|
version 1.372, 2020/09/17 00:35:04
|
version 1.373, 2020/12/18 15:23:02
|
|
Line 176 use Locale::Language;
|
Line 176 use Locale::Language;
|
| use DateTime::TimeZone; |
use DateTime::TimeZone; |
| use DateTime::Locale; |
use DateTime::Locale; |
| use Time::HiRes qw( sleep ); |
use Time::HiRes qw( sleep ); |
| |
use Net::CIDR; |
| |
|
| my $registered_cleanup; |
my $registered_cleanup; |
| my $modified_urls; |
my $modified_urls; |
|
Line 220 sub handler {
|
Line 221 sub handler {
|
| 'coursedefaults','usersessions','loadbalancing', |
'coursedefaults','usersessions','loadbalancing', |
| 'requestauthor','selfenrollment','inststatus', |
'requestauthor','selfenrollment','inststatus', |
| 'ltitools','ssl','trust','lti','privacy','passwords', |
'ltitools','ssl','trust','lti','privacy','passwords', |
| 'proctoring'],$dom); |
'proctoring','wafproxy'],$dom); |
| my %encconfig = |
my %encconfig = |
| &Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom); |
&Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring'],$dom); |
| if (ref($domconfig{'ltitools'}) eq 'HASH') { |
if (ref($domconfig{'ltitools'}) eq 'HASH') { |
|
Line 259 sub handler {
|
Line 260 sub handler {
|
| } |
} |
| } |
} |
| } |
} |
| my @prefs_order = ('rolecolors','login','defaults','passwords','quotas','autoenroll', |
my @prefs_order = ('rolecolors','login','defaults','wafproxy','passwords','quotas', |
| 'autoupdate','autocreate','directorysrch','contacts','privacy', |
'autoenroll','autoupdate','autocreate','directorysrch', |
| 'usercreation','selfcreation','usermodification','scantron', |
'contacts','privacy','usercreation','selfcreation', |
| 'requestcourses','requestauthor','coursecategories', |
'usermodification','scantron','requestcourses','requestauthor' |
| 'serverstatuses','helpsettings','coursedefaults', |
'coursecategories','serverstatuses','helpsettings','coursedefaults', |
| 'ltitools','proctoring','selfenrollment','usersessions','ssl', |
'ltitools','proctoring','selfenrollment','usersessions','ssl', |
| 'trust','lti'); |
'trust','lti'); |
| my %existing; |
my %existing; |
|
Line 310 sub handler {
|
Line 311 sub handler {
|
| print => \&print_defaults, |
print => \&print_defaults, |
| modify => \&modify_defaults, |
modify => \&modify_defaults, |
| }, |
}, |
| |
'wafproxy' => |
| |
{ text => 'Web Application Firewall/Reverse Proxy', |
| |
help => 'Domain_Configuration_WAF_Proxy', |
| |
header => [{col1 => 'Domain server', |
| |
col2 => 'Alias for WAF/Reverse Proxy', |
| |
}, |
| |
{col1 => 'Setting', |
| |
col2 => 'Value',}], |
| |
print => \&print_wafproxy, |
| |
modify => \&modify_wafproxy, |
| |
}, |
| 'passwords' => |
'passwords' => |
| { text => 'Passwords (Internal authentication)', |
{ text => 'Passwords (Internal authentication)', |
| help => 'Domain_Configuration_Passwords', |
help => 'Domain_Configuration_Passwords', |
|
Line 805 sub process_changes {
|
Line 817 sub process_changes {
|
| $output = &modify_privacy($dom,%domconfig); |
$output = &modify_privacy($dom,%domconfig); |
| } elsif ($action eq 'passwords') { |
} elsif ($action eq 'passwords') { |
| $output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig); |
$output = &modify_passwords($r,$dom,$confname,$lastactref,%domconfig); |
| |
} elsif ($action eq 'wafproxy') { |
| |
$output = &modify_wafproxy($dom,$action,$lastactref,%domconfig); |
| } |
} |
| return $output; |
return $output; |
| } |
} |
|
Line 882 sub print_config_box {
|
Line 896 sub print_config_box {
|
| ($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') || |
($action eq 'usermodification') || ($action eq 'defaults') || ($action eq 'coursedefaults') || |
| ($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'ssl') || |
($action eq 'selfenrollment') || ($action eq 'usersessions') || ($action eq 'ssl') || |
| ($action eq 'directorysrch') || ($action eq 'trust') || ($action eq 'helpsettings') || |
($action eq 'directorysrch') || ($action eq 'trust') || ($action eq 'helpsettings') || |
| ($action eq 'contacts') || ($action eq 'privacy')) { |
($action eq 'contacts') || ($action eq 'privacy') || ($action eq 'wafproxy')) { |
| $output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal); |
$output .= $item->{'print'}->('top',$dom,$settings,\$rowtotal); |
| } elsif ($action eq 'passwords') { |
} elsif ($action eq 'passwords') { |
| $output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal); |
$output .= $item->{'print'}->('top',$dom,$confname,$settings,\$rowtotal); |
|
Line 1005 sub print_config_box {
|
Line 1019 sub print_config_box {
|
| $rowtotal ++; |
$rowtotal ++; |
| } elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') || |
} elsif (($action eq 'usermodification') || ($action eq 'coursedefaults') || |
| ($action eq 'defaults') || ($action eq 'directorysrch') || |
($action eq 'defaults') || ($action eq 'directorysrch') || |
| ($action eq 'helpsettings')) { |
($action eq 'helpsettings') || ($action eq 'wafproxy')) { |
| $output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); |
$output .= $item->{'print'}->('bottom',$dom,$settings,\$rowtotal); |
| } elsif ($action eq 'scantron') { |
} elsif ($action eq 'scantron') { |
| $output .= $item->{'print'}->($r,'bottom',$dom,$confname,$settings,\$rowtotal); |
$output .= $item->{'print'}->($r,'bottom',$dom,$confname,$settings,\$rowtotal); |
|
Line 7164 sub print_passwords {
|
Line 7178 sub print_passwords {
|
| return $datatable; |
return $datatable; |
| } |
} |
| |
|
| |
sub print_wafproxy { |
| |
my ($position,$dom,$settings,$rowtotal) = @_; |
| |
my $css_class; |
| |
my $itemcount = 0; |
| |
my $datatable; |
| |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| |
my (%othercontrol,%otherdoms,%aliases,%values,$setdom); |
| |
foreach my $server (sort(keys(%servers))) { |
| |
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
| |
my $serverdom; |
| |
if ($serverhome ne $server) { |
| |
$serverdom = &Apache::lonnet::host_domain($serverhome); |
| |
$othercontrol{$server} = $serverdom; |
| |
} else { |
| |
$serverdom = &Apache::lonnet::host_domain($server); |
| |
if ($serverdom ne $dom) { |
| |
$othercontrol{$server} = $serverdom; |
| |
} else { |
| |
$setdom = 1; |
| |
if (ref($settings) eq 'HASH') { |
| |
%{$values{$dom}} = (); |
| |
if (ref($settings->{'alias'}) eq 'HASH') { |
| |
$aliases{$dom} = $settings->{'alias'}; |
| |
} |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
$values{$dom}{$item} = $settings->{$item}; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if (keys(%othercontrol)) { |
| |
%otherdoms = reverse(%othercontrol); |
| |
foreach my $domain (keys(%otherdoms)) { |
| |
%{$values{$domain}} = (); |
| |
my %config = &Apache::lonnet::get_dom('configuration',['wafproxy'],$domain); |
| |
if (ref($config{$domain}) eq 'HASH') { |
| |
if (ref($config{$domain}{'wafproxy'}) eq 'HASH') { |
| |
$aliases{$domain} = $config{$domain}{'wafproxy'}{'alias'}; |
| |
foreach my $item ('exempt','trusted','ipheader') { |
| |
$values{$domain}{$item} = $config{$domain}{'wafproxy'}{$item}; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if ($position eq 'top') { |
| |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| |
foreach my $server (sort(keys(%servers))) { |
| |
$itemcount ++; |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable .= '<tr'.$css_class.'>'. |
| |
'<td>'.&mt('Hostname').': '. |
| |
&Apache::lonnet::hostname($server).'</td>'. |
| |
'<td>'; |
| |
if ($othercontrol{$server}) { |
| |
my $current; |
| |
if (ref($aliases{$othercontrol{$server}}) eq 'HASH') { |
| |
$current = $aliases{$othercontrol{$server}{$server}}; |
| |
} |
| |
if ($current) { |
| |
$datatable .= $current; |
| |
} else { |
| |
$datatable .= &mt('None in effect'); |
| |
} |
| |
$datatable .= '<br /><span class="LC_small">('. |
| |
&mt('WAF/Reverse Proxy controlled by domain: [_1]', |
| |
'<b>'.$othercontrol{$server}.'</b>').'</span>'; |
| |
} else { |
| |
my $current; |
| |
if (ref($aliases{$dom}) eq 'HASH') { |
| |
if ($aliases{$dom}{$server}) { |
| |
$current = $aliases{$dom}{$server}; |
| |
} |
| |
} |
| |
$datatable .= '<input type="text" name="wafproxy_alias_'.$server.'" '. |
| |
'value="'.$current.'" size="20" />'; |
| |
} |
| |
$datatable .= '</td></tr>'; |
| |
} |
| |
} else { |
| |
if ($setdom) { |
| |
$itemcount ++; |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable .= '<tr'.$css_class.'>'. |
| |
'<td>'.&mt('Domain: [_1]','<b>'.$dom.'</b>').'<br /><br />'. |
| |
&mt('Format for comma separated IP blocks').':<br />'. |
| |
&mt('A.B.C.D/N or A.B.C.D - E.F.G.H').'</td>'. |
| |
'<td class="LC_left_item"><table>'; |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
$datatable .= '<tr>'. |
| |
'<td>'.$lt{$item}.': '. |
| |
'<input type="text" value="'.$values{$dom}{$item}.'" '. |
| |
'name="wafproxy_'.$item.'" /></td></tr>'; |
| |
} |
| |
$datatable .= '</table></td></tr>'; |
| |
} |
| |
if (keys(%otherdoms)) { |
| |
foreach my $domain (sort(keys(%otherdoms))) { |
| |
$itemcount ++; |
| |
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : ''; |
| |
$datatable .= '<tr'.$css_class.'>'. |
| |
'<td>'.&mt('Domain: [_1]',$domain). |
| |
'<table>'; |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
my $showval = &mt('None'); |
| |
if ($values{$domain}{$item}) { |
| |
$showval = $values{$domain}{$item}; |
| |
} |
| |
$datatable .= '<tr>'. |
| |
'<td>'.$lt{$item}.': '.$showval.'</td></tr>'; |
| |
} |
| |
$datatable .= '</table></td></tr>'; |
| |
} |
| |
} |
| |
} |
| |
$$rowtotal += $itemcount; |
| |
return $datatable; |
| |
} |
| |
|
| |
sub wafproxy_titles { |
| |
return &Apache::lonlocal::texthash( |
| |
exempt => 'Exempt IP range(s)', |
| |
trusted => 'Trusted IP range(s)', |
| |
ipheader => 'Custom request header', |
| |
); |
| |
} |
| |
|
| sub print_usersessions { |
sub print_usersessions { |
| my ($position,$dom,$settings,$rowtotal) = @_; |
my ($position,$dom,$settings,$rowtotal) = @_; |
| my ($css_class,$datatable,$itemcount,%checked,%choices); |
my ($css_class,$datatable,$itemcount,%checked,%choices); |
|
Line 19426 sub modify_selfenrollment {
|
Line 19568 sub modify_selfenrollment {
|
| return $resulttext; |
return $resulttext; |
| } |
} |
| |
|
| |
sub modify_wafproxy { |
| |
my ($dom,$action,$lastactref,%domconfig) = @_; |
| |
my %servers = &Apache::lonnet::internet_dom_servers($dom); |
| |
my (%othercontrol,%canset,%values,%curralias,%currvalue,@warnings,%wafproxy, |
| |
%changes,%expirecache); |
| |
foreach my $server (sort(keys(%servers))) { |
| |
my $serverhome = &Apache::lonnet::get_server_homeID($servers{$server}); |
| |
if ($serverhome eq $server) { |
| |
my $serverdom = &Apache::lonnet::host_domain($server); |
| |
if ($serverdom eq $dom) { |
| |
$canset{$server} = 1; |
| |
if (ref($domconfig{'wafproxy'}) eq 'HASH') { |
| |
%{$values{$dom}} = (); |
| |
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') { |
| |
%curralias = %{$domconfig{'wafproxy'}{'alias'}}; |
| |
} |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
$currvalue{$item} = $domconfig{'wafproxy'}{$item}; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
my $output; |
| |
if (keys(%canset)) { |
| |
%{$wafproxy{'alias'}} = (); |
| |
foreach my $key (sort(keys(%canset))) { |
| |
$wafproxy{'alias'}{$key} = $env{'form.wafproxy_alias_'.$key}; |
| |
$wafproxy{'alias'}{$key} =~ s/^\s+|\s+$//g; |
| |
if ($wafproxy{'alias'}{$key} ne $curralias{$key}) { |
| |
$changes{'alias'} = 1; |
| |
} |
| |
if ($wafproxy{'alias'}{$key} eq '') { |
| |
if ($curralias{$key}) { |
| |
$expirecache{$key} = 1; |
| |
} |
| |
delete($wafproxy{'alias'}{$key}); |
| |
} |
| |
} |
| |
unless (keys(%{$wafproxy{'alias'}})) { |
| |
delete($wafproxy{'alias'}); |
| |
} |
| |
# Localization for values in %warn occus in &mt() calls separately. |
| |
my %warn = ( |
| |
trusted => 'trusted IP range(s)', |
| |
exempt => 'exempt IP range(s)', |
| |
); |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
my $possible = $env{'form.wafproxy_'.$item}; |
| |
$possible =~ s/^\s+|\s+$//g; |
| |
if ($possible ne '') { |
| |
if ($item eq 'ipheader') { |
| |
$wafproxy{$item} = $possible; |
| |
} else { |
| |
my (@ok,$count); |
| |
$possible =~ s/[\r\n]+/\s/g; |
| |
$possible =~ s/\s*-\s*/-/g; |
| |
$possible =~ s/\s+/,/g; |
| |
$count = 0; |
| |
if ($possible) { |
| |
foreach my $poss (split(/\,/,$possible)) { |
| |
$count ++; |
| |
if (&validate_ip_pattern($poss)) { |
| |
push(@ok,$poss); |
| |
} |
| |
} |
| |
if (@ok) { |
| |
$wafproxy{$item} = join(',',@ok); |
| |
} |
| |
my $diff = $count - scalar(@ok); |
| |
if ($diff) { |
| |
push(@warnings,'<li>'. |
| |
&mt('[quant,_1,IP] invalid and excluded from saved value for [_2]', |
| |
$diff,$warn{$item}). |
| |
'</li>'); |
| |
} |
| |
if ($wafproxy{$item} ne $currvalue{$item}) { |
| |
$changes{$item} = 1; |
| |
} |
| |
} |
| |
} |
| |
} else { |
| |
if ($currvalue{$item}) { |
| |
$changes{$item} = 1; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
if (keys(%changes)) { |
| |
my %defaultshash = ( |
| |
wafproxy => \%wafproxy, |
| |
); |
| |
my $putresult = &Apache::lonnet::put_dom('configuration',\%defaultshash, |
| |
$dom); |
| |
if ($putresult eq 'ok') { |
| |
my $cachetime = 24*60*60; |
| |
my (%domdefaults,$updatedomdefs); |
| |
foreach my $item ('ipheader','trusted','exempt') { |
| |
if ($changes{$item}) { |
| |
unless ($updatedomdefs) { |
| |
%domdefaults = &Apache::lonnet::get_domain_defaults($dom); |
| |
$updatedomdefs = 1; |
| |
} |
| |
if ($wafproxy{$item}) { |
| |
$domdefaults{'waf_'.$item} = $wafproxy{$item}; |
| |
} elsif (exists($domdefaults{'waf_'.$item})) { |
| |
delete($domdefaults{'waf_'.$item}); |
| |
} |
| |
} |
| |
} |
| |
if ($updatedomdefs) { |
| |
&Apache::lonnet::do_cache_new('domdefaults',$dom,\%domdefaults,$cachetime); |
| |
if (ref($lastactref) eq 'HASH') { |
| |
$lastactref->{'domdefaults'} = 1; |
| |
} |
| |
} |
| |
if ((exists($wafproxy{'alias'})) || (keys(%expirecache))) { |
| |
my %updates = %expirecache; |
| |
foreach my $key (keys(%expirecache)) { |
| |
&Apache::lonnet::devalidate_cache_new('proxyalias',$key); |
| |
} |
| |
if (ref($wafproxy{'alias'}) eq 'HASH') { |
| |
my $cachetime = 24*60*60; |
| |
foreach my $key (keys(%{$wafproxy{'alias'}})) { |
| |
$updates{$key} = 1; |
| |
&Apache::lonnet::do_cache_new('proxyalias',$key,$wafproxy{'alias'}{$key}, |
| |
$cachetime); |
| |
} |
| |
} |
| |
if (ref($lastactref) eq 'HASH') { |
| |
$lastactref->{'proxyalias'} = \%updates; |
| |
} |
| |
} |
| |
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>'; |
| |
foreach my $item ('alias','ipheader','trusted','exempt') { |
| |
if ($changes{$item}) { |
| |
if ($item eq 'alias') { |
| |
my $numaliased = 0; |
| |
if (ref($wafproxy{'alias'}) eq 'HASH') { |
| |
my $shown; |
| |
if (keys(%{$wafproxy{'alias'}})) { |
| |
foreach my $server (sort(keys(%{$wafproxy{'alias'}}))) { |
| |
$shown .= '<li>'.&mt('[_1] aliased by [_2]', |
| |
&Apache::lonnet::hostname($server), |
| |
$wafproxy{'alias'}{$server}).'</li>'; |
| |
$numaliased ++; |
| |
} |
| |
if ($numaliased) { |
| |
$output .= '<li>'.&mt('Aliases for hostnames set to: [_1]', |
| |
'<ul>'.$shown.'</ul>').'</li>'; |
| |
} |
| |
} |
| |
} |
| |
unless ($numaliased) { |
| |
$output .= '<li>'.&mt('Aliases deleted for hostnames').'</li>'; |
| |
} |
| |
} else { |
| |
if ($item eq 'ipheader') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('Custom request header set to [_1]', |
| |
$wafproxy{$item}).'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('Custom request header deleted').'</li>'; |
| |
} |
| |
} elsif ($item eq 'trusted') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('Trusted IP range(s) set to [_1]', |
| |
$wafproxy{$item}).'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('Trusted IP range(s) deleted').'</li>'; |
| |
} |
| |
} elsif ($item eq 'exempt') { |
| |
if ($wafproxy{$item}) { |
| |
$output .= '<li>'.&mt('Exempt IP range(s) set to [_1]', |
| |
$wafproxy{$item}).'</li>'; |
| |
} else { |
| |
$output .= '<li>'.&mt('Exempt IP range(s) deleted').'</li>'; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} else { |
| |
$output = '<span class="LC_error">'. |
| |
&mt('An error occurred: [_1]',$putresult).'</span>'; |
| |
} |
| |
} elsif (keys(%canset)) { |
| |
$output = &mt('No changes made to Web Application Firewall/Reverse Proxy settings'); |
| |
} |
| |
if (@warnings) { |
| |
$output .= '<br />'.&mt('Warnings:').'<ul>'. |
| |
join("\n",@warnings).'</ul>'; |
| |
} |
| |
return $output; |
| |
} |
| |
|
| |
sub validate_ip_pattern { |
| |
my ($pattern) = @_; |
| |
if ($pattern =~ /^([^-]+)\-([^-]+)$/) { |
| |
my ($start,$end) = ($1,$2); |
| |
if ((&Net::CIDR::cidrvalidate($start)) && (&Net::CIDR::cidrvalidate($end))) { |
| |
return 1; |
| |
} |
| |
} elsif (&Net::CIDR::cidrvalidate($pattern)) { |
| |
return 1; |
| |
} |
| |
return |
| |
} |
| |
|
| sub modify_usersessions { |
sub modify_usersessions { |
| my ($dom,$lastactref,%domconfig) = @_; |
my ($dom,$lastactref,%domconfig) = @_; |
| my @hostingtypes = ('version','excludedomain','includedomain'); |
my @hostingtypes = ('version','excludedomain','includedomain'); |
|
Line 21140 sub devalidate_remote_domconfs {
|
Line 21491 sub devalidate_remote_domconfs {
|
| my %thismachine; |
my %thismachine; |
| map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids(); |
map { $thismachine{$_} = 1; } &Apache::lonnet::current_machine_ids(); |
| my @posscached = ('domainconfig','domdefaults','ltitools','usersessions', |
my @posscached = ('domainconfig','domdefaults','ltitools','usersessions', |
| 'directorysrch','passwdconf','cats'); |
'directorysrch','passwdconf','cats','proxyalias'); |
| if (keys(%servers)) { |
if (keys(%servers)) { |
| foreach my $server (keys(%servers)) { |
foreach my $server (keys(%servers)) { |
| next if ($thismachine{$server}); |
next if ($thismachine{$server}); |
| my @cached; |
my @cached; |
| foreach my $name (@posscached) { |
foreach my $name (@posscached) { |
| if ($cachekeys->{$name}) { |
if ($cachekeys->{$name}) { |
| push(@cached,&escape($name).':'.&escape($dom)); |
if ($name eq 'proxyalias') { |
| |
if (ref($cachekeys->{$name}) eq 'HASH') { |
| |
foreach my $key (keys(%{$cachekeys->{$name}})) { |
| |
push(@cached,&escape($name).':'.&escape($key)); |
| |
} |
| |
} |
| |
} else { |
| |
push(@cached,&escape($name).':'.&escape($dom)); |
| |
} |
| } |
} |
| } |
} |
| if (@cached) { |
if (@cached) { |
![[BACK]](/icons/back.gif){kind=icon}
Return to domainprefs.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / interface