",
- "lcuseradd Unable to make www member of users's group",
- "lcuseradd Unable to su to root",
- "lcuseradd Unable to set password",
- "lcuseradd Username has invalid characters",
- "lcuseradd Password has an invalid character",
- "lcuseradd User already exists",
- "lcuseradd Could not add user.",
- "lcuseradd Password mismatch");
-
-
# This array are the errors from lcinstallfile:
my @installerrors = ("ok",
@@ -1704,8 +1685,14 @@ sub read_lonnet_global {
sub server_devalidatecache_handler {
my ($cmd,$tail,$client) = @_;
my $userinput = "$cmd:$tail";
- my ($name,$id) = map { &unescape($_); } split(/:/,$tail);
- &Apache::lonnet::devalidate_cache_new($name,$id);
+ my $items = &unescape($tail);
+ my @cached = split(/\&/,$items);
+ foreach my $key (@cached) {
+ if ($key =~ /:/) {
+ my ($name,$id) = map { &unescape($_); } split(/:/,$key);
+ &Apache::lonnet::devalidate_cache_new($name,$id);
+ }
+ }
my $result = 'ok';
&Reply($client,\$result,$userinput);
return 1;
@@ -1907,12 +1894,8 @@ sub authenticate_handler {
if (ref($hostedsession) eq 'HASH') {
$hosted = $hostedsession->{'hosted'};
}
- my $loncaparev = $clientversion;
- if ($loncaparev eq '') {
- $loncaparev = $Apache::lonnet::loncaparevs{$clientname};
- }
$canhost = &Apache::lonnet::can_host_session($udom,$clientname,
- $loncaparev,
+ $clientversion,
$remote,$hosted);
}
}
@@ -2135,10 +2118,9 @@ sub change_authentication_handler {
my $passfilename = &password_path($udom, $uname);
if ($passfilename) { # Not allowed to create a new user!!
# If just changing the unix passwd. need to arrange to run
- # passwd since otherwise make_passwd_file will run
- # lcuseradd which fails if an account already exists
- # (to prevent an unscrupulous LONCAPA admin from stealing
- # an existing account by overwriting it as a LonCAPA account).
+ # passwd since otherwise make_passwd_file will fail as
+ # creation of unix authenticated users is no longer supported
+ # except from the command line, when running make_domain_coordinator.pl
if(($oldauth =~/^unix/) && ($umode eq "unix")) {
my $result = &change_unix_password($uname, $npass);
@@ -2156,15 +2138,8 @@ sub change_authentication_handler {
# re-run manage_permissions for that role in order to be able
# to take ownership of the construction space back to www:www
#
-
-
- if( (($oldauth =~ /^unix/) && ($umode eq "internal")) ||
- (($oldauth =~ /^internal/) && ($umode eq "unix")) ) {
- if(&is_author($udom, $uname)) {
- &Debug(" Need to manage author permissions...");
- &manage_permissions("/$udom/_au", $udom, $uname, "$umode:");
- }
- }
+
+
&Reply($client, \$result, $userinput);
}
@@ -3198,6 +3173,17 @@ sub get_profile_keys {
sub dump_profile_database {
my ($cmd, $tail, $client) = @_;
+ my $res = LONCAPA::Lond::dump_profile_database($tail);
+
+ if ($res =~ /^error:/) {
+ Failure($client, \$res, "$cmd:$tail");
+ } else {
+ Reply($client, \$res, "$cmd:$tail");
+ }
+
+ return 1;
+
+ #TODO remove
my $userinput = "$cmd:$tail";
my ($udom,$uname,$namespace) = split(/:/,$tail);
@@ -3277,11 +3263,11 @@ sub dump_with_regexp {
my ($cmd, $tail, $client) = @_;
my $res = LONCAPA::Lond::dump_with_regexp($tail, $clientversion);
-
+
if ($res =~ /^error:/) {
- &Failure($client, \$res, "$cmd:$tail");
+ Failure($client, \$res, "$cmd:$tail");
} else {
- &Reply($client, \$res, "$cmd:$tail");
+ Reply($client, \$res, "$cmd:$tail");
}
return 1;
@@ -3860,6 +3846,17 @@ sub put_course_id_hash_handler {
# a reply is written to $client.
sub dump_course_id_handler {
my ($cmd, $tail, $client) = @_;
+
+ my $res = LONCAPA::Lond::dump_course_id_handler($tail);
+ if ($res =~ /^error:/) {
+ Failure($client, \$res, "$cmd:$tail");
+ } else {
+ Reply($client, \$res, "$cmd:$tail");
+ }
+
+ return 1;
+
+ #TODO remove
my $userinput = "$cmd:$tail";
my ($udom,$since,$description,$instcodefilter,$ownerfilter,$coursefilter,
@@ -4448,6 +4445,49 @@ sub get_id_handler {
}
®ister_handler("idget", \&get_id_handler, 0, 1, 0);
+# Deletes one or more ids in a domain's id database.
+#
+# Parameters:
+# $cmd - Command keyword (iddel).
+# $tail - Command tail. In this case a colon
+# separated list containing:
+# The domain for which we are deleting the id(s).
+# &-separated list of id(s) to delete.
+# $client - File open on client socket.
+# Returns:
+# 1 - Continue processing
+# 0 - Exit server.
+#
+#
+
+sub del_id_handler {
+ my ($cmd,$tail,$client) = @_;
+
+ my $userinput = "$cmd:$tail";
+
+ my ($udom,$what)=split(/:/,$tail);
+ chomp($what);
+ my $hashref = &tie_domain_hash($udom, "ids", &GDBM_WRCREAT(),
+ "D", $what);
+ if ($hashref) {
+ my @keys=split(/\&/,$what);
+ foreach my $key (@keys) {
+ delete($hashref->{$key});
+ }
+ if (&untie_user_hash($hashref)) {
+ &Reply($client, "ok\n", $userinput);
+ } else {
+ &Failure($client, "error: ".($!+0)." untie(GDBM) Failed ".
+ "while attempting iddel\n", $userinput);
+ }
+ } else {
+ &Failure( $client, "error: ".($!+0)." tie(GDBM) Failed ".
+ "while attempting iddel\n", $userinput);
+ }
+ return 1;
+}
+®ister_handler("iddel", \&del_id_handler, 0, 1, 0);
+
#
# Puts broadcast e-mail sent by Domain Coordinator in nohist_dcmail database
#
@@ -5972,18 +6012,6 @@ sub lcpasswdstrerror {
}
}
-#
-# Convert an error return code from lcuseradd to a string value:
-#
-sub lcuseraddstrerror {
- my $ErrorCode = shift;
- if(($ErrorCode < 0) || ($ErrorCode > $lastadderror)) {
- return "lcuseradd - Unrecognized error code: ".$ErrorCode;
- } else {
- return $adderrors[$ErrorCode];
- }
-}
-
# grabs exception and records it to log before exiting
sub catchexception {
my ($error)=@_;
@@ -6224,6 +6252,9 @@ sub Debug {
# reply - Text to send to client.
# request - Original request from client.
#
+#NOTE $reply must be terminated by exactly *one* \n. If $reply is a reference
+#this is done automatically ($$reply must not contain any \n in this case).
+#If $reply is a string the caller has to ensure this.
sub Reply {
my ($fd, $reply, $request) = @_;
if (ref($reply)) {
@@ -6471,7 +6502,8 @@ sub make_new_child {
&Authen::Krb5::init_context();
unless (($dist eq 'fedora5') || ($dist eq 'fedora4') ||
($dist eq 'fedora6') || ($dist eq 'suse9.3') ||
- ($dist eq 'suse12.2') || ($dist eq 'suse12.3')) {
+ ($dist eq 'suse12.2') || ($dist eq 'suse12.3') ||
+ ($dist eq 'suse13.1')) {
&Authen::Krb5::init_ets();
}
@@ -6516,13 +6548,14 @@ sub make_new_child {
#
# If the remote is attempting a local init... give that a try:
#
+ logthis("remotereq: $remotereq");
(my $i, my $inittype, $clientversion) = split(/:/, $remotereq);
- # For LON-CAPA 2.9, the client session will have sent its LON-CAPA
- # version when initiating the connection. For LON-CAPA 2.8 and older,
- # the version is retrieved from the global %loncaparevs in lonnet.pm.
- # $clientversion contains path to keyfile if $inittype eq 'local'
- # it's overridden below in this case
- $clientversion ||= $Apache::lonnet::loncaparevs{$clientname};
+ # For LON-CAPA 2.9, the client session will have sent its LON-CAPA
+ # version when initiating the connection. For LON-CAPA 2.8 and older,
+ # the version is retrieved from the global %loncaparevs in lonnet.pm.
+ # $clientversion contains path to keyfile if $inittype eq 'local'
+ # it's overridden below in this case
+ $clientversion ||= $Apache::lonnet::loncaparevs{$clientname};
# If the connection type is ssl, but I didn't get my
# certificate files yet, then I'll drop back to
@@ -7273,56 +7306,8 @@ sub make_passwd_file {
}
}
} elsif ($umode eq 'unix') {
- {
- #
- # Don't allow the creation of privileged accounts!!! that would
- # be real bad!!!
- #
- my $uid = getpwnam($uname);
- if((defined $uid) && ($uid == 0)) {
- &logthis(">>>Attempt to create privileged account blocked");
- return "no_priv_account_error\n";
- }
-
- my $execpath ="$perlvar{'lonDaemons'}/"."lcuseradd";
-
- my $lc_error_file = $execdir."/tmp/lcuseradd".$$.".status";
- {
- &Debug("Executing external: ".$execpath);
- &Debug("user = ".$uname.", Password =". $npass);
- my $se = IO::File->new("|$execpath > $perlvar{'lonDaemons'}/logs/lcuseradd.log");
- print $se "$uname\n";
- print $se "$udom\n";
- print $se "$npass\n";
- print $se "$npass\n";
- print $se "$lc_error_file\n"; # Status -> unique file.
- }
- if (-r $lc_error_file) {
- &Debug("Opening error file: $lc_error_file");
- my $error = IO::File->new("< $lc_error_file");
- my $useraddok = <$error>;
- $error->close;
- unlink($lc_error_file);
-
- chomp $useraddok;
-
- if($useraddok > 0) {
- my $error_text = &lcuseraddstrerror($useraddok);
- &logthis("Failed lcuseradd: $error_text");
- $result = "lcuseradd_failed:$error_text";
- } else {
- my $pf = IO::File->new(">$passfilename");
- if($pf) {
- print $pf "unix:\n";
- } else {
- $result = "pass_file_failed_error";
- }
- }
- } else {
- &Debug("Could not locate lcuseradd error: $lc_error_file");
- $result="bug_lcuseradd_no_output_file";
- }
- }
+ &logthis(">>>Attempt to create unix account blocked -- unix auth not available for new users.");
+ $result="no_new_unix_accounts";
} elsif ($umode eq 'none') {
{
my $pf = IO::File->new("> $passfilename");
@@ -7387,6 +7372,8 @@ sub get_usersession_config {
}
+
+
sub distro_and_arch {
return $dist.':'.$arch;
}
@@ -7715,6 +7702,8 @@ Authen::Krb5
=head1 COREQUISITES
+none
+
=head1 OSNAMES
linux
@@ -7802,9 +7791,9 @@ or the CA's certificate in the call to l
<error> is the textual reason this failed. Usual reasons:
=over 2
-
+
=item Apache config file for loncapa incorrect:
-
+
one of the variables
lonCertificateDirectory, lonnetCertificateAuthority, or lonnetCertificate
undefined or incorrect
@@ -7923,7 +7912,7 @@ Could not rewrite the
internal password file for a user
=item Result of password change for <user> : <result>
-
+
A unix password change for <user> was attempted
and the pipe returned <result>
@@ -7952,7 +7941,7 @@ lond has been asked to exit by its clien
client systemand <input> is the full exit command sent to the server.
=item Red CRITICAL: ABNORMAL EXIT. child <pid> for server <hostname> died through a crass with this error->[<message>].
-
+
A lond child terminated. NOte that this termination can also occur when the
child receives the QUIT or DIE signals. <pid> is the process id of the child,
<hostname> the host lond is working for, and <message> the reason the child died
@@ -8036,7 +8025,7 @@ file when sent it's USR1 signal. That p
assumed to be hung in some un-fixable way.
=item Finished checking children
-
+
Master processs's USR1 processing is cojmplete.
=item (Red) CRITICAL: ------- Starting ------
@@ -8050,7 +8039,7 @@ Started a new child process for <client>
connected to the child. This was as a result of a TCP/IP connection from a client.
=item Unable to determine who caller was, getpeername returned nothing
-
+
In child process initialization. either getpeername returned undef or
a zero sized object was returned. Processing continues, but in my opinion,
this should be cause for the child to exit.
@@ -8061,7 +8050,7 @@ In child process initialization. The pe
The client address is stored as "Unavailable" and processing continues.
=item (Yellow) INFO: Connection <ip> <name> connection type = <type>
-
+
In child initialization. A good connectionw as received from <ip>.
=over 2
@@ -8111,7 +8100,7 @@ The client (<client> is the peer's name
negotiated an SSL connection with this child process.
=item (Green) Successful insecure authentication with <client>
-
+
The client has successfully negotiated an insecure connection withthe child process.