loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.544 and 1.553

version 1.544, 2018/07/29 03:03:36	version 1.553, 2018/12/03 13:20:21
Line 108 my %perlvar; # Will have the apache co	Line 108 my %perlvar; # Will have the apache co
my %secureconf; # Will have requirements for security	my %secureconf; # Will have requirements for security
# of lond connections	# of lond connections

	my %crlchecked; # Will contain clients for which the client's SSL
	# has been checked against the cluster's Certificate
	# Revocation List.

my $dist;	my $dist;

#	#
Line 172 my @installerrors = ("ok",	Line 176 my @installerrors = ("ok",
# shared ("Access to other domain's content by this domain")	# shared ("Access to other domain's content by this domain")
# enroll ("Enrollment in this domain's courses by others")	# enroll ("Enrollment in this domain's courses by others")
# coaurem ("Co-author roles for this domain's users elsewhere")	# coaurem ("Co-author roles for this domain's users elsewhere")
	# othcoau ("Co-author roles in this domain for others")
# domroles ("Domain roles in this domain assignable to others")	# domroles ("Domain roles in this domain assignable to others")
# catalog ("Course Catalog for this domain displayed elsewhere")	# catalog ("Course Catalog for this domain displayed elsewhere")
# reqcrs ("Requests for creation of courses in this domain by others")	# reqcrs ("Requests for creation of courses in this domain by others")
Line 220 my %trust = (	Line 225 my %trust = (
dcmaildump => {remote => 1, domroles => 1},	dcmaildump => {remote => 1, domroles => 1},
dcmailput => {remote => 1, domroles => 1},	dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},	del => {remote => 1, domroles => 1, enroll => 1, content => 1},
	delbalcookie => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used	deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},	devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},	domroleput => {remote => 1, enroll => 1},
Line 230 my %trust = (	Line 236 my %trust = (
edit => {institutiononly => 1}, #not used currently	edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently	eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
egetdom => {remote => 1, domroles => 1, enroll => 1, },	egetdom => {remote => 1, domroles => 1, enroll => 1, },
ekey => {}, #not used currently	ekey => {anywhere => 1},
exit => {anywhere => 1},	exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},	fetchuserfile => {remote => 1, enroll => 1},
get => {remote => 1, domroles => 1, enroll => 1},	get => {remote => 1, domroles => 1, enroll => 1},
Line 295 my %trust = (	Line 301 my %trust = (
store => {remote => 1, enroll => 1, reqcrs => 1,},	store => {remote => 1, enroll => 1, reqcrs => 1,},
studentphoto => {remote => 1, enroll => 1},	studentphoto => {remote => 1, enroll => 1},
sub => {content => 1,},	sub => {content => 1,},
tmpdel => {anywhere => 1},	tmpdel => {institutiononly => 1},
tmpget => {anywhere => 1},	tmpget => {institutiononly => 1},
tmpput => {anywhere => 1},	tmpput => {remote => 1, othcoau => 1},
tokenauthuserfile => {anywhere => 1},	tokenauthuserfile => {anywhere => 1},
unsub => {content => 1,},	unsub => {content => 1,},
update => {shared => 1},	update => {shared => 1},
Line 420 sub SSLConnection {	Line 426 sub SSLConnection {
Debug("Approving promotion -> ssl");	Debug("Approving promotion -> ssl");
# And do so:	# And do so:

	my $CRLFile;
	unless ($crlchecked{$clientname}) {
	$CRLFile = lonssl::CRLFile();
	$crlchecked{$clientname} = 1;
	}

my $SSLSocket = lonssl::PromoteServerSocket($Socket,	my $SSLSocket = lonssl::PromoteServerSocket($Socket,
$CACertificate,	$CACertificate,
$Certificate,	$Certificate,
$KeyFile,	$KeyFile,
$clientname);	$clientname,
	$CRLFile,
	$clientversion);
if(! ($SSLSocket) ) { # SSL socket promotion failed.	if(! ($SSLSocket) ) { # SSL socket promotion failed.
my $err = lonssl::LastError();	my $err = lonssl::LastError();
&logthis("<font color=\"red\"> CRITICAL "	&logthis("<font color=\"red\"> CRITICAL "
Line 780 sub ConfigFileFromSelector {	Line 794 sub ConfigFileFromSelector {
my $selector = shift;	my $selector = shift;
my $tablefile;	my $tablefile;

my $tabledir = $perlvar{'lonTabDir'}.'/';	if ($selector eq 'loncapaCAcrl') {
if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|	my $tabledir = $perlvar{'lonCertificateDirectory'};
($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {	if (-d $tabledir) {
$tablefile = $tabledir.$selector.'.tab';	$tablefile = $tabledir.'/'.$selector.'.pem';
	}
	} else {
	my $tabledir = $perlvar{'lonTabDir'}.'/';
	if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|
	($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {
	$tablefile = $tabledir.$selector.'.tab';
	}
}	}
return $tablefile;	return $tablefile;
}	}
Line 807 sub PushFile {	Line 828 sub PushFile {
my ($command, $filename, $contents) = split(":", $request, 3);	my ($command, $filename, $contents) = split(":", $request, 3);
&Debug("PushFile");	&Debug("PushFile");

# At this point in time, pushes for only the following tables are	# At this point in time, pushes for only the following tables and
# supported:	# CRL file are supported:
# hosts.tab ($filename eq host).	# hosts.tab ($filename eq host).
# domain.tab ($filename eq domain).	# domain.tab ($filename eq domain).
# dns_hosts.tab ($filename eq dns_host).	# dns_hosts.tab ($filename eq dns_host).
# dns_domain.tab ($filename eq dns_domain).	# dns_domain.tab ($filename eq dns_domain).
	# loncapaCAcrl.pem ($filename eq loncapaCAcrl);
# Construct the destination filename or reject the request.	# Construct the destination filename or reject the request.
#	#
# lonManage is supposed to ensure this, however this session could be	# lonManage is supposed to ensure this, however this session could be
Line 833 sub PushFile {	Line 855 sub PushFile {

if($filename eq "host") {	if($filename eq "host") {
$contents = AdjustHostContents($contents);	$contents = AdjustHostContents($contents);
} elsif ($filename eq 'dns_host' \|\| $filename eq 'dns_domain') {	} elsif (($filename eq 'dns_host') \|\| ($filename eq 'dns_domain') \|\|
	($filename eq 'loncapaCAcrl')) {
if ($contents eq '') {	if ($contents eq '') {
&logthis('<font color="red"> Pushfile: unable to install '	&logthis('<font color="red"> Pushfile: unable to install '
.$tablefile." - no data received from push. </font>");	.$tablefile." - no data received from push. </font>");
Line 844 sub PushFile {	Line 867 sub PushFile {
if ($managers{$clientip} eq $clientname) {	if ($managers{$clientip} eq $clientname) {
my $clientprotocol = $Apache::lonnet::protocol{$clientname};	my $clientprotocol = $Apache::lonnet::protocol{$clientname};
$clientprotocol = 'http' if ($clientprotocol ne 'https');	$clientprotocol = 'http' if ($clientprotocol ne 'https');
my $url = '/adm/'.$filename;	my $url;
$url =~ s{_}{/};	if ($filename eq 'loncapaCAcrl') {
	$url = '/adm/dns/loncapaCRL';
	} else {
	$url = '/adm/'.$filename;
	$url =~ s{_}{/};
	}
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");	my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);	my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
if ($response->is_error()) {	if ($response->is_error()) {
Line 1883 sub ls3_handler {	Line 1911 sub ls3_handler {
my $rights;	my $rights;
my $ulsout='';	my $ulsout='';
my $ulsfn;	my $ulsfn;

	my ($crscheck,$toplevel,$currdom,$currnum,$skip);
	unless ($islocal) {
	my ($major,$minor) = split(/\./,$clientversion);
	if (($major < 2) \|\| ($major == 2 && $minor < 12)) {
	$crscheck = 1;
	}
	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
Line 1892 sub ls3_handler {	Line 1928 sub ls3_handler {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
if (opendir(LSDIR,$ulsdir)) {	if (($crscheck) &&
	($ulsdir =~ m{^/home/httpd/html/res/($LONCAPA::match_domain)(/?$\|/$LONCAPA::match_courseid)})) {
	($currdom,my $posscnum) = ($1,$2);
	if (($posscnum eq '') \|\| ($posscnum eq '/')) {
	$toplevel = 1;
	} else {
	$posscnum =~ s{^/+}{};
	if (&LONCAPA::Lond::is_course($currdom,$posscnum)) {
	$skip = 1;
	}
	}
	}
	if ((!$skip) && (opendir(LSDIR,$ulsdir))) {
while ($ulsfn=readdir(LSDIR)) {	while ($ulsfn=readdir(LSDIR)) {
	if (($crscheck) && ($toplevel) && ($currdom ne '') &&
	($ulsfn =~ /^$LONCAPA::match_courseid$/) && (-d "$ulsdir/$ulsfn")) {
	if (&LONCAPA::Lond::is_course($currdom,$ulsfn)) {
	next;
	}
	}
undef($obs);	undef($obs);
undef($rights);	undef($rights);
my @ulsstats=stat($ulsdir.'/'.$ulsfn);	my @ulsstats=stat($ulsdir.'/'.$ulsfn);
Line 2071 sub server_distarch_handler {	Line 2125 sub server_distarch_handler {
sub server_certs_handler {	sub server_certs_handler {
my ($cmd,$tail,$client) = @_;	my ($cmd,$tail,$client) = @_;
my $userinput = "$cmd:$tail";	my $userinput = "$cmd:$tail";
my $result;	my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
my $result = &LONCAPA::Lond::server_certs(\%perlvar);	my $result = &LONCAPA::Lond::server_certs(\%perlvar,$perlvar{'lonHostID'},$hostname);
&Reply($client,\$result,$userinput);	&Reply($client,\$result,$userinput);
return;	return;
}	}
Line 5469 sub tmp_del_handler {	Line 5523 sub tmp_del_handler {
&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);	&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);

#	#
	# Process the delbalcookie command. This command deletes a balancer
	# cookie in the lonBalancedir directory created by switchserver
	#
	# Parameters:
	# $cmd - Command that got us here.
	# $cookie - Cookie to be deleted.
	# $client - socket open on the client process.
	#
	# Returns:
	# 1 - Indicating processing should continue.
	# Side Effects:
	# A cookie file is deleted from the lonBalancedir directory
	# A reply is sent to the client.
	sub del_balcookie_handler {
	my ($cmd, $cookie, $client) = @_;

	my $userinput= "$cmd:$cookie";

	chomp($cookie);
	my $deleted = '';
	if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
	my $execdir=$perlvar{'lonBalanceDir'};
	if (-e "$execdir/$cookie.id") {
	if (open(my $fh,'<',"$execdir/$cookie.id")) {
	my $dodelete;
	while (my $line = <$fh>) {
	chomp($line);
	if ($line eq $clientname) {
	$dodelete = 1;
	last;
	}
	}
	close($fh);
	if ($dodelete) {
	if (unlink("$execdir/$cookie.id")) {
	$deleted = 1;
	}
	}
	}
	}
	}
	if ($deleted) {
	&Reply($client, "ok\n", $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
	"while attempting delbalcookie\n", $userinput);
	}
	return 1;
	}
	&register_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);

	#
# Processes the setannounce command. This command	# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of	# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is	# the documentn root and sets its contents. The announce.txt file is
Line 6858 my $wwwid=getpwnam('www');	Line 6964 my $wwwid=getpwnam('www');
if ($wwwid!=$<) {	if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";	my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";	my $subj="LON: $currenthostid User ID mismatch";
system("echo 'User ID mismatch. lond must be run as user www.' \|\	system("echo 'User ID mismatch. lond must be run as user www.' \|".
mailto $emailto -s '$subj' > /dev/null");	" mail -s '$subj' $emailto > /dev/null");
exit 1;	exit 1;
}	}

Line 6993 sub UpdateHosts {	Line 7099 sub UpdateHosts {

my %oldconf = %secureconf;	my %oldconf = %secureconf;
my %connchange;	my %connchange;
if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	if (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
logthis('<font color="blue"> Reloaded SSL connection rules </font>');	logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');
} else {	} else {
logthis('<font color="yellow"> Failed to reload SSL connection rules </font>');	logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');
}	}
if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {	if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {
foreach my $type ('dom','intdom','other') {	foreach my $type ('dom','intdom','other') {
Line 7275 if ($arch eq 'unknown') {	Line 7381 if ($arch eq 'unknown') {
chomp($arch);	chomp($arch);
}	}

unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	unless (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');	&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
}	}

Line 8884 is closed and the child exits.	Line 8990 is closed and the child exits.
=item Red CRITICAL Can't get key file <error>	=item Red CRITICAL Can't get key file <error>

SSL key negotiation is being attempted but the call to	SSL key negotiation is being attempted but the call to
lonssl::KeyFile failed. This usually means that the	lonssl::KeyFile failed. This usually means that the
configuration file is not correctly defining or protecting	configuration file is not correctly defining or protecting
the directories/files lonCertificateDirectory or	the directories/files lonCertificateDirectory or
lonnetPrivateKey	lonnetPrivateKey

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.544
changed lines
	Added in v.1.553