--- loncom/lond	2003/10/08 20:37:48	1.155
+++ loncom/lond	2003/10/14 10:15:27	1.157
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.155 2003/10/08 20:37:48 albertel Exp $
+# $Id: lond,v 1.157 2003/10/14 10:15:27 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -85,7 +85,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.155 $'; #' stupid emacs
+my $VERSION='$Revision: 1.157 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -99,6 +99,7 @@ my $thisserver;
 my %hostid;
 my %hostdom;
 my %hostip;
+my %managers;			# If defined $managers{hostname} is a manager
 my %perlvar;			# Will have the apache conf defined perl vars.
 
 #
@@ -155,7 +156,37 @@ sub GetCertificate {
 
     return $clientip;
 }
+#
+#   ReadManagerTable: Reads in the current manager table. For now this is
+#                     done on each manager authentication because:
+#                     - These authentications are not frequent
+#                     - This allows dynamic changes to the manager table
+#                       without the need to signal to the lond.
+#
 
+sub ReadManagerTable {
+
+    #   Clean out the old table first..
+
+    foreach my $key (keys %managers) {
+	delete $managers{$key};
+    }
+
+    my $tablename = $perlvar{'lonTabDir'}."/managers.tab";
+    if (!open (MANAGERS, $tablename)) {
+	logthis('<font color="red">No manager table.  Nobody can manage!!</font>');
+	return;
+    }
+    while(my $host = <MANAGERS>) {
+	chomp($host);
+	if (!defined $hostip{$host}) {
+	    logthis('<font color="red"> manager '.$host.
+		    " not in hosts.tab, rejected as manager</font>");
+	} else {
+	    $managers{$host} = $hostip{$host}; # Whatever for now.
+	}
+    }
+}
 
 #
 #  ValidManager: Determines if a given certificate represents a valid manager.
@@ -167,14 +198,25 @@ sub GetCertificate {
 sub ValidManager {
     my $certificate = shift; 
 
-    my $hostentry   = $hostid{$certificate};
-    if ($hostentry ne undef) {
-	&logthis('<font color="yellow">Authenticating manager'.
-		 " $hostentry</font>");
-	return 1;
+    ReadManagerTable;
+
+    my $hostname   = $hostid{$certificate};
+
+
+    if ($hostname ne undef) {
+	if($managers{$hostname} ne undef) {
+	    &logthis('<font color="yellow">Authenticating manager'.
+		     " $hostname</font>");
+	    return 1;
+	} else {
+	    &logthis('<font color="red" failed manager authentication '.
+		     $hostname." is not a valid manager host</font>");
+	    return 0;
+	}
     } else {
 	&logthis('<font color="red"> Failed manager authentication '.
 		 "$certificate </font>");
+	return 0;
     }
 }
 #
@@ -226,7 +268,66 @@ sub CopyFile {
 	return 0;
     }
 }
-
+#
+#  Host files are passed out with externally visible host IPs.
+#  If, for example, we are behind a fire-wall or NAT host, our 
+#  internally visible IP may be different than the externally
+#  visible IP.  Therefore, we always adjust the contents of the
+#  host file so that the entry for ME is the IP that we believe
+#  we have.  At present, this is defined as the entry that
+#  DNS has for us.  If by some chance we are not able to get a
+#  DNS translation for us, then we assume that the host.tab file
+#  is correct.  
+#    BUGBUGBUG - in the future, we really should see if we can
+#       easily query the interface(s) instead.
+# Parameter(s):
+#     contents    - The contents of the host.tab to check.
+# Returns:
+#     newcontents - The adjusted contents.
+#
+#
+sub AdjustHostContents {
+    my $contents  = shift;
+    my $adjusted;
+    my $me        = $perlvar{'lonHostID'};
+
+    foreach my $line (split(/\n/,$contents)) {
+	if(!(($line eq "") || ($line =~ /^ *\#/) || ($line =~ /^ *$/))) {
+	    chomp($line);
+	    my ($id,$domain,$role,$name,$ip,$maxcon,$idleto,$mincon)=split(/:/,$line);
+	    if ($id eq $me) {
+		open(PIPE, " /usr/bin/host $name |") || die "Cant' make host pipeline";
+		my $hostinfo = <PIPE>;
+		close PIPE;
+		
+		my ($hostname, $has, $address, $ipnew) = split(/ /,$hostinfo);
+		&logthis('<font color="green">'.
+			 "hostname = $hostname me = $me, name = $name   actual ip = $ipnew </font>");
+		
+		if ($hostname eq $name) { # Lookup succeeded..
+		    &logthis('<font color="green"> look up ok <font>');
+		    $ip = $ipnew;
+		} else {
+		    &logthis('<font color="green"> Lookup failed: '
+			     .$hostname." ne $name </font>");
+		}
+		#  Reconstruct the host line and append to adjusted:
+		
+		my $newline = "$id:$domain:$role:$name:$ip";
+		if($maxcon ne "") { # Not all hosts have loncnew tuning params
+		    $newline .= ":$maxcon:$idleto:$mincon";
+		}
+		$adjusted .= $newline."\n";
+		
+	    } else {		# Not me, pass unmodified.
+		$adjusted .= $line."\n";
+	    }
+	} else {                  # Blank or comment never re-written.
+	    $adjusted .= $line."\n";	# Pass blanks and comments as is.
+	}
+    }
+    return $adjusted;
+}
 #
 #   InstallFile: Called to install an administrative file:
 #       - The file is created with <name>.tmp
@@ -319,6 +420,16 @@ sub PushFile {
     &logthis('<font color="green"> Pushfile: backed up '
 	    .$tablefile." to $backupfile</font>");
     
+    #  If the file being pushed is the host file, we adjust the entry for ourself so that the
+    #  IP will be our current IP as looked up in dns.  Note this is only 99% good as it's possible
+    #  to conceive of conditions where we don't have a DNS entry locally.  This is possible in a 
+    #  network sense but it doesn't make much sense in a LonCAPA sense so we ignore (for now)
+    #  that possibilty.
+
+    if($filename eq "host") {
+	$contents = AdjustHostContents($contents);
+    }
+
     #  Install the new file:
 
     if(!InstallFile($tablefile, $contents)) {