diff options
| -rw-r--r-- | freeipa.spec.in | 1 | ||||
| -rw-r--r-- | install/certmonger/Makefile.am | 1 | ||||
| -rw-r--r-- | install/certmonger/dogtag-ipa-retrieve-agent-submit | 92 |
3 files changed, 0 insertions, 94 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index d1ac09884..763e40b39 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -635,7 +635,6 @@ fi %{_sbindir}/ipactl %{_sbindir}/ipa-upgradeconfig %{_sbindir}/ipa-advise -%{_libexecdir}/certmonger/dogtag-ipa-retrieve-agent-submit %{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit %{_libexecdir}/ipa-otpd %config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached diff --git a/install/certmonger/Makefile.am b/install/certmonger/Makefile.am index 03fd210af..ef6a0a635 100644 --- a/install/certmonger/Makefile.am +++ b/install/certmonger/Makefile.am @@ -2,7 +2,6 @@ NULL = appdir = $(libexecdir)/certmonger/ app_SCRIPTS = \ - dogtag-ipa-retrieve-agent-submit \ dogtag-ipa-ca-renew-agent-submit \ $(NULL) diff --git a/install/certmonger/dogtag-ipa-retrieve-agent-submit b/install/certmonger/dogtag-ipa-retrieve-agent-submit deleted file mode 100644 index 1422494cc..000000000 --- a/install/certmonger/dogtag-ipa-retrieve-agent-submit +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/python2 -E -# -# Authors: -# Rob Crittenden <rcritten@redhat.com> -# -# Copyright (C) 2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -# The certificate rewewal is done on only one dogtag CA. The others -# retrieve the updated certificate from IPA. - -import os -# Prevent garbage from readline on standard output -# (see https://fedorahosted.org/freeipa/ticket/4064) -if not os.isatty(1): - os.environ['TERM'] = 'dumb' -import sys -import shutil -import tempfile -import syslog -import base64 -import traceback -from ipalib import api -from ipapython.dn import DN -from ipalib import errors -from ipalib import x509 -from ipapython import services as ipaservices -from ipapython import ipautil -from ipaserver.install import certs -from ipaserver.plugins.ldap2 import ldap2 - -def main(): - # We cheat and pass in the nickname as the CA profile to execute against. - # Some way is needed to determine which entry to retrieve from LDAP - operation = os.environ.get('CERTMONGER_OPERATION') - nickname = os.environ.get('CERTMONGER_CA_PROFILE') - - if operation not in ['SUBMIT', 'POLL']: - sys.exit(6) # unsupported operation - - api.bootstrap(context='renew') - api.finalize() - - # Update or add it - tmpdir = tempfile.mkdtemp(prefix = "tmp-") - try: - dn = DN(('cn', nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) - principal = str('host/%s@%s' % (api.env.host, api.env.realm)) - ccache = ipautil.kinit_hostprincipal('/etc/krb5.keytab', tmpdir, principal) - conn = ldap2(shared_instance=False, ldap_uri=api.env.ldap_uri) - conn.connect(ccache=ccache) - try: - syslog.syslog(syslog.LOG_NOTICE, "Updating certificate for %s" % nickname) - entry_attrs = conn.get_entry(dn, ['usercertificate']) - cert = entry_attrs['usercertificate'][0] - cert = base64.b64encode(cert) - print x509.make_pem(cert) - except errors.NotFound: - syslog.syslog(syslog.LOG_INFO, "Updated certificate for %s not available" % nickname) - # No cert available yet, tell certmonger to wait another 8 hours - print 8 * 60 * 60 - sys.exit(5) - finally: - conn.disconnect() - except Exception, e: - syslog.syslog(syslog.LOG_ERR, "Exception trying to retrieve %s: %s" % (nickname, e)) - # Unhandled error - sys.exit(3) - finally: - shutil.rmtree(tmpdir) - - sys.exit(0) - -try: - main() -except Exception: - syslog.syslog(syslog.LOG_ERR, traceback.format_exc()) - print "Internal error" - sys.exit(3) |