|
version 1.1449, 2021/04/29 17:45:23
|
version 1.1457, 2021/06/06 23:18:59
|
|
Line 97 use Digest::MD5;
|
Line 97 use Digest::MD5;
|
| use Math::Random; |
use Math::Random; |
| use File::MMagic; |
use File::MMagic; |
| use Net::CIDR; |
use Net::CIDR; |
| |
use Sys::Hostname::FQDN(); |
| use LONCAPA qw(:DEFAULT :match); |
use LONCAPA qw(:DEFAULT :match); |
| use LONCAPA::Configuration; |
use LONCAPA::Configuration; |
| use LONCAPA::lonmetadata; |
use LONCAPA::lonmetadata; |
|
Line 976 sub userload {
|
Line 977 sub userload {
|
| # ------------------------------ Find server with least workload from spare.tab |
# ------------------------------ Find server with least workload from spare.tab |
| |
|
| sub spareserver { |
sub spareserver { |
| my ($loadpercent,$userloadpercent,$want_server_name,$udom) = @_; |
my ($r,$loadpercent,$userloadpercent,$want_server_name,$udom) = @_; |
| my $spare_server; |
my $spare_server; |
| if ($userloadpercent !~ /\d/) { $userloadpercent=0; } |
if ($userloadpercent !~ /\d/) { $userloadpercent=0; } |
| my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent |
my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent |
|
Line 1021 sub spareserver {
|
Line 1022 sub spareserver {
|
| if ($protocol{$spare_server} eq 'https') { |
if ($protocol{$spare_server} eq 'https') { |
| $protocol = $protocol{$spare_server}; |
$protocol = $protocol{$spare_server}; |
| } |
} |
| |
my $alias = &Apache::lonnet::use_proxy_alias($r,$spare_server); |
| |
$hostname = $alias if ($alias ne ''); |
| $spare_server = $protocol.'://'.$hostname; |
$spare_server = $protocol.'://'.$hostname; |
| } |
} |
| } |
} |
|
Line 2851 sub retrieve_instcodes {
|
Line 2854 sub retrieve_instcodes {
|
| } |
} |
| |
|
| sub course_portal_url { |
sub course_portal_url { |
| my ($cnum,$cdom) = @_; |
my ($cnum,$cdom,$r) = @_; |
| my $chome = &homeserver($cnum,$cdom); |
my $chome = &homeserver($cnum,$cdom); |
| my $hostname = &hostname($chome); |
my $hostname = &hostname($chome); |
| my $protocol = $protocol{$chome}; |
my $protocol = $protocol{$chome}; |
|
Line 2861 sub course_portal_url {
|
Line 2864 sub course_portal_url {
|
| if ($domdefaults{'portal_def'}) { |
if ($domdefaults{'portal_def'}) { |
| $firsturl = $domdefaults{'portal_def'}; |
$firsturl = $domdefaults{'portal_def'}; |
| } else { |
} else { |
| |
my $alias = &Apache::lonnet::use_proxy_alias($r,$chome); |
| |
$hostname = $alias if ($alias ne ''); |
| $firsturl = $protocol.'://'.$hostname; |
$firsturl = $protocol.'://'.$hostname; |
| } |
} |
| return $firsturl; |
return $firsturl; |
|
Line 8238 sub allowed {
|
Line 8243 sub allowed {
|
| my $adom = $1; |
my $adom = $1; |
| foreach my $key (keys(%env)) { |
foreach my $key (keys(%env)) { |
| if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { |
if ($key =~ m{^user\.role\.(ca|aa)/\Q$adom\E}) { |
| my ($start,$end) = split('.',$env{$key}); |
my ($start,$end) = split(/\./,$env{$key}); |
| if (($now >= $start) && (!$end || $end < $now)) { |
if (($now >= $start) && (!$end || $end > $now)) { |
| $ownaccess = 1; |
$ownaccess = 1; |
| last; |
last; |
| } |
} |
|
Line 8251 sub allowed {
|
Line 8256 sub allowed {
|
| foreach my $role ('ca','aa') { |
foreach my $role ('ca','aa') { |
| if ($env{"user.role.$role./$adom/$aname"}) { |
if ($env{"user.role.$role./$adom/$aname"}) { |
| my ($start,$end) = |
my ($start,$end) = |
| split('.',$env{"user.role.$role./$adom/$aname"}); |
split(/\./,$env{"user.role.$role./$adom/$aname"}); |
| if (($now >= $start) && (!$end || $end < $now)) { |
if (($now >= $start) && (!$end || $end > $now)) { |
| $ownaccess = 1; |
$ownaccess = 1; |
| last; |
last; |
| } |
} |
|
Line 8526 sub allowed {
|
Line 8531 sub allowed {
|
| # |
# |
| |
|
| # Possibly locked functionality, check all courses |
# Possibly locked functionality, check all courses |
| |
# In roles.tab, L (unless locked) available for bre, pch, plc, pac and sma. |
| # Locks might take effect only after 10 minutes cache expiration for other |
# Locks might take effect only after 10 minutes cache expiration for other |
| # courses, and 2 minutes for current course |
# courses, and 2 minutes for current course, in which user has st or ta role |
| |
# which is neither expired nor a future role (unless current course). |
| |
|
| my $envkey; |
my ($needlockcheck,$now,$crsonly); |
| if ($thisallowed=~/L/) { |
if ($thisallowed=~/L/) { |
| foreach $envkey (keys(%env)) { |
$now = time; |
| |
if ($priv eq 'bre') { |
| |
if ($uri ne '') { |
| |
if ($orguri =~ m{^/+res/}) { |
| |
if ($uri =~ m{^lib/templates/}) { |
| |
if ($env{'request.course.id'}) { |
| |
$crsonly = 1; |
| |
$needlockcheck = 1; |
| |
} |
| |
} else { |
| |
$needlockcheck = 1; |
| |
} |
| |
} elsif ($env{'request.course.id'}) { |
| |
my ($crsdom,$crsnum) = split('_',$env{'request.course.id'}); |
| |
if (($uri =~ m{^(adm|uploaded|public)/$crsdom/$crsnum/}) || |
| |
($uri =~ m{^adm/$match_domain/$match_username/\d+/(smppg|bulletinboard)$})) { |
| |
$crsonly = 1; |
| |
} |
| |
$needlockcheck = 1; |
| |
} |
| |
} |
| |
} elsif (($priv eq 'pch') || ($priv eq 'plc') || ($priv eq 'pac') || ($priv eq 'sma')) { |
| |
$needlockcheck = 1; |
| |
} |
| |
} |
| |
if ($needlockcheck) { |
| |
foreach my $envkey (keys(%env)) { |
| if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { |
if ($envkey=~/^user\.role\.(st|ta)\.([^\.]*)/) { |
| my $courseid=$2; |
my $courseid=$2; |
| my $roleid=$1.'.'.$2; |
my $roleid=$1.'.'.$2; |
| $courseid=~s/^\///; |
$courseid=~s/^\///; |
| |
unless ($env{'request.role'} eq $roleid) { |
| |
my ($start,$end) = split(/\./,$env{$envkey}); |
| |
next unless (($now >= $start) && (!$end || $end > $now)); |
| |
} |
| my $expiretime=600; |
my $expiretime=600; |
| if ($env{'request.role'} eq $roleid) { |
if ($env{'request.role'} eq $roleid) { |
| $expiretime=120; |
$expiretime=120; |
|
Line 8558 sub allowed {
|
Line 8595 sub allowed {
|
| } |
} |
| if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) |
if (($env{$prefix.'priv.'.$priv.'.lock.sections'}=~/\,\Q$csec\E\,/) |
| || ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { |
|| ($env{$prefix.'priv.'.$priv.'.lock.sections'} eq 'all')) { |
| if ($env{'priv.'.$priv.'.lock.expire'}>time) { |
if ($env{$prefix.'priv.'.$priv.'.lock.expire'}>time) { |
| &log($env{'user.domain'},$env{'user.name'}, |
&log($env{'user.domain'},$env{'user.name'}, |
| $env{'user.home'}, |
$env{'user.home'}, |
| 'Locked by priv: '.$priv.' for '.$uri.' due to '. |
'Locked by priv: '.$priv.' for '.$uri.' due to '. |
|
Line 14453 sub ip_match {
|
Line 14490 sub ip_match {
|
| } |
} |
| |
|
| sub get_proxy_alias { |
sub get_proxy_alias { |
| my $lonhost = $perlvar{'lonHostID'}; |
my ($lonid) = @_; |
| if ($lonhost ne '') { |
if ($lonid eq '') { |
| my ($alias,$cached) = &is_cached_new('proxyalias',$lonhost); |
$lonid = $perlvar{'lonHostID'}; |
| |
} |
| |
if (!defined(&hostname($lonid))) { |
| |
return; |
| |
} |
| |
if ($lonid ne '') { |
| |
my ($alias,$cached) = &is_cached_new('proxyalias',$lonid); |
| if ($cached) { |
if ($cached) { |
| return $alias; |
return $alias; |
| } |
} |
| my $dom = &Apache::lonnet::host_domain($lonhost); |
my $dom = &Apache::lonnet::host_domain($lonid); |
| if ($dom ne '') { |
if ($dom ne '') { |
| my $cachetime = 60*60*24; |
my $cachetime = 60*60*24; |
| my %domconfig = |
my %domconfig = |
|
Line 14467 sub get_proxy_alias {
|
Line 14510 sub get_proxy_alias {
|
| my $alias; |
my $alias; |
| if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
| $alias = $domconfig{'wafproxy'}{'alias'}{$lonhost}; |
$alias = $domconfig{'wafproxy'}{'alias'}{$lonid}; |
| } |
} |
| } |
} |
| return &do_cache_new('proxyalias',$lonhost,$alias,$cachetime); |
return &do_cache_new('proxyalias',$lonid,$alias,$cachetime); |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub use_proxy_alias { |
| |
my ($r,$lonid) = @_; |
| |
my $alias = &get_proxy_alias($lonid); |
| |
if ($alias) { |
| |
my $dom = &host_domain($lonid); |
| |
if ($dom ne '') { |
| |
my $proxyinfo = &get_proxy_settings($dom ); |
| |
my ($vpnint,$remote_ip); |
| |
if (ref($proxyinfo) eq 'HASH') { |
| |
$vpnint = $proxyinfo->{'vpnint'}; |
| |
if ($vpnint) { |
| |
$remote_ip = &get_requestor_ip($r,1,1); |
| |
} |
| |
} |
| |
unless ($vpnint && &ip_match($remote_ip,$vpnint)) { |
| |
return $alias; |
| |
} |
| } |
} |
| } |
} |
| return; |
return; |
|
Line 14615 sub get_dns {
|
Line 14680 sub get_dns {
|
| } |
} |
| while (%alldns) { |
while (%alldns) { |
| my ($dns) = sort { $b cmp $a } keys(%alldns); |
my ($dns) = sort { $b cmp $a } keys(%alldns); |
| my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); |
my ($contents,@content); |
| my $response = &LONCAPA::LWPReq::makerequest('',$request,'',\%perlvar,30,0); |
if ($dns eq Sys::Hostname::FQDN::fqdn()) { |
| delete($alldns{$dns}); |
my $command = (split('/',$url))[3]; |
| next if ($response->is_error()); |
my ($dir,$file) = &parse_getdns_url($command,$url); |
| |
delete($alldns{$dns}); |
| |
next if (($dir eq '') || ($file eq '')); |
| |
if (open(my $config,'<',"$dir/$file")) { |
| |
@content = <$config>; |
| |
close($config); |
| |
} |
| |
if ($url eq '/adm/dns/loncapaCRL') { |
| |
$contents = join('',@content); |
| |
} |
| |
} else { |
| |
my $request=new HTTP::Request('GET',"$alldns{$dns}://$dns$url"); |
| |
my $response = &LONCAPA::LWPReq::makerequest('',$request,'',\%perlvar,30,0); |
| |
delete($alldns{$dns}); |
| |
next if ($response->is_error()); |
| |
if ($url eq '/adm/dns/loncapaCRL') { |
| |
$contents = $response->content; |
| |
} else { |
| |
@content = split("\n",$response->content); |
| |
} |
| |
} |
| if ($url eq '/adm/dns/loncapaCRL') { |
if ($url eq '/adm/dns/loncapaCRL') { |
| return &$func($response); |
return &$func($contents); |
| } else { |
} else { |
| my @content = split("\n",$response->content); |
|
| unless ($nocache) { |
unless ($nocache) { |
| &do_cache_new('dns',$url,\@content,30*24*60*60); |
&do_cache_new('dns',$url,\@content,30*24*60*60); |
| } |
} |
|
Line 14710 sub fetch_crl_pemfile {
|
Line 14794 sub fetch_crl_pemfile {
|
| } |
} |
| |
|
| sub save_crl_pem { |
sub save_crl_pem { |
| my ($response) = @_; |
my ($content) = @_; |
| my ($msg,$hadchanges); |
my ($msg,$hadchanges); |
| if (ref($response)) { |
if ($content ne '') { |
| my $now = time; |
my $now = time; |
| my $lonca = $perlvar{'lonCertificateDirectory'}.'/'.$perlvar{'lonnetCertificateAuthority'}; |
my $lonca = $perlvar{'lonCertificateDirectory'}.'/'.$perlvar{'lonnetCertificateAuthority'}; |
| my $tmpcrl = $tmpdir.'/'.$perlvar{'lonnetCertRevocationList'}.'_'.$now.'.'.$$.'.tmp'; |
my $tmpcrl = $tmpdir.'/'.$perlvar{'lonnetCertRevocationList'}.'_'.$now.'.'.$$.'.tmp'; |
| if (open(my $fh,'>',"$tmpcrl")) { |
if (open(my $fh,'>',"$tmpcrl")) { |
| print $fh $response->content; |
print $fh $content; |
| close($fh); |
close($fh); |
| if (-e $lonca) { |
if (-e $lonca) { |
| if (open(PIPE,"openssl crl -in $tmpcrl -inform pem -CAfile $lonca -noout 2>&1 |")) { |
if (open(PIPE,"openssl crl -in $tmpcrl -inform pem -CAfile $lonca -noout 2>&1 |")) { |
|
Line 14778 sub save_crl_pem {
|
Line 14862 sub save_crl_pem {
|
| return ($msg,$hadchanges); |
return ($msg,$hadchanges); |
| } |
} |
| |
|
| |
sub parse_getdns_url { |
| |
my ($command,$url) = @_; |
| |
my $dir = $perlvar{'lonTabDir'}; |
| |
my $file; |
| |
if ($command eq 'hosts') { |
| |
$file = 'dns_hosts.tab'; |
| |
} elsif ($command eq 'domain') { |
| |
$file = 'dns_domain.tab'; |
| |
} elsif ($command eq 'checksums') { |
| |
my $version = (split('/',$url))[4]; |
| |
$file = "dns_checksums/$version.tab", |
| |
} elsif ($command eq 'loncapaCRL') { |
| |
$dir = $perlvar{'lonCertificateDirectory'}; |
| |
$file = $perlvar{'lonnetCertRevocationList'}; |
| |
} |
| |
return ($dir,$file); |
| |
} |
| |
|
| # ------------------------------------------------------------ Read domain file |
# ------------------------------------------------------------ Read domain file |
| { |
{ |
| my $loaded; |
my $loaded; |
![[BACK]](/icons/back.gif){kind=icon}
Return to lonnet.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / lonnet / perl