#include "renewal_locl.h"
#include "renewd_locl.h"
-#ifndef NOVOMS
-#include <voms_apic.h>
-#endif
+#include "glite/security/voms/voms_apic.h"
#ident "$Header$"
extern char *vomsdir;
extern int voms_enabled;
extern char *vomsconf;
-extern struct vomses_records vomses;
static int received_signal = -1, die = 0;
static void
register_signal(int signal);
-
-static const char *
-get_ssl_err()
-{
- return "SSL failed";
-}
-
int
-load_proxy(const char *filename, X509 **cert, EVP_PKEY **privkey,
- STACK_OF(X509) **chain)
+load_proxy(const char *cur_file, X509 **cert, EVP_PKEY **priv_key,
+ STACK_OF(X509) **chain, globus_gsi_cred_handle_t *cur_proxy)
{
- X509 *my_cert = NULL;
- EVP_PKEY *my_key = NULL;
- STACK_OF(X509) *my_chain = NULL;
- FILE *fd = NULL;
- int ret;
-
- fd = fopen(filename, "r");
- if (fd == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot read VOMS certificate (fopen() failed on %s: %s)",
- filename, strerror(errno));
- return errno;
- }
-
- my_cert = PEM_read_X509(fd, NULL, NULL, NULL);
- if (my_cert == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot read VOMS certificate (PEM_read_X509() failed: %s)",
- get_ssl_err());
- ret = EDG_WLPR_ERROR_SSL;
- goto end;
- }
+ globus_result_t result;
+ globus_gsi_cred_handle_t proxy = NULL;
- my_key = PEM_read_PrivateKey(fd, NULL, NULL, NULL);
- if (my_key == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot read VOMS certificate (PEM_read_PrivateKey() failed: %s)",
- get_ssl_err());
- ret = EDG_WLPR_ERROR_SSL;
+ result = globus_gsi_cred_handle_init(&proxy, NULL);
+ if (result) {
+ fprintf(stderr, "globus_gsi_cred_handle_init() failed\n");
goto end;
}
- my_chain = sk_X509_new_null();
- if (my_chain == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot read VOMS certificate (sk_X509_new_null() failed: %s)",
- get_ssl_err());
- ret = EDG_WLPR_ERROR_SSL;
+ result = globus_gsi_cred_read_proxy(proxy, cur_file);
+ if (result) {
+ fprintf(stderr, "globus_gsi_cred_read_proxy() failed\n");
goto end;
}
- while (1) {
- X509 *c;
-
- c = PEM_read_X509(fd, NULL, NULL, NULL);
- if (c == NULL) {
- if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE) {
- /* End of file reached. no error */
- ERR_clear_error();
- break;
- }
- edg_wlpr_Log(LOG_ERR,
- "Cannot read VOMS certificate (PEM_read_X509() failed: %s)",
- get_ssl_err());
- ret = EDG_WLPR_ERROR_SSL;
+ if (cert) {
+ result = globus_gsi_cred_get_cert(proxy, cert);
+ if (result) {
+ fprintf(stderr, "globus_gsi_cred_get_cert() failed\n");
goto end;
}
- sk_X509_push(my_chain, c);
}
- *cert = my_cert;
- *privkey = my_key;
- *chain = my_chain;
- my_cert = NULL; my_key = NULL; my_chain = NULL;
- ret = 0;
-
-end:
- fclose(fd);
-
- if (my_cert)
- X509_free(my_cert);
- if (my_key)
- EVP_PKEY_free(my_key);
- if (my_chain)
- sk_X509_pop_free(my_chain, X509_free);
-
- return ret;
-}
-
-static int
-save_proxy(const char *filename, X509 *new_cert, EVP_PKEY *new_privkey,
- STACK_OF(X509) *chain)
-{
- FILE *fd = NULL;
- int ret, i;
- int retval = EDG_WLPR_ERROR_SSL;
-
- fd = fopen(filename, "w");
- if (fd == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot store proxy (fopen() failed on %s: %s)",
- filename, strerror(errno));
- return errno;
- }
-
- ret = PEM_write_X509(fd, new_cert);
- if (ret == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot store proxy (PEM_write_X509() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- ret = PEM_write_PrivateKey(fd, new_privkey, NULL, NULL, 0, NULL, NULL);
- if (ret == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot store proxy (PEM_write_PrivateKey() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- for (i = 0; i < sk_X509_num(chain); i++) {
- X509 *cert = sk_X509_value(chain, i);
- ret = PEM_write_X509(fd, cert);
- if (ret == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot store proxy (PEM_write_X509() failed: %s)",
- get_ssl_err());
+ if (priv_key) {
+ result = globus_gsi_cred_get_key(proxy, priv_key);
+ if (result) {
+ fprintf(stderr, "globus_gsi_cred_get_key() failed\n");
goto end;
}
}
-
- retval = 0;
-
-end:
- fclose(fd);
-
- return retval;
-}
-
-static int
-gen_keypair(EVP_PKEY **keypair, int requested_bits)
-{
- RSA *rsa = NULL;
- EVP_PKEY *key;
-
- *keypair = NULL;
- rsa = RSA_generate_key(requested_bits,
- RSA_F4 /* public exponent */,
- NULL, NULL);
- if (rsa == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (RSA_generate_key() failed: %s)",
- get_ssl_err());
- return EDG_WLPR_ERROR_SSL;
- }
-
- key = EVP_PKEY_new();
- if (key == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (EVP_PKEY_new() failed: %s)",
- get_ssl_err());
- RSA_free(rsa);
- return EDG_WLPR_ERROR_SSL;
- }
-
- if (EVP_PKEY_assign_RSA(key, rsa) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (EVP_PKEY_assign_RSA() failed: %s)",
- get_ssl_err());
- RSA_free(rsa);
- EVP_PKEY_free(key);
- return EDG_WLPR_ERROR_SSL;
- }
-
- *keypair = key;
-
- return 0;
-}
-
-static int
-gen_subject_name(X509 *old_cert, X509 *new_cert)
-{
- X509_NAME *name = NULL;
- X509_NAME_ENTRY *name_entry = NULL;
- int ret = EDG_WLPR_ERROR_SSL;
-
- name = X509_NAME_dup(X509_get_subject_name(old_cert));
- if (name == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_NAME_dup() failed: %s",
- get_ssl_err());
- goto end;
- }
-
- name_entry = X509_NAME_ENTRY_create_by_NID(NULL /* make new entry */,
- NID_commonName,
- V_ASN1_APP_CHOOSE,
- "proxy", -1);
- if (name_entry == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_NAME_ENTRY_create_by_NID() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- if (X509_NAME_add_entry(name, name_entry, X509_NAME_entry_count(name), 0) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_NAME_add_entry() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
-
- if (X509_set_subject_name(new_cert, name) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_set_subject_name() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- ret = 0;
-
-end:
- if (name)
- X509_NAME_free(name);
- if (name_entry != NULL)
- X509_NAME_ENTRY_free(name_entry);
-
- return ret;
-}
-
-static int
-create_proxy(X509 *old_cert, EVP_PKEY *old_privkey, X509_EXTENSION *extension,
- X509 **new_cert, EVP_PKEY **new_privkey)
-{
- /* Inspired by code from Myproxy */
- EVP_PKEY *key_pair = NULL;
- X509 *cert = NULL;
- int ret;
- int retval = EDG_WLPR_ERROR_SSL;
-
- ret = gen_keypair(&key_pair, 512);
- if (ret)
- return ret;
-
- cert = X509_new();
- if (cert == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot generate new proxy (X509_new() failed: Not enough memory)");
- goto end;
- }
-
- ret = gen_subject_name(old_cert, cert);
- if (ret) {
- retval = ret;
- goto end;
- }
-
- if (X509_set_issuer_name(cert, X509_get_subject_name(old_cert)) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_set_issuer_name() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- if (X509_set_serialNumber(cert, X509_get_serialNumber(old_cert)) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_set_serialNumber() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- X509_gmtime_adj(X509_get_notBefore(cert), -(60 * 5));
- X509_set_notAfter(cert, X509_get_notAfter(old_cert));
-
- if (X509_set_pubkey(cert, key_pair) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_set_pubkey() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- /* set v3 */
- if (X509_set_version(cert, 2L) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_set_version() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- if (cert->cert_info->extensions != NULL)
- sk_X509_EXTENSION_pop_free(cert->cert_info->extensions,
- X509_EXTENSION_free);
- cert->cert_info->extensions = sk_X509_EXTENSION_new_null();
- sk_X509_EXTENSION_push(cert->cert_info->extensions, extension);
-
- if (X509_sign(cert, old_privkey, EVP_md5()) == 0) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (X509_sign() failed: %s)",
- get_ssl_err());
- goto end;
- }
-
- *new_privkey = key_pair;
- *new_cert = cert;
- key_pair = NULL;
- cert = NULL;
-
- retval = 0;
-
-end:
- if (key_pair)
- EVP_PKEY_free(key_pair);
- if (cert)
- X509_free(cert);
-
- return retval;
-}
-
-static int
-create_voms_extension(char *buf, size_t buf_len, X509_EXTENSION **extensions)
-{
- ASN1_OBJECT *voms_obj = NULL;
- ASN1_OCTET_STRING *voms_oct = NULL;
-
- *extensions = NULL;
-
- voms_oct = ASN1_OCTET_STRING_new();
- if (voms_oct == NULL) {
- edg_wlpr_Log(LOG_ERR,
- "Cannot generate new proxy (ASN1_OCTET_STRING_new() failed: %s)",
- get_ssl_err());
- return EDG_WLPR_ERROR_SSL;
- }
-
- voms_oct->data = buf;
- voms_oct->length = buf_len;
-
- voms_obj = OBJ_nid2obj(OBJ_txt2nid("VOMS"));
- if (voms_obj == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot generate new proxy (OBJ_nid2obj() failed");
- goto end;
- }
-
- *extensions = X509_EXTENSION_create_by_OBJ(NULL, voms_obj, 0, voms_oct);
- if (*extensions == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot generate new proxy (X509_EXTENSION_create_by_OBJ() failed");
- goto end;
- }
-
- return 0;
-
-end:
- if (voms_oct)
- ASN1_OCTET_STRING_free(voms_oct);
- if (voms_obj)
- ASN1_OBJECT_free(voms_obj);
- return EDG_WLPR_ERROR_SSL;
-}
-
-#ifndef NOVOMS
-static int
-export_std_data(struct data *voms_data, char **buf)
-{
- asprintf(buf, "GROUP: %s\n"
- "ROLE:%s\n" /* the space is missing intentionaly */
- "CAP: %s\n",
- (voms_data->group) ? voms_data->group : "NULL",
- (voms_data->role) ? voms_data->role : "NULL",
- (voms_data->cap) ? voms_data->cap : "NULL");
- return 0;
-}
-
-static int
-export_user_data(struct voms *voms_cert, char **buf, size_t *len)
-{
- struct data **voms_data;
- char *str = NULL;
- char *ptr;
-
- *buf = NULL;
-
- switch (voms_cert->type) {
- case TYPE_NODATA:
- *buf = strdup("NO DATA");
- break;
- case TYPE_CUSTOM:
- *buf = strdup(voms_cert->custom);
- break;
- case TYPE_STD:
- for (voms_data = voms_cert->std; voms_data && *voms_data; voms_data++) {
- export_std_data(*voms_data, &str);
- if (*buf == NULL)
- ptr = calloc(strlen(str) + 1, 1);
- else
- ptr = realloc(*buf, strlen(*buf) + strlen(str) + 1);
- if (ptr == NULL) {
- return ENOMEM;
- }
- *buf = ptr;
- strcat(*buf, str);
- free(str);
- }
-
- break;
- default:
- return -1;
- }
-
- *len = strlen(*buf);
- return 0;
-}
-
-#endif
-
-static int
-encode_voms_buf(const char *label, char *data, size_t data_len,
- char **buf, size_t *buf_len)
-{
- char *tmp;
-
- tmp = realloc(*buf, *buf_len + strlen(label) + data_len + 1);
- if (tmp == NULL)
- return ENOMEM;
-
- memcpy(tmp + *buf_len, label, strlen(label));
-
- memcpy(tmp + *buf_len + strlen(label), data, data_len);
- tmp[*buf_len + strlen(label) + data_len] = '\n';
- *buf = tmp;
- *buf_len = *buf_len + strlen(label) + data_len + 1;
-
- return 0;
-}
-
-static int
-encode_voms_int(const char *label, int value, char **buf, size_t *buf_len)
-{
- char tmp[16];
-
- snprintf(tmp, sizeof(tmp), "%d", value);
- return encode_voms_buf(label, tmp, strlen(tmp), buf, buf_len);
-}
-
-static int
-encode_voms_str(const char *label, char *value, char **buf, size_t *buf_len)
-{
- return encode_voms_buf(label, value, strlen(value), buf, buf_len);
-}
-
-#if 0
-static int
-VOMS_Export(struct vomsdata *voms_info, char **buf, size_t *len)
-{
- struct voms *vc;
- char *enc_voms = NULL;
- size_t enc_voms_len = 0;
- char *data_buf;
- size_t data_len;
- int ret;
-
- if (voms_info == NULL || voms_info->data == NULL || *voms_info->data == NULL)
- return EINVAL;
- vc = *voms_info->data;
-
- ret = export_user_data(vc, &data_buf, &data_len);
- if (ret)
- return ret;
-
- encode_voms_int("SIGLEN:", vc->siglen, &enc_voms, &enc_voms_len);
- encode_voms_buf("SIGNATURE:",vc->signature, vc->siglen,
- &enc_voms, &enc_voms_len);
- enc_voms_len--; /* Signature is not followed by '\n' */
- encode_voms_str("USER:", vc->user, &enc_voms, &enc_voms_len);
- encode_voms_str("UCA:", vc->userca, &enc_voms, &enc_voms_len);
- encode_voms_str("SERVER:", vc->server, &enc_voms, &enc_voms_len);
- encode_voms_str("SCA:", vc->serverca, &enc_voms, &enc_voms_len);
- encode_voms_str("VO:", vc->voname, &enc_voms, &enc_voms_len);
- encode_voms_str("URI:", vc->uri, &enc_voms, &enc_voms_len);
- encode_voms_str("TIME1:", vc->date1, &enc_voms, &enc_voms_len);
- encode_voms_str("TIME2:", vc->date2, &enc_voms, &enc_voms_len);
- encode_voms_int("DATALEN:", data_len, &enc_voms, &enc_voms_len);
- encode_voms_buf("", data_buf, data_len, &enc_voms, &enc_voms_len);
- enc_voms_len--; /* the data already contains endind '\n' */
-
- free(data_buf);
- if (enc_voms == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot renew VOMS certificate (Not enough memory)");
- return ENOMEM;
- }
- *buf = enc_voms;
- *len = enc_voms_len;
- return 0;
-}
-
-static int
-voms_cert_renew(char *hostname, int port, char *voms_subject,
- char *proxy,
- struct voms **cur_voms_cert, struct vomsdata *voms_info)
-{
- int ret = 0;
- char *command = "A";
- int err = 0;
- char *old_env_proxy = getenv("X509_USER_PROXY");
-
- setenv("X509_USER_PROXY", proxy, 1);
-
- /* hack (suggested by Vincenzo Ciaschini) to work around problem with
- * unitialized VOMS struct */
- ret = VOMS_Ordering("zzz:zzz", voms_info, &err);
- if (ret == 0) {
- edg_wlpr_Log(LOG_ERR, "Cannot renew VOMS certificate (VOMS_Ordering() failed");
- ret = EDG_WLPR_ERROR_VOMS;
- goto end;
- }
- /* XXX only attributes which are in current certificate should be requested*/
- ret = VOMS_Contact(hostname, port, (*cur_voms_cert)->server, command,
- voms_info, &err);
- if (ret == 0) {
-#if 0
- if (err == 1) { /* XXX cannot connect voms server */
- ret = 0;
+ if (chain) {
+ result = globus_gsi_cred_get_cert_chain(proxy, chain);
+ if (result) {
+ fprintf(stderr, "globus_gsi_cred_get_cert_chain() failed\n");
goto end;
}
-#endif
- edg_wlpr_Log(LOG_ERR, "Cannot renew VOMS certificate (VOMS_Contact() failed: %d)", err);
- ret = EDG_WLPR_ERROR_VOMS;
- } else
- ret = 0;
-
-end:
- (old_env_proxy) ? setenv("X509_USER_PROXY", old_env_proxy, 1) :
- unsetenv("X509_USER_PROXY");
-
- return ret;
-}
-
-static int
-renew_voms_cert(struct voms **cur_voms_cert, char *proxy, char **buf, size_t *buf_len)
-{
- struct vomsdata *voms_info = NULL;
- char *hostname = NULL;
- char *p;
- int port, ret;
-
- hostname = strdup((*cur_voms_cert)->uri);
- p = strchr(hostname, ':');
- if (p)
- *p = '\0';
- port = (p) ? atoi(p+1) : 15000;
-
- voms_info = VOMS_Init(vomsdir, cadir);
- if (voms_info == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot renew VOMS certificate (VOMS_Init() failed)");
- ret = EDG_WLPR_ERROR_VOMS;
- goto end;
}
- ret = voms_cert_renew(hostname, port, (*cur_voms_cert)->server, proxy, cur_voms_cert,
- voms_info);
- if (ret)
- goto end;
-
- ret = VOMS_Export(voms_info, buf, buf_len);
- if (ret) {
- edg_wlpr_Log(LOG_ERR, "Cannot renew VOMS certificate (VOMS_Export() failed)");
- ret = EDG_WLPR_ERROR_VOMS;
- goto end;
+ if (cur_proxy) {
+ *cur_proxy = proxy;
+ proxy = NULL;
}
-
- ret = 0;
-
+
end:
- if (hostname)
- free(hostname);
-#if 0
- if (voms_info)
- VOMS_Destroy(voms_info);
-#endif
- return ret;
-}
-#endif
-
-#ifndef NOVOMS
-static vomses_record *
-find_vomses_record(char *hostname, int port)
-{
- int i;
-
- for (i = 0; i < vomses.len; i++) {
- if (strcmp(vomses.val[i]->hostname, hostname) == 0 &&
- vomses.val[i]->port == port)
- return vomses.val[i];
- }
-
- return NULL;
-}
-
-static int
-set_vo_params(struct voms **voms_cert, char **arg)
-{
- vomses_record *r;
- char *tmp;
- int port;
- char *hostname;
- char *p;
-
- hostname = strdup((*voms_cert)->uri);
- p = strchr(hostname, ':');
- if (p)
- *p = '\0';
- port = (p) ? atoi(p+1) : 15000;
-
- r = find_vomses_record(hostname, port);
- if (r == NULL)
- return EINVAL;
-
- if (*arg == NULL) {
- asprintf(arg, " -voms %s", r->nick);
- } else {
- tmp = realloc(*arg,
- strlen(*arg) + strlen(" -voms ") + strlen(r->nick) + 1);
- if (tmp == NULL)
- return ENOMEM;
- *arg = tmp;
- *arg = strcat(*arg, " -voms ");
- *arg = strcat(*arg, r->nick);
- }
return 0;
}
-#endif
-
-static int
-exec_voms_proxy_init(char *arg, char *old_proxy, char *new_proxy)
-{
- char command[256];
- int ret;
- char *old_env_proxy = getenv("X509_USER_PROXY");
-
- setenv("X509_USER_PROXY", old_proxy, 1);
-
- snprintf(command, sizeof(command),
- "edg-voms-proxy-init -out %s -key %s -cert %s -confile %s -q %s",
- new_proxy, old_proxy, old_proxy, vomsconf, arg);
- ret = system(command);
-
- (old_env_proxy) ? setenv("X509_USER_PROXY", old_env_proxy, 1) :
- unsetenv("X509_USER_PROXY");
-
- return ret;
-}
-
-#if 0
-static int
-renew_voms_certs(const char *old_proxy, const char *new_proxy)
-{
- struct vomsdata *voms_info = NULL;
- struct voms **voms_cert = NULL;
- STACK_OF(X509) *chain = NULL;
- EVP_PKEY *privkey = NULL;
- X509 *cert = NULL;
- int ret, err;
- char *buf = NULL;
- size_t buf_len = 0;
- X509_EXTENSION *extension = NULL;
- X509 *new_cert = NULL;
- EVP_PKEY *new_privkey = NULL;
-
- voms_info = VOMS_Init(vomsdir, cadir);
- if (voms_info == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot initialize VOMS context (VOMS_Init() failed)");
- return EDG_WLPR_ERROR_VOMS;
- }
-
- ret = load_proxy(old_proxy, &cert, &privkey, &chain);
- if (ret)
- goto end;
-
- ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, voms_info, &err);
- if (ret == 0) {
- if (err == VERR_NOEXT) {
- /* no VOMS cred, no problem; continue */
- ret = 0;
- } else {
- edg_wlpr_Log(LOG_ERR, "Cannot get VOMS certificate(s) from proxy");
- ret = EDG_WLPR_ERROR_VOMS;
- }
- goto end;
- }
-
- for (voms_cert = voms_info->data; voms_cert && *voms_cert; voms_cert++) {
- char *tmp, *ptr;
- size_t tmp_len;
-
- ret = renew_voms_cert(voms_cert, old_proxy, &tmp, &tmp_len);
- if (ret)
- continue;
- ptr = realloc(buf, buf_len + tmp_len);
- if (ptr == NULL) {
- ret = ENOMEM;
- goto end;
- }
- buf = ptr;
- memcpy(buf + buf_len, tmp, tmp_len);
- buf_len += tmp_len;
- }
-
- if (buf == NULL) {
- /* no extension renewed, return */
- ret = 0;
- goto end;
- }
-
- ret = create_voms_extension(buf, buf_len, &extension);
- if (ret)
- goto end;
-
- X509_free(cert);
- EVP_PKEY_free(privkey);
- sk_X509_pop_free(chain, X509_free);
-
- ret = load_proxy(new_proxy, &cert, &privkey, &chain);
- if (ret)
- goto end;
-
- ret = create_proxy(cert, privkey, extension, &new_cert, &new_privkey);
- if (ret)
- goto end;
-
- sk_X509_insert(chain, cert, 0);
-
- ret = save_proxy(new_proxy, new_cert, new_privkey, chain);
- if (ret)
- goto end;
-
- ret = 0;
-
-end:
- VOMS_Destroy(voms_info);
-
- return ret;
-}
-#else /* 0 */
-
-#ifdef NOVOMS
-static int
-renew_voms_certs(const char *old_proxy, char *myproxy_proxy, const char *new_proxy)
-{
- return 0;
-}
-
-#else
-static int
-renew_voms_certs(const char *old_proxy, char *myproxy_proxy, const char *new_proxy)
-{
- struct vomsdata *voms_info = NULL;
- struct voms **voms_cert = NULL;
- STACK_OF(X509) *chain = NULL;
- EVP_PKEY *privkey = NULL;
- X509 *cert = NULL;
- int ret, err;
- char *arg = NULL;
-
- voms_info = VOMS_Init(vomsdir, cadir);
- if (voms_info == NULL) {
- edg_wlpr_Log(LOG_ERR, "Cannot initialize VOMS context (VOMS_Init() failed)");
- return EDG_WLPR_ERROR_VOMS;
- }
-
- ret = load_proxy(old_proxy, &cert, &privkey, &chain);
- if (ret)
- goto end;
-
- ret = VOMS_Retrieve(cert, chain, RECURSE_CHAIN, voms_info, &err);
- if (ret == 0) {
- if (err == VERR_NOEXT) {
- /* no VOMS cred, no problem; continue */
- ret = 0;
- } else {
- edg_wlpr_Log(LOG_ERR, "Cannot get VOMS certificate(s) from proxy");
- ret = EDG_WLPR_ERROR_VOMS;
- }
- goto end;
- }
-
- for (voms_cert = voms_info->data; voms_cert && *voms_cert; voms_cert++) {
- ret = set_vo_params(voms_cert, &arg);
- if (ret)
- goto end;
- }
- ret = exec_voms_proxy_init(arg, myproxy_proxy, new_proxy);
-
-end:
- VOMS_Destroy(voms_info);
- return ret;
-}
-#endif /* NOVOMS */
-
-#endif /* 0 */
static void
register_signal(int signal)
goto end;
}
- ret = renew_voms_certs(repository_file, tmp_proxy, tmp_voms_proxy);
+ ret = renew_voms_certs(repository_file, tmp_voms_proxy);
if (ret)
goto end;
sigaction(SIGTERM,&sa,NULL);
sigaction(SIGPIPE,&sa,NULL);
- /* load_vomses(); */
-
while (count < RENEWAL_COUNTS_MAX && !die) {
received_signal = -1;
sleep(60 * 5);
git://scientific.zcu.cz / jra1mw.git / commitdiff