diff options
Diffstat (limited to 'lacme')
-rwxr-xr-x | lacme | 44 |
1 files changed, 10 insertions, 34 deletions
@@ -36,6 +36,7 @@ use Socket 1.95 qw/AF_UNIX AF_INET AF_INET6 PF_UNIX PF_INET PF_INET6 PF_UNSPEC SOCK_STREAM SOL_SOCKET SO_REUSEADDR SHUT_RDWR/; use Config::Tiny (); +use Date::Parse (); use Net::SSLeay (); # Clean up PATH @@ -62,7 +63,7 @@ sub usage(;$$) { } exit $rv; } -usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed min-days=i quiet|q debug help|h/); +usage(1) unless GetOptions(\%OPTS, qw/config=s config-certs=s@ socket=s register tos-agreed deactivate min-days=i quiet|q debug help|h/); usage(0) if $OPTS{help}; $COMMAND = shift(@ARGV) // usage(1, "Missing command"); @@ -199,33 +200,7 @@ sub x509_enddate($) { $time = Net::SSLeay::X509_get_notAfter($x509) if defined $x509; $dt = Net::SSLeay::P_ASN1_TIME_get_isotime($time) if defined $time; - my $t; - if (defined $dt and $dt =~ s/\A(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})//) { - # RFC3339 datetime strings; assume epoch is on January 1 of $epoch_year - my ($y, $m, $d, $h, $min, $s) = ($1, $2, $3, $4, $5, $6); - my (undef,undef,undef,undef,undef,$epoch_year,undef,undef,undef) = gmtime(0); - $t = 0; - foreach (($epoch_year+1900) .. $y-1) { - $t += 365*86400; - $t += 86400 if ($_ % 4 == 0 and $_ % 100 != 0) or ($_ % 400 == 0); # leap - } - - if ($m > 1) { - my @m = (31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31); - $m[1]++ if ($y % 4 == 0 and $y % 100 != 0) or ($y % 400 == 0); # leap - $t += 86400*$m[$_] for (0 .. $m-2); - } - - $t += 86400*($d-1); - $t += $s + 60*($min + 60*$h); - - $dt =~ s/\A\.(\d{1,9})\d*//; # ignore nanosecs - - if ($dt =~ /\A([+-])(\d{2}):(\d{2})\z/) { - my $tz = 60*($3 + 60*$2); - $t = $1 eq '-' ? ($t+$tz) : ($t-$tz); - } - } + my $t = Date::Parse::str2time($dt) if defined $dt; Net::SSLeay::X509_free($x509) if defined $x509; Net::SSLeay::BIO_free($bio) if defined $bio; @@ -424,10 +399,10 @@ sub iptables_save($@) { open STDIN, '<', '/dev/null' or die "Can't open /dev/null: $!"; open STDOUT, '>&', $iptables_tmp or die "Can't dup: $!"; $| = 1; # turn off buffering for STDOUT - exec "/sbin/$iptables_bin-save", "-c" or die; + exec "/usr/sbin/$iptables_bin-save", "-c" or die; } waitpid $pid => 0; - die "Error: /sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0; + die "Error: /usr/sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0; # seek back to the begining, as we'll restore directly from the # handle and not from the file. XXX if there was a way in Perl to @@ -441,10 +416,10 @@ sub iptables_save($@) { unless ($pid) { open STDIN, '<&', $iptables_tmp or die "Can't dup: $!"; open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; - exec "/sbin/$iptables_bin-restore", "-c" or die; + exec "/usr/sbin/$iptables_bin-restore", "-c" or die; } waitpid $pid => 0; - warn "Warning: /sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0; + warn "Warning: /usr/sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0; }; @@ -462,10 +437,10 @@ sub iptables_save($@) { } my $dest = Socket::inet_ntop($domain, $addr) .'/'. $mask; - system ("/sbin/$iptables_bin", qw/-I INPUT -p tcp -m tcp -m state/, + system ("/usr/sbin/$iptables_bin", qw/-I INPUT -p tcp -m tcp -m state/, '-d', $dest, '--dport', $port, '--state', 'NEW,ESTABLISHED', '-j', 'ACCEPT') == 0 or die; - system ("/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/, + system ("/usr/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/, '-s', $dest, '--sport', $port, '--state', 'ESTABLISHED', '-j', 'ACCEPT') == 0 or die; } @@ -650,6 +625,7 @@ if ($COMMAND eq 'account') { my $flags = 0; $flags |= 1 if $OPTS{'register'}; $flags |= 2 if $OPTS{'tos-agreed'}; + $flags |= 4 if $OPTS{'deactivate'}; exit acme_client({out => \*STDOUT}, $flags, @ARGV); } |