sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

gpo: Warn when fetching the supported templates fails

Browse Source 
When Certificate Auto Enrollment fails to fetch
the list of supported templates, display a
warning.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
David Mulder 2021-07-19 11:18:53 -06:00 committed by Jeremy Allison
parent a92b05ec7b
commit 4a5f6d88ff
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
python/samba/gp_cert_auto_enroll_ext.py
View File

@ -76,13 +76,17 @@ def find_cepces_submit():
'/usr/libexec/certmonger'] '/usr/libexec/certmonger']
return which('cepces-submit', path=':'.join(certmonger_dirs)) return which('cepces-submit', path=':'.join(certmonger_dirs))
def get_supported_templates(server): def get_supported_templates(server, logger):
cepces_submit = find_cepces_submit() cepces_submit = find_cepces_submit()
if os.path.exists(cepces_submit): if os.path.exists(cepces_submit):
env = os.environ env = os.environ
env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES' env['CERTMONGER_OPERATION'] = 'GET-SUPPORTED-TEMPLATES'
out, _ = Popen([cepces_submit, '--server=%s' % server], env=env, p = Popen([cepces_submit, '--server=%s' % server], env=env,
stdout=PIPE, stderr=PIPE).communicate() stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
if p.returncode != 0:
logger.warn('Failed to fetch the list of supported templates:' +
'\n%s' % err)
return out.strip().split() return out.strip().split()
return [] return []
@ -128,7 +132,8 @@ def cert_enroll(ca, trust_dir, private_dir, logger):
if getcert is not None and os.path.exists(cepces_submit): if getcert is not None and os.path.exists(cepces_submit):
Popen([getcert, 'add-ca', '-c', ca['cn'][0], '-e', Popen([getcert, 'add-ca', '-c', ca['cn'][0], '-e',
'%s --server=%s' % (cepces_submit, ca['dNSHostName'][0])]).wait() '%s --server=%s' % (cepces_submit, ca['dNSHostName'][0])]).wait()
supported_templates = get_supported_templates(ca['dNSHostName'][0]) supported_templates = get_supported_templates(ca['dNSHostName'][0],
logger)
for template, attrs in ca['certificateTemplates'].items(): for template, attrs in ca['certificateTemplates'].items():
if template not in supported_templates: if template not in supported_templates:
continue continue
@ -240,7 +245,8 @@ class gp_cert_auto_enroll_ext(gp_pol_ext):
output[policy][cn]['Auto Enrollment Server'] = \ output[policy][cn]['Auto Enrollment Server'] = \
ca['dNSHostName'][0] ca['dNSHostName'][0]
supported_templates = \ supported_templates = \
get_supported_templates(ca['dNSHostName'][0]) get_supported_templates(ca['dNSHostName'][0],
self.logger)
output[policy][cn]['Templates'] = \ output[policy][cn]['Templates'] = \
[t.decode() for t in supported_templates] [t.decode() for t in supported_templates]
return output return output