--- loncom/loncron 2018/07/18 13:44:55 1.106 +++ loncom/loncron 2018/08/07 17:12:09 1.107 @@ -2,7 +2,7 @@ # Housekeeping program, started by cron, loncontrol and loncron.pl # -# $Id: loncron,v 1.106 2018/07/18 13:44:55 raeburn Exp $ +# $Id: loncron,v 1.107 2018/08/07 17:12:09 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -165,6 +165,9 @@ sub checkon_daemon { &log($fh,unlink($pidfile).' - '. `killall -9 $kadaemon 2>&1`. '
'); + if ($kadaemon eq 'loncnew') { + &clean_lonc_childpids(); + } &log($fh,"

$daemon not running, trying to start

"); if (&start_daemon($fh,$daemon,$pidfile,$args)) { @@ -821,8 +824,39 @@ sub write_checksums { return; } +sub clean_nosslverify { + my ($fh) = @_; + my %unlinked; + if (-d "$perlvar{'lonSockDir'}/nosslverify") { + if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + if (unlink("/home/httpd/sockets/nosslverify/$fname")) { + &log($fh,"Unlinking $fname
"); + $unlinked{$fname} = 1; + } + } + closedir($dh); + } + } + &log($fh,"

Removed ".scalar(keys(%unlinked))." nosslverify clients

"); + return %unlinked; +} +sub clean_lonc_childpids { + my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld"; + if (-d $childpiddir) { + if (opendir(my $dh,$childpiddir)) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + unlink("$childpiddir/$fname"); + } + closedir($dh); + } + } +} + sub write_connection_config { - my ($isprimary,$domconf,$url,%connectssl); + my ($isprimary,$domconf,$url,%connectssl,%changes); my $primaryLibServer = &Apache::lonnet::domain($perlvar{'lonDefDomain'},'primary'); if ($primaryLibServer eq $perlvar{'lonHostID'}) { $isprimary = 1; @@ -849,10 +883,30 @@ sub write_connection_config { } } if (keys(%connectssl)) { - if (open(my $fh,">$perlvar{'lonTabDir'}/connectionrules.tab")) { + my %currconf; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/=/,$line); + if ($value =~ /^(?:no|yes|req)$/) { + if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { + $currconf{$name} = $value; + } + } + } + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) { my $count = 0; foreach my $key (sort(keys(%connectssl))) { print $fh "$key=$connectssl{$key}\n"; + if (exists($currconf{$key})) { + unless ($currconf{$key} eq $connectssl{$key}) { + $changes{$key} = 1; + } + } else { + $changes{$key} = 1; + } $count ++; } close($fh); @@ -864,6 +918,7 @@ sub write_connection_config { } else { print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n"; } + return %changes; } sub get_domain_config { @@ -917,9 +972,21 @@ sub write_hosttypes { my %hostdom = &Apache::lonnet::all_host_domain(); my $dom = $hostdom{$perlvar{'lonHostID'}}; my $internetdom = $intdom{$perlvar{'lonHostID'}}; + my %changes; if (($dom ne '') && ($internetdom ne '')) { if (keys(%hostdom)) { - if (open(my $fh,">$perlvar{'lonTabDir'}/hosttypes.tab")) { + my %currhosttypes; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/:/,$line); + if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { + $currhosttypes{$name} = $value; + } + } + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) { my $count = 0; foreach my $lonid (sort(keys(%hostdom))) { my $type = 'other'; @@ -929,6 +996,13 @@ sub write_hosttypes { $type = 'intdom'; } print $fh "$lonid:$type\n"; + if (exists($currhosttypes{$lonid})) { + if ($type ne $currhosttypes{$lonid}) { + $changes{$lonid} = 1; + } + } else { + $changes{$lonid} = 1; + } $count ++; } close($fh); @@ -940,14 +1014,72 @@ sub write_hosttypes { } else { print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n"; } + return %changes; } sub update_revocation_list { - if (&Apache::lonnet::fetch_crl_pemfile() eq 'ok') { + my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile(); + if ($result eq 'ok') { print "Certificate Revocation List (from CA) updated.\n"; } else { print "Certificate Revocation List from (CA) not updated.\n"; } + return $changed; +} + +sub reset_nosslverify_pids { + my (%sslrem) = @_; + &checkon_daemon($fh,'lond',40000,'USR2'); + my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid"; + my $loncppid; + if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) { + $loncppid=<$pfh>; + chomp($loncppid); + close($pfh); + if ($loncppid =~ /^\d+$/) { + my %pids_by_host; + my $docdir = $perlvar{'lonDocRoot'}; + if (-d "$docdir/lon-status/loncchld") { + if (opendir(my $dh,"$docdir/lon-status/loncchld")) { + while (my $file = readdir($dh)) { + next if ($file =~ /^\./); + if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) { + my $record = <$fh>; + chomp($record); + close($fh); + my ($remotehost,$authmode) = split(/:/,$record); + $pids_by_host{$remotehost}{$authmode}{$file} = 1; + } + } + closedir($dh); + if (keys(%pids_by_host)) { + foreach my $host (keys(%pids_by_host)) { + if ($sslrem{$host}) { + if (ref($pids_by_host{$host}) eq 'HASH') { + if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') { + if (keys($pids_by_host{$host}{'insecure'})) { + foreach my $pid (keys($pids_by_host{$host}{'insecure'})) { + if (open(PIPE,"ps -o ppid= -p $pid |")) { + my $ppid = ; + chomp($ppid); + close(PIPE); + $ppid =~ s/(^\s+|\s+$)//g; + if (($ppid == $loncppid) && (kill 0 => $pid)) { + kill QUIT => $pid; + } + } + } + } + } + } + } + } + } + } + } + } + } + return; } sub send_mail { @@ -1125,8 +1257,10 @@ sub main () { &checkon_daemon($fh,'lonr',40000); } if ($justreload) { + &clean_nosslverify($fh); &write_connection_config(); &write_hosttypes(); + &update_revocation_list(); &checkon_daemon($fh,'lond',40000,'USR2'); &checkon_daemon($fh,'lonc',40000,'USR2'); } @@ -1135,14 +1269,20 @@ sub main () { } if (!$justcheckdaemons && !$justcheckconnections && !$justreload) { &check_delayed_msg($fh); - &finish_logging($fh); &log_simplestatus(); &write_loncaparevs(); &write_serverhomeIDs(); &write_checksums(); - &write_connection_config(); - &write_hosttypes(); - &update_revocation_list(); + my %sslrem = &clean_nosslverify($fh); + &finish_logging($fh); + my %conchgs = &write_connection_config(); + my %hosttypechgs = &write_hosttypes(); + my $hadcrlchg = &update_revocation_list(); + if ((keys(%{$conchgs}) > 0) || (keys(%hosttypechgs) > 0) || + $hadcrlchg || (keys(%sslrem) > 0)) { + &checkon_daemon($fh,'lond',40000,'USR2'); + &reset_nosslverify_pids(%sslrem); + } if ($totalcount>200 && !$noemail) { &send_mail(); } } }