Diff for /doc/loncapafiles/updatequery.piml between versions 1.84.2.3 and 1.85

version 1.84.2.3, 2020/01/07 01:29:06 version 1.85, 2016/08/03 15:04:59
Line 34  http://www.lon-capa.org/ Line 34  http://www.lon-capa.org/
 <perlscript mode='fg'>  <perlscript mode='fg'>
 $|=1;  $|=1;
 use strict;  use strict;
   use lib '/home/httpd/lib/perl/';
   use LONCAPA::Configuration;
   use LONCAPA::Lond;
   use LONCAPA::SSL;
   use LONCAPA;
   use GDBM_File;
   use Storable qw(thaw);
   use Term::ReadKey;
   use Locale::Country;
   
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
Line 50  use strict; Line 59  use strict;
   
 END  END
 #sleep(3);  #sleep(3);
   
   sub get_static_config {
   # get LCperlvars from loncapa_apache.conf
       my $confdir = '/etc/httpd/conf/';
       if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') {
           $confdir = '/etc/apache2/';
       }
       my $filename='loncapa_apache.conf';
       my %LCperlvar;
       if (-e "$confdir$filename") {
           open(CONFIG,'&lt;'.$confdir.$filename) or die("Can't read $confdir$filename");
           while (my $configline=&lt;CONFIG&gt;) {
               if ($configline =~ /^[^\#]?PerlSetVar/) {
                   my ($unused,$varname,$varvalue)=split(/\s+/,$configline);
                   chomp($varvalue);
                   $LCperlvar{$varname}=$varvalue;
               }
           }
           close(CONFIG);
       }
       return \%LCperlvar;
   }
   
   sub get_domain_config {
       my ($dom,$isprimary,$url,$perlvarref) = @_;
       my %confhash;
       if ($isprimary) {
           if (ref($perlvarref) eq 'HASH') {
               my $lonusersdir = $perlvarref-&gt;{'lonUsersDir'};
               my $fname = $lonusersdir.'/'.$dom.'/configuration.db';
               if (-e $fname) {
                   my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER());
                   if (ref($dbref) eq 'HASH') {
                       foreach my $key (sort(keys(%{$dbref}))) {
                           my $value = $dbref->{$key};
                           if ($value =~ s/^__FROZEN__//) {
                               $value = thaw(&LONCAPA::unescape($value));
                           } else {
                               $value = &LONCAPA::unescape($value);
                           }
                           $confhash{$key} = $value;
                       }
                       &LONCAPA::locking_hash_untie($dbref);
                   }
               }
           }
       } else {
           if (open(PIPE,"wget --no-check-certificate '$url?domain=$dom&format=raw' |")) {
               my $config = '';
               while (<PIPE>) {
                   $config .= $_;
               }
               close(PIPE);
               if ($config) {
                   my @pairs=split(/\&/,$config);
                   foreach my $item (@pairs) {
                       my ($key,$value)=split(/=/,$item,2);
                       my $what = &LONCAPA::unescape($key);
                       if ($value =~ s/^__FROZEN__//) {
                           $value = thaw(&LONCAPA::unescape($value));
                       } else {
                           $value = &LONCAPA::unescape($value); 
                       }
                       $confhash{$what}=$value;
                   }
               }
           }
       }
       return (\%confhash);
   }
   
   sub make_passphrase {
       my ($got_passwd,$firstpass,$secondpass,$passwd);
       my $maxtries = 10;
       my $trial = 0;
       while ((!$got_passwd) && ($trial &lt; $maxtries)) {
           $firstpass = &get_password('Enter password');
           if (length($firstpass) &lt; 6) {
               print('Password too short.'."\n".
                 'Please choose a password with at least six characters.'."\n".
                 'Please try again.'."\n");
           } elsif (length($firstpass) &gt; 30) {
               print('Password too long.'."\n".
                     'Please choose a password with no more than thirty characters.'."\n".
                     'Please try again.'."\n");
           } else {
               my $pbad=0;
               foreach (split(//,$firstpass)) {if ((ord($_)&lt;32)||(ord($_)&gt;126)){$pbad=1;}}
               if ($pbad) {
                   print('Password contains invalid characters.'."\n".
                         'Password must consist of standard ASCII characters.'."\n".
                         'Please try again.'."\n");
               } else {
                   $secondpass = &get_password('Enter password a second time');
                   if ($firstpass eq $secondpass) {
                       $got_passwd = 1;
                       $passwd = $firstpass;
                   } else {
                       print('Passwords did not match.'."\n".
                             'Please try again.'."\n");
                   }
               }
           }
           $trial ++;
       }
       return $passwd;
   }
   
   sub get_password {
       my ($prompt) = @_;
       local $| = 1;
       print $prompt.': ';
       my $newpasswd = '';
       ReadMode 'raw';
       my $key;
       while(ord($key = ReadKey(0)) != 10) {
           if(ord($key) == 127 || ord($key) == 8) {
               chop($newpasswd);
               print "\b \b";
           } elsif(!ord($key) &lt; 32) {
               $newpasswd .= $key;
               print '*';
           }
       }
       ReadMode 'normal';
       print "\n";
       return $newpasswd;
   }
   
   sub send_mail {
       my ($hostname,$recipient,$subj,$file) = @_;
       my $from = 'www@'.$hostname;
       my $certmail = "To: $recipient\n".
                      "From: $from\n".
                      "Subject: ".$subj."\n".
                      "Content-type: text/plain\; charset=UTF-8\n".
                      "MIME-Version: 1.0\n\n";
       if (open(my $fh,"&lt;$file")) {
           while (&lt;$fh&gt;) {
               $certmail .= $_;
           }
           close($fh);
           $certmail .= "\n\n";
           if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) {
               print $mailh $certmail;
               close($mailh);
               print "Mail sent ($subj) to $recipient\n";
           } else {
               print "Sending mail ($subj) to $recipient failed.\n";
           }
       }
       return;
   }
   
 </perlscript>  </perlscript>
 </file>  </file>
 <file>  <file>
 <target dist='default'>loncom/hosts.tab</target>  <target dist='default'>../../loncom/hosts.tab</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 my $lonCluster;  my $lonCluster;
 unless (-l "<TARGET />") {  my $currCluster;
   print(&lt;&lt;END);  
   if (-l "<TARGET />") {
     my $currlink = readlink("<TARGET />");
     if ($currlink =~ /^new_(existing|standalone|development|production)_hosts\.tab$/) {
         $currCluster = $1;
     }
     my %clustertypes = (
                          production  => 'PRODUCTION',
                          standalone  => 'STAND-ALONE',
                          development => 'DEVELOPMENT',
                          existing    => 'RUNNING YOUR OWN CLUSTER',
                        );
     if (($currCluster) && (exists($clustertypes{$currCluster}))) {
         print(&lt;&lt;END);
   
   The cluster type for this server is currently: $clustertypes{$currCluster}
   END
   
     }
   }
   
   print(&lt;&lt;END);
   
 ===============================================================================  ===============================================================================
   
 Which cluster option would you like to have installed?  Which cluster option would you like to have installed?
 IMPORTANT: to take advantage of the cluster options 1) and 3),  IMPORTANT: to take advantage of the cluster options 1) and 3),
 you must contact loncapa\@loncapa.org.  you must contact loncapa\@loncapa.org.
Line 117  END Line 302  END
     $lonCluster='rawhide'; $flag=1;      $lonCluster='rawhide'; $flag=1;
   }    }
 }  }
 }  
 </perlscript>  </perlscript>
 </file>  </file>
 <file>  <file>
Line 130  my $primaryLibServer; Line 314  my $primaryLibServer;
 my $protocol;  my $protocol;
 my $intdom;  my $intdom;
 my $desiredhostname;  my $desiredhostname;
   my $city;
   my $state;
   my $country;
 my @libservers = ();  my @libservers = ();
 unless (-e "<TARGET />") {  unless (-e "<TARGET />") {
   print(&lt;&lt;END);    print(&lt;&lt;END);
Line 139  If you have questions, please visit http Line 326  If you have questions, please visit http
 or contact helpdesk\@loncapa.org.  or contact helpdesk\@loncapa.org.
   
 ===============================================================================  ===============================================================================
 The following 8 values are needed to configure LON-CAPA:  The following 10 values are needed to configure LON-CAPA:
 * Machine Role  * Machine Role
 * LON-CAPA Domain Name  * LON-CAPA Domain Name
 * LON-CAPA Machine ID Name  * LON-CAPA Machine ID Name
Line 148  The following 8 values are needed to con Line 335  The following 8 values are needed to con
 * Web Server Protocol  * Web Server Protocol
 * Internet Domain Name of Your Institution  * Internet Domain Name of Your Institution
 * Hostname  * Hostname
   * City, State, Country for LON-CAPA SSL certificate 
   * Password for key for creating SSL certificates
 ===============================================================================  ===============================================================================
   
 In addition, a Support E-mail Address can also be included. If  In addition, a Support E-mail Address can also be included. If
Line 434  my $lonAdmEMail; Line 623  my $lonAdmEMail;
 while (!$flag) {  while (!$flag) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
 **** Server Administrators E-mail ****  **** Server Administrator's E-mail ****
 E-mail address of the person who will manage this machine  E-mail address of the person who will manage this machine
 [should be in the form somebody\@somewhere]  [should be in the form somebody\@somewhere]
 ENTER ADMIN E-MAIL ADDRESS:  ENTER ADMIN E-MAIL ADDRESS:
Line 566  while (!$flag) { Line 755  while (!$flag) {
 ****** Hostname of the server/VM *****  ****** Hostname of the server/VM *****
   
 The hostname of the server/VM is required. This will be similar to:  The hostname of the server/VM is required. This will be similar to:
 somename.ustate.edu or somename.department.ustate.edu, and would be   somename.ustate.edu or somename.department.ustate.edu, and would be
 the web address which users would point their web browsers at to  the web address which users would point their web browsers at to
 access the server.  access the server.
   
Line 598  if ($posshostname) { Line 787  if ($posshostname) {
   }    }
 }  }
   
   # get Country
   print(&lt;&lt;END);
   
   ****** Information about Country, State or Province and City *****
   
   A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166,
   is required. A state or province, and a city are also required.
   This locality information is included in two SSL certificates used internally
   by LON-CAPA, unless you are running standalone.
   
   If your server will be part of either the production or development 
   clusters, then the certificate will need to be signed by the official 
   LON-CAPA Certificate Authority (CA).  If you will be running your own 
   cluster then the cluster will need to create its own CA. 
   
   END
   
   my $posscountry;
   if ($desiredhostname =~ /\.(edu|com|org)$/) {
       $posscountry = 'us';
   
   } else { 
       ($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/);
   }
   if ($posscountry) {
       my $countrydesc = &Locale::Country::code2country($posscountry);
       if ($countrydesc eq '') {
           undef($posscountry);
       }
   }
   
   $flag=0;
   while (!$flag) {
     if ($posscountry) {
        $posscountry = uc($posscountry);
        print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n";
     } else {
        print "ENTER TWO-LETTER COUNTRY CODE:\n";
     }
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice ne '') {
       if (&Locale::Country::code2country(lc($choice))) {
         open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
         print(OUT 'country'."\t".uc($choice)."\n");
         close(OUT);
         $country=uc($choice);
         $flag=1;
       } else {
         print "Invalid input -- a valid two letter country code is required\n";
       }
     } elsif (($choice eq '') && ($posscountry ne '')) {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'country'."\t".$posscountry."\n");
       close(OUT);
       $country = $posscountry;
       $flag = 1;
     } else {
       print "Invalid input -- a country code is required\n";
     }
   }
   
   $flag=0;
   # get State or Province
   while (!$flag) {
     print(&lt;&lt;END);
   
   ENTER STATE OR PROVINCE NAME:
   END
   
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice ne '') {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'state'."\t".$choice."\n");
       close(OUT);
       $state=$choice;
       $flag=1;
     }
     else {
       print "Invalid input (a state or province name is required).\n";
     }
   }
   
   $flag=0;
   # get City
   while (!$flag) {
     print(&lt;&lt;END);
   
   ENTER CITY NAME:
   END
   
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice ne '') {
       open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
       print(OUT 'city'."\t".$choice."\n");
       close(OUT);
       $city=$choice;
       $flag=1;
     }
     else {
       print "Invalid input (a city is required).\n";
     }
   }
   
   $flag=0;
   while (!$flag) {
     print(&lt;&lt;END);
   
   The domain description, country, state and city will be
   used in the SSL certificates
    
   1) Domain Description: $domainDescription
   2) Country: $country
   3) State or Province: $state
   4) City: $city
   5) Everything is correct up above 
   
   ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5:
   END
     my $choice=&lt;&gt;;
     chomp($choice);
     if ($choice == 1) {
       print(&lt;&lt;END);
   1) Domain Description: $domainDescription
   ENTER NEW VALUE 
   END
       my $choice2=&lt;&gt;;
       chomp($choice2);
       $domainDescription=$choice2;
     }
     elsif ($choice == 2) {
       print(&lt;&lt;END);
   2) Country: $country
   ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE)
   END
       my $choice2=&lt;&gt;;
       chomp($choice2);
       $country = uc($choice2); 
     }
     elsif ($choice == 3) {
       print(&lt;&lt;END);
   3) State or Province: $state
   ENTER NEW VALUE:
   END
       my $choice2=&lt;&gt;;
       chomp($choice2);
       $state=$choice2;
     }
     elsif ($choice == 4) {
       print(&lt;&lt;END);
   4) City: $city
   ENTER NEW VALUE:
   END
       my $choice2=&lt;&gt;;
       chomp($choice2);
       $city=$choice2;
     } elsif ($choice == 5) {
       $flag=1;
       $state =~ s{/}{ }g;
       $city =~ s{/}{ }g;
       $domainDescription =~ s{/}{ }g;
     } else {
       print "Invalid input.\n";
     }
   }
   
   my $perlvarref = &get_static_config();
   if (ref($perlvarref) eq 'HASH') {
     my ($certsdir,$privkey,$connectcsr,$replicatecsr);
     $certsdir = $perlvarref->{'lonCertificateDirectory'};
     $privkey = $perlvarref->{'lonnetPrivateKey'};  
     $connectcsr = $perlvarref->{'lonnetCertificate'};
     $connectcsr =~ s/\.pem$/.csr/;
     $replicatecsr = $perlvarref->{'lonnetHostnameCertificate'};
     $replicatecsr =~ s/\.pem$/.csr/;
   
     print(&lt;&lt;END);
   
   ****** SSL Certificates *****
   
   You need to provide a password to be used for the openssl key which
   will be stored in $certsdir, and will be used when creating two
   certificate signing requests: $connectcsr and $replicatecsr
   
   END
   
     my $sslkeypass;
     $flag=0;
   # get Password for SSL key
     while (!$flag) {
       $sslkeypass = &make_passphrase();
       if ($sslkeypass) {
         $flag = 1;
       } else {
         print "Invalid input (a password is required for the SSL key).\n";
       }
     }
   
     if ($certsdir && $privkey) {
       my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail";
       my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail";
   
   # generate SSL key
   # generate SSL csr for hostID
   # generate SSL csr for internal hostname
   
       if (-f "$certsdir/lonKey.enc") {
           my $mode = 0600;
           chmod $mode, "$certsdir/lonKey.enc";
       }
       open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2&gt;&1 |");
       close(PIPE);
       if (-f "$certsdir/$privkey") {
           my $mode = 0600;
           chmod $mode, "$certsdir/$privkey";
       }
       open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |");
       close(PIPE);
       if ($connectcsr) {
           open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |");
           close(PIPE);
       }
       if ($replicatecsr) { 
           open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |");
           close(PIPE);
       }
       if (-f "$certsdir/lonKey.enc") {
           my $mode = 0400;
           chmod $mode, "$certsdir/lonKey.enc";
       }
       if (-f "$certsdir/$privkey") {
           my $mode = 0400;
           chmod $mode, "$certsdir/$privkey";
       }
     }
   
     my $camail;
     if ($lonCluster eq 'production' || $lonCluster eq 'development') {
       $camail = $perlvarref->{'SSLEmail'};
     } else {
       $flag=0;
   # get Certificate Authority E-mail 
       while (!$flag) {
         print(&lt;&lt;END);
   
   ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS
   END
   
         my $choice=&lt;&gt;;
         chomp($choice);
         if ($choice ne '') {
           open(OUT,'&gt;&gt;/tmp/loncapa_updatequery.out');
           print(OUT 'Certificate Authority Email Address'."\t".$choice."\n");
           close(OUT);
           $camail=$choice;
           $flag=1;
         } else {
           print "Invalid input (an email address is required).\n";
         }
       }
     }
     if ($camail) {
       my $subj;
       if (-e "$certsdir/$connectcsr") { 
           $subj = "Certificate Request ($lonHostID)";
           print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr"));
       }
       if (-e "$certsdir/$replicatecsr") {
           $subj = "Certificate Request (internal-$desiredhostname)";
           print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr"));
       }
     }
   }
   
 # update loncapa.conf  # update loncapa.conf
 my $confdir = '/etc/httpd/conf/';  my $confdir = '/etc/httpd/conf/';
 if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20') {  if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') {
      $confdir = '/etc/apache2/';       $confdir = '/etc/apache2/';
 }     }   
 my $filename='loncapa.conf';  my $filename='loncapa.conf';
Line 657  END Line 1122  END
 </file>  </file>
 <file>  <file>
 <target dist='default'>/etc/httpd/conf/</target>  <target dist='default'>/etc/httpd/conf/</target>
 <target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20'>/etc/apache2/</target>  <target dist='sles10 sles11 sles12 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16'>/etc/apache2/</target>
 <perlscript mode='fg'>  <perlscript mode='fg'>
 sub securesetting {  sub securesetting {
     my (%perlvar)=@_;      my (%perlvar)=@_;
Line 742  my %perlvarstatic; Line 1207  my %perlvarstatic;
     push(@hosts_files,'/home/httpd/lonTabs/hosts.tab',      push(@hosts_files,'/home/httpd/lonTabs/hosts.tab',
          '/home/httpd/lonTabs/dns_hosts.tab');           '/home/httpd/lonTabs/dns_hosts.tab');
   
       my @poss_hosts_files = @hosts_files;
     if (!$domainDescription) {      if (!$domainDescription) {
  foreach my $file (@domain_files) {   foreach my $file (@domain_files) {
     open(IN,'&lt;'.$file);      open(IN,'&lt;'.$file);
Line 795  my %perlvarstatic; Line 1261  my %perlvarstatic;
         }          }
     }      }
   
       my (%hostnames,%protocols);
     while(!$primaryLibServer && (@hosts_files || @domain_files)) {      while(!$primaryLibServer && (@hosts_files || @domain_files)) {
  my $file = shift(@domain_files);   my $file = shift(@domain_files);
         open(IN,'&lt;'.$file);          open(IN,'&lt;'.$file);
Line 809  my %perlvarstatic; Line 1276  my %perlvarstatic;
  $file = shift(@hosts_files);   $file = shift(@hosts_files);
  open(IN,'&lt;'.$file);   open(IN,'&lt;'.$file);
  while(my $line = &lt;IN&gt;) {   while(my $line = &lt;IN&gt;) {
     if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:/) {      if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+)/) {
  push(@libservers,$1);   push(@libservers,$1);
                   $hostnames{$1} = $2;
     }      }
  }   }
  # make list unique   # make list unique
Line 820  my %perlvarstatic; Line 1288  my %perlvarstatic;
     $primaryLibServer = $libservers[0];      $primaryLibServer = $libservers[0];
  }   }
     }      }
   
   # get hostname of primaryLibServer
       my ($primary_hostname,$primary_protocol);
       if ($primaryLibServer) {
           if ($hostnames{$primaryLibServer}) {
               $primary_hostname = $hostnames{$primaryLibServer};
               $primary_protocol = $protocols{$primaryLibServer};
           } else {
               foreach my $file (@poss_hosts_files) {
                   open(IN,'&lt;'.$file);
                   while (my $line = &lt;IN&gt;) {
                       if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+):(https?)/) {
                           if ($1 eq $primaryLibServer) {
                               $primary_hostname = $2;
                               $primary_protocol = $3;
                               last;
                           }
                       }
                   }
                   close(IN);
                   last if ($primary_hostname);
               }
           }
       }
         
 # implement editing logic below, interactively  # implement editing logic below, interactively
 # update loncapa.conf until 15 is entered  # update loncapa.conf until 17 is entered
   
 my $flag=0;  my $flag=0;
   
   #
   # Changes to 5, 6, and 14 not supported if configuration.db set on primary library server.
   # (requires either this machine to be primary library server or for LON-CAPA and Apache
   # to be running on primary library server.
   #
   
   my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui);
   if ($primaryLibServer eq $perlvar{'lonHostID'}) {
       $isprimary = 1;
   } else {
       unless ($primary_protocol eq 'https') {
           $primary_protocol = 'http';
       } 
       $url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl';
   }
   my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$isprimary,$url,\%perlvarstatic);
   if (ref($domconf)) {
       $gotdomconf = 1;
       if (ref($domconf->{'contacts'}) eq 'HASH') {
           if (exists($domconf->{'contacts'}->{'adminemail'})) {
               $adminmail = $domconf->{'contacts'}->{'adminemail'};
           }
           if (exists($domconf->{'contacts'}->{'supportemail'})) {
               $supportmail = $domconf->{'contacts'}->{'supportemail'};
           }
       }
       if (ref($domconf->{'ssl'}) eq 'HASH') {
           if (ref($domconf->{'ssl'}->{'connect'}) eq 'HASH') {       
               my ($sslreq,$sslnoreq);
               my %contypes; 
               foreach my $type ('dom','intdom','other') {
                   my $key;
                   if ($domconf->{'ssl'}->{'connect'}->{$type} eq 'req') {
                       $key = 'yes';
                   } else {
                       $key = 'no';
                   }
                   if ($type eq 'dom') {
                       $contypes{$key} .= ' own domain,';
                   } elsif ($type eq 'intdom') {
                       $contypes{$key} .= ' own institution,';
                   } elsif ($type eq 'other') { 
                       $contypes{$key} .= ' other domains,';
                   }
               }
               foreach my $key (sort(keys(%contypes))) {
                   $contypes{$key} =~ s/^\s//;
                   $contypes{$key} =~ s/,$//;
                   if ($key eq 'yes') {
                       $connectssl .= ' Yes ('.$contypes{$key}.'),';
                   } elsif ($key eq 'no') {
                       $connectssl = ' No ('.$contypes{$key}.')';
                   }
                   $connectssl =~ s/,$//;
               }
           }
       }
   }
   if ($connectssl) {
       $setbygui{'securestatus'} = 1;
       $securestatus = 'Set by domain configuration via web GUI. Currently: '.$connectssl; 
   }
   if ($adminmail) {
       $adminmail = 'Set by domain configuration via web GUI. Currently: '.$adminmail;
       $setbygui{'lonAdmEMail'} = 1;
   } else {
       $adminmail = $perlvar{'lonAdmEMail'};
   }
   if ($supportmail) {
       $supportmail = 'Set by domain configuration via web GUI. Currently: '.$supportmail;
       $setbygui{'lonSupportEMail'} = 1;
   } else {
       $supportmail = $perlvar{'lonSupportEMail'};
   }
   
   print "\nRetrieving status information for SSL key and certificates ...\n\n";
   my ($lonhostcertstatus,$lonhostnamecertstatus,$lonkeystatus);
   my $currcerts = &LONCAPA::SSL::print_certstatus({$perlvar{'lonHostID'} => 1,},'text','cgi');
   chomp($currcerts);
   my %sslstatus;
   
   if ($currcerts eq "$perlvar{'lonHostID'}:error") {
       print "No information available for SSL certificates\n";
       $sslstatus{'key'} = -1;
       $sslstatus{'host'} = -1;
       $sslstatus{'hostname'} = -1;
       $sslstatus{'ca'} = -1;
       $lonkeystatus = 'unknown status';
       $lonhostcertstatus = 'unknown status';
       $lonhostnamecertstatus = 'unknown status';
   } else {
       my %sslnames = (
                         key      => 'lonnetPrivateKey',
                         host     => 'lonnetCertificate',
                         hostname => 'lonnetHostnameCertificate',
                         ca       => 'lonnetCertificateAuthority',
                      );
       my %ssldesc = (
                       key      => 'Private Key',
                       host     => 'Connections Certificate',
                       hostname => 'Replication Certificate',
                       ca       => 'LON-CAPA CA Certificate',
                     );
       my ($lonhost,$info) = split(/\:/,$currcerts,2);
       if ($lonhost eq $perlvar{'lonHostID'}) {
           my @items = split(/\&/,$info);
           foreach my $item (@items) {
               my ($key,$value) = split(/=/,$item,2);
               my @data = split(/,/,$value);
               if (grep(/^\Q$key\E$/,keys(%sslnames))) {
                   if (lc($data[0]) eq 'yes') { 
                       print "$ssldesc{$key} $perlvarstatic{$sslnames{$key}} available with status = $data[1]\n";
                       if ($key eq 'key') {
                           $lonkeystatus = "status: $data[1]"; 
                           if ($data[1] =~ /ok$/) {
                               $sslstatus{$key} = 1;
                           } 
                       } else {
                           if ($data[1] eq 'Expired') {
                               $sslstatus{$key} = 2;
                           } else {
                               $sslstatus{$key} = 1;
                           }
                           if ($key eq 'host') {
                               $lonhostcertstatus = "status: $data[1]";
                           } elsif ($key eq 'hostname') {
                               $lonhostnamecertstatus = "status: $data[1]";
                           }
                       }
                   } else {
                       $sslstatus{$key} = 0;
                       print "$ssldesc{$key} $perlvarstatic{$sslnames{$key}} not available\n";
                       if (($key eq 'host') || ($key eq 'hostname')) {
                           my $csr = $perlvarstatic{$sslnames{$key}};
                           $csr =~s /\.pem$/.csr/;
                           my $csrstatus;
                           if (-e "$perlvarstatic{'lonCertificateDirectory'}/$csr") {
                               open(PIPE,"openssl req -text -noout -verify -in $perlvarstatic{'lonCertificateDirectory'}/$csr 2&gt;&1 |");
                               while(&lt;PIPE&gt;) {
                                   chomp();
                                   $csrstatus = $_;
                                   last;
                               }
                               close(PIPE);
                               print "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n";
                               if ($key eq 'host') {
                                   $lonhostcertstatus = 'awaiting signature';
                               } else {
                                   $lonhostnamecertstatus = 'awaiting signature';
                               }
                               $sslstatus{$key} = 3;
                           } else {
                               print "No certificate signing request available for $ssldesc{$key}\n\n";
                               if ($key eq 'host') {
                                   $lonhostcertstatus = 'still needed';
                               } else {
                                   $lonhostnamecertstatus = 'still needed';
                               }
                           }
                       } elsif ($key eq 'key') {
                           $lonkeystatus = 'still needed';
                       }
                   }
               }
           }
       }
   }
   
 while (!$flag) {  while (!$flag) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
   
Line 835  This is now the current configuration of Line 1495  This is now the current configuration of
  2) Domain Description: $domainDescription   2) Domain Description: $domainDescription
  3) Machine Name: $perlvar{'lonHostID'}   3) Machine Name: $perlvar{'lonHostID'}
  4) ID of primary library server for domain: $primaryLibServer   4) ID of primary library server for domain: $primaryLibServer
  5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}   5) Server Administrator's E-mail Address: $adminmail
  6) Support E-mail Address: $perlvar{'lonSupportEMail'}   6) Support E-mail Address: $supportmail
  7) Web Server Protocol (http or https): $protocol    7) Web Server Protocol (http or https): $protocol 
  8) Internet Domain Name: $intdom    8) Internet Domain Name: $intdom 
  9) Hostname: $desiredhostname   9) Hostname: $desiredhostname
 10) Role: $perlvar{'lonRole'}  10) Role: $perlvar{'lonRole'}
 11) Cache Expiration Time: $perlvar{'lonExpire'}  11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds)
 12) Server Load: $perlvar{'lonLoadLim'}  12) Server Load: $perlvar{'lonLoadLim'}
 13) User Load: $perlvar{'lonUserLoadLim'}  13) User Load: $perlvar{'lonUserLoadLim'}
 14) Allow only secure connections: $securestatus   14) Allow only secure connections: $securestatus
 15) Everything is correct up above  15) Private Key for SSL: $lonkeystatus
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   18) Everything is correct up above
 END  END
   
 my @error;  my @error;
Line 909  if (!defined($primaryLibServer)) { Line 1572  if (!defined($primaryLibServer)) {
 }  }
   
   
   my ($certsdir,$privkey,$connectcsr,$replicatecsr);
   $certsdir = $perlvarstatic{'lonCertificateDirectory'};
   $privkey = $perlvarstatic{'lonnetPrivateKey'};
   $connectcsr = $perlvarstatic{'lonnetCertificate'};
   $connectcsr =~ s/\.pem$/.csr/;
   $replicatecsr = $perlvarstatic{'lonnetHostnameCertificate'};
   $replicatecsr =~ s/\.pem$/.csr/;
   
 if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; }  if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; }
   print(&lt;&lt;END);    print(&lt;&lt;END);
 ENTER A CHOICE OF 1-14 TO CHANGE, otherwise ENTER 15:  ENTER A CHOICE OF 1-17 TO CHANGE, otherwise ENTER 18:
 END  END
 my $choice=&lt;&gt;;  my $choice=&lt;&gt;;
 chomp($choice);  chomp($choice);
Line 964  END Line 1635  END
     $primaryLibServer=$choice2;      $primaryLibServer=$choice2;
   }    }
   elsif ($choice==5) {    elsif ($choice==5) {
   print(&lt;&lt;END);      if ($setbygui{'lonAdmEMail'}) {
         print(&lt;&lt;END);
   5) Server Administrator's E-mail Address: $adminmail
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {
         print(&lt;&lt;END);
 5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}  5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'}
 ENTER NEW VALUE:  ENTER NEW VALUE:
 END  END
     my $choice2=&lt;&gt;;        my $choice2=&lt;&gt;;
     chomp($choice2);        chomp($choice2);
     $perlvar{'lonAdmEMail'}=$choice2;        $perlvar{'lonAdmEMail'}=$choice2;
       }
   }    }
   elsif ($choice==6) {    elsif ($choice==6) {
   print(&lt;&lt;END);      if ($setbygui{'lonAdmEMail'}) {
         print(&lt;&lt;END);
   6) Support E-mail Address: $supportmail
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {    
         print(&lt;&lt;END);
 6) Support E-mail Address: $perlvar{'lonSupportEMail'}  6) Support E-mail Address: $perlvar{'lonSupportEMail'}
 ENTER NEW VALUE:  ENTER NEW VALUE:
 END  END
     my $choice2=&lt;&gt;;        my $choice2=&lt;&gt;;
     chomp($choice2);        chomp($choice2);
     $perlvar{'lonSupportEMail'}=$choice2;        $perlvar{'lonSupportEMail'}=$choice2;
       }
   }    }
   elsif ($choice==7) {    elsif ($choice==7) {
   print(&lt;&lt;END);    print(&lt;&lt;END);
Line 1051  END Line 1736  END
     $perlvar{'lonUserLoadLim'}=$choice2;      $perlvar{'lonUserLoadLim'}=$choice2;
   }    }
   elsif ($choice==14) {    elsif ($choice==14) {
   print(&lt;&lt;END);      if ($setbygui{'securestatus'}) {
         print(&lt;&lt;END);
   14) Allow only secure connections: $securestatus
   Use the web GUI (as domain coordinator) to make changes after completing the UPDATE.
   END
       } else {
         print(&lt;&lt;END);
 14) Allow only secure connections: $securestatus   14) Allow only secure connections: $securestatus 
 The Lon-CAPA communication daemons lonc and lond can be configured to  The Lon-CAPA communication daemons lonc and lond can be configured to
 allow only secure connections by default.  allow only secure connections by default.
Line 1066  POSSIBLE CHOICES: Line 1757  POSSIBLE CHOICES:
 4) allow insecure connections  4) allow insecure connections
 ENTER NEW VALUE (currently $securenum):  ENTER NEW VALUE (currently $securenum):
 END  END
     my $choice2=&lt;&gt;;        my $choice2=&lt;&gt;;
     chomp($choice2);        chomp($choice2);
     if      ($choice2 eq '1') {        if      ($choice2 eq '1') {
  $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0;    $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0;
     } elsif ($choice2 eq '2') {        } elsif ($choice2 eq '2') {
  $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1;    $perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1;
     } elsif ($choice2 eq '3') {        } elsif ($choice2 eq '3') {
  $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0;    $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0;
     } elsif ($choice2 eq '4') {        } elsif ($choice2 eq '4') {
  $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1;    $perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1;
         }
         ($securestatus,$securenum)=&securesetting(%perlvar);
     }      }
     ($securestatus,$securenum)=&securesetting(%perlvar);    } elsif ($choice==15) {
   }        #$sslstatus{'key'};
   elsif (($choice==15) && (!@error)) {        print(&lt;&lt;END);
   15) Private Key for SSL: $lonkeystatus
   
   POSSIBLE CHOICES:
   1) overwrite existing key
   2) create new key for use later
   3) make no change
   ENTER NEW VALUE
   END
         my $choice2=&lt;&gt;;
         chomp($choice2);
     } elsif ($choice==16) {
         #$sslstatus{'host'};
         print(&lt;&lt;END);
   16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) resend current certificate signing request
   4) make no change
   ENTER NEW VALUE
   END
         my $choice2=&lt;&gt;;
         chomp($choice2);
     } elsif ($choice==17) {
         #$sslstatus{'hostname'}
         print(&lt;&lt;END);
   17) SSL Certificate for Content Replication: $lonhostnamecertstatus
   
   POSSIBLE CHOICES:
   1) create new certificate signing request with new key
   2) create new certificate signing request with existing key
   3) resend current certificate signing request
   4) make no change
   ENTER NEW VALUE
   END
         my $choice2=&lt;&gt;;
         chomp($choice2);
     } elsif (($choice==18) && (!@error)) {
     $flag=1;      $flag=1;
   }    } else {
   else {  
     print "Invalid input.\n";      print "Invalid input.\n";
   }    }
 }  }

Removed from v.1.84.2.3  
changed lines
  Added in v.1.85


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>