From 65d920a2c4f0cbda9bbda213c688d88823c5f7cc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Wed, 16 Mar 2005 14:02:03 +0000 Subject: [PATCH] Merged changes from RC1 (improved resistance to corrupted database files, added command-line option to specify key and cert, fix for #7254, better debugging messages) --- org.glite.security.proxyrenewal/src/commands.c | 23 ++++++++++++++--------- org.glite.security.proxyrenewal/src/renew.c | 3 ++- org.glite.security.proxyrenewal/src/renewd.c | 22 +++++++++++++++++++--- 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c index 6426c09..288c994 100644 --- a/org.glite.security.proxyrenewal/src/commands.c +++ b/org.glite.security.proxyrenewal/src/commands.c @@ -519,19 +519,23 @@ get_record_ext(FILE *fd, proxy_record *record, int *last_used_suffix) char *p; proxy_record tmp_record; time_t current_time; + int line_num = 0; assert(record != NULL); memset(&tmp_record, 0, sizeof(tmp_record)); current_time = time(NULL); while (fgets(line, sizeof(line), fd) != NULL) { + line_num++; free_record(&tmp_record); p = strchr(line, '\n'); if (p) *p = '\0'; ret = decode_record(line, &tmp_record); - if (ret) - return ret; /* XXX continue */ + if (ret) { + edg_wlpr_Log(LOG_ERR, "Skipping invalid entry at line %d", line_num); + continue; + } if (record->suffix >= 0) { if (record->suffix == tmp_record.suffix) { record->suffix = tmp_record.suffix; @@ -562,10 +566,8 @@ get_record_ext(FILE *fd, proxy_record *record, int *last_used_suffix) * parameters (currently myproxy location) provided by user */ char *server = record->myproxy_server; - memset(record, sizeof(*record), 0); + memset(record, 0, sizeof(*record)); record->suffix = tmp_record.suffix; - if (record->myproxy_server) - free(record->myproxy_server); record->myproxy_server = server; free_record(&tmp_record); return 0; @@ -630,6 +632,7 @@ store_record(char *basename, proxy_record *record) proxy_record tmp_record; char tmp_file[FILENAME_MAX]; char meta_file[FILENAME_MAX]; + int line_num = 0; assert (record != NULL); @@ -648,13 +651,16 @@ store_record(char *basename, proxy_record *record) goto end; } while (fgets(line, sizeof(line), fd) != NULL) { + line_num++; free_record(&tmp_record); p = strchr(line, '\n'); if (p) *p = '\0'; ret = decode_record(line, &tmp_record); - if (ret) - goto end; + if (ret) { + edg_wlpr_Log(LOG_ERR, "Removing invalid entry at line %d in %s", line_num, basename); + continue; + } if (record->suffix == tmp_record.suffix && record->unique == tmp_record.unique) { tmp_record.next_renewal = record->next_renewal; @@ -1209,8 +1215,7 @@ update_db(edg_wlpr_Request *request, edg_wlpr_Response *response) free_record(&record); record.suffix = suffix; record.myproxy_server = server; - edg_wlpr_Log(LOG_WARNING, "Removed expired proxy (suffix %d)", - suffix); + edg_wlpr_Log(LOG_WARNING, "Removed expired proxy %s", cur_proxy); } else get_times(cur_proxy, &record); } else { diff --git a/org.glite.security.proxyrenewal/src/renew.c b/org.glite.security.proxyrenewal/src/renew.c index fddedae..c327280 100644 --- a/org.glite.security.proxyrenewal/src/renew.c +++ b/org.glite.security.proxyrenewal/src/renew.c @@ -161,7 +161,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy) server_response, tmp_proxy); if (ret == 1) { ret = EDG_WLPR_ERROR_MYPROXY; - edg_wlpr_Log(LOG_ERR, "Cannot get renewed proxy from Myproxy server"); + edg_wlpr_Log(LOG_ERR, "Error contacting MyProxy server for proxy %s", + repository_file); goto end; } diff --git a/org.glite.security.proxyrenewal/src/renewd.c b/org.glite.security.proxyrenewal/src/renewd.c index a25ff39..49e4b17 100644 --- a/org.glite.security.proxyrenewal/src/renewd.c +++ b/org.glite.security.proxyrenewal/src/renewd.c @@ -13,6 +13,8 @@ time_t condor_limit = CONDOR_MINIMUM_PROXY_TIME; char *cadir = NULL; char *vomsdir = NULL; int voms_enabled = 0; +char *cert = NULL; +char *key = NULL; char *vomsconf = "/opt/edg/etc/vomses"; @@ -28,6 +30,8 @@ static struct option opts[] = { { "VOMSdir", required_argument, NULL, 'V' }, { "enable-voms", no_argument, NULL, 'A' }, { "voms-config", required_argument, NULL, 'G' }, + { "cert", required_argument, NULL, 't' }, + { "key", required_argument, NULL, 'k' }, { NULL, 0, NULL, 0 } }; @@ -136,9 +140,10 @@ proto(int sock) goto end; } - edg_wlpr_Log(LOG_INFO, "Received command code %d for proxy %s", + edg_wlpr_Log(LOG_INFO, "Received command code %d for proxy %s and jobid %s", request.command, - request.proxy_filename ? request.proxy_filename : "(unspecified)"); + request.proxy_filename ? request.proxy_filename : "(unspecified)", + request.jobid ? request.jobid : "(unspecified)"); command->handler(&request, &response); @@ -523,7 +528,7 @@ int main(int argc, char *argv[]) repository = EDG_WLPR_REPOSITORY_ROOT; debug = 0; - while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:", opts, NULL)) != EOF) + while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:t:k:", opts, NULL)) != EOF) switch (opt) { case 'h': usage(progname); exit(0); case 'v': fprintf(stdout, "%s:\t%s\n", progname, rcsid); exit(0); @@ -534,6 +539,8 @@ int main(int argc, char *argv[]) case 'V': vomsdir = optarg; break; case 'A': voms_enabled = 1; break; case 'G': vomsconf = optarg; break; + case 't': cert = optarg; break; + case 'k': key = optarg; break; case '?': usage(progname); return 1; } @@ -563,6 +570,15 @@ int main(int argc, char *argv[]) openlog(progname, LOG_PID, LOG_DAEMON); } + if (cert) + setenv("X509_USER_CERT", cert, 1); + + if (key) + setenv("X509_USER_KEY", key, 1); + + if (cadir) + setenv("X509_CERT_DIR", cadir, 1); + memset(&sa,0,sizeof(sa)); sa.sa_handler = catchsig; sigaction(SIGINT,&sa,NULL); -- 1.8.2.3