Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
emulab-devel
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
143
Issues
143
List
Boards
Labels
Service Desk
Milestones
Merge Requests
6
Merge Requests
6
Operations
Operations
Incidents
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
emulab
emulab-devel
Commits
6929f8d6
Commit
6929f8d6
authored
Aug 31, 2011
by
Leigh B Stoller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Lets regenerate all expired unencrypted certs, but lets not do them
all at once. Spread it out over several nights.
parent
46e7ae07
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
15 additions
and
10 deletions
+15
-10
db/audit.in
db/audit.in
+15
-10
No files found.
db/audit.in
View file @
6929f8d6
...
...
@@ -397,21 +397,23 @@ DBQueryWarn("delete from login ".
"
where (unix_timestamp(now()) - timeout) > (12 * 60 * 60)
");
#
# Warn users of expiring encrypted certificates.
# Warn users of expiring encrypted certificates. Regenerate expired or
# expiring unencrypted certificates.
#
$query_result
=
DBQueryWarn
("
select u.uid,u.uid_idx,expires,encrypted,c.idx,
"
.
"
UNIX_TIMESTAMP(expires) as stamp from user_sslcerts as c
"
.
"
UNIX_TIMESTAMP(expires) as stamp,
"
.
"
UNIX_TIMESTAMP(s.last_activity) as last_activity
"
.
"
from user_sslcerts as c
"
.
"
left join users as u on u.uid_idx=c.uid_idx
"
.
"
left join user_stats as s on s.uid_idx=u.uid_idx
"
.
"
where u.status='active' and
"
.
"
revoked is null and warned is null and
"
.
"
(s.last_activity is not null and
"
.
"
UNIX_TIMESTAMP(now()) -
"
.
"
UNIX_TIMESTAMP(s.last_activity) < (24 * 3600 * 90)) and
"
.
"
s.last_activity is not null and
"
.
"
(UNIX_TIMESTAMP(now()) > UNIX_TIMESTAMP(expires) ||
"
.
"
(UNIX_TIMESTAMP(expires) -
"
.
"
UNIX_TIMESTAMP(now()) < (3600 * 48)))
");
"
UNIX_TIMESTAMP(now()) < (24 * 3600 * 8)))
"
.
"
order by expires desc limit 200
");
while
(
my
$row
=
$query_result
->
fetchrow_hashref
())
{
my
$uid
=
$row
->
{'
uid
'};
...
...
@@ -420,11 +422,8 @@ while (my $row = $query_result->fetchrow_hashref()) {
my
$stamp
=
$row
->
{'
stamp
'};
my
$serial
=
$row
->
{'
idx
'};
my
$encrypted
=
$row
->
{'
encrypted
'};
my
$lastactive
=
$row
->
{'
last_activity
'};
# Skip old certs that have expired. User likely does not care.
next
if
(
0
&&
time
()
>
$stamp
);
if
(
!
$encrypted
)
{
print
STDERR
"
Unencrypted Certificate for
$uid
expires on
$expires
. Regenerating.
\n
";
...
...
@@ -440,6 +439,12 @@ while (my $row = $query_result->fetchrow_hashref()) {
}
next
;
}
# Skip encrypted certificates that exprired more then 90 days ago.
# User likely does not care.
next
if
(
time
()
-
$lastactive
>
(
24
*
3600
*
90
));
print
STDERR
"
Encrypted Certificate for
$uid
expires on
$expires
, sending mail.
\n
";
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
