|
version 1.85, 2016/08/03 15:04:59
|
version 1.93, 2020/01/04 18:03:16
|
|
Line 44 use Storable qw(thaw);
|
Line 44 use Storable qw(thaw);
|
| use Term::ReadKey; |
use Term::ReadKey; |
| use Locale::Country; |
use Locale::Country; |
| |
|
| print(<<END); |
sub get_new_sslkeypass { |
| |
my $sslkeypass; |
| |
my $flag=0; |
| ********************************************* |
# get Password for SSL key |
| ********************************************* |
while (!$flag) { |
| **** **** |
$sslkeypass = &make_passphrase(); |
| **** LON-CAPA SYSTEM INFORMATION REQUEST **** |
if ($sslkeypass) { |
| **** **** |
$flag = 1; |
| **** Please respond to the choices below **** |
} else { |
| **** **** |
print "Invalid input (a password is required for the SSL key).\n"; |
| ********************************************* |
} |
| ********************************************* |
} |
| |
return $sslkeypass; |
| END |
} |
| #sleep(3); |
|
| |
|
| sub get_static_config { |
sub get_static_config { |
| # get LCperlvars from loncapa_apache.conf |
# get LCperlvars from loncapa_apache.conf |
| my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
| if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20') { |
| $confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
| } |
} |
| my $filename='loncapa_apache.conf'; |
my $filename='loncapa_apache.conf'; |
|
Line 83 sub get_static_config {
|
Line 82 sub get_static_config {
|
| } |
} |
| |
|
| sub get_domain_config { |
sub get_domain_config { |
| my ($dom,$isprimary,$url,$perlvarref) = @_; |
my ($dom,$primaryserver,$isprimary,$url,$perlvarref) = @_; |
| my %confhash; |
my %confhash; |
| if ($isprimary) { |
if ($isprimary) { |
| if (ref($perlvarref) eq 'HASH') { |
if (ref($perlvarref) eq 'HASH') { |
|
Line 106 sub get_domain_config {
|
Line 105 sub get_domain_config {
|
| } |
} |
| } |
} |
| } else { |
} else { |
| if (open(PIPE,"wget --no-check-certificate '$url?domain=$dom&format=raw' |")) { |
if (open(PIPE,"wget --no-check-certificate '$url?primary=$primaryserver&format=raw' |")) { |
| my $config = ''; |
my $config = ''; |
| while (<PIPE>) { |
while (<PIPE>) { |
| $config .= $_; |
$config .= $_; |
| } |
} |
| close(PIPE); |
close(PIPE); |
|
Line 135 sub make_passphrase {
|
Line 134 sub make_passphrase {
|
| my $maxtries = 10; |
my $maxtries = 10; |
| my $trial = 0; |
my $trial = 0; |
| while ((!$got_passwd) && ($trial < $maxtries)) { |
while ((!$got_passwd) && ($trial < $maxtries)) { |
| $firstpass = &get_password('Enter password'); |
$firstpass = &get_password('Enter a password for the SSL key (at least 6 characters long)'); |
| if (length($firstpass) < 6) { |
if (length($firstpass) < 6) { |
| print('Password too short.'."\n". |
print('Password too short.'."\n". |
| 'Please choose a password with at least six characters.'."\n". |
'Please choose a password with at least six characters.'."\n". |
|
Line 213 sub send_mail {
|
Line 212 sub send_mail {
|
| return; |
return; |
| } |
} |
| |
|
| |
sub mail_csr { |
| |
my ($types,$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarref) = @_; |
| |
my ($camail,$flag); |
| |
if ($lonCluster eq 'production' || $lonCluster eq 'development') { |
| |
$camail = $perlvarref->{'SSLEmail'}; |
| |
} else { |
| |
$flag=0; |
| |
# get Certificate Authority E-mail |
| |
while (!$flag) { |
| |
print(<<END); |
| |
|
| |
ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS |
| |
END |
| |
|
| |
my $choice=<>; |
| |
chomp($choice); |
| |
if ($choice ne '') { |
| |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
| |
print(OUT 'Certificate Authority Email Address'."\t".$choice."\n"); |
| |
close(OUT); |
| |
$camail=$choice; |
| |
$flag=1; |
| |
} else { |
| |
print "Invalid input (an email address is required).\n"; |
| |
} |
| |
} |
| |
} |
| |
if ($camail) { |
| |
my $subj; |
| |
if (($types eq 'both') || ($types = 'host')) { |
| |
if (-e "$certsdir/$connectcsr") { |
| |
$subj = "Certificate Request ($lonHostID)"; |
| |
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr")); |
| |
} |
| |
} |
| |
if (($types eq 'both') || ($types = 'hostname')) { |
| |
if (-e "$certsdir/$replicatecsr") { |
| |
$subj = "Certificate Request (internal-$desiredhostname)"; |
| |
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr")); |
| |
} |
| |
} |
| |
} |
| |
} |
| |
|
| |
sub ssl_info { |
| |
print(<<END); |
| |
|
| |
****** Information about Country, State or Province and City ***** |
| |
|
| |
A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166, |
| |
is required. A state or province, and a city are also required. |
| |
This locality information is included in two SSL certificates used internally |
| |
by LON-CAPA, unless you are running standalone. |
| |
|
| |
If your server will be part of either the production or development |
| |
clusters, then the certificate will need to be signed by the official |
| |
LON-CAPA Certificate Authority (CA). If you will be running your own |
| |
cluster then the cluster will need to create its own CA. |
| |
|
| |
END |
| |
} |
| |
|
| |
sub get_country { |
| |
my ($desiredhostname) = @_; |
| |
# get Country |
| |
my ($posscountry,$country); |
| |
if ($desiredhostname =~ /\.(edu|com|org)$/) { |
| |
$posscountry = 'us'; |
| |
} else { |
| |
($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/); |
| |
} |
| |
if ($posscountry) { |
| |
my $countrydesc = &Locale::Country::code2country($posscountry); |
| |
if ($countrydesc eq '') { |
| |
undef($posscountry); |
| |
} |
| |
} |
| |
|
| |
my $flag=0; |
| |
while (!$flag) { |
| |
if ($posscountry) { |
| |
$posscountry = uc($posscountry); |
| |
print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n"; |
| |
} else { |
| |
print "ENTER TWO-LETTER COUNTRY CODE:\n"; |
| |
} |
| |
my $choice=<>; |
| |
chomp($choice); |
| |
if ($choice ne '') { |
| |
if (&Locale::Country::code2country(lc($choice))) { |
| |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
| |
print(OUT 'country'."\t".uc($choice)."\n"); |
| |
close(OUT); |
| |
$country=uc($choice); |
| |
$flag=1; |
| |
} else { |
| |
print "Invalid input -- a valid two letter country code is required\n"; |
| |
} |
| |
} elsif (($choice eq '') && ($posscountry ne '')) { |
| |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
| |
print(OUT 'country'."\t".$posscountry."\n"); |
| |
close(OUT); |
| |
$country = $posscountry; |
| |
$flag = 1; |
| |
} else { |
| |
print "Invalid input -- a country code is required\n"; |
| |
} |
| |
} |
| |
return $country; |
| |
} |
| |
|
| |
sub get_state { |
| |
# get State or Province |
| |
my $flag=0; |
| |
my $state = ''; |
| |
while (!$flag) { |
| |
print(<<END); |
| |
|
| |
ENTER STATE OR PROVINCE NAME: |
| |
END |
| |
|
| |
my $choice=<>; |
| |
chomp($choice); |
| |
if ($choice ne '') { |
| |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
| |
print(OUT 'state'."\t".$choice."\n"); |
| |
close(OUT); |
| |
$state=$choice; |
| |
$flag=1; |
| |
} else { |
| |
print "Invalid input (a state or province name is required).\n"; |
| |
} |
| |
} |
| |
return $state; |
| |
} |
| |
|
| |
sub get_city { |
| |
# get City |
| |
my $flag=0; |
| |
my $city = ''; |
| |
while (!$flag) { |
| |
print(<<END); |
| |
|
| |
ENTER CITY NAME: |
| |
END |
| |
|
| |
my $choice=<>; |
| |
chomp($choice); |
| |
if ($choice ne '') { |
| |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
| |
print(OUT 'city'."\t".$choice."\n"); |
| |
close(OUT); |
| |
$city=$choice; |
| |
$flag=1; |
| |
} else { |
| |
print "Invalid input (a city is required).\n"; |
| |
} |
| |
} |
| |
return $city; |
| |
} |
| |
|
| |
sub confirm_locality { |
| |
my ($domainDescription,$country,$state,$city) = @_; |
| |
my $flag = 0; |
| |
while (!$flag) { |
| |
print(<<END); |
| |
|
| |
The domain description, country, state and city will be |
| |
used in the SSL certificates |
| |
|
| |
1) Domain Description: $domainDescription |
| |
2) Country: $country |
| |
3) State or Province: $state |
| |
4) City: $city |
| |
5) Everything is correct up above |
| |
|
| |
ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5: |
| |
END |
| |
my $choice=<>; |
| |
chomp($choice); |
| |
if ($choice == 1) { |
| |
print(<<END); |
| |
1) Domain Description: $domainDescription |
| |
ENTER NEW VALUE |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
$domainDescription=$choice2; |
| |
} elsif ($choice == 2) { |
| |
print(<<END); |
| |
2) Country: $country |
| |
ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE) |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
$country = uc($choice2); |
| |
} elsif ($choice == 3) { |
| |
print(<<END); |
| |
3) State or Province: $state |
| |
ENTER NEW VALUE: |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
$state=$choice2; |
| |
} elsif ($choice == 4) { |
| |
print(<<END); |
| |
4) City: $city |
| |
ENTER NEW VALUE: |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
$city=$choice2; |
| |
} elsif ($choice == 5) { |
| |
$flag=1; |
| |
$state =~ s{/}{ }g; |
| |
$city =~ s{/}{ }g; |
| |
$domainDescription =~ s{/}{ }g; |
| |
} else { |
| |
print "Invalid input.\n"; |
| |
} |
| |
} |
| |
return ($domainDescription,$country,$state,$city); |
| |
} |
| |
|
| |
sub make_key { |
| |
my ($certsdir,$privkey,$sslkeypass) = @_; |
| |
# generate SSL key |
| |
if ($certsdir && $privkey) { |
| |
if (-f "$certsdir/lonKey.enc") { |
| |
my $mode = 0600; |
| |
chmod $mode, "$certsdir/lonKey.enc"; |
| |
} |
| |
open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2>&1 |"); |
| |
close(PIPE); |
| |
if (-f "$certsdir/$privkey") { |
| |
my $mode = 0600; |
| |
chmod $mode, "$certsdir/$privkey"; |
| |
} |
| |
open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |"); |
| |
close(PIPE); |
| |
if (-f "$certsdir/lonKey.enc") { |
| |
my $mode = 0400; |
| |
chmod $mode, "$certsdir/lonKey.enc"; |
| |
} |
| |
if (-f "$certsdir/$privkey") { |
| |
my $mode = 0400; |
| |
chmod $mode, "$certsdir/$privkey"; |
| |
} |
| |
} else { |
| |
print "Key creation failed. Missing one or more of: certificates directory, key name\n"; |
| |
} |
| |
} |
| |
|
| |
sub encrypt_key { |
| |
my ($certsdir,$privkey,$sslkeypass) = @_; |
| |
if ($certsdir && $privkey) { |
| |
if ((-f "$certsdir/$privkey") && (!-f "$certsdir/lonKey.enc")) { |
| |
open(PIPE,"openssl rsa -des3 -in $certsdir/$privkey -out $certsdir/lonKey.enc |"); |
| |
} |
| |
} |
| |
return; |
| |
} |
| |
|
| |
sub make_host_csr { |
| |
my ($certsdir,$sslkeypass,$connectcsr,$connectsubj) = @_; |
| |
# generate SSL csr for hostID |
| |
if ($certsdir && $connectcsr && $connectsubj) { |
| |
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |"); |
| |
close(PIPE); |
| |
} else { |
| |
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
| |
} |
| |
} |
| |
|
| |
sub make_hostname_csr { |
| |
my ($certsdir,$sslkeypass,$replicatecsr,$replicatesubj) = @_; |
| |
# generate SSL csr for internal hostname |
| |
if ($certsdir && $replicatecsr && $replicatesubj) { |
| |
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |"); |
| |
close(PIPE); |
| |
} else { |
| |
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
| |
} |
| |
} |
| |
|
| |
sub securesetting { |
| |
my (%perlvar) = @_; |
| |
my ($securestatus,$securenum); |
| |
if (($perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
| |
$securenum = 4; |
| |
$securestatus = 'Allow insecure connections - inbound and outbound'; |
| |
} elsif (($perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
| |
$securenum = 3; |
| |
$securestatus = 'Outbound: allow insecure connections; Inbound: secure only'; |
| |
} elsif ((!$perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
| |
$securenum = 2; |
| |
$securestatus = 'Outbound: secure connections only; Inbound: allow insecure'; |
| |
} elsif ((!$perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
| |
$securenum = 1; |
| |
$securestatus = 'Secure connections only - inbound and outbound '; |
| |
} |
| |
return ($securestatus,$securenum); |
| |
} |
| |
|
| |
sub get_sslnames { |
| |
my %sslnames = ( |
| |
key => 'lonnetPrivateKey', |
| |
host => 'lonnetCertificate', |
| |
hostname => 'lonnetHostnameCertificate', |
| |
ca => 'lonnetCertificateAuthority', |
| |
); |
| |
return %sslnames; |
| |
} |
| |
|
| |
sub get_ssldesc { |
| |
my %ssldesc = ( |
| |
key => 'Private Key', |
| |
host => 'Connections Certificate', |
| |
hostname => 'Replication Certificate', |
| |
ca => 'LON-CAPA CA Certificate', |
| |
); |
| |
return %ssldesc; |
| |
} |
| |
|
| |
sub get_cert_status { |
| |
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
| |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','install'); |
| |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
| |
my $output = ''; |
| |
if ($currcerts eq "$lonHostID:error") { |
| |
$output .= "No information available for SSL certificates\n"; |
| |
$sslstatus{'key'} = -1; |
| |
$sslstatus{'host'} = -1; |
| |
$sslstatus{'hostname'} = -1; |
| |
$sslstatus{'ca'} = -1; |
| |
$lonkeystatus = 'unknown status'; |
| |
$lonhostcertstatus = 'unknown status'; |
| |
$lonhostnamecertstatus = 'unknown status'; |
| |
} else { |
| |
my %sslnames = &get_sslnames(); |
| |
my %ssldesc = &get_ssldesc(); |
| |
my %csr; |
| |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
| |
if ($lonhost eq $lonHostID) { |
| |
my @items = split(/\&/,$info); |
| |
foreach my $item (@items) { |
| |
my ($key,$value) = split(/=/,$item,2); |
| |
if ($key =~ /^(host(?:|name))\-csr$/) { |
| |
$csr{$1} = $value; |
| |
} |
| |
my @data = split(/,/,$value); |
| |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
| |
my ($checkcsr,$comparecsr); |
| |
if (lc($data[0]) eq 'yes') { |
| |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
| |
if ($key eq 'key') { |
| |
$lonkeystatus = "status: $data[1]"; |
| |
if ($data[1] =~ /ok$/) { |
| |
$sslstatus{$key} = 1; |
| |
} |
| |
} else { |
| |
my $setstatus; |
| |
if (($key eq 'host') || ($key eq 'hostname')) { |
| |
if ($data[1] eq 'otherkey') { |
| |
$sslstatus{$key} = 4; |
| |
$setstatus = 1; |
| |
if ($key eq 'host') { |
| |
$lonhostcertstatus = "status: created with different key"; |
| |
} elsif ($key eq 'hostname') { |
| |
$lonhostnamecertstatus = "status: created with different key"; |
| |
} |
| |
} elsif ($data[1] eq 'nokey') { |
| |
$sslstatus{$key} = 5; |
| |
$setstatus = 1; |
| |
if ($key eq 'host') { |
| |
$lonhostcertstatus = "status: created with missing key"; |
| |
} elsif ($key eq 'hostname') { |
| |
$lonhostnamecertstatus = "status: created with missing key"; |
| |
} |
| |
} |
| |
if ($setstatus) { |
| |
$comparecsr = 1; |
| |
} |
| |
} |
| |
unless ($setstatus) { |
| |
if ($data[1] eq 'expired') { |
| |
$sslstatus{$key} = 2; |
| |
} elsif ($data[1] eq 'future') { |
| |
$sslstatus{$key} = 3; |
| |
} else { |
| |
$sslstatus{$key} = 1; |
| |
} |
| |
if ($key eq 'host') { |
| |
$lonhostcertstatus = "status: $data[1]"; |
| |
} elsif ($key eq 'hostname') { |
| |
$lonhostnamecertstatus = "status: $data[1]"; |
| |
} |
| |
} |
| |
} |
| |
} else { |
| |
$sslstatus{$key} = 0; |
| |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
| |
if ($key eq 'key') { |
| |
$lonkeystatus = 'still needed'; |
| |
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
| |
$checkcsr = 1; |
| |
} |
| |
} |
| |
if (($checkcsr) || ($comparecsr)) { |
| |
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
| |
$csrfile =~s /\.pem$/.csr/; |
| |
my $csrstatus; |
| |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
| |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
| |
while(<PIPE>) { |
| |
chomp(); |
| |
$csrstatus = $_; |
| |
last; |
| |
} |
| |
close(PIPE); |
| |
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
| |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
| |
if ($key eq 'host') { |
| |
$lonhostcertstatus = 'awaiting signature'; |
| |
} else { |
| |
$lonhostnamecertstatus = 'awaiting signature'; |
| |
} |
| |
$sslstatus{$key} = 3; |
| |
} |
| |
} elsif ($checkcsr) { |
| |
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
| |
if ($key eq 'host') { |
| |
$lonhostcertstatus = 'still needed'; |
| |
} else { |
| |
$lonhostnamecertstatus = 'still needed'; |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
} |
| |
return ($output,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,\%sslstatus); |
| |
} |
| |
|
| |
print(<<END); |
| |
|
| |
|
| |
********************************************* |
| |
********************************************* |
| |
**** **** |
| |
**** LON-CAPA SYSTEM INFORMATION REQUEST **** |
| |
**** **** |
| |
**** Please respond to the choices below **** |
| |
**** **** |
| |
********************************************* |
| |
********************************************* |
| |
|
| |
END |
| |
#sleep(3); |
| |
|
| </perlscript> |
</perlscript> |
| </file> |
</file> |
| <file> |
<file> |
|
Line 227 if (-l "<TARGET />") {
|
Line 687 if (-l "<TARGET />") {
|
| $currCluster = $1; |
$currCluster = $1; |
| } |
} |
| my %clustertypes = ( |
my %clustertypes = ( |
| production => 'PRODUCTION', |
production => 'PRODUCTION', |
| standalone => 'STAND-ALONE', |
standalone => 'STAND-ALONE', |
| development => 'DEVELOPMENT', |
development => 'DEVELOPMENT', |
| existing => 'RUNNING YOUR OWN CLUSTER', |
existing => 'RUNNING YOUR OWN CLUSTER', |
| ); |
); |
| if (($currCluster) && (exists($clustertypes{$currCluster}))) { |
if (($currCluster) && (exists($clustertypes{$currCluster}))) { |
| print(<<END); |
print(<<END); |
|
Line 455 END
|
Line 915 END
|
| close(OUT); |
close(OUT); |
| $lonDefDomain=$choice; |
$lonDefDomain=$choice; |
| $flag=1; |
$flag=1; |
| } elsif (length($choice)>35) { |
} elsif (length($choice)>35) { |
| print "Name too long\n"; |
print "Name too long\n"; |
| } elsif (length($choice)<2) { |
} elsif (length($choice)<2) { |
| print "Name too short\n"; |
print "Name too short\n"; |
| } elsif ($bad_domain_flag) { |
} elsif ($bad_domain_flag) { |
| print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
|
Line 542 END
|
Line 1002 END
|
| close(OUT); |
close(OUT); |
| $lonHostID=$choice; |
$lonHostID=$choice; |
| $flag=1; |
$flag=1; |
| } elsif (length($choice)>45) { |
} elsif (length($choice)>45) { |
| print "Name too long\n"; |
print "Name too long\n"; |
| } elsif (length($choice)<4) { |
} elsif (length($choice)<4) { |
| print "Name too short\n"; |
print "Name too short\n"; |
| } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
Line 582 END
|
Line 1042 END
|
| print(<<END); |
print(<<END); |
| ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]: |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]: |
| END |
END |
| } elsif (@libservers > 0) { |
} elsif (@libservers > 0) { |
| print(<<END); |
print(<<END); |
| ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]] |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]] |
| END |
END |
|
Line 600 END
|
Line 1060 END
|
| print(OUT 'primaryLibServer'."\t".$choice."\n"); |
print(OUT 'primaryLibServer'."\t".$choice."\n"); |
| close(OUT); |
close(OUT); |
| $flag=1; |
$flag=1; |
| } elsif (length($choice)>35) { |
} elsif (length($choice)>35) { |
| print "Name too long\n"; |
print "Name too long\n"; |
| } elsif (length($choice)<4) { |
} elsif (length($choice)<4) { |
| print "Name too short\n"; |
print "Name too short\n"; |
| } elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
Line 787 if ($posshostname) {
|
Line 1247 if ($posshostname) {
|
| } |
} |
| } |
} |
| |
|
| # get Country |
&ssl_info(); |
| print(<<END); |
|
| |
|
| ****** Information about Country, State or Province and City ***** |
$country = &get_country($desiredhostname); |
| |
|
| A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166, |
$state = &get_state(); |
| is required. A state or province, and a city are also required. |
|
| This locality information is included in two SSL certificates used internally |
|
| by LON-CAPA, unless you are running standalone. |
|
| |
|
| If your server will be part of either the production or development |
$city = &get_city(); |
| clusters, then the certificate will need to be signed by the official |
|
| LON-CAPA Certificate Authority (CA). If you will be running your own |
|
| cluster then the cluster will need to create its own CA. |
|
| |
|
| END |
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
| |
|
| my $posscountry; |
|
| if ($desiredhostname =~ /\.(edu|com|org)$/) { |
|
| $posscountry = 'us'; |
|
| |
|
| } else { |
|
| ($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/); |
|
| } |
|
| if ($posscountry) { |
|
| my $countrydesc = &Locale::Country::code2country($posscountry); |
|
| if ($countrydesc eq '') { |
|
| undef($posscountry); |
|
| } |
|
| } |
|
| |
|
| $flag=0; |
my $perlstaticref = &get_static_config(); |
| while (!$flag) { |
if (ref($perlstaticref) eq 'HASH') { |
| if ($posscountry) { |
|
| $posscountry = uc($posscountry); |
|
| print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n"; |
|
| } else { |
|
| print "ENTER TWO-LETTER COUNTRY CODE:\n"; |
|
| } |
|
| my $choice=<>; |
|
| chomp($choice); |
|
| if ($choice ne '') { |
|
| if (&Locale::Country::code2country(lc($choice))) { |
|
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
| print(OUT 'country'."\t".uc($choice)."\n"); |
|
| close(OUT); |
|
| $country=uc($choice); |
|
| $flag=1; |
|
| } else { |
|
| print "Invalid input -- a valid two letter country code is required\n"; |
|
| } |
|
| } elsif (($choice eq '') && ($posscountry ne '')) { |
|
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
| print(OUT 'country'."\t".$posscountry."\n"); |
|
| close(OUT); |
|
| $country = $posscountry; |
|
| $flag = 1; |
|
| } else { |
|
| print "Invalid input -- a country code is required\n"; |
|
| } |
|
| } |
|
| |
|
| $flag=0; |
|
| # get State or Province |
|
| while (!$flag) { |
|
| print(<<END); |
|
| |
|
| ENTER STATE OR PROVINCE NAME: |
|
| END |
|
| |
|
| my $choice=<>; |
|
| chomp($choice); |
|
| if ($choice ne '') { |
|
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
| print(OUT 'state'."\t".$choice."\n"); |
|
| close(OUT); |
|
| $state=$choice; |
|
| $flag=1; |
|
| } |
|
| else { |
|
| print "Invalid input (a state or province name is required).\n"; |
|
| } |
|
| } |
|
| |
|
| $flag=0; |
|
| # get City |
|
| while (!$flag) { |
|
| print(<<END); |
|
| |
|
| ENTER CITY NAME: |
|
| END |
|
| |
|
| my $choice=<>; |
|
| chomp($choice); |
|
| if ($choice ne '') { |
|
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
| print(OUT 'city'."\t".$choice."\n"); |
|
| close(OUT); |
|
| $city=$choice; |
|
| $flag=1; |
|
| } |
|
| else { |
|
| print "Invalid input (a city is required).\n"; |
|
| } |
|
| } |
|
| |
|
| $flag=0; |
|
| while (!$flag) { |
|
| print(<<END); |
|
| |
|
| The domain description, country, state and city will be |
|
| used in the SSL certificates |
|
| |
|
| 1) Domain Description: $domainDescription |
|
| 2) Country: $country |
|
| 3) State or Province: $state |
|
| 4) City: $city |
|
| 5) Everything is correct up above |
|
| |
|
| ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5: |
|
| END |
|
| my $choice=<>; |
|
| chomp($choice); |
|
| if ($choice == 1) { |
|
| print(<<END); |
|
| 1) Domain Description: $domainDescription |
|
| ENTER NEW VALUE |
|
| END |
|
| my $choice2=<>; |
|
| chomp($choice2); |
|
| $domainDescription=$choice2; |
|
| } |
|
| elsif ($choice == 2) { |
|
| print(<<END); |
|
| 2) Country: $country |
|
| ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE) |
|
| END |
|
| my $choice2=<>; |
|
| chomp($choice2); |
|
| $country = uc($choice2); |
|
| } |
|
| elsif ($choice == 3) { |
|
| print(<<END); |
|
| 3) State or Province: $state |
|
| ENTER NEW VALUE: |
|
| END |
|
| my $choice2=<>; |
|
| chomp($choice2); |
|
| $state=$choice2; |
|
| } |
|
| elsif ($choice == 4) { |
|
| print(<<END); |
|
| 4) City: $city |
|
| ENTER NEW VALUE: |
|
| END |
|
| my $choice2=<>; |
|
| chomp($choice2); |
|
| $city=$choice2; |
|
| } elsif ($choice == 5) { |
|
| $flag=1; |
|
| $state =~ s{/}{ }g; |
|
| $city =~ s{/}{ }g; |
|
| $domainDescription =~ s{/}{ }g; |
|
| } else { |
|
| print "Invalid input.\n"; |
|
| } |
|
| } |
|
| |
|
| my $perlvarref = &get_static_config(); |
|
| if (ref($perlvarref) eq 'HASH') { |
|
| my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
| $certsdir = $perlvarref->{'lonCertificateDirectory'}; |
$certsdir = $perlstaticref->{'lonCertificateDirectory'}; |
| $privkey = $perlvarref->{'lonnetPrivateKey'}; |
$privkey = $perlstaticref->{'lonnetPrivateKey'}; |
| $connectcsr = $perlvarref->{'lonnetCertificate'}; |
$connectcsr = $perlstaticref->{'lonnetCertificate'}; |
| $connectcsr =~ s/\.pem$/.csr/; |
$connectcsr =~ s/\.pem$/.csr/; |
| $replicatecsr = $perlvarref->{'lonnetHostnameCertificate'}; |
$replicatecsr = $perlstaticref->{'lonnetHostnameCertificate'}; |
| $replicatecsr =~ s/\.pem$/.csr/; |
$replicatecsr =~ s/\.pem$/.csr/; |
| |
|
| print(<<END); |
print(<<END); |
|
Line 975 certificate signing requests: $connectcs
|
Line 1277 certificate signing requests: $connectcs
|
| |
|
| END |
END |
| |
|
| my $sslkeypass; |
my $sslkeypass = &get_new_sslkeypass(); |
| $flag=0; |
|
| # get Password for SSL key |
|
| while (!$flag) { |
|
| $sslkeypass = &make_passphrase(); |
|
| if ($sslkeypass) { |
|
| $flag = 1; |
|
| } else { |
|
| print "Invalid input (a password is required for the SSL key).\n"; |
|
| } |
|
| } |
|
| |
|
| if ($certsdir && $privkey) { |
if ($certsdir && $privkey) { |
| my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
| my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
| |
|
| # generate SSL key |
# generate SSL key |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| # generate SSL csr for hostID |
# generate SSL csr for hostID |
| |
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
| # generate SSL csr for internal hostname |
# generate SSL csr for internal hostname |
| |
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
| |
# mail csr files to certificate@lon-capa.org (production or dev clusters). |
| |
&mail_csr('both',$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlstaticref); |
| |
|
| if (-f "$certsdir/lonKey.enc") { |
} else { |
| my $mode = 0600; |
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
| chmod $mode, "$certsdir/lonKey.enc"; |
|
| } |
|
| open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2>&1 |"); |
|
| close(PIPE); |
|
| if (-f "$certsdir/$privkey") { |
|
| my $mode = 0600; |
|
| chmod $mode, "$certsdir/$privkey"; |
|
| } |
|
| open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |"); |
|
| close(PIPE); |
|
| if ($connectcsr) { |
|
| open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |"); |
|
| close(PIPE); |
|
| } |
|
| if ($replicatecsr) { |
|
| open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |"); |
|
| close(PIPE); |
|
| } |
|
| if (-f "$certsdir/lonKey.enc") { |
|
| my $mode = 0400; |
|
| chmod $mode, "$certsdir/lonKey.enc"; |
|
| } |
|
| if (-f "$certsdir/$privkey") { |
|
| my $mode = 0400; |
|
| chmod $mode, "$certsdir/$privkey"; |
|
| } |
|
| } |
|
| |
|
| my $camail; |
|
| if ($lonCluster eq 'production' || $lonCluster eq 'development') { |
|
| $camail = $perlvarref->{'SSLEmail'}; |
|
| } else { |
|
| $flag=0; |
|
| # get Certificate Authority E-mail |
|
| while (!$flag) { |
|
| print(<<END); |
|
| |
|
| ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS |
|
| END |
|
| |
|
| my $choice=<>; |
|
| chomp($choice); |
|
| if ($choice ne '') { |
|
| open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
| print(OUT 'Certificate Authority Email Address'."\t".$choice."\n"); |
|
| close(OUT); |
|
| $camail=$choice; |
|
| $flag=1; |
|
| } else { |
|
| print "Invalid input (an email address is required).\n"; |
|
| } |
|
| } |
|
| } |
|
| if ($camail) { |
|
| my $subj; |
|
| if (-e "$certsdir/$connectcsr") { |
|
| $subj = "Certificate Request ($lonHostID)"; |
|
| print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr")); |
|
| } |
|
| if (-e "$certsdir/$replicatecsr") { |
|
| $subj = "Certificate Request (internal-$desiredhostname)"; |
|
| print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr")); |
|
| } |
} |
| } |
} else { |
| |
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
| } |
} |
| |
|
| # update loncapa.conf |
# update loncapa.conf |
| my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
| if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20') { |
| $confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
| } |
} |
| my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
|
Line 1122 END
|
Line 1358 END
|
| </file> |
</file> |
| <file> |
<file> |
| <target dist='default'>/etc/httpd/conf/</target> |
<target dist='default'>/etc/httpd/conf/</target> |
| <target dist='sles10 sles11 sles12 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16'>/etc/apache2/</target> |
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20'>/etc/apache2/</target> |
| <perlscript mode='fg'> |
<perlscript mode='fg'> |
| sub securesetting { |
|
| my (%perlvar)=@_; |
|
| my $securestatus='unknown'; |
|
| my $securenum=''; |
|
| if ( $perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
| $securestatus='no'; $securenum='4'; |
|
| } elsif ( $perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
| $securestatus='lond'; $securenum='3'; |
|
| } elsif (!$perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
| $securestatus='lonc'; $securenum='2'; |
|
| } elsif (!$perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
| $securestatus='yes (lond and lonc)'; $securenum='1'; |
|
| } |
|
| return ($securestatus,$securenum); |
|
| } |
|
| # read values from loncapa.conf |
# read values from loncapa.conf |
| my $confdir = "<TARGET />"; |
my $confdir = "<TARGET />"; |
| my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
| my %perlvar; |
my %perlvar; |
| my ($securestatus,$securenum); |
|
| if (-e "$confdir$filename") { |
if (-e "$confdir$filename") { |
| open(CONFIG,'<'.$confdir.$filename) or |
open(CONFIG,'<'.$confdir.$filename) or |
| die("Can't read $confdir$filename"); |
die("Can't read $confdir$filename"); |
|
Line 1171 my ($securestatus,$securenum);
|
Line 1391 my ($securestatus,$securenum);
|
| unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
| $perlvar{'loncAllowInsecure'}='1'; |
$perlvar{'loncAllowInsecure'}='1'; |
| } |
} |
| ($securestatus,$securenum)=&securesetting(%perlvar); |
my ($securestatus,$securenum)=&securesetting(%perlvar); |
| unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
| my $lonReceipt=''; |
my $lonReceipt=''; |
| srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
|
Line 1181 my ($securestatus,$securenum);
|
Line 1401 my ($securestatus,$securenum);
|
| } |
} |
| $perlvar{'lonReceipt'}=$lonReceipt; |
$perlvar{'lonReceipt'}=$lonReceipt; |
| } |
} |
| my %perlvarstatic; |
my $perlvarstatic = &get_static_config(); |
| if (-e "${confdir}loncapa_apache.conf") { |
|
| open(CONFIG,'<'.$confdir.'loncapa_apache.conf') or |
|
| die("Can't read ${confdir}loncapa_apache.conf"); |
|
| while (my $configline=<CONFIG>) { |
|
| if ($configline =~ /^[^\#]*PerlSetVar/) { |
|
| my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
|
| chomp($varvalue); |
|
| $perlvarstatic{$varname}=$varvalue; |
|
| } |
|
| } |
|
| close(CONFIG); |
|
| } |
|
| |
|
| my (@hosts_files, @domain_files); |
my (@hosts_files, @domain_files); |
| if ( $lonCluster ne 'existing') { |
if ( $lonCluster ne 'existing') { |
|
Line 1282 my %perlvarstatic;
|
Line 1490 my %perlvarstatic;
|
| } |
} |
| } |
} |
| # make list unique |
# make list unique |
| @libservers = keys(%{{ map { $_ => 1 } (@libservers) }}); |
@libservers = keys(%{{ map { $_ => 1 } (@libservers) }}); |
| close(IN); |
close(IN); |
| if (@libservers == 1) { |
if (@libservers == 1) { |
| $primaryLibServer = $libservers[0]; |
$primaryLibServer = $libservers[0]; |
|
Line 1314 my %perlvarstatic;
|
Line 1522 my %perlvarstatic;
|
| } |
} |
| |
|
| # implement editing logic below, interactively |
# implement editing logic below, interactively |
| # update loncapa.conf until 17 is entered |
# update loncapa.conf until 18 is entered |
| |
|
| my $flag=0; |
my $flag=0; |
| |
|
| # |
# |
| # Changes to 5, 6, and 14 not supported if configuration.db set on primary library server. |
# Changes to 5, 6, and 14 not supported if configuration.db set on primary library server. |
| # (requires either this machine to be primary library server or for LON-CAPA and Apache |
# (requires either this machine to be primary library server or for LON-CAPA and Apache |
| # to be running on primary library server. |
# to be running on primary library server). |
| # |
# |
| |
|
| my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui); |
my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui); |
|
Line 1333 if ($primaryLibServer eq $perlvar{'lonHo
|
Line 1541 if ($primaryLibServer eq $perlvar{'lonHo
|
| } |
} |
| $url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl'; |
$url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl'; |
| } |
} |
| my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$isprimary,$url,\%perlvarstatic); |
|
| |
my %sslnames = &get_sslnames(); |
| |
my %ssldesc = &get_ssldesc(); |
| |
|
| |
my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary, |
| |
$url,$perlvarstatic); |
| if (ref($domconf)) { |
if (ref($domconf)) { |
| $gotdomconf = 1; |
$gotdomconf = 1; |
| if (ref($domconf->{'contacts'}) eq 'HASH') { |
if (ref($domconf->{'contacts'}) eq 'HASH') { |
| if (exists($domconf->{'contacts'}->{'adminemail'})) { |
if (exists($domconf->{'contacts'}->{'adminemail'})) { |
| $adminmail = $domconf->{'contacts'}->{'adminemail'}; |
$adminmail = $domconf->{'contacts'}->{'adminemail'}; |
| } |
} |
| if (exists($domconf->{'contacts'}->{'supportemail'})) { |
if (exists($domconf->{'contacts'}->{'supportemail'})) { |
| $supportmail = $domconf->{'contacts'}->{'supportemail'}; |
$supportmail = $domconf->{'contacts'}->{'supportemail'}; |
| } |
} |
| } |
} |
| if (ref($domconf->{'ssl'}) eq 'HASH') { |
if (ref($domconf->{'ssl'}) eq 'HASH') { |
| if (ref($domconf->{'ssl'}->{'connect'}) eq 'HASH') { |
foreach my $connect ('connto','connfrom') { |
| my ($sslreq,$sslnoreq); |
if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { |
| my %contypes; |
my ($sslreq,$sslnoreq,$currsetting); |
| foreach my $type ('dom','intdom','other') { |
my %contypes; |
| my $key; |
foreach my $type ('dom','intdom','other') { |
| if ($domconf->{'ssl'}->{'connect'}->{$type} eq 'req') { |
my $key; |
| $key = 'yes'; |
if ($domconf->{'ssl'}->{'connect'}->{$type} eq 'req') { |
| } else { |
$key = 'yes'; |
| $key = 'no'; |
} else { |
| |
$key = 'no'; |
| |
} |
| |
if ($type eq 'dom') { |
| |
$contypes{$key} .= ' own domain,'; |
| |
} elsif ($type eq 'intdom') { |
| |
$contypes{$key} .= ' own institution,'; |
| |
} elsif ($type eq 'other') { |
| |
$contypes{$key} .= ' other domains,'; |
| |
} |
| } |
} |
| if ($type eq 'dom') { |
foreach my $key (sort(keys(%contypes))) { |
| $contypes{$key} .= ' own domain,'; |
$contypes{$key} =~ s/^\s//; |
| } elsif ($type eq 'intdom') { |
$contypes{$key} =~ s/,$//; |
| $contypes{$key} .= ' own institution,'; |
if ($key eq 'yes') { |
| } elsif ($type eq 'other') { |
$currsetting .= ' Yes ('.$contypes{$key}.'),'; |
| $contypes{$key} .= ' other domains,'; |
} elsif ($key eq 'no') { |
| |
$currsetting .= ' No ('.$contypes{$key}.')'; |
| |
} |
| |
$currsetting =~ s/,$//; |
| } |
} |
| } |
if ($currsetting ne '') { |
| foreach my $key (sort(keys(%contypes))) { |
$connectssl = $sslnames{$connect}.' -- '.$currsetting.' | '; |
| $contypes{$key} =~ s/^\s//; |
|
| $contypes{$key} =~ s/,$//; |
|
| if ($key eq 'yes') { |
|
| $connectssl .= ' Yes ('.$contypes{$key}.'),'; |
|
| } elsif ($key eq 'no') { |
|
| $connectssl = ' No ('.$contypes{$key}.')'; |
|
| } |
} |
| $connectssl =~ s/,$//; |
|
| } |
} |
| } |
} |
| |
$connectssl =~ s/\s\|\s$//; |
| } |
} |
| } |
} |
| if ($connectssl) { |
if ($connectssl) { |
|
Line 1394 if ($supportmail) {
|
Line 1613 if ($supportmail) {
|
| } |
} |
| |
|
| print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| my ($lonhostcertstatus,$lonhostnamecertstatus,$lonkeystatus); |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| my $currcerts = &LONCAPA::SSL::print_certstatus({$perlvar{'lonHostID'} => 1,},'text','cgi'); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| chomp($currcerts); |
print $certinfo; |
| my %sslstatus; |
my %sslstatus; |
| |
if (ref($sslref) eq 'HASH') { |
| if ($currcerts eq "$perlvar{'lonHostID'}:error") { |
%sslstatus = %{$sslref}; |
| print "No information available for SSL certificates\n"; |
|
| $sslstatus{'key'} = -1; |
|
| $sslstatus{'host'} = -1; |
|
| $sslstatus{'hostname'} = -1; |
|
| $sslstatus{'ca'} = -1; |
|
| $lonkeystatus = 'unknown status'; |
|
| $lonhostcertstatus = 'unknown status'; |
|
| $lonhostnamecertstatus = 'unknown status'; |
|
| } else { |
|
| my %sslnames = ( |
|
| key => 'lonnetPrivateKey', |
|
| host => 'lonnetCertificate', |
|
| hostname => 'lonnetHostnameCertificate', |
|
| ca => 'lonnetCertificateAuthority', |
|
| ); |
|
| my %ssldesc = ( |
|
| key => 'Private Key', |
|
| host => 'Connections Certificate', |
|
| hostname => 'Replication Certificate', |
|
| ca => 'LON-CAPA CA Certificate', |
|
| ); |
|
| my ($lonhost,$info) = split(/\:/,$currcerts,2); |
|
| if ($lonhost eq $perlvar{'lonHostID'}) { |
|
| my @items = split(/\&/,$info); |
|
| foreach my $item (@items) { |
|
| my ($key,$value) = split(/=/,$item,2); |
|
| my @data = split(/,/,$value); |
|
| if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
| if (lc($data[0]) eq 'yes') { |
|
| print "$ssldesc{$key} $perlvarstatic{$sslnames{$key}} available with status = $data[1]\n"; |
|
| if ($key eq 'key') { |
|
| $lonkeystatus = "status: $data[1]"; |
|
| if ($data[1] =~ /ok$/) { |
|
| $sslstatus{$key} = 1; |
|
| } |
|
| } else { |
|
| if ($data[1] eq 'Expired') { |
|
| $sslstatus{$key} = 2; |
|
| } else { |
|
| $sslstatus{$key} = 1; |
|
| } |
|
| if ($key eq 'host') { |
|
| $lonhostcertstatus = "status: $data[1]"; |
|
| } elsif ($key eq 'hostname') { |
|
| $lonhostnamecertstatus = "status: $data[1]"; |
|
| } |
|
| } |
|
| } else { |
|
| $sslstatus{$key} = 0; |
|
| print "$ssldesc{$key} $perlvarstatic{$sslnames{$key}} not available\n"; |
|
| if (($key eq 'host') || ($key eq 'hostname')) { |
|
| my $csr = $perlvarstatic{$sslnames{$key}}; |
|
| $csr =~s /\.pem$/.csr/; |
|
| my $csrstatus; |
|
| if (-e "$perlvarstatic{'lonCertificateDirectory'}/$csr") { |
|
| open(PIPE,"openssl req -text -noout -verify -in $perlvarstatic{'lonCertificateDirectory'}/$csr 2>&1 |"); |
|
| while(<PIPE>) { |
|
| chomp(); |
|
| $csrstatus = $_; |
|
| last; |
|
| } |
|
| close(PIPE); |
|
| print "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
|
| if ($key eq 'host') { |
|
| $lonhostcertstatus = 'awaiting signature'; |
|
| } else { |
|
| $lonhostnamecertstatus = 'awaiting signature'; |
|
| } |
|
| $sslstatus{$key} = 3; |
|
| } else { |
|
| print "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
| if ($key eq 'host') { |
|
| $lonhostcertstatus = 'still needed'; |
|
| } else { |
|
| $lonhostnamecertstatus = 'still needed'; |
|
| } |
|
| } |
|
| } elsif ($key eq 'key') { |
|
| $lonkeystatus = 'still needed'; |
|
| } |
|
| } |
|
| } |
|
| } |
|
| } |
|
| } |
} |
| |
|
| while (!$flag) { |
while (!$flag) { |
|
Line 1504 This is now the current configuration of
|
Line 1639 This is now the current configuration of
|
| 11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds) |
11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds) |
| 12) Server Load: $perlvar{'lonLoadLim'} |
12) Server Load: $perlvar{'lonLoadLim'} |
| 13) User Load: $perlvar{'lonUserLoadLim'} |
13) User Load: $perlvar{'lonUserLoadLim'} |
| 14) Allow only secure connections: $securestatus |
14) LON-CAPA "internal" connections: $securestatus |
| 15) Private Key for SSL: $lonkeystatus |
15) Private Key for SSL: $lonkeystatus |
| 16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
| 17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
Line 1513 END
|
Line 1648 END
|
| |
|
| my @error; |
my @error; |
| foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
| if (length($v)>35) { push(@error,"Name $v too long"); } |
if (length($v)>35) { push(@error,"Name $v too long"); } |
| if (length($v)<2) { push(@error,"Name $v too short"); } |
if (length($v)<2) { push(@error,"Name $v too short"); } |
| if ($v=~/capa/i) { |
if ($v=~/capa/i) { |
| if ($v!~/^oucapa\d+$/ && |
if ($v!~/^oucapa\d+$/ && |
| ($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
|
Line 1550 if (!defined($intdom)) {
|
Line 1685 if (!defined($intdom)) {
|
| } |
} |
| |
|
| if (!defined($primaryLibServer)) { |
if (!defined($primaryLibServer)) { |
| if (@libservers > 0) { |
if (@libservers > 0) { |
| push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers))); |
push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers))); |
| } else { |
} else { |
| push(@error,"No library servers in this domain (including current server)"); |
push(@error,"No library servers in this domain (including current server)"); |
| } |
} |
| } else { |
} else { |
| if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID: $primaryLibServer too long"); } |
if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID: $primaryLibServer too long"); } |
| if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID: $primaryLibServer too short"); } |
if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID: $primaryLibServer too short"); } |
| if ($primaryLibServer =~/capa/i) { |
if ($primaryLibServer =~/capa/i) { |
| if ($primaryLibServer!~/^oucapa\d+$/ && |
if ($primaryLibServer!~/^oucapa\d+$/ && |
| ($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
|
Line 1573 if (!defined($primaryLibServer)) {
|
Line 1708 if (!defined($primaryLibServer)) {
|
| |
|
| |
|
| my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
| $certsdir = $perlvarstatic{'lonCertificateDirectory'}; |
$certsdir = $perlvarstatic->{'lonCertificateDirectory'}; |
| $privkey = $perlvarstatic{'lonnetPrivateKey'}; |
$privkey = $perlvarstatic->{'lonnetPrivateKey'}; |
| $connectcsr = $perlvarstatic{'lonnetCertificate'}; |
$connectcsr = $perlvarstatic->{'lonnetCertificate'}; |
| $connectcsr =~ s/\.pem$/.csr/; |
$connectcsr =~ s/\.pem$/.csr/; |
| $replicatecsr = $perlvarstatic{'lonnetHostnameCertificate'}; |
$replicatecsr = $perlvarstatic->{'lonnetHostnameCertificate'}; |
| $replicatecsr =~ s/\.pem$/.csr/; |
$replicatecsr =~ s/\.pem$/.csr/; |
| |
|
| if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; } |
if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; } |
|
Line 1648 END
|
Line 1783 END
|
| my $choice2=<>; |
my $choice2=<>; |
| chomp($choice2); |
chomp($choice2); |
| $perlvar{'lonAdmEMail'}=$choice2; |
$perlvar{'lonAdmEMail'}=$choice2; |
| |
$adminmail=$perlvar{'lonAdmEMail'}; |
| } |
} |
| } |
} |
| elsif ($choice==6) { |
elsif ($choice==6) { |
| if ($setbygui{'lonAdmEMail'}) { |
if ($setbygui{'lonSupportEMail'}) { |
| print(<<END); |
print(<<END); |
| 6) Support E-mail Address: $supportmail |
6) Support E-mail Address: $supportmail |
| Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
Line 1664 END
|
Line 1800 END
|
| my $choice2=<>; |
my $choice2=<>; |
| chomp($choice2); |
chomp($choice2); |
| $perlvar{'lonSupportEMail'}=$choice2; |
$perlvar{'lonSupportEMail'}=$choice2; |
| |
$supportmail=$perlvar{'lonSupportEMail'}; |
| } |
} |
| } |
} |
| elsif ($choice==7) { |
elsif ($choice==7) { |
|
Line 1771 END
|
Line 1908 END
|
| ($securestatus,$securenum)=&securesetting(%perlvar); |
($securestatus,$securenum)=&securesetting(%perlvar); |
| } |
} |
| } elsif ($choice==15) { |
} elsif ($choice==15) { |
| #$sslstatus{'key'}; |
if ($sslstatus{'key'} == 1) { |
| print(<<END); |
print(<<END); |
| 15) Private Key for SSL: $lonkeystatus |
15) Private Key for SSL: $lonkeystatus |
| |
|
| POSSIBLE CHOICES: |
POSSIBLE CHOICES: |
| 1) overwrite existing key |
1) overwrite existing key |
| 2) create new key for use later |
2) make no change |
| 3) make no change |
|
| ENTER NEW VALUE |
ENTER NEW VALUE |
| END |
END |
| my $choice2=<>; |
my $choice2=<>; |
| chomp($choice2); |
chomp($choice2); |
| |
if ($choice2 eq '1') { |
| |
my $sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
} |
| |
} elsif ($sslstatus{'key'} == 0) { |
| |
print(<<END); |
| |
15) Private Key for SSL: $lonkeystatus |
| |
END |
| |
my $sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| |
if (ref($sslref) eq 'HASH') { |
| |
%sslstatus = %{$sslref}; |
| |
} |
| |
} |
| } elsif ($choice==16) { |
} elsif ($choice==16) { |
| #$sslstatus{'host'}; |
if (($sslstatus{'host'} == 1) || ($sslstatus{'host'} == 2) || ($sslstatus{'host'} == 3)) { |
| print(<<END); |
print(<<END); |
| 16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
| |
|
| POSSIBLE CHOICES: |
POSSIBLE CHOICES: |
|
Line 1795 POSSIBLE CHOICES:
|
Line 1948 POSSIBLE CHOICES:
|
| 4) make no change |
4) make no change |
| ENTER NEW VALUE |
ENTER NEW VALUE |
| END |
END |
| my $choice2=<>; |
|
| chomp($choice2); |
my $choice2=<>; |
| |
chomp($choice2); |
| |
if (($choice2 eq '1') || ($choice2 eq '2')) { |
| |
&ssl_info(); |
| |
my $country = &get_country($desiredhostname); |
| |
my $state = &get_state(); |
| |
my $city = &get_city(); |
| |
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
| |
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
| |
my $sslkeypass; |
| |
if ($choice2 eq '1') { |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
} elsif ($choice2 eq '2') { |
| |
$sslkeypass = &get_password('Enter existing password for SSL key'); |
| |
&encrypt_key($certsdir,$privkey,$sslkeypass); |
| |
} |
| |
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
| |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| |
if (ref($sslref) eq 'HASH') { |
| |
%sslstatus = %{$sslref}; |
| |
} |
| |
} elsif ($choice2 eq '3') { |
| |
if (-e "$certsdir/$connectcsr") { |
| |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
} |
| |
} |
| |
} elsif (($sslstatus{'host'} == 0) || ($sslstatus{'host'} == 4) || ($sslstatus{'host'} == 5)) { |
| |
my $sslkeypass; |
| |
if ($sslstatus{'key'} == 1) { |
| |
print(<<END); |
| |
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
| |
|
| |
POSSIBLE CHOICES: |
| |
1) create new certificate signing request with new key |
| |
2) create new certificate signing request with existing key |
| |
3) make no change |
| |
ENTER NEW VALUE |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
if ($choice2 eq '1') { |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
} elsif ($choice2 eq '2') { |
| |
$sslkeypass = &get_password('Enter existing password for SSL key'); |
| |
&encrypt_key($certsdir,$privkey,$sslkeypass); |
| |
} |
| |
} else { |
| |
print(<<END); |
| |
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
| |
END |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
} |
| |
&ssl_info(); |
| |
my $country = &get_country($desiredhostname); |
| |
my $state = &get_state(); |
| |
my $city = &get_city(); |
| |
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
| |
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
| |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| |
if (ref($sslref) eq 'HASH') { |
| |
%sslstatus = %{$sslref}; |
| |
} |
| |
} |
| } elsif ($choice==17) { |
} elsif ($choice==17) { |
| #$sslstatus{'hostname'} |
if (($sslstatus{'hostname'} == 1) || ($sslstatus{'hostname'} == 2) || ($sslstatus{'hostname'} == 3)) { |
| print(<<END); |
print(<<END); |
| 17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
| |
|
| POSSIBLE CHOICES: |
POSSIBLE CHOICES: |
|
Line 1809 POSSIBLE CHOICES:
|
Line 2032 POSSIBLE CHOICES:
|
| 4) make no change |
4) make no change |
| ENTER NEW VALUE |
ENTER NEW VALUE |
| END |
END |
| my $choice2=<>; |
my $choice2=<>; |
| chomp($choice2); |
chomp($choice2); |
| |
if (($choice2 eq '1') || ($choice2 eq '2')) { |
| |
&ssl_info(); |
| |
my $country = &get_country($desiredhostname); |
| |
my $state = &get_state(); |
| |
my $city = &get_city(); |
| |
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
| |
my $sslkeypass; |
| |
if ($choice2 eq '1') { |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
} elsif ($choice2 eq '2') { |
| |
$sslkeypass = &get_password('Enter existing password for SSL key'); |
| |
&encrypt_key($certsdir,$privkey,$sslkeypass); |
| |
} |
| |
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
| |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| |
if (ref($sslref) eq 'HASH') { |
| |
%sslstatus = %{$sslref}; |
| |
} |
| |
} elsif ($choice2 eq '3') { |
| |
if (-e "$certsdir/$replicatecsr") { |
| |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
} |
| |
} |
| |
} elsif (($sslstatus{'hostname'} == 0) || ($sslstatus{'hostname'} == 4) || ($sslstatus{'hostname'} == 5)) { |
| |
my $sslkeypass; |
| |
if ($sslstatus{'key'} == 1) { |
| |
print(<<END); |
| |
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
| |
|
| |
POSSIBLE CHOICES: |
| |
1) create new certificate signing request with new key |
| |
2) create new certificate signing request with existing key |
| |
3) make no change |
| |
ENTER NEW VALUE |
| |
END |
| |
my $choice2=<>; |
| |
chomp($choice2); |
| |
if ($choice2 eq '1') { |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
&make_key($certsdir,$privkey,$sslkeypass); |
| |
} elsif ($choice2 eq '2') { |
| |
$sslkeypass = &get_password('Enter existing password for SSL key'); |
| |
&encrypt_key($certsdir,$privkey,$sslkeypass); |
| |
} |
| |
} else { |
| |
print(<<END); |
| |
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
| |
END |
| |
$sslkeypass = &get_new_sslkeypass(); |
| |
} |
| |
&ssl_info(); |
| |
my $country = &get_country($desiredhostname); |
| |
my $state = &get_state(); |
| |
my $city = &get_city(); |
| |
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
| |
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
| |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
| |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
| |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
| |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
| |
if (ref($sslref) eq 'HASH') { |
| |
%sslstatus = %{$sslref}; |
| |
} |
| |
} |
| } elsif (($choice==18) && (!@error)) { |
} elsif (($choice==18) && (!@error)) { |
| $flag=1; |
$flag=1; |
| } else { |
} else { |
|
Line 1826 END
|
Line 2117 END
|
| if ($value eq '') { |
if ($value eq '') { |
| $line = '#'.$line; |
$line = '#'.$line; |
| } |
} |
| print(OUT <<END) unless $perlvarstatic{$key}; |
print(OUT <<END) unless ($perlvarstatic->{$key}); |
| $line |
$line |
| END |
END |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to updatequery.piml CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / loncapafiles