| #!/bin/bash |
| |
| # @@@ START COPYRIGHT @@@ |
| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| # @@@ END COPYRIGHT @@@ |
| |
| source krb5functions |
| |
| function msg |
| { |
| echo "krb5check[$$] `date`: $1" >> $LOG_FILE |
| } |
| |
| # ******* main ****** |
| WAIT_INTERVAL=300 |
| REPORT_INTERVAL=12 |
| LOCK_FILE=$TRAF_VAR/krb5check |
| LOG_FILE=$TRAF_HOME/logs/krb5check |
| CACHE_FILE="" |
| HOST_NAME=`hostname -f` |
| getKeytab |
| echo "keytab: $KEYTAB" |
| |
| introMessage="Starting krb5check " |
| |
| # Echo this process's id to the LOCK_FILE |
| echo $$ > $LOCK_FILE |
| |
| while [ $# -gt 0 ]; do |
| |
| case $1 in |
| -h) |
| echo $"Usage: $0 {-c |-h |-r | -w}" |
| exit |
| ;; |
| -c) |
| shift |
| CACHE_FILE=$1 |
| ;; |
| -r) |
| shift |
| REPORT_INTERVAL=$1 |
| ;; |
| -w) |
| shift |
| WAIT_INTERVAL=$1 |
| ;; |
| *) |
| introMessage=$introMessage"Invalid option detected" |
| echo "$introMessage" |
| echo $"Usage: $0 {-c |-h |-r | -w}" |
| exit 1 |
| ;; |
| esac |
| shift |
| done |
| |
| # get keytab |
| introMessage=$introMessage"using keytab $KEYTAB " |
| |
| # get principal from the cached entry |
| getCachedTicket |
| noTicket=$? |
| if [[ $noTicket -eq 1 ]]; then |
| PRINCIPAL="Not Available" |
| else |
| PRINCIPAL="$( klist -c $CACHE_FILE | grep 'Default principal' | awk '{print $3}' )" |
| fi |
| |
| introMessage=$introMessage" and principal $PRINCIPAL " |
| msg "$introMessage" |
| |
| # go into an infinite loop with a WAIT_INTERVAL second pause between each iteration |
| # print a report the first time |
| reportCount=$( expr $REPORT_INTERVAL + 1 ) |
| while :; do |
| |
| # go see if a new ticket has been initd |
| getCachedTicket |
| noTicket=$? |
| if [[ $noTicket -eq 0 ]]; then |
| # expire time could change between iterations |
| EXPIRE_TIME=$( date -d "$( klist -c $CACHE_FILE | grep krbtgt | awk '{print $3, $4}' )" +%s ) |
| |
| # report time left every REPORT_INTERVAL times |
| if [ $reportCount -gt $REPORT_INTERVAL ]; then |
| getStatus |
| msg "$TICKET_STATUS" |
| reportCount=0 |
| else |
| reportCount=$( expr $reportCount + 1 ) |
| fi |
| |
| # If ticket has expired, destroy cached entry |
| if [ $( date +%s ) -ge $EXPIRE_TIME ]; then |
| kdestroy -c $CACHE_FILE &> /dev/null |
| msg "Removed expired ticket cache ($CACHE_FILE) for user $PRINCIPAL" |
| |
| # Otherwise renew it |
| elif [ $( expr $EXPIRE_TIME - $( date +%s ) ) -le $WAIT_INTERVAL ]; then |
| msg "Time to renew ticket for $PRINCIPAL" |
| kinit -R -k -t $KEYTAB $PRINCIPAL |
| #if [ $? -ne 0 ]; then |
| # msg "An error occurred while renewing $PRINCIPAL, continuing" |
| #else |
| msg "Renewed ticket cache ($CACHE_FILE) for principal $PRINCIPAL" |
| msg "`klist`" |
| #fi |
| fi |
| else |
| msg="Ticket has not been created or it has expired" |
| fi |
| |
| # wait a bit then go round again |
| sleep $WAIT_INTERVAL |
| done |
