[LON-CAPA-cvs] cvs: doc /loncapafiles loncapafiles.lpml loncom LondConnection.pm loncnew loncron lond lonssl.pm loncom/lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Tue Feb 28 00:42:21 EST 2017
raeburn Tue Feb 28 05:42:21 2017 EDT
Modified files:
/loncom LondConnection.pm loncnew loncron lond lonssl.pm
/loncom/lonnet/perl lonnet.pm
/doc/loncapafiles loncapafiles.lpml
Log:
- Use of LON-CAPA SSL certificates to create secure channel for exchange of
encryption key between LON-CAPA nodes can be set to: "no", "yes", "req"
(i.e., required) separately for outbound (i.e., lonc) and inbound connections
(i.e., lond) in domain config (default domain only on a multi-domain server).
- Can differentiate between connections between nodes in same domain, nodes
in same "internet" domain. and nodes in neither.
- Supercedes use of loncAllowInsecure and londAllowInsecure from loncapa.conf
on each node.
- Run /home/httpd/perl/loncron --justreload (as www) after changing domain config
-------------- next part --------------
Index: loncom/LondConnection.pm
diff -u loncom/LondConnection.pm:1.53 loncom/LondConnection.pm:1.54
--- loncom/LondConnection.pm:1.53 Mon Oct 1 11:00:43 2012
+++ loncom/LondConnection.pm Tue Feb 28 05:42:06 2017
@@ -1,7 +1,7 @@
# This module defines and implements a class that represents
# a connection to a lond daemon.
#
-# $Id: LondConnection.pm,v 1.53 2012/10/01 11:00:43 foxr Exp $
+# $Id: LondConnection.pm,v 1.54 2017/02/28 05:42:06 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -40,10 +40,10 @@
use LONCAPA::lonssl;
-
-
my $DebugLevel=0;
my %perlvar;
+my %secureconf;
+my %hosttypes;
my $InsecureOk;
#
@@ -70,8 +70,19 @@
my $perlvarref = read_conf('loncapa.conf');
%perlvar = %{$perlvarref};
$ConfigRead = 1;
-
+
$InsecureOk = $perlvar{loncAllowInsecure};
+
+ unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {
+ Debug(1,"Failed to retrieve secureconf hash.\n");
+ }
+ unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') {
+ Debug(1,"Failed to retrieve hosttypes hash.\n");
+ }
+}
+
+sub ResetReadConfig {
+ $ConfigRead = 0;
}
sub Debug {
@@ -216,7 +227,15 @@
# allowed...else give up right away.
if(!(defined $key) || !(defined $keyfile)) {
- if($InsecureOk) {
+ my $canconnect = 0;
+ if (ref($secureconf{'connto'}) eq 'HASH') {
+ unless ($secureconf{'connto'}->{'dom'} eq 'req') {
+ $canconnect = 1;
+ }
+ } else {
+ $canconnect = $InsecureOk;
+ }
+ if ($canconnect) {
$self->{AuthenticationMode} = "insecure";
$self->{TransactionRequest} = "init\n";
}
@@ -240,19 +259,25 @@
my ($ca, $cert) = lonssl::CertificateFile;
my $sslkeyfile = lonssl::KeyFile;
- if((defined $ca) && (defined $cert) && (defined $sslkeyfile)) {
-
+ my ($conntype,$gotconninfo);
+ if ((ref($secureconf{'connto'}) eq 'HASH') &&
+ (exists($hosttypes{$lonid}))) {
+ $conntype = $secureconf{'connto'}{$hosttypes{$lonid}};
+ if ($conntype ne '') {
+ $gotconninfo = 1;
+ }
+ }
+ if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile))) {
$self->{AuthenticationMode} = "ssl";
$self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n";
+ } elsif (($gotconninfo && $conntype ne 'req') || (!$gotconninfo && $InsecureOk)) {
+ # Allowed to do insecure:
+ $self->{AuthenticationMode} = "insecure";
+ $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n";
} else {
- if($InsecureOk) { # Allowed to do insecure:
- $self->{AuthenticationMode} = "insecure";
- $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n";
- }
- else { # Not allowed to do insecure...
- $socket->close;
- return undef;
- }
+ # Not allowed to do insecure...
+ $socket->close;
+ return undef;
}
}
@@ -1057,7 +1082,16 @@
#
sub CompleteInsecure {
my $self = shift;
- if($InsecureOk) {
+ $self->{LoncapaHim};
+ my ($conntype,$gotconninfo);
+ if ((ref($secureconf{'connto'}) eq 'HASH') &&
+ (exists($hosttypes{$self->{LoncapaHim}}))) {
+ $conntype = $secureconf{'connto'}{$hosttypes{$self->{LoncapaHim}}};
+ if ($conntype ne '') {
+ $gotconninfo = 1;
+ }
+ }
+ if ((($gotconninfo) && ($conntype ne 'req')) || (!$gotconninfo && $InsecureOk)) {
$self->{AuthenticationMode} = "insecure";
&Debug(8," Transition out of Initialized:insecure");
$self->{TransactionRequest} = $self->{TransactionReply};
Index: loncom/loncnew
diff -u loncom/loncnew:1.100 loncom/loncnew:1.101
--- loncom/loncnew:1.100 Fri Jun 17 17:41:37 2011
+++ loncom/loncnew Tue Feb 28 05:42:06 2017
@@ -2,7 +2,7 @@
# The LearningOnline Network with CAPA
# lonc maintains the connections to remote computers
#
-# $Id: loncnew,v 1.100 2011/06/17 17:41:37 raeburn Exp $
+# $Id: loncnew,v 1.101 2017/02/28 05:42:06 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2142,6 +2142,7 @@
# (lost unless they are critical).
&KillThemAll();
+ LondConnection->ResetReadConfig();
}
@@ -2157,6 +2158,7 @@
sub Restart {
&KillThemAll; # First kill all the children.
+ LondConnection->ResetReadConfig();
Log("CRITICAL", "Restarting");
my $execdir = $perlvar{'lonDaemons'};
unlink("$execdir/logs/lonc.pid");
Index: loncom/loncron
diff -u loncom/loncron:1.103 loncom/loncron:1.104
--- loncom/loncron:1.103 Sun Sep 20 18:31:21 2015
+++ loncom/loncron Tue Feb 28 05:42:06 2017
@@ -2,7 +2,7 @@
# Housekeeping program, started by cron, loncontrol and loncron.pl
#
-# $Id: loncron,v 1.103 2015/09/20 18:31:21 raeburn Exp $
+# $Id: loncron,v 1.104 2017/02/28 05:42:06 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -41,6 +41,8 @@
use IO::Socket;
use HTML::Entities;
use Getopt::Long;
+use GDBM_File;
+use Storable qw(thaw);
#globals
use vars qw (%perlvar %simplestatus $errors $warnings $notices $totalcount);
@@ -815,6 +817,127 @@
return;
}
+sub write_connection_config {
+ my ($isprimary,$domconf,$url,%connectssl);
+ my $primaryLibServer = &Apache::lonnet::domain($perlvar{'lonDefDomain'},'primary');
+ if ($primaryLibServer eq $perlvar{'lonHostID'}) {
+ $isprimary = 1;
+ } elsif ($primaryLibServer ne '') {
+ my $protocol = $Apache::lonnet::protocol{$primaryLibServer};
+ my $hostname = &Apache::lonnet::hostname($primaryLibServer);
+ unless ($protocol eq 'https') {
+ $protocol = 'http';
+ }
+ $url = $protocol.'://'.$hostname.'/cgi-bin/listdomconfig.pl';
+ }
+ my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary,
+ $url);
+ if (ref($domconf) eq 'HASH') {
+ if (ref($domconf->{'ssl'}) eq 'HASH') {
+ foreach my $connect ('connto','connfrom') {
+ if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') {
+ my ($sslreq,$sslnoreq,$currsetting);
+ my %contypes;
+ foreach my $type ('dom','intdom','other') {
+ $connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type};
+ }
+ }
+ }
+ }
+ if (keys(%connectssl)) {
+ if (open(my $fh,">$perlvar{'lonTabDir'}/connectionrules.tab")) {
+ my $count = 0;
+ foreach my $key (sort(keys(%connectssl))) {
+ print $fh "$key=$connectssl{$key}\n";
+ $count ++;
+ }
+ close($fh);
+ print "Completed writing SSL options for lonc/lond for $count items.\n";
+ }
+ } else {
+ print "Writing of SSL options skipped - no connection rules in domain configuration.\n";
+ }
+ } else {
+ print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n";
+ }
+}
+
+sub get_domain_config {
+ my ($dom,$primlibserv,$isprimary,$url) = @_;
+ my %confhash;
+ if ($isprimary) {
+ my $lonusersdir = $perlvar{'lonUsersDir'};
+ my $fname = $lonusersdir.'/'.$dom.'/configuration.db';
+ if (-e $fname) {
+ my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER());
+ if (ref($dbref) eq 'HASH') {
+ foreach my $key (sort(keys(%{$dbref}))) {
+ my $value = $dbref->{$key};
+ if ($value =~ s/^__FROZEN__//) {
+ $value = thaw(&LONCAPA::unescape($value));
+ } else {
+ $value = &LONCAPA::unescape($value);
+ }
+ $confhash{$key} = $value;
+ }
+ &LONCAPA::locking_hash_untie($dbref);
+ }
+ }
+ } else {
+ if (open(PIPE,"wget --no-check-certificate '$url?primary=$primlibserv&format=raw' |")) {
+ my $config = '';
+ while (<PIPE>) {
+ $config .= $_;
+ }
+ close(PIPE);
+ if ($config) {
+ my @pairs=split(/\&/,$config);
+ foreach my $item (@pairs) {
+ my ($key,$value)=split(/=/,$item,2);
+ my $what = &LONCAPA::unescape($key);
+ if ($value =~ s/^__FROZEN__//) {
+ $value = thaw(&LONCAPA::unescape($value));
+ } else {
+ $value = &LONCAPA::unescape($value);
+ }
+ $confhash{$what}=$value;
+ }
+ }
+ }
+ }
+ return \%confhash;
+}
+
+sub write_hosttypes {
+ my %intdom = &Apache::lonnet::all_host_intdom();
+ my %hostdom = &Apache::lonnet::all_host_domain();
+ my $dom = $hostdom{$perlvar{'lonHostID'}};
+ my $internetdom = $intdom{$perlvar{'lonHostID'}};
+ if (($dom ne '') && ($internetdom ne '')) {
+ if (keys(%hostdom)) {
+ if (open(my $fh,">$perlvar{'lonTabDir'}/hosttypes.tab")) {
+ my $count = 0;
+ foreach my $lonid (sort(keys(%hostdom))) {
+ my $type = 'other';
+ if ($hostdom{$lonid} eq $dom) {
+ $type = 'dom';
+ } elsif ($intdom{$lonid} eq $internetdom) {
+ $type = 'intdom';
+ }
+ print $fh "$lonid:$type\n";
+ $count ++;
+ }
+ close($fh);
+ print "Completed writing host type data for $count hosts.\n";
+ }
+ } else {
+ print "Writing of host types skipped - no hosts found.\n";
+ }
+ } else {
+ print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n";
+ }
+}
+
sub send_mail {
my $defdom = $perlvar{'lonDefDomain'};
my $origmail = $perlvar{'lonAdmEMail'};
@@ -990,6 +1113,8 @@
&checkon_daemon($fh,'lonr',40000);
}
if ($justreload) {
+ &write_connection_config();
+ &write_hosttypes();
&checkon_daemon($fh,'lond',40000,'USR2');
&checkon_daemon($fh,'lonc',40000,'USR2');
}
@@ -1003,6 +1128,8 @@
&write_loncaparevs();
&write_serverhomeIDs();
&write_checksums();
+ &write_connection_config();
+ &write_hosttypes();
if ($totalcount>200 && !$noemail) { &send_mail(); }
}
}
Index: loncom/lond
diff -u loncom/lond:1.531 loncom/lond:1.532
--- loncom/lond:1.531 Tue Feb 7 18:14:13 2017
+++ loncom/lond Tue Feb 28 05:42:06 2017
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.531 2017/02/07 18:14:13 raeburn Exp $
+# $Id: lond,v 1.532 2017/02/28 05:42:06 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -35,6 +35,7 @@
use LONCAPA::Configuration;
use LONCAPA::Lond;
+use Socket;
use IO::Socket;
use IO::File;
#use Apache::File;
@@ -64,7 +65,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.531 $'; #' stupid emacs
+my $VERSION='$Revision: 1.532 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -75,6 +76,8 @@
my $clientversion; # LonCAPA version running on client.
my $clienthomedom; # LonCAPA domain of homeID for client.
my $clientintdom; # LonCAPA "internet domain" for client.
+my $clientsamedom; # LonCAPA domain same for this host
+ # and client.
my $clientsameinst; # LonCAPA "internet domain" same for
# this host and client.
my $clientremoteok; # Client allowed to host domain's users.
@@ -102,6 +105,9 @@
my %perlvar; # Will have the apache conf defined perl vars.
+my %secureconf; # Will have requirements for security
+ # of lond connections
+
my $dist;
#
@@ -445,8 +451,23 @@
my $Socket = shift;
# Don't even start if insecure connections are not allowed.
-
- if(! $perlvar{londAllowInsecure}) { # Insecure connections not allowed.
+ # return 0 if Insecure connections not allowed.
+ #
+ if (ref($secureconf{'connfrom'}) eq 'HASH') {
+ if ($clientsamedom) {
+ if ($secureconf{'connfrom'}{'dom'} eq 'req') {
+ return 0;
+ }
+ } elsif ($clientsameinst) {
+ if ($secureconf{'connfrom'}{'intdom'} eq 'req') {
+ return 0;
+ }
+ } else {
+ if ($secureconf{'connfrom'}{'other'} eq 'req') {
+ return 0;
+ }
+ }
+ } elsif (!$perlvar{londAllowInsecure}) {
return 0;
}
@@ -6803,6 +6824,7 @@
# will take care of new and changed hosts as connections come into being.
&Apache::lonnet::reset_hosts_info();
+ my %active;
foreach my $child (keys(%children)) {
my $childip = $children{$child};
@@ -6812,15 +6834,62 @@
." $child for ip $childip </font>");
kill('INT', $child);
} else {
+ $active{$child} = $childip;
logthis('<font color="green"> keeping child for ip '
." $childip (pid=$child) </font>");
}
}
+
+ my %oldconf = %secureconf;
+ my %connchange;
+ if (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {
+ logthis('<font color="blue"> Reloaded SSL connection rules </font>');
+ } else {
+ logthis('<font color="yellow"> Failed to reload SSL connection rules </font>');
+ }
+ if ((ref($oldconf{'connfrom'}) eq 'HASH') && (ref($secureconf{'connfrom'}) eq 'HASH')) {
+ foreach my $type ('dom','intdom','other') {
+ if ((($oldconf{'connfrom'}{$type} eq 'no') && ($secureconf{'connfrom'}{$type} eq 'req')) ||
+ (($oldconf{'connfrom'}{$type} eq 'req') && ($secureconf{'connfrom'}{$type} eq 'no'))) {
+ $connchange{$type} = 1;
+ }
+ }
+ }
+ if (keys(%connchange)) {
+ foreach my $child (keys(%active)) {
+ my $childip = $active{$child};
+ if ($childip ne '127.0.0.1') {
+ my $childhostname = gethostbyaddr(Socket::inet_aton($childip),AF_INET);
+ if ($childhostname ne '') {
+ my $childlonhost = &Apache::lonnet::get_server_homeID($childhostname);
+ my ($samedom,$sameinst) = &set_client_info($childlonhost);
+ if ($samedom) {
+ if ($connchange{'dom'}) {
+ logthis('<font color="blue"> UpdateHosts killing child '
+ ." $child for ip $childip </font>");
+ kill('INT', $child);
+ }
+ } elsif ($sameinst) {
+ if ($connchange{'intdom'}) {
+ logthis('<font color="blue"> UpdateHosts killing child '
+ ." $child for ip $childip </font>");
+ kill('INT', $child);
+ }
+ } else {
+ if ($connchange{'other'}) {
+ logthis('<font color="blue"> UpdateHosts killing child '
+ ." $child for ip $childip </font>");
+ kill('INT', $child);
+ }
+ }
+ }
+ }
+ }
+ }
ReloadApache;
&status("Finished reloading hosts.tab");
}
-
sub checkchildren {
&status("Checking on the children (sending signals)");
&initnewstatus();
@@ -7055,6 +7124,10 @@
chomp($arch);
}
+unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {
+ &logthis('<font color="blue">No connectionrules table. Will fallback to loncapa.conf</font>');
+}
+
# --------------------------------------------------------------
# Accept connections. When a connection comes in, it is validated
# and if good, a child process is created to process transactions
@@ -7185,7 +7258,7 @@
$ConnectionType = "manager";
$clientname = $managers{$outsideip};
}
- my $clientok;
+ my ($clientok,$clientinfoset);
if ($clientrec || $ismanager) {
&status("Waiting for init from $clientip $clientname");
@@ -7213,7 +7286,32 @@
# If the connection type is ssl, but I didn't get my
# certificate files yet, then I'll drop back to
# insecure (if allowed).
-
+
+ if ($inittype eq "ssl") {
+ my $context;
+ if ($clientsamedom) {
+ $context = 'dom';
+ if ($secureconf{'connfrom'}{'dom'} eq 'no') {
+ $inittype = "";
+ }
+ } elsif ($clientsameinst) {
+ $context = 'intdom';
+ if ($secureconf{'connfrom'}{'intdom'} eq 'no') {
+ $inittype = "";
+ }
+ } else {
+ $context = 'other';
+ if ($secureconf{'connfrom'}{'other'} eq 'no') {
+ $inittype = "";
+ }
+ }
+ if ($inittype eq '') {
+ &logthis("<font color=\"blue\"> Domain config set "
+ ."to no ssl for $clientname (context: $context)"
+ ." -- trying insecure auth</font>");
+ }
+ }
+
if($inittype eq "ssl") {
my ($ca, $cert) = lonssl::CertificateFile;
my $kfile = lonssl::KeyFile;
@@ -7246,7 +7344,7 @@
close $client;
}
} elsif ($inittype eq "ssl") {
- my $key = SSLConnection($client);
+ my $key = SSLConnection($client,$clientname);
if ($key) {
$clientok = 1;
my $cipherkey = pack("H32", $key);
@@ -7261,6 +7359,7 @@
}
} else {
+ $clientinfoset = &set_client_info();
my $ok = InsecureConnection($client);
if($ok) {
$clientok = 1;
@@ -7300,18 +7399,8 @@
# ------------------------------------------------------------ Process requests
my $keep_going = 1;
my $user_input;
- my $clienthost = &Apache::lonnet::hostname($clientname);
- my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost);
- $clienthomedom = &Apache::lonnet::host_domain($clientserverhomeID);
- $clientintdom = &Apache::lonnet::internet_dom($clientserverhomeID);
- $clientsameinst = 0;
- if ($clientintdom ne '') {
- my $internet_names = &Apache::lonnet::get_internet_names($currenthostid);
- if (ref($internet_names) eq 'ARRAY') {
- if (grep(/^\Q$clientintdom\E$/,@{$internet_names})) {
- $clientsameinst = 1;
- }
- }
+ unless ($clientinfoset) {
+ $clientinfoset = &set_client_info();
}
$clientremoteok = 0;
unless ($clientsameinst) {
@@ -7367,6 +7456,60 @@
exit;
}
+
+#
+# Used to determine if a particular client is from the same domain
+# as the current server, or from the same internet domain.
+#
+# Optional input -- the client to check for domain and internet domain.
+# If not specified, defaults to the package variable: $clientname
+#
+# If called in array context will not set package variables, but will
+# instead return an array of two values - (a) true if client is in the
+# same domain as the server, and (b) true if client is in the same internet
+# domain.
+#
+# If called in scalar context, sets package variables for current client:
+#
+# $clienthomedom - LonCAPA domain of homeID for client.
+# $clientsamedom - LonCAPA domain same for this host and client.
+# $clientintdom - LonCAPA "internet domain" for client.
+# $clientsameinst - LonCAPA "internet domain" same for this host & client.
+#
+# returns 1 to indicate package variables have been set for current client.
+#
+
+sub set_client_info {
+ my ($lonhost) = @_;
+ $lonhost ||= $clientname;
+ my $clienthost = &Apache::lonnet::hostname($lonhost);
+ my $clientserverhomeID = &Apache::lonnet::get_server_homeID($clienthost);
+ my $homedom = &Apache::lonnet::host_domain($clientserverhomeID);
+ my $samedom = 0;
+ if ($perlvar{'lonDefDom'} eq $homedom) {
+ $samedom = 1;
+ }
+ my $intdom = &Apache::lonnet::internet_dom($clientserverhomeID);
+ my $sameinst = 0;
+ if ($intdom ne '') {
+ my $internet_names = &Apache::lonnet::get_internet_names($currenthostid);
+ if (ref($internet_names) eq 'ARRAY') {
+ if (grep(/^\Q$intdom\E$/,@{$internet_names})) {
+ $sameinst = 1;
+ }
+ }
+ }
+ if (wantarray) {
+ return ($samedom,$sameinst);
+ } else {
+ $clienthomedom = $homedom;
+ $clientsamedom = $samedom;
+ $clientintdom = $intdom;
+ $clientsameinst = $sameinst;
+ return 1;
+ }
+}
+
#
# Determine if a user is an author for the indicated domain.
#
Index: loncom/lonssl.pm
diff -u loncom/lonssl.pm:1.14 loncom/lonssl.pm:1.15
--- loncom/lonssl.pm:1.14 Sun Nov 8 03:15:13 2015
+++ loncom/lonssl.pm Tue Feb 28 05:42:06 2017
@@ -1,5 +1,5 @@
#
-# $Id: lonssl.pm,v 1.14 2015/11/08 03:15:13 raeburn Exp $
+# $Id: lonssl.pm,v 1.15 2017/02/28 05:42:06 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -333,4 +333,64 @@
return $KeyFilename;
}
+sub Read_Connect_Config {
+ my ($secureconf,$perlvarref) = @_;
+ return unless (ref($secureconf) eq 'HASH');
+
+ unless (ref($perlvarref) eq 'HASH') {
+ $perlvarref = $perlvar;
+ }
+
+ # Clean out the old table first.
+ foreach my $key (keys(%{$secureconf})) {
+ delete($secureconf->{$key});
+ }
+
+ my $result;
+ my $tablename = $perlvarref->{'lonTabDir'}."/connectionrules.tab";
+ if (open(my $fh,"<$tablename")) {
+ while (my $line = <$fh>) {
+ chomp($line);
+ my ($name,$value) = split(/=/,$line);
+ if ($value =~ /^(?:no|yes|req)$/) {
+ if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) {
+ $secureconf->{'conn'.$1}{$2} = $value;
+ }
+ }
+ }
+ close($fh);
+ return 'ok';
+ }
+ return;
+}
+
+sub Read_Host_Types {
+ my ($hosttypes,$perlvarref) = @_;
+ return unless (ref($hosttypes) eq 'HASH');
+
+ unless (ref($perlvarref) eq 'HASH') {
+ $perlvarref = $perlvar;
+ }
+
+ # Clean out the old table first.
+ foreach my $key (keys(%{$hosttypes})) {
+ delete($hosttypes->{$key});
+ }
+
+ my $result;
+ my $tablename = $perlvarref->{'lonTabDir'}."/hosttypes.tab";
+ if (open(my $fh,"<$tablename")) {
+ while (my $line = <$fh>) {
+ chomp($line);
+ my ($name,$value) = split(/:/,$line);
+ if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) {
+ $hosttypes->{$name} = $value;
+ }
+ }
+ close($fh);
+ return 'ok';
+ }
+ return;
+}
+
1;
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1338 loncom/lonnet/perl/lonnet.pm:1.1339
--- loncom/lonnet/perl/lonnet.pm:1.1338 Sat Feb 25 20:30:57 2017
+++ loncom/lonnet/perl/lonnet.pm Tue Feb 28 05:42:12 2017
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1338 2017/02/25 20:30:57 raeburn Exp $
+# $Id: lonnet.pm,v 1.1339 2017/02/28 05:42:12 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -13263,6 +13263,7 @@
&purge_remembered();
&reset_domain_info();
&reset_hosts_ip_info();
+ undef(%internetdom);
undef(%name_to_host);
undef(%hostname);
undef(%hostdom);
@@ -13305,6 +13306,11 @@
return %hostdom;
}
+ sub all_host_intdom {
+ &load_hosts_tab() if (!$loaded);
+ return %internetdom;
+ }
+
sub is_library {
&load_hosts_tab() if (!$loaded);
Index: doc/loncapafiles/loncapafiles.lpml
diff -u doc/loncapafiles/loncapafiles.lpml:1.946 doc/loncapafiles/loncapafiles.lpml:1.947
--- doc/loncapafiles/loncapafiles.lpml:1.946 Sat Feb 25 20:27:22 2017
+++ doc/loncapafiles/loncapafiles.lpml Tue Feb 28 05:42:18 2017
@@ -2,7 +2,7 @@
"http://lpml.sourceforge.net/DTD/lpml.dtd">
<!-- loncapafiles.lpml -->
-<!-- $Id: loncapafiles.lpml,v 1.946 2017/02/25 20:27:22 raeburn Exp $ -->
+<!-- $Id: loncapafiles.lpml,v 1.947 2017/02/28 05:42:18 raeburn Exp $ -->
<!--
@@ -1775,6 +1775,30 @@
</file>
<file>
+ <source>loncom/connectionrules.tab</source>
+ <target dist='default'>home/httpd/lonTabs/connectionrules.tab</target>
+ <categoryname>www conf</categoryname>
+ <description>
+File containing contection rules for outbound (lonc) and inbound (lond)
+connections for this host. Updated by loncron using domain configuration
+for host's domain from primary library server for domain. Called by lonssl.pm
+and used by lond and LondConnection.pm.
+ </description>
+</file>
+
+<file>
+ <source>loncom/hosttypes.tab</source>
+ <target dist='default'>home/httpd/lonTabs/hosttypes.tab</target>
+ <categoryname>www conf</categoryname>
+ <description>
+File containing classification of other hosts in the cluster into one of:
+dom, intdom, other (if shares this host's domain, if shares this host's
+"internet domain", or neither, respectively). Updated by loncron.
+Called by lonssl.pm and used by LondConnection.pm.
+ </description>
+</file>
+
+<file>
<source>loncom/spare.tab</source>
<target dist='default'>home/httpd/lonTabs/spare.tab</target>
<categoryname>conf</categoryname>
More information about the LON-CAPA-cvs
mailing list