--- loncom/loncron 2024/07/01 12:02:42 1.103.2.13 +++ loncom/loncron 2024/07/28 12:47:31 1.132 @@ -2,7 +2,7 @@ # Housekeeping program, started by cron, loncontrol and loncron.pl # -# $Id: loncron,v 1.103.2.13 2024/07/01 12:02:42 raeburn Exp $ +# $Id: loncron,v 1.132 2024/07/28 12:47:31 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -34,11 +34,10 @@ use lib '/home/httpd/lib/perl/'; use LONCAPA::Configuration; use LONCAPA::Checksumming; use LONCAPA; +use LONCAPA::LWPReq; use Apache::lonnet; use Apache::loncommon; -use LWP::UserAgent(); -use HTTP::Request(); use IO::File; use IO::Socket; use HTML::Entities; @@ -174,6 +173,9 @@ sub checkon_daemon { &log($fh,unlink($pidfile).' - '. `killall -9 $kadaemon 2>&1`. '
'); + if ($kadaemon eq 'loncnew') { + &clean_lonc_childpids(); + } &log($fh,"

$daemon not running, trying to start

"); if (&start_daemon($fh,$daemon,$pidfile,$args)) { @@ -212,8 +214,8 @@ sub checkon_daemon { close (DFH); } &log($fh,"

"); - } - } + } + } } my $fname="$perlvar{'lonDaemons'}/logs/$daemon.log"; @@ -247,7 +249,7 @@ sub log_machine_info { open (LOADAVGH,"/proc/loadavg"); my $loadavg=; close (LOADAVGH); - + &log($fh,"$loadavg"); my @parts=split(/\s+/,$loadavg); @@ -310,7 +312,7 @@ sub start_logging { my %simplestatus=(); my $now=time; my $date=localtime($now); - + &log($fh,(< @@ -335,6 +337,7 @@ sub start_logging {
  • lonc
  • lonnet
  • Connections
    • +
  • bash readline config
  • Delayed Messages
  • Error Count
    • @@ -601,6 +604,34 @@ sub clean_webDAV_sessionIDs { } } +# ------------------------------------------------------------ clean out ltiIDs + +sub clean_ltiIDs { + my ($fh)=@_; + &log($fh,'

    LTI Session Pointers

    '); + my $cleaned=0; + my $active=0; + if (-d $perlvar{'ltiIDsDir'}) { + while (my $fname=<$perlvar{'ltiIDsDir'}/*>) { + my ($dev,$ino,$mode,$nlink, + $uid,$gid,$rdev,$size, + $atime,$mtime,$ctime, + $blksize,$blocks)=stat($fname); + my $now=time; + my $since=$now-$mtime; + if ($since>$perlvar{'lonExpire'}) { + $cleaned++; + &log($fh,"Unlinking $fname
    "); + unlink("$fname"); + } else { + $active++; + } + } + } + &log($fh,"

    Cleaned up ".$cleaned." old LTI session pointers.

    "); + &log($fh,"

    $active unexpired LTI session pointers

    "); +} + # ----------------------------------------------------------- clean out sockets sub clean_sockets { my ($fh)=@_; @@ -778,14 +809,14 @@ sub check_delayed_msg { my $dfh=IO::File->new("$perlvar{'lonDaemons'}/logs/lonnet.perm.log","r"); if (defined($dfh)) { while (my $line=<$dfh>) { - my ($time,$sdf,$rest)=split(/:/,$line,3); + my ($time,$sdf,$rest)=split(/:/,$line,3); if ($time < 1541185772) { $checkbackwards = 1; } last; } undef $dfh; - } + } if ($checkbackwards) { if (tie *BW, 'File::ReadBackwards', "$perlvar{'lonDaemons'}/logs/lonnet.perm.log") { @@ -1150,6 +1181,91 @@ sub write_hostips { return; } +sub clean_nosslverify { + my ($fh) = @_; + my %unlinked; + if (-d "$perlvar{'lonSockDir'}/nosslverify") { + if (opendir(my $dh,"$perlvar{'lonSockDir'}/nosslverify")) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + if (unlink("/home/httpd/sockets/nosslverify/$fname")) { + &log($fh,"Unlinking $fname
    "); + $unlinked{$fname} = 1; + } + } + closedir($dh); + } + } + &log($fh,"

    Removed ".scalar(keys(%unlinked))." nosslverify clients

    "); + return %unlinked; +} +sub clean_lonc_childpids { + my $childpiddir = "$perlvar{'lonDocRoot'}/lon-status/loncchld"; + if (-d $childpiddir) { + if (opendir(my $dh,$childpiddir)) { + while (my $fname=readdir($dh)) { + next if ($fname =~ /^\.+$/); + unlink("$childpiddir/$fname"); + } + closedir($dh); + } + } +} + +sub write_connection_config { + my ($domconf,%connectssl,%changes); + $domconf = &get_domain_config(); + if (ref($domconf) eq 'HASH') { + if (ref($domconf->{'ssl'}) eq 'HASH') { + foreach my $connect ('connto','connfrom') { + if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { + my ($sslreq,$sslnoreq,$currsetting); + my %contypes; + foreach my $type ('dom','intdom','other') { + $connectssl{$connect.'_'.$type} = $domconf->{'ssl'}->{$connect}->{$type}; + } + } + } + } + if (keys(%connectssl)) { + my %currconf; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/=/,$line); + if ($value =~ /^(?:no|yes|req)$/) { + if ($name =~ /^conn(to|from)_(dom|intdom|other)$/) { + $currconf{$name} = $value; + } + } + } + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/connectionrules.tab")) { + my $count = 0; + foreach my $key (sort(keys(%connectssl))) { + print $fh "$key=$connectssl{$key}\n"; + if (exists($currconf{$key})) { + unless ($currconf{$key} eq $connectssl{$key}) { + $changes{$key} = 1; + } + } else { + $changes{$key} = 1; + } + $count ++; + } + close($fh); + print "Completed writing SSL options for lonc/lond for $count items.\n"; + } + } else { + print "Writing of SSL options skipped - no connection rules in domain configuration.\n"; + } + } else { + print "Retrieval of SSL options for lonc/lond skipped - no configuration data available for domain.\n"; + } + return %changes; +} + sub get_domain_config { my ($dom,$primlibserv,$isprimary,$url,%confhash); $dom = $perlvar{'lonDefDomain'}; @@ -1183,10 +1299,8 @@ sub get_domain_config { } } } else { - my $ua=new LWP::UserAgent; - $ua->timeout(5); my $request=new HTTP::Request('GET',$url); - my $response=$ua->request($request); + my $response=&LONCAPA::LWPReq::makerequest($primlibserv,$request,'',\%perlvar,5); unless ($response->is_error()) { my $content = $response->content; if ($content) { @@ -1207,6 +1321,121 @@ sub get_domain_config { return \%confhash; } +sub write_hosttypes { + my %intdom = &Apache::lonnet::all_host_intdom(); + my %hostdom = &Apache::lonnet::all_host_domain(); + my $dom = $hostdom{$perlvar{'lonHostID'}}; + my $internetdom = $intdom{$perlvar{'lonHostID'}}; + my %changes; + if (($dom ne '') && ($internetdom ne '')) { + if (keys(%hostdom)) { + my %currhosttypes; + if (open(my $fh,'<',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + while (my $line = <$fh>) { + chomp($line); + my ($name,$value) = split(/:/,$line); + if (($name ne '') && ($value =~ /^(dom|intdom|other)$/)) { + $currhosttypes{$name} = $value; + } + } + close($fh); + } + if (open(my $fh,'>',"$perlvar{'lonTabDir'}/hosttypes.tab")) { + my $count = 0; + foreach my $lonid (sort(keys(%hostdom))) { + my $type = 'other'; + if ($hostdom{$lonid} eq $dom) { + $type = 'dom'; + } elsif ($intdom{$lonid} eq $internetdom) { + $type = 'intdom'; + } + print $fh "$lonid:$type\n"; + if (exists($currhosttypes{$lonid})) { + if ($type ne $currhosttypes{$lonid}) { + $changes{$lonid} = 1; + } + } else { + $changes{$lonid} = 1; + } + $count ++; + } + close($fh); + print "Completed writing host type data for $count hosts.\n"; + } + } else { + print "Writing of host types skipped - no hosts found.\n"; + } + } else { + print "Writing of host types skipped - could not determine this host's LON-CAPA domain or 'internet' domain.\n"; + } + return %changes; +} + +sub update_revocation_list { + my ($result,$changed) = &Apache::lonnet::fetch_crl_pemfile(); + if ($result eq 'ok') { + print "Certificate Revocation List (from CA) updated.\n"; + } else { + print "Certificate Revocation List from (CA) not updated.\n"; + } + return $changed; +} + +sub reset_nosslverify_pids { + my ($fh,%sslrem) = @_; + &checkon_daemon($fh,'lond',40000,'USR2'); + my $loncpidfile="$perlvar{'lonDaemons'}/logs/lonc.pid"; + my $loncppid; + if ((-e $loncpidfile) && (open(my $pfh,'<',$loncpidfile))) { + $loncppid=<$pfh>; + chomp($loncppid); + close($pfh); + if ($loncppid =~ /^\d+$/) { + my %pids_by_host; + my $docdir = $perlvar{'lonDocRoot'}; + if (-d "$docdir/lon-status/loncchld") { + if (opendir(my $dh,"$docdir/lon-status/loncchld")) { + while (my $file = readdir($dh)) { + next if ($file =~ /^\./); + if (open(my $fh,'<',"$docdir/lon-status/loncchld/$file")) { + my $record = <$fh>; + chomp($record); + close($fh); + my ($remotehost,$authmode) = split(/:/,$record); + $pids_by_host{$remotehost}{$authmode}{$file} = 1; + } + } + closedir($dh); + if (keys(%pids_by_host)) { + foreach my $host (keys(%pids_by_host)) { + if ($sslrem{$host}) { + if (ref($pids_by_host{$host}) eq 'HASH') { + if (ref($pids_by_host{$host}{'insecure'}) eq 'HASH') { + if (keys(%{$pids_by_host{$host}{'insecure'}})) { + foreach my $pid (keys(%{$pids_by_host{$host}{'insecure'}})) { + if (open(PIPE,"ps -o ppid= -p $pid |")) { + my $ppid = ; + chomp($ppid); + close(PIPE); + $ppid =~ s/(^\s+|\s+$)//g; + if (($ppid == $loncppid) && (kill 0 => $pid)) { + kill QUIT => $pid; + } + } + } + } + } + } + } + } + } + } + } + } + } + return; +} + sub get_permcount_settings { my ($domconf) = @_; my ($defaults,$names) = &Apache::loncommon::lon_status_items(); @@ -1263,6 +1492,159 @@ sub read_serverhomeIDs { return %server; } +sub check_bash_settings { + my $distro = &LONCAPA::distro(); + my ($check_bracketed_paste,$bracketed_warning); + if ($distro =~ /^debian(\d+)$/) { + if ($1 >= 12) { + $check_bracketed_paste = 1; + } + } elsif ($distro =~ /^ubuntu(\d+)$/) { + if ($1 >= 22) { + $check_bracketed_paste = 1; + } + } elsif ($distro =~ /^(?:redhat|oracle|alma|rocky|centos-stream)(\d+)$/) { + if ($1 >= 9) { + $check_bracketed_paste = 1; + } + } elsif ($distro =~ /^fedora(\d+)/) { + if ($1 >= 34) { + $check_bracketed_paste = 1; + } + } + if ($check_bracketed_paste) { + if (open(PIPE,"bind -V 2>&1 | grep enable-bracketed-paste |")) { + my $info = ; + chomp($info); + my ($bracketed) = ($info =~ /^\Qenable-bracketed-paste\E\s+is\s+set\s+to\s+\W(on|off)\W$/); + close(PIPE); + if ($bracketed eq 'on') { + $bracketed_warning = 1; + } + } else { + print "Unable to check if bracketed paste is set to off for www user's shell\n"; + } + } + return ($bracketed_warning,$check_bracketed_paste); +} + +sub set_bracketed_paste_off { + my $bash_www_cnf = '/home/www/.inputrc'; + my $result; + if (!-e $bash_www_cnf) { + system("touch $bash_www_cnf"); + if (open(my $cfh,'>',$bash_www_cnf)) { + print $cfh <<'END'; +$if R + set enable-bracketed-paste off +$endif + +$if maxima + set enable-bracketed-paste off +$endif +END + close($cfh); + $result = "Updated $bash_www_cnf so enable-bracketed-paste is off for R bash shell"; + } else { + $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'"; + } + my $wwwuid = getpwnam('www'); + my $wwwgid = getgrnam('www'); + if ($wwwuid!=$<) { + chown($wwwuid,$wwwgid,$bash_www_cnf); + } + } else { + my (%bracketed_paste_on,%bracketed_paste_off,@preserve,$condition); + $condition = ''; + if (open(my $cfh,'<',$bash_www_cnf)) { + while (my $line=<$cfh>) { + chomp($line); + if ($line =~ /^\$if\s+(\w+)\s*$/) { + if ($1 eq 'R') { + $condition = 'r'; + } elsif ($1 eq 'maxima') { + $condition = 'maxima'; + } else { + $condition = 'other'; + } + } elsif ($line =~ /^\$endif\s*$/) { + $condition = ''; + } + if ($line =~ /^\s*set\s+enable\-bracketed\-paste\s+(off|on)\s*$/) { + if ($1 eq 'off') { + if ($condition ne '') { + $bracketed_paste_off{$condition} = 1; + } else { + $bracketed_paste_off{all} = 1; + } + push(@preserve,$line); + } else { + if ($condition ne '') { + $bracketed_paste_on{$condition} = 1; + if (($condition eq 'r') || ($condition eq 'maxima')) { + push(@preserve,' set enable-bracketed-paste off'); + } else { + push(@preserve,$line); + } + } else { + $bracketed_paste_on{all} = 1; + push(@preserve,$line); + } + } + } else { + push(@preserve,$line); + } + } + close($cfh); + } else { + $result = "Could not open $bash_www_cnf to check if a value is included for 'enable-bracketed-paste'."; + } + if (($bracketed_paste_on{r} || $bracketed_paste_on{maxima}) || + (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r}) && + !exists($bracketed_paste_off{maxima}) && !exists($bracketed_paste_on{maxima}))) { + if (open(my $cfh,'>',$bash_www_cnf)) { + if (@preserve) { + foreach my $entry (@preserve) { + print $cfh "$entry\n"; + } + if (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r})) { +print $cfh <<'END'; +$if R + set enable-bracketed-paste off +$endif +END + } + if (!exists($bracketed_paste_off{r}) && !exists($bracketed_paste_on{r})) { +print $cfh <<'END'; +$if maxima + set enable-bracketed-paste off +$endif +END + } + + } else { +print $cfh <<'END'; +$if R + set enable-bracketed-paste off +$endif + +$if maxima + set enable-bracketed-paste off +$endif +END + } + close($cfh); + $result = "Updated $bash_www_cnf"; + } else { + $result = "Could not open $bash_www_cnf to add 'set enable-bracketed-paste to off'"; + } + } else { + $result = "No action needed; $bash_www_cnf already includes 'set enable-bracketed-paste to off'"; + } + } + return $result; +} + sub send_mail { my ($sysmail,$reportstatus) = @_; my $defdom = $perlvar{'lonDefDomain'}; @@ -1432,6 +1814,7 @@ sub main () { &clean_lonIDs($fh); &clean_balanceIDs($fh); &clean_webDAV_sessionIDs($fh); + &clean_ltiIDs($fh); &check_httpd_logs($fh); &rotate_lonnet_logs($fh); &rotate_other_logs($fh); @@ -1447,6 +1830,10 @@ sub main () { &checkon_daemon($fh,'lonr',40000); } if ($justreload) { + &clean_nosslverify($fh); + &write_connection_config(); + &write_hosttypes(); + &update_revocation_list(); &checkon_daemon($fh,'lond',40000,'USR2'); &checkon_daemon($fh,'lonc',40000,'USR2'); } @@ -1454,16 +1841,51 @@ sub main () { &test_connections($fh); } if (!$justcheckdaemons && !$justcheckconnections && !$justreload && !$justiptables) { + my ($bracketed_warning,$check_bracketed_paste) = &check_bash_settings(); + if ($check_bracketed_paste) { + &log($fh,'

    bash readline config

    Bracketed Paste

    '. + '

    Distros using bash readline library 8.1 or later need bracketed paste disabled for the R bash shell for the www user so R commands sent to lonr daemon will be processed.

    '); + my $bash_www_cnf = '/home/www/.inputrc'; + my $non_empty_conffile; + unless ($bracketed_warning) { + if (-e $bash_www_cnf) { + my $filesize = (stat($bash_www_cnf))[7]; + if ($filesize > 0) { + $non_empty_conffile = 1; + } + } + } + if (($bracketed_warning) || ($non_empty_conffile)) { + my $bash_update = &set_bracketed_paste_off(); + if ($bash_update) { + &log($fh,'

    '.$bash_update.'

    '."\n"); + } + } else { + &log($fh,'

    No action needed; /home/www/.inputrc already set.

    '."\n"); + } + } else { + &log($fh,'

    bash readline config

    Bracketed Paste

    '. + '

    No action needed for distros using pre-8.1 bash readline library

    '."\n"); + } my $domconf = &get_domain_config(); my ($threshold,$sysmail,$reportstatus,$weightsref,$exclusionsref) = &get_permcount_settings($domconf); &check_delayed_msg($fh,$weightsref,$exclusionsref); - &finish_logging($fh,$weightsref); - &log_simplestatus(); &write_loncaparevs(); &write_serverhomeIDs(); &write_checksums(); &write_hostips(); + my %sslrem = &clean_nosslverify($fh); + my %conchgs = &write_connection_config(); + my %hosttypechgs = &write_hosttypes(); + my $hadcrlchg = &update_revocation_list(); + if ((keys(%conchgs) > 0) || (keys(%hosttypechgs) > 0) || + $hadcrlchg || (keys(%sslrem) > 0)) { + &checkon_daemon($fh,'lond',40000,'USR2'); + &reset_nosslverify_pids($fh,%sslrem); + } + &finish_logging($fh,$weightsref); + &log_simplestatus(); if ($totalcount>$threshold && !$noemail) { &send_mail($sysmail,$reportstatus); } } }