mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
Remove dogtag-ipa-retrieve-agent-submit.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
parent
babddaaee8
commit
a04be6d124
@ -635,7 +635,6 @@ fi
|
||||
%{_sbindir}/ipactl
|
||||
%{_sbindir}/ipa-upgradeconfig
|
||||
%{_sbindir}/ipa-advise
|
||||
%{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit
|
||||
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
||||
%{_libexecdir}/ipa-otpd
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
|
||||
|
@ -2,7 +2,6 @@ NULL =
|
||||
|
||||
appdir = $(libexecdir)/certmonger/
|
||||
app_SCRIPTS = \
|
||||
dogtag-ipa-retrieve-agent-submit \
|
||||
dogtag-ipa-ca-renew-agent-submit \
|
||||
$(NULL)
|
||||
|
||||
|
@ -1,92 +0,0 @@
|
||||
#!/usr/bin/python2 -E
|
||||
#
|
||||
# Authors:
|
||||
# Rob Crittenden <rcritten@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2012 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# The certificate rewewal is done on only one dogtag CA. The others
|
||||
# retrieve the updated certificate from IPA.
|
||||
|
||||
import os
|
||||
# Prevent garbage from readline on standard output
|
||||
# (see https://fedorahosted.org/freeipa/ticket/4064)
|
||||
if not os.isatty(1):
|
||||
os.environ['TERM'] = 'dumb'
|
||||
import sys
|
||||
import shutil
|
||||
import tempfile
|
||||
import syslog
|
||||
import base64
|
||||
import traceback
|
||||
from ipalib import api
|
||||
from ipapython.dn import DN
|
||||
from ipalib import errors
|
||||
from ipalib import x509
|
||||
from ipapython import services as ipaservices
|
||||
from ipapython import ipautil
|
||||
from ipaserver.install import certs
|
||||
from ipaserver.plugins.ldap2 import ldap2
|
||||
|
||||
def main():
|
||||
# We cheat and pass in the nickname as the CA profile to execute against.
|
||||
# Some way is needed to determine which entry to retrieve from LDAP
|
||||
operation = os.environ.get('CERTMONGER_OPERATION')
|
||||
nickname = os.environ.get('CERTMONGER_CA_PROFILE')
|
||||
|
||||
if operation not in ['SUBMIT', 'POLL']:
|
||||
sys.exit(6) # unsupported operation
|
||||
|
||||
api.bootstrap(context='renew')
|
||||
api.finalize()
|
||||
|
||||
# Update or add it
|
||||
tmpdir = tempfile.mkdtemp(prefix = "tmp-")
|
||||
try:
|
||||
dn = DN(('cn', nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
|
||||
principal = str('host/%s@%s' % (api.env.host, api.env.realm))
|
||||
ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal)
|
||||
conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri)
|
||||
conn.connect(ccache=ccache)
|
||||
try:
|
||||
syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname)
|
||||
entry_attrs = conn.get_entry(dn, ['usercertificate'])
|
||||
cert = entry_attrs['usercertificate'][0]
|
||||
cert = base64.b64encode(cert)
|
||||
print x509.make_pem(cert)
|
||||
except errors.NotFound:
|
||||
syslog.syslog(syslog.LOG_INFO, "Updated certificate for %s not available" % nickname)
|
||||
# No cert available yet, tell certmonger to wait another 8 hours
|
||||
print 8 * 60 * 60
|
||||
sys.exit(5)
|
||||
finally:
|
||||
conn.disconnect()
|
||||
except Exception, e:
|
||||
syslog.syslog(syslog.LOG_ERR, "Exception trying to retrieve %s: %s" % (nickname, e))
|
||||
# Unhandled error
|
||||
sys.exit(3)
|
||||
finally:
|
||||
shutil.rmtree(tmpdir)
|
||||
|
||||
sys.exit(0)
|
||||
|
||||
try:
|
||||
main()
|
||||
except Exception:
|
||||
syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
|
||||
print "Internal error"
|
||||
sys.exit(3)
|
Loading…
Reference in New Issue
Block a user