loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.548 and 1.556

version 1.548, 2018/08/18 22:07:48	version 1.556, 2018/12/13 03:23:05
Line 80 my $clientsamedom; # LonCAP	Line 80 my $clientsamedom; # LonCAP
# and client.	# and client.
my $clientsameinst; # LonCAPA "internet domain" same for	my $clientsameinst; # LonCAPA "internet domain" same for
# this host and client.	# this host and client.
my $clientremoteok; # Client allowed to host domain's users.	my $clientremoteok; # Current domain permits hosting on client
# (version constraints ignored), not set	# (not set if host and client share "internet domain").
# if this host and client share "internet domain".	# Values are 0 or 1; 1 if allowed.
my %clientprohibited; # Actions prohibited on client;	my %clientprohibited; # Commands from client prohibited for domain's
	# users.

my $server;	my $server;

my $keymode;	my $keymode;
Line 176 my @installerrors = ("ok",	Line 177 my @installerrors = ("ok",
# shared ("Access to other domain's content by this domain")	# shared ("Access to other domain's content by this domain")
# enroll ("Enrollment in this domain's courses by others")	# enroll ("Enrollment in this domain's courses by others")
# coaurem ("Co-author roles for this domain's users elsewhere")	# coaurem ("Co-author roles for this domain's users elsewhere")
	# othcoau ("Co-author roles in this domain for others")
# domroles ("Domain roles in this domain assignable to others")	# domroles ("Domain roles in this domain assignable to others")
# catalog ("Course Catalog for this domain displayed elsewhere")	# catalog ("Course Catalog for this domain displayed elsewhere")
# reqcrs ("Requests for creation of courses in this domain by others")	# reqcrs ("Requests for creation of courses in this domain by others")
Line 224 my %trust = (	Line 226 my %trust = (
dcmaildump => {remote => 1, domroles => 1},	dcmaildump => {remote => 1, domroles => 1},
dcmailput => {remote => 1, domroles => 1},	dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},	del => {remote => 1, domroles => 1, enroll => 1, content => 1},
	delbalcookie => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used	deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},	devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},	domroleput => {remote => 1, enroll => 1},
Line 234 my %trust = (	Line 237 my %trust = (
edit => {institutiononly => 1}, #not used currently	edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently	eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
egetdom => {remote => 1, domroles => 1, enroll => 1, },	egetdom => {remote => 1, domroles => 1, enroll => 1, },
ekey => {}, #not used currently	ekey => {anywhere => 1},
exit => {anywhere => 1},	exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},	fetchuserfile => {remote => 1, enroll => 1},
get => {remote => 1, domroles => 1, enroll => 1},	get => {remote => 1, domroles => 1, enroll => 1},
Line 299 my %trust = (	Line 302 my %trust = (
store => {remote => 1, enroll => 1, reqcrs => 1,},	store => {remote => 1, enroll => 1, reqcrs => 1,},
studentphoto => {remote => 1, enroll => 1},	studentphoto => {remote => 1, enroll => 1},
sub => {content => 1,},	sub => {content => 1,},
tmpdel => {anywhere => 1},	tmpdel => {institutiononly => 1},
tmpget => {anywhere => 1},	tmpget => {institutiononly => 1},
tmpput => {anywhere => 1},	tmpput => {remote => 1, othcoau => 1},
tokenauthuserfile => {anywhere => 1},	tokenauthuserfile => {anywhere => 1},
unsub => {content => 1,},	unsub => {content => 1,},
update => {shared => 1},	update => {shared => 1},
Line 792 sub ConfigFileFromSelector {	Line 795 sub ConfigFileFromSelector {
my $selector = shift;	my $selector = shift;
my $tablefile;	my $tablefile;

my $tabledir = $perlvar{'lonTabDir'}.'/';	if ($selector eq 'loncapaCAcrl') {
if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|	my $tabledir = $perlvar{'lonCertificateDirectory'};
($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {	if (-d $tabledir) {
$tablefile = $tabledir.$selector.'.tab';	$tablefile = $tabledir.'/'.$selector.'.pem';
	}
	} else {
	my $tabledir = $perlvar{'lonTabDir'}.'/';
	if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|
	($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {
	$tablefile = $tabledir.$selector.'.tab';
	}
}	}
return $tablefile;	return $tablefile;
}	}
Line 819 sub PushFile {	Line 829 sub PushFile {
my ($command, $filename, $contents) = split(":", $request, 3);	my ($command, $filename, $contents) = split(":", $request, 3);
&Debug("PushFile");	&Debug("PushFile");

# At this point in time, pushes for only the following tables are	# At this point in time, pushes for only the following tables and
# supported:	# CRL file are supported:
# hosts.tab ($filename eq host).	# hosts.tab ($filename eq host).
# domain.tab ($filename eq domain).	# domain.tab ($filename eq domain).
# dns_hosts.tab ($filename eq dns_host).	# dns_hosts.tab ($filename eq dns_host).
# dns_domain.tab ($filename eq dns_domain).	# dns_domain.tab ($filename eq dns_domain).
	# loncapaCAcrl.pem ($filename eq loncapaCAcrl).
# Construct the destination filename or reject the request.	# Construct the destination filename or reject the request.
#	#
# lonManage is supposed to ensure this, however this session could be	# lonManage is supposed to ensure this, however this session could be
Line 845 sub PushFile {	Line 856 sub PushFile {

if($filename eq "host") {	if($filename eq "host") {
$contents = AdjustHostContents($contents);	$contents = AdjustHostContents($contents);
} elsif ($filename eq 'dns_host' \|\| $filename eq 'dns_domain') {	} elsif (($filename eq 'dns_host') \|\| ($filename eq 'dns_domain') \|\|
	($filename eq 'loncapaCAcrl')) {
if ($contents eq '') {	if ($contents eq '') {
&logthis('<font color="red"> Pushfile: unable to install '	&logthis('<font color="red"> Pushfile: unable to install '
.$tablefile." - no data received from push. </font>");	.$tablefile." - no data received from push. </font>");
Line 856 sub PushFile {	Line 868 sub PushFile {
if ($managers{$clientip} eq $clientname) {	if ($managers{$clientip} eq $clientname) {
my $clientprotocol = $Apache::lonnet::protocol{$clientname};	my $clientprotocol = $Apache::lonnet::protocol{$clientname};
$clientprotocol = 'http' if ($clientprotocol ne 'https');	$clientprotocol = 'http' if ($clientprotocol ne 'https');
my $url = '/adm/'.$filename;	my $url;
$url =~ s{_}{/};	if ($filename eq 'loncapaCAcrl') {
	$url = '/adm/dns/loncapaCRL';
	} else {
	$url = '/adm/'.$filename;
	$url =~ s{_}{/};
	}
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");	my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);	my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
if ($response->is_error()) {	if ($response->is_error()) {
Line 5507 sub tmp_del_handler {	Line 5524 sub tmp_del_handler {
&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);	&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);

#	#
	# Process the delbalcookie command. This command deletes a balancer
	# cookie in the lonBalancedir directory created by switchserver
	#
	# Parameters:
	# $cmd - Command that got us here.
	# $cookie - Cookie to be deleted.
	# $client - socket open on the client process.
	#
	# Returns:
	# 1 - Indicating processing should continue.
	# Side Effects:
	# A cookie file is deleted from the lonBalancedir directory
	# A reply is sent to the client.
	sub del_balcookie_handler {
	my ($cmd, $cookie, $client) = @_;

	my $userinput= "$cmd:$cookie";

	chomp($cookie);
	my $deleted = '';
	if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
	my $execdir=$perlvar{'lonBalanceDir'};
	if (-e "$execdir/$cookie.id") {
	if (open(my $fh,'<',"$execdir/$cookie.id")) {
	my $dodelete;
	while (my $line = <$fh>) {
	chomp($line);
	if ($line eq $clientname) {
	$dodelete = 1;
	last;
	}
	}
	close($fh);
	if ($dodelete) {
	if (unlink("$execdir/$cookie.id")) {
	$deleted = 1;
	}
	}
	}
	}
	}
	if ($deleted) {
	&Reply($client, "ok\n", $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
	"while attempting delbalcookie\n", $userinput);
	}
	return 1;
	}
	&register_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);

	#
# Processes the setannounce command. This command	# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of	# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is	# the documentn root and sets its contents. The announce.txt file is
Line 6896 my $wwwid=getpwnam('www');	Line 6965 my $wwwid=getpwnam('www');
if ($wwwid!=$<) {	if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";	my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";	my $subj="LON: $currenthostid User ID mismatch";
system("echo 'User ID mismatch. lond must be run as user www.' \|\	system("echo 'User ID mismatch. lond must be run as user www.' \|".
mailto $emailto -s '$subj' > /dev/null");	" mail -s '$subj' $emailto > /dev/null");
exit 1;	exit 1;
}	}

Line 7031 sub UpdateHosts {	Line 7100 sub UpdateHosts {

my %oldconf = %secureconf;	my %oldconf = %secureconf;
my %connchange;	my %connchange;
if (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {	if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');	logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');
} else {	} else {
logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');	logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');
Line 7313 if ($arch eq 'unknown') {	Line 7382 if ($arch eq 'unknown') {
chomp($arch);	chomp($arch);
}	}

unless (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {	unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');	&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
}	}

Line 7447 sub make_new_child {	Line 7516 sub make_new_child {
$ConnectionType = "manager";	$ConnectionType = "manager";
$clientname = $managers{$outsideip};	$clientname = $managers{$outsideip};
}	}
my ($clientok,$clientinfoset);	my $clientok;

if ($clientrec \|\| $ismanager) {	if ($clientrec \|\| $ismanager) {
&status("Waiting for init from $clientip $clientname");	&status("Waiting for init from $clientip $clientname");
Line 7548 sub make_new_child {	Line 7617 sub make_new_child {
}	}

} else {	} else {
$clientinfoset = &set_client_info();
my $ok = InsecureConnection($client);	my $ok = InsecureConnection($client);
if($ok) {	if($ok) {
$clientok = 1;	$clientok = 1;
Line 7586 sub make_new_child {	Line 7654 sub make_new_child {
# ------------------------------------------------------------ Process requests	# ------------------------------------------------------------ Process requests
my $keep_going = 1;	my $keep_going = 1;
my $user_input;	my $user_input;
unless ($clientinfoset) {
$clientinfoset = &set_client_info();
}
$clientremoteok = 0;
unless ($clientsameinst) {
$clientremoteok = 1;
my $defdom = &Apache::lonnet::host_domain($perlvar{'lonHostID'});
%clientprohibited = &get_prohibited($defdom);
if ($clientintdom) {
my $remsessconf = &get_usersession_config($defdom,'remotesession');
if (ref($remsessconf) eq 'HASH') {
if (ref($remsessconf->{'remote'}) eq 'HASH') {
if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
$clientremoteok = 0;
}
}
if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
$clientremoteok = 1;
} else {
$clientremoteok = 0;
}
}
}
}
}
}
while(($user_input = get_request) && $keep_going) {	while(($user_input = get_request) && $keep_going) {
alarm(120);	alarm(120);
Debug("Main: Got $user_input\n");	Debug("Main: Got $user_input\n");
Line 7646 sub make_new_child {	Line 7687 sub make_new_child {

#	#
# Used to determine if a particular client is from the same domain	# Used to determine if a particular client is from the same domain
# as the current server, or from the same internet domain.	# as the current server, or from the same internet domain, and
	# also if the client can host sessions for the domain's users.
	# A hash is populated with keys set to commands sent by the client
	# which may not be executed for this domain.
#	#
# Optional input -- the client to check for domain and internet domain.	# Optional input -- the client to check for domain and internet domain.
# If not specified, defaults to the package variable: $clientname	# If not specified, defaults to the package variable: $clientname
#	#
# If called in array context will not set package variables, but will	# If called in array context will not set package variables, but will
# instead return an array of two values - (a) true if client is in the	# instead return an array of two values - (a) true if client is in the
# same domain as the server, and (b) true if client is in the same internet	# same domain as the server, and (b) true if client is in the same
# domain.	# internet domain.
#	#
# If called in scalar context, sets package variables for current client:	# If called in scalar context, sets package variables for current client:
#	#
# $clienthomedom - LonCAPA domain of homeID for client.	# $clienthomedom - LonCAPA domain of homeID for client.
# $clientsamedom - LonCAPA domain same for this host and client.	# $clientsamedom - LonCAPA domain same for this host and client.
# $clientintdom - LonCAPA "internet domain" for client.	# $clientintdom - LonCAPA "internet domain" for client.
# $clientsameinst - LonCAPA "internet domain" same for this host & client.	# $clientsameinst - LonCAPA "internet domain" same for this host & client.
	# $clientremoteok - If current domain permits hosting on this client: 1
	# %clientprohibited - Commands prohibited for domain's users for this client.
	#
	# if the host and client have the same "internet domain", then the value
	# of $clientremoteok is not used, and no commands are prohibited.
#	#
# returns 1 to indicate package variables have been set for current client.	# returns 1 to indicate package variables have been set for current client.
#	#
Line 7693 sub set_client_info {	Line 7742 sub set_client_info {
$clientsamedom = $samedom;	$clientsamedom = $samedom;
$clientintdom = $intdom;	$clientintdom = $intdom;
$clientsameinst = $sameinst;	$clientsameinst = $sameinst;
	if ($clientsameinst) {
	undef($clientremoteok);
	undef(%clientprohibited);
	} else {
	$clientremoteok = &get_remote_hostable($currentdomainid);
	%clientprohibited = &get_prohibited($currentdomainid);
	}
return 1;	return 1;
}	}
}	}
Line 8440 sub sethost {	Line 8496 sub sethost {
eq &Apache::lonnet::get_host_ip($hostid)) {	eq &Apache::lonnet::get_host_ip($hostid)) {
$currenthostid =$hostid;	$currenthostid =$hostid;
$currentdomainid=&Apache::lonnet::host_domain($hostid);	$currentdomainid=&Apache::lonnet::host_domain($hostid);
	&set_client_info();
# &logthis("Setting hostid to $hostid, and domain to $currentdomainid");	# &logthis("Setting hostid to $hostid, and domain to $currentdomainid");
} else {	} else {
&logthis("Requested host id $hostid not an alias of ".	&logthis("Requested host id $hostid not an alias of ".
Line 8516 sub get_prohibited {	Line 8573 sub get_prohibited {
return %prohibited;	return %prohibited;
}	}

	sub get_remote_hostable {
	my ($dom) = @_;
	my $result;
	if ($clientintdom) {
	$result = 1;
	my $remsessconf = &get_usersession_config($dom,'remotesession');
	if (ref($remsessconf) eq 'HASH') {
	if (ref($remsessconf->{'remote'}) eq 'HASH') {
	if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
	if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
	$result = 0;
	}
	}
	if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
	if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
	$result = 1;
	} else {
	$result = 0;
	}
	}
	}
	}
	}
	return $result;
	}

sub distro_and_arch {	sub distro_and_arch {
return $dist.':'.$arch;	return $dist.':'.$arch;
}	}
Line 8922 is closed and the child exits.	Line 9005 is closed and the child exits.
=item Red CRITICAL Can't get key file <error>	=item Red CRITICAL Can't get key file <error>

SSL key negotiation is being attempted but the call to	SSL key negotiation is being attempted but the call to
lonssl::KeyFile failed. This usually means that the	lonssl::KeyFile failed. This usually means that the
configuration file is not correctly defining or protecting	configuration file is not correctly defining or protecting
the directories/files lonCertificateDirectory or	the directories/files lonCertificateDirectory or
lonnetPrivateKey	lonnetPrivateKey

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.548
changed lines
	Added in v.1.556