--- loncom/lond	2020/01/13 13:41:24	1.489.2.35
+++ loncom/lond	2020/10/26 04:08:56	1.489.2.35.2.3
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.489.2.35 2020/01/13 13:41:24 raeburn Exp $
+# $Id: lond,v 1.489.2.35.2.3 2020/10/26 04:08:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -63,7 +63,7 @@ my $DEBUG = 0;		       # Non zero to ena
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.489.2.35 $'; #' stupid emacs
+my $VERSION='$Revision: 1.489.2.35.2.3 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid="default";
 my $currentdomainid;
@@ -4576,6 +4576,44 @@ sub course_lastaccess_handler {
 }
 &register_handler("courselastaccess",\&course_lastaccess_handler, 0, 1, 0);
 
+sub course_sessions_handler {
+    my ($cmd, $tail, $client) = @_;
+    my $userinput = "$cmd:$tail";
+    my ($cdom,$cnum,$lastactivity) = split(':',$tail);
+    my $dbsuffix = '_'.$cdom.'_'.$cnum.'.db';
+    my (%sessions,$qresult);
+    my $now=time;
+    if (opendir(DIR,$perlvar{'lonIDsDir'})) {
+        my $filename;
+        while ($filename=readdir(DIR)) {
+            next if ($filename=~/^\./);
+            next if ($filename=~/^publicuser_/);
+            next if ($filename=~/^[a-f0-9]+_(linked|lti_\d+)\.id$/);
+            if ($filename =~ /^($LONCAPA::match_username)_\d+_($LONCAPA::match_domain)_/) {
+                my ($uname,$udom) = ($1,$2);
+                next unless (-e "$perlvar{'lonDaemons'}/tmp/$uname$dbsuffix");
+                my $mtime = (stat("$perlvar{'lonIDsDir'}/$filename"))[9];
+                if ($lastactivity < 0) {
+                    next if ($mtime-$now > $lastactivity);
+                } else {
+                    next if ($now-$mtime > $lastactivity);
+                }
+                $sessions{$uname.':'.$udom} = $mtime;
+            }
+        }
+        closedir(DIR);
+    }
+    foreach my $user (keys(%sessions)) {
+        $qresult.=&escape($user).'='.$sessions{$user}.'&';
+    }
+    if ($qresult) {
+        chop($qresult);
+    }
+    &Reply($client, \$qresult, $userinput);
+    return 1;
+}
+&register_handler("coursesessions",\&course_sessions_handler, 0, 1, 0);
+
 #
 # Puts an unencrypted entry in a namespace db file at the domain level 
 #
@@ -4646,6 +4684,40 @@ sub get_domain_handler {
 
     my ($udom,$namespace,$what)=split(/:/,$tail,3);
     chomp($what);
+    if ($namespace =~ /^enc/) {
+        &Failure( $client, "refused\n", $userinput);
+    } else {
+        my @queries=split(/\&/,$what);
+        my $qresult='';
+        my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
+        if ($hashref) {
+            for (my $i=0;$i<=$#queries;$i++) {
+                $qresult.="$hashref->{$queries[$i]}&";
+            }
+            if (&untie_domain_hash($hashref)) {
+                $qresult=~s/\&$//;
+                &Reply($client, \$qresult, $userinput);
+            } else {
+                &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
+                          "while attempting getdom\n",$userinput);
+            }
+        } else {
+            &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
+                     "while attempting getdom\n",$userinput);
+        }
+    }
+
+    return 1;
+}
+&register_handler("getdom", \&get_domain_handler, 0, 1, 0);
+
+sub encrypted_get_domain_handler {
+    my ($cmd, $tail, $client) = @_;
+
+    my $userinput = "$cmd:$tail";
+
+    my ($udom,$namespace,$what)=split(/:/,$tail,3);
+    chomp($what);
     my @queries=split(/\&/,$what);
     my $qresult='';
     my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
@@ -4655,19 +4727,31 @@ sub get_domain_handler {
         }
         if (&untie_domain_hash($hashref)) {
             $qresult=~s/\&$//;
-            &Reply($client, \$qresult, $userinput);
+            if ($cipher) {
+                my $cmdlength=length($qresult);
+                $qresult.="         ";
+                my $encqresult='';
+                for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                    $encqresult.= unpack("H16",
+                                         $cipher->encrypt(substr($qresult,
+                                                                 $encidx,
+                                                                 8)));
+                }
+                &Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
+            } else {
+                &Failure( $client, "error:no_key\n", $userinput);
+            }
         } else {
             &Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
-                      "while attempting getdom\n",$userinput);
+                      "while attempting egetdom\n",$userinput);
         }
     } else {
         &Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
-                 "while attempting getdom\n",$userinput);
+                 "while attempting egetdom\n",$userinput);
     }
-
     return 1;
 }
-&register_handler("getdom", \&get_domain_handler, 0, 1, 0);
+&register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
 
 #
 #  Puts an id to a domains id database. 
@@ -5185,8 +5269,65 @@ sub tmp_del_handler {
 &register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);
 
 #
+#  Process the updatebalcookie command.  This command updates a
+#  cookie in the lonBalancedir directory on a load balancer node.
+#
+# Parameters:
+#   $cmd      - Command that got us here.
+#   $tail     - Tail of the request (escaped cookie: escaped current entry)
+#
+#   $client   - socket open on the client process.
+#
+# Returns:
+#   1     - Indicating processing should continue.
+# Side Effects:
+#   A cookie file is updated from the lonBalancedir directory
+#   A reply is sent to the client.
+#
+sub update_balcookie_handler {
+    my ($cmd, $tail, $client) = @_;
+
+    my $userinput= "$cmd:$tail";
+    chomp($tail);
+    my ($cookie,$lastentry) = map { &unescape($_) } (split(/:/,$tail));
+
+    my $updatedone;
+    if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
+        my $execdir=$perlvar{'lonBalanceDir'};
+        if (-e "$execdir/$cookie.id") {
+            my $doupdate;
+            if (open(my $fh,'<',"$execdir/$cookie.id")) {
+                while (my $line = <$fh>) {
+                    chomp($line);
+                    if ($line eq $lastentry) {
+                        $doupdate = 1;
+                        last;
+                    }
+                }
+                close($fh);
+            }
+            if ($doupdate) {
+                if (open(my $fh,'>',"$execdir/$cookie.id")) {
+                    print $fh $clientname;
+                    close($fh);
+                    $updatedone = 1;
+                }
+            }
+        }
+    }
+    if ($updatedone) {
+        &Reply($client, "ok\n", $userinput);
+    } else {
+        &Failure( $client, "error: ".($!+0)."file update failed ".
+                  "while attempting updatebalcookie\n", $userinput);
+    }
+    return 1;
+}
+&register_handler("updatebalcookie", \&update_balcookie_handler, 0, 1, 0);
+
+#
 #  Process the delbalcookie command. This command deletes a balancer
-#  cookie in the lonBalancedir directory created by switchserver
+#  cookie in the lonBalancedir directory on a load balancer node.
 #
 # Parameters:
 #   $cmd      - Command that got us here.
@@ -5204,6 +5345,7 @@ sub del_balcookie_handler {
     my $userinput= "$cmd:$cookie";
 
     chomp($cookie);
+    $cookie = &unescape($cookie);
     my $deleted = '';
     if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
         my $execdir=$perlvar{'lonBalanceDir'};