loncom/lond - diff

Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.535 and 1.554

version 1.535, 2017/03/20 13:53:22	version 1.554, 2018/12/03 19:32:51
Line 108 my %perlvar; # Will have the apache co	Line 108 my %perlvar; # Will have the apache co
my %secureconf; # Will have requirements for security	my %secureconf; # Will have requirements for security
# of lond connections	# of lond connections

	my %crlchecked; # Will contain clients for which the client's SSL
	# has been checked against the cluster's Certificate
	# Revocation List.

my $dist;	my $dist;

#	#
Line 172 my @installerrors = ("ok",	Line 176 my @installerrors = ("ok",
# shared ("Access to other domain's content by this domain")	# shared ("Access to other domain's content by this domain")
# enroll ("Enrollment in this domain's courses by others")	# enroll ("Enrollment in this domain's courses by others")
# coaurem ("Co-author roles for this domain's users elsewhere")	# coaurem ("Co-author roles for this domain's users elsewhere")
	# othcoau ("Co-author roles in this domain for others")
# domroles ("Domain roles in this domain assignable to others")	# domroles ("Domain roles in this domain assignable to others")
# catalog ("Course Catalog for this domain displayed elsewhere")	# catalog ("Course Catalog for this domain displayed elsewhere")
# reqcrs ("Requests for creation of courses in this domain by others")	# reqcrs ("Requests for creation of courses in this domain by others")
Line 220 my %trust = (	Line 225 my %trust = (
dcmaildump => {remote => 1, domroles => 1},	dcmaildump => {remote => 1, domroles => 1},
dcmailput => {remote => 1, domroles => 1},	dcmailput => {remote => 1, domroles => 1},
del => {remote => 1, domroles => 1, enroll => 1, content => 1},	del => {remote => 1, domroles => 1, enroll => 1, content => 1},
	delbalcookie => {institutiononly => 1},
deldom => {remote => 1, domroles => 1}, # not currently used	deldom => {remote => 1, domroles => 1}, # not currently used
devalidatecache => {institutiononly => 1},	devalidatecache => {institutiononly => 1},
domroleput => {remote => 1, enroll => 1},	domroleput => {remote => 1, enroll => 1},
Line 229 my %trust = (	Line 235 my %trust = (
dump => {remote => 1, enroll => 1, domroles => 1},	dump => {remote => 1, enroll => 1, domroles => 1},
edit => {institutiononly => 1}, #not used currently	edit => {institutiononly => 1}, #not used currently
eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently	eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
ekey => {}, #not used currently	egetdom => {remote => 1, domroles => 1, enroll => 1, },
	ekey => {anywhere => 1},
exit => {anywhere => 1},	exit => {anywhere => 1},
fetchuserfile => {remote => 1, enroll => 1},	fetchuserfile => {remote => 1, enroll => 1},
get => {remote => 1, domroles => 1, enroll => 1},	get => {remote => 1, domroles => 1, enroll => 1},
Line 294 my %trust = (	Line 301 my %trust = (
store => {remote => 1, enroll => 1, reqcrs => 1,},	store => {remote => 1, enroll => 1, reqcrs => 1,},
studentphoto => {remote => 1, enroll => 1},	studentphoto => {remote => 1, enroll => 1},
sub => {content => 1,},	sub => {content => 1,},
tmpdel => {anywhere => 1},	tmpdel => {institutiononly => 1},
tmpget => {anywhere => 1},	tmpget => {institutiononly => 1},
tmpput => {anywhere => 1},	tmpput => {remote => 1, othcoau => 1},
tokenauthuserfile => {anywhere => 1},	tokenauthuserfile => {anywhere => 1},
unsub => {content => 1,},	unsub => {content => 1,},
update => {shared => 1},	update => {shared => 1},
Line 419 sub SSLConnection {	Line 426 sub SSLConnection {
Debug("Approving promotion -> ssl");	Debug("Approving promotion -> ssl");
# And do so:	# And do so:

	my $CRLFile;
	unless ($crlchecked{$clientname}) {
	$CRLFile = lonssl::CRLFile();
	$crlchecked{$clientname} = 1;
	}

my $SSLSocket = lonssl::PromoteServerSocket($Socket,	my $SSLSocket = lonssl::PromoteServerSocket($Socket,
$CACertificate,	$CACertificate,
$Certificate,	$Certificate,
$KeyFile);	$KeyFile,
	$clientname,
	$CRLFile,
	$clientversion);
if(! ($SSLSocket) ) { # SSL socket promotion failed.	if(! ($SSLSocket) ) { # SSL socket promotion failed.
my $err = lonssl::LastError();	my $err = lonssl::LastError();
&logthis("<font color=\"red\"> CRITICAL "	&logthis("<font color=\"red\"> CRITICAL "
Line 778 sub ConfigFileFromSelector {	Line 794 sub ConfigFileFromSelector {
my $selector = shift;	my $selector = shift;
my $tablefile;	my $tablefile;

my $tabledir = $perlvar{'lonTabDir'}.'/';	if ($selector eq 'loncapaCAcrl') {
if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|	my $tabledir = $perlvar{'lonCertificateDirectory'};
($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {	if (-d $tabledir) {
$tablefile = $tabledir.$selector.'.tab';	$tablefile = $tabledir.'/'.$selector.'.pem';
	}
	} else {
	my $tabledir = $perlvar{'lonTabDir'}.'/';
	if (($selector eq "hosts") \|\| ($selector eq "domain") \|\|
	($selector eq "dns_hosts") \|\| ($selector eq "dns_domain")) {
	$tablefile = $tabledir.$selector.'.tab';
	}
}	}
return $tablefile;	return $tablefile;
}	}
Line 805 sub PushFile {	Line 828 sub PushFile {
my ($command, $filename, $contents) = split(":", $request, 3);	my ($command, $filename, $contents) = split(":", $request, 3);
&Debug("PushFile");	&Debug("PushFile");

# At this point in time, pushes for only the following tables are	# At this point in time, pushes for only the following tables and
# supported:	# CRL file are supported:
# hosts.tab ($filename eq host).	# hosts.tab ($filename eq host).
# domain.tab ($filename eq domain).	# domain.tab ($filename eq domain).
# dns_hosts.tab ($filename eq dns_host).	# dns_hosts.tab ($filename eq dns_host).
# dns_domain.tab ($filename eq dns_domain).	# dns_domain.tab ($filename eq dns_domain).
	# loncapaCAcrl.pem ($filename eq loncapaCAcrl).
# Construct the destination filename or reject the request.	# Construct the destination filename or reject the request.
#	#
# lonManage is supposed to ensure this, however this session could be	# lonManage is supposed to ensure this, however this session could be
Line 831 sub PushFile {	Line 855 sub PushFile {

if($filename eq "host") {	if($filename eq "host") {
$contents = AdjustHostContents($contents);	$contents = AdjustHostContents($contents);
} elsif ($filename eq 'dns_host' \|\| $filename eq 'dns_domain') {	} elsif (($filename eq 'dns_host') \|\| ($filename eq 'dns_domain') \|\|
	($filename eq 'loncapaCAcrl')) {
if ($contents eq '') {	if ($contents eq '') {
&logthis('<font color="red"> Pushfile: unable to install '	&logthis('<font color="red"> Pushfile: unable to install '
.$tablefile." - no data received from push. </font>");	.$tablefile." - no data received from push. </font>");
Line 842 sub PushFile {	Line 867 sub PushFile {
if ($managers{$clientip} eq $clientname) {	if ($managers{$clientip} eq $clientname) {
my $clientprotocol = $Apache::lonnet::protocol{$clientname};	my $clientprotocol = $Apache::lonnet::protocol{$clientname};
$clientprotocol = 'http' if ($clientprotocol ne 'https');	$clientprotocol = 'http' if ($clientprotocol ne 'https');
my $url = '/adm/'.$filename;	my $url;
$url =~ s{_}{/};	if ($filename eq 'loncapaCAcrl') {
	$url = '/adm/dns/loncapaCRL';
	} else {
	$url = '/adm/'.$filename;
	$url =~ s{_}{/};
	}
my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");	my $request=new HTTP::Request('GET',"$clientprotocol://$clienthost$url");
my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);	my $response = LONCAPA::LWPReq::makerequest($clientname,$request,'',\%perlvar,60,0);
if ($response->is_error()) {	if ($response->is_error()) {
Line 1605 sub du2_handler {	Line 1635 sub du2_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1641 sub ls_handler {	Line 1673 sub ls_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1669 sub ls_handler {	Line 1701 sub ls_handler {
closedir(LSDIR);	closedir(LSDIR);
}	}
} else {	} else {
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {	unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1702 sub ls_handler {	Line 1735 sub ls_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1737 sub ls2_handler {	Line 1772 sub ls2_handler {
}	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	unless (($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles})) {
&Failure($client,"refused\n","$userinput");	&Failure($client,"refused\n","$userinput");
return 1;	return 1;
}	}
Line 1766 sub ls2_handler {	Line 1801 sub ls2_handler {
closedir(LSDIR);	closedir(LSDIR);
}	}
} else {	} else {
unless ($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/}) {	unless (($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/})) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 1791 sub ls2_handler {	Line 1827 sub ls2_handler {
#	#
# 1. for a directory, and the path does not begin with one of:	# 1. for a directory, and the path does not begin with one of:
# (a) /home/httpd/html/res/<domain>	# (a) /home/httpd/html/res/<domain>
# (b) /home/httpd/html/res/userfiles/	# (b) /home/httpd/html/userfiles/
# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles	# (c) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/userfiles
# (d) /home/httpd/html/priv/<domain>/ and client is the homeserver	# (d) /home/httpd/html/priv/<domain> and client is the homeserver
#	#
# or is:	# or is:
#	#
# 2. for a file, and the path (after prepending) does not begin with:	# 2. for a file, and the path (after prepending) does not begin with one of:
# /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/	# (a) /home/httpd/lonUsers/<domain>/<1>/<2>/<3>/<username>/
	# (b) /home/httpd/html/res/<domain>/<username>/
	# (c) /home/httpd/html/userfiles/<domain>/<username>/
	# (d) /home/httpd/html/priv/<domain>/<username>/ and client is the homeserver
#	#
# the response will be "refused".	# the response will be "refused".
#	#
Line 1872 sub ls3_handler {	Line 1911 sub ls3_handler {
my $rights;	my $rights;
my $ulsout='';	my $ulsout='';
my $ulsfn;	my $ulsfn;

	my ($crscheck,$toplevel,$currdom,$currnum,$skip);
	unless ($islocal) {
	my ($major,$minor) = split(/\./,$clientversion);
	if (($major < 2) \|\| ($major == 2 && $minor < 12)) {
	$crscheck = 1;
	}
	}
if (-e $ulsdir) {	if (-e $ulsdir) {
if(-d $ulsdir) {	if(-d $ulsdir) {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
($ulsdir =~ m{/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|	($ulsdir =~ m{^/home/httpd/html/(res/$LONCAPA::match_domain\|userfiles/)}) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/userfiles/}) \|\|	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/userfiles}) \|\|
(($ulsdir =~ m{/home/httpd/html/priv/$LONCAPA::match_domain/}) && ($islocal))) {	(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain}) && ($islocal))) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
if (opendir(LSDIR,$ulsdir)) {	if (($crscheck) &&
	($ulsdir =~ m{^/home/httpd/html/res/($LONCAPA::match_domain)(/?$\|/$LONCAPA::match_courseid)})) {
	($currdom,my $posscnum) = ($1,$2);
	if (($posscnum eq '') \|\| ($posscnum eq '/')) {
	$toplevel = 1;
	} else {
	$posscnum =~ s{^/+}{};
	if (&LONCAPA::Lond::is_course($currdom,$posscnum)) {
	$skip = 1;
	}
	}
	}
	if ((!$skip) && (opendir(LSDIR,$ulsdir))) {
while ($ulsfn=readdir(LSDIR)) {	while ($ulsfn=readdir(LSDIR)) {
	if (($crscheck) && ($toplevel) && ($currdom ne '') &&
	($ulsfn =~ /^$LONCAPA::match_courseid$/) && (-d "$ulsdir/$ulsfn")) {
	if (&LONCAPA::Lond::is_course($currdom,$ulsfn)) {
	next;
	}
	}
undef($obs);	undef($obs);
undef($rights);	undef($rights);
my @ulsstats=stat($ulsdir.'/'.$ulsfn);	my @ulsstats=stat($ulsdir.'/'.$ulsfn);
Line 1906 sub ls3_handler {	Line 1971 sub ls3_handler {
}	}
} else {	} else {
unless (($getpropath) \|\| ($getuserdir) \|\|	unless (($getpropath) \|\| ($getuserdir) \|\|
($ulsdir =~ m{/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_username/})) {	($ulsdir =~ m{^/home/httpd/lonUsers/$LONCAPA::match_domain(?:/[\w\-.@]){3}/$LONCAPA::match_name/}) \|\|
	($ulsdir =~ m{^/home/httpd/html/(?:res\|userfiles)/$LONCAPA::match_domain/$LONCAPA::match_name/}) \|\|
	(($ulsdir =~ m{^/home/httpd/html/priv/$LONCAPA::match_domain/$LONCAPA::match_name/}) && ($islocal))) {
&Failure($client,"refused\n",$userinput);	&Failure($client,"refused\n",$userinput);
return 1;	return 1;
}	}
Line 2058 sub server_distarch_handler {	Line 2125 sub server_distarch_handler {
sub server_certs_handler {	sub server_certs_handler {
my ($cmd,$tail,$client) = @_;	my ($cmd,$tail,$client) = @_;
my $userinput = "$cmd:$tail";	my $userinput = "$cmd:$tail";
my $result;	my $hostname = &Apache::lonnet::hostname($perlvar{'lonHostID'});
my $result = &LONCAPA::Lond::server_certs(\%perlvar);	my $result = &LONCAPA::Lond::server_certs(\%perlvar,$perlvar{'lonHostID'},$hostname);
&Reply($client,\$result,$userinput);	&Reply($client,\$result,$userinput);
return;	return;
}	}
Line 2590 sub update_resource_handler {	Line 2657 sub update_resource_handler {
my $transname="$fname.in.transfer";	my $transname="$fname.in.transfer";
my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname");	my $remoteurl=&Apache::lonnet::reply("sub:$fname","$clientname");
my $response;	my $response;
# FIXME: cannot replicate files that take more than two minutes to transfer?	# FIXME: cannot replicate files that take more than two minutes to transfer -- needs checking now 1200s timeout used
# alarm(120);	# for LWP request.
# FIXME: this should use the LWP mechanism, not internal alarms.	my $request=new HTTP::Request('GET',"$remoteurl");
alarm(1200);	$response=&LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,0,1);
{
my $request=new HTTP::Request('GET',"$remoteurl");
$response=&LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,0,1);
}
alarm(0);
if ($response->is_error()) {	if ($response->is_error()) {
# FIXME: we should probably clean up here instead of just whine	my $reply=&Apache::lonnet::reply("unsub:$fname","$clientname");
unlink($transname);	&devalidate_meta_cache($fname);
	if (-e $transname) {
	unlink($transname);
	}
	unlink($fname);
my $message=$response->status_line;	my $message=$response->status_line;
&logthis("LWP GET: $message for $fname ($remoteurl)");	&logthis("LWP GET: $message for $fname ($remoteurl)");
} else {	} else {
if ($remoteurl!~/\.meta$/) {	if ($remoteurl!~/\.meta$/) {
# FIXME: isn't there an internal LWP mechanism for this?	my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');
alarm(120);	my $mresponse = &LONCAPA::LWPReq::makerequest($clientname,$mrequest,$fname.'.meta',\%perlvar,120,0,1);
{	if ($mresponse->is_error()) {
my $mrequest=new HTTP::Request('GET',$remoteurl.'.meta');	unlink($fname.'.meta');
my $mresponse = &LONCAPA::LWPReq::makerequest($clientname,$mrequest,$fname.'.meta',\%perlvar,120,0,1);
if ($mresponse->is_error()) {
unlink($fname.'.meta');
}
}	}
alarm(0);
}	}
# we successfully transfered, copy file over to real name	# we successfully transfered, copy file over to real name
rename($transname,$fname);	rename($transname,$fname);
Line 2685 sub fetch_user_file_handler {	Line 2746 sub fetch_user_file_handler {
my $remoteurl=$clientprotocol.'://'.$clienthost.'/userfiles/'.$fname;	my $remoteurl=$clientprotocol.'://'.$clienthost.'/userfiles/'.$fname;
my $response;	my $response;
Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");	Debug("Remote URL : $remoteurl Transfername $transname Destname: $destname");
alarm(1200);	my $request=new HTTP::Request('GET',"$remoteurl");
{	my $verifycert = 1;
my $request=new HTTP::Request('GET',"$remoteurl");	my @machine_ids = &Apache::lonnet::current_machine_ids();
my $verifycert = 1;	if (grep(/^\Q$clientname\E$/,@machine_ids)) {
my @machine_ids = &Apache::lonnet::current_machine_ids();	$verifycert = 0;
if (grep(/^\Q$clientname\E$/,@machine_ids)) {	}
$verifycert = 0;	$response = &LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,$verifycert);
}
$response = &LONCAPA::LWPReq::makerequest($clientname,$request,$transname,\%perlvar,1200,$verifycert);
}
alarm(0);
if ($response->is_error()) {	if ($response->is_error()) {
unlink($transname);	unlink($transname);
my $message=$response->status_line;	my $message=$response->status_line;
Line 3393 sub get_profile_entry {	Line 3450 sub get_profile_entry {
#	#
# Parameters:	# Parameters:
# $cmd - Command keyword of request (eget).	# $cmd - Command keyword of request (eget).
# $tail - Tail of the command. See GetProfileEntry # for more information about this.	# $tail - Tail of the command. See GetProfileEntry
	# for more information about this.
# $client - File open on the client.	# $client - File open on the client.
# Returns:	# Returns:
# 1 - Continue processing	# 1 - Continue processing
Line 4876 sub get_domain_handler {	Line 4934 sub get_domain_handler {
my ($cmd, $tail, $client) = @_;	my ($cmd, $tail, $client) = @_;


my $userinput = "$client:$tail";	my $userinput = "$cmd:$tail";

	my ($udom,$namespace,$what)=split(/:/,$tail,3);
	chomp($what);
	if ($namespace =~ /^enc/) {
	&Failure( $client, "refused\n", $userinput);
	} else {
	my @queries=split(/\&/,$what);
	my $qresult='';
	my $hashref = &tie_domain_hash($udom, "$namespace", &GDBM_READER());
	if ($hashref) {
	for (my $i=0;$i<=$#queries;$i++) {
	$qresult.="$hashref->{$queries[$i]}&";
	}
	if (&untie_domain_hash($hashref)) {
	$qresult=~s/\&$//;
	&Reply($client, \$qresult, $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
	"while attempting getdom\n",$userinput);
	}
	} else {
	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
	"while attempting getdom\n",$userinput);
	}
	}

	return 1;
	}
	&register_handler("getdom", \&get_domain_handler, 0, 1, 0);

	sub encrypted_get_domain_handler {
	my ($cmd, $tail, $client) = @_;

	my $userinput = "$cmd:$tail";

my ($udom,$namespace,$what)=split(/:/,$tail,3);	my ($udom,$namespace,$what)=split(/:/,$tail,3);
chomp($what);	chomp($what);
Line 4889 sub get_domain_handler {	Line 4981 sub get_domain_handler {
}	}
if (&untie_domain_hash($hashref)) {	if (&untie_domain_hash($hashref)) {
$qresult=~s/\&$//;	$qresult=~s/\&$//;
&Reply($client, \$qresult, $userinput);	if ($cipher) {
	my $cmdlength=length($qresult);
	$qresult.=" ";
	my $encqresult='';
	for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
	$encqresult.= unpack("H16",
	$cipher->encrypt(substr($qresult,
	$encidx,
	8)));
	}
	&Reply( $client, "enc:$cmdlength:$encqresult\n", $userinput);
	} else {
	&Failure( $client, "error:no_key\n", $userinput);
	}
} else {	} else {
&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".	&Failure( $client, "error: ".($!+0)." untie(GDBM) Failed ".
"while attempting getdom\n",$userinput);	"while attempting egetdom\n",$userinput);
}	}
} else {	} else {
&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".	&Failure($client, "error: ".($!+0)." tie(GDBM) Failed ".
"while attempting getdom\n",$userinput);	"while attempting egetdom\n",$userinput);
}	}

return 1;	return 1;
}	}
&register_handler("getdom", \&get_domain_handler, 0, 1, 0);	&register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);

#	#
# Puts an id to a domains id database.	# Puts an id to a domains id database.
Line 5419 sub tmp_del_handler {	Line 5523 sub tmp_del_handler {
&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);	&register_handler("tmpdel", \&tmp_del_handler, 0, 1, 0);

#	#
	# Process the delbalcookie command. This command deletes a balancer
	# cookie in the lonBalancedir directory created by switchserver
	#
	# Parameters:
	# $cmd - Command that got us here.
	# $cookie - Cookie to be deleted.
	# $client - socket open on the client process.
	#
	# Returns:
	# 1 - Indicating processing should continue.
	# Side Effects:
	# A cookie file is deleted from the lonBalancedir directory
	# A reply is sent to the client.
	sub del_balcookie_handler {
	my ($cmd, $cookie, $client) = @_;

	my $userinput= "$cmd:$cookie";

	chomp($cookie);
	my $deleted = '';
	if ($cookie =~ /^$LONCAPA::match_domain\_$LONCAPA::match_username\_[a-f0-9]{32}$/) {
	my $execdir=$perlvar{'lonBalanceDir'};
	if (-e "$execdir/$cookie.id") {
	if (open(my $fh,'<',"$execdir/$cookie.id")) {
	my $dodelete;
	while (my $line = <$fh>) {
	chomp($line);
	if ($line eq $clientname) {
	$dodelete = 1;
	last;
	}
	}
	close($fh);
	if ($dodelete) {
	if (unlink("$execdir/$cookie.id")) {
	$deleted = 1;
	}
	}
	}
	}
	}
	if ($deleted) {
	&Reply($client, "ok\n", $userinput);
	} else {
	&Failure( $client, "error: ".($!+0)."Unlinking cookie file Failed ".
	"while attempting delbalcookie\n", $userinput);
	}
	return 1;
	}
	&register_handler("delbalcookie", \&del_balcookie_handler, 0, 1, 0);

	#
# Processes the setannounce command. This command	# Processes the setannounce command. This command
# creates a file named announce.txt in the top directory of	# creates a file named announce.txt in the top directory of
# the documentn root and sets its contents. The announce.txt file is	# the documentn root and sets its contents. The announce.txt file is
Line 5697 sub validate_course_section_handler {	Line 5853 sub validate_course_section_handler {
# Formal Parameters:	# Formal Parameters:
# $cmd - The command request that got us dispatched.	# $cmd - The command request that got us dispatched.
# $tail - The tail of the command. In this case this is a colon separated	# $tail - The tail of the command. In this case this is a colon separated
# set of words that will be split into:	# set of values that will be split into:
# $inst_class - Institutional code for the specific class section	# $inst_class - Institutional code for the specific class section
# $courseowner - The escaped username:domain of the course owner	# $ownerlist - An escaped comma-separated list of username:domain
	# of the course owner, and co-owner(s).
# $cdom - The domain of the course from the institution's	# $cdom - The domain of the course from the institution's
# point of view.	# point of view.
# $client - The socket open on the client.	# $client - The socket open on the client.
Line 5724 sub validate_class_access_handler {	Line 5881 sub validate_class_access_handler {
&register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);	&register_handler("autovalidateclass_sec", \&validate_class_access_handler, 0, 1, 0);

#	#
	# Validate course owner or co-owners(s) access to enrollment data for all sections
	# and crosslistings for a particular course.
	#
	#
	# Formal Parameters:
	# $cmd - The command request that got us dispatched.
	# $tail - The tail of the command. In this case this is a colon separated
	# set of values that will be split into:
	# $ownerlist - An escaped comma-separated list of username:domain
	# of the course owner, and co-owner(s).
	# $cdom - The domain of the course from the institution's
	# point of view.
	# $classes - Frozen hash of institutional course sections and
	# crosslistings.
	# $client - The socket open on the client.
	# Returns:
	# 1 - continue processing.
	#

	sub validate_classes_handler {
	my ($cmd, $tail, $client) = @_;
	my $userinput = "$cmd:$tail";
	my ($ownerlist,$cdom,$classes) = split(/:/, $tail);
	my $classesref = &Apache::lonnet::thaw_unescape($classes);
	my $owners = &unescape($ownerlist);
	my $result;
	eval {
	local($SIG{__DIE__})='DEFAULT';
	my %validations;
	my $response = &localenroll::check_instclasses($owners,$cdom,$classesref,
	\%validations);
	if ($response eq 'ok') {
	foreach my $key (keys(%validations)) {
	$result .= &escape($key).'='.&Apache::lonnet::freeze_escape($validations{$key}).'&';
	}
	$result =~ s/\&$//;
	} else {
	$result = 'error';
	}
	};
	if (!$@) {
	&Reply($client, \$result, $userinput);
	} else {
	&Failure($client,"unknown_cmd\n",$userinput);
	}
	return 1;
	}
	&register_handler("autovalidateinstclasses", \&validate_classes_handler, 0, 1, 0);

	#
# Create a password for a new LON-CAPA user added by auto-enrollment.	# Create a password for a new LON-CAPA user added by auto-enrollment.
# Only used for case where authentication method for new user is localauth	# Only used for case where authentication method for new user is localauth
#	#
Line 5801 sub auto_export_grades_handler {	Line 6008 sub auto_export_grades_handler {
return 1;	return 1;
}	}
&register_handler("autoexportgrades", \&auto_export_grades_handler,	&register_handler("autoexportgrades", \&auto_export_grades_handler,
0, 1, 0);	1, 1, 0);

# Retrieve and remove temporary files created by/during autoenrollment.	# Retrieve and remove temporary files created by/during autoenrollment.
#	#
Line 6757 my $wwwid=getpwnam('www');	Line 6964 my $wwwid=getpwnam('www');
if ($wwwid!=$<) {	if ($wwwid!=$<) {
my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";	my $emailto="$perlvar{'lonAdmEMail'},$perlvar{'lonSysEMail'}";
my $subj="LON: $currenthostid User ID mismatch";	my $subj="LON: $currenthostid User ID mismatch";
system("echo 'User ID mismatch. lond must be run as user www.' \|\	system("echo 'User ID mismatch. lond must be run as user www.' \|".
mailto $emailto -s '$subj' > /dev/null");	" mail -s '$subj' $emailto > /dev/null");
exit 1;	exit 1;
}	}

Line 6892 sub UpdateHosts {	Line 7099 sub UpdateHosts {

my %oldconf = %secureconf;	my %oldconf = %secureconf;
my %connchange;	my %connchange;
if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	if (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
logthis('<font color="blue"> Reloaded SSL connection rules </font>');	logthis('<font color="blue"> Reloaded SSL connection rules and cleared CRL checking history </font>');
} else {	} else {
logthis('<font color="yellow"> Failed to reload SSL connection rules </font>');	logthis('<font color="yellow"> Failed to reload SSL connection rules and clear CRL checking history </font>');
}	}
if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {	if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {
foreach my $type ('dom','intdom','other') {	foreach my $type ('dom','intdom','other') {
Line 7174 if ($arch eq 'unknown') {	Line 7381 if ($arch eq 'unknown') {
chomp($arch);	chomp($arch);
}	}

unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {	unless (lonssl::Read_Connect_Config(\%secureconf,\%crlchecked,\%perlvar) eq 'ok') {
&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');	&logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
}	}

Line 8269 sub make_passwd_file {	Line 8476 sub make_passwd_file {
$result = "pass_file_failed_error";	$result = "pass_file_failed_error";
}	}
}	}
	} elsif ($umode eq 'lti') {
	my $pf = IO::File->new(">$passfilename");
	if($pf) {
	print $pf "lti:\n";
	&update_passwd_history($uname,$udom,$umode,$action);
	} else {
	$result = "pass_file_failed_error";
	}
} else {	} else {
$result="auth_mode_error";	$result="auth_mode_error";
}	}
Line 8694 IO::File	Line 8909 IO::File
Apache::File	Apache::File
POSIX	POSIX
Crypt::IDEA	Crypt::IDEA
LWP::UserAgent()
GDBM_File	GDBM_File
Authen::Krb4	Authen::Krb4
Authen::Krb5	Authen::Krb5
Line 8776 is closed and the child exits.	Line 8990 is closed and the child exits.
=item Red CRITICAL Can't get key file <error>	=item Red CRITICAL Can't get key file <error>

SSL key negotiation is being attempted but the call to	SSL key negotiation is being attempted but the call to
lonssl::KeyFile failed. This usually means that the	lonssl::KeyFile failed. This usually means that the
configuration file is not correctly defining or protecting	configuration file is not correctly defining or protecting
the directories/files lonCertificateDirectory or	the directories/files lonCertificateDirectory or
lonnetPrivateKey	lonnetPrivateKey

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.535
changed lines
	Added in v.1.554