Commit 2aa247fa authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Minor changes to stop some of the /tmp file stragglers.

parent 41381416
......@@ -1420,7 +1420,7 @@ sub VerifySSLChain($@)
# We should always get something back.
# Okay, this changed in FreeBSD 10, which returns exit(2)
# when the certificate cannot be verified. See next comment.
return -1
goto bad
if (!@result);
# Stupid openssl programs; always exit with zero status.
......@@ -1432,16 +1432,25 @@ sub VerifySSLChain($@)
}
if (!defined($rootpem)) {
print STDERR "Could not verify $self\n";
return -1;
goto bad;
}
my $rootcert = GeniCertificate->LoadFromFile($rootpem);
if (!defined($rootcert)) {
print STDERR "Could not load CA cert from $rootpem\n";
return -1;
goto bad;
}
$self->{'ROOTCERT'} = $rootcert;
close($tempfile)
if (defined($tempfile));
unlink($filename)
if (defined($filename) && -e $filename);
return 0;
bad:
close($tempfile)
if (defined($tempfile));
unlink($filename)
if (defined($filename) && -e $filename);
return -1;
}
#
......
......@@ -420,7 +420,7 @@ sub CreateFromSigned($$;$)
# First verify the credential
if (! $nosig) {
my ($fh, $filename) = tempfile(UNLINK => 0);
my ($fh, $filename) = tempfile(UNLINK => 1);
if (!defined($fh)) {
$msg = "Error creating temporary file";
goto bad;
......@@ -849,7 +849,7 @@ sub Sign($$)
}
$template .= "</signatures></signed-credential>\n";
}
my ($fh, $filename) = tempfile(UNLINK => 0);
my ($fh, $filename) = tempfile(UNLINK => 1);
return -1
if (!defined($fh));
......@@ -865,13 +865,18 @@ sub Sign($$)
my $certfile;
if (ref($how)) {
# This will auto delete too.
$certfile = $how->certfile() || $how->WriteToFile(1);
if (!defined($certfile)) {
print STDERR "Could not write $how to temp file\n";
return -1;
if ($how->certfile()) {
$certificate = "-c " . $how->certfile();
}
else {
# We have to delete this before we return.
$certfile = $how->WriteToFile(1);
if (!defined($certfile)) {
print STDERR "Could not write $how to temp file\n";
goto bad;
}
$certificate = "-c $certfile";
}
$certificate = "-c $certfile";
}
elsif (-e "$how") {
$certificate = "-c $how";
......@@ -893,7 +898,7 @@ sub Sign($$)
}
else {
print STDERR "Invalid 'how' argument to Sign()\n";
return -1;
goto bad;
}
#
......@@ -902,7 +907,7 @@ sub Sign($$)
#
if (! open(SIGNER, "$SIGNCRED $certificate $filename |")) {
print STDERR "Could not start $SIGNCRED on $filename\n";
return -1;
goto bad;
}
my $credential = "";
while (<SIGNER>) {
......@@ -910,11 +915,19 @@ sub Sign($$)
}
if (!close(SIGNER)) {
print STDERR "Could not sign $filename\n";
return -1;
goto bad;
}
$self->{'string'} = $credential;
unlink($filename);
unlink($certfile)
if (defined($certfile));
return 0;
bad:
unlink($filename)
if (defined($filename));
unlink($certfile)
if (defined($certfile));
return -1;
}
#
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -312,6 +312,7 @@ sub CreateFromSignedTicket($$;$)
my $output = GeniUtil::ExecQuiet("$VERIFYCRED $filename");
if ($?) {
$msg = $output;
unlink($filename);
goto bad;
}
unlink($filename);
......@@ -807,6 +808,7 @@ sub RunSigner($$)
#
if (! open(SIGNER, "$SIGNCRED -c $CMCERT $filename |")) {
print STDERR "Could not sign $filename\n";
unlink($filename);
return -1;
}
my $ticket = "";
......@@ -815,6 +817,7 @@ sub RunSigner($$)
}
if (!close(SIGNER)) {
print STDERR "Could not sign $filename\n";
unlink($filename);
return -1;
}
unlink($filename);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment