--- loncom/LondConnection.pm 2009/10/29 03:23:52 1.47 +++ loncom/LondConnection.pm 2017/02/28 05:42:06 1.54 @@ -1,7 +1,7 @@ # This module defines and implements a class that represents # a connection to a lond daemon. # -# $Id: LondConnection.pm,v 1.47 2009/10/29 03:23:52 raeburn Exp $ +# $Id: LondConnection.pm,v 1.54 2017/02/28 05:42:06 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -40,10 +40,10 @@ use LONCAPA::lonlocal; use LONCAPA::lonssl; - - my $DebugLevel=0; my %perlvar; +my %secureconf; +my %hosttypes; my $InsecureOk; # @@ -70,8 +70,19 @@ sub ReadConfig { my $perlvarref = read_conf('loncapa.conf'); %perlvar = %{$perlvarref}; $ConfigRead = 1; - + $InsecureOk = $perlvar{loncAllowInsecure}; + + unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') { + Debug(1,"Failed to retrieve secureconf hash.\n"); + } + unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { + Debug(1,"Failed to retrieve hosttypes hash.\n"); + } +} + +sub ResetReadConfig { + $ConfigRead = 0; } sub Debug { @@ -189,7 +200,8 @@ sub new { LocalKeyFile => "", CipherKey => "", LondVersion => "Unknown", - Cipher => undef}; + Cipher => undef, + ClientData => undef}; bless($self, $class); unless ($self->{Socket} = IO::Socket::INET->new(PeerHost => $self->{Host}, PeerPort => $self->{Port}, @@ -200,6 +212,7 @@ sub new { return undef; # Inidicates the socket could not be made. } my $socket = $self->{Socket}; # For local use only. + $socket->sockopt(SO_KEEPALIVE, 1); # Turn on keepalive probes when idle. # If we are local, we'll first try local auth mode, otherwise, we'll try # the ssl auth mode: @@ -214,7 +227,15 @@ sub new { # allowed...else give up right away. if(!(defined $key) || !(defined $keyfile)) { - if($InsecureOk) { + my $canconnect = 0; + if (ref($secureconf{'connto'}) eq 'HASH') { + unless ($secureconf{'connto'}->{'dom'} eq 'req') { + $canconnect = 1; + } + } else { + $canconnect = $InsecureOk; + } + if ($canconnect) { $self->{AuthenticationMode} = "insecure"; $self->{TransactionRequest} = "init\n"; } @@ -238,19 +259,25 @@ sub new { my ($ca, $cert) = lonssl::CertificateFile; my $sslkeyfile = lonssl::KeyFile; - if((defined $ca) && (defined $cert) && (defined $sslkeyfile)) { - + my ($conntype,$gotconninfo); + if ((ref($secureconf{'connto'}) eq 'HASH') && + (exists($hosttypes{$lonid}))) { + $conntype = $secureconf{'connto'}{$hosttypes{$lonid}}; + if ($conntype ne '') { + $gotconninfo = 1; + } + } + if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile))) { $self->{AuthenticationMode} = "ssl"; $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; + } elsif (($gotconninfo && $conntype ne 'req') || (!$gotconninfo && $InsecureOk)) { + # Allowed to do insecure: + $self->{AuthenticationMode} = "insecure"; + $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; } else { - if($InsecureOk) { # Allowed to do insecure: - $self->{AuthenticationMode} = "insecure"; - $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; - } - else { # Not allowed to do insecure... - $socket->close; - return undef; - } + # Not allowed to do insecure... + $socket->close; + return undef; } } @@ -340,6 +367,11 @@ sub Readable { $self->Transition("Disconnected"); return -1; } + # If we actually got data, reset the timeout. + + if (length $data) { + $self->{TimeoutRemaining} = $self->{TimeoutValue}; # getting data resets the timeout period. + } # Append the data to the buffer. And figure out if the read is done: &Debug(9,"Received from host: ".$data); @@ -501,7 +533,6 @@ sub Readable { $self->{InformWritable} = 1; $self->{InformReadable} = 0; $self->{Timeoutable} = 1; - $self->{TimeoutRemaining} = $self->{TimeoutValue}; $self->Transition("SendingRequest"); return 0; } else { @@ -563,41 +594,42 @@ sub Writable { ($errno == POSIX::EAGAIN) || ($errno == POSIX::EINTR) || ($errno == 0)) { + $self->{TimeoutRemaining} = $self->{TimeoutValue}; substr($self->{TransactionRequest}, 0, $nwritten) = ""; # rmv written part - if(length $self->{TransactionRequest} == 0) { - $self->{InformWritable} = 0; - $self->{InformReadable} = 1; - $self->{TransactionReply} = ''; - # - # Figure out the next state: - # - if($self->{State} eq "Connected") { - $self->Transition("Initialized"); - } elsif($self->{State} eq "ChallengeReceived") { - $self->Transition("ChallengeReplied"); - } elsif($self->{State} eq "RequestingVersion") { - $self->Transition("ReadingVersionString"); - } elsif ($self->{State} eq "SetHost") { - $self->Transition("HostSet"); - } elsif($self->{State} eq "RequestingKey") { - $self->Transition("ReceivingKey"); + if(length $self->{TransactionRequest} == 0) { + $self->{InformWritable} = 0; + $self->{InformReadable} = 1; + $self->{TransactionReply} = ''; + # + # Figure out the next state: + # + if($self->{State} eq "Connected") { + $self->Transition("Initialized"); + } elsif($self->{State} eq "ChallengeReceived") { + $self->Transition("ChallengeReplied"); + } elsif($self->{State} eq "RequestingVersion") { + $self->Transition("ReadingVersionString"); + } elsif ($self->{State} eq "SetHost") { + $self->Transition("HostSet"); + } elsif($self->{State} eq "RequestingKey") { + $self->Transition("ReceivingKey"); # $self->{InformWritable} = 0; # $self->{InformReadable} = 1; # $self->{TransactionReply} = ''; - } elsif ($self->{State} eq "SendingRequest") { - $self->Transition("ReceivingReply"); - $self->{TimeoutRemaining} = $self->{TimeoutValue}; - } elsif ($self->{State} eq "Disconnected") { - return -1; - } - return 0; - } - } else { # The write failed (e.g. partner disconnected). - $self->Transition("Disconnected"); - $socket->close(); - return -1; - } - + } elsif ($self->{State} eq "SendingRequest") { + $self->Transition("ReceivingReply"); + $self->{TimeoutRemaining} = $self->{TimeoutValue}; + } elsif ($self->{State} eq "Disconnected") { + return -1; + } + return 0; + } + } else { # The write failed (e.g. partner disconnected). + $self->Transition("Disconnected"); + $socket->close(); + return -1; + } + } =pod @@ -744,6 +776,7 @@ sub Shutdown { $socket->shutdown(2); } } + $self->{Timeoutable} = 0; # Shutdown sockets can't timeout. } =pod @@ -1049,7 +1082,16 @@ sub ExchangeKeysViaSSL { # sub CompleteInsecure { my $self = shift; - if($InsecureOk) { + $self->{LoncapaHim}; + my ($conntype,$gotconninfo); + if ((ref($secureconf{'connto'}) eq 'HASH') && + (exists($hosttypes{$self->{LoncapaHim}}))) { + $conntype = $secureconf{'connto'}{$hosttypes{$self->{LoncapaHim}}}; + if ($conntype ne '') { + $gotconninfo = 1; + } + } + if ((($gotconninfo) && ($conntype ne 'req')) || (!$gotconninfo && $InsecureOk)) { $self->{AuthenticationMode} = "insecure"; &Debug(8," Transition out of Initialized:insecure"); $self->{TransactionRequest} = $self->{TransactionReply}; @@ -1137,6 +1179,21 @@ sub PeerVersion { return $version; } +# +# Manipulate the client data field +# +sub SetClientData { + my ($self, $newData) = @_; + $self->{ClientData} = $newData; +} +# +# Get the current client data field. +# +sub GetClientData { + my $self = shift; + return $self->{ClientData}; +} + 1; =pod