version 1.88, 2017/05/19 00:56:34
|
version 1.95, 2024/04/24 21:57:16
|
Line 62 sub get_new_sslkeypass {
|
Line 62 sub get_new_sslkeypass {
|
sub get_static_config { |
sub get_static_config { |
# get LCperlvars from loncapa_apache.conf |
# get LCperlvars from loncapa_apache.conf |
my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24') { |
$confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
} |
} |
my $filename='loncapa_apache.conf'; |
my $filename='loncapa_apache.conf'; |
Line 537 sub get_ssldesc {
|
Line 537 sub get_ssldesc {
|
} |
} |
|
|
sub get_cert_status { |
sub get_cert_status { |
my ($lonHostID,$perlvarstatic) = @_; |
my ($lonHostID,$hostname,$perlvarstatic) = @_; |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => 1,},'text','cgi'); |
my $currcerts = &LONCAPA::SSL::print_certstatus({$lonHostID => $hostname,},'text','install'); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my ($lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,%sslstatus); |
my $output = ''; |
my $output = ''; |
if ($currcerts eq "$lonHostID:error") { |
if ($currcerts eq "$lonHostID:error") { |
Line 553 sub get_cert_status {
|
Line 553 sub get_cert_status {
|
} else { |
} else { |
my %sslnames = &get_sslnames(); |
my %sslnames = &get_sslnames(); |
my %ssldesc = &get_ssldesc(); |
my %ssldesc = &get_ssldesc(); |
|
my %csr; |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
my ($lonhost,$info) = split(/\:/,$currcerts,2); |
if ($lonhost eq $lonHostID) { |
if ($lonhost eq $lonHostID) { |
my @items = split(/\&/,$info); |
my @items = split(/\&/,$info); |
foreach my $item (@items) { |
foreach my $item (@items) { |
my ($key,$value) = split(/=/,$item,2); |
my ($key,$value) = split(/=/,$item,2); |
|
if ($key =~ /^(host(?:|name))\-csr$/) { |
|
$csr{$1} = $value; |
|
} |
my @data = split(/,/,$value); |
my @data = split(/,/,$value); |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
if (grep(/^\Q$key\E$/,keys(%sslnames))) { |
|
my ($checkcsr,$comparecsr); |
if (lc($data[0]) eq 'yes') { |
if (lc($data[0]) eq 'yes') { |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." available with status = $data[1]\n"; |
if ($key eq 'key') { |
if ($key eq 'key') { |
Line 587 sub get_cert_status {
|
Line 592 sub get_cert_status {
|
$lonhostnamecertstatus = "status: created with missing key"; |
$lonhostnamecertstatus = "status: created with missing key"; |
} |
} |
} |
} |
|
if ($setstatus) { |
|
$comparecsr = 1; |
|
} |
} |
} |
unless ($setstatus) { |
unless ($setstatus) { |
if ($data[1] eq 'expired') { |
if ($data[1] eq 'expired') { |
Line 606 sub get_cert_status {
|
Line 614 sub get_cert_status {
|
} else { |
} else { |
$sslstatus{$key} = 0; |
$sslstatus{$key} = 0; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
$output .= "$ssldesc{$key} ".$perlvarstatic->{$sslnames{$key}}." not available\n"; |
if (($key eq 'host') || ($key eq 'hostname')) { |
if ($key eq 'key') { |
my $csr = $perlvarstatic->{$sslnames{$key}}; |
$lonkeystatus = 'still needed'; |
$csr =~s /\.pem$/.csr/; |
} elsif (($key eq 'host') || ($key eq 'hostname')) { |
my $csrstatus; |
$checkcsr = 1; |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csr") { |
} |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csr 2>&1 |"); |
} |
while(<PIPE>) { |
if (($checkcsr) || ($comparecsr)) { |
chomp(); |
my $csrfile = $perlvarstatic->{$sslnames{$key}}; |
$csrstatus = $_; |
$csrfile =~s /\.pem$/.csr/; |
last; |
my $csrstatus; |
} |
if (-e $perlvarstatic->{'lonCertificateDirectory'}."/$csrfile") { |
close(PIPE); |
open(PIPE,"openssl req -text -noout -verify -in ".$perlvarstatic->{'lonCertificateDirectory'}."/$csrfile 2>&1 |"); |
|
while(<PIPE>) { |
|
chomp(); |
|
$csrstatus = $_; |
|
last; |
|
} |
|
close(PIPE); |
|
if ((($comparecsr) && ($csr{$key})) || ($checkcsr)) { |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
$output .= "Certificate signing request for $ssldesc{$key} available with status = $csrstatus\n\n"; |
if ($key eq 'host') { |
if ($key eq 'host') { |
$lonhostcertstatus = 'awaiting signature'; |
$lonhostcertstatus = 'awaiting signature'; |
Line 625 sub get_cert_status {
|
Line 640 sub get_cert_status {
|
$lonhostnamecertstatus = 'awaiting signature'; |
$lonhostnamecertstatus = 'awaiting signature'; |
} |
} |
$sslstatus{$key} = 3; |
$sslstatus{$key} = 3; |
|
} |
|
} elsif ($checkcsr) { |
|
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
|
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
} else { |
} else { |
$output .= "No certificate signing request available for $ssldesc{$key}\n\n"; |
$lonhostnamecertstatus = 'still needed'; |
if ($key eq 'host') { |
|
$lonhostcertstatus = 'still needed'; |
|
} else { |
|
$lonhostnamecertstatus = 'still needed'; |
|
} |
|
} |
} |
} elsif ($key eq 'key') { |
|
$lonkeystatus = 'still needed'; |
|
} |
} |
} |
} |
} |
} |
Line 1288 END
|
Line 1301 END
|
|
|
# update loncapa.conf |
# update loncapa.conf |
my $confdir = '/etc/httpd/conf/'; |
my $confdir = '/etc/httpd/conf/'; |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16') { |
if ('<DIST />' eq 'sles10' || '<DIST />' eq 'sles11' || '<DIST />' eq 'sles12' || '<DIST />' eq 'sles15' || '<DIST />' eq 'suse10.1' || '<DIST />' eq 'suse10.2' || '<DIST />' eq 'suse10.3' || '<DIST />' eq 'suse11.1' || '<DIST />' eq 'suse11.2' || '<DIST />' eq 'suse11.3' || '<DIST />' eq 'suse11.4' || '<DIST />' eq 'suse12.1' || '<DIST />' eq 'suse12.2' || '<DIST />' eq 'suse12.3' || '<DIST />' eq 'suse13.1' || '<DIST />' eq 'suse13.2' || '<DIST />' eq 'debian5' || '<DIST />' eq 'debian6' || '<DIST />' eq 'ubuntu6' || '<DIST />' eq 'ubuntu8' || '<DIST />' eq 'ubuntu10' || '<DIST />' eq 'ubuntu12' || '<DIST />' eq 'ubuntu14' || '<DIST />' eq 'ubuntu16' || '<DIST />' eq 'ubuntu18' || '<DIST />' eq 'ubuntu20' || '<DIST />' eq 'ubuntu22' || '<DIST />' eq 'ubuntu24') { |
$confdir = '/etc/apache2/'; |
$confdir = '/etc/apache2/'; |
} |
} |
my $filename='loncapa.conf'; |
my $filename='loncapa.conf'; |
Line 1345 END
|
Line 1358 END
|
</file> |
</file> |
<file> |
<file> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='default'>/etc/httpd/conf/</target> |
<target dist='sles10 sles11 sles12 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16'>/etc/apache2/</target> |
<target dist='sles10 sles11 sles12 sles15 suse10.1 suse10.2 suse10.3 suse11.1 suse11.2 suse11.3 suse11.4 suse12.1 suse12.2 suse12.3 suse13.1 suse13.2 debian5 debian6 ubuntu6 ubuntu8 ubuntu10 ubuntu12 ubuntu14 ubuntu16 ubuntu18 ubuntu20 ubuntu22 ubuntu24'>/etc/apache2/</target> |
<perlscript mode='fg'> |
<perlscript mode='fg'> |
# read values from loncapa.conf |
# read values from loncapa.conf |
my $confdir = "<TARGET />"; |
my $confdir = "<TARGET />"; |
Line 1601 if ($supportmail) {
|
Line 1614 if ($supportmail) {
|
|
|
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
my ($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
print $certinfo; |
print $certinfo; |
my %sslstatus; |
my %sslstatus; |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
Line 1918 END
|
Line 1931 END
|
&make_key($certsdir,$privkey,$sslkeypass); |
&make_key($certsdir,$privkey,$sslkeypass); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 1957 END
|
Line 1970 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2002 END
|
Line 2015 END
|
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('host',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2039 END
|
Line 2052 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |
Line 2084 END
|
Line 2097 END
|
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
&mail_csr('hostname',$lonCluster,$perlvar{'lonHostID'},$desiredhostname,$certsdir,$connectcsr,$replicatecsr,$perlvarstatic); |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
print "\nRetrieving status information for SSL key and certificates ...\n\n"; |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
($certinfo,$lonkeystatus,$lonhostcertstatus,$lonhostnamecertstatus,$sslref) = |
&get_cert_status($perlvar{'lonHostID'},$perlvarstatic); |
&get_cert_status($perlvar{'lonHostID'},$desiredhostname,$perlvarstatic); |
if (ref($sslref) eq 'HASH') { |
if (ref($sslref) eq 'HASH') { |
%sslstatus = %{$sslref}; |
%sslstatus = %{$sslref}; |
} |
} |