[LON-CAPA-cvs] cvs: loncom / lond
raeburn
raeburn at source.lon-capa.org
Wed Dec 12 22:23:06 EST 2018
raeburn Thu Dec 13 03:23:06 2018 EDT
Modified files:
/loncom lond
Log:
- Domain Trust Settings for multi-domain library server.
Index: loncom/lond
diff -u loncom/lond:1.555 loncom/lond:1.556
--- loncom/lond:1.555 Tue Dec 11 13:05:40 2018
+++ loncom/lond Thu Dec 13 03:23:05 2018
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.555 2018/12/11 13:05:40 raeburn Exp $
+# $Id: lond,v 1.556 2018/12/13 03:23:05 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -65,7 +65,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.555 $'; #' stupid emacs
+my $VERSION='$Revision: 1.556 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid="default";
my $currentdomainid;
@@ -80,11 +80,12 @@
# and client.
my $clientsameinst; # LonCAPA "internet domain" same for
# this host and client.
-my $clientremoteok; # Client allowed to host domain's users.
- # (version constraints ignored), not set
- # if this host and client share "internet domain".
-my %clientprohibited; # Actions prohibited on client;
-
+my $clientremoteok; # Current domain permits hosting on client
+ # (not set if host and client share "internet domain").
+ # Values are 0 or 1; 1 if allowed.
+my %clientprohibited; # Commands from client prohibited for domain's
+ # users.
+
my $server;
my $keymode;
@@ -7515,7 +7516,7 @@
$ConnectionType = "manager";
$clientname = $managers{$outsideip};
}
- my ($clientok,$clientinfoset);
+ my $clientok;
if ($clientrec || $ismanager) {
&status("Waiting for init from $clientip $clientname");
@@ -7616,7 +7617,6 @@
}
} else {
- $clientinfoset = &set_client_info();
my $ok = InsecureConnection($client);
if($ok) {
$clientok = 1;
@@ -7654,34 +7654,7 @@
# ------------------------------------------------------------ Process requests
my $keep_going = 1;
my $user_input;
- unless ($clientinfoset) {
- $clientinfoset = &set_client_info();
- }
- $clientremoteok = 0;
- unless ($clientsameinst) {
- $clientremoteok = 1;
- my $defdom = &Apache::lonnet::host_domain($perlvar{'lonHostID'});
- %clientprohibited = &get_prohibited($defdom);
- if ($clientintdom) {
- my $remsessconf = &get_usersession_config($defdom,'remotesession');
- if (ref($remsessconf) eq 'HASH') {
- if (ref($remsessconf->{'remote'}) eq 'HASH') {
- if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
- if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
- $clientremoteok = 0;
- }
- }
- if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
- if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
- $clientremoteok = 1;
- } else {
- $clientremoteok = 0;
- }
- }
- }
- }
- }
- }
+
while(($user_input = get_request) && $keep_going) {
alarm(120);
Debug("Main: Got $user_input\n");
@@ -7714,22 +7687,30 @@
#
# Used to determine if a particular client is from the same domain
-# as the current server, or from the same internet domain.
+# as the current server, or from the same internet domain, and
+# also if the client can host sessions for the domain's users.
+# A hash is populated with keys set to commands sent by the client
+# which may not be executed for this domain.
#
# Optional input -- the client to check for domain and internet domain.
# If not specified, defaults to the package variable: $clientname
#
# If called in array context will not set package variables, but will
# instead return an array of two values - (a) true if client is in the
-# same domain as the server, and (b) true if client is in the same internet
-# domain.
+# same domain as the server, and (b) true if client is in the same
+# internet domain.
#
# If called in scalar context, sets package variables for current client:
#
-# $clienthomedom - LonCAPA domain of homeID for client.
-# $clientsamedom - LonCAPA domain same for this host and client.
-# $clientintdom - LonCAPA "internet domain" for client.
-# $clientsameinst - LonCAPA "internet domain" same for this host & client.
+# $clienthomedom - LonCAPA domain of homeID for client.
+# $clientsamedom - LonCAPA domain same for this host and client.
+# $clientintdom - LonCAPA "internet domain" for client.
+# $clientsameinst - LonCAPA "internet domain" same for this host & client.
+# $clientremoteok - If current domain permits hosting on this client: 1
+# %clientprohibited - Commands prohibited for domain's users for this client.
+#
+# if the host and client have the same "internet domain", then the value
+# of $clientremoteok is not used, and no commands are prohibited.
#
# returns 1 to indicate package variables have been set for current client.
#
@@ -7761,6 +7742,13 @@
$clientsamedom = $samedom;
$clientintdom = $intdom;
$clientsameinst = $sameinst;
+ if ($clientsameinst) {
+ undef($clientremoteok);
+ undef(%clientprohibited);
+ } else {
+ $clientremoteok = &get_remote_hostable($currentdomainid);
+ %clientprohibited = &get_prohibited($currentdomainid);
+ }
return 1;
}
}
@@ -8508,6 +8496,7 @@
eq &Apache::lonnet::get_host_ip($hostid)) {
$currenthostid =$hostid;
$currentdomainid=&Apache::lonnet::host_domain($hostid);
+ &set_client_info();
# &logthis("Setting hostid to $hostid, and domain to $currentdomainid");
} else {
&logthis("Requested host id $hostid not an alias of ".
@@ -8584,6 +8573,32 @@
return %prohibited;
}
+sub get_remote_hostable {
+ my ($dom) = @_;
+ my $result;
+ if ($clientintdom) {
+ $result = 1;
+ my $remsessconf = &get_usersession_config($dom,'remotesession');
+ if (ref($remsessconf) eq 'HASH') {
+ if (ref($remsessconf->{'remote'}) eq 'HASH') {
+ if (ref($remsessconf->{'remote'}->{'excludedomain'}) eq 'ARRAY') {
+ if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'excludedomain'}})) {
+ $result = 0;
+ }
+ }
+ if (ref($remsessconf->{'remote'}->{'includedomain'}) eq 'ARRAY') {
+ if (grep(/^\Q$clientintdom\E$/,@{$remsessconf->{'remote'}->{'includedomain'}})) {
+ $result = 1;
+ } else {
+ $result = 0;
+ }
+ }
+ }
+ }
+ }
+ return $result;
+}
+
sub distro_and_arch {
return $dist.':'.$arch;
}
More information about the LON-CAPA-cvs
mailing list