version 1.84.2.1, 2018/09/02 16:25:31
|
version 1.97, 2024/06/20 04:04:55
|
Line 34 http://www.lon-capa.org/
|
Line 34 http://www.lon-capa.org/
|
<perlscript mode='fg'> |
<perlscript mode='fg'> |
$|=1; |
$|=1; |
use strict; |
use strict; |
|
use lib '/home/httpd/lib/perl/'; |
|
use LONCAPA::Configuration; |
|
use LONCAPA::Lond; |
|
use LONCAPA::SSL; |
|
use LONCAPA; |
|
use GDBM_File; |
|
use Storable qw(thaw); |
|
use Term::ReadKey; |
|
use Locale::Country; |
|
|
|
sub get_new_sslkeypass { |
|
my $sslkeypass; |
|
my $flag=0; |
|
# get Password for SSL key |
|
while (!$flag) { |
|
$sslkeypass = &make_passphrase(); |
|
if ($sslkeypass) { |
|
$flag = 1; |
|
} else { |
|
print "Invalid input (a password is required for the SSL key).\n"; |
|
} |
|
} |
|
return $sslkeypass; |
|
} |
|
|
|
sub get_static_config { |
|
# get LCperlvars from loncapa_apache.conf |
|
my $confdir = '/etc/httpd/conf/'; |
|
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10'> || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
|
$confdir = '/etc/apache2/'; |
|
} |
|
my $filename='loncapa_apache.conf'; |
|
my %LCperlvar; |
|
if (-e "$confdir$filename") { |
|
open(CONFIG,'<'.$confdir.$filename) or die("Can't read $confdir$filename"); |
|
while (my $configline=<CONFIG>) { |
|
if ($configline =~ /^[^\#]?PerlSetVar/) { |
|
my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
|
chomp($varvalue); |
|
$LCperlvar{$varname}=$varvalue; |
|
} |
|
} |
|
close(CONFIG); |
|
} |
|
return \%LCperlvar; |
|
} |
|
|
|
sub get_domain_config { |
|
my ($dom,$primaryserver,$isprimary,$url,$perlvarref) = @_; |
|
my %confhash; |
|
if ($isprimary) { |
|
if (ref($perlvarref) eq 'HASH') { |
|
my $lonusersdir = $perlvarref->{'lonUsersDir'}; |
|
my $fname = $lonusersdir.'/'.$dom.'/configuration.db'; |
|
if (-e $fname) { |
|
my $dbref=&LONCAPA::locking_hash_tie($fname,&GDBM_READER()); |
|
if (ref($dbref) eq 'HASH') { |
|
foreach my $key (sort(keys(%{$dbref}))) { |
|
my $value = $dbref->{$key}; |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$key} = $value; |
|
} |
|
&LONCAPA::locking_hash_untie($dbref); |
|
} |
|
} |
|
} |
|
} else { |
|
if (open(PIPE,"wget --no-check-certificate '$url?primary=$primaryserver&format=raw' |")) { |
|
my $config = ''; |
|
while (<PIPE>) { |
|
$config .= $_; |
|
} |
|
close(PIPE); |
|
if ($config) { |
|
my @pairs=split(/\&/,$config); |
|
foreach my $item (@pairs) { |
|
my ($key,$value)=split(/=/,$item,2); |
|
my $what = &LONCAPA::unescape($key); |
|
if ($value =~ s/^__FROZEN__//) { |
|
$value = thaw(&LONCAPA::unescape($value)); |
|
} else { |
|
$value = &LONCAPA::unescape($value); |
|
} |
|
$confhash{$what}=$value; |
|
} |
|
} |
|
} |
|
} |
|
return (\%confhash); |
|
} |
|
|
|
sub make_passphrase { |
|
my ($got_passwd,$firstpass,$secondpass,$passwd); |
|
my $maxtries = 10; |
|
my $trial = 0; |
|
while ((!$got_passwd) && ($trial < $maxtries)) { |
|
$firstpass = &get_password('Enter a password for the SSL key (at least 6 characters long)'); |
|
if (length($firstpass) < 6) { |
|
print('Password too short.'."\n". |
|
'Please choose a password with at least six characters.'."\n". |
|
'Please try again.'."\n"); |
|
} elsif (length($firstpass) > 30) { |
|
print('Password too long.'."\n". |
|
'Please choose a password with no more than thirty characters.'."\n". |
|
'Please try again.'."\n"); |
|
} else { |
|
my $pbad=0; |
|
foreach (split(//,$firstpass)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
|
if ($pbad) { |
|
print('Password contains invalid characters.'."\n". |
|
'Password must consist of standard ASCII characters.'."\n". |
|
'Please try again.'."\n"); |
|
} else { |
|
$secondpass = &get_password('Enter password a second time'); |
|
if ($firstpass eq $secondpass) { |
|
$got_passwd = 1; |
|
$passwd = $firstpass; |
|
} else { |
|
print('Passwords did not match.'."\n". |
|
'Please try again.'."\n"); |
|
} |
|
} |
|
} |
|
$trial ++; |
|
} |
|
return $passwd; |
|
} |
|
|
|
sub get_password { |
|
my ($prompt) = @_; |
|
local $| = 1; |
|
print $prompt.': '; |
|
my $newpasswd = ''; |
|
ReadMode 'raw'; |
|
my $key; |
|
while(ord($key = ReadKey(0)) != 10) { |
|
if(ord($key) == 127 || ord($key) == 8) { |
|
chop($newpasswd); |
|
print "\b \b"; |
|
} elsif(!ord($key) < 32) { |
|
$newpasswd .= $key; |
|
print '*'; |
|
} |
|
} |
|
ReadMode 'normal'; |
|
print "\n"; |
|
return $newpasswd; |
|
} |
|
|
|
sub send_mail { |
|
my ($hostname,$recipient,$subj,$file) = @_; |
|
my $from = 'www@'.$hostname; |
|
my $certmail = "To: $recipient\n". |
|
"From: $from\n". |
|
"Subject: ".$subj."\n". |
|
"Content-type: text/plain\; charset=UTF-8\n". |
|
"MIME-Version: 1.0\n\n"; |
|
if (open(my $fh,"<$file")) { |
|
while (<$fh>) { |
|
$certmail .= $_; |
|
} |
|
close($fh); |
|
$certmail .= "\n\n"; |
|
if (open(my $mailh, "|/usr/lib/sendmail -oi -t -odb")) { |
|
print $mailh $certmail; |
|
close($mailh); |
|
print "Mail sent ($subj) to $recipient\n"; |
|
} else { |
|
print "Sending mail ($subj) to $recipient failed.\n"; |
|
} |
|
} |
|
return; |
|
} |
|
|
|
sub mail_csr { |
|
my ($types,$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarref) = @_; |
|
my ($camail,$flag); |
|
if ($lonCluster eq 'production' || $lonCluster eq 'development') { |
|
$camail = $perlvarref->{'SSLEmail'}; |
|
} else { |
|
$flag=0; |
|
# get Certificate Authority E-mail |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER EMAIL ADDRESS TO SEND CERTIFICATE SIGNING REQUESTS |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'Certificate Authority Email Address'."\t".$choice."\n"); |
|
close(OUT); |
|
$camail=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (an email address is required).\n"; |
|
} |
|
} |
|
} |
|
if ($camail) { |
|
my $subj; |
|
if (($types eq 'both') || ($types = 'host')) { |
|
if (-e "$certsdir/$connectcsr") { |
|
$subj = "Certificate Request ($lonHostID)"; |
|
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$connectcsr")); |
|
} |
|
} |
|
if (($types eq 'both') || ($types = 'hostname')) { |
|
if (-e "$certsdir/$replicatecsr") { |
|
$subj = "Certificate Request (internal-$desiredhostname)"; |
|
print(&send_mail($desiredhostname,$camail,$subj,"$certsdir/$replicatecsr")); |
|
} |
|
} |
|
} |
|
} |
|
|
|
sub ssl_info { |
|
print(<<END); |
|
|
|
****** Information about Country, State or Province and City ***** |
|
|
|
A two-letter country code, e.g., US, CA, DE etc. as defined by ISO 3166, |
|
is required. A state or province, and a city are also required. |
|
This locality information is included in two SSL certificates used internally |
|
by LON-CAPA, unless you are running standalone. |
|
|
|
If your server will be part of either the production or development |
|
clusters, then the certificate will need to be signed by the official |
|
LON-CAPA Certificate Authority (CA). If you will be running your own |
|
cluster then the cluster will need to create its own CA. |
|
|
|
END |
|
} |
|
|
|
sub get_country { |
|
my ($desiredhostname) = @_; |
|
# get Country |
|
my ($posscountry,$country); |
|
if ($desiredhostname =~ /\.(edu|com|org)$/) { |
|
$posscountry = 'us'; |
|
} else { |
|
($posscountry) = ($desiredhostname =~ /\.(a-z){2}$/); |
|
} |
|
if ($posscountry) { |
|
my $countrydesc = &Locale::Country::code2country($posscountry); |
|
if ($countrydesc eq '') { |
|
undef($posscountry); |
|
} |
|
} |
|
|
|
my $flag=0; |
|
while (!$flag) { |
|
if ($posscountry) { |
|
$posscountry = uc($posscountry); |
|
print "ENTER TWO-LETTER COUNTRY CODE [$posscountry]:\n"; |
|
} else { |
|
print "ENTER TWO-LETTER COUNTRY CODE:\n"; |
|
} |
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
if (&Locale::Country::code2country(lc($choice))) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'country'."\t".uc($choice)."\n"); |
|
close(OUT); |
|
$country=uc($choice); |
|
$flag=1; |
|
} else { |
|
print "Invalid input -- a valid two letter country code is required\n"; |
|
} |
|
} elsif (($choice eq '') && ($posscountry ne '')) { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'country'."\t".$posscountry."\n"); |
|
close(OUT); |
|
$country = $posscountry; |
|
$flag = 1; |
|
} else { |
|
print "Invalid input -- a country code is required\n"; |
|
} |
|
} |
|
return $country; |
|
} |
|
|
|
sub get_state { |
|
# get State or Province |
|
my $flag=0; |
|
my $state = ''; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER STATE OR PROVINCE NAME: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'state'."\t".$choice."\n"); |
|
close(OUT); |
|
$state=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (a state or province name is required).\n"; |
|
} |
|
} |
|
return $state; |
|
} |
|
|
|
sub get_city { |
|
# get City |
|
my $flag=0; |
|
my $city = ''; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
ENTER CITY NAME: |
|
END |
|
|
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice ne '') { |
|
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
|
print(OUT 'city'."\t".$choice."\n"); |
|
close(OUT); |
|
$city=$choice; |
|
$flag=1; |
|
} else { |
|
print "Invalid input (a city is required).\n"; |
|
} |
|
} |
|
return $city; |
|
} |
|
|
|
sub confirm_locality { |
|
my ($domainDescription,$country,$state,$city) = @_; |
|
my $flag = 0; |
|
while (!$flag) { |
|
print(<<END); |
|
|
|
The domain description, country, state and city will be |
|
used in the SSL certificates |
|
|
|
1) Domain Description: $domainDescription |
|
2) Country: $country |
|
3) State or Province: $state |
|
4) City: $city |
|
5) Everything is correct up above |
|
|
|
ENTER A CHOICE OF 1-4 TO CHANGE, otherwise ENTER 5: |
|
END |
|
my $choice=<>; |
|
chomp($choice); |
|
if ($choice == 1) { |
|
print(<<END); |
|
1) Domain Description: $domainDescription |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$domainDescription=$choice2; |
|
} elsif ($choice == 2) { |
|
print(<<END); |
|
2) Country: $country |
|
ENTER NEW VALUE (this should be a two-character code, e,g, US, CA, DE) |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$country = uc($choice2); |
|
} elsif ($choice == 3) { |
|
print(<<END); |
|
3) State or Province: $state |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$state=$choice2; |
|
} elsif ($choice == 4) { |
|
print(<<END); |
|
4) City: $city |
|
ENTER NEW VALUE: |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
$city=$choice2; |
|
} elsif ($choice == 5) { |
|
$flag=1; |
|
$state =~ s{/}{ }g; |
|
$city =~ s{/}{ }g; |
|
$domainDescription =~ s{/}{ }g; |
|
} else { |
|
print "Invalid input.\n"; |
|
} |
|
} |
|
return ($domainDescription,$country,$state,$city); |
|
} |
|
|
|
sub make_key { |
|
my ($certsdir,$privkey,$sslkeypass) = @_; |
|
# generate SSL key |
|
if ($certsdir && $privkey) { |
|
if (-f "$certsdir/lonKey.enc") { |
|
my $mode = 0600; |
|
chmod $mode, "$certsdir/lonKey.enc"; |
|
} |
|
open(PIPE,"openssl genrsa -des3 -passout pass:$sslkeypass -out $certsdir/lonKey.enc 2048 2>&1 |"); |
|
close(PIPE); |
|
if (-f "$certsdir/$privkey") { |
|
my $mode = 0600; |
|
chmod $mode, "$certsdir/$privkey"; |
|
} |
|
open(PIPE,"openssl rsa -in $certsdir/lonKey.enc -passin pass:$sslkeypass -out $certsdir/$privkey -outform PEM |"); |
|
close(PIPE); |
|
if (-f "$certsdir/lonKey.enc") { |
|
my $mode = 0400; |
|
chmod $mode, "$certsdir/lonKey.enc"; |
|
} |
|
if (-f "$certsdir/$privkey") { |
|
my $mode = 0400; |
|
chmod $mode, "$certsdir/$privkey"; |
|
} |
|
} else { |
|
print "Key creation failed. Missing one or more of: certificates directory, key name\n"; |
|
} |
|
} |
|
|
|
sub encrypt_key { |
|
my ($certsdir,$privkey,$sslkeypass) = @_; |
|
if ($certsdir && $privkey) { |
|
if ((-f "$certsdir/$privkey") && (!-f "$certsdir/lonKey.enc")) { |
|
open(PIPE,"openssl rsa -des3 -in $certsdir/$privkey -out $certsdir/lonKey.enc |"); |
|
} |
|
} |
|
return; |
|
} |
|
|
|
sub make_host_csr { |
|
my ($certsdir,$sslkeypass,$connectcsr,$connectsubj) = @_; |
|
# generate SSL csr for hostID |
|
if ($certsdir && $connectcsr && $connectsubj) { |
|
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$connectsubj\" -out $certsdir/$connectcsr |"); |
|
close(PIPE); |
|
} else { |
|
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
|
} |
|
} |
|
|
|
sub make_hostname_csr { |
|
my ($certsdir,$sslkeypass,$replicatecsr,$replicatesubj) = @_; |
|
# generate SSL csr for internal hostname |
|
if ($certsdir && $replicatecsr && $replicatesubj) { |
|
open(PIPE,"openssl req -key $certsdir/lonKey.enc -passin pass:$sslkeypass -new -batch -subj \"$replicatesubj\" -out $certsdir/$replicatecsr |"); |
|
close(PIPE); |
|
} else { |
|
print "Creation of certificate signing request failed. Missing one or more of: certificates directory, CSR name, or locality information.\n"; |
|
} |
|
} |
|
|
|
sub securesetting { |
|
my (%perlvar) = @_; |
|
my ($securestatus,$securenum); |
|
if (($perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
|
$securenum = 4; |
|
$securestatus = 'Allow insecure connections - inbound and outbound'; |
|
} elsif (($perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
|
$securenum = 3; |
|
$securestatus = 'Outbound: allow insecure connections; Inbound: secure only'; |
|
} elsif ((!$perlvar{'loncAllowInsecure'}) && ($perlvar{'londAllowInsecure'})) { |
|
$securenum = 2; |
|
$securestatus = 'Outbound: secure connections only; Inbound: allow insecure'; |
|
} elsif ((!$perlvar{'loncAllowInsecure'}) && (!$perlvar{'londAllowInsecure'})) { |
|
$securenum = 1; |
|
$securestatus = 'Secure connections only - inbound and outbound '; |
|
} |
|
return ($securestatus,$securenum); |
|
} |
|
|
|
sub get_sslnames { |
|
my %sslnames = ( |
|
key => 'lonnetPrivateKey', |
|
host => 'lonnetCertificate', |
|
hostname => 'lonnetHostnameCertificate', |
|
ca => 'lonnetCertificateAuthority', |
|
); |
|
return %sslnames; |
|
} |
|
|
|
sub get_ssldesc { |
|
my %ssldesc = ( |
|
key => 'Private Key', |
|
host => 'Connections Certificate', |
|
hostname => 'Replication Certificate', |
|
ca => 'LON-CAPA CA Certificate', |
|
); |
|
return %ssldesc; |
|
} |
|
|
|
sub get_cert_status { |
|
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
|
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','install'); |
|
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
|
my $output = ''; |
|
if ($currcerts eq "$lonHostID:error") { |
|
$output .= "No information available for SSL certificates\n"; |
|
$sslstatus{'key'} = -1; |
|
$sslstatus{'host'} = -1; |
|
$sslstatus{'hostname'} = -1; |
|
$sslstatus{'ca'} = -1; |
|
$lonkeystatus = 'unknown status'; |
|
$lonhostcertstatus = 'unknown status'; |
|
$lonhostnamecertstatus = 'unknown status'; |
|
} else { |
|
my %sslnames = &get_sslnames(); |
|
my %ssldesc = &get_ssldesc(); |
|
my %csr; |
|
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
|
if ($lonhost eq $lonHostID) { |
|
my @items = split(/\&/,$info); |
|
foreach my $item (@items) { |
|
my ($key,$value) = split(/=/,$item,2); |
|
if ($key =~ /^(host(?:|name))\-csr$/) { |
|
$csr{$1} = $value; |
|
} |
|
my @data = split(/,/,$value); |
|
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
my ($checkcsr,$comparecsr); |
|
if (lc($data[0]) eq 'yes') { |
|
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
|
if ($key eq 'key') { |
|
$lonkeystatus = "status: $data[1]"; |
|
if ($data[1] =~ /ok$/) { |
|
$sslstatus{$key} = 1; |
|
} |
|
} else { |
|
my $setstatus; |
|
if (($key eq 'host') || ($key eq 'hostname')) { |
|
if ($data[1] eq 'otherkey') { |
|
$sslstatus{$key} = 4; |
|
$setstatus = 1; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: created with different key"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: created with different key"; |
|
} |
|
} elsif ($data[1] eq 'nokey') { |
|
$sslstatus{$key} = 5; |
|
$setstatus = 1; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: created with missing key"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: created with missing key"; |
|
} |
|
} |
|
if ($setstatus) { |
|
$comparecsr = 1; |
|
} |
|
} |
|
unless ($setstatus) { |
|
if ($data[1] eq 'expired') { |
|
$sslstatus{$key} = 2; |
|
} elsif ($data[1] eq 'future') { |
|
$sslstatus{$key} = 3; |
|
} else { |
|
$sslstatus{$key} = 1; |
|
} |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = "status: $data[1]"; |
|
} elsif ($key eq 'hostname') { |
|
$lonhostnamecertstatus = "status: $data[1]"; |
|
} |
|
} |
|
} |
|
} else { |
|
$sslstatus{$key} = 0; |
|
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
|
if ($key eq 'key') { |
|
$lonkeystatus = 'still needed'; |
|
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
|
$checkcsr = 1; |
|
} |
|
} |
|
if (($checkcsr) || ($comparecsr)) { |
|
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
|
$csrfile =~s /\.pem$/.csr/; |
|
my $csrstatus; |
|
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
|
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
|
while(<PIPE>) { |
|
chomp(); |
|
$csrstatus = $_; |
|
last; |
|
} |
|
close(PIPE); |
|
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
|
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'awaiting signature'; |
|
} else { |
|
$lonhostnamecertstatus = 'awaiting signature'; |
|
} |
|
$sslstatus{$key} = 3; |
|
} |
|
} elsif ($checkcsr) { |
|
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
|
} else { |
|
$lonhostnamecertstatus = 'still needed'; |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
} |
|
return ($output,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,\%sslstatus); |
|
} |
|
|
print(<<END); |
print(<<END); |
|
|
Line 50 use strict;
|
Line 672 use strict;
|
|
|
END |
END |
#sleep(3); |
#sleep(3); |
|
|
</perlscript> |
</perlscript> |
</file> |
</file> |
<file> |
<file> |
<target dist='default'>loncom/hosts.tab</target> |
<target dist='default'>../../loncom/hosts.tab</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
my $lonCluster; |
my $lonCluster; |
unless (-l "<TARGET />") { |
my $currCluster; |
print(<<END); |
|
|
if (-l "<TARGET />") { |
|
my $currlink = readlink("<TARGET />"); |
|
if ($currlink =~ /^new_(existing|standalone|development|production)_hosts\.tab$/) { |
|
$currCluster = $1; |
|
} |
|
my %clustertypes = ( |
|
production => 'PRODUCTION', |
|
standalone => 'STAND-ALONE', |
|
development => 'DEVELOPMENT', |
|
existing => 'RUNNING YOUR OWN CLUSTER', |
|
); |
|
if (($currCluster) && (exists($clustertypes{$currCluster}))) { |
|
print(<<END); |
|
|
|
The cluster type for this server is currently: $clustertypes{$currCluster} |
|
END |
|
|
|
} |
|
} |
|
|
|
print(<<END); |
|
|
=============================================================================== |
=============================================================================== |
|
|
Which cluster option would you like to have installed? |
Which cluster option would you like to have installed? |
IMPORTANT: to take advantage of the cluster options 1) and 3), |
IMPORTANT: to take advantage of the cluster options 1) and 3), |
you must contact loncapa\@loncapa.org. |
you must contact loncapa\@loncapa.org. |
Line 117 END
|
Line 762 END
|
$lonCluster='rawhide'; $flag=1; |
$lonCluster='rawhide'; $flag=1; |
} |
} |
} |
} |
} |
|
</perlscript> |
</perlscript> |
</file> |
</file> |
<file> |
<file> |
Line 130 my $primaryLibServer;
|
Line 774 my $primaryLibServer;
|
my $protocol; |
my $protocol; |
my $intdom; |
my $intdom; |
my $desiredhostname; |
my $desiredhostname; |
|
my $city; |
|
my $state; |
|
my $country; |
my @libservers = (); |
my @libservers = (); |
unless (-e "<TARGET />") { |
unless (-e "<TARGET />") { |
print(<<END); |
print(<<END); |
Line 139 If you have questions, please visit http
|
Line 786 If you have questions, please visit http
|
or contact helpdesk\@loncapa.org. |
or contact helpdesk\@loncapa.org. |
|
|
=============================================================================== |
=============================================================================== |
The following 8 values are needed to configure LON-CAPA: |
The following 10 values are needed to configure LON-CAPA: |
* Machine Role |
* Machine Role |
* LON-CAPA Domain Name |
* LON-CAPA Domain Name |
* LON-CAPA Machine ID Name |
* LON-CAPA Machine ID Name |
Line 148 The following 8 values are needed to con
|
Line 795 The following 8 values are needed to con
|
* Web Server Protocol |
* Web Server Protocol |
* Internet Domain Name of Your Institution |
* Internet Domain Name of Your Institution |
* Hostname |
* Hostname |
|
* City, State, Country for LON-CAPA SSL certificate |
|
* Password for key for creating SSL certificates |
=============================================================================== |
=============================================================================== |
|
|
In addition, a Support E-mail Address can also be included. If |
In addition, a Support E-mail Address can also be included. If |
Line 266 END
|
Line 915 END
|
close(OUT); |
close(OUT); |
$lonDefDomain=$choice; |
$lonDefDomain=$choice; |
$flag=1; |
$flag=1; |
} elsif (length($choice)>35) { |
} elsif (length($choice)>35) { |
print "Name too long\n"; |
print "Name too long\n"; |
} elsif (length($choice)<2) { |
} elsif (length($choice)<2) { |
print "Name too short\n"; |
print "Name too short\n"; |
} elsif ($bad_domain_flag) { |
} elsif ($bad_domain_flag) { |
print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
print "Invalid input ('$choice' conflicts with LON-CAPA namespace).\n"; |
Line 353 END
|
Line 1002 END
|
close(OUT); |
close(OUT); |
$lonHostID=$choice; |
$lonHostID=$choice; |
$flag=1; |
$flag=1; |
} elsif (length($choice)>45) { |
} elsif (length($choice)>45) { |
print "Name too long\n"; |
print "Name too long\n"; |
} elsif (length($choice)<4) { |
} elsif (length($choice)<4) { |
print "Name too short\n"; |
print "Name too short\n"; |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
Line 393 END
|
Line 1042 END
|
print(<<END); |
print(<<END); |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]: |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$primaryLibServer]: |
END |
END |
} elsif (@libservers > 0) { |
} elsif (@libservers > 0) { |
print(<<END); |
print(<<END); |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]] |
ENTER DOMAIN'S PRIMARY LIBRARY SERVER ID [$libservers[0]] |
END |
END |
Line 411 END
|
Line 1060 END
|
print(OUT 'primaryLibServer'."\t".$choice."\n"); |
print(OUT 'primaryLibServer'."\t".$choice."\n"); |
close(OUT); |
close(OUT); |
$flag=1; |
$flag=1; |
} elsif (length($choice)>35) { |
} elsif (length($choice)>35) { |
print "Name too long\n"; |
print "Name too long\n"; |
} elsif (length($choice)<4) { |
} elsif (length($choice)<4) { |
print "Name too short\n"; |
print "Name too short\n"; |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
} elsif ($choice!~/\_/ and $choice=~/^[\w\-.]+$/) { |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
open(OUT,'>>/tmp/loncapa_updatequery.out'); |
Line 434 my $lonAdmEMail;
|
Line 1083 my $lonAdmEMail;
|
while (!$flag) { |
while (!$flag) { |
print(<<END); |
print(<<END); |
|
|
**** Server Administrators E-mail **** |
**** Server Administrator's E-mail **** |
E-mail address of the person who will manage this machine |
E-mail address of the person who will manage this machine |
[should be in the form somebody\@somewhere] |
[should be in the form somebody\@somewhere] |
ENTER ADMIN E-MAIL ADDRESS: |
ENTER ADMIN E-MAIL ADDRESS: |
Line 566 while (!$flag) {
|
Line 1215 while (!$flag) {
|
****** Hostname of the server/VM ***** |
****** Hostname of the server/VM ***** |
|
|
The hostname of the server/VM is required. This will be similar to: |
The hostname of the server/VM is required. This will be similar to: |
somename.ustate.edu or somename.department.ustate.edu, and would be |
somename.ustate.edu or somename.department.ustate.edu, and would be |
the web address which users would point their web browsers at to |
the web address which users would point their web browsers at to |
access the server. |
access the server. |
|
|
Line 598 if ($posshostname) {
|
Line 1247 if ($posshostname) {
|
} |
} |
} |
} |
|
|
|
&ssl_info(); |
|
|
|
$country = &get_country($desiredhostname); |
|
|
|
$state = &get_state(); |
|
|
|
$city = &get_city(); |
|
|
|
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
|
|
|
my $perlstaticref = &get_static_config(); |
|
if (ref($perlstaticref) eq 'HASH') { |
|
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
|
$certsdir = $perlstaticref->{'lonCertificateDirectory'}; |
|
$privkey = $perlstaticref->{'lonnetPrivateKey'}; |
|
$connectcsr = $perlstaticref->{'lonnetCertificate'}; |
|
$connectcsr =~ s/\.pem$/.csr/; |
|
$replicatecsr = $perlstaticref->{'lonnetHostnameCertificate'}; |
|
$replicatecsr =~ s/\.pem$/.csr/; |
|
|
|
print(<<END); |
|
|
|
****** SSL Certificates ***** |
|
|
|
You need to provide a password to be used for the openssl key which |
|
will be stored in $certsdir, and will be used when creating two |
|
certificate signing requests: $connectcsr and $replicatecsr |
|
|
|
END |
|
|
|
my $sslkeypass = &get_new_sslkeypass(); |
|
|
|
if ($certsdir && $privkey) { |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$lonHostID/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$lonAdmEMail"; |
|
|
|
# generate SSL key |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
# generate SSL csr for hostID |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
# generate SSL csr for internal hostname |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
# mail csr files to certificate@lon-capa.org (production or dev clusters). |
|
&mail_csr('both',$lonCluster,$lonHostID,$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlstaticref); |
|
|
|
} else { |
|
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
|
} |
|
} else { |
|
print "Could not acquire standard names for SSL Certificate files from loncapa_apache.conf\n"; |
|
} |
|
|
# update loncapa.conf |
# update loncapa.conf |
my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24' || '<DIST />' eq 'debian10'> || '<DIST />' eq 'debian11' || '<DIST />' eq 'debian12') { |
$confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
} |
} |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
Line 657 END
|
Line 1358 END
|
</file> |
</file> |
<file> |
<file> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='sles10 sles11 sles12 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18'>/etc/apache2/</target> |
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 debian10 debian11 debian12 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>/etc/apache2/</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
sub securesetting { |
|
my (%perlvar)=@_; |
|
my $securestatus='unknown'; |
|
my $securenum=''; |
|
if ( $perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
$securestatus='no'; $securenum='4'; |
|
} elsif ( $perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
$securestatus='lond'; $securenum='3'; |
|
} elsif (!$perlvar{'loncAllowInsecure'}&& $perlvar{'londAllowInsecure'}) { |
|
$securestatus='lonc'; $securenum='2'; |
|
} elsif (!$perlvar{'loncAllowInsecure'}&& !$perlvar{'londAllowInsecure'}) { |
|
$securestatus='yes (lond and lonc)'; $securenum='1'; |
|
} |
|
return ($securestatus,$securenum); |
|
} |
|
# read values from loncapa.conf |
# read values from loncapa.conf |
my $confdir = "<TARGET />"; |
my $confdir = "<TARGET />"; |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
my %perlvar; |
my %perlvar; |
my ($securestatus,$securenum); |
|
if (-e "$confdir$filename") { |
if (-e "$confdir$filename") { |
open(CONFIG,'<'.$confdir.$filename) or |
open(CONFIG,'<'.$confdir.$filename) or |
die("Can't read $confdir$filename"); |
die("Can't read $confdir$filename"); |
Line 706 my ($securestatus,$securenum);
|
Line 1391 my ($securestatus,$securenum);
|
unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'loncAllowInsecure'} and $perlvar{'loncAllowInsecure'}!~/\{\[\[\[\[/) { |
$perlvar{'loncAllowInsecure'}='1'; |
$perlvar{'loncAllowInsecure'}='1'; |
} |
} |
($securestatus,$securenum)=&securesetting(%perlvar); |
my ($securestatus,$securenum)=&securesetting(%perlvar); |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
unless ($perlvar{'lonReceipt'} and $perlvar{'lonReceipt'}!~/\{\[\[\[\[/) { |
my $lonReceipt=''; |
my $lonReceipt=''; |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); |
Line 716 my ($securestatus,$securenum);
|
Line 1401 my ($securestatus,$securenum);
|
} |
} |
$perlvar{'lonReceipt'}=$lonReceipt; |
$perlvar{'lonReceipt'}=$lonReceipt; |
} |
} |
my %perlvarstatic; |
my $perlvarstatic = &get_static_config(); |
if (-e "${confdir}loncapa_apache.conf") { |
|
open(CONFIG,'<'.$confdir.'loncapa_apache.conf') or |
|
die("Can't read ${confdir}loncapa_apache.conf"); |
|
while (my $configline=<CONFIG>) { |
|
if ($configline =~ /^[^\#]*PerlSetVar/) { |
|
my ($unused,$varname,$varvalue)=split(/\s+/,$configline); |
|
chomp($varvalue); |
|
$perlvarstatic{$varname}=$varvalue; |
|
} |
|
} |
|
close(CONFIG); |
|
} |
|
|
|
my (@hosts_files, @domain_files); |
my (@hosts_files, @domain_files); |
if ( $lonCluster ne 'existing') { |
if ( $lonCluster ne 'existing') { |
Line 742 my %perlvarstatic;
|
Line 1415 my %perlvarstatic;
|
push(@hosts_files,'/home/httpd/lonTabs/hosts.tab', |
push(@hosts_files,'/home/httpd/lonTabs/hosts.tab', |
'/home/httpd/lonTabs/dns_hosts.tab'); |
'/home/httpd/lonTabs/dns_hosts.tab'); |
|
|
|
my @poss_hosts_files = @hosts_files; |
if (!$domainDescription) { |
if (!$domainDescription) { |
foreach my $file (@domain_files) { |
foreach my $file (@domain_files) { |
open(IN,'<'.$file); |
open(IN,'<'.$file); |
Line 795 my %perlvarstatic;
|
Line 1469 my %perlvarstatic;
|
} |
} |
} |
} |
|
|
|
my (%hostnames,%protocols); |
while(!$primaryLibServer && (@hosts_files || @domain_files)) { |
while(!$primaryLibServer && (@hosts_files || @domain_files)) { |
my $file = shift(@domain_files); |
my $file = shift(@domain_files); |
open(IN,'<'.$file); |
open(IN,'<'.$file); |
Line 809 my %perlvarstatic;
|
Line 1484 my %perlvarstatic;
|
$file = shift(@hosts_files); |
$file = shift(@hosts_files); |
open(IN,'<'.$file); |
open(IN,'<'.$file); |
while(my $line = <IN>) { |
while(my $line = <IN>) { |
if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:/) { |
if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+)/) { |
push(@libservers,$1); |
push(@libservers,$1); |
|
$hostnames{$1} = $2; |
} |
} |
} |
} |
# make list unique |
# make list unique |
@libservers = keys(%{{ map { $_ => 1 } (@libservers) }}); |
@libservers = keys(%{{ map { $_ => 1 } (@libservers) }}); |
close(IN); |
close(IN); |
if (@libservers == 1) { |
if (@libservers == 1) { |
$primaryLibServer = $libservers[0]; |
$primaryLibServer = $libservers[0]; |
} |
} |
} |
} |
|
|
|
# get hostname of primaryLibServer |
|
my ($primary_hostname,$primary_protocol); |
|
if ($primaryLibServer) { |
|
if ($hostnames{$primaryLibServer}) { |
|
$primary_hostname = $hostnames{$primaryLibServer}; |
|
$primary_protocol = $protocols{$primaryLibServer}; |
|
} else { |
|
foreach my $file (@poss_hosts_files) { |
|
open(IN,'<'.$file); |
|
while (my $line = <IN>) { |
|
if ($line =~ /^([^\:]+)\:\Q$perlvar{'lonDefDomain'}\E\:library\:([^\:]+):(https?)/) { |
|
if ($1 eq $primaryLibServer) { |
|
$primary_hostname = $2; |
|
$primary_protocol = $3; |
|
last; |
|
} |
|
} |
|
} |
|
close(IN); |
|
last if ($primary_hostname); |
|
} |
|
} |
|
} |
|
|
# implement editing logic below, interactively |
# implement editing logic below, interactively |
# update loncapa.conf until 15 is entered |
# update loncapa.conf until 18 is entered |
|
|
my $flag=0; |
my $flag=0; |
|
|
|
# |
|
# Changes to 5, 6, and 14 not supported if configuration.db set on primary library server. |
|
# (requires either this machine to be primary library server or for LON-CAPA and Apache |
|
# to be running on primary library server). |
|
# |
|
|
|
my ($isprimary,$domconf,$url,$gotdomconf,$adminmail,$supportmail,$connectssl,%setbygui); |
|
if ($primaryLibServer eq $perlvar{'lonHostID'}) { |
|
$isprimary = 1; |
|
} else { |
|
unless ($primary_protocol eq 'https') { |
|
$primary_protocol = 'http'; |
|
} |
|
$url = $primary_protocol.'://'.$primary_hostname.'/cgi-bin/listdomconfig.pl'; |
|
} |
|
|
|
my %sslnames = &get_sslnames(); |
|
my %ssldesc = &get_ssldesc(); |
|
|
|
my $domconf = &get_domain_config($perlvar{'lonDefDomain'},$primaryLibServer,$isprimary, |
|
$url,$perlvarstatic); |
|
if (ref($domconf)) { |
|
$gotdomconf = 1; |
|
if (ref($domconf->{'contacts'}) eq 'HASH') { |
|
if (exists($domconf->{'contacts'}->{'adminemail'})) { |
|
$adminmail = $domconf->{'contacts'}->{'adminemail'}; |
|
} |
|
if (exists($domconf->{'contacts'}->{'supportemail'})) { |
|
$supportmail = $domconf->{'contacts'}->{'supportemail'}; |
|
} |
|
} |
|
if (ref($domconf->{'ssl'}) eq 'HASH') { |
|
foreach my $connect ('connto','connfrom') { |
|
if (ref($domconf->{'ssl'}->{$connect}) eq 'HASH') { |
|
my ($sslreq,$sslnoreq,$currsetting); |
|
my %contypes; |
|
foreach my $type ('dom','intdom','other') { |
|
my $key; |
|
if ($domconf->{'ssl'}->{'connect'}->{$type} eq 'req') { |
|
$key = 'yes'; |
|
} else { |
|
$key = 'no'; |
|
} |
|
if ($type eq 'dom') { |
|
$contypes{$key} .= ' own domain,'; |
|
} elsif ($type eq 'intdom') { |
|
$contypes{$key} .= ' own institution,'; |
|
} elsif ($type eq 'other') { |
|
$contypes{$key} .= ' other domains,'; |
|
} |
|
} |
|
foreach my $key (sort(keys(%contypes))) { |
|
$contypes{$key} =~ s/^\s//; |
|
$contypes{$key} =~ s/,$//; |
|
if ($key eq 'yes') { |
|
$currsetting .= ' Yes ('.$contypes{$key}.'),'; |
|
} elsif ($key eq 'no') { |
|
$currsetting .= ' No ('.$contypes{$key}.')'; |
|
} |
|
$currsetting =~ s/,$//; |
|
} |
|
if ($currsetting ne '') { |
|
$connectssl = $sslnames{$connect}.' -- '.$currsetting.' | '; |
|
} |
|
} |
|
} |
|
$connectssl =~ s/\s\|\s$//; |
|
} |
|
} |
|
if ($connectssl) { |
|
$setbygui{'securestatus'} = 1; |
|
$securestatus = 'Set by domain configuration via web GUI. Currently: '.$connectssl; |
|
} |
|
if ($adminmail) { |
|
$adminmail = 'Set by domain configuration via web GUI. Currently: '.$adminmail; |
|
$setbygui{'lonAdmEMail'} = 1; |
|
} else { |
|
$adminmail = $perlvar{'lonAdmEMail'}; |
|
} |
|
if ($supportmail) { |
|
$supportmail = 'Set by domain configuration via web GUI. Currently: '.$supportmail; |
|
$setbygui{'lonSupportEMail'} = 1; |
|
} else { |
|
$supportmail = $perlvar{'lonSupportEMail'}; |
|
} |
|
|
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
print $certinfo; |
|
my %sslstatus; |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
|
while (!$flag) { |
while (!$flag) { |
print(<<END); |
print(<<END); |
|
|
Line 835 This is now the current configuration of
|
Line 1630 This is now the current configuration of
|
2) Domain Description: $domainDescription |
2) Domain Description: $domainDescription |
3) Machine Name: $perlvar{'lonHostID'} |
3) Machine Name: $perlvar{'lonHostID'} |
4) ID of primary library server for domain: $primaryLibServer |
4) ID of primary library server for domain: $primaryLibServer |
5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
5) Server Administrator's E-mail Address: $adminmail |
6) Support E-mail Address: $perlvar{'lonSupportEMail'} |
6) Support E-mail Address: $supportmail |
7) Web Server Protocol (http or https): $protocol |
7) Web Server Protocol (http or https): $protocol |
8) Internet Domain Name: $intdom |
8) Internet Domain Name: $intdom |
9) Hostname: $desiredhostname |
9) Hostname: $desiredhostname |
10) Role: $perlvar{'lonRole'} |
10) Role: $perlvar{'lonRole'} |
11) Cache Expiration Time: $perlvar{'lonExpire'} |
11) Cache Expiration Time: $perlvar{'lonExpire'} (seconds) |
12) Server Load: $perlvar{'lonLoadLim'} |
12) Server Load: $perlvar{'lonLoadLim'} |
13) User Load: $perlvar{'lonUserLoadLim'} |
13) User Load: $perlvar{'lonUserLoadLim'} |
14) Allow only secure connections: $securestatus |
14) LON-CAPA "internal" connections: $securestatus |
15) Everything is correct up above |
15) Private Key for SSL: $lonkeystatus |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
18) Everything is correct up above |
END |
END |
|
|
my @error; |
my @error; |
foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
foreach my $v ($perlvar{'lonDefDomain'},$perlvar{'lonHostID'}) { |
if (length($v)>35) { push(@error,"Name $v too long"); } |
if (length($v)>35) { push(@error,"Name $v too long"); } |
if (length($v)<2) { push(@error,"Name $v too short"); } |
if (length($v)<2) { push(@error,"Name $v too short"); } |
if ($v=~/capa/i) { |
if ($v=~/capa/i) { |
if ($v!~/^oucapa\d+$/ && |
if ($v!~/^oucapa\d+$/ && |
($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
($v!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
Line 887 if (!defined($intdom)) {
|
Line 1685 if (!defined($intdom)) {
|
} |
} |
|
|
if (!defined($primaryLibServer)) { |
if (!defined($primaryLibServer)) { |
if (@libservers > 0) { |
if (@libservers > 0) { |
push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers))); |
push(@error,"No primary library server ID designated. Choose from: ".join(',',sort(@libservers))); |
} else { |
} else { |
push(@error,"No library servers in this domain (including current server)"); |
push(@error,"No library servers in this domain (including current server)"); |
} |
} |
} else { |
} else { |
if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID: $primaryLibServer too long"); } |
if (length($primaryLibServer)>35) { push(@error,"Primary Library Server ID: $primaryLibServer too long"); } |
if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID: $primaryLibServer too short"); } |
if (length($primaryLibServer)<2) { push(@error,"Primary Library Server ID: $primaryLibServer too short"); } |
if ($primaryLibServer =~/capa/i) { |
if ($primaryLibServer =~/capa/i) { |
if ($primaryLibServer!~/^oucapa\d+$/ && |
if ($primaryLibServer!~/^oucapa\d+$/ && |
($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
($primaryLibServer!~/^capa\d+$/ && $perlvar{'lonDefDomain'} eq 'uwsp')) { |
Line 909 if (!defined($primaryLibServer)) {
|
Line 1707 if (!defined($primaryLibServer)) {
|
} |
} |
|
|
|
|
|
my ($certsdir,$privkey,$connectcsr,$replicatecsr); |
|
$certsdir = $perlvarstatic->{'lonCertificateDirectory'}; |
|
$privkey = $perlvarstatic->{'lonnetPrivateKey'}; |
|
$connectcsr = $perlvarstatic->{'lonnetCertificate'}; |
|
$connectcsr =~ s/\.pem$/.csr/; |
|
$replicatecsr = $perlvarstatic->{'lonnetHostnameCertificate'}; |
|
$replicatecsr =~ s/\.pem$/.csr/; |
|
|
if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; } |
if (@error) { print "\n*** ERRORS: \n\t".join("\n\t",@error)."\n"; } |
print(<<END); |
print(<<END); |
ENTER A CHOICE OF 1-14 TO CHANGE, otherwise ENTER 15: |
ENTER A CHOICE OF 1-17 TO CHANGE, otherwise ENTER 18: |
END |
END |
my $choice=<>; |
my $choice=<>; |
chomp($choice); |
chomp($choice); |
Line 964 END
|
Line 1770 END
|
$primaryLibServer=$choice2; |
$primaryLibServer=$choice2; |
} |
} |
elsif ($choice==5) { |
elsif ($choice==5) { |
print(<<END); |
if ($setbygui{'lonAdmEMail'}) { |
|
print(<<END); |
|
5) Server Administrator's E-mail Address: $adminmail |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
5) Server Administrator's E-mail Address: $perlvar{'lonAdmEMail'} |
ENTER NEW VALUE: |
ENTER NEW VALUE: |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonAdmEMail'}=$choice2; |
$perlvar{'lonAdmEMail'}=$choice2; |
|
$adminmail=$perlvar{'lonAdmEMail'}; |
|
} |
} |
} |
elsif ($choice==6) { |
elsif ($choice==6) { |
print(<<END); |
if ($setbygui{'lonSupportEMail'}) { |
|
print(<<END); |
|
6) Support E-mail Address: $supportmail |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
6) Support E-mail Address: $perlvar{'lonSupportEMail'} |
6) Support E-mail Address: $perlvar{'lonSupportEMail'} |
ENTER NEW VALUE: |
ENTER NEW VALUE: |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
$perlvar{'lonSupportEMail'}=$choice2; |
$perlvar{'lonSupportEMail'}=$choice2; |
|
$supportmail=$perlvar{'lonSupportEMail'}; |
|
} |
} |
} |
elsif ($choice==7) { |
elsif ($choice==7) { |
print(<<END); |
print(<<END); |
Line 1051 END
|
Line 1873 END
|
$perlvar{'lonUserLoadLim'}=$choice2; |
$perlvar{'lonUserLoadLim'}=$choice2; |
} |
} |
elsif ($choice==14) { |
elsif ($choice==14) { |
print(<<END); |
if ($setbygui{'securestatus'}) { |
|
print(<<END); |
|
14) Allow only secure connections: $securestatus |
|
Use the web GUI (as domain coordinator) to make changes after completing the UPDATE. |
|
END |
|
} else { |
|
print(<<END); |
14) Allow only secure connections: $securestatus |
14) Allow only secure connections: $securestatus |
The Lon-CAPA communication daemons lonc and lond can be configured to |
The Lon-CAPA communication daemons lonc and lond can be configured to |
allow only secure connections by default. |
allow only secure connections by default. |
Line 1066 POSSIBLE CHOICES:
|
Line 1894 POSSIBLE CHOICES:
|
4) allow insecure connections |
4) allow insecure connections |
ENTER NEW VALUE (currently $securenum): |
ENTER NEW VALUE (currently $securenum): |
END |
END |
my $choice2=<>; |
my $choice2=<>; |
chomp($choice2); |
chomp($choice2); |
if ($choice2 eq '1') { |
if ($choice2 eq '1') { |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0; |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=0; |
} elsif ($choice2 eq '2') { |
} elsif ($choice2 eq '2') { |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1; |
$perlvar{'loncAllowInsecure'}=0;$perlvar{'londAllowInsecure'}=1; |
} elsif ($choice2 eq '3') { |
} elsif ($choice2 eq '3') { |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0; |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=0; |
} elsif ($choice2 eq '4') { |
} elsif ($choice2 eq '4') { |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1; |
$perlvar{'loncAllowInsecure'}=1;$perlvar{'londAllowInsecure'}=1; |
|
} |
|
($securestatus,$securenum)=&securesetting(%perlvar); |
} |
} |
($securestatus,$securenum)=&securesetting(%perlvar); |
} elsif ($choice==15) { |
} |
if ($sslstatus{'key'} == 1) { |
elsif (($choice==15) && (!@error)) { |
print(<<END); |
|
15) Private Key for SSL: $lonkeystatus |
|
|
|
POSSIBLE CHOICES: |
|
1) overwrite existing key |
|
2) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
my $sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} elsif ($sslstatus{'key'} == 0) { |
|
print(<<END); |
|
15) Private Key for SSL: $lonkeystatus |
|
END |
|
my $sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif ($choice==16) { |
|
if (($sslstatus{'host'} == 1) || ($sslstatus{'host'} == 2) || ($sslstatus{'host'} == 3)) { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) resend current certificate signing request |
|
4) make no change |
|
ENTER NEW VALUE |
|
END |
|
|
|
my $choice2=<>; |
|
chomp($choice2); |
|
if (($choice2 eq '1') || ($choice2 eq '2')) { |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
|
($domainDescription,$country,$state,$city) = &confirm_locality($domainDescription,$country,$state,$city); |
|
my $sslkeypass; |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} elsif ($choice2 eq '3') { |
|
if (-e "$certsdir/$connectcsr") { |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
} |
|
} |
|
} elsif (($sslstatus{'host'} == 0) || ($sslstatus{'host'} == 4) || ($sslstatus{'host'} == 5)) { |
|
my $sslkeypass; |
|
if ($sslstatus{'key'} == 1) { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} else { |
|
print(<<END); |
|
16) SSL Certificate for LON-CAPA server connections: $lonhostcertstatus |
|
END |
|
$sslkeypass = &get_new_sslkeypass(); |
|
} |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $connectsubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=$perlvar{'lonHostID'}/OU=LONCAPA/emailAddress=$adminmail"; |
|
&make_host_csr($certsdir,$sslkeypass,$connectcsr,$connectsubj); |
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif ($choice==17) { |
|
if (($sslstatus{'hostname'} == 1) || ($sslstatus{'hostname'} == 2) || ($sslstatus{'hostname'} == 3)) { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) resend current certificate signing request |
|
4) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if (($choice2 eq '1') || ($choice2 eq '2')) { |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
|
my $sslkeypass; |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} elsif ($choice2 eq '3') { |
|
if (-e "$certsdir/$replicatecsr") { |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
} |
|
} |
|
} elsif (($sslstatus{'hostname'} == 0) || ($sslstatus{'hostname'} == 4) || ($sslstatus{'hostname'} == 5)) { |
|
my $sslkeypass; |
|
if ($sslstatus{'key'} == 1) { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
|
|
POSSIBLE CHOICES: |
|
1) create new certificate signing request with new key |
|
2) create new certificate signing request with existing key |
|
3) make no change |
|
ENTER NEW VALUE |
|
END |
|
my $choice2=<>; |
|
chomp($choice2); |
|
if ($choice2 eq '1') { |
|
$sslkeypass = &get_new_sslkeypass(); |
|
&make_key($certsdir,$privkey,$sslkeypass); |
|
} elsif ($choice2 eq '2') { |
|
$sslkeypass = &get_password('Enter existing password for SSL key'); |
|
&encrypt_key($certsdir,$privkey,$sslkeypass); |
|
} |
|
} else { |
|
print(<<END); |
|
17) SSL Certificate for Content Replication: $lonhostnamecertstatus |
|
END |
|
$sslkeypass = &get_new_sslkeypass(); |
|
} |
|
&ssl_info(); |
|
my $country = &get_country($desiredhostname); |
|
my $state = &get_state(); |
|
my $city = &get_city(); |
|
my $replicatesubj = "/C=$country/ST=$state/O=$domainDescription/L=$city/CN=internal-$desiredhostname/OU=LONCAPA/emailAddress=$adminmail"; |
|
&make_hostname_csr($certsdir,$sslkeypass,$replicatecsr,$replicatesubj); |
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
|
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
|
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
|
if (ref($sslref) eq 'HASH') { |
|
%sslstatus = %{$sslref}; |
|
} |
|
} |
|
} elsif (($choice==18) && (!@error)) { |
$flag=1; |
$flag=1; |
} |
} else { |
else { |
|
print "Invalid input.\n"; |
print "Invalid input.\n"; |
} |
} |
} |
} |
Line 1095 END
|
Line 2117 END
|
if ($value eq '') { |
if ($value eq '') { |
$line = '#'.$line; |
$line = '#'.$line; |
} |
} |
print(OUT <<END) unless $perlvarstatic{$key}; |
print(OUT <<END) unless ($perlvarstatic->{$key}); |
$line |
$line |
END |
END |
} |
} |