lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 01:19:11 +00:00
Code Issues Activity

Better system keytab checking for client

Browse Source
This commit is contained in:
Lauri Võsandi
2017-04-14 01:49:32 +03:00
parent c5a0b34b0a
commit 216af460cf
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
certidude/cli.py
View File

@@ -138,7 +138,9 @@ def certidude_request(fork, renew):
endpoint_revocations_path = "/var/lib/certidude/%s/ca_crl.pem" % authority endpoint_revocations_path = "/var/lib/certidude/%s/ca_crl.pem" % authority
# TODO: Create directories automatically # TODO: Create directories automatically
system_keytab_required = False
if clients.get(authority, "trigger") == "domain joined": if clients.get(authority, "trigger") == "domain joined":
system_keytab_required = True
if not os.path.exists("/etc/krb5.keytab"): if not os.path.exists("/etc/krb5.keytab"):
continue continue
elif clients.get(authority, "trigger") != "interface up": elif clients.get(authority, "trigger") != "interface up":
@@ -173,6 +175,7 @@ def certidude_request(fork, renew):
try: try:
certidude_request_certificate( certidude_request_certificate(
authority, authority,
system_keytab_required,
endpoint_key_path, endpoint_key_path,
endpoint_request_path, endpoint_request_path,
endpoint_certificate_path, endpoint_certificate_path,

4
certidude/helpers.py
View File

@@ -26,7 +26,7 @@ def selinux_fixup(path):
cmd = "chcon", "--type=home_cert_t", path cmd = "chcon", "--type=home_cert_t", path
subprocess.call(cmd) subprocess.call(cmd)
def certidude_request_certificate(server, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False): def certidude_request_certificate(server, system_keytab_required, key_path, request_path, certificate_path, authority_path, revocations_path, common_name, autosign=False, wait=False, bundle=False, renew=False, insecure=False):
""" """
Exchange CSR for certificate using Certidude HTTP API server Exchange CSR for certificate using Certidude HTTP API server
""" """
@@ -189,7 +189,7 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
return return
# If machine is joined to domain attempt to present machine credentials for authentication # If machine is joined to domain attempt to present machine credentials for authentication
if os.path.exists("/etc/krb5.keytab"): if system_keytab_required:
os.environ["KRB5CCNAME"]="/tmp/ca.ticket" os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
# If Samba configuration exists assume NetBIOS name was used in keytab # If Samba configuration exists assume NetBIOS name was used in keytab
if os.path.exists("/etc/samba/smb.conf"): if os.path.exists("/etc/samba/smb.conf"):