Added options specifying private key and certificate. The startup script

doesn't rely on environment defining paths to credential.

diff --git a/org.glite.security.proxyrenewal/config/startup b/org.glite.security.proxyrenewal/config/startup
index db273c2..70d1c6b 100755 (executable)
--- a/org.glite.security.proxyrenewal/config/startup
+++ b/org.glite.security.proxyrenewal/config/startup
@@ -9,6 +9,8 @@ GLITE_LOCATION_VAR=${GLITE_LOCATION_VAR:-/opt/glite/var}
 
 PROXY_REPOSITORY="$GLITE_LOCATION_VAR/spool/glite-renewd"
 
+unset creds
+
 start()
 {
        if test -z "$GLITE_USER" ;then
@@ -17,15 +19,19 @@ start()
                return 1
        fi
 
-       if [ -n "$GLITE_HOST_CERT" ]; then 
-               X509_USER_CERT="$GLITE_HOST_CERT"
-               export X509_USER_CERT
-       fi
-       if [ -n "$GLITE_HOST_KEY" ]; then
-               X509_USER_KEY="$GLITE_HOST_KEY"
-               export X509_USER_KEY
+       [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] &&
+               creds="-t $GLITE_HOST_CERT -k $GLITE_HOST_KEY"
+
+       if test -z "$creds"; then
+               if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then
+                       echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER"
+                       creds="-t /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem"
+               fi
        fi
 
+       [ -z "$creds" ] &&
+               echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2
+
        echo -n Starting ProxyRenewal Daemon: glite-proxy-renewd ...
 
        if [ ! -d "$PROXY_REPOSITORY" ]; then
@@ -35,7 +41,7 @@ start()
        fi
        
        su - $GLITE_USER -c "$GLITE_LOCATION/bin/glite-proxy-renewd \
-               -r $PROXY_REPOSITORY" && echo " done"
+               -r $PROXY_REPOSITORY $creds" && echo " done"
 }
 
 stop()

diff --git a/org.glite.security.proxyrenewal/project/version.properties b/org.glite.security.proxyrenewal/project/version.properties
index 9a46fde..2326629 100644 (file)
--- a/org.glite.security.proxyrenewal/project/version.properties
+++ b/org.glite.security.proxyrenewal/project/version.properties
@@ -1,4 +1,4 @@
 
-module.version = 1.0.4
+module.version = 1.0.5
 module.age = 1
                                

diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c
index a83a32e..ae9612d 100644 (file)
--- a/org.glite.security.proxyrenewal/src/commands.c
+++ b/org.glite.security.proxyrenewal/src/commands.c
@@ -1217,8 +1217,7 @@ update_db(edg_wlpr_Request *request, edg_wlpr_Response *response)
               free_record(&record);
               record.suffix = suffix;
               record.myproxy_server = server;
-              edg_wlpr_Log(LOG_WARNING, "Removed expired proxy (suffix %d)",
-                           suffix);
+              edg_wlpr_Log(LOG_WARNING, "Removed expired proxy %s", cur_proxy);
            } else
               get_times(cur_proxy, &record);
         } else {

diff --git a/org.glite.security.proxyrenewal/src/renew.c b/org.glite.security.proxyrenewal/src/renew.c
index ee7dc1e..346e639 100644 (file)
--- a/org.glite.security.proxyrenewal/src/renew.c
+++ b/org.glite.security.proxyrenewal/src/renew.c
@@ -914,7 +914,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy)
                                server_response, tmp_proxy);
    if (ret == 1) {
       ret = EDG_WLPR_ERROR_MYPROXY;
-      edg_wlpr_Log(LOG_ERR, "Cannot get renewed proxy from Myproxy server");
+      edg_wlpr_Log(LOG_ERR, "Error contacting MyProxy server for proxy %s",
+                  repository_file);
       goto end;
    }
 

diff --git a/org.glite.security.proxyrenewal/src/renewd.c b/org.glite.security.proxyrenewal/src/renewd.c
index 9155fb3..bae83bc 100644 (file)
--- a/org.glite.security.proxyrenewal/src/renewd.c
+++ b/org.glite.security.proxyrenewal/src/renewd.c
@@ -13,6 +13,8 @@ time_t condor_limit = CONDOR_MINIMUM_PROXY_TIME;
 char *cadir = NULL;
 char *vomsdir = NULL;
 int voms_enabled = 0;
+char *cert = NULL;
+char *key = NULL;
 
 char *vomsconf = "/opt/edg/etc/vomses";
 #ifndef NOVOMS
@@ -31,6 +33,8 @@ static struct option opts[] = {
    { "VOMSdir",    required_argument, NULL,  'V' },
    { "enable-voms", no_argument,     NULL,  'A' },
    { "voms-config", required_argument, NULL, 'G' },
+   { "cert",        required_argument, NULL, 't' },
+   { "key",         required_argument, NULL, 'k' },
    { NULL, 0, NULL, 0 }
 };
 
@@ -595,7 +599,7 @@ int main(int argc, char *argv[])
    repository = EDG_WLPR_REPOSITORY_ROOT;
    debug = 0;
 
-   while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:", opts, NULL)) != EOF)
+   while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:t:k:", opts, NULL)) != EOF)
       switch (opt) {
         case 'h': usage(progname); exit(0);
         case 'v': fprintf(stdout, "%s:\t%s\n", progname, rcsid); exit(0);
@@ -606,6 +610,8 @@ int main(int argc, char *argv[])
         case 'V': vomsdir = optarg; break;
         case 'A': voms_enabled = 1; break;
         case 'G': vomsconf = optarg; break;
+        case 't': cert = optarg; break;
+        case 'k': key = optarg; break;
         case '?': usage(progname); return 1;
       }
 
@@ -634,6 +640,15 @@ int main(int argc, char *argv[])
       openlog(progname, LOG_PID, LOG_DAEMON);
    }
 
+   if (cert)
+      setenv("X509_USER_CERT", cert, 1);
+
+   if (key)
+      setenv("X509_USER_KEY", key, 1);
+
+   if (cadir)
+      setenv("X509_CERT_DIR", cadir, 1);
+
    if (voms_enabled) {
       char *path;
       char *new_path;