From cc665f1945b404d7672087c6e12a286a5df36c02 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Daniel=20Kou=C5=99il?= Date: Wed, 16 Mar 2005 13:05:57 +0000 Subject: [PATCH] Added options specifying private key and certificate. The startup script doesn't rely on environment defining paths to credential. --- org.glite.security.proxyrenewal/config/startup | 22 ++++++++++++++-------- .../project/version.properties | 2 +- org.glite.security.proxyrenewal/src/commands.c | 3 +-- org.glite.security.proxyrenewal/src/renew.c | 3 ++- org.glite.security.proxyrenewal/src/renewd.c | 17 ++++++++++++++++- 5 files changed, 34 insertions(+), 13 deletions(-) diff --git a/org.glite.security.proxyrenewal/config/startup b/org.glite.security.proxyrenewal/config/startup index db273c2..70d1c6b 100755 --- a/org.glite.security.proxyrenewal/config/startup +++ b/org.glite.security.proxyrenewal/config/startup @@ -9,6 +9,8 @@ GLITE_LOCATION_VAR=${GLITE_LOCATION_VAR:-/opt/glite/var} PROXY_REPOSITORY="$GLITE_LOCATION_VAR/spool/glite-renewd" +unset creds + start() { if test -z "$GLITE_USER" ;then @@ -17,15 +19,19 @@ start() return 1 fi - if [ -n "$GLITE_HOST_CERT" ]; then - X509_USER_CERT="$GLITE_HOST_CERT" - export X509_USER_CERT - fi - if [ -n "$GLITE_HOST_KEY" ]; then - X509_USER_KEY="$GLITE_HOST_KEY" - export X509_USER_KEY + [ -n "$GLITE_HOST_CERT" -a -n "$GLITE_HOST_KEY" ] && + creds="-t $GLITE_HOST_CERT -k $GLITE_HOST_KEY" + + if test -z "$creds"; then + if su - $GLITE_USER -c "test -r /etc/grid-security/hostkey.pem -a -r /etc/grid-security/hostcert.pem"; then + echo "$0: WARNING: /etc/grid-security/hostkey.pem readable by $GLITE_USER" + creds="-t /etc/grid-security/hostcert.pem -k /etc/grid-security/hostkey.pem" + fi fi + [ -z "$creds" ] && + echo $0: WARNING: No credentials specified. Using default lookup which is dangerous. >&2 + echo -n Starting ProxyRenewal Daemon: glite-proxy-renewd ... if [ ! -d "$PROXY_REPOSITORY" ]; then @@ -35,7 +41,7 @@ start() fi su - $GLITE_USER -c "$GLITE_LOCATION/bin/glite-proxy-renewd \ - -r $PROXY_REPOSITORY" && echo " done" + -r $PROXY_REPOSITORY $creds" && echo " done" } stop() diff --git a/org.glite.security.proxyrenewal/project/version.properties b/org.glite.security.proxyrenewal/project/version.properties index 9a46fde..2326629 100644 --- a/org.glite.security.proxyrenewal/project/version.properties +++ b/org.glite.security.proxyrenewal/project/version.properties @@ -1,4 +1,4 @@ -module.version = 1.0.4 +module.version = 1.0.5 module.age = 1 diff --git a/org.glite.security.proxyrenewal/src/commands.c b/org.glite.security.proxyrenewal/src/commands.c index a83a32e..ae9612d 100644 --- a/org.glite.security.proxyrenewal/src/commands.c +++ b/org.glite.security.proxyrenewal/src/commands.c @@ -1217,8 +1217,7 @@ update_db(edg_wlpr_Request *request, edg_wlpr_Response *response) free_record(&record); record.suffix = suffix; record.myproxy_server = server; - edg_wlpr_Log(LOG_WARNING, "Removed expired proxy (suffix %d)", - suffix); + edg_wlpr_Log(LOG_WARNING, "Removed expired proxy %s", cur_proxy); } else get_times(cur_proxy, &record); } else { diff --git a/org.glite.security.proxyrenewal/src/renew.c b/org.glite.security.proxyrenewal/src/renew.c index ee7dc1e..346e639 100644 --- a/org.glite.security.proxyrenewal/src/renew.c +++ b/org.glite.security.proxyrenewal/src/renew.c @@ -914,7 +914,8 @@ renew_proxy(proxy_record *record, char *basename, char **new_proxy) server_response, tmp_proxy); if (ret == 1) { ret = EDG_WLPR_ERROR_MYPROXY; - edg_wlpr_Log(LOG_ERR, "Cannot get renewed proxy from Myproxy server"); + edg_wlpr_Log(LOG_ERR, "Error contacting MyProxy server for proxy %s", + repository_file); goto end; } diff --git a/org.glite.security.proxyrenewal/src/renewd.c b/org.glite.security.proxyrenewal/src/renewd.c index 9155fb3..bae83bc 100644 --- a/org.glite.security.proxyrenewal/src/renewd.c +++ b/org.glite.security.proxyrenewal/src/renewd.c @@ -13,6 +13,8 @@ time_t condor_limit = CONDOR_MINIMUM_PROXY_TIME; char *cadir = NULL; char *vomsdir = NULL; int voms_enabled = 0; +char *cert = NULL; +char *key = NULL; char *vomsconf = "/opt/edg/etc/vomses"; #ifndef NOVOMS @@ -31,6 +33,8 @@ static struct option opts[] = { { "VOMSdir", required_argument, NULL, 'V' }, { "enable-voms", no_argument, NULL, 'A' }, { "voms-config", required_argument, NULL, 'G' }, + { "cert", required_argument, NULL, 't' }, + { "key", required_argument, NULL, 'k' }, { NULL, 0, NULL, 0 } }; @@ -595,7 +599,7 @@ int main(int argc, char *argv[]) repository = EDG_WLPR_REPOSITORY_ROOT; debug = 0; - while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:", opts, NULL)) != EOF) + while ((opt = getopt_long(argc, argv, "hvdr:c:C:V:AG:t:k:", opts, NULL)) != EOF) switch (opt) { case 'h': usage(progname); exit(0); case 'v': fprintf(stdout, "%s:\t%s\n", progname, rcsid); exit(0); @@ -606,6 +610,8 @@ int main(int argc, char *argv[]) case 'V': vomsdir = optarg; break; case 'A': voms_enabled = 1; break; case 'G': vomsconf = optarg; break; + case 't': cert = optarg; break; + case 'k': key = optarg; break; case '?': usage(progname); return 1; } @@ -634,6 +640,15 @@ int main(int argc, char *argv[]) openlog(progname, LOG_PID, LOG_DAEMON); } + if (cert) + setenv("X509_USER_CERT", cert, 1); + + if (key) + setenv("X509_USER_KEY", key, 1); + + if (cadir) + setenv("X509_CERT_DIR", cadir, 1); + if (voms_enabled) { char *path; char *new_path; -- 1.8.2.3