|
version 1.56, 2018/07/29 03:03:36
|
version 1.62, 2018/12/14 02:05:38
|
|
Line 44 my $DebugLevel=0;
|
Line 44 my $DebugLevel=0;
|
| my %perlvar; |
my %perlvar; |
| my %secureconf; |
my %secureconf; |
| my %badcerts; |
my %badcerts; |
| my %hosttypes; |
my %hosttypes; |
| |
my %crlchecked; |
| my $InsecureOk; |
my $InsecureOk; |
| |
|
| # |
# |
|
Line 80 sub ReadConfig {
|
Line 81 sub ReadConfig {
|
| unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
unless (lonssl::Read_Host_Types(\%hosttypes,\%perlvar) eq 'ok') { |
| Debug(1,"Failed to retrieve hosttypes hash.\n"); |
Debug(1,"Failed to retrieve hosttypes hash.\n"); |
| } |
} |
| undef(%badcerts); |
%badcerts = (); |
| |
%crlchecked = (); |
| } |
} |
| |
|
| sub ResetReadConfig { |
sub ResetReadConfig { |
|
Line 163 host the remote lond is on. This host is
|
Line 165 host the remote lond is on. This host is
|
| |
|
| port number the remote lond is listening on. |
port number the remote lond is listening on. |
| |
|
| |
=item lonid |
| |
|
| |
lonid of the remote lond is listening on. |
| |
|
| |
=item deflonid |
| |
|
| |
default lonhostID of the remote lond is listening on. |
| |
|
| =cut |
=cut |
| |
|
| sub new { |
sub new { |
| my ($class, $DnsName, $Port, $lonid) = @_; |
my ($class, $DnsName, $Port, $lonid, $deflonid, $loncaparev) = @_; |
| |
|
| if (!$ConfigRead) { |
if (!$ConfigRead) { |
| ReadConfig(); |
ReadConfig(); |
| $ConfigRead = 1; |
$ConfigRead = 1; |
| } |
} |
| &Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.")\n"); |
&Debug(4,$class."::new( ".$DnsName.",".$Port.",".$lonid.",".$deflonid.",".$loncaparev.")\n"); |
| |
|
| my ($conntype,$gotconninfo,$allowinsecure); |
my ($conntype,$gotconninfo,$allowinsecure); |
| if ((ref($secureconf{'connto'}) eq 'HASH') && |
if ((ref($secureconf{'connto'}) eq 'HASH') && |
|
Line 201 sub new {
|
Line 211 sub new {
|
| # Now create the object... |
# Now create the object... |
| my $self = { Host => $DnsName, |
my $self = { Host => $DnsName, |
| LoncapaHim => $lonid, |
LoncapaHim => $lonid, |
| |
LoncapaDefid => $deflonid, |
| |
LoncapaRev => $loncaparev, |
| Port => $Port, |
Port => $Port, |
| State => "Initialized", |
State => "Initialized", |
| AuthenticationMode => "", |
AuthenticationMode => "", |
| InsecureOK => $allowinsecure, |
InsecureOK => $allowinsecure, |
| TransactionRequest => "", |
TransactionRequest => "", |
| TransactionReply => "", |
TransactionReply => "", |
| NextRequest => "", |
NextRequest => "", |
|
Line 276 sub new {
|
Line 288 sub new {
|
| |
|
| my ($ca, $cert) = lonssl::CertificateFile; |
my ($ca, $cert) = lonssl::CertificateFile; |
| my $sslkeyfile = lonssl::KeyFile; |
my $sslkeyfile = lonssl::KeyFile; |
| |
my $badcertfile = lonssl::has_badcert_file($self->{LoncapaHim}); |
| |
my ($loncaparev) = ($perlvar{'lonVersion'} =~ /^[\'\"]?([\w.\-]+)[\'\"]?$/); |
| |
|
| if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
if (($conntype ne 'no') && (defined($ca)) && (defined($cert)) && (defined($sslkeyfile)) && |
| (!exists($badcerts{$self->{LoncapaHim}}))) { |
(!exists($badcerts{$self->{LoncapaHim}})) && !$badcertfile) { |
| $self->{AuthenticationMode} = "ssl"; |
$self->{AuthenticationMode} = "ssl"; |
| $self->{TransactionRequest} = "init:ssl:$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init:ssl:$loncaparev\n"; |
| } elsif ($self->{InsecureOK}) { |
} elsif ($self->{InsecureOK}) { |
| # Allowed to do insecure: |
# Allowed to do insecure: |
| $self->{AuthenticationMode} = "insecure"; |
$self->{AuthenticationMode} = "insecure"; |
| $self->{TransactionRequest} = "init::$perlvar{'lonVersion'}\n"; |
$self->{TransactionRequest} = "init::$loncaparev\n"; |
| } else { |
} else { |
| # Not allowed to do insecure... |
# Not allowed to do insecure... |
| $socket->close; |
$socket->close; |
|
Line 443 sub Readable {
|
Line 457 sub Readable {
|
| fcntl($socket, F_SETFL, $flags | O_NONBLOCK); |
fcntl($socket, F_SETFL, $flags | O_NONBLOCK); |
| $self->ToVersionRequest(); |
$self->ToVersionRequest(); |
| return 0; |
return 0; |
| } |
} |
| else { # Failed in ssl exchange. |
else { # Failed in ssl exchange. |
| if (($sslresult == -1) && ($self->{InsecureOK})) { |
if (($sslresult == -1) && (lonssl::LastError == -1) && ($self->{InsecureOK})) { |
| |
my $badcertdir = &lonssl::BadCertDir(); |
| |
if (($badcertdir) && $self->{LoncapaHim}) { |
| |
if (open(my $fh,'>',"$badcertdir/".$self->{LoncapaHim})) { |
| |
close($fh); |
| |
} |
| |
} |
| $badcerts{$self->{LoncapaHim}} = 1; |
$badcerts{$self->{LoncapaHim}} = 1; |
| |
&Debug(3,"SSL verification failed: close socket and initiate insecure connection"); |
| |
$self->Transition("ReInitNoSSL"); |
| |
$socket->close; |
| |
return -1; |
| } |
} |
| &Debug(3,"init:ssl failed key negotiation!"); |
&Debug(3,"init:ssl failed key negotiation!"); |
| $self->Transition("Disconnected"); |
$self->Transition("Disconnected"); |
| $socket->close; |
$socket->close; |
| return -1; |
return -1; |
| } |
} |
| } |
} |
| elsif ($Response =~ /^[0-9]+/) { # Old style lond. |
elsif ($Response =~ /^[0-9]+/) { # Old style lond. |
| return $self->CompleteInsecure(); |
return $self->CompleteInsecure(); |
|
Line 517 sub Readable {
|
Line 541 sub Readable {
|
| } |
} |
| } elsif ($self->{State} eq "ReceivingKey") { |
} elsif ($self->{State} eq "ReceivingKey") { |
| my $buildkey = $self->{TransactionReply}; |
my $buildkey = $self->{TransactionReply}; |
| |
chomp($buildkey); |
| my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'}; |
my $key = $self->{LoncapaHim}.$perlvar{'lonHostID'}; |
| $key=~tr/a-z/A-Z/; |
$key=~tr/a-z/A-Z/; |
| $key=~tr/G-P/0-9/; |
$key=~tr/G-P/0-9/; |
|
Line 1043 sub ExchangeKeysViaSSL {
|
Line 1068 sub ExchangeKeysViaSSL {
|
| my $self = shift; |
my $self = shift; |
| my $socket = $self->{Socket}; |
my $socket = $self->{Socket}; |
| my $peer = $self->{LoncapaHim}; |
my $peer = $self->{LoncapaHim}; |
| |
my $peerdef = $self->{LoncapaDefid}; |
| |
my $loncaparev = $self->{LoncapaRev}; |
| |
|
| # Get our signed certificate, the certificate authority's |
# Get our signed certificate, the certificate authority's |
| # certificate and our private key file. All of these |
# certificate and our private key file. All of these |
|
Line 1051 sub ExchangeKeysViaSSL {
|
Line 1078 sub ExchangeKeysViaSSL {
|
| my ($SSLCACertificate, |
my ($SSLCACertificate, |
| $SSLCertificate) = lonssl::CertificateFile(); |
$SSLCertificate) = lonssl::CertificateFile(); |
| my $SSLKey = lonssl::KeyFile(); |
my $SSLKey = lonssl::KeyFile(); |
| |
my $CRLFile; |
| |
unless ($crlchecked{$peerdef}) { |
| |
$CRLFile = lonssl::CRLFile(); |
| |
$crlchecked{$peerdef} = 1; |
| |
} |
| # Promote our connection to ssl and read the key from lond. |
# Promote our connection to ssl and read the key from lond. |
| |
|
| my $SSLSocket = lonssl::PromoteClientSocket($socket, |
my $SSLSocket = lonssl::PromoteClientSocket($socket, |
| $SSLCACertificate, |
$SSLCACertificate, |
| $SSLCertificate, |
$SSLCertificate, |
| $SSLKey, |
$SSLKey, |
| $peer); |
$peer, |
| |
$peerdef, |
| |
$CRLFile, |
| |
$loncaparev); |
| if(defined $SSLSocket) { |
if(defined $SSLSocket) { |
| my $key = <$SSLSocket>; |
my $key = <$SSLSocket>; |
| lonssl::Close($SSLSocket); |
lonssl::Close($SSLSocket); |
|
Line 1211 sub PeerLoncapaHim {
|
Line 1245 sub PeerLoncapaHim {
|
| return $self->{LoncapaHim}; |
return $self->{LoncapaHim}; |
| } |
} |
| |
|
| |
# |
| |
# Get the Authentication mode |
| |
# |
| |
|
| |
sub GetKeyMode { |
| |
my $self = shift; |
| |
return $self->{AuthenticationMode}; |
| |
} |
| |
|
| 1; |
1; |
| |
|
| =pod |
=pod |
![[BACK]](/icons/back.gif){kind=icon}
Return to LondConnection.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom