Return to lond CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/lond between versions 1.567 and 1.572

-version 1.567, 2021/06/15 20:52:27
+version 1.572, 2022/02/01 23:13:21
  Line 239  my %trust = (
                 du2 => {remote => 1, enroll => 1},
                 dump => {remote => 1, enroll => 1, domroles => 1},
                 edit => {institutiononly => 1},  #not used currently
+                edump => {remote => 1, enroll => 1, domroles => 1},
                 eget => {remote => 1, domroles => 1, enroll => 1}, #not used currently
                 egetdom => {remote => 1, domroles => 1, enroll => 1, },
                 ekey => {anywhere => 1},
- Line 265  my %trust = (
+ Line 266  my %trust = (
                 ls => {remote => 1, enroll => 1, content => 1,},
                 ls2 => {remote => 1, enroll => 1, content => 1,},
                 ls3 => {remote => 1, enroll => 1, content => 1,},
+                lti => {institutiononly => 1},
                 makeuser => {remote => 1, enroll => 1, domroles => 1,},
                 mkdiruserfile => {remote => 1, enroll => 1,},
                 newput => {remote => 1, enroll => 1, reqcrs => 1, domroles => 1,},
- Line 2035  sub read_lonnet_global {
+ Line 2037  sub read_lonnet_global {
                  }
                  if ($what eq 'perlvar') {
                      if (!exists($packagevars{$what}{'lonBalancer'})) {
-                         if ($dist =~ /^(centos|rhes|fedora|scientific|oracle)/) {
+                         if ($dist =~ /^(centos|rhes|fedora|scientific|oracle|rocky|alma)/) {
                              my $othervarref=LONCAPA::Configuration::read_conf('httpd.conf');
                              if (ref($othervarref) eq 'HASH') {
                                  $items->{'lonBalancer'} = $othervarref->{'lonBalancer'};
- Line 3829  sub dump_with_regexp {
+ Line 3831  sub dump_with_regexp {
  }
  &register_handler("dump", \&dump_with_regexp, 0, 1, 0);
+ #
+ #  Process the encrypted dump request. Original call should
+ #  be from lonnet::dump() with seventh arg ($encrypt) set to
+ #  1, to ensure that both request and response are encrypted.
+ #
+ #  Parameters:
+ #     $cmd               - Command keyword of request (edump).
+ #     $tail              - Tail of the command.
+ #                          See &dump_with_regexp for more
+ #                          information about this.
+ #     $client            - File open on the client.
+ #  Returns:
+ #     1      - Continue processing
+ #     0      - server should exit.
+ #
+ sub encrypted_dump_with_regexp {
+     my ($cmd, $tail, $client) = @_;
+     my $res = LONCAPA::Lond::dump_with_regexp($tail, $clientversion);
+     if ($res =~ /^error:/) {
+         Failure($client, \$res, "$cmd:$tail");
+     } else {
+         if ($cipher) {
+             my $cmdlength=length($res);
+             $res.="         ";
+             my $encres='';
+             for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                 $encres.= unpack("H16",
+                                  $cipher->encrypt(substr($res,
+                                                          $encidx,
+)));
+             }
+             &Reply( $client,"enc:$cmdlength:$encres\n","$cmd:$tail");
+         } else {
+             &Failure( $client, "error:no_key\n","$cmd:$tail");
+         }
+     }
+ }
+ &register_handler("edump", \&encrypted_dump_with_regexp, 0, 1, 0);
  #  Store a set of key=value pairs associated with a versioned name.
  #
  #  Parameters:
- Line 5114  sub get_domain_handler {
+ Line 5157  sub get_domain_handler {
  }
  &register_handler("getdom", \&get_domain_handler, 0, 1, 0);
+ #
+ # Encrypted get from the namespace database file at the domain level.
+ # This function retrieves a keyed item from a specific named database in the
+ # domain directory.
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (egetdom).
+ #   $tail            - Tail of the command.  This is a colon separated list
+ #                      consisting of the domain and the 'namespace'
+ #                      which selects the gdbm file to do the lookup in,
+ #                      & separated list of keys to lookup.  Note that
+ #                      the values are returned as an & separated list too.
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     reply is encrypted before being written to $client.
+ #
  sub encrypted_get_domain_handler {
      my ($cmd, $tail, $client) = @_;
- Line 5143  sub encrypted_get_domain_handler {
+ Line 5205  sub encrypted_get_domain_handler {
  &register_handler("egetdom", \&encrypted_get_domain_handler, 1, 1, 0);
  #
+ # Encrypted get from the namespace database file at the domain level.
+ # This function retrieves a keyed item from a specific named database in the
+ # domain directory.
+ #
+ # Parameters:
+ #   $cmd             - Command request keyword (lti).
+ #   $tail            - Tail of the command.  This is a colon-separated list
+ #                      consisting of the domain, coursenum, if for LTI-
+ #                      enabled deep-linking to course content using
+ #                      link protection configured within a course,
+ #                      context (=deeplink) if for LTI-enabled deep-linking
+ #                      to course content using LTI Provider settings
+ #                      configured within a course's domain, the (escaped)
+ #                      launch URL, the (escaped) method (typically POST),
+ #                      and a frozen hash of the LTI launch parameters
+ #                      from the LTI payload.
+ #   $client          - File descriptor open on the client.
+ # Returns:
+ #   1       - Continue processing.
+ #   0       - Exit.
+ #  Side effects:
+ #     The reply will contain an LTI itemID, if the signed LTI payload
+ #     could be verified using the consumer key and the shared secret
+ #     available for that key (for the itemID) for either the course or domain,
+ #     depending on values for cnum and context. The reply is encrypted before
+ #     being written to $client.
+ #
+ sub lti_handler {
+     my ($cmd, $tail, $client) = @_;
+     my $userinput = "$cmd:$tail";
+     my ($cdom,$cnum,$context,$escurl,$escmethod,$items) = split(/:/,$tail);
+     my $url = &unescape($escurl);
+     my $method = &unescape($escmethod);
+     my $params = &Apache::lonnet::thaw_unescape($items);
+     my $res;
+     if ($cnum ne '') {
+         $res = &LONCAPA::Lond::crslti_itemid($cdom,$cnum,$url,$method,$params,$perlvar{'lonVersion'});
+     } else {
+         $res = &LONCAPA::Lond::domlti_itemid($cdom,$context,$url,$method,$params,$perlvar{'lonVersion'});
+     }
+     if ($res =~ /^error:/) {
+         &Failure($client, \$res, $userinput);
+     } else {
+         if ($cipher) {
+             my $cmdlength=length($res);
+             $res.="         ";
+             my $encres='';
+             for (my $encidx=0;$encidx<=$cmdlength;$encidx+=8) {
+                 $encres.= unpack("H16",
+                                  $cipher->encrypt(substr($res,
+                                                          $encidx,
+)));
+             }
+             &Reply( $client,"enc:$cmdlength:$encres\n",$userinput);
+         } else {
+             &Failure( $client, "error:no_key\n",$userinput);
+         }
+     }
+     return 1;
+ }
+ &register_handler("lti", \&lti_handler, 1, 1, 0);
+ #
  #  Puts an id to a domains id database.
  #
  #  Parameters:
- Line 5567  sub tmp_put_handler {
+ Line 5694  sub tmp_put_handler {
      }
      my ($id,$store);
      $tmpsnum++;
-     if (($context eq 'resetpw') || ($context eq 'createaccount')) {
+     my $numtries = 0;
-         $id = &md5_hex(&md5_hex(time.{}.rand().$$));
+     my $execdir=$perlvar{'lonDaemons'};
+     if (($context eq 'resetpw') || ($context eq 'createaccount') ||
+         ($context eq 'sso') || ($context eq 'link') || ($context eq 'retry')) {
+         $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
+         while ((-e "$execdir/tmp/$id.tmp") && ($numtries <10)) {
+             undef($id);
+             $id = &md5_hex(&md5_hex(time.{}.rand().$$.$tmpsnum));
+             $numtries ++;
+         }
      } else {
          $id = $$.'_'.$clientip.'_'.$tmpsnum;
      }
      $id=~s/\W/\_/g;
      $record=~s/\n//g;
-     my $execdir=$perlvar{'lonDaemons'};
+     if (($id ne '') &&
-     if ($store=IO::File->new(">$execdir/tmp/$id.tmp")) {
+         ($store=IO::File->new(">$execdir/tmp/$id.tmp"))) {
  	print $store $record;
  	close $store;
  	&Reply($client, \$id, $userinput);
- Line 7752  sub make_new_child {
+ Line 7887  sub make_new_child {
          &Authen::Krb5::init_context();
          my $no_ets;
-         if ($dist =~ /^(?:centos|rhes|scientific|oracle)(\d+)$/) {
+         if ($dist =~ /^(?:centos|rhes|scientific|oracle|rocky|alma)(\d+)/) {
              if ($1 >= 7) {
                  $no_ets = 1;
              }
- Line 7941  sub make_new_child {
+ Line 8076  sub make_new_child {
  		Debug("Main: Got $user_input\n");
  		$keep_going = &process_request($user_input);
  		alarm(0);
  		&status('Listening to '.$clientname." ($keymode)");
  	    }
  # --------------------------------------------- client unknown or fishy, refuse
- Line 7957  sub make_new_child {
+ Line 8092  sub make_new_child {
      &logthis("<font color='red'>CRITICAL: "
  	     ."Disconnect from $clientip ($clientname)</font>");
      # this exit is VERY important, otherwise the child will become
      # a producer of more and more children, forking yourself into
      # process death.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

Removed from v.1.567
changed lines
	Added in v.1.572