--- loncom/LondConnection.pm	2010/12/21 11:17:33	1.50
+++ loncom/LondConnection.pm	2017/02/28 05:42:06	1.54
@@ -1,7 +1,7 @@
 #   This module defines and implements a class that represents
 #   a connection to a lond daemon.
 #
-# $Id: LondConnection.pm,v 1.50 2010/12/21 11:17:33 foxr Exp $
+# $Id: LondConnection.pm,v 1.54 2017/02/28 05:42:06 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -40,10 +40,10 @@ use LONCAPA::lonlocal;
 use LONCAPA::lonssl;
 
 
-
-
 my $DebugLevel=0;
 my %perlvar;
+my %secureconf;
+my %hosttypes; 
 my $InsecureOk;
 
 #
@@ -70,8 +70,19 @@ sub ReadConfig {
     my $perlvarref = read_conf('loncapa.conf');
     %perlvar    = %{$perlvarref};
     $ConfigRead = 1;
-    
+
     $InsecureOk = $perlvar{loncAllowInsecure};
+
+    unless (lonssl::Read_Connect_Config(\%secureconf,\%perlvar) eq 'ok') {
+        Debug(1,"Failed to retrieve secureconf hash.\n");
+    }
+    unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') {
+        Debug(1,"Failed to retrieve hosttypes hash.\n");
+    }
+}
+
+sub ResetReadConfig {
+    $ConfigRead = 0;
 }
 
 sub Debug {
@@ -189,7 +200,8 @@ sub new {
 		     LocalKeyFile       => "",
                      CipherKey          => "",
                      LondVersion        => "Unknown",
-                     Cipher             => undef};
+                     Cipher             => undef,
+		     ClientData         => undef};
     bless($self, $class);
     unless ($self->{Socket} = IO::Socket::INET->new(PeerHost => $self->{Host},
 					       PeerPort => $self->{Port},
@@ -200,6 +212,7 @@ sub new {
 	return undef;		# Inidicates the socket could not be made.
     }
     my $socket = $self->{Socket}; # For local use only.
+    $socket->sockopt(SO_KEEPALIVE, 1); # Turn on keepalive probes when idle.
     #  If we are local, we'll first try local auth mode, otherwise, we'll try
     #  the ssl auth mode:
 
@@ -214,7 +227,15 @@ sub new {
 	#  allowed...else give up right away.
 
 	if(!(defined $key) || !(defined $keyfile)) {
-	    if($InsecureOk) {
+            my $canconnect = 0;
+            if (ref($secureconf{'connto'}) eq 'HASH') {
+                unless ($secureconf{'connto'}->{'dom'} eq 'req') {
+                    $canconnect = 1;
+                }
+            } else {
+                $canconnect = $InsecureOk;
+            }
+	    if ($canconnect) {
 		$self->{AuthenticationMode} = "insecure";
 		$self->{TransactionRequest} = "init\n";
 	    } 
@@ -238,19 +259,25 @@ sub new {
 	my ($ca, $cert) = lonssl::CertificateFile;
 	my $sslkeyfile  = lonssl::KeyFile;
 
-	if((defined $ca)  && (defined $cert) && (defined $sslkeyfile)) {
-
+        my ($conntype,$gotconninfo);
+        if ((ref($secureconf{'connto'}) eq 'HASH') &&
+            (exists($hosttypes{$lonid}))) {
+            $conntype = $secureconf{'connto'}{$hosttypes{$lonid}};
+            if ($conntype ne '') {
+                $gotconninfo = 1;
+            }
+        }
+	if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile))) {
 	    $self->{AuthenticationMode} = "ssl";
 	    $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n";
+	} elsif (($gotconninfo && $conntype ne 'req') || (!$gotconninfo && $InsecureOk)) { 
+	    # Allowed to do insecure:
+	    $self->{AuthenticationMode} = "insecure";
+	    $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n";
 	} else {
-	    if($InsecureOk) {		# Allowed to do insecure:
-		$self->{AuthenticationMode} = "insecure";
-		$self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n";
-	    }
-	    else {		# Not allowed to do insecure...
-		$socket->close;
-		return undef;
-	    }
+	    # Not allowed to do insecure...
+	    $socket->close;
+	    return undef;
 	}
     }
 
@@ -340,9 +367,12 @@ sub Readable {
 	$self->Transition("Disconnected");
 	return -1;
     }
-    #  Append the data to the buffer.  And figure out if the read is done:
+    # If we actually got data, reset the timeout.
 
-    $self->{TimeoutRemaining}   = $self->{TimeoutValue}; # getting data resets the timeout period.
+    if (length $data) {
+	$self->{TimeoutRemaining}   = $self->{TimeoutValue}; # getting data resets the timeout period.
+    }
+    #  Append the data to the buffer.  And figure out if the read is done:
 
     &Debug(9,"Received from host: ".$data);
     $self->{TransactionReply} .= $data;
@@ -1052,7 +1082,16 @@ sub ExchangeKeysViaSSL {
 #
 sub CompleteInsecure {
     my $self = shift;
-    if($InsecureOk) {
+    $self->{LoncapaHim};
+    my ($conntype,$gotconninfo);
+    if ((ref($secureconf{'connto'}) eq 'HASH') &&
+        (exists($hosttypes{$self->{LoncapaHim}}))) {
+        $conntype = $secureconf{'connto'}{$hosttypes{$self->{LoncapaHim}}};
+        if ($conntype ne '') {
+            $gotconninfo = 1;
+        }
+    } 
+    if ((($gotconninfo) && ($conntype ne 'req')) || (!$gotconninfo && $InsecureOk)) {
 	$self->{AuthenticationMode} = "insecure";
 	&Debug(8," Transition out of Initialized:insecure");
 	$self->{TransactionRequest} = $self->{TransactionReply};
@@ -1140,6 +1179,21 @@ sub PeerVersion {
    return $version;
 }
 
+#
+#  Manipulate the client data field
+#
+sub SetClientData {
+    my ($self, $newData) = @_;
+    $self->{ClientData} = $newData;
+}
+#
+#  Get the current client data field.
+#
+sub GetClientData {
+    my $self = shift;
+    return $self->{ClientData};
+}
+
 1;
 
 =pod