Diff for /loncom/CrGrant.pl between versions 1.2 and 1.3

version 1.2, 2004/07/05 11:37:39 version 1.3, 2004/07/06 11:05:45
Line 66 Line 66
 # Import section:  # Import section:
   
 use strict;  use strict;
 use lib '/home/httpd/lib/perl';  use lib '/home/httpd/lib/perl'; # An assumption!!!
 use MIME::Entity;  use MIME::Entity;
 use LONCAPA::Configuration;  use LONCAPA::Configuration;
   
Line 74  use LONCAPA::Configuration; Line 74  use LONCAPA::Configuration;
   
 # Global variable declarations  # Global variable declarations
   
 my $ssl_command   = "/usr/bin/openssl "; # Command to run openssl.  
 my $ssl_dir       = "/usr/share/ssl";    # Where ssl config files etc. live  my $ssl_dir       = "/usr/share/ssl";    # Where ssl config files etc. live
 my $ca_cert_file  = $ssl_dir."/loncapa/cacert.pem"; # CA's certificate file.  my $ca_cert_file  = $ssl_dir."/loncapaca/cacert.pem"; # CA's certificate file.
 my $ca_config_file= $ssl_dir."/loncapaca.cnf";      # CA's config file.   my $ca_config_file= $ssl_dir."/loncapaca.cnf";      # CA's config file. 
   
    
   #   LONCAPA Configuration global variables:
   
   # Items read from our configuration file.
   
   my $ssl_command   = "/usr/bin/openssl "; # Command to run openssl.
   my $loncapa_cert_dir; # Name of target cert dir (from config)
   my $loncapa_hostcert_name; # Name of host's signed cert file (config)
   my $loncapa_cacert_name;        # Name of the CA's certificate file (config)
   
   #  Items I just need to know:
   
   my $loncapa_config = "loncapa.conf";   # User's override config file.
   my $loncapa_apache_user = 'www'; # Name of apache daemon's user
   my $loncapa_apache_group = 'www'; # Name of apache daemon's group
   
   
   
 # Debug/log support  # Debug/log support
   
Line 111  Where: Line 127  Where:
 USAGE  USAGE
   
 }  }
   #
   #  Read the loncapa configuration file and pull out the items
   #  we need:
   #
   # Implicit inputs:
   #   $loncapa_config   - The name of the auxilliary config file.
   # Side effects:
   #    - On failure exits with an error message.
   #    - On success set the following variables:
   #      o loncapa_cert_dir      - Path to certificates.
   #      o loncapa_hostcert_name - Name of host's cert file in that dir
   #      o loncapa_cacert_name   - Name of CA's cert file in that dir.
   #      o ssl_command           - Name of ssl utility command.
   sub ReadConfig {
       Debug("Reading the config files");
       my $perlvarref = LONCAPA::Configuration::read_conf($loncapa_config);
   
       #  Pull out the individual variables or die:
   
       # SSL Command:
   
       if($perlvarref->{SSLProgram}) {
    $ssl_command = $perlvarref->{SSLProgram};
    Debug("SSL utility program is $ssl_command");
       } 
       else {
    die "LonCAPA configuration errror: Can't read SSLProgram variable";
       }
       # Certificate directory:
      
       if($perlvarref->{lonCertificateDirectory}) {
    $loncapa_cert_dir = $perlvarref->{lonCertificateDirectory};
    Debug("Certificates will be installed in $loncapa_cert_dir");
       } 
       else {
    die "LonCAPA configuration error can't read lonCertificateDirectory variable";
   
       }
       #  Get the name of the host's certificate:
   
       if($perlvarref->{lonnetCertificate}) {
    $loncapa_hostcert_name = $perlvarref->{lonnetCertificate};
    Debug("Host's certificate will be $loncapa_hostcert_name");
       }
       else {
    die "LonCAPA configuration error: Can't read lonnetCertificate variable";
       }
       #   Get the name of the certificate authority's certificate.
   
       if($perlvarref->{lonnetCertificateAuthority}) {
    $loncapa_cacert_name = $perlvarref->{lonnetCertificateAuthority};
    Debug("CA's certificate will be $loncapa_cacert_name");
       }
       else {
    die "LonCAPA configuration error: Can't read lonnetCertificateAuthority variable";
       }
   
   
   }
   
 #  Create a certificate from the request file.  The certificate  #  Create a certificate from the request file.  The certificate
 #  is used, in conjunction with the openssl command with the   #  is used, in conjunction with the openssl command with the 
 #  certificate authority configuration to produce a certificate  #  certificate authority configuration to produce a certificate
Line 214  sub CreateCertificate { Line 290  sub CreateCertificate {
     return $address;      return $address;
   
 }  }
 sub CreateInstallScript {}  #
   #   Create the installation script.  This will be  bash script
   #   that will install the certifiate and the CA's certificate with ownership
   #   WebUser:WebGroup and permissions 0400.  I thought about using a perl
   #   script in order to be able to get the certificate file/directory from
   #   the configuration files.  Unfortunately this is not as easy as it looks.
   #   Root has a chicken and egg problem.  In order to read the config file
   #   you need to have added the ..../lib/perl to the perl lib path. To do
   #   that correctly, you need to have read the config file to know where
   #   it is...What we will do is read our local configuration file and
   #   assume that our configuration is the same as the target's system in
   #   all respects we care about.
   # Implicit Inputs:
   #    - Bash is in /bin/bash
   #    - $loncapa_cert_dir             -  install target directory.
   #    - $loncapa_hostcert_name        -  Name of installed host cert file.
   #    - $loncapa_cacert_name          -  Name of installed ca cert file.
   #    - $loncapa_apache_user          -  username under which httpd runs.
   #    - $loncapa_apache_group         -  group under which httpd runs.
   #    - 0400                          -  install permissions.
   #    - The host's certificate is now in ./hostCertificate.pem
   #    - The CA's certificate is now in  $ca_cert_file
   #
   # Implicit Outputs:
   #    A file named CertInstall.sh
   #
   sub CreateInstallScript {
       open INSTALLER,">CertInstall.sh";
       print INSTALLER <<BASH_HEADER;
   #!/bin/bash
   #
   #    Installer for your lonCAPA certificates.  Please check the
   #    configuration variables to be sure they match your installation.
   #    Then run this script under a root shell to complete the 
   #    installation of the certificates.
   #
   # Configuration Variables:
   CERTDIR="$loncapa_cert_dir"        # Directory with your host key.
   HOSTCERT="$loncapa_hostcert_name"   # Name of host's certificate file.
   CACERT="$loncapa_cacert_name"     # Name of certifiate authority file.
   HTTPDUID="$loncapa_apache_user"     # UID of httpd.
   HTTPDGID="$loncapa_apache_group"    # GID of httpd.
   
   #   End of configuration variables.
   
   MODE=0444                           # certificates get this mode.
   HOSTCERTPATH="\$CERTDIR/\$HOSTCERT"
   CACERTPATH="\$CERTDIR/\$CACERT"
   
   #  Create the host certificate file to install:
   
   echo unpacking host certificate
   
   cat <<-HOSTCERTTEXT   >\$HOSTCERT
   BASH_HEADER
   
       #   Now copy the host certificate into the script:
   
       open HOSTCERT, "<hostCertificate.pem";
       while(my $line = <HOSTCERT>) {
    print INSTALLER $line; # Line presumably has a \n.
       }
       close HOSTCERT;
   
       #  Close the here doc, and start up the cat of the ca cert:
   
       print INSTALLER "HOSTCERTTEXT\n";
       print INSTALLER "echo unpacking CA certificate\n";
       print INSTALLER "cat <<-CACERTTEXT >\$CACERT\n";
       open  CACERT, "<$ca_cert_file";
       while(my $line = <CACERT>) {
    print INSTALLER $line;
       }
       close CACERT;
       print INSTALLER "CACERTTEXT\n";
   
       #  Ok, the script can create the two files, now it must install
       # install them >and< clean up after itself.
   
       print INSTALLER <<BASH_TRAILER;
   
   echo Installing certificates
   
   install -m \$MODE -o \$HTTPDUID -g \$HTTPDGID \$CACERT \$CACERTPATH
   install -m \$MODE -o \$HTTPDUID -g \$HTTPDGID \$HOSTCERT \$HOSTCERTPATH
   
   echo done
   
   # rm -f \$CACERT
   # rm -f \$HOSTCERT
   
   #    Do they want to restart loncapa:
   #
   
   echo In order to start running in secure mode you will need to start
   echo lonCAPA.  If you want I can do that now for you.  Otherwise,
   echo you will have to do it yourself later either by rebooting your
   echo system or by typing:
   echo
   echo /etc/init.d/loncontrol restart
   echo
   read -p "Restart loncapa now [yN]?"  yesno
   
   if [ "{\$yesno:0:1}" = "Y" ] 
   then
      /etc/init.d/loncontrol restart
   fi
   BASH_TRAILER
   
       close INSTALLER;
   }
   
 sub CreateEmail {  sub CreateEmail {
     return "Dummy message"; # Stub.      return "Dummy message"; # Stub.
Line 238  if($argc != 1) { Line 424  if($argc != 1) {
 }  }
 my $CertificateRequest = $ARGV[0];  my $CertificateRequest = $ARGV[0];
   
 my $email_address = CreateCertificate($CertificateRequest);  &ReadConfig;
   
   my $email_address = &CreateCertificate($CertificateRequest);
   Debug("CreateCertificate returned: $email_address");
   
 if(!defined $email_address) {  if(!defined $email_address) {
     print STDERR "Bad or missing certificate file!!";      print STDERR "Bad or missing certificate file!!";
Line 246  if(!defined $email_address) { Line 435  if(!defined $email_address) {
     exit -1;      exit -1;
 }  }
   
 CreateInstallScript;  &CreateInstallScript;
 my $Message = CreateEmail;  my $Message = &CreateEmail;
 SendEmail($email_address, $Message);  &SendEmail($email_address, $Message);
 Cleanup;  &Cleanup;
   
 # POD documentation.  # POD documentation.

Removed from v.1.2  
changed lines
  Added in v.1.3


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>