|
|
@ -54,7 +54,7 @@ bool received_sighup = false;
|
|
|
|
|
|
|
|
|
|
|
|
void signalHandler(int signum)
|
|
|
|
void signalHandler(int signum)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
printf("[INFO] Got signal %d\n\r", signum);
|
|
|
|
printf("[INFO] Got signal %d\n", signum);
|
|
|
|
if (signum == SIGHUP) {
|
|
|
|
if (signum == SIGHUP) {
|
|
|
|
received_sighup = true;
|
|
|
|
received_sighup = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -85,7 +85,7 @@ int get_certificate_from_server(TQString certificateName, LDAPRealmConfig realmc
|
|
|
|
ldap_mgr->writeSudoersConfFile(&errorstring);
|
|
|
|
ldap_mgr->writeSudoersConfFile(&errorstring);
|
|
|
|
|
|
|
|
|
|
|
|
// Get and install the CA root certificate from LDAP
|
|
|
|
// Get and install the CA root certificate from LDAP
|
|
|
|
printf("[INFO] Updating certificate %s from LDAP\n\r", certificateName.ascii());
|
|
|
|
printf("[INFO] Updating certificate %s from LDAP\n", certificateName.ascii());
|
|
|
|
if (ldap_mgr->getTDECertificate("publicRootCertificate", certificateName, &errorstring) != 0) {
|
|
|
|
if (ldap_mgr->getTDECertificate("publicRootCertificate", certificateName, &errorstring) != 0) {
|
|
|
|
printf("[ERROR] Unable to obtain root certificate for realm %s: %s", realmcfg.name.upper().ascii(), errorstring.ascii());
|
|
|
|
printf("[ERROR] Unable to obtain root certificate for realm %s: %s", realmcfg.name.upper().ascii(), errorstring.ascii());
|
|
|
|
retcode = 1;
|
|
|
|
retcode = 1;
|
|
|
@ -162,7 +162,7 @@ int main(int argc, char *argv[])
|
|
|
|
if (TQFile::exists(certificateName)) {
|
|
|
|
if (TQFile::exists(certificateName)) {
|
|
|
|
certExpiry = LDAPManager::getCertificateExpiration(certificateName);
|
|
|
|
certExpiry = LDAPManager::getCertificateExpiration(certificateName);
|
|
|
|
if (certExpiry >= now) {
|
|
|
|
if (certExpiry >= now) {
|
|
|
|
printf("[INFO] Certificate %s expires %s\n\r", certificateName.ascii(), certExpiry.toString().ascii()); fflush(stdout);
|
|
|
|
printf("[INFO] Certificate %s expires %s\n", certificateName.ascii(), certExpiry.toString().ascii()); fflush(stdout);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
|
|
|
|
if ((certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) {
|
|
|
|
if (get_certificate_from_server(certificateName, realmcfg) != 0) {
|
|
|
|
if (get_certificate_from_server(certificateName, realmcfg) != 0) {
|
|
|
@ -194,7 +194,7 @@ int main(int argc, char *argv[])
|
|
|
|
prevSecondsToExpiry = (15*60) + (rand()%(5*60));
|
|
|
|
prevSecondsToExpiry = (15*60) + (rand()%(5*60));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
prevSecondsToExpiry = secondsToExpiry;
|
|
|
|
prevSecondsToExpiry = secondsToExpiry;
|
|
|
|
printf("[INFO] Will recheck certificates in %d seconds (%d days)\n\r", secondsToExpiry, secondsToExpiry/60/60/24); fflush(stdout);
|
|
|
|
printf("[INFO] Will recheck certificates in %d seconds (%d days)\n", secondsToExpiry, secondsToExpiry/60/60/24); fflush(stdout);
|
|
|
|
if (sleep(secondsToExpiry) != 0) {
|
|
|
|
if (sleep(secondsToExpiry) != 0) {
|
|
|
|
// Signal caught
|
|
|
|
// Signal caught
|
|
|
|
if (!received_sighup) {
|
|
|
|
if (!received_sighup) {
|
|
|
|