diff options
| author | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-18 17:50:49 -0500 |
|---|---|---|
| committer | Timothy Pearson <kb9vqf@pearsoncomputing.net> | 2015-09-18 17:50:49 -0500 |
| commit | 5f90079891a07dc451111174baa8ca8a625d460e (patch) | |
| tree | 760db1c34d2ccfd37ac2ecc9afd2c9812f832d7b /cert-updater/main.cpp | |
| parent | c14f2f4613cc75a6dd5ec0d1eebff9c855e40c46 (diff) | |
| download | kcmldap-5f90079891a07dc451111174baa8ca8a625d460e.tar.gz kcmldap-5f90079891a07dc451111174baa8ca8a625d460e.zip | |
Add PKCS login setup controls
Diffstat (limited to 'cert-updater/main.cpp')
| -rw-r--r-- | cert-updater/main.cpp | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/cert-updater/main.cpp b/cert-updater/main.cpp index 78ad0dc..354d9de 100644 --- a/cert-updater/main.cpp +++ b/cert-updater/main.cpp @@ -155,6 +155,7 @@ int main(int argc, char *argv[]) int prevSecondsToExpiry = (7*24*60*60); while (1) { + bool newCertDownloaded = false; bool allDownloadsOK = true; TQDateTime now = TQDateTime::currentDateTime(); TQDateTime earliestCertExpiry = now.addDays(14); // Recheck every 7 days regardless of last expiry check results @@ -174,7 +175,10 @@ int main(int argc, char *argv[]) printf("[INFO] Certificate %s expires %s\n", certificateFileName.ascii(), certExpiry.toString().ascii()); fflush(stdout); } if (immediate || (certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { - if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) != 0) { + if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) == 0) { + newCertDownloaded = true; + } + else { allDownloadsOK = false; } } @@ -185,7 +189,10 @@ int main(int argc, char *argv[]) else { mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) != 0) { + if (get_certificate_from_server("publicRootCertificate", certificateFileName, realmcfg) == 0) { + newCertDownloaded = true; + } + else { allDownloadsOK = false; } } @@ -196,7 +203,10 @@ int main(int argc, char *argv[]) printf("[INFO] CRL %s expires %s\n", crlFileName.ascii(), certExpiry.toString().ascii()); fflush(stdout); } if (immediate || (certExpiry < now) || ((certExpiry >= now) && (certExpiry < soon))) { - if (get_certificate_from_server("publicRootCertificateRevocationList", crlFileName, realmcfg) != 0) { + if (get_certificate_from_server("publicRootCertificateRevocationList", crlFileName, realmcfg) == 0) { + newCertDownloaded = true; + } + else { allDownloadsOK = false; } } @@ -207,10 +217,19 @@ int main(int argc, char *argv[]) else { mkdir(TDE_CERTIFICATE_DIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); mkdir(KERBEROS_PKI_PUBLICDIR, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - if (get_certificate_from_server("publicRootCertificateRevocationList", crlFileName, realmcfg) != 0) { + if (get_certificate_from_server("publicRootCertificateRevocationList", crlFileName, realmcfg) == 0) { + newCertDownloaded = true; + } + else { allDownloadsOK = false; } } + + if (newCertDownloaded) { + if (LDAPManager::rehashClientPKCSCertificates() != 0) { + printf("[WARNING] Unable to rehash client PKCS certificates\n"); fflush(stdout); + } + } } immediate = false; |