loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.535 and 1.557

version 1.535, 2017/03/20 13:53:22	version 1.557, 2019/02/11 17:01:34
Line 80 my $clientsamedom; # LonCAP	Line 80 my $clientsamedom; # LonCAP
# and client.	# and client.
my $clientsameinst; # LonCAPA "internet domain" same for	my $clientsameinst; # LonCAPA "internet domain" same for
# this host and client.	# this host and client.
my $clientremoteok; # Client allowed to host domain's users.	my $clientremoteok; # Current domain permits hosting on client
# (version constraints ignored), not set	# (not set if host and client share "internet domain").
# if this host and client share "internet domain".	# Values are 0 or 1; 1 if allowed.
my %clientprohibited; # Actions prohibited on client;	my %clientprohibited; # Commands from client prohibited for domain's
	# users.

my $server;	my $server;

my $keymode;	my $keymode;
Line 108 my %perlvar; # Will have the apache co	Line 109 my %perlvar; # Will have the apache co
my %secureconf; # Will have requirements for security	my %secureconf; # Will have requirements for security
# of lond connections	# of lond connections

	my %crlchecked; # Will contain clients for which the client's SSL
	# has been checked against the cluster's Certificate
	# Revocation List.

my $dist;	my $dist;

#	#
Line 172 my @installerrors = ("ok",	Line 177 my @installerrors = ("ok",
# shared ("Access to other domain's content by this domain")	# shared ("Access to other domain's content by this domain")
# enroll ("Enrollment in this domain's courses by others")	# enroll ("Enrollment in this domain's courses by others")
# coaurem ("Co-author roles for this domain's users elsewhere")	# coaurem ("Co-author roles for this domain's users elsewhere")
	# othcoau ("Co-author roles in this domain for others")
# domroles ("Domain roles in this domain assignable to others")	# domroles ("Domain roles in this domain assignable to others")
# catalog ("Course Catalog for this domain displayed elsewhere")	# catalog ("Course Catalog for this domain displayed elsewhere")
# reqcrs ("Requests for creation of courses in this domain by others")	# reqcrs ("Requests for creation of courses in this domain by others")
Line 220 my %trust = (	Line 226 my %trust = (
dcmaildump => {remote => 1, domroles => 1},	dcmaildump => {remote => 1, domroles => 1},
dcmailput => {remote => 1, domroles => 1},	dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},	del => {remote => 1, domroles => 1, enroll => 1, content => 1},
	delbalcookie => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used	deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},	devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},	domroleput => {remote => 1, enroll => 1},
Line 229 my %trust = (	Line 236 my %trust = (
dump => {remote => 1, enroll => 1, domroles => 1},	dump => {remote => 1, enroll => 1, domroles => 1},
edit => {institutiononly => 1}, #not used currently	edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently	eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
ekey => {}, #not used currently	egetdom => {remote => 1, domroles => 1, enroll => 1, },
	ekey => {anywhere => 1},
exit => {anywhere => 1},	exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},	fetchuserfile => {remote => 1, enroll => 1},
get => {remote => 1, domroles => 1, enroll => 1},	get => {remote => 1, domroles => 1, enroll => 1},
Line 294 my %trust = (	Line 302 my %trust = (
store => {remote => 1, enroll => 1, reqcrs => 1,},	store => {remote => 1, enroll => 1, reqcrs => 1,},
studentphoto => {remote => 1, enroll => 1},	studentphoto => {remote => 1, enroll => 1},
sub => {content => 1,},	sub => {content => 1,},
tmpdel => {anywhere => 1},	tmpdel => {institutiononly => 1},
tmpget => {anywhere => 1},	tmpget => {institutiononly => 1},
tmpput => {anywhere => 1},	tmpput => {remote => 1, othcoau => 1},
tokenauthuserfile => {anywhere => 1},	tokenauthuserfile => {anywhere => 1},
unsub => {content => 1,},	unsub => {content => 1,},
update => {shared => 1},	update => {shared => 1},
Line 419 sub SSLConnection {	Line 427 sub SSLConnection {
Debug("Approving promotion -> ssl");	Debug("Approving promotion -> ssl");
# And do so:	# And do so:

	my $CRLFile;
	unless ($crlchecked{$clientname}) {
	$CRLFile = lonssl::CRLFile();
	$crlchecked{$clientname} = 1;
	}

my $SSLSocket = lonssl::PromoteServerSocket($Socket,	my $SSLSocket = lonssl::PromoteServerSocket($Socket,
$CACertificate,	$CACertificate,
$Certificate,	$Certificate,
$KeyFile);	$KeyFile,
	$clientname,
	$CRLFile,
	$clientversion);
if(! ($SSLSocket) ) { # SSL socket promotion failed.	if(! ($SSLSocket) ) { # SSL socket promotion failed.
my $err = lonssl::LastError();	my $err = lonssl::LastError();
&logthis("<font color=\"red\"> CRITICAL "	&logthis("<font color=\"red\"> CRITICAL "
Line 778 sub ConfigFileFromSelector {	Line 795 sub ConfigFileFromSelector {
my $selector = shift;	my $selector = shift;
my $tablefile;	my $tablefile;

my $tabledir = $perlvar{'lonTabDir'}.'/';	if ($selector eq 'loncapaCAcrl') {
if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|	my $tabledir = $perlvar{'lonCertificateDirectory'};
($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {	if (-d $tabledir) {
$tablefile = $tabledir.$selector.'.tab';	$tablefile = $tabledir.'/'.$selector.'.pem';
	}
	} else {
	my $tabledir = $perlvar{'lonTabDir'}.'/';
	if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|
	($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {
	$tablefile = $tabledir.$selector.'.tab';
	}
}	}
return $tablefile;	return $tablefile;
}	}
Line 805 sub PushFile {	Line 829 sub PushFile {
my ($command, $filename, $contents) = split(":", $request, 3);	my ($command, $filename, $contents) = split(":", $request, 3);
&Debug("PushFile");	&Debug("PushFile");

# At this point in time, pushes for only the following tables are	# At this point in time, pushes for only the following tables and
# supported:	# CRL file are supported:
# hosts.tab ($filename eq host).	# hosts.tab ($filename eq host).
# domain.tab ($filename eq domain).	# domain.tab ($filename eq domain).
# dns_hosts.tab ($filename eq dns_host).	# dns_hosts.tab ($filename eq dns_host).
# dns_domain.tab ($filename eq dns_domain).	# dns_domain.tab ($filename eq dns_domain).
	# loncapaCAcrl.pem ($filename eq loncapaCAcrl).
# Construct the destination filename or reject the request.	# Construct the destination filename or reject the request.
#	#
# lonManage is supposed to ensure this, however this session could be	# lonManage is supposed to ensure this, however this session could be
Line 831 sub PushFile {	Line 856 sub PushFile {

if($filename eq "host") {	if($filename eq "host") {
$contents = AdjustHostContents($contents);	$contents = AdjustHostContents($contents);
} elsif ($filename eq 'dns_host' \|\| $filename eq 'dns_domain') {	} elsif (($filename eq 'dns_host') \|\| ($filename eq 'dns_domain') \|\|
	($filename eq 'loncapaCAcrl')) {
if ($contents eq '') {	if ($contents eq '') {
&logthis('<font color="red"> Pushfile: unable to install '	&logthis('<font color="red"> Pushfile: unable to install '
.$tablefile." - no data received from push. </font>");	.$tablefile." - no data received from push. </font>");
Line 842 sub PushFile {	Line 868 sub PushFile {
if ($managers{$clientip} eq $clientname) {	if ($managers{$clientip} eq $clientname) {
my $clientprotocol = $Apache::lonnet::protocol{$clientname};	my $clientprotocol = $Apache::lonnet::protocol{$clientname};
$clientprotocol = 'http' if ($clientprotocol ne 'https');	$clientprotocol = 'http' if ($clientprotocol ne 'https');
my $url = '/adm/'.$filename;	my $url;
$url =~ s{_}{/};	if ($filename eq 'loncapaCAcrl') {
	$url = '/adm/dns/loncapaCRL';
	} else {
	$url = '/adm/'.$filename;
	$url =~ s{_}{/};
	}
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");	my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);	my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
if ($response->is_error()) {	if ($response->is_error()) {
Line 1605 sub du2_handler {	Line 1636 sub du2_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1641 sub ls_handler {	Line 1674 sub ls_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1669 sub ls_handler {	Line 1702 sub ls_handler {
closedir(LSDIR);	closedir(LSDIR);
}	}
} else {	} else {
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {	unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1702 sub ls_handler {	Line 1736 sub ls_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1737 sub ls2_handler {	Line 1773 sub ls2_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
&Failure($client,"refused\n","$userinput");	&Failure($client,"refused\n","$userinput");
return 1;	return 1;
}	}
Line 1766 sub ls2_handler {	Line 1802 sub ls2_handler {
closedir(LSDIR);	closedir(LSDIR);
}	}
} else {	} else {
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {	unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1791 sub ls2_handler {	Line 1828 sub ls2_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# (d) /home/httpd/html/priv/<domain>/ and client is the homeserver	# (d) /home/httpd/html/priv/<domain> and client is the homeserver
#	#
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
	# (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1872 sub ls3_handler {	Line 1912 sub ls3_handler {
my $rights;	my $rights;
my $ulsout='';	my $ulsout='';
my $ulsfn;	my $ulsfn;

	my ($crscheck,$toplevel,$currdom,$currnum,$skip);
	unless ($islocal) {
	my ($major,$minor) = split(/\./,$clientversion);
	if (($major < 2) \|\| ($major == 2 && $minor < 12)) {
	$crscheck = 1;
	}
	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) \|\|	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) \|\|
(($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) {	(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
if (opendir(LSDIR,$ulsdir)) {	if (($crscheck) &&
	($ulsdir =~ m{^/home/httpd/html/res/($LONCAPA::match_domain)(/?$\|/$LONCAPA::match_courseid)})) {
	($currdom,my $posscnum) = ($1,$2);
	if (($posscnum eq '') \|\| ($posscnum eq '/')) {
	$toplevel = 1;
	} else {
	$posscnum =~ s{^/+}{};
	if (&LONCAPA::Lond::is_course($currdom,$posscnum)) {
	$skip = 1;
	}
	}
	}
	if ((!$skip) && (opendir(LSDIR,$ulsdir))) {
while ($ulsfn=readdir(LSDIR)) {	while ($ulsfn=readdir(LSDIR)) {
	if (($crscheck) && ($toplevel) && ($currdom ne '') &&
	($ulsfn =~ /^$LONCAPA::match_courseid$/) && (-d "$ulsdir/$ulsfn")) {
	if (&LONCAPA::Lond::is_course($currdom,$ulsfn)) {
	next;
	}
	}
undef($obs);	undef($obs);
undef($rights);	undef($rights);
my @ulsstats=stat($ulsdir.'/'.$ulsfn);	my @ulsstats=stat($ulsdir.'/'.$ulsfn);
Line 1906 sub ls3_handler {	Line 1972 sub ls3_handler {
}	}
} else {	} else {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) \|\|
	(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 2058 sub server_distarch_handler {	Line 2126 sub server_distarch_handler {
sub server_certs_handler {	sub server_certs_handler {
my ($cmd,$tail,$client) = @_;	my ($cmd,$tail,$client) = @_;
my $userinput = "$cmd:$tail";	my $userinput = "$cmd:$tail";
my $result;	my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
my $result = &LONCAPA::Lond::server_certs(\%perlvar);	my $result = &LONCAPA::Lond::server_certs(\%perlvar,$perlvar{'lonHostID'},$hostname);
&Reply($client,\$result,$userinput);	&Reply($client,\$result,$userinput);
return;	return;
}	}
Line 2590 sub update_resource_handler {	Line 2658 sub update_resource_handler {
my $transname="$fname.in.transfer";	my $transname="$fname.in.transfer";
my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname");	my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname");
my $response;	my $response;
# FIXME: cannot replicate files that take more than two minutes to transfer?	# FIXME: cannot replicate files that take more than two minutes to transfer -- needs checking now 1200s timeout used
# alarm(120);	# for LWP request.
# FIXME: this should use the LWP mechanism, not internal alarms.	my $request=new HTTP::Request('GET',"$remoteurl");
alarm(1200);	$response=&LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,0,1);
{
my $request=new HTTP::Request('GET',"$remoteurl");
$response=&LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,0,1);
}
alarm(0);
if ($response->is_error()) {	if ($response->is_error()) {
# FIXME: we should probably clean up here instead of just whine	my $reply=&Apache::lonnet::reply("unsub:$fname","$clientname");
unlink($transname);	&devalidate_meta_cache($fname);
	if (-e $transname) {
	unlink($transname);
	}
	unlink($fname);
my $message=$response->status_line;	my $message=$response->status_line;
&logthis("LWP GET: $message for $fname ($remoteurl)");	&logthis("LWP GET: $message for $fname ($remoteurl)");
} else {	} else {
if ($remoteurl!~/\.meta$/) {	if ($remoteurl!~/\.meta$/) {
# FIXME: isn't there an internal LWP mechanism for this?	my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
alarm(120);	my $mresponse = &LONCAPA::LWPReq::makerequest($clientname,$mrequest,$fname.'.meta',\%perlvar,120,0,1);
{	if ($mresponse->is_error()) {
my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');	unlink($fname.'.meta');
my $mresponse = &LONCAPA::LWPReq::makerequest($clientname,$mrequest,$fname.'.meta',\%perlvar,120,0,1);
if ($mresponse->is_error()) {
unlink($fname.'.meta');
}
}	}
alarm(0);
}	}
# we successfully transfered, copy file over to real name	# we successfully transfered, copy file over to real name
rename($transname,$fname);	rename($transname,$fname);
Line 2685 sub fetch_user_file_handler {	Line 2747 sub fetch_user_file_handler {
my $remoteurl=$clientprotocol.'://'.$clienthost.'/userfiles/'.$fname;	my $remoteurl=$clientprotocol.'://'.$clienthost.'/userfiles/'.$fname;
my $response;	my $response;
Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");	Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");
alarm(1200);	my $request=new HTTP::Request('GET',"$remoteurl");
{	my $verifycert = 1;
my $request=new HTTP::Request('GET',"$remoteurl");	my @machine_ids = &Apache::lonnet::current_machine_ids();
my $verifycert = 1;	if (grep(/^\Q$clientname\E$/,@machine_ids)) {
my @machine_ids = &Apache::lonnet::current_machine_ids();	$verifycert = 0;
if (grep(/^\Q$clientname\E$/,@machine_ids)) {	}
$verifycert = 0;	$response = &LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,$verifycert);
}
$response = &LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,$verifycert);
}
alarm(0);
if ($response->is_error()) {	if ($response->is_error()) {
unlink($transname);	unlink($transname);
my $message=$response->status_line;	my $message=$response->status_line;
Line 3393 sub get_profile_entry {	Line 3451 sub get_profile_entry {
#	#
# Parameters:	# Parameters:
# $cmd - Command keyword of request (eget).	# $cmd - Command keyword of request (eget).
# $tail - Tail of the command. See GetProfileEntry # for more information about this.	# $tail - Tail of the command. See GetProfileEntry
	# for more information about this.
# $client - File open on the client.	# $client - File open on the client.
# Returns:	# Returns:
# 1 - Continue processing	# 1 - Continue processing
Line 4876 sub get_domain_handler {	Line 4935 sub get_domain_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;


my $userinput = "$client:$tail";	my $userinput = "$cmd:$tail";

	my ($udom,$namespace,$what)=split(/:/,$tail,3);
	chomp($what);
	if ($namespace =~ /^enc/) {
	&Failure( $client, "refused\n", $userinput);
	} else {
	my @queries=split(/\&/,$what);
	my $qresult='';
	my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
	if ($hashref) {
	for (my $i=0;$i<=$#queries;$i++) {
	$qresult.="$hashref->{$queries[$i]}&";
	}
	if (&untie_domain_hash($hashref)) {
	$qresult=~s/\&$//;
	&Reply($client, \$qresult, $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
	"while attempting getdom\n",$userinput);
	}
	} else {
	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
	"while attempting getdom\n",$userinput);
	}
	}

	return 1;
	}
	&register_handler("getdom", \&get_domain_handler, 0, 1, 0);

	sub encrypted_get_domain_handler {
	my ($cmd, $tail, $client) = @_;

	my $userinput = "$cmd:$tail";

my ($udom,$namespace,$what)=split(/:/,$tail,3);	my ($udom,$namespace,$what)=split(/:/,$tail,3);
chomp($what);	chomp($what);
Line 4889 sub get_domain_handler {	Line 4982 sub get_domain_handler {
}	}
if (&untie_domain_hash($hashref)) {	if (&untie_domain_hash($hashref)) {
$qresult=~s/\&$//;	$qresult=~s/\&$//;
&Reply($client, \$qresult, $userinput);	if ($cipher) {
	my $cmdlength=length($qresult);
	$qresult.=" ";
	my $encqresult='';
	for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
	$encqresult.= unpack("H16",
	$cipher->encrypt(substr($qresult,
	$encidx,
	8)));
	}
	&Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
	} else {
	&Failure( $client, "error:no_key\n", $userinput);
	}
} else {	} else {
&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".	&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
"while attempting getdom\n",$userinput);	"while attempting egetdom\n",$userinput);
}	}
} else {	} else {
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
"while attempting getdom\n",$userinput);	"while attempting egetdom\n",$userinput);
}	}

return 1;	return 1;
}	}
&register_handler("getdom", \&get_domain_handler, 0, 1, 0);	&register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);

#	#
# Puts an id to a domains id database.	# Puts an id to a domains id database.
Line 5419 sub tmp_del_handler {	Line 5524 sub tmp_del_handler {
&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);	&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);

#	#
	# Process the delbalcookie command. This command deletes a balancer
	# cookie in the lonBalancedir directory created by switchserver
	#
	# Parameters:
	# $cmd - Command that got us here.
	# $cookie - Cookie to be deleted.
	# $client - socket open on the client process.
	#
	# Returns:
	# 1 - Indicating processing should continue.
	# Side Effects:
	# A cookie file is deleted from the lonBalancedir directory
	# A reply is sent to the client.
	sub del_balcookie_handler {
	my ($cmd, $cookie, $client) = @_;

	my $userinput= "$cmd:$cookie";

	chomp($cookie);
	my $deleted = '';
	if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
	my $execdir=$perlvar{'lonBalanceDir'};
	if (-e "$execdir/$cookie.id") {
	if (open(my $fh,'<',"$execdir/$cookie.id")) {
	my $dodelete;
	while (my $line = <$fh>) {
	chomp($line);
	if ($line eq $clientname) {
	$dodelete = 1;
	last;
	}
	}
	close($fh);
	if ($dodelete) {
	if (unlink("$execdir/$cookie.id")) {
	$deleted = 1;
	}
	}
	}
	}
	}
	if ($deleted) {
	&Reply($client, "ok\n", $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
	"while attempting delbalcookie\n", $userinput);
	}
	return 1;
	}
	&register_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);

	#
# Processes the setannounce command. This command	# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of	# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is	# the documentn root and sets its contents. The announce.txt file is
Line 5697 sub validate_course_section_handler {	Line 5854 sub validate_course_section_handler {
# Formal Parameters:	# Formal Parameters:
# $cmd - The command request that got us dispatched.	# $cmd - The command request that got us dispatched.
# $tail - The tail of the command. In this case this is a colon separated	# $tail - The tail of the command. In this case this is a colon separated
# set of words that will be split into:	# set of values that will be split into:
# $inst_class - Institutional code for the specific class section	# $inst_class - Institutional code for the specific class section
# $courseowner - The escaped username:domain of the course owner	# $ownerlist - An escaped comma-separated list of username:domain
	# of the course owner, and co-owner(s).
# $cdom - The domain of the course from the institution's	# $cdom - The domain of the course from the institution's
# point of view.	# point of view.
# $client - The socket open on the client.	# $client - The socket open on the client.
Line 5724 sub validate_class_access_handler {	Line 5882 sub validate_class_access_handler {
&register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);	&register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);

#	#
	# Validate course owner or co-owners(s) access to enrollment data for all sections
	# and crosslistings for a particular course.
	#
	#
	# Formal Parameters:
	# $cmd - The command request that got us dispatched.
	# $tail - The tail of the command. In this case this is a colon separated
	# set of values that will be split into:
	# $ownerlist - An escaped comma-separated list of username:domain
	# of the course owner, and co-owner(s).
	# $cdom - The domain of the course from the institution's
	# point of view.
	# $classes - Frozen hash of institutional course sections and
	# crosslistings.
	# $client - The socket open on the client.
	# Returns:
	# 1 - continue processing.
	#

	sub validate_classes_handler {
	my ($cmd, $tail, $client) = @_;
	my $userinput = "$cmd:$tail";
	my ($ownerlist,$cdom,$classes) = split(/:/, $tail);
	my $classesref = &Apache::lonnet::thaw_unescape($classes);
	my $owners = &unescape($ownerlist);
	my $result;
	eval {
	local($SIG{__DIE__})='DEFAULT';
	my %validations;
	my $response = &localenroll::check_instclasses($owners,$cdom,$classesref,
	\%validations);
	if ($response eq 'ok') {
	foreach my $key (keys(%validations)) {
	$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&';
	}
	$result =~ s/\&$//;
	} else {
	$result = 'error';
	}
	};
	if (!$@) {
	&Reply($client, \$result, $userinput);
	} else {
	&Failure($client,"unknown_cmd\n",$userinput);
	}
	return 1;
	}
	&register_handler("autovalidateinstclasses", \&validate_classes_handler, 0, 1, 0);

	#
# Create a password for a new LON-CAPA user added by auto-enrollment.	# Create a password for a new LON-CAPA user added by auto-enrollment.
# Only used for case where authentication method for new user is localauth	# Only used for case where authentication method for new user is localauth
#	#
Line 5801 sub auto_export_grades_handler {	Line 6009 sub auto_export_grades_handler {
return 1;	return 1;
}	}
&register_handler("autoexportgrades", \&auto_export_grades_handler,	&register_handler("autoexportgrades", \&auto_export_grades_handler,
0, 1, 0);	1, 1, 0);

# Retrieve and remove temporary files created by/during autoenrollment.	# Retrieve and remove temporary files created by/during autoenrollment.
#	#
Line 6757 my $wwwid=getpwnam('www');	Line 6965 my $wwwid=getpwnam('www');
if ($wwwid!=$<) {	if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";	my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";	my $subj="LON: $currenthostid User ID mismatch";
system("echo 'User ID mismatch. lond must be run as user www.' \|\	system("echo 'User ID mismatch. lond must be run as user www.' \|".
mailto $emailto -s '$subj' > /dev/null");	" mail -s '$subj' $emailto > /dev/null");
exit 1;	exit 1;
}	}

Line 6892 sub UpdateHosts {	Line 7100 sub UpdateHosts {

my %oldconf = %secureconf;	my %oldconf = %secureconf;
my %connchange;	my %connchange;
if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
logthis('<font color="blue"> Reloaded SSL connection rules </font>');	logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');
} else {	} else {
logthis('<font color="yellow"> Failed to reload SSL connection rules </font>');	logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');
}	}
if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {	if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {
foreach my $type ('dom','intdom','other') {	foreach my $type ('dom','intdom','other') {
Line 7174 if ($arch eq 'unknown') {	Line 7382 if ($arch eq 'unknown') {
chomp($arch);	chomp($arch);
}	}

unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar,\%crlchecked) eq 'ok') {
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');	&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
}	}

Line 7308 sub make_new_child {	Line 7516 sub make_new_child {
$ConnectionType = "manager";	$ConnectionType = "manager";
$clientname = $managers{$outsideip};	$clientname = $managers{$outsideip};
}	}
my ($clientok,$clientinfoset);	my $clientok;

if ($clientrec \|\| $ismanager) {	if ($clientrec \|\| $ismanager) {
&status("Waiting for init from $clientip $clientname");	&status("Waiting for init from $clientip $clientname");
Line 7409 sub make_new_child {	Line 7617 sub make_new_child {
}	}

} else {	} else {
$clientinfoset = &set_client_info();
my $ok = InsecureConnection($client);	my $ok = InsecureConnection($client);
if($ok) {	if($ok) {
$clientok = 1;	$clientok = 1;
Line 7447 sub make_new_child {	Line 7654 sub make_new_child {
# ------------------------------------------------------------ Process requests	# ------------------------------------------------------------ Process requests
my $keep_going = 1;	my $keep_going = 1;
my $user_input;	my $user_input;
unless ($clientinfoset) {
$clientinfoset = &set_client_info();
}
$clientremoteok = 0;
unless ($clientsameinst) {
$clientremoteok = 1;
my $defdom = &Apache::lonnet::host_domain($perlvar{'lonHostID'});
%clientprohibited = &get_prohibited($defdom);
if ($clientintdom) {
my $remsessconf = &get_usersession_config($defdom,'remotesession');
if (ref($remsessconf) eq 'HASH') {
if (ref($remsessconf->{'remote'}) eq 'HASH') {
if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
$clientremoteok = 0;
}
}
if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
$clientremoteok = 1;
} else {
$clientremoteok = 0;
}
}
}
}
}
}
while(($user_input = get_request) && $keep_going) {	while(($user_input = get_request) && $keep_going) {
alarm(120);	alarm(120);
Debug("Main: Got $user_input\n");	Debug("Main: Got $user_input\n");
Line 7507 sub make_new_child {	Line 7687 sub make_new_child {

#	#
# Used to determine if a particular client is from the same domain	# Used to determine if a particular client is from the same domain
# as the current server, or from the same internet domain.	# as the current server, or from the same internet domain, and
	# also if the client can host sessions for the domain's users.
	# A hash is populated with keys set to commands sent by the client
	# which may not be executed for this domain.
#	#
# Optional input -- the client to check for domain and internet domain.	# Optional input -- the client to check for domain and internet domain.
# If not specified, defaults to the package variable: $clientname	# If not specified, defaults to the package variable: $clientname
#	#
# If called in array context will not set package variables, but will	# If called in array context will not set package variables, but will
# instead return an array of two values - (a) true if client is in the	# instead return an array of two values - (a) true if client is in the
# same domain as the server, and (b) true if client is in the same internet	# same domain as the server, and (b) true if client is in the same
# domain.	# internet domain.
#	#
# If called in scalar context, sets package variables for current client:	# If called in scalar context, sets package variables for current client:
#	#
# $clienthomedom - LonCAPA domain of homeID for client.	# $clienthomedom - LonCAPA domain of homeID for client.
# $clientsamedom - LonCAPA domain same for this host and client.	# $clientsamedom - LonCAPA domain same for this host and client.
# $clientintdom - LonCAPA "internet domain" for client.	# $clientintdom - LonCAPA "internet domain" for client.
# $clientsameinst - LonCAPA "internet domain" same for this host & client.	# $clientsameinst - LonCAPA "internet domain" same for this host & client.
	# $clientremoteok - If current domain permits hosting on this client: 1
	# %clientprohibited - Commands prohibited for domain's users for this client.
	#
	# if the host and client have the same "internet domain", then the value
	# of $clientremoteok is not used, and no commands are prohibited.
#	#
# returns 1 to indicate package variables have been set for current client.	# returns 1 to indicate package variables have been set for current client.
#	#
Line 7534 sub set_client_info {	Line 7722 sub set_client_info {
my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost);	my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost);
my $homedom = &Apache::lonnet::host_domain($clientserverhomeID);	my $homedom = &Apache::lonnet::host_domain($clientserverhomeID);
my $samedom = 0;	my $samedom = 0;
if ($perlvar{'lonDefDom'} eq $homedom) {	if ($perlvar{'lonDefDomain'} eq $homedom) {
$samedom = 1;	$samedom = 1;
}	}
my $intdom = &Apache::lonnet::internet_dom($clientserverhomeID);	my $intdom = &Apache::lonnet::internet_dom($clientserverhomeID);
Line 7554 sub set_client_info {	Line 7742 sub set_client_info {
$clientsamedom = $samedom;	$clientsamedom = $samedom;
$clientintdom = $intdom;	$clientintdom = $intdom;
$clientsameinst = $sameinst;	$clientsameinst = $sameinst;
	if ($clientsameinst) {
	undef($clientremoteok);
	undef(%clientprohibited);
	} else {
	$clientremoteok = &get_remote_hostable($currentdomainid);
	%clientprohibited = &get_prohibited($currentdomainid);
	}
return 1;	return 1;
}	}
}	}
Line 8269 sub make_passwd_file {	Line 8464 sub make_passwd_file {
$result = "pass_file_failed_error";	$result = "pass_file_failed_error";
}	}
}	}
	} elsif ($umode eq 'lti') {
	my $pf = IO::File->new(">$passfilename");
	if($pf) {
	print $pf "lti:\n";
	&update_passwd_history($uname,$udom,$umode,$action);
	} else {
	$result = "pass_file_failed_error";
	}
} else {	} else {
$result="auth_mode_error";	$result="auth_mode_error";
}	}
Line 8293 sub sethost {	Line 8496 sub sethost {
eq &Apache::lonnet::get_host_ip($hostid)) {	eq &Apache::lonnet::get_host_ip($hostid)) {
$currenthostid =$hostid;	$currenthostid =$hostid;
$currentdomainid=&Apache::lonnet::host_domain($hostid);	$currentdomainid=&Apache::lonnet::host_domain($hostid);
	&set_client_info();
# &logthis("Setting hostid to $hostid, and domain to $currentdomainid");	# &logthis("Setting hostid to $hostid, and domain to $currentdomainid");
} else {	} else {
&logthis("Requested host id $hostid not an alias of ".	&logthis("Requested host id $hostid not an alias of ".
Line 8369 sub get_prohibited {	Line 8573 sub get_prohibited {
return %prohibited;	return %prohibited;
}	}

	sub get_remote_hostable {
	my ($dom) = @_;
	my $result;
	if ($clientintdom) {
	$result = 1;
	my $remsessconf = &get_usersession_config($dom,'remotesession');
	if (ref($remsessconf) eq 'HASH') {
	if (ref($remsessconf->{'remote'}) eq 'HASH') {
	if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
	if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
	$result = 0;
	}
	}
	if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
	if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
	$result = 1;
	} else {
	$result = 0;
	}
	}
	}
	}
	}
	return $result;
	}

sub distro_and_arch {	sub distro_and_arch {
return $dist.':'.$arch;	return $dist.':'.$arch;
}	}
Line 8694 IO::File	Line 8924 IO::File
Apache::File	Apache::File
POSIX	POSIX
Crypt::IDEA	Crypt::IDEA
LWP::UserAgent()
GDBM_File	GDBM_File
Authen::Krb4	Authen::Krb4
Authen::Krb5	Authen::Krb5
Line 8776 is closed and the child exits.	Line 9005 is closed and the child exits.
=item Red CRITICAL Can't get key file <error>	=item Red CRITICAL Can't get key file <error>

SSL key negotiation is being attempted but the call to	SSL key negotiation is being attempted but the call to
lonssl::KeyFile failed. This usually means that the	lonssl::KeyFile failed. This usually means that the
configuration file is not correctly defining or protecting	configuration file is not correctly defining or protecting
the directories/files lonCertificateDirectory or	the directories/files lonCertificateDirectory or
lonnetPrivateKey	lonnetPrivateKey

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.535
changed lines
	Added in v.1.557