Commit graph

26 commits

Author SHA1 Message Date
44eb5c5356 Configuration - Control over command timeouts 2021-12-05 18:12:13 +01:00
dad5a17d36 Configuration - Fixed tls_skip_verify 2021-12-05 17:21:52 +01:00
29ab0fd8f0 Fixed example configuration
* LDAP attribute names are case-sensitive here
  * the ";binary" suffix is needed.
2021-12-05 13:30:05 +01:00
f677fa0b6e Config example - Comment about optional socket 2021-12-05 10:18:27 +01:00
145016981d Added documentation and GPL3 licence 2021-12-05 10:13:20 +01:00
1976f7b2a8 Made the socket configuration optionnal 2021-12-05 09:49:57 +01:00
be6198dbed Client mode
* Refactored so that all server code is in a single file
  * Added missing CLI option to send reload/quit commands to the server
  * Implemented client mode
2021-12-04 18:31:19 +01:00
cd295e51ba Ability to run in standalone mode
* In addition to the server mode, it is now possible to run the
    program in standalone mode. In that mode, the updates selector and
    force flag will be read from the command line, the updates will be
    executed immediately, and the program will exit.
  * Client mode ready to be implemented
2021-12-04 17:47:21 +01:00
50624cc7f7 Updates & command execution
* Update runs have been refactored into self-contained structures.
  * Running pre-commands, handlers and post-commands has been
    implemented. While errors during pre-commands will stop updates for
    the files they correspond to, a handler failures will interrupt *all*
    updates for files that use that handler.
2021-12-04 17:21:24 +01:00
bccd467968 Configuration - Validate handlers for certificates
* Handlers referenced in certificate file sections must exist. No
    handlers may be referenced more than once by the same section.
2021-12-04 13:22:13 +01:00
8c33db2cc5 Refactoring - UNIX server loop 2021-12-04 12:20:02 +01:00
0d001985fe Refactoring - Renamed CLI flags structure 2021-12-04 10:51:03 +01:00
3266f3f818 Fixed handlers configuration 2021-12-04 10:44:57 +01:00
3e088d4af7 New configuration for commands/handlers to run after updates
* The new configuration includes specific commands per file, as well
    as handlers that can be triggered by updates but will only ever run
    once.
  * For now, commands from the pre_commands section are executed, the
    rest is ignored
2021-12-04 10:40:15 +01:00
7eb865e306 Selectors implemented
* The DN that is passed along with the update command is checked
    against the list of DNs a certificate file uses. If it is not in the
    list, then the file is skipped.
2021-11-06 17:46:38 +01:00
658ee30bc6 Server socket
* The UNIX socket will be listened on for control messages
  * A message containing a single 'Q' will cause it to exit
  * A message containing a single 'R' will cause a configuration reload.
    If the new configuration is incorrect, the old configuration will be
    kept. A new socket will be opened if the path has changed (failure
    when doing so will restore the previous configuration as well).
  * A message starting with 'U' requests an update. The next character
    may be '!' to force updates or anything else to update only as
    needed. The rest of the string is the selector: either a DN or '*'.
  * The selector is ignored in this commit; all certificates are
    re-examined.
2021-11-06 17:12:08 +01:00
50bff6a5cb Command execution after certificate replacement 2021-11-06 10:47:10 +01:00
a2606b5b89 Minor refactoring
* Made some LDAP methods public
  * Made the LDAP connection's config field private
2021-11-06 10:05:45 +01:00
f95da0e3e8 Write certificate file and set privileges 2021-11-05 17:16:44 +01:00
4619b592e6 Fix - Convert DER to PEM when reading from LDAP 2021-11-05 14:55:51 +01:00
a651e408ed File builder
* Code that will build a certificate file from its configuration
  * Run it on all configured files from main
2021-11-05 14:24:04 +01:00
0e642c85a6 LDAP connection code
* Code that connects to LDAP servers and send queries
  * Helper functions to fetch CA certificates or EE certificates
2021-11-05 13:40:47 +01:00
f971c1e961 Configuration validation
* Validate most of the entries in the configuration file, with the
    exception of DNs / RDNs.
  * Use the govalidator library for DNS names and file paths
2021-10-31 11:30:39 +01:00
e6aaa09795 UNIX socket creation - Don't chmod if mode not set 2021-10-31 09:12:26 +01:00
610cbf28f8 Configuration file reading
* An example configuration file has been added.
  * The data structure that corresponds to the configuration has been
    defined, and functions to load it have been added.
  * Logging using logrus and command line arguments that configure
    logging and set the configuration file's path have been added.
  * Opening the UNIX socket has been implemented.
2021-10-30 17:07:06 +02:00
18ce1d6738 Created project repo 2021-10-30 11:36:05 +02:00