mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
65d38af9e2
On startup certmonger performs a number of options on the configured CA (IPA, not to be confused with the real dogtag CA) and the tracking requests. Break early for operations that are not supported by ipa-submit. This will save both a fork and a lock call. https://bugzilla.redhat.com/show_bug.cgi?id=1656519 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
77 lines
2.4 KiB
Python
77 lines
2.4 KiB
Python
#!/usr/bin/python3
|
|
#
|
|
# Authors:
|
|
# Jan Cholasta <jcholast@redhat.com>
|
|
#
|
|
# Copyright (C) 2015 Red Hat
|
|
# see file 'COPYING' for use and warranty information
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from __future__ import print_function
|
|
|
|
import os
|
|
# Prevent garbage from readline on standard output
|
|
# (see https://fedorahosted.org/freeipa/ticket/4064)
|
|
if not os.isatty(1):
|
|
os.environ['TERM'] = 'dumb'
|
|
import sys
|
|
import syslog
|
|
import traceback
|
|
|
|
import six
|
|
|
|
from ipapython import ipautil
|
|
from ipaserver.install import certs
|
|
|
|
# Return codes. Names of the constants are taken from
|
|
# https://git.fedorahosted.org/cgit/certmonger.git/tree/src/submit-e.h
|
|
OPERATION_NOT_SUPPORTED_BY_HELPER = 6
|
|
|
|
|
|
def main():
|
|
if len(sys.argv) < 2:
|
|
raise RuntimeError("Not enough arguments")
|
|
|
|
# Avoid the lock if the operation is unsupported by ipa-submit
|
|
operation = os.environ.get('CERTMONGER_OPERATION')
|
|
if operation not in ('IDENTIFY',
|
|
'FETCH-ROOTS',
|
|
'GET-NEW-REQUEST-REQUIREMENTS',
|
|
'SUBMIT',
|
|
'POLL'):
|
|
return OPERATION_NOT_SUPPORTED_BY_HELPER
|
|
|
|
with certs.renewal_lock:
|
|
result = ipautil.run(sys.argv[1:], raiseonerr=False, env=os.environ)
|
|
if six.PY2:
|
|
sys.stdout.write(result.raw_output)
|
|
sys.stderr.write(result.raw_error_output)
|
|
else:
|
|
# Write bytes directly
|
|
sys.stdout.buffer.write(result.raw_output) #pylint: disable=no-member
|
|
sys.stderr.buffer.write(result.raw_error_output) #pylint: disable=no-member
|
|
sys.stdout.flush()
|
|
sys.stderr.flush()
|
|
|
|
return result.returncode
|
|
|
|
|
|
try:
|
|
sys.exit(main())
|
|
except Exception as e:
|
|
syslog.syslog(syslog.LOG_ERR, traceback.format_exc())
|
|
print("Internal error")
|
|
sys.exit(3)
|