--- loncom/lonnet/perl/lonnet.pm 2020/12/18 15:23:03 1.1434 +++ loncom/lonnet/perl/lonnet.pm 2021/02/08 14:50:53 1.1442 @@ -1,7 +1,7 @@ # The LearningOnline Network # TCP networking package # -# $Id: lonnet.pm,v 1.1434 2020/12/18 15:23:03 raeburn Exp $ +# $Id: lonnet.pm,v 1.1442 2021/02/08 14:50:53 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -1445,6 +1445,15 @@ sub spare_can_host { $canhost = 0; } } + if ($canhost) { + if (ref($defdomdefaults{'offloadoth'}) eq 'HASH') { + if ($defdomdefaults{'offloadoth'}{$try_server}) { + unless (&shared_institution($udom,$try_server)) { + $canhost = 0; + } + } + } + } if (($canhost) && ($uint_dom)) { my @intdoms; my $internet_names = &get_internet_names($try_server); @@ -2155,10 +2164,19 @@ sub get_dom { } if ($udom && $uhome && ($uhome ne 'no_host')) { my $rep; - if ($namespace =~ /^enc/) { - $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); + if (grep { $_ eq $uhome } ¤t_machine_ids()) { + # domain information is hosted on this machine + my $cmd = 'getdom'; + if ($namespace =~ /^enc/) { + $cmd = 'egetdom'; + } + $rep = &LONCAPA::Lond::get_dom("$cmd:$udom:$namespace:$items"); } else { - $rep=&reply("getdom:$udom:$namespace:$items",$uhome); + if ($namespace =~ /^enc/) { + $rep=&reply("encrypt:egetdom:$udom:$namespace:$items",$uhome); + } else { + $rep=&reply("getdom:$udom:$namespace:$items",$uhome); + } } my %returnhash; if ($rep eq '' || $rep =~ /^error: 2 /) { @@ -2689,6 +2707,9 @@ sub get_domain_defaults { if (ref($domconfig{'usersessions'}{'offloadnow'}) eq 'HASH') { $domdefaults{'offloadnow'} = $domconfig{'usersessions'}{'offloadnow'}; } + if (ref($domconfig{'usersessions'}{'offloadoth'}) eq 'HASH') { + $domdefaults{'offloadoth'} = $domconfig{'usersessions'}{'offloadoth'}; + } } if (ref($domconfig{'selfenrollment'}) eq 'HASH') { if (ref($domconfig{'selfenrollment'}{'admin'}) eq 'HASH') { @@ -2757,7 +2778,7 @@ sub get_domain_defaults { } } if (ref($domconfig{'wafproxy'}) eq 'HASH') { - foreach my $item ('ipheader','trusted','exempt') { + foreach my $item ('ipheader','trusted','vpnint','vpnext') { if ($domconfig{'wafproxy'}{$item}) { $domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item}; } @@ -8082,7 +8103,7 @@ sub allowed { if (defined($env{'allowed.'.$priv})) { return $env{'allowed.'.$priv}; } # Free bre access to adm and meta resources - if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|ext\.tool)$})) + if (((($uri=~/^adm\//) && ($uri !~ m{/(?:smppg|bulletinboard|viewclasslist|aboutme|ext\.tool)$})) || (($uri=~/\.meta$/) && ($uri!~m|^uploaded/|) )) && ($priv eq 'bre')) { return 'F'; @@ -10332,7 +10353,7 @@ sub modifyuserauth { &log($udom,,$uname,$uhome, 'Authentication changed by '.$env{'user.domain'}.', '. $env{'user.name'}.', '.$umode. - '(Remote '.$ENV{'REMOTE_ADDR'}.'): '.$reply); + '(Remote '.$ip.'): '.$reply); unless ($reply eq 'ok') { &logthis('Authentication mode error: '.$reply); return 'error: '.$reply; @@ -12407,7 +12428,7 @@ sub EXT { } } elsif ($realm eq 'client') { if ($space eq 'remote_addr') { - return $ENV{'REMOTE_ADDR'}; + return &get_requestor_ip(); } } return ''; @@ -14217,9 +14238,12 @@ sub default_login_domain { } sub shared_institution { - my ($dom) = @_; + my ($dom,$lonhost) = @_; + if ($lonhost eq '') { + $lonhost = $perlvar{'lonHostID'}; + } my $same_intdom; - my $hostintdom = &internet_dom($perlvar{'lonHostID'}); + my $hostintdom = &internet_dom($lonhost); if ($hostintdom ne '') { my %iphost = &get_iphost(); my $primary_id = &domain($dom,'primary'); @@ -14288,8 +14312,8 @@ sub get_requestor_ip { my $dom_in_use = $Apache::lonnet::perlvar{'lonDefDomain'}; my $proxyinfo = &get_proxy_settings($dom_in_use); if ((ref($proxyinfo) eq 'HASH') && ($from_ip)) { - if ($proxyinfo->{'exempt'}) { - if (&ip_match($from_ip,$proxyinfo->{'exempt'})) { + if ($proxyinfo->{'vpnint'}) { + if (&ip_match($from_ip,$proxyinfo->{'vpnint'})) { return $from_ip; } } @@ -14309,10 +14333,10 @@ sub get_requestor_ip { $xfor = $ENV{'HTTP_X_FORWARDED_FOR'}; } if (($ip eq '') && ($xfor ne '')) { - my @ips = reverse(split(/\s*,\s*/,$xfor)); foreach my $poss_ip (reverse(split(/\s*,\s*/,$xfor))) { unless (&ip_match($poss_ip,$proxyinfo->{'trusted'})) { $ip = $poss_ip; + last; } } } @@ -14331,7 +14355,8 @@ sub get_proxy_settings { my $proxyinfo = { ipheader => $domdefaults{'waf_ipheader'}, trusted => $domdefaults{'waf_trusted'}, - exempt => $domdefaults{'waf_exempt'}, + vpnint => $domdefaults{'waf_vpnint'}, + vpnext => $domdefaults{'waf_vpnext'}, }; return $proxyinfo; } @@ -14356,11 +14381,11 @@ sub get_proxy_alias { if ($dom ne '') { my $cachetime = 60*60*24; my %domconfig = - &Apache::lonnet::get_dom('configuration',['proxy'],$dom); + &Apache::lonnet::get_dom('configuration',['wafproxy'],$dom); my $alias; - if (ref($domconfig{'proxy'}) eq 'HASH') { - if (ref($domconfig{'proxy'}{'alias'}) eq 'HASH') { - $alias = $domconfig{'proxy'}{'alias'}{$lonhost}; + if (ref($domconfig{'wafproxy'}) eq 'HASH') { + if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { + $alias = $domconfig{'wafproxy'}{'alias'}{$lonhost}; } } return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime);