--- loncom/interface/domainprefs.pm 2021/01/01 15:33:55 1.160.6.106
+++ loncom/interface/domainprefs.pm 2021/12/16 19:46:34 1.160.6.114
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.160.6.106 2021/01/01 15:33:55 raeburn Exp $
+# $Id: domainprefs.pm,v 1.160.6.114 2021/12/16 19:46:34 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -174,6 +174,7 @@ use File::Copy;
use Locale::Language;
use DateTime::TimeZone;
use DateTime::Locale;
+use Net::CIDR;
my $registered_cleanup;
my $modified_urls;
@@ -216,11 +217,12 @@ sub handler {
'contacts','defaults','scantron','coursecategories',
'serverstatuses','requestcourses','helpsettings',
'coursedefaults','usersessions','loadbalancing',
- 'requestauthor','selfenrollment','inststatus','passwords'],$dom);
- my @prefs_order = ('rolecolors','login','defaults','passwords','quotas','autoenroll',
- 'autoupdate','autocreate','directorysrch','contacts',
- 'usercreation','selfcreation','usermodification','scantron',
- 'requestcourses','requestauthor','coursecategories',
+ 'requestauthor','selfenrollment','inststatus',
+ 'passwords','wafproxy','ipaccess'],$dom);
+ my @prefs_order = ('rolecolors','login','ipaccess','defaults','wafproxy','passwords',
+ 'quotas','autoenroll','autoupdate','autocreate','directorysrch',
+ 'contacts','usercreation','selfcreation','usermodification',
+ 'scantron','requestcourses','requestauthor','coursecategories',
'serverstatuses','helpsettings','coursedefaults',
'selfenrollment','usersessions');
my %existing;
@@ -253,7 +255,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
},
@@ -267,6 +272,17 @@ sub handler {
print => \&print_defaults,
modify => \&modify_defaults,
},
+ 'wafproxy' =>
+ { text => 'Web Application Firewall/Reverse Proxy',
+ help => 'Domain_Configuration_WAF_Proxy',
+ header => [{col1 => 'Domain(s)',
+ col2 => 'Servers and WAF/Reverse Proxy alias(es)',
+ },
+ {col1 => 'Domain(s)',
+ col2 => 'WAF Configuration',}],
+ print => \&print_wafproxy,
+ modify => \&modify_wafproxy,
+ },
'passwords' =>
{ text => 'Passwords (Internal authentication)',
help => 'Domain_Configuration_Passwords',
@@ -335,6 +351,8 @@ sub handler {
col2 => 'Value',},
{col1 => 'Recipient(s) for notifications',
col2 => 'Value',},
+ {col1 => 'Nightly status check e-mail',
+ col2 => 'Settings',},
{col1 => 'Ask helpdesk form settings',
col2 => 'Value',},],
print => \&print_contacts,
@@ -488,6 +506,14 @@ sub handler {
print => \&print_loadbalancing,
modify => \&modify_loadbalancing,
},
+ 'ipaccess' =>
+ {text => 'IP-based access control',
+ help => 'Domain_Configuration_IP_Access',
+ header => [{col1 => 'Setting',
+ col2 => 'Value'},],
+ print => \&print_ipaccess,
+ modify => \&modify_ipaccess,
+ },
);
if (keys(%servers) > 1) {
$prefs{'login'} = { text => 'Log-in page options',
@@ -499,7 +525,10 @@ sub handler {
{col1 => 'Log-in Help',
col2 => 'Value'},
{col1 => 'Custom HTML in document head',
- col2 => 'Value'}],
+ col2 => 'Value'},
+ {col1 => 'SSO',
+ col2 => 'Dual login: SSO and non-SSO options'},
+ ],
print => \&print_login,
modify => \&modify_login,
};
@@ -540,6 +569,8 @@ $javascript_validations
$coursebrowserjs
END
+ } elsif (grep(/^ipaccess$/,@actions)) {
+ $js .= &Apache::loncommon::coursebrowser_javascript($env{'request.role.domain'});
}
if (grep(/^selfcreation$/,@actions)) {
$js .= &selfcreate_javascript();
@@ -672,6 +703,10 @@ sub process_changes {
$output = &modify_loadbalancing($dom,%domconfig);
} elsif ($action eq 'passwords') {
$output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig);
+ } elsif ($action eq 'wafproxy') {
+ $output = &modify_wafproxy($dom,$action,$lastactref,%domconfig);
+ } elsif ($action eq 'ipaccess') {
+ $output = &modify_ipaccess($dom,$lastactref,%domconfig);
}
return $output;
}
@@ -702,11 +737,19 @@ sub print_config_box {
$output =
&Apache::lonuserutils::custom_roledefs_js($context,$crstype,$formname,\%full,
\@templateroles);
+ } elsif ($action eq 'wafproxy') {
+ $output .= &wafproxy_javascript($dom);
+ } elsif ($action eq 'autoupdate') {
+ $output .= &autoupdate_javascript();
+ } elsif ($action eq 'login') {
+ $output .= &saml_javascript();
+ } elsif ($action eq 'ipaccess') {
+ $output .= &ipaccess_javascript($settings);
}
$output .=
'
- '.
+ '.
&mt($item->{text}).' '.
&Apache::loncommon::help_open_topic($item->{'help'}).' ';
@@ -721,7 +764,7 @@ sub print_config_box {
my $leftnobr = '';
if (($action eq 'rolecolors') || ($action eq 'defaults') ||
($action eq 'directorysrch') ||
- (($action eq 'login') && ($numheaders < 4))) {
+ (($action eq 'login') && ($numheaders < 5))) {
$colspan = ' colspan="2"';
}
if ($action eq 'usersessions') {
@@ -742,7 +785,7 @@ sub print_config_box {
if (($action eq 'autoupdate') || ($action eq 'usercreation') || ($action eq 'selfcreation') ||
($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') ||
($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'directorysrch') ||
- ($action eq 'helpsettings') || ($action eq 'contacts')) {
+ ($action eq 'helpsettings') || ($action eq 'contacts') || ($action eq 'wafproxy')) {
$output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal);
} elsif ($action eq 'passwords') {
$output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal);
@@ -751,7 +794,7 @@ sub print_config_box {
} elsif ($action eq 'scantron') {
$output .= $item->{'print'}->($r,'top',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$colspan = ' colspan="2"';
$output .= &print_login('service',$dom,$confname,$phase,$settings,\$rowtotal);
} else {
@@ -794,13 +837,18 @@ sub print_config_box {
- '.&mt($item->{'header'}->[2]->{'col1'}).'
+ '.&mt($item->{'header'}->[2]->{'col1'}).'
'.&mt($item->{'header'}->[2]->{'col2'}).'
'."\n";
if ($action eq 'coursecategories') {
$output .= &print_coursecategories('bottom',$dom,$item,$settings,\$rowtotal);
- } elsif ($action eq 'passwords') {
- $output .= $item->{'print'}->('lower',$dom,$confname,$settings,\$rowtotal).'
+ } elsif (($action eq 'contacts') || ($action eq 'passwords')) {
+ if ($action eq 'passwords') {
+ $output .= $item->{'print'}->('lower',$dom,$confname,$settings,\$rowtotal);
+ } else {
+ $output .= $item->{'print'}->('lower',$dom,$settings,\$rowtotal);
+ }
+ $output .= '
@@ -809,9 +857,14 @@ sub print_config_box {
- '.&mt($item->{'header'}->[3]->{'col1'}).'
- '.&mt($item->{'header'}->[3]->{'col2'}).' '."\n".
- $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal).'
+ '.&mt($item->{'header'}->[3]->{'col1'}).'
+ '.&mt($item->{'header'}->[3]->{'col2'}).' '."\n";
+ if ($action eq 'passwords') {
+ $output .= $item->{'print'}->('bottom',$dom,$confname,$settings,\$rowtotal);
+ } else {
+ $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
+ }
+ $output .= '
@@ -822,12 +875,12 @@ sub print_config_box {
$rowtotal ++;
} elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') ||
($action eq 'defaults') || ($action eq 'directorysrch') ||
- ($action eq 'helpsettings')) {
+ ($action eq 'helpsettings') || ($action eq 'wafproxy')) {
$output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal);
} elsif ($action eq 'scantron') {
$output .= $item->{'print'}->($r,'bottom',$dom,$confname,$settings,\$rowtotal);
} elsif ($action eq 'login') {
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= &print_login('page',$dom,$confname,$phase,$settings,\$rowtotal).'
@@ -851,7 +904,7 @@ sub print_config_box {
';
- if ($numheaders == 4) {
+ if ($numheaders == 5) {
$output .= '
'.&mt($item->{'header'}->[3]->{'col1'}).'
'.&mt($item->{'header'}->[3]->{'col2'}).'
@@ -863,7 +916,27 @@ sub print_config_box {
';
}
$rowtotal ++;
- $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal);
+ $output .= &print_login('headtag',$dom,$confname,$phase,$settings,\$rowtotal).'
+
+
+
+
+
+
+ ';
+ if ($numheaders == 5) {
+ $output .= '
+ '.&mt($item->{'header'}->[4]->{'col1'}).'
+ '.&mt($item->{'header'}->[4]->{'col2'}).'
+ ';
+ } else {
+ $output .= '
+ '.&mt($item->{'header'}->[3]->{'col1'}).'
+ '.&mt($item->{'header'}->[3]->{'col2'}).'
+ ';
+ }
+ $rowtotal ++;
+ $output .= &print_login('saml',$dom,$confname,$phase,$settings,\$rowtotal);
} elsif ($action eq 'requestcourses') {
$output .= &print_requestmail($dom,$action,$settings,\$rowtotal);
$rowtotal ++;
@@ -982,7 +1055,8 @@ sub print_config_box {
if ($action eq 'quotas') {
$output .= &print_quotas($dom,$settings,\$rowtotal,$action);
} elsif (($action eq 'autoenroll') || ($action eq 'autocreate') ||
- ($action eq 'serverstatuses') || ($action eq 'loadbalancing')) {
+ ($action eq 'serverstatuses') || ($action eq 'loadbalancing') ||
+ ($action eq 'ipaccess')) {
$output .= $item->{'print'}->($dom,$settings,\$rowtotal);
}
}
@@ -996,8 +1070,12 @@ sub print_config_box {
sub print_login {
my ($caller,$dom,$confname,$phase,$settings,$rowtotal) = @_;
- my ($css_class,$datatable);
+ my ($css_class,$datatable,$switchserver,%lt);
my %choices = &login_choices();
+ if (($caller eq 'help') || ($caller eq 'headtag') || ($caller eq 'saml')) {
+ %lt = &login_file_options();
+ $switchserver = &check_switchserver($dom,$confname);
+ }
if ($caller eq 'service') {
my %servers = &Apache::lonnet::internet_dom_servers($dom);
@@ -1192,18 +1270,10 @@ sub print_login {
$datatable .= &display_color_options($dom,$confname,$phase,'login',$itemcount,\%choices,\%is_custom,\%defaults,\%designs,\@images,\@bgs,\@links,\%alt_text,$rowtotal,\@logintext);
$datatable .= '
';
} elsif ($caller eq 'help') {
- my ($defaulturl,$defaulttype,%url,%type,%lt,%langchoices);
- my $switchserver = &check_switchserver($dom,$confname);
+ my ($defaulturl,$defaulttype,%url,%type,%langchoices);
my $itemcount = 1;
$defaulturl = '/adm/loginproblems.html';
$defaulttype = 'default';
- %lt = &Apache::lonlocal::texthash (
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- default => 'Default',
- custom => 'Custom',
- );
%langchoices = &Apache::lonlocal::texthash(&get_languages_hash());
my @currlangs;
if (ref($settings) eq 'HASH') {
@@ -1300,14 +1370,6 @@ sub print_login {
}
}
}
- my %lt = &Apache::lonlocal::texthash(
- del => 'Delete?',
- rep => 'Replace:',
- upl => 'Upload:',
- curr => 'View contents',
- none => 'None',
- );
- my $switchserver = &check_switchserver($dom,$confname);
foreach my $lonhost (sort(keys(%domservers))) {
my $exempt = &check_exempt_addresses($currexempt{$lonhost});
$datatable .= ''.$domservers{$lonhost}.' ';
@@ -1331,6 +1393,88 @@ sub print_login {
$datatable .= ''.
+ ' '
+ .'';
+ for (my $k=0; $k<=$maxnum; $k++) {
+ my $vpos = $k+1;
+ my $selstr;
+ if ($k == $i) {
+ $selstr = ' selected="selected" ';
+ }
+ $datatable .= ''.$vpos.' ';
+ }
+ $datatable .= ' '.(' 'x2).
+ ' '."\n".
+ '';
+ for (my $k=0; $k<$maxnum+1; $k++) {
+ my $vpos = $k+1;
+ my $selstr;
+ if ($k == $maxnum) {
+ $selstr = ' selected="selected" ';
+ }
+ $datatable .= ''.$vpos.' ';
+ }
+ $datatable .= ' '."\n".
+ ' '.
+ &ipaccess_options('add',$itemcount,$dom).
+ ' '."\n".
+ ''.&mt('Location(s)').' '.
+ ''.&mt('Name').': '.
+ ' '.&mt('IP Range(s)').' '.
+ &mt('Format for each IP range').': '.&mt('A.B.C.D/N or A.B.C.D-E.F.G.H').''.&mt('Functionality Blocked?').' '.
+ &blocker_checkboxes($num,$blocksref).''.&mt('Courses/Communities allowed').' '.
+ ''."\n".
+ ''.&mt('Thumbnail:');
if ($image) {
- $datatable .= ''.
- $imgsrc.
+ $datatable .= $imgsrc.
' '.
' '.&mt('Replace:').' ';
@@ -2498,6 +2832,266 @@ $jstext{'templates'};
ENDSCRIPT
}
+sub wafproxy_javascript {
+ my ($dom) = @_;
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
+sub autoupdate_javascript {
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
+sub saml_javascript {
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
+sub ipaccess_javascript {
+ my ($settings) = @_;
+ my (%ordered,$total,%jstext);
+ $total = 0;
+ if (ref($settings) eq 'HASH') {
+ foreach my $item (keys(%{$settings})) {
+ if (ref($settings->{$item}) eq 'HASH') {
+ my $num = $settings->{$item}{'order'};
+ $ordered{$num} = $item;
+ }
+ }
+ $total = scalar(keys(%{$settings}));
+ }
+ my @jsarray = ();
+ foreach my $item (sort {$a <=> $b } (keys(%ordered))) {
+ push(@jsarray,$ordered{$item});
+ }
+ my $jstext = ' var ipaccess = Array('."'".join("','",@jsarray)."'".');'."\n";
+ return <<"ENDSCRIPT";
+
+
+ENDSCRIPT
+}
+
sub print_autoenroll {
my ($dom,$settings,$rowtotal) = @_;
my $autorun = &Apache::lonnet::auto_run(undef,$dom),
@@ -2584,42 +3178,69 @@ sub print_autoenroll {
sub print_autoupdate {
my ($position,$dom,$settings,$rowtotal) = @_;
- my $datatable;
+ my ($enable,$datatable);
if ($position eq 'top') {
+ my %choices = &Apache::lonlocal::texthash (
+ run => 'Auto-update active?',
+ classlists => 'Update information in classlists?',
+ unexpired => 'Skip updates for users without active or future roles?',
+ lastactive => 'Skip updates for inactive users?',
+ );
+ my $itemcount = 0;
my $updateon = ' ';
my $updateoff = ' checked="checked" ';
- my $classlistson = ' ';
- my $classlistsoff = ' checked="checked" ';
if (ref($settings) eq 'HASH') {
if ($settings->{'run'} eq '1') {
$updateon = $updateoff;
$updateoff = ' ';
}
- if ($settings->{'classlists'} eq '1') {
- $classlistson = $classlistsoff;
- $classlistsoff = ' ';
- }
}
- my %title = (
- run => 'Auto-update active?',
- classlists => 'Update information in classlists?',
- );
- $datatable = ''.
- ''.&mt($title{'run'}).' '.
- ''.
+ $enable = ''.
+ ''.&mt($choices{'run'}).' '.
+ ''.
' '.
+ $updateoff.'value="0" />'.&mt('No').' '.
' '.
- ''.&mt($title{'classlists'}).' '.
- ''.
- ' ';
- $$rowtotal += 2;
+ my @toggles = ('classlists','unexpired');
+ my %defaultchecked = ('classlists' => 'off',
+ 'unexpired' => 'off'
+ );
+ $$rowtotal ++;
+ ($datatable,$itemcount) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked,
+ \%choices,$itemcount,'','','left','no');
+ $datatable = $enable.$datatable;
+ $$rowtotal += $itemcount;
+ my $lastactiveon = ' ';
+ my $lastactiveoff = ' checked="checked" ';
+ my $lastactivestyle = 'none';
+ my $lastactivedays;
+ my $onclick = ' onclick="javascript:toggleLastActiveDays(this.form);"';
+ if (ref($settings) eq 'HASH') {
+ if ($settings->{'lastactive'} =~ /^\d+$/) {
+ $lastactiveon = $lastactiveoff;
+ $lastactiveoff = ' ';
+ $lastactivestyle = 'inline-block';
+ $lastactivedays = $settings->{'lastactive'};
+ }
+ }
+ my $css_class = $itemcount%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ ''.$choices{'lastactive'}.' '.
+ ''.
+ ' '.
+ ' '.
+ ' '.
+ ''.
+ ': '.&mt('inactive = no activity in last [_1] days',
+ '
';
+ $$rowtotal ++;
} elsif ($position eq 'middle') {
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
my $numinrow = 3;
@@ -2859,7 +3480,7 @@ sub print_contacts {
my $datatable;
my @contacts = ('adminemail','supportemail');
my (%checked,%to,%otheremails,%bccemails,%includestr,%includeloc,%currfield,
- $maxsize,$fields,$fieldtitles,$fieldoptions,$possoptions,@mailings);
+ $maxsize,$fields,$fieldtitles,$fieldoptions,$possoptions,@mailings,%lonstatus);
if ($position eq 'top') {
if (ref($settings) eq 'HASH') {
foreach my $item (@contacts) {
@@ -2874,6 +3495,12 @@ sub print_contacts {
foreach my $type (@mailings) {
$otheremails{$type} = '';
}
+ } elsif ($position eq 'lower') {
+ if (ref($settings) eq 'HASH') {
+ if (ref($settings->{'lonstatus'}) eq 'HASH') {
+ %lonstatus = %{$settings->{'lonstatus'}};
+ }
+ }
} else {
@mailings = ('helpdeskmail','otherdomsmail');
foreach my $type (@mailings) {
@@ -2886,7 +3513,7 @@ sub print_contacts {
($fields,$fieldtitles,$fieldoptions,$possoptions) = &helpform_fields();
}
if (ref($settings) eq 'HASH') {
- unless ($position eq 'top') {
+ unless (($position eq 'top') || ($position eq 'lower')) {
foreach my $type (@mailings) {
if (exists($settings->{$type})) {
if (ref($settings->{$type}) eq 'HASH') {
@@ -3019,7 +3646,7 @@ sub print_contacts {
$datatable .= ''."\n";
$rownum ++;
}
- unless ($position eq 'top') {
+ unless (($position eq 'top') || ($position eq 'lower')) {
foreach my $type (@mailings) {
$css_class = $rownum%2?' class="LC_odd_row"':'';
$datatable .= ''.
@@ -3066,18 +3693,104 @@ sub print_contacts {
}
if ($position eq 'middle') {
my %choices;
- $choices{'reporterrors'} = &mt('E-mail error reports to [_1]',
- &Apache::loncommon::modal_link('http://loncapa.org/core.html',
- &mt('LON-CAPA core group - MSU'),600,500));
+ my $corelink = &core_link_msu();
+ $choices{'reporterrors'} = &mt('E-mail error reports to [_1]',$corelink);
$choices{'reportupdates'} = &mt('E-mail record of completed LON-CAPA updates to [_1]',
- &Apache::loncommon::modal_link('http://loncapa.org/core.html',
- &mt('LON-CAPA core group - MSU'),600,500));
- my @toggles = ('reporterrors','reportupdates');
+ $corelink);
+ $choices{'reportstatus'} = &mt('E-mail status if errors above threshold to [_1]',$corelink);
+ my @toggles = ('reporterrors','reportupdates','reportstatus');
my %defaultchecked = ('reporterrors' => 'on',
- 'reportupdates' => 'on');
+ 'reportupdates' => 'on',
+ 'reportstatus' => 'on');
(my $reports,$rownum) = &radiobutton_prefs($settings,\@toggles,\%defaultchecked,
\%choices,$rownum);
$datatable .= $reports;
+ } elsif ($position eq 'lower') {
+ my (%current,%excluded,%weights);
+ my ($defaults,$names) = &Apache::loncommon::lon_status_items();
+ if ($lonstatus{'threshold'} =~ /^\d+$/) {
+ $current{'errorthreshold'} = $lonstatus{'threshold'};
+ } else {
+ $current{'errorthreshold'} = $defaults->{'threshold'};
+ }
+ if ($lonstatus{'sysmail'} =~ /^\d+$/) {
+ $current{'errorsysmail'} = $lonstatus{'sysmail'};
+ } else {
+ $current{'errorsysmail'} = $defaults->{'sysmail'};
+ }
+ if (ref($lonstatus{'weights'}) eq 'HASH') {
+ foreach my $type ('E','W','N','U') {
+ if ($lonstatus{'weights'}{$type} =~ /^\d+$/) {
+ $weights{$type} = $lonstatus{'weights'}{$type};
+ } else {
+ $weights{$type} = $defaults->{$type};
+ }
+ }
+ } else {
+ foreach my $type ('E','W','N','U') {
+ $weights{$type} = $defaults->{$type};
+ }
+ }
+ if (ref($lonstatus{'excluded'}) eq 'ARRAY') {
+ if (@{$lonstatus{'excluded'}} > 0) {
+ map {$excluded{$_} = 1; } @{$lonstatus{'excluded'}};
+ }
+ }
+ foreach my $item ('errorthreshold','errorsysmail') {
+ $css_class = $rownum%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ ''.
+ $titles->{$item}.
+ ' '.
+ ' ';
+ $rownum ++;
+ }
+ $css_class = $rownum%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ ''.
+ ''.$titles->{'errorweights'}.
+ ' ';
+ $rownum ++;
+ $css_class = $rownum%2?' class="LC_odd_row"':'';
+ $datatable .= ''.
+ $titles->{'errorexcluded'}.' '.
+ '';
}
- $datatable .=
- ''.
+ $datatable .= '';
+ if ($firstval eq 'no') {
+ $datatable .=
+ ' '.$additional.
- ' '.
- '';
+ $checkedoff{$item}.' value="0"'.$onclick.' />'.&mt('No').'';
+ }
+ $datatable .= ''.$additional.' ';
$itemcount ++;
}
return ($datatable,$itemcount);
@@ -3771,7 +4495,7 @@ sub print_coursedefaults {
my $currcanclone = 'none';
my $onclick;
my @cloneoptions = ('none','domain');
- my %clonetitles = (
+ my %clonetitles = &Apache::lonlocal::texthash (
none => 'No additional course requesters',
domain => "Any course requester in course's domain",
instcode => 'Course requests for official courses ...',
@@ -4639,6 +5363,313 @@ sub print_passwords {
return $datatable;
}
+sub print_wafproxy {
+ my ($position,$dom,$settings,$rowtotal) = @_;
+ my $css_class;
+ my $itemcount = 0;
+ my $datatable;
+ my %servers = &Apache::lonnet::internet_dom_servers($dom);
+ my (%othercontrol,%otherdoms,%aliases,%saml,%values,$setdom,$showdom);
+ my %lt = &wafproxy_titles();
+ foreach my $server (sort(keys(%servers))) {
+ my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
+ next if ($serverhome eq '');
+ my $serverdom;
+ if ($serverhome ne $server) {
+ $serverdom = &Apache::lonnet::host_domain($serverhome);
+ if (($serverdom ne '') && (&Apache::lonnet::domain($serverdom) ne '')) {
+ $othercontrol{$server} = $serverdom;
+ }
+ } else {
+ $serverdom = &Apache::lonnet::host_domain($server);
+ next if (($serverdom eq '') || (&Apache::lonnet::domain($serverdom) eq ''));
+ if ($serverdom ne $dom) {
+ $othercontrol{$server} = $serverdom;
+ } else {
+ $setdom = 1;
+ if (ref($settings) eq 'HASH') {
+ if (ref($settings->{'alias'}) eq 'HASH') {
+ $aliases{$dom} = $settings->{'alias'};
+ if ($aliases{$dom} ne '') {
+ $showdom = 1;
+ }
+ }
+ if (ref($settings->{'saml'}) eq 'HASH') {
+ $saml{$dom} = $settings->{'saml'};
+ }
+ }
+ }
+ }
+ }
+ if ($setdom) {
+ %{$values{$dom}} = ();
+ if (ref($settings) eq 'HASH') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ $values{$dom}{$item} = $settings->{$item};
+ }
+ }
+ }
+ if (keys(%othercontrol)) {
+ %otherdoms = reverse(%othercontrol);
+ foreach my $domain (keys(%otherdoms)) {
+ %{$values{$domain}} = ();
+ my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain);
+ if (ref($config{'wafproxy'}) eq 'HASH') {
+ $aliases{$domain} = $config{'wafproxy'}{'alias'};
+ if (exists($config{'wafproxy'}{'saml'})) {
+ $saml{$domain} = $config{'wafproxy'}{'saml'};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ $values{$domain}{$item} = $config{'wafproxy'}{$item};
+ }
+ }
+ }
+ }
+ if ($position eq 'top') {
+ my %servers = &Apache::lonnet::internet_dom_servers($dom);
+ my %aliasinfo;
+ foreach my $server (sort(keys(%servers))) {
+ $itemcount ++;
+ my $dom_in_effect;
+ my $aliasrows = ''.
+ ''.
+ &mt('Hostname').': '.
+ ''.&Apache::lonnet::hostname($server).' ';
+ if ($othercontrol{$server}) {
+ $dom_in_effect = $othercontrol{$server};
+ my ($current,$forsaml);
+ if (ref($aliases{$dom_in_effect}) eq 'HASH') {
+ $current = $aliases{$dom_in_effect}{$server};
+ }
+ if (ref($saml{$dom_in_effect}) eq 'HASH') {
+ if ($saml{$dom_in_effect}{$server}) {
+ $forsaml = 1;
+ }
+ }
+ $aliasrows .= ''.
+ &mt('Alias').': ';
+ if ($current) {
+ $aliasrows .= $current;
+ if ($forsaml) {
+ $aliasrows .= ' ('.&mt('also for SSO Auth').')';
+ }
+ } else {
+ $aliasrows .= &mt('None');
+ }
+ $aliasrows .= ' ('.
+ &mt('controlled by domain: [_1]',
+ ''.$dom_in_effect.' ').') ';
+ } else {
+ $dom_in_effect = $dom;
+ my ($current,$samlon,$samloff);
+ $samloff = ' checked="checked"';
+ if (ref($aliases{$dom}) eq 'HASH') {
+ if ($aliases{$dom}{$server}) {
+ $current = $aliases{$dom}{$server};
+ }
+ }
+ if (ref($saml{$dom}) eq 'HASH') {
+ if ($saml{$dom}{$server}) {
+ $samlon = $samloff;
+ undef($samloff);
+ }
+ }
+ $aliasrows .= ''.
+ &mt('Alias').': '.
+ ''.
+ &mt('Alias used for SSO Auth').': '.
+ ' '.
+ ' '.
+ ' ';
+ }
+ $aliasrows .= ' ';
+ $aliasinfo{$dom_in_effect} .= $aliasrows;
+ }
+ if ($aliasinfo{$dom}) {
+ my ($onclick,$wafon,$wafoff,$showtable);
+ $onclick = ' onclick="javascript:toggleWAF();"';
+ $wafoff = ' checked="checked"';
+ $showtable = ' style="display:none";';
+ if ($showdom) {
+ $wafon = $wafoff;
+ $wafoff = '';
+ $showtable = ' style="display:inline;"';
+ }
+ $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+ $datatable = ''.
+ ''.&mt('Domain: [_1]',''.$dom.' ').''.&mt('WAF in use?').' '.
+ ' '.(' 'x2).''.
+ ' '.
+ ''.
+ ' ';
+ $itemcount++;
+ }
+ if (keys(%otherdoms)) {
+ foreach my $key (sort(keys(%otherdoms))) {
+ $css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
+ $datatable .= ''.
+ ''.&mt('Domain: [_1]',''.$key.' ').' '.
+ ''.
+ ''.&mt('Domain: [_1]',''.$dom.' ').' '.
+ ''.&mt('WAF not in use, nothing to set').' '.
+ ''.
+ ''.
+ ''.&mt('Domain: [_1]',''.$dom.' ').''.&mt('Format for comma separated IP ranges').':
'.
+ ''.
+ ''.&mt('Domain: [_1]',''.$domain.' ').' '.
+ '';
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ my $showval = &mt('None');
+ if ($item eq 'ssl') {
+ $showval = $lt{'ssltossl'};
+ }
+ if ($values{$domain}{$item}) {
+ $showval = $values{$domain}{$item};
+ if ($item eq 'ssl') {
+ $showval = $lt{'alltossl'};
+ } elsif ($item eq 'remoteip') {
+ $showval = $ip_methods{$values{$domain}{$item}};
+ }
+ }
+ $datatable .= ''.
+ ''.$lt{$item}.': '.$showval.' ';
+ }
+ $datatable .= '
'.$item.' '.
' '.
- ' '.&mt('Name displayed:').
+ ' '.&mt('Name displayed').':'.
' '.
- &mt('Name displayed:').
+ &mt('Name displayed').':'.
' '.$error.' '.$puberror.' '.$error.' '.&mt("$title{$item} in use for [_1]","$lonhost ").
+ '';
+ foreach my $key ('text','img','alt','url','title','notsso') {
+ if ($currsaml{$lonhost}{$key} eq '') {
+ $resulttext .= ''.&mt("$notlt{$key} not in use").' ';
+ } else {
+ my $value = "'$currsaml{$lonhost}{$key}'";
+ if ($key eq 'img') {
+ $value = ''.&mt("$notlt{$key} set to: [_1]",
+ $value).' ';
+ }
+ }
+ $resulttext .= ' ';
+ } else {
+ $resulttext .= ''.&mt("$title{$item} not in use for [_1]",$lonhost).' ';
+ }
+ }
+ }
} elsif ($item eq 'captcha') {
if (ref($loginhash{'login'}) eq 'HASH') {
my $chgtxt;
@@ -8451,6 +9642,283 @@ sub color_font_choices {
return %choices;
}
+sub modify_ipaccess {
+ my ($dom,$lastactref,%domconfig) = @_;
+ my (@allpos,%changes,%confhash,$errors,$resulttext);
+ my (@items,%deletions,%itemids,@warnings);
+ my ($typeorder,$types) = &commblocktype_text();
+ if ($env{'form.ipaccess_add'}) {
+ my $name = $env{'form.ipaccess_name_add'};
+ my ($newid,$error) = &get_ipaccess_id($dom,$name);
+ if ($newid) {
+ $itemids{'add'} = $newid;
+ push(@items,'add');
+ $changes{$newid} = 1;
+ } else {
+ $error = &mt('Failed to acquire unique ID for new IP access control item');
+ $errors .= ''.$error.' '.
+ &mt('[quant,_1,IP] invalid and excluded from saved value for IP range(s) for [_2]',
+ $diff,$name).
+ ' '.
+ &mt('Invalid courseID [_1] omitted from list of allowed courses',
+ $env{'form.ipaccess_cdom_'.$idx}.'_'.$env{'form.ipaccess_cnum_'.$idx}).
+ ' ';
+ my %bynum;
+ foreach my $itemid (sort(keys(%changes))) {
+ if (ref($confhash{$itemid}) eq 'HASH') {
+ my $position = $confhash{$itemid}{'order'};
+ if ($position =~ /^\d+$/) {
+ $bynum{$position} = $itemid;
+ }
+ }
+ }
+ if (keys(%deletions)) {
+ foreach my $itemid (sort { $a <=> $b } keys(%deletions)) {
+ $resulttext .= ''.&mt('Deleted: [_1]',$changes{$itemid}).' ';
+ }
+ }
+ foreach my $pos (sort { $a <=> $b } keys(%bynum)) {
+ my $itemid = $bynum{$pos};
+ if (ref($confhash{$itemid}) eq 'HASH') {
+ $resulttext .= ''.$confhash{$itemid}{'name'}.' ';
+ my $position = $pos + 1;
+ $resulttext .= ''.&mt('Order: [_1]',$position).' ';
+ if ($confhash{$itemid}{'ip'} eq '') {
+ $resulttext .= ''.&mt('No IP Range(s) set').' ';
+ } else {
+ $resulttext .= ''.&mt('IP Range(s): [_1]',$confhash{$itemid}{'ip'}).' ';
+ }
+ if (keys(%{$confhash{$itemid}{'commblocks'}})) {
+ $resulttext .= ''.&mt('Functionality Blocked: [_1]',
+ join(', ', map { $types->{$_}; } sort(keys(%{$confhash{$itemid}{'commblocks'}})))).
+ ' ';
+ } else {
+ $resulttext .= ''.&mt('No functionality blocked').' ';
+ }
+ if (keys(%{$confhash{$itemid}{'courses'}})) {
+ my @courses;
+ foreach my $cid (sort(keys(%{$confhash{$itemid}{'courses'}}))) {
+ my %courseinfo = &Apache::lonnet::coursedescription($cid,{'one_time' => 1});
+ push(@courses,$courseinfo{'description'}.' ('.$cid.')');
+ }
+ $resulttext .= ''.&mt('Courses/Communities allowed').':';
+ } else {
+ $resulttext .= ' '.&mt('No courses allowed').' ';
+ }
+ $resulttext .= ' ';
+ } else {
+ $errors .= ''.&mt('Failed to save changes').' '.&mt('The following errors occurred: ').'
';
+ }
+ return $resulttext;
+}
+
+sub get_ipaccess_id {
+ my ($domain,$location) = @_;
+ # get lock on ipaccess db
+ my $lockhash = {
+ lock => $env{'user.name'}.
+ ':'.$env{'user.domain'},
+ };
+ my $tries = 0;
+ my $gotlock = &Apache::lonnet::newput_dom('ipaccess',$lockhash,$domain);
+ my ($id,$error);
+
+ while (($gotlock ne 'ok') && ($tries<10)) {
+ $tries ++;
+ sleep (0.1);
+ $gotlock = &Apache::lonnet::newput_dom('ipaccess',$lockhash,$domain);
+ }
+ if ($gotlock eq 'ok') {
+ my %currids = &Apache::lonnet::dump_dom('ipaccess',$domain);
+ if ($currids{'lock'}) {
+ delete($currids{'lock'});
+ if (keys(%currids)) {
+ my @curr = sort { $a <=> $b } keys(%currids);
+ if ($curr[-1] =~ /^\d+$/) {
+ $id = 1 + $curr[-1];
+ }
+ } else {
+ $id = 1;
+ }
+ if ($id) {
+ unless (&Apache::lonnet::newput_dom('ipaccess',{ $id => $location },$domain) eq 'ok') {
+ $error = 'nostore';
+ }
+ } else {
+ $error = 'nonumber';
+ }
+ }
+ my $dellockoutcome = &Apache::lonnet::del_dom('ipaccess',['lock'],$domain);
+ } else {
+ $error = 'nolock';
+ }
+ return ($id,$error);
+}
+
sub modify_rolecolors {
my ($r,$dom,$confname,$roles,$lastactref,%domconfig) = @_;
my ($resulttext,%rolehash);
@@ -10016,8 +11484,10 @@ sub modify_autoupdate {
}
my @offon = ('off','on');
my %title = &Apache::lonlocal::texthash (
- run => 'Auto-update:',
- classlists => 'Updates to user information in classlists?'
+ run => 'Auto-update:',
+ classlists => 'Updates to user information in classlists?',
+ unexpired => 'Skip updates for users without active or future roles?',
+ lastactive => 'Skip updates for inactive users?',
);
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
my %fieldtitles = &Apache::lonlocal::texthash (
@@ -10061,12 +11531,23 @@ sub modify_autoupdate {
my %updatehash = (
autoupdate => { run => $env{'form.autoupdate_run'},
classlists => $env{'form.classlists'},
+ unexpired => $env{'form.unexpired'},
fields => {%fields},
lockablenames => \@lockablenames,
}
);
+ my $lastactivedays;
+ if ($env{'form.lastactive'}) {
+ $lastactivedays = $env{'form.lastactivedays'};
+ $lastactivedays =~ s/^\s+|\s+$//g;
+ unless ($lastactivedays =~ /^\d+$/) {
+ undef($lastactivedays);
+ $env{'form.lastactive'} = 0;
+ }
+ }
+ $updatehash{'autoupdate'}{'lastactive'} = $lastactivedays;
foreach my $key (keys(%currautoupdate)) {
- if (($key eq 'run') || ($key eq 'classlists')) {
+ if (($key eq 'run') || ($key eq 'classlists') || ($key eq 'unexpired') || ($key eq 'lastactive')) {
if (exists($updatehash{autoupdate}{$key})) {
if ($currautoupdate{$key} ne $updatehash{autoupdate}{$key}) {
$changes{$key} = 1;
@@ -10112,6 +11593,16 @@ sub modify_autoupdate {
$changes{'lockablenames'} = 1;
}
}
+ unless (grep(/^unexpired$/,keys(%currautoupdate))) {
+ if ($updatehash{'autoupdate'}{'unexpired'}) {
+ $changes{'unexpired'} = 1;
+ }
+ }
+ unless (grep(/^lastactive$/,keys(%currautoupdate))) {
+ if ($updatehash{'autoupdate'}{'lastactive'} ne '') {
+ $changes{'lastactive'} = 1;
+ }
+ }
foreach my $item (@{$types},'default') {
if (defined($fields{$item})) {
if (ref($currautoupdate{'fields'}) eq 'HASH') {
@@ -10174,6 +11665,11 @@ sub modify_autoupdate {
my $newvalue;
if ($key eq 'run') {
$newvalue = $offon[$env{'form.autoupdate_run'}];
+ } elsif ($key eq 'lastactive') {
+ $newvalue = $offon[$env{'form.lastactive'}];
+ unless ($lastactivedays eq '') {
+ $newvalue .= '; '.&mt('inactive = no activity in last [quant,_1,day]',$lastactivedays);
+ }
} else {
$newvalue = $offon[$env{'form.'.$key}];
}
@@ -10487,7 +11983,8 @@ sub modify_contacts {
my @contacts = ('supportemail','adminemail');
my @mailings = ('errormail','packagesmail','helpdeskmail','otherdomsmail',
'lonstatusmail','requestsmail','updatesmail','idconflictsmail','hostipmail');
- my @toggles = ('reporterrors','reportupdates');
+ my @toggles = ('reporterrors','reportupdates','reportstatus');
+ my @lonstatus = ('threshold','sysmail','weights','excluded');
my ($fields,$fieldtitles,$fieldoptions,$possoptions) = &helpform_fields();
foreach my $type (@mailings) {
@{$newsetting{$type}} =
@@ -10520,6 +12017,41 @@ sub modify_contacts {
$contacts_hash{'contacts'}{$item} = $env{'form.'.$item};
}
}
+ my ($lonstatus_defs,$lonstatus_names) = &Apache::loncommon::lon_status_items();
+ foreach my $item (@lonstatus) {
+ if ($item eq 'excluded') {
+ my (%serverhomes,@excluded);
+ map { $serverhomes{$_} = 1; } values(%Apache::lonnet::serverhomeIDs);
+ my @possexcluded = &Apache::loncommon::get_env_multiple('form.errorexcluded');
+ if (@possexcluded) {
+ foreach my $id (sort(@possexcluded)) {
+ if ($serverhomes{$id}) {
+ push(@excluded,$id);
+ }
+ }
+ }
+ if (@excluded) {
+ $contacts_hash{'contacts'}{'lonstatus'}{$item} = \@excluded;
+ }
+ } elsif ($item eq 'weights') {
+ foreach my $type ('E','W','N','U') {
+ $env{'form.error'.$item.'_'.$type} =~ s/^\s+|\s+$//g;
+ if ($env{'form.error'.$item.'_'.$type} =~ /^\d+$/) {
+ unless ($env{'form.error'.$item.'_'.$type} == $lonstatus_defs->{$type}) {
+ $contacts_hash{'contacts'}{'lonstatus'}{$item}{$type} =
+ $env{'form.error'.$item.'_'.$type};
+ }
+ }
+ }
+ } elsif (($item eq 'threshold') || ($item eq 'sysmail')) {
+ $env{'form.error'.$item} =~ s/^\s+|\s+$//g;
+ if ($env{'form.error'.$item} =~ /^\d+$/) {
+ unless ($env{'form.error'.$item} == $lonstatus_defs->{$item}) {
+ $contacts_hash{'contacts'}{'lonstatus'}{$item} = $env{'form.error'.$item};
+ }
+ }
+ }
+ }
if ((ref($fields) eq 'ARRAY') && (ref($possoptions) eq 'HASH')) {
foreach my $field (@{$fields}) {
if (ref($possoptions->{$field}) eq 'ARRAY') {
@@ -10658,6 +12190,76 @@ sub modify_contacts {
}
}
}
+ if (ref($currsetting{'lonstatus'}) eq 'HASH') {
+ foreach my $key ('excluded','weights','threshold','sysmail') {
+ if ($key eq 'excluded') {
+ if ((ref($contacts_hash{contacts}{lonstatus}) eq 'HASH') &&
+ (ref($contacts_hash{contacts}{lonstatus}{excluded}) eq 'ARRAY')) {
+ if ((ref($currsetting{'lonstatus'}{$key}) eq 'ARRAY') &&
+ (@{$currsetting{'lonstatus'}{$key}})) {
+ my @diffs =
+ &Apache::loncommon::compare_arrays($contacts_hash{contacts}{lonstatus}{excluded},
+ $currsetting{'lonstatus'}{$key});
+ if (@diffs) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ } elsif (@{$contacts_hash{contacts}{lonstatus}{excluded}}) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ } elsif ((ref($currsetting{'lonstatus'}{$key}) eq 'ARRAY') &&
+ (@{$currsetting{'lonstatus'}{$key}})) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ } elsif ($key eq 'weights') {
+ if ((ref($contacts_hash{contacts}{lonstatus}) eq 'HASH') &&
+ (ref($contacts_hash{contacts}{lonstatus}{$key}) eq 'HASH')) {
+ if (ref($currsetting{'lonstatus'}{$key}) eq 'HASH') {
+ foreach my $type ('E','W','N','U') {
+ unless ($contacts_hash{contacts}{lonstatus}{$key}{$type} eq
+ $currsetting{'lonstatus'}{$key}{$type}) {
+ push(@{$changes{'lonstatus'}},$key);
+ last;
+ }
+ }
+ } else {
+ foreach my $type ('E','W','N','U') {
+ if ($contacts_hash{contacts}{lonstatus}{$key}{$type} ne '') {
+ push(@{$changes{'lonstatus'}},$key);
+ last;
+ }
+ }
+ }
+ } elsif (ref($currsetting{'lonstatus'}{$key}) eq 'HASH') {
+ foreach my $type ('E','W','N','U') {
+ if ($currsetting{'lonstatus'}{$key}{$type} ne '') {
+ push(@{$changes{'lonstatus'}},$key);
+ last;
+ }
+ }
+ }
+ } elsif (($key eq 'threshold') || ($key eq 'sysmail')) {
+ if (ref($contacts_hash{contacts}{lonstatus}) eq 'HASH') {
+ if ($currsetting{'lonstatus'}{$key} =~ /^\d+$/) {
+ if ($currsetting{'lonstatus'}{$key} != $contacts_hash{contacts}{lonstatus}{$key}) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ } elsif ($contacts_hash{contacts}{lonstatus}{$key} =~ /^\d+$/) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ } elsif ($currsetting{'lonstatus'}{$key} =~ /^\d+$/) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ }
+ }
+ } else {
+ if (ref($contacts_hash{contacts}{lonstatus}) eq 'HASH') {
+ foreach my $key ('excluded','weights','threshold','sysmail') {
+ if (exists($contacts_hash{contacts}{lonstatus}{$key})) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ }
+ }
+ }
} else {
my %default;
$default{'supportemail'} = $Apache::lonnet::perlvar{'lonSupportEMail'};
@@ -10703,6 +12305,13 @@ sub modify_contacts {
}
}
}
+ if (ref($contacts_hash{contacts}{lonstatus}) eq 'HASH') {
+ foreach my $key ('excluded','weights','threshold','sysmail') {
+ if (exists($contacts_hash{contacts}{lonstatus}{$key})) {
+ push(@{$changes{'lonstatus'}},$key);
+ }
+ }
+ }
}
foreach my $item (@toggles) {
if (($env{'form.'.$item} == 1) && ($currsetting{$item} == 0)) {
@@ -10828,22 +12437,79 @@ sub modify_contacts {
}
}
my @offon = ('off','on');
+ my $corelink = &core_link_msu();
if ($changes{'reporterrors'}) {
$resulttext .= ''.
&mt('E-mail error reports to [_1] set to "'.
$offon[$env{'form.reporterrors'}].'".',
- &Apache::loncommon::modal_link('http://loncapa.org/core.html',
- &mt('LON-CAPA core group - MSU'),600,500)).
+ $corelink).
' ';
}
if ($changes{'reportupdates'}) {
$resulttext .= ''.
&mt('E-mail record of completed LON-CAPA updates to [_1] set to "'.
$offon[$env{'form.reportupdates'}].'".',
- &Apache::loncommon::modal_link('http://loncapa.org/core.html',
- &mt('LON-CAPA core group - MSU'),600,500)).
+ $corelink).
+ ' ';
+ }
+ if ($changes{'reportstatus'}) {
+ $resulttext .= ''.
+ &mt('E-mail status if errors above threshold to [_1] set to "'.
+ $offon[$env{'form.reportstatus'}].'".',
+ $corelink).
' ';
}
+ if (ref($changes{'lonstatus'}) eq 'ARRAY') {
+ $resulttext .= ''.
+ &mt('Nightly status check e-mail settings').':';
+ my (%defval,%use_def,%shown);
+ $defval{'threshold'} = $lonstatus_defs->{'threshold'};
+ $defval{'sysmail'} = $lonstatus_defs->{'sysmail'};
+ $defval{'weights'} =
+ join(', ',map { $lonstatus_names->{$_}.'='.$lonstatus_defs->{$_}; } ('E','W','N','U'));
+ $defval{'excluded'} = &mt('None');
+ if (ref($contacts_hash{'contacts'}{'lonstatus'}) eq 'HASH') {
+ foreach my $item ('threshold','sysmail','weights','excluded') {
+ if (exists($contacts_hash{'contacts'}{'lonstatus'}{$item})) {
+ if (($item eq 'threshold') || ($item eq 'sysmail')) {
+ $shown{$item} = $contacts_hash{'contacts'}{'lonstatus'}{$item};
+ } elsif ($item eq 'weights') {
+ if (ref($contacts_hash{'contacts'}{'lonstatus'}{$item}) eq 'HASH') {
+ foreach my $type ('E','W','N','U') {
+ $shown{$item} .= $lonstatus_names->{$type}.'=';
+ if (exists($contacts_hash{'contacts'}{'lonstatus'}{$item}{$type})) {
+ $shown{$item} .= $contacts_hash{'contacts'}{'lonstatus'}{$item}{$type};
+ } else {
+ $shown{$item} .= $lonstatus_defs->{$type};
+ }
+ $shown{$item} .= ', ';
+ }
+ $shown{$item} =~ s/, $//;
+ } else {
+ $shown{$item} = $defval{$item};
+ }
+ } elsif ($item eq 'excluded') {
+ if (ref($contacts_hash{'contacts'}{'lonstatus'}{$item}) eq 'ARRAY') {
+ $shown{$item} = join(', ',@{$contacts_hash{'contacts'}{'lonstatus'}{$item}});
+ } else {
+ $shown{$item} = $defval{$item};
+ }
+ }
+ } else {
+ $shown{$item} = $defval{$item};
+ }
+ }
+ } else {
+ foreach my $item ('threshold','weights','excluded','sysmail') {
+ $shown{$item} = $defval{$item};
+ }
+ }
+ foreach my $item ('threshold','weights','excluded','sysmail') {
+ $resulttext .= ''.&mt($titles->{'error'.$item}.' -- [_1]',
+ $shown{$item}).' ';
+ }
+ $resulttext .= ' ';
+ }
if ((ref($changes{'helpform'}) eq 'ARRAY') && (ref($fields) eq 'ARRAY')) {
my (@optional,@required,@unused,$maxsizechg);
foreach my $field (@{$changes{'helpform'}}) {
@@ -11306,7 +12972,7 @@ sub modify_passwords {
$resulttext .= ''.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
} else {
- $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA usedfor verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
+ $resulttext .= ''.&mt('E-mail address(es) in LON-CAPA used for verification will include: [_1]',join(', ',map { $titles{$_}; } @{$staticdefaults{'resetemail'}})).' ';
}
if ($confighash{'passwords'}{'resetremove'}) {
$resulttext .= ''.&mt('Preamble to "Forgot Password" web form not shown').' ';
@@ -14472,6 +16138,344 @@ sub modify_selfenrollment {
return $resulttext;
}
+sub modify_wafproxy {
+ my ($dom,$action,$lastactref,%domconfig) = @_;
+ my %servers = &Apache::lonnet::internet_dom_servers($dom);
+ my (%othercontrol,%canset,%values,%curralias,%currsaml,%currvalue,@warnings,
+ %wafproxy,%changes,%expirecache,%expiresaml);
+ foreach my $server (sort(keys(%servers))) {
+ my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server});
+ if ($serverhome eq $server) {
+ my $serverdom = &Apache::lonnet::host_domain($server);
+ if ($serverdom eq $dom) {
+ $canset{$server} = 1;
+ }
+ }
+ }
+ if (ref($domconfig{'wafproxy'}) eq 'HASH') {
+ %{$values{$dom}} = ();
+ if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
+ %curralias = %{$domconfig{'wafproxy'}{'alias'}};
+ }
+ if (ref($domconfig{'wafproxy'}{'saml'}) eq 'HASH') {
+ %currsaml = %{$domconfig{'wafproxy'}{'saml'}};
+ }
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ $currvalue{$item} = $domconfig{'wafproxy'}{$item};
+ }
+ }
+ my $output;
+ if (keys(%canset)) {
+ %{$wafproxy{'alias'}} = ();
+ %{$wafproxy{'saml'}} = ();
+ foreach my $key (sort(keys(%canset))) {
+ if ($env{'form.wafproxy_'.$dom}) {
+ $wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key};
+ $wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g;
+ if ($wafproxy{'alias'}{$key} ne $curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($env{'form.wafproxy_alias_saml_'.$key}) {
+ $wafproxy{'saml'}{$key} = 1;
+ }
+ if ($wafproxy{'saml'}{$key} ne $currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
+ } else {
+ $wafproxy{'alias'}{$key} = '';
+ $wafproxy{'saml'}{$key} = '';
+ if ($curralias{$key}) {
+ $changes{'alias'} = 1;
+ }
+ if ($currsaml{$key}) {
+ $changes{'saml'} = 1;
+ }
+ }
+ if ($wafproxy{'alias'}{$key} eq '') {
+ if ($curralias{$key}) {
+ $expirecache{$key} = 1;
+ }
+ delete($wafproxy{'alias'}{$key});
+ }
+ if ($wafproxy{'saml'}{$key} eq '') {
+ if ($currsaml{$key}) {
+ $expiresaml{$key} = 1;
+ }
+ delete($wafproxy{'saml'}{$key});
+ }
+ }
+ unless (keys(%{$wafproxy{'alias'}})) {
+ delete($wafproxy{'alias'});
+ }
+ unless (keys(%{$wafproxy{'saml'}})) {
+ delete($wafproxy{'saml'});
+ }
+ # Localization for values in %warn occurs in &mt() calls separately.
+ my %warn = (
+ trusted => 'trusted IP range(s)',
+ vpnint => 'internal IP range(s) for VPN sessions(s)',
+ vpnext => 'IP range(s) for backend WAF connections',
+ );
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ my $possible = $env{'form.wafproxy_'.$item};
+ $possible =~ s/^\s+|\s+$//g;
+ if ($possible ne '') {
+ if ($item eq 'remoteip') {
+ if ($possible =~ /^[mhn]$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{'remoteip'} eq 'h') {
+ $wafproxy{$item} = $possible;
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
+ } else {
+ my (@ok,$count);
+ if (($item eq 'vpnint') || ($item eq 'vpnext')) {
+ unless ($env{'form.wafproxy_vpnaccess'}) {
+ $possible = '';
+ }
+ } elsif ($item eq 'trusted') {
+ unless ($wafproxy{'remoteip'} eq 'h') {
+ $possible = '';
+ }
+ }
+ unless ($possible eq '') {
+ $possible =~ s/[\r\n]+/\s/g;
+ $possible =~ s/\s*-\s*/-/g;
+ $possible =~ s/\s+/,/g;
+ $possible =~ s/,+/,/g;
+ }
+ $count = 0;
+ if ($possible ne '') {
+ foreach my $poss (split(/\,/,$possible)) {
+ $count ++;
+ $poss = &validate_ip_pattern($poss);
+ if ($poss ne '') {
+ push(@ok,$poss);
+ }
+ }
+ my $diff = $count - scalar(@ok);
+ if ($diff) {
+ push(@warnings,''.
+ &mt('[quant,_1,IP] invalid and excluded from saved value for [_2]',
+ $diff,$warn{$item}).
+ ' ');
+ }
+ if (@ok) {
+ my @cidr_list;
+ foreach my $item (@ok) {
+ @cidr_list = &Net::CIDR::cidradd($item,@cidr_list);
+ }
+ $wafproxy{$item} = join(',',@cidr_list);
+ }
+ }
+ }
+ if ($wafproxy{$item} ne $currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ } elsif ($currvalue{$item}) {
+ $changes{$item} = 1;
+ }
+ }
+ } else {
+ if (keys(%curralias)) {
+ $changes{'alias'} = 1;
+ }
+ if (keys(%currsaml)) {
+ $changes{'saml'} = 1;
+ }
+ if (keys(%currvalue)) {
+ foreach my $key (keys(%currvalue)) {
+ $changes{$key} = 1;
+ }
+ }
+ }
+ if (keys(%changes)) {
+ my %defaultshash = (
+ wafproxy => \%wafproxy,
+ );
+ my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash,
+ $dom);
+ if ($putresult eq 'ok') {
+ my $cachetime = 24*60*60;
+ my (%domdefaults,$updatedomdefs);
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
+ if ($changes{$item}) {
+ unless ($updatedomdefs) {
+ %domdefaults = &Apache::lonnet::get_domain_defaults($dom);
+ $updatedomdefs = 1;
+ }
+ if ($wafproxy{$item}) {
+ $domdefaults{'waf_'.$item} = $wafproxy{$item};
+ } elsif (exists($domdefaults{'waf_'.$item})) {
+ delete($domdefaults{'waf_'.$item});
+ }
+ }
+ }
+ if ($updatedomdefs) {
+ &Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime);
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'domdefaults'} = 1;
+ }
+ }
+ if ((exists($wafproxy{'alias'})) || (keys(%expirecache))) {
+ my %updates = %expirecache;
+ foreach my $key (keys(%expirecache)) {
+ &Apache::lonnet::devalidate_cache_new('proxyalias',$key);
+ }
+ if (ref($wafproxy{'alias'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'alias'}})) {
+ $updates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxyalias',$key,$wafproxy{'alias'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxyalias'} = \%updates;
+ }
+ }
+ if ((exists($wafproxy{'saml'})) || (keys(%expiresaml))) {
+ my %samlupdates = %expiresaml;
+ foreach my $key (keys(%expiresaml)) {
+ &Apache::lonnet::devalidate_cache_new('proxysaml',$key);
+ }
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ my $cachetime = 24*60*60;
+ foreach my $key (keys(%{$wafproxy{'saml'}})) {
+ $samlupdates{$key} = 1;
+ &Apache::lonnet::do_cache_new('proxysaml',$key,$wafproxy{'saml'}{$key},
+ $cachetime);
+ }
+ }
+ if (ref($lastactref) eq 'HASH') {
+ $lastactref->{'proxysaml'} = \%samlupdates;
+ }
+ }
+ $output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'';
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
+ if ($changes{$item}) {
+ if ($item eq 'alias') {
+ my $numaliased = 0;
+ if (ref($wafproxy{'alias'}) eq 'HASH') {
+ my $shown;
+ if (keys(%{$wafproxy{'alias'}})) {
+ foreach my $server (sort(keys(%{$wafproxy{'alias'}}))) {
+ $shown .= ''.&mt('[_1] aliased by [_2]',
+ &Apache::lonnet::hostname($server),
+ $wafproxy{'alias'}{$server}).' ';
+ $numaliased ++;
+ }
+ if ($numaliased) {
+ $output .= ''.&mt('Aliases for hostnames set to: [_1]',
+ '').' ';
+ }
+ }
+ }
+ unless ($numaliased) {
+ $output .= ''.&mt('Aliases deleted for hostnames').' ';
+ }
+ } elsif ($item eq 'saml') {
+ my $shown;
+ if (ref($wafproxy{'saml'}) eq 'HASH') {
+ if (keys(%{$wafproxy{'saml'}})) {
+ $shown = join(', ',sort(keys(%{$wafproxy{'saml'}})));
+ }
+ }
+ if ($shown) {
+ $output .= ''.&mt('Alias used by SSO Auth for: [_1]',
+ $shown).' ';
+ } else {
+ $output .= ''.&mt('No alias used for SSO Auth').' ';
+ }
+ } else {
+ if ($item eq 'remoteip') {
+ my %ip_methods = &remoteip_methods();
+ if ($wafproxy{$item} =~ /^[mh]$/) {
+ $output .= ''.&mt("Method for determining user's IP set to: [_1]",
+ $ip_methods{$wafproxy{$item}}).' ';
+ } else {
+ if (($env{'form.wafproxy_'.$dom}) && (ref($wafproxy{'alias'}) eq 'HASH')) {
+ $output .= ''.&mt("No method in use to get user's real IP (will report IP used by WAF).").
+ ' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy not in use').' ';
+ }
+ }
+ } elsif ($item eq 'ipheader') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Request header with remote IP set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Request header with remote IP deleted').' ';
+ }
+ } elsif ($item eq 'trusted') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Trusted IP range(s) set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Trusted IP range(s) deleted').' ';
+ }
+ } elsif ($item eq 'vpnint') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('Internal IP Range(s) for VPN sessions deleted').' ';
+ }
+ } elsif ($item eq 'vpnext') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('IP Range(s) for backend WAF connections set to: [_1]',
+ $wafproxy{$item}).' ';
+ } else {
+ $output .= ''.&mt('IP Range(s) for backend WAF connections deleted').' ';
+ }
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').' ';
+ } else {
+ $output .= ''.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').' ';
+ }
+ }
+ }
+ }
+ }
+ } else {
+ $output = ''.
+ &mt('An error occurred: [_1]',$putresult).' ';
+ }
+ } elsif (keys(%canset)) {
+ $output = &mt('No changes made to Web Application Firewall/Reverse Proxy settings');
+ }
+ if (@warnings) {
+ $output .= ''.
+ join("\n",@warnings).' ';
+ }
+ return $output;
+}
+
+sub validate_ip_pattern {
+ my ($pattern) = @_;
+ if ($pattern =~ /^([^-]+)\-([^-]+)$/) {
+ my ($start,$end) = ($1,$2);
+ if ((&Net::CIDR::cidrvalidate($start)) && (&Net::CIDR::cidrvalidate($end))) {
+ if (($start !~ m{/}) && ($end !~ m{/})) {
+ return $start.'-'.$end;
+ }
+ }
+ } elsif ($pattern ne '') {
+ $pattern = &Net::CIDR::cidrvalidate($pattern);
+ if ($pattern ne '') {
+ return $pattern;
+ }
+ }
+ return;
+}
+
sub modify_usersessions {
my ($dom,$lastactref,%domconfig) = @_;
my @hostingtypes = ('version','excludedomain','includedomain');
@@ -15861,16 +17865,48 @@ sub devalidate_remote_domconfs {
my %thismachine;
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids();
my @posscached = ('domainconfig','domdefaults','usersessions',
- 'directorysrch','passwdconf','cats');
+ 'directorysrch','passwdconf','cats','proxyalias','proxysaml',
+ 'ipaccess');
+ my %cache_by_lonhost;
+ if (exists($cachekeys->{'samllanding'})) {
+ if (ref($cachekeys->{'samllanding'}) eq 'HASH') {
+ my %landing = %{$cachekeys->{'samllanding'}};
+ my %domservers = &Apache::lonnet::get_servers($dom);
+ if (keys(%domservers)) {
+ foreach my $server (keys(%domservers)) {
+ my @cached;
+ next if ($thismachine{$server});
+ if ($landing{$server}) {
+ push(@cached,&escape('samllanding').':'.&escape($server));
+ }
+ if (@cached) {
+ $cache_by_lonhost{$server} = \@cached;
+ }
+ }
+ }
+ }
+ }
if (keys(%servers)) {
foreach my $server (keys(%servers)) {
next if ($thismachine{$server});
my @cached;
foreach my $name (@posscached) {
if ($cachekeys->{$name}) {
- push(@cached,&escape($name).':'.&escape($dom));
+ if (($name eq 'proxyalias') || ($name eq 'proxysaml')) {
+ if (ref($cachekeys->{$name}) eq 'HASH') {
+ foreach my $key (keys(%{$cachekeys->{$name}})) {
+ push(@cached,&escape($name).':'.&escape($key));
+ }
+ }
+ } else {
+ push(@cached,&escape($name).':'.&escape($dom));
+ }
}
}
+ if ((exists($cache_by_lonhost{$server})) &&
+ (ref($cache_by_lonhost{$server}) eq 'ARRAY')) {
+ push(@cached,@{$cache_by_lonhost{$server}});
+ }
if (@cached) {
&Apache::lonnet::remote_devalidate_cache($server,\@cached);
}