--- loncom/lonnet/perl/lonnet.pm	2010/03/24 03:29:56	1.1056.2.1
+++ loncom/lonnet/perl/lonnet.pm	2010/09/24 03:35:42	1.1056.4.9
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1056.2.1 2010/03/24 03:29:56 raeburn Exp $
+# $Id: lonnet.pm,v 1.1056.4.9 2010/09/24 03:35:42 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -76,7 +76,7 @@ use HTTP::Date;
 use Image::Magick;
 
 use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir
-            $_64bit %env %protocol);
+            $_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease);
 
 my (%badServerCache, $memcache, %courselogs, %accesshash, %domainrolehash,
     %userrolehash, $processmarker, $dumpcount, %coursedombuf,
@@ -196,7 +196,7 @@ sub get_server_timezone {
 }
 
 sub get_server_loncaparev {
-    my ($dom,$lonhost) = @_;
+    my ($dom,$lonhost,$ignore_cache,$caller) = @_;
     if (defined($lonhost)) {
         if (!defined(&hostname($lonhost))) {
             undef($lonhost);
@@ -211,15 +211,74 @@ sub get_server_loncaparev {
         }
     }
     if (defined($lonhost)) {
-        my $cachetime = 24*3600;
-        my ($loncaparev,$cached)=&is_cached_new('serverloncaparev',$lonhost);
+        my $cachetime = 12*3600;
+        if (!$ignore_cache) {
+            my ($loncaparev,$cached)=&is_cached_new('serverloncaparev',$lonhost);
+            if (defined($cached)) {
+                return $loncaparev;
+            }
+        }
+        my ($answer,$loncaparev);
+        my @ids=&current_machine_ids();
+        if (grep(/^\Q$lonhost\E$/,@ids)) {
+            $answer = $perlvar{'lonVersion'};
+            if ($answer =~ /^[\'\"]?([\w.\-]+)[\'\"]?$/) {
+                $loncaparev = $1;
+            }
+        } else {
+            $answer = &reply('serverloncaparev',$lonhost);
+            if (($answer eq 'unknown_cmd') || ($answer eq 'con_lost')) {
+                if ($caller eq 'loncron') {
+                    my $ua=new LWP::UserAgent;
+                    $ua->timeout(4);
+                    my $protocol = $protocol{$lonhost};
+                    $protocol = 'http' if ($protocol ne 'https');
+                    my $url = $protocol.'://'.&hostname($lonhost).'/adm/about.html';
+                    my $request=new HTTP::Request('GET',$url);
+                    my $response=$ua->request($request);
+                    unless ($response->is_error()) {
+                        my $content = $response->content;
+                        if ($content =~ /<p>VERSION\:\s*([\w.\-]+)<\/p>/) {
+                            $loncaparev = $1;
+                        }
+                    }
+                } else {
+                    $loncaparev = $loncaparevs{$lonhost};
+                }
+            } elsif ($answer =~ /^[\'\"]?([\w.\-]+)[\'\"]?$/) {
+                $loncaparev = $1;
+            }
+        }
+        return &do_cache_new('serverloncaparev',$lonhost,$loncaparev,$cachetime);
+    }
+}
+
+sub get_server_homeID {
+    my ($hostname,$ignore_cache,$caller) = @_;
+    unless ($ignore_cache) {
+        my ($serverhomeID,$cached)=&is_cached_new('serverhomeID',$hostname);
         if (defined($cached)) {
-            return $loncaparev;
-        } else {
-            my $loncaparev = &reply('serverloncaparev',$lonhost);
-            return &do_cache_new('serverloncaparev',$lonhost,$loncaparev,$cachetime);
+            return $serverhomeID;
+        }
+    }
+    my $cachetime = 12*3600;
+    my $serverhomeID;
+    if ($caller eq 'loncron') {
+        my @machine_ids = &machine_ids($hostname);
+        foreach my $id (@machine_ids) {
+            my $response = &reply('serverhomeID',$id);
+            unless (($response eq 'unknown_cmd') || ($response eq 'con_lost')) {
+                $serverhomeID = $response;
+                last;
+            }
         }
+        if ($serverhomeID eq '') {
+            $serverhomeID = $machine_ids[-1];
+        }
+    } else {
+        $serverhomeID = $serverhomeIDs{$hostname};
     }
+    return &do_cache_new('serverhomeID',$hostname,$serverhomeID,$cachetime);
 }
 
 # -------------------------------------------------- Non-critical communication
@@ -697,8 +756,18 @@ sub spareserver {
     if ($userloadpercent !~ /\d/) { $userloadpercent=0; }
     my $lowest_load=($loadpercent > $userloadpercent) ? $loadpercent 
                                                      :  $userloadpercent;
-    
+    my ($uint_dom,$remotesessions);
+    if ($env{'user.domain'}) {
+        my $uprimary_id = &Apache::lonnet::domain($env{'user.domain'},'primary');
+        $uint_dom = &Apache::lonnet::internet_dom($uprimary_id);
+        my %udomdefaults = &Apache::lonnet::get_domain_defaults($env{'user.domain'});
+        $remotesessions = $udomdefaults{'remotesessions'};
+    }
     foreach my $try_server (@{ $spareid{'primary'} }) {
+        if ($uint_dom) {
+            next unless (&spare_can_host($env{'user.domain'},$uint_dom,
+                                         $remotesessions,$try_server));
+        }
 	($spare_server, $lowest_load) =
 	    &compare_server_load($try_server, $spare_server, $lowest_load);
     }
@@ -707,6 +776,10 @@ sub spareserver {
 
     if (!$found_server) {
 	foreach my $try_server (@{ $spareid{'default'} }) {
+            if ($uint_dom) {
+                next unless (&spare_can_host($env{'user.domain'},$uint_dom,
+                                             $remotesessions,$try_server));
+            }
 	    ($spare_server, $lowest_load) =
 		&compare_server_load($try_server, $spare_server, $lowest_load);
 	}
@@ -719,7 +792,7 @@ sub spareserver {
         }
         if (defined($spare_server)) {
             my $hostname = &hostname($spare_server);
-            if (defined($hostname)) {  
+            if (defined($hostname)) {
 	        $spare_server = $protocol.'://'.$hostname;
             }
         }
@@ -734,7 +807,7 @@ sub compare_server_load {
     my $userloadans = &reply('userload',$try_server);
 
     if ($loadans !~ /\d/ && $userloadans !~ /\d/) {
-	next; #didn't get a number from the server
+        return; #didn't get a number from the server
     }
 
     my $load;
@@ -777,6 +850,27 @@ sub has_user_session {
     return 0;
 }
 
+# --------- determine least loaded server in a user's domain which allows login
+
+sub choose_server {
+    my ($udom) = @_;
+    my %domconfhash = &Apache::loncommon::get_domainconf($udom);
+    my %servers = &get_servers($udom);
+    my $lowest_load = 30000;
+    my ($login_host,$hostname);
+    foreach my $lonhost (keys(%servers)) {
+        my $loginvia = $domconfhash{$udom.'.login.loginvia_'.$lonhost};
+        if ($loginvia eq '') {
+            ($login_host, $lowest_load) =
+            &compare_server_load($lonhost, $login_host, $lowest_load);
+        }
+    }
+    if ($login_host ne '') {
+        $hostname = $servers{$login_host};
+    }
+    return ($login_host,$hostname);
+}
+
 # --------------------------------------------- Try to change a user's password
 
 sub changepass {
@@ -835,7 +929,7 @@ sub queryauthenticate {
 # --------- Try to authenticate user from domain's lib servers (first this one)
 
 sub authenticate {
-    my ($uname,$upass,$udom,$checkdefauth)=@_;
+    my ($uname,$upass,$udom,$checkdefauth,$clientcancheckhost)=@_;
     $upass=&escape($upass);
     $uname= &LONCAPA::clean_username($uname);
     my $uhome=&homeserver($uname,$udom,1);
@@ -858,7 +952,7 @@ sub authenticate {
 	    return 'no_host';
         }
     }
-    my $answer=reply("encrypt:auth:$udom:$uname:$upass:$checkdefauth",$uhome);
+    my $answer=reply("encrypt:auth:$udom:$uname:$upass:$checkdefauth:$clientcancheckhost",$uhome);
     if ($answer eq 'authorized') {
         if ($newhome) {
             &logthis("User $uname at $udom authorized by $uhome, but needs account");
@@ -876,6 +970,84 @@ sub authenticate {
     return 'no_host';
 }
 
+sub can_host_session {
+    my ($udom,$lonhost,$remoterev,$remotesessions,$hostedsessions) = @_;
+    my $canhost = 1;
+    my $host_idn = &Apache::lonnet::internet_dom($lonhost);
+    if (ref($remotesessions) eq 'HASH') {
+        if (ref($remotesessions->{'excludedomain'}) eq 'ARRAY') {
+            if (grep(/^\Q$host_idn\E$/,@{$remotesessions->{'excludedomain'}})) {
+                $canhost = 0;
+            } else {
+                $canhost = 1;
+            }
+        }
+        if (ref($remotesessions->{'includedomain'}) eq 'ARRAY') {
+            if (grep(/^\Q$host_idn\E$/,@{$remotesessions->{'includedomain'}})) {
+                $canhost = 1;
+            } else {
+                $canhost = 0;
+            }
+        }
+        if ($canhost) {
+            if ($remotesessions->{'version'} ne '') {
+                my ($reqmajor,$reqminor) = ($remotesessions->{'version'} =~ /^(\d+)\.(\d+)$/);
+                if ($reqmajor ne '' && $reqminor ne '') {
+                    if ($remoterev =~ /^\'?(\d+)\.(\d+)/) {
+                        my $major = $1;
+                        my $minor = $2;
+                        if (($major < $reqmajor ) ||
+                            (($major == $reqmajor) && ($minor < $reqminor))) {
+                            $canhost = 0;
+                        }
+                    } else {
+                        $canhost = 0;
+                    }
+                }
+            }
+        }
+    }
+    if ($canhost) {
+        if (ref($hostedsessions) eq 'HASH') {
+            if (ref($hostedsessions->{'excludedomain'}) eq 'ARRAY') {
+                if (grep(/^\Q$udom\E$/,@{$hostedsessions->{'excludedomain'}})) {
+                    $canhost = 0;
+                } else {
+                    $canhost = 1;
+                }
+            }
+            if (ref($hostedsessions->{'includedomain'}) eq 'ARRAY') {
+                if (grep(/^\Q$udom\E$/,@{$hostedsessions->{'includedomain'}})) {
+                    $canhost = 1;
+                } else {
+                    $canhost = 0;
+                }
+            }
+        }
+    }
+    return $canhost;
+}
+
+sub spare_can_host {
+    my ($udom,$uint_dom,$remotesessions,$try_server)=@_;
+    my $canhost=1;
+    my @intdoms;
+    my $internet_names = &Apache::lonnet::get_internet_names($try_server);
+    if (ref($internet_names) eq 'ARRAY') {
+        @intdoms = @{$internet_names};
+    }
+    unless (grep(/^\Q$uint_dom\E$/,@intdoms)) {
+        my $serverhomeID = &Apache::lonnet::get_server_homeID($try_server);
+        my $serverhomedom = &Apache::lonnet::host_domain($serverhomeID);
+        my %defdomdefaults = &Apache::lonnet::get_domain_defaults($serverhomedom);
+        my $remoterev = &Apache::lonnet::get_server_loncaparev(undef,$try_server);
+        $canhost = &can_host_session($udom,$try_server,$remoterev,
+                                     $remotesessions,
+                                     $defdomdefaults{'hostedsessions'});
+    }
+    return $canhost;
+}
+
 # ---------------------- Find the homebase for a user from domain's lib servers
 
 my %homecache;
@@ -1352,7 +1524,7 @@ sub get_domain_defaults {
     my %domconfig =
          &Apache::lonnet::get_dom('configuration',['defaults','quotas',
                                   'requestcourses','inststatus',
-                                  'coursedefaults'],$domain);
+                                  'coursedefaults','usersessions'],$domain);
     if (ref($domconfig{'defaults'}) eq 'HASH') {
         $domdefaults{'lang_def'} = $domconfig{'defaults'}{'lang_def'}; 
         $domdefaults{'auth_def'} = $domconfig{'defaults'}{'auth_def'};
@@ -1392,6 +1564,14 @@ sub get_domain_defaults {
             $domdefaults{$item} = $domconfig{'coursedefaults'}{$item};
         }
     }
+    if (ref($domconfig{'usersessions'}) eq 'HASH') {
+        if (ref($domconfig{'usersessions'}{'remote'}) eq 'HASH') {
+            $domdefaults{'remotesessions'} = $domconfig{'usersessions'}{'remote'};
+        }
+        if (ref($domconfig{'usersessions'}{'hosted'}) eq 'HASH') {
+            $domdefaults{'hostedsessions'} = $domconfig{'usersessions'}{'hosted'};
+        }
+    }
     &Apache::lonnet::do_cache_new('domdefaults',$domain,\%domdefaults,
                                   $cachetime);
     return %domdefaults;
@@ -3059,7 +3239,7 @@ sub courseiddump {
     my ($domfilter,$descfilter,$sincefilter,$instcodefilter,$ownerfilter,
         $coursefilter,$hostidflag,$hostidref,$typefilter,$regexp_ok,
         $selfenrollonly,$catfilter,$showhidden,$caller,$cloner,$cc_clone,
-        $cloneonly,$createdbefore,$createdafter,$creationcontext)=@_;
+        $cloneonly,$createdbefore,$createdafter,$creationcontext,$domcloner)=@_;
     my $as_hash = 1;
     my %returnhash;
     if (!$domfilter) { $domfilter=''; }
@@ -3081,7 +3261,8 @@ sub courseiddump {
                          $showhidden.':'.$caller.':'.&escape($cloner).':'.
                          &escape($cc_clone).':'.$cloneonly.':'.
                          &escape($createdbefore).':'.&escape($createdafter).':'.
-                         &escape($creationcontext),$tryserver);
+                         &escape($creationcontext).':'.$domcloner,
+                         $tryserver);
                 my @pairs=split(/\&/,$rep);
                 foreach my $item (@pairs) {
                     my ($key,$value)=split(/\=/,$item,2);
@@ -3866,6 +4047,44 @@ sub coursedescription {
     return %returnhash;
 }
 
+sub update_released_required {
+    my ($needsrelease,$cdom,$cnum,$chome,$cid) = @_;
+    if ($cdom eq '' || $cnum eq '' || $chome eq '' || $cid eq '') {
+        $cid = $env{'request.course.id'};
+        $cdom = $env{'course.'.$cid.'.domain'};
+        $cnum = $env{'course.'.$cid.'.num'};
+        $chome = $env{'course.'.$cid.'.home'};
+    }
+    if ($needsrelease) {
+        my %curr_reqd_hash = &userenvironment($cdom,$cnum,'internal.releaserequired');
+        my $needsupdate;
+        if ($curr_reqd_hash{'internal.releaserequired'} eq '') {
+            $needsupdate = 1;
+        } else {
+            my ($currmajor,$currminor) = split(/\./,$curr_reqd_hash{'internal.releaserequired'});
+            my ($needsmajor,$needsminor) = split(/\./,$needsrelease);
+            if (($currmajor < $needsmajor) || ($currmajor == $needsmajor && $currminor < $needsminor)) {
+                $needsupdate = 1;
+            }
+        }
+        if ($needsupdate) {
+            my %needshash = (
+                             'internal.releaserequired' => $needsrelease,
+                            );
+            my $putresult = &put('environment',\%needshash,$cdom,$cnum);
+            if ($putresult eq 'ok') {
+                &appenv({'course.'.$cid.'.internal.releaserequired' => $needsrelease});
+                my %crsinfo = &courseiddump($cdom,'.',1,'.','.',$cnum,undef,undef,'.');
+                if (ref($crsinfo{$cid}) eq 'HASH') {
+                    $crsinfo{$cid}{'releaserequired'} = $needsrelease;
+                    &courseidput($cdom,\%crsinfo,$chome,'notime');
+                }
+            }
+        }
+    }
+    return;
+}
+
 # -------------------------------------------------See if a user is privileged
 
 sub privileged {
@@ -3905,9 +4124,10 @@ sub rolesinit {
     my ($domain,$username,$authhost)=@_;
     my $now=time;
     my %userroles = ('user.login.time' => $now);
-    my $rolesdump=reply("dump:$domain:$username:roles",$authhost);
+    my $extra = &freeze_escape({'clientcheckrole' => 1});
+    my $rolesdump=reply("dump:$domain:$username:roles:.::$extra",$authhost);
     if (($rolesdump eq 'con_lost') || ($rolesdump eq '') || 
-        ($rolesdump =~ /^error:/)) { 
+        ($rolesdump =~ /^error:/)) {
         return \%userroles;
     }
     my %allroles=();
@@ -4028,23 +4248,36 @@ sub standard_roleprivs {
 }
 
 sub set_userprivs {
-    my ($userroles,$allroles,$allgroups) = @_; 
+    my ($userroles,$allroles,$allgroups,$groups_roles) = @_; 
     my $author=0;
     my $adv=0;
     my %grouproles = ();
     if (keys(%{$allgroups}) > 0) {
+        my @groupkeys;
         foreach my $role (keys(%{$allroles})) {
-            my ($trole,$area,$sec,$extendedarea);
-            if ($role =~ m-^(\w+|cr/$match_domain/$match_username/\w+)\.(/$match_domain/$match_courseid)(/?\w*)\.-) {
-                $trole = $1;
-                $area = $2;
-                $sec = $3;
-                $extendedarea = $area.$sec;
-                if (exists($$allgroups{$area})) {
-                    foreach my $group (keys(%{$$allgroups{$area}})) {
-                        my $spec = $trole.'.'.$extendedarea;
-                        $grouproles{$spec.'.'.$area.'/'.$group} = 
+            push(@groupkeys,$role);
+        }
+        if (ref($groups_roles) eq 'HASH') {
+            foreach my $key (keys(%{$groups_roles})) {
+                unless (grep(/^\Q$key\E$/,@groupkeys)) {
+                    push(@groupkeys,$key);
+                }
+            }
+        }
+        if (@groupkeys > 0) {
+            foreach my $role (@groupkeys) {
+                my ($trole,$area,$sec,$extendedarea);
+                if ($role =~ m-^(\w+|cr/$match_domain/$match_username/\w+)\.(/$match_domain/$match_courseid)(/?\w*)\.-) {
+                    $trole = $1;
+                    $area = $2;
+                    $sec = $3;
+                    $extendedarea = $area.$sec;
+                    if (exists($$allgroups{$area})) {
+                        foreach my $group (keys(%{$$allgroups{$area}})) {
+                            my $spec = $trole.'.'.$extendedarea;
+                            $grouproles{$spec.'.'.$area.'/'.$group} = 
                                                 $$allgroups{$area}{$group};
+                        }
                     }
                 }
             }
@@ -4091,26 +4324,58 @@ sub role_status {
                 if ($$tstart<$now) {
                     if ($$tstart && $$tstart>$refresh) {
                         if (($$where ne '') && ($$role ne '')) {
-                            my (%allroles,%allgroups,$group_privs);
+                            my (%allroles,%allgroups,$group_privs,
+                                %groups_roles,@rolecodes);
                             my %userroles = (
                                 'user.role.'.$$role.'.'.$$where => $$tstart.'.'.$$tend
                             );
+                            @rolecodes = ('cm');
                             my $spec=$$role.'.'.$$where;
                             my ($tdummy,$tdomain,$trest)=split(/\//,$$where);
                             if ($$role =~ /^cr\//) {
                                 &custom_roleprivs(\%allroles,$$role,$tdomain,$trest,$spec,$$where);
+                                push(@rolecodes,'cr');
                             } elsif ($$role eq 'gr') {
+                                push(@rolecodes,$$role);
                                 my %rolehash = &get('roles',[$$where.'_'.$$role],$env{'user.domain'},
                                                     $env{'user.name'});
-                                my $trole = split('_',$rolehash{$$where.'_'.$$role},1);
+                                my ($trole) = split('_',$rolehash{$$where.'_'.$$role},2);
                                 (undef,my $group_privs) = split(/\//,$trole);
                                 $group_privs = &unescape($group_privs);
                                 &group_roleprivs(\%allgroups,$$where,$group_privs,$$tend,$$tstart);
+                                my %course_roles = &get_my_roles($env{'user.name'},$env{'user.domain'},'userroles',['active'],['cc','co','in','ta','ep','ad','st','cr'],[$tdomain],1);
+                                if (keys(%course_roles) > 0) {
+                                    my ($tnum) = ($trest =~ /^($match_courseid)/);
+                                    if ($tdomain ne '' && $tnum ne '') {
+                                        foreach my $key (keys(%course_roles)) {
+                                            if ($key =~ /^\Q$tnum\E:\Q$tdomain\E:([^:]+):?([^:]*)/) {
+                                                my $crsrole = $1;
+                                                my $crssec = $2;
+                                                if ($crsrole =~ /^cr/) {
+                                                    unless (grep(/^cr$/,@rolecodes)) {
+                                                        push(@rolecodes,'cr');
+                                                    }
+                                                } else {
+                                                    unless(grep(/^\Q$crsrole\E$/,@rolecodes)) {
+                                                        push(@rolecodes,$crsrole);
+                                                    }
+                                                }
+                                                my $rolekey = $crsrole.'./'.$tdomain.'/'.$tnum;
+                                                if ($crssec ne '') {
+                                                    $rolekey .= '/'.$crssec;
+                                                }
+                                                $rolekey .= './';
+                                                $groups_roles{$rolekey} = \@rolecodes;
+                                            }
+                                        }
+                                    }
+                                }
                             } else {
+                                push(@rolecodes,$$role);
                                 &standard_roleprivs(\%allroles,$$role,$tdomain,$spec,$trest,$$where);
                             }
-                            my ($author,$adv)= &set_userprivs(\%userroles,\%allroles,\%allgroups);
-                            &appenv(\%userroles,[$$role,'cm']);
+                            my ($author,$adv)= &set_userprivs(\%userroles,\%allroles,\%allgroups,\%groups_roles);
+                            &appenv(\%userroles,\@rolecodes);
                             &log($env{'user.domain'},$env{'user.name'},$env{'user.home'},"Role ".$role);
                         }
                     }
@@ -4624,7 +4889,7 @@ sub get_portfolio_access {
                 my (%allgroups,%allroles); 
                 my ($start,$end,$role,$sec,$group);
                 foreach my $envkey (%env) {
-                    if ($envkey =~ m-^user\.role\.(gr|cc|in|ta|ep|st)\./($match_domain)/($match_courseid)/?([^/]*)$-) {
+                    if ($envkey =~ m-^user\.role\.(gr|cc|co|in|ta|ep|ad|st)\./($match_domain)/($match_courseid)/?([^/]*)$-) {
                         my $cid = $2.'_'.$3; 
                         if ($1 eq 'gr') {
                             $group = $4;
@@ -4764,7 +5029,7 @@ sub is_portfolio_file {
 }
 
 sub usertools_access {
-    my ($uname,$udom,$tool,$action,$context) = @_;
+    my ($uname,$udom,$tool,$action,$context,$userenvref,$domdefref,$is_advref) = @_;
     my ($access,%tools);
     if ($context eq '') {
         $context = 'tools';
@@ -4806,9 +5071,14 @@ sub usertools_access {
         $toolstatus = $env{'environment.'.$context.'.'.$tool};
         $inststatus = $env{'environment.inststatus'};
     } else {
-        my %userenv = &userenvironment($udom,$uname,$context.'.'.$tool,'inststatus');
-        $toolstatus = $userenv{$context.'.'.$tool};
-        $inststatus = $userenv{'inststatus'};
+        if (ref($userenvref) eq 'HASH') {
+            $toolstatus = $userenvref->{$context.'.'.$tool};
+            $inststatus = $userenvref->{'inststatus'};
+        } else {
+            my %userenv = &userenvironment($udom,$uname,$context.'.'.$tool,'inststatus');
+            $toolstatus = $userenv{$context.'.'.$tool};
+            $inststatus = $userenv{'inststatus'};
+        }
     }
 
     if ($toolstatus ne '') {
@@ -4820,8 +5090,17 @@ sub usertools_access {
         return $access;
     }
 
-    my $is_adv = &is_advanced_user($udom,$uname);
-    my %domdef = &get_domain_defaults($udom);
+    my ($is_adv,%domdef);
+    if (ref($is_advref) eq 'HASH') {
+        $is_adv = $is_advref->{'is_adv'};
+    } else {
+        $is_adv = &is_advanced_user($udom,$uname);
+    }
+    if (ref($domdefref) eq 'HASH') {
+        %domdef = %{$domdefref};
+    } else {
+        %domdef = &get_domain_defaults($udom);
+    }
     if (ref($domdef{$tool}) eq 'HASH') {
         if ($is_adv) {
             if ($domdef{$tool}{'_LC_adv'} ne '') {
@@ -5617,8 +5896,7 @@ sub update_allusers_table {
                'generation='.&escape($names->{'generation'}).'%%'.
                'permanentemail='.&escape($names->{'permanentemail'}).'%%'.
                'id='.&escape($names->{'id'}),$homeserver);
-    my $reply = &get_query_reply($queryid);
-    return $reply;
+    return;
 }
 
 # ------- Request retrieval of institutional classlists for course(s)
@@ -5812,8 +6090,8 @@ sub auto_validate_instcode {
             $homeserver = &domain($cdom,'primary');
         }
     }
-    my $response=&unescape(&reply('autovalidateinstcode:'.$cdom.':'.
-                           &escape($instcode).':'.&escape($owner),$homeserver));
+    $response=&unescape(&reply('autovalidateinstcode:'.$cdom.':'.
+                        &escape($instcode).':'.&escape($owner),$homeserver));
     my ($outcome,$description) = map { &unescape($_); } split('&',$response,2);
     return ($outcome,$description);
 }
@@ -6535,12 +6813,16 @@ sub modifyuser {
     }
     &logthis('Call to modify user '.$udom.', '.$uname.', '.$uid.', '.
              $umode.', '.$first.', '.$middle.', '.
-	     $last.', '.$gene.'(forceid: '.$forceid.'; candelete: '.$showcandelete.')'.
+             $last.', '.$gene.'(forceid: '.$forceid.'; candelete: '.$showcandelete.')'.
              (defined($desiredhome) ? ' desiredhome = '.$desiredhome :
                                      ' desiredhome not specified'). 
              ' by '.$env{'user.name'}.' at '.$env{'user.domain'}.
              ' in domain '.$env{'request.role.domain'});
     my $uhome=&homeserver($uname,$udom,'true');
+    my $newuser;
+    if ($uhome eq 'no_host') {
+        $newuser = 1;
+    }
 # ----------------------------------------------------------------- Create User
     if (($uhome eq 'no_host') && 
 	(($umode && $upass) || ($umode eq 'localauth'))) {
@@ -6593,17 +6875,19 @@ sub modifyuser {
 		   ['firstname','middlename','lastname','generation','id',
                     'permanentemail','inststatus'],
 		   $udom,$uname);
-    my %names;
+    my (%names,%oldnames);
     if ($tmp[0] =~ m/^error:.*/) { 
         %names=(); 
     } else {
         %names = @tmp;
+        %oldnames = %names;
     }
 #
 # If name, email and/or uid are blank (e.g., because an uploaded file
 # of users did not contain them), do not overwrite existing values
-# unless field is in $candelete array ref.
+# unless field is in $candelete array ref.  
 #
+
     my @fields = ('firstname','middlename','lastname','generation',
                   'permanentemail','id');
     my %newvalues;
@@ -6616,7 +6900,7 @@ sub modifyuser {
                     $names{$field} = $middle;
                 } elsif ($field eq 'lastname') {
                     $names{$field} = $last;
-                } elsif ($field eq 'generation') {
+                } elsif ($field eq 'generation') { 
                     $names{$field} = $gene;
                 } elsif ($field eq 'permanentemail') {
                     $names{$field} = $email;
@@ -6626,7 +6910,6 @@ sub modifyuser {
             }
         }
     }
-
     if ($first)  { $names{'firstname'}  = $first; }
     if (defined($middle)) { $names{'middlename'} = $middle; }
     if ($last)   { $names{'lastname'}   = $last; }
@@ -6651,18 +6934,37 @@ sub modifyuser {
             }
         }
     }
-    my $reply = &put('environment', \%names, $udom,$uname);
-    if ($reply ne 'ok') { return 'error: '.$reply; }
-    my $sqlresult = &update_allusers_table($uname,$udom,\%names);
-    &devalidate_cache_new('namescache',$uname.':'.$udom);
-    my $logmsg = 'Success modifying user '.$udom.', '.$uname.', '.$uid.', '.
+    my $logmsg = $udom.', '.$uname.', '.$uid.', '.
                  $umode.', '.$first.', '.$middle.', '.
-	         $last.', '.$gene.', '.$email.', '.$inststatus;
+                 $last.', '.$gene.', '.$email.', '.$inststatus;
     if ($env{'user.name'} ne '' && $env{'user.domain'}) {
         $logmsg .= ' by '.$env{'user.name'}.' at '.$env{'user.domain'};
     } else {
         $logmsg .= ' during self creation';
     }
+    my $changed;
+    if ($newuser) {
+        $changed = 1;
+    } else {
+        foreach my $field (@fields) {
+            if ($names{$field} ne $oldnames{$field}) {
+                $changed = 1;
+                last;
+            }
+        }
+    }
+    unless ($changed) {
+        $logmsg = 'No changes in user information needed for: '.$logmsg;
+        &logthis($logmsg);
+        return 'ok';
+    }
+    my $reply = &put('environment', \%names, $udom,$uname);
+    if ($reply ne 'ok') {
+        return 'error: '.$reply;
+    }
+    my $sqlresult = &update_allusers_table($uname,$udom,\%names);
+    &devalidate_cache_new('namescache',$uname.':'.$udom);
+    $logmsg = 'Success modifying user '.$logmsg;
     &logthis($logmsg);
     return 'ok';
 }
@@ -8334,7 +8636,6 @@ sub metadata {
 			    }
 			}
 		    } else { 
-			
 			if (defined($token->[2]->{'name'})) { 
 			    $unikey.='_'.$token->[2]->{'name'}; 
 			}
@@ -9684,6 +9985,7 @@ sub get_dns {
     my %libserv;
     my $loaded;
     my %name_to_host;
+    my %internetdom;
 
     sub parse_hosts_tab {
 	my ($file) = @_;
@@ -9691,7 +9993,7 @@ sub get_dns {
 	    next if ($configline =~ /^(\#|\s*$ )/x);
 	    next if ($configline =~ /^\^/);
 	    chomp($configline);
-	    my ($id,$domain,$role,$name,$protocol)=split(/:/,$configline);
+	    my ($id,$domain,$role,$name,$protocol,$intdom)=split(/:/,$configline);
 	    $name=~s/\s//g;
 	    if ($id && $domain && $role && $name) {
 		$hostname{$id}=$name;
@@ -9707,6 +10009,9 @@ sub get_dns {
                 } else {
                     $protocol{$id} = 'http';
                 }
+                if (defined($intdom)) {
+                    $internetdom{$id} = $intdom;
+                }
 	    }
 	}
     }
@@ -9768,6 +10073,12 @@ sub get_dns {
 	return %libserv;
     }
 
+    sub unique_library {
+        #2x reverse removes all hostnames that appear more than once
+        my %unique = reverse &all_library();
+        return reverse %unique;
+    }
+
     sub get_servers {
 	&load_hosts_tab() if (!$loaded);
 
@@ -9791,6 +10102,11 @@ sub get_dns {
 	return %result;
     }
 
+    sub get_unique_servers {
+        my %unique = reverse &get_servers(@_);
+        return reverse %unique;
+    }
+
     sub host_domain {
 	&load_hosts_tab() if (!$loaded);
 
@@ -9805,6 +10121,13 @@ sub get_dns {
 	my @uniq = grep(!$seen{$_}++, values(%hostdom));
 	return @uniq;
     }
+
+    sub internet_dom {
+        &load_hosts_tab() if (!$loaded);
+
+        my ($lonid) = @_;
+        return $internetdom{$lonid};
+    }
 }
 
 { 
@@ -9922,6 +10245,40 @@ sub get_dns {
         return undef;
     }
 
+    sub get_internet_names {
+        my ($lonid) = @_;
+        return if ($lonid eq '');
+        my ($idnref,$cached)=
+            &Apache::lonnet::is_cached_new('internetnames',$lonid);
+        if ($cached) {
+            return $idnref;
+        }
+        my $ip = &get_host_ip($lonid);
+        my @hosts = &get_hosts_from_ip($ip);
+        my %iphost = &get_iphost();
+        my (@idns,%seen);
+        foreach my $id (@hosts) {
+            my $dom = &host_domain($id);
+            my $prim_id = &domain($dom,'primary');
+            my $prim_ip = &get_host_ip($prim_id);
+            next if ($seen{$prim_ip});
+            if (ref($iphost{$prim_ip}) eq 'ARRAY') {
+                foreach my $id (@{$iphost{$prim_ip}}) {
+                    my $intdom = &internet_dom($id);
+                    unless (grep(/^\Q$intdom\E$/,@idns)) {
+                        push(@idns,$intdom);
+                    }
+                }
+            }
+            $seen{$prim_ip} = 1;
+        }
+        return &Apache::lonnet::do_cache_new('internetnames',$lonid,\@idns,12*60*60);
+    }
+
+}
+
+sub all_loncaparevs {
+    return qw(1.1 1.2 1.3 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10);
 }
 
 BEGIN {
@@ -9999,6 +10356,53 @@ BEGIN {
     close($config);
 }
 
+# ---------------------------------------------------------- Read loncaparev table
+{
+    if (-e "$perlvar{'lonTabDir'}/loncaparevs.tab") {
+        if (open(my $config,"<$perlvar{'lonTabDir'}/loncaparevs.tab")) {
+            while (my $configline=<$config>) {
+                chomp($configline);
+                my ($hostid,$loncaparev)=split(/:/,$configline);
+                $loncaparevs{$hostid}=$loncaparev;
+            }
+            close($config);
+        }
+    }
+}
+
+# ---------------------------------------------------------- Read serverhostID table
+{
+    if (-e "$perlvar{'lonTabDir'}/serverhomeIDs.tab") {
+        if (open(my $config,"<$perlvar{'lonTabDir'}/serverhomeIDs.tab")) {
+            while (my $configline=<$config>) {
+                chomp($configline);
+                my ($name,$id)=split(/:/,$configline);
+                $serverhomeIDs{$name}=$id;
+            }
+            close($config);
+        }
+    }
+}
+
+{
+    my $file = $Apache::lonnet::perlvar{'lonTabDir'}.'/releaseslist.xml';
+    if (-e $file) {
+        my $parser = HTML::LCParser->new($file);
+        while (my $token = $parser->get_token()) {
+            if ($token->[0] eq 'S') {
+                my $item = $token->[1];
+                my $name = $token->[2]{'name'};
+                my $value = $token->[2]{'value'};
+                if ($item ne '' && $name ne '' && $value ne '') {
+                    my $release = $parser->get_text();
+                    $release =~ s/(^\s*|\s*$ )//gx;
+                    $needsrelease{$item.':'.$name.':'.$value} = $release;
+                }
+            }
+        }
+    }
+}
+
 # ------------- set up temporary directory
 {
     $tmpdir = $perlvar{'lonDaemons'}.'/tmp/';
@@ -10229,9 +10633,14 @@ authentication scheme
 
 =item *
 X<authenticate()>
-B<authenticate($uname,$upass,$udom)>: try to
+B<authenticate($uname,$upass,$udom,$checkdefauth,$clientcancheckhost)>: try to
 authenticate user from domain's lib servers (first use the current
 one). C<$upass> should be the users password.
+$checkdefauth is optional (value is 1 if a check should be made to
+   authenticate user using default authentication method, and allow
+   account creation if username does not have account in the domain).
+$clientcancheckhost is optional (value is 1 if checking whether the
+   server can host will occur on the client side in lonauth.pm).
 
 =item *
 X<homeserver()>
@@ -10359,7 +10768,7 @@ modifyuser($udom,$uname,$uid,$umode,$upa
 will update user information (firstname,middlename,lastname,generation,
 permanentemail), and if forceid is true, student/employee ID also.
 A user's institutional affiliation(s) can also be updated.
-User information fields will not be overwritten with empty entries
+User information fields will not be overwritten with empty entries 
 unless the field is included in the $candelete array reference.
 This array is included when a single user is modified via "Manage Users",
 or when Autoupdate.pl is run by cron in a domain.