cacert/cats
9
0
Fork 0
mirror of https://github.com/CAcertOrg/cats.git synced 2024-11-03 04:34:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge commit 'origin/release' into bug-970

Browse source
This commit is contained in:
Bernhard Fröhlich 2013-04-11 18:31:16 +02:00
commit 5ea4dbc11e
5 changed files with 217 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
INSTALL.txt Executable file
View file

@ -0,0 +1,68 @@
Installation procedure for CATS
===============================
Prerequesites
-------------
Note that the version numbers are for the versions used to verify the procedure.
There are no explicit version dependencies, so the software should run with newer versions,
and will probably also support (moderately) older ones.
- Apache 2.2.4 is installed and configured to run with HTTPS. The CAcert roots should
be trusted.
- PHP 5.2.4
- MySQL (Version 5.0) is installed and running
- git (version 1.5.2.4) is installed and has access to github.com
- You have a browser with a valid CAcert client certificate installed
- You may want to set up your own CAcert testsystem like described in https://wiki.cacert.org/Software
to play around with certificates more freely
Setup
-----
- Get CATS from github into your webserver's document directory (or any subdir):
git clone git@github.com:CAcertOrg/cats.git
- Checkout your favourite branch, for example "git checkout release" for the installed productive version
or "git checkout testserver" to get a mirror of the testserver.
- Connect to your MySQL server with an administrative user and create a database for CATS:
CREATE DATABASE cats_db;
- Create a user for CATS to access the database:
CREATE USER cats-user IDENTIFIED BY '<a password>';
- Grant the necessary user rights. These are a bit more than the absolute minimum:
GRANT DELETE, INSERT, SELECT, UPDATE ON cats_db.* TO cats_user;
- Change the database context to the newly created cats_db:
USE cats_db;
- Execute the scripts from the database subdirectory to create the database structure:
SOURCE create_db.sql;
- Check the current version of the database:
SELECT MAX(version) FROM schema_version;
- Execute all update*.sql in numerical order which have a number bigger than the current
schema version. If the select statement returns an error (ERROR 1146 (42S02): Table
'cats_db.schema_version' doesn't exist) execute all of them.
SOURCE update1.sql;
- You will probably want to load a sample test by executing sample_test.sql from the
database directory:
SOURCE sample_test.sql;
- Change to cats directory, copy index.php.template to index.php
- Edit index.php, replace the string "FILEPATHTOHERE" with the absolute path of the
cats directory. Make sure to finish with a slash.
- Change to the includes subdirectory
- Copy db_connect.inc.template to db_connect.inc
- Edit db_connect.inc
- Make sure that the directive "SSLVerifyClient optional" or "SSLVerifyClient require"
are active for the CATS web directory, otherwise no client certificate login is requested
from your browser
Create an administrative user
-----------------------------
- Open your browser and browse to your CATS web directory using https.
- Click "Login" and accept registering with "Yes"
- Connect to your mysql database
- Set the admin flag on all existing users (should be only one):
UPDATE USER SET admin=1;

45
database/create_db.sql
View file

@ -1,8 +1,8 @@
-- MySQL dump 10.11
--
-- Host: localhost Database: cats_cats
-- Host: localhost Database: cats_db
-- ------------------------------------------------------
-- Server version 5.0.45-community
-- Server version 5.0.45
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@ -26,7 +26,7 @@ CREATE TABLE `answers` (
`answer` text collate latin1_general_ci NOT NULL,
`correct` tinyint(1) NOT NULL default '0',
PRIMARY KEY (`a_id`)
) ENGINE=MyISAM AUTO_INCREMENT=944 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
) ENGINE=MyISAM AUTO_INCREMENT=1529 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
--
@ -56,6 +56,7 @@ CREATE TABLE `learnprogress` (
`correct` int(11) NOT NULL default '0' COMMENT 'Richtige Fragen',
`wrong` int(11) NOT NULL default '0' COMMENT 'Anzahl der falschen Antworten',
`percentage` decimal(5,0) default NULL,
`uploaded` tinyint(1) default NULL,
PRIMARY KEY (`lp_id`)
) ENGINE=MyISAM AUTO_INCREMENT=178 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
@ -83,8 +84,11 @@ CREATE TABLE `questions` (
`question` text collate latin1_general_ci NOT NULL COMMENT 'Frage',
`active` enum('1','0') collate latin1_general_ci NOT NULL default '0',
`description` enum('1','0') collate latin1_general_ci NOT NULL default '0',
`ref_q_id` int(11) default NULL,
`translationstatus` int(11) default NULL,
PRIMARY KEY (`q_id`)
) ENGINE=MyISAM AUTO_INCREMENT=158 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci COMMENT='Fragen';
) ENGINE=MyISAM AUTO_INCREMENT=245 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci COMMENT='Fragen';
--
-- Table structure for table `questiontype`
@ -118,7 +122,7 @@ CREATE TABLE `statistics` (
`q_id` int(11) NOT NULL default '0' COMMENT 'Frage Id',
`count` int(11) NOT NULL default '0' COMMENT 'Zählen von Antworten',
PRIMARY KEY (`stat_id`)
) ENGINE=MyISAM AUTO_INCREMENT=121 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
--
@ -132,9 +136,11 @@ CREATE TABLE `topics` (
`active` tinyint(1) NOT NULL default '0',
`numOfQu` tinyint(4) NOT NULL default '0',
`percentage` tinyint(4) NOT NULL default '0',
`lang` varchar(42) collate latin1_general_ci default NULL,
PRIMARY KEY (`t_id`),
UNIQUE KEY `topic` (`topic`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci COMMENT='Themen';
) ENGINE=MyISAM AUTO_INCREMENT=4 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci COMMENT='Themen';
--
-- Table structure for table `user`
@ -172,6 +178,31 @@ CREATE TABLE `user_address` (
PRIMARY KEY (`user_id`,`root`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
--
-- Table structure for table `questiontype_v2`
--
DROP TABLE IF EXISTS `questiontype_v2`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `questiontype_v2` (
`qt_id` int(11) NOT NULL AUTO_INCREMENT COMMENT 'Fragetypenschlssel',
`lang` varchar(5) COLLATE latin1_general_ci NOT NULL DEFAULT '' COMMENT 'Sprache',
`qt_desc` varchar(25) COLLATE latin1_general_ci NOT NULL DEFAULT '' COMMENT 'Fragetyp',
PRIMARY KEY (`qt_id`,`lang`)
) ENGINE=MyISAM AUTO_INCREMENT=5 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci COMMENT='Fragetypen';
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `questiontype_v2`
--
LOCK TABLES `questiontype_v2` WRITE;
/*!40000 ALTER TABLE `questiontype_v2` DISABLE KEYS */;
INSERT INTO `questiontype_v2` VALUES (1,'DE','Einfachauswahl'),(2,'DE','Mehrfachauswahl'),(3,'DE','Richtig / Falsch'),(4,'DE','Lückentext'),(1,'EN','single selection'),(2,'EN','multiple choice'),(3,'EN','true / false'),(4,'EN','fill in the blanks'),(1,'FR','single selection'),(2,'FR','multiple choice'),(3,'FR','true / false'),(4,'FR','fill in the blanks'),(1,'ES','single selection'),(2,'ES','multiple choice'),(3,'ES','true / false'),(4,'ES','fill in the blanks');
/*!40000 ALTER TABLE `questiontype_v2` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
@ -182,4 +213,4 @@ CREATE TABLE `user_address` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2008-01-04 23:53:19
-- Dump completed on 2013-03-13 22:24:08

24
database/sample_test.sql Executable file
View file

File diff suppressed because one or more lines are too long

17
database/update1.sql Normal file
View file

@ -0,0 +1,17 @@
--- create new table to record the database version
CREATE TABLE IF NOT EXISTS `schema_version` (
`id` int(11) PRIMARY KEY auto_increment,
`version` int(11) NOT NULL UNIQUE,
`when` datetime NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;
--- alter learnprogress by one column
ALTER TABLE `learnprogress` ADD `passed` int(11) NOT NULL DEFAULT '0';
--- update new column passed with -1
UPDATE `learnprogress` SET `passed`=-1;
--- update schema version number
INSERT INTO `schema_version`
(`version`, `when`) VALUES
('1' , NOW() );

103
functions/UploadResults.pl
View file

@ -8,6 +8,7 @@ my $KeyFile = "key_200808.pem";
my $CAfile = "CAcert_roots.pem";
my $TargetHost="secure.cacert.org";
my $TargetScript="cats/cats_import.php";
my $ConnectInc="/home/cats/public_html/includes/db_connect.inc";
sub url_encode($)
{
@ -32,6 +33,9 @@ sub SendRecord($$$$$$)
my $BytesRead;
my $Result;
my $ContentLength;
my $DoClose;
my $HTTPResult;
my $HTTPTextResult;
$data = "serial=".url_encode($serial)."&root=".url_encode($root)."&type=".url_encode($type).
"&variant=".url_encode($variant)."&date=".url_encode($date)."&OK=Anfrage+abschicken\r\n";
@ -47,6 +51,7 @@ sub SendRecord($$$$$$)
$IsChunked = 0;
$ContentLength = 0;
$DoClose = 0;
do {
$CurLine = Net::SSLeay::ssl_read_CRLF($ssl);
die_if_ssl_error("ssl_read_CRLF");
@ -54,15 +59,22 @@ sub SendRecord($$$$$$)
print "ssl_read_CRLF returns nothing\n";
return "BREAK";
}
if (CurLine =~ /^HTTP\/[0-9.]+ (\d+) (.+)/i) {
$HTTPResult = $1;
$HTTPTextResult = $2;
}
if ($CurLine =~ /^Transfer-Encoding: chunked/i) {
$IsChunked = 1;
}
if ($CurLine =~ /^Content-Type: text\/html;/i) {
$IsHTML = 1;
}
if ($CurLine =~ /^Content-Length:\s*(\d)\r\n/) {
if ($CurLine =~ /^Content-Length:\s*(\d+)/) {
$ContentLength = $1;
}
if ($CurLine =~ /^Connection: close/) {
$DoClose = 1;
}
} while($CurLine ne "\r\n");
if ($IsChunked && $IsHTML) {
@ -87,10 +99,10 @@ sub SendRecord($$$$$$)
$Result = Net::SSLeay::read($ssl, $ContentLength);
}
return $Result;
return ($DoClose, $Result);
}
# parse sb_connect.inc for database parameters
# parse db_connect.inc for database parameters
sub connect_with_php_inc($)
{
my ($phpFile) = @_;
@ -134,6 +146,9 @@ while($CurArg < scalar(@ARGV)) {
} elsif ($ARGV[$CurArg] eq "--Host") {
$CurArg++;
$TargetHost = $ARGV[$CurArg];
} elsif ($ARGV[$CurArg] eq "--ConnectInc") {
$CurArg++;
$ConnectInc = $ARGV[$CurArg];
}
$CurArg++;
}
@ -142,7 +157,7 @@ Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();
my $dbh = connect_with_php_inc("/home/cats/public_html/includes/db_connect.inc");
my $dbh = connect_with_php_inc($ConnectInc);
my $sth;
my $RecID;
my $serial;
@ -151,7 +166,9 @@ my $type;
my $variant;
my $date;
my @OKIDs;
my @FailIDs;
my $RowNum;
my $DoClose;
$dbh->do("SET time_zone='+00:00'");
$sth = $dbh->prepare("SELECT `lp`.`lp_id`, `lp`.`user_id`, `lp`.`root`, `tt`.`text`, `t`.`topic`, `lp`.`date` ".
@ -168,53 +185,73 @@ $port = 443;
$dest_ip = gethostbyname ($TargetHost);
$dest_serv_params = sockaddr_in($port, $dest_ip);
socket (S, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
connect (S, $dest_serv_params) or die "connect: $!";
select (S); $| = 1; select (STDOUT); # Eliminate STDIO buffering
# The network connection is now open, lets fire up SSL
$ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
and die_if_ssl_error("ssl ctx set options");
# Set accepted CAs
Net::SSLeay::CTX_load_verify_locations($ctx, $CAfile, 0);
# Add client vertificate
Net::SSLeay::set_cert_and_key($ctx, $CertFile, $KeyFile);
$ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
Net::SSLeay::set_fd($ssl, fileno(S)); # Must use fileno
$res = Net::SSLeay::connect($ssl) and die_if_ssl_error("ssl connect");
#print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
# Still to do here. CRL/OCSP-Checking
# Exchange data
$RowNum = 0;
$DoClose = 1;
do {
($RecID, $serial, $root, $type, $variant, $date) = $sth->fetchrow_array();
if ($RecID) {
$got = SendRecord($ssl, $serial, $root, $type, $variant, $date);
if ($DoClose) {
socket (S, &AF_INET, &SOCK_STREAM, 0) or die "socket: $!";
connect (S, $dest_serv_params) or die "connect: $!";
select (S); $| = 1; select (STDOUT); # Eliminate STDIO buffering
$got =~ s/\s+//g;
# The network connection is now open, lets fire up SSL
$ctx = Net::SSLeay::CTX_new() or die_now("Failed to create SSL_CTX $!");
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL)
and die_if_ssl_error("ssl ctx set options");
# Set accepted CAs
Net::SSLeay::CTX_load_verify_locations($ctx, $CAfile, 0);
# Add client vertificate
Net::SSLeay::set_cert_and_key($ctx, $CertFile, $KeyFile);
$ssl = Net::SSLeay::new($ctx) or die_now("Failed to create SSL $!");
Net::SSLeay::set_fd($ssl, fileno(S)); # Must use fileno
$res = Net::SSLeay::connect($ssl) and die_if_ssl_error("ssl connect");
#print "Cipher `" . Net::SSLeay::get_cipher($ssl) . "'\n";
# Still to do here. CRL/OCSP-Checking
}
if ($RecID) {
($DoClose, $got) = SendRecord($ssl, $serial, $root, $type, $variant, $date);
$got =~ s/\s+$//g;
print localtime(time).": $root/$serial, $type/$variant: $got\n";
if (($got =~ /^OK/i) || ($got =~ /^Duplicate/i)) {
push(@OKIDs, $RecID);
} elsif ($got =~ /^Cannot find cert/i) {
push(@FailIDs, $RecID);
}
$RowNum += 1;
if ($DoClose) {
# Server requested closing of connection
CORE::shutdown S, 1; # Half close --> No more output, sends EOF to server
Net::SSLeay::free ($ssl); # Tear down connection
Net::SSLeay::CTX_free ($ctx);
close S;
}
}
} while($RecID && ($got ne "BREAK"));
CORE::shutdown S, 1; # Half close --> No more output, sends EOF to server
Net::SSLeay::free ($ssl); # Tear down connection
Net::SSLeay::CTX_free ($ctx);
close S;
if (!$DoClose) {
CORE::shutdown S, 1; # Half close --> No more output, sends EOF to server
Net::SSLeay::free ($ssl); # Tear down connection
Net::SSLeay::CTX_free ($ctx);
close S;
}
$sth = $dbh->prepare("UPDATE `learnprogress` SET `uploaded`=1 WHERE `lp_id`=?");
foreach $RecID (@OKIDs) {
$sth->execute($RecID);
}
$sth = $dbh->prepare("UPDATE `learnprogress` SET `uploaded`=2 WHERE `lp_id`=?");
foreach $RecID (@FailIDs) {
$sth->execute($RecID);
}
$dbh->disconnect();