mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Sanitize configuration file section names
This commit is contained in:
parent
704523626b
commit
589a31eb3d
@ -82,11 +82,11 @@ def certidude_request_spawn(fork):
|
|||||||
click.echo("Creating: %s" % run_dir)
|
click.echo("Creating: %s" % run_dir)
|
||||||
os.makedirs(run_dir)
|
os.makedirs(run_dir)
|
||||||
|
|
||||||
for certificate in clients.sections():
|
for server in clients.sections():
|
||||||
if clients.get(certificate, "managed") != "true":
|
if clients.get(server, "managed") != "true":
|
||||||
continue
|
continue
|
||||||
|
|
||||||
pid_path = os.path.join(run_dir, certificate + ".pid")
|
pid_path = os.path.join(run_dir, server + ".pid")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
with open(pid_path) as fh:
|
with open(pid_path) as fh:
|
||||||
@ -108,16 +108,16 @@ def certidude_request_spawn(fork):
|
|||||||
|
|
||||||
with open(pid_path, "w") as fh:
|
with open(pid_path, "w") as fh:
|
||||||
fh.write("%d\n" % os.getpid())
|
fh.write("%d\n" % os.getpid())
|
||||||
setproctitle("certidude request spawn %s" % certificate)
|
setproctitle("certidude request spawn %s" % server)
|
||||||
retries = 30
|
retries = 30
|
||||||
while retries > 0:
|
while retries > 0:
|
||||||
try:
|
try:
|
||||||
certidude_request_certificate(
|
certidude_request_certificate(
|
||||||
clients.get(certificate, "server"),
|
server
|
||||||
clients.get(certificate, "key_path"),
|
clients.get(server, "key_path"),
|
||||||
clients.get(certificate, "request_path"),
|
clients.get(server, "request_path"),
|
||||||
clients.get(certificate, "certificate_path"),
|
clients.get(server, "certificate_path"),
|
||||||
clients.get(certificate, "authority_path"),
|
clients.get(server, "authority_path"),
|
||||||
socket.gethostname(),
|
socket.gethostname(),
|
||||||
None,
|
None,
|
||||||
autosign=True,
|
autosign=True,
|
||||||
@ -128,7 +128,7 @@ def certidude_request_spawn(fork):
|
|||||||
continue
|
continue
|
||||||
|
|
||||||
for endpoint in services.sections():
|
for endpoint in services.sections():
|
||||||
if services.get(endpoint, "certificate") != certificate:
|
if services.get(endpoint, "authority") != server:
|
||||||
continue
|
continue
|
||||||
|
|
||||||
csummer = hashlib.sha1()
|
csummer = hashlib.sha1()
|
||||||
@ -149,13 +149,13 @@ def certidude_request_spawn(fork):
|
|||||||
config.set("connection", "type", "vpn")
|
config.set("connection", "type", "vpn")
|
||||||
|
|
||||||
config.set("vpn", "service-type", "org.freedesktop.NetworkManager.strongswan")
|
config.set("vpn", "service-type", "org.freedesktop.NetworkManager.strongswan")
|
||||||
config.set("vpn", "userkey", clients.get(certificate, "key_path"))
|
config.set("vpn", "userkey", clients.get(server, "key_path"))
|
||||||
config.set("vpn", "usercert", clients.get(certificate, "certificate_path"))
|
config.set("vpn", "usercert", clients.get(server, "certificate_path"))
|
||||||
config.set("vpn", "encap", "no")
|
config.set("vpn", "encap", "no")
|
||||||
config.set("vpn", "address", services.get(endpoint, "remote"))
|
config.set("vpn", "address", services.get(endpoint, "remote"))
|
||||||
config.set("vpn", "virtual", "yes")
|
config.set("vpn", "virtual", "yes")
|
||||||
config.set("vpn", "method", "key")
|
config.set("vpn", "method", "key")
|
||||||
config.set("vpn", "certificate", clients.get(certificate, "authority_path"))
|
config.set("vpn", "certificate", clients.get(server, "authority_path"))
|
||||||
config.set("vpn", "ipcomp", "no")
|
config.set("vpn", "ipcomp", "no")
|
||||||
|
|
||||||
config.set("ipv4", "method", "auto")
|
config.set("ipv4", "method", "auto")
|
||||||
@ -179,7 +179,7 @@ def certidude_request_spawn(fork):
|
|||||||
config["conn", endpoint] = dict(
|
config["conn", endpoint] = dict(
|
||||||
leftsourceip="%config",
|
leftsourceip="%config",
|
||||||
left="%defaultroute",
|
left="%defaultroute",
|
||||||
leftcert=clients.get(certificate, "certificate_path"),
|
leftcert=clients.get(server, "certificate_path"),
|
||||||
rightid="%any",
|
rightid="%any",
|
||||||
right=services.get(endpoint, "remote"),
|
right=services.get(endpoint, "remote"),
|
||||||
rightsubnet=services.get(endpoint, "route"),
|
rightsubnet=services.get(endpoint, "route"),
|
||||||
|
Loading…
Reference in New Issue
Block a user