version 1.5, 2004/07/01 10:58:29
|
version 1.8, 2004/07/05 11:36:52
|
Line 48
|
Line 48
|
# Import section: |
# Import section: |
|
|
use strict; |
use strict; |
|
use lib '/home/httpd/lib/perl'; |
use MIME::Entity; |
use MIME::Entity; |
use LONCAPA::Configuration; |
use LONCAPA::Configuration; |
use File::Copy; |
use File::Copy; |
Line 70 my $WebGroup="www"; # Group name runnin
|
Line 71 my $WebGroup="www"; # Group name runnin
|
|
|
# Debug/log support: |
# Debug/log support: |
# |
# |
my $DEBUG = 1; # 1 for on, 0 for off. |
my $DEBUG = 0; # 1 for on, 0 for off. |
|
|
# Send debugging to stderr. |
# Send debugging to stderr. |
# Parameters: |
# Parameters: |
Line 79 my $DEBUG = 1; # 1 for on, 0 for off.
|
Line 80 my $DEBUG = 1; # 1 for on, 0 for off.
|
# $DEBUG - message is only written if this is true. |
# $DEBUG - message is only written if this is true. |
# |
# |
sub Debug { |
sub Debug { |
my $msg = shift; |
my ($msg) = @_; |
if($DEBUG) { |
if($DEBUG) { |
print STDERR "$msg\n"; |
print STDERR "$msg\n"; |
} |
} |
Line 100 sub Debug {
|
Line 101 sub Debug {
|
sub DecodeEmailFromRequest { |
sub DecodeEmailFromRequest { |
Debug("DecodeEmailFromRequest"); |
Debug("DecodeEmailFromRequest"); |
|
|
my $RequestFile = shift; |
my ($RequestFile) = @_; |
Debug("Request file is called $RequestFile"); |
Debug("Request file is called $RequestFile"); |
|
|
# We need to look for the line that has a "/Email=" in it. |
# We need to look for the line that has a "/Email=" in it. |
Line 409 sub MailRequest {
|
Line 410 sub MailRequest {
|
|
|
Debug("Done"); |
Debug("Done"); |
} |
} |
sub Cleanup {} |
|
|
# |
|
# Cleans up the detritus that's been created by this |
|
# script (see Implicit inputs below). |
|
# Implicit inputs: |
|
# request.pem - Name of certificate request file in PEM format |
|
# which will be deleted. |
|
# request.txt - Name of textual equivalent of request file |
|
# which will also be deleted. |
|
# hostkey.pem - Encrypted host key which will be deleted. |
|
# hostkey.dec - Decoded host key, which will be deleted. |
|
# |
|
sub Cleanup { |
|
Debug("Cleaning up generated, temporary files"); |
|
unlink("request.pem", "request.txt", "hostkey.pem", "hostkey.dec"); |
|
Debug("done!"); |
|
} |
|
|
|
|
|
|
Line 423 MailRequest; # Mail certificate reques
|
Line 440 MailRequest; # Mail certificate reques
|
Cleanup; # Cleanup temp files created. |
Cleanup; # Cleanup temp files created. |
|
|
Debug("Done"); |
Debug("Done"); |
|
|
|
#---------------------- POD documentatio -------------------- |
|
|
|
=head1 NAME |
|
|
|
CrGenerate - Generate a loncapa certificate request. |
|
|
|
=head1 SYNOPSIS |
|
|
|
Usage: B<CrGenerate> |
|
|
|
This should probably be run automatically at system |
|
installation time. Root must run this as write access is |
|
required to /home/httpd. |
|
|
|
This is a command line script that: |
|
|
|
- Generates a hostkey and certificate request. |
|
- Installs the protected/decoded host key where |
|
secure lond/lonc can find it. |
|
- Emails the certificate request to the loncapa certificate |
|
manager. |
|
|
|
In due course if all is legitimate, the loncapa certificate |
|
manager will email a certificate installation script to |
|
the local loncapa system administrator. |
|
|
|
=head1 DESCRIPTION |
|
|
|
Using the default openssl configuration file, a certificate |
|
request and local hostkey are created in the current working |
|
directory. The local host key is decoded and installed in the |
|
loncapa certificate directory. This allows the secure versions |
|
of lonc and lond to locate them when attempting to form |
|
external connections. The key file is given mode |
|
0400 to secure it from prying eyes. |
|
|
|
The certificate request in PEM form is attached to an email that |
|
contains the textual equivalent of the certificate request |
|
and sent to the loncapa certificate manager. All temporary |
|
files (certificate request, keys etc.) are removed from the |
|
current working directory. |
|
|
|
It is recommended that the directory this script is run in have |
|
permission mask 0700 to ensure that there are no timing holes |
|
during which the decoded host key file can be stolen. |
|
|
|
During certificate generation, the user will receive several |
|
prompts. For the default LonCAPA openssl configuration, |
|
these prompts, and documentation and sample responses |
|
in angle brackets (<>) are shown below: |
|
|
|
Country Name (2 letter code) [GB]: <your country e.g. US> |
|
State or Province Name (full name) [Berkshire]: <State, province prefecture etc. e.g. Michigan> |
|
Locality Name (eg, city) [Newbury]: <City township or municipality e.g. East Lansing> |
|
Organization Name (eg, company) [My Company Ltd]: <corporate entity e.g. Michigan State University> |
|
Organizational Unit Name (eg, section) []: <unit within Organization e.g. LITE lab> |
|
Common Name (eg, your name or your server's host name) [] <server's hostname e.g. myhost.university.edu> |
|
Email Address []: <Address to which the granted certificate should be sent e.g. me@university.edu> |
|
|
|
Please enter the following 'extra' attributes |
|
to be sent with your certificate request |
|
A challenge password []: <leave this blank!!!!!> |
|
An optional company name []: <Put whatever you want or leave blank> |
|
|
|
|
|
=head1 DEPENDENCIES |
|
|
|
- MIME::Entity Used to create the email message. |
|
- LONCAPA::Configuration Used to parse the loncapa configuration files. |
|
- File::Copy Used to install the key file. |
|
- /usr/lib/sendmail Properly configured sendmail, used to send the |
|
certificate request email to the loncapa |
|
certificate administrator. |
|
- /etc/httpd/conf/* Loncapa configuration files read to locate |
|
the certificate directory etc. |
|
|
|
=head1 FILES |
|
|
|
The following temporary files are created in the cwd |
|
|
|
hostkey.pem - PEM formatted version of the encrypted host key. |
|
hostkey.dec - PEM formatted decrypted version of the host key. |
|
request.pem - PEM formatted certificate request. |
|
request.txt - Textual rendering of the certificate request. |
|
|
|
The following permanent file is created: |
|
|
|
$CertDir/$Keyfile - The installed decoded host key file. $CertDir |
|
is defined by the Perl variable lonCertificateDirectory |
|
in /etc/loncapa_apache.conf while $Keyfile is |
|
defined by the perl variable lonnetPrivateKey in the |
|
same configuration file. |
|
|
|
=head1 COPYRIGHT: |
|
|
|
Copyright Michigan State University Board of Trustees |
|
|
|
This file is part of the LearningOnline Network with CAPA (LON-CAPA). |
|
|
|
LON-CAPA is free software; you can redistribute it and/or modify |
|
it under the terms of the GNU General Public License as published by |
|
the Free Software Foundation; either version 2 of the License, or |
|
(at your option) any later version. |
|
|
|
LON-CAPA is distributed in the hope that it will be useful, |
|
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
GNU General Public License for more details. |
|
|
|
You should have received a copy of the GNU General Public License |
|
along with LON-CAPA; if not, write to the Free Software |
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
|
|
|
/home/httpd/html/adm/gpl.txt |
|
|
|
|
|
=cut |
|
|
|
|
|
|