--- loncom/lond 2018/08/09 13:27:55 1.546
+++ loncom/lond 2018/12/03 13:20:21 1.553
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.546 2018/08/09 13:27:55 raeburn Exp $
+# $Id: lond,v 1.553 2018/12/03 13:20:21 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -65,7 +65,7 @@ my $DEBUG = 0; # Non zero to ena
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.546 $'; #' stupid emacs
+my $VERSION='$Revision: 1.553 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -176,6 +176,7 @@ my @installerrors = ("ok",
# shared ("Access to other domain's content by this domain")
# enroll ("Enrollment in this domain's courses by others")
# coaurem ("Co-author roles for this domain's users elsewhere")
+# othcoau ("Co-author roles in this domain for others")
# domroles ("Domain roles in this domain assignable to others")
# catalog ("Course Catalog for this domain displayed elsewhere")
# reqcrs ("Requests for creation of courses in this domain by others")
@@ -224,6 +225,7 @@ my %trust = (
dcmaildump => {remote => 1, domroles => 1},
dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},
+ delbalcookie => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},
@@ -234,7 +236,7 @@ my %trust = (
edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
egetdom => {remote => 1, domroles => 1, enroll => 1, },
- ekey => {}, #not used currently
+ ekey => {anywhere => 1},
exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},
get => {remote => 1, domroles => 1, enroll => 1},
@@ -299,9 +301,9 @@ my %trust = (
store => {remote => 1, enroll => 1, reqcrs => 1,},
studentphoto => {remote => 1, enroll => 1},
sub => {content => 1,},
- tmpdel => {anywhere => 1},
- tmpget => {anywhere => 1},
- tmpput => {anywhere => 1},
+ tmpdel => {institutiononly => 1},
+ tmpget => {institutiononly => 1},
+ tmpput => {remote => 1, othcoau => 1},
tokenauthuserfile => {anywhere => 1},
unsub => {content => 1,},
update => {shared => 1},
@@ -792,10 +794,17 @@ sub ConfigFileFromSelector {
my $selector = shift;
my $tablefile;
- my $tabledir = $perlvar{'lonTabDir'}.'/';
- if (($selector eq "hosts") || ($selector eq "domain") ||
- ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
- $tablefile = $tabledir.$selector.'.tab';
+ if ($selector eq 'loncapaCAcrl') {
+ my $tabledir = $perlvar{'lonCertificateDirectory'};
+ if (-d $tabledir) {
+ $tablefile = $tabledir.'/'.$selector.'.pem';
+ }
+ } else {
+ my $tabledir = $perlvar{'lonTabDir'}.'/';
+ if (($selector eq "hosts") || ($selector eq "domain") ||
+ ($selector eq "dns_hosts") || ($selector eq "dns_domain")) {
+ $tablefile = $tabledir.$selector.'.tab';
+ }
}
return $tablefile;
}
@@ -819,12 +828,13 @@ sub PushFile {
my ($command, $filename, $contents) = split(":", $request, 3);
&Debug("PushFile");
- # At this point in time, pushes for only the following tables are
- # supported:
+ # At this point in time, pushes for only the following tables and
+ # CRL file are supported:
# hosts.tab ($filename eq host).
# domain.tab ($filename eq domain).
# dns_hosts.tab ($filename eq dns_host).
# dns_domain.tab ($filename eq dns_domain).
+ # loncapaCAcrl.pem ($filename eq loncapaCAcrl);
# Construct the destination filename or reject the request.
#
# lonManage is supposed to ensure this, however this session could be
@@ -845,7 +855,8 @@ sub PushFile {
if($filename eq "host") {
$contents = AdjustHostContents($contents);
- } elsif ($filename eq 'dns_host' || $filename eq 'dns_domain') {
+ } elsif (($filename eq 'dns_host') || ($filename eq 'dns_domain') ||
+ ($filename eq 'loncapaCAcrl')) {
if ($contents eq '') {
&logthis(' Pushfile: unable to install '
.$tablefile." - no data received from push. ");
@@ -856,8 +867,13 @@ sub PushFile {
if ($managers{$clientip} eq $clientname) {
my $clientprotocol = $Apache::lonnet::protocol{$clientname};
$clientprotocol = 'http' if ($clientprotocol ne 'https');
- my $url = '/adm/'.$filename;
- $url =~ s{_}{/};
+ my $url;
+ if ($filename eq 'loncapaCAcrl') {
+ $url = '/adm/dns/loncapaCRL';
+ } else {
+ $url = '/adm/'.$filename;
+ $url =~ s{_}{/};
+ }
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
if ($response->is_error()) {
@@ -1895,6 +1911,14 @@ sub ls3_handler {
my $rights;
my $ulsout='';
my $ulsfn;
+
+ my ($crscheck,$toplevel,$currdom,$currnum,$skip);
+ unless ($islocal) {
+ my ($major,$minor) = split(/\./,$clientversion);
+ if (($major < 2) || ($major == 2 && $minor < 12)) {
+ $crscheck = 1;
+ }
+ }
if (-e $ulsdir) {
if(-d $ulsdir) {
unless (($getpropath) || ($getuserdir) ||
@@ -1904,8 +1928,26 @@ sub ls3_handler {
&Failure($client,"refused\n",$userinput);
return 1;
}
- if (opendir(LSDIR,$ulsdir)) {
+ if (($crscheck) &&
+ ($ulsdir =~ m{^/home/httpd/html/res/($LONCAPA::match_domain)(/?$|/$LONCAPA::match_courseid)})) {
+ ($currdom,my $posscnum) = ($1,$2);
+ if (($posscnum eq '') || ($posscnum eq '/')) {
+ $toplevel = 1;
+ } else {
+ $posscnum =~ s{^/+}{};
+ if (&LONCAPA::Lond::is_course($currdom,$posscnum)) {
+ $skip = 1;
+ }
+ }
+ }
+ if ((!$skip) && (opendir(LSDIR,$ulsdir))) {
while ($ulsfn=readdir(LSDIR)) {
+ if (($crscheck) && ($toplevel) && ($currdom ne '') &&
+ ($ulsfn =~ /^$LONCAPA::match_courseid$/) && (-d "$ulsdir/$ulsfn")) {
+ if (&LONCAPA::Lond::is_course($currdom,$ulsfn)) {
+ next;
+ }
+ }
undef($obs);
undef($rights);
my @ulsstats=stat($ulsdir.'/'.$ulsfn);
@@ -2083,8 +2125,8 @@ sub server_distarch_handler {
sub server_certs_handler {
my ($cmd,$tail,$client) = @_;
my $userinput = "$cmd:$tail";
- my $result;
- my $result = &LONCAPA::Lond::server_certs(\%perlvar);
+ my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
+ my $result = &LONCAPA::Lond::server_certs(\%perlvar,$perlvar{'lonHostID'},$hostname);
&Reply($client,\$result,$userinput);
return;
}
@@ -5481,6 +5523,58 @@ sub tmp_del_handler {
®ister_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
#
+# Process the delbalcookie command. This command deletes a balancer
+# cookie in the lonBalancedir directory created by switchserver
+#
+# Parameters:
+# $cmd - Command that got us here.
+# $cookie - Cookie to be deleted.
+# $client - socket open on the client process.
+#
+# Returns:
+# 1 - Indicating processing should continue.
+# Side Effects:
+# A cookie file is deleted from the lonBalancedir directory
+# A reply is sent to the client.
+sub del_balcookie_handler {
+ my ($cmd, $cookie, $client) = @_;
+
+ my $userinput= "$cmd:$cookie";
+
+ chomp($cookie);
+ my $deleted = '';
+ if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
+ my $execdir=$perlvar{'lonBalanceDir'};
+ if (-e "$execdir/$cookie.id") {
+ if (open(my $fh,'<',"$execdir/$cookie.id")) {
+ my $dodelete;
+ while (my $line = <$fh>) {
+ chomp($line);
+ if ($line eq $clientname) {
+ $dodelete = 1;
+ last;
+ }
+ }
+ close($fh);
+ if ($dodelete) {
+ if (unlink("$execdir/$cookie.id")) {
+ $deleted = 1;
+ }
+ }
+ }
+ }
+ }
+ if ($deleted) {
+ &Reply($client, "ok\n", $userinput);
+ } else {
+ &Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
+ "while attempting delbalcookie\n", $userinput);
+ }
+ return 1;
+}
+®ister_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);
+
+#
# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is
@@ -6870,8 +6964,8 @@ my $wwwid=getpwnam('www');
if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";
- system("echo 'User ID mismatch. lond must be run as user www.' |\
- mailto $emailto -s '$subj' > /dev/null");
+ system("echo 'User ID mismatch. lond must be run as user www.' |".
+ " mail -s '$subj' $emailto > /dev/null");
exit 1;
}
@@ -8896,7 +8990,7 @@ is closed and the child exits.
=item Red CRITICAL Can't get key file
SSL key negotiation is being attempted but the call to
-lonssl::KeyFile failed. This usually means that the
+lonssl::KeyFile failed. This usually means that the
configuration file is not correctly defining or protecting
the directories/files lonCertificateDirectory or
lonnetPrivateKey