openvpn-setup.in 3.54 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
# 
# {{{GENIPUBLIC-LICENSE
# 
# GENI Public License
# 
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
# 
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
# 
# }}}
#
use strict;
use English;
use Getopt::Std;

#
# Initialize an emulab to act as a protogeni emulab. Add optional -c
# option if this is a clearinghouse.
# 
sub usage()
{
    print "Usage: openvpn-setup [-r [-k]]\n";
    print "Options:\n";
    print "  -r    - Regenerate certs, replacing existing keys/certs\n";
    print "  -k    - Reuse private keys when using -r option\n";
    exit(1);
}
my $optlist = "rk";
my $regen   = 0;
my $oldkeys = 0;

#
# Configure variables
#
my $TB		  = "@prefix@";
my $TBOPS         = "@TBOPSEMAIL@";
my $OURDOMAIN     = "@OURDOMAIN@";
my $PGENIDOMAIN   = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT  = @PROTOGENI_SUPPORT@;
my $PROTOUSER	  = "elabman";
my $MKSYSCERT	  = "$TB/sbin/mksyscert";
my $WAP           = "$TB/sbin/withadminprivs";
my $SERVERCERT	  = "$TB/etc/openvpn-server.pem";
my $CLIENTCERT	  = "$TB/etc/openvpn-client.pem";
my $DHFILE	  = "$TB/etc/openvpn-dh.pem";
my $SUDO	  = "/usr/local/bin/sudo";
my $OPENSSL       = "/usr/bin/openssl";

# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Protos
sub fatal($);

#
# Turn off line buffering on output
#
$| = 1; 

# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libtestbed;

if ($UID != 0) {
    fatal("Must be root to run this script\n");
}

#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"r"})) {
    $regen = 1;
}
if (defined($options{"k"})) {
    $oldkeys = 1;
}
usage()
    if (@ARGV);

if (! -e $SERVERCERT || $regen) {
    my $keyopt = ($oldkeys && -e $SERVERCERT ? "-k $SERVERCERT" : "");

    print "Creating OpenVPN server certificate ...\n";
    system("$SUDO -u $PROTOUSER $MKSYSCERT -o $SERVERCERT $keyopt ".
	   "'ProtoGENI OpenVPN Server'") == 0
	   or fatal("Could not generate $SERVERCERT");
}

if (! -e $CLIENTCERT || $regen) {
    my $keyopt = ($oldkeys && -e $CLIENTCERT ? "-k $CLIENTCERT" : "");

    print "Creating OpenVPN client certificate ...\n";
    system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CLIENTCERT $keyopt ".
	   "'ProtoGENI OpenVPN Client'") == 0
	   or fatal("Could not generate $CLIENTCERT");
}

if (! -e $DHFILE || $regen) {
    print "Creating OpenVPN Diffie Hellman key file  ...\n";
Leigh B Stoller's avatar
Leigh B Stoller committed
123
    system("$OPENSSL dhparam -out $DHFILE 1024") == 0
124 125 126 127 128 129 130 131 132 133 134 135
	or fatal("Could not generate $DHFILE");
}
exit(0);

sub fatal($)
{
    my ($msg) = @_;

    die("*** $0:\n".
	"    $msg\n");
}