|
62 |
|
62 |
|
63 |
def handler(dn, new, old): |
63 |
def handler(dn, new, old): |
64 |
"""Handle changes to 'dn'.""" |
64 |
"""Handle changes to 'dn'.""" |
65 |
setuid(0) |
65 |
if configRegistry['server/role'] != 'domaincontroller_master': |
|
|
66 |
return |
67 |
|
68 |
global uidNumber |
66 |
try: |
69 |
try: |
67 |
if configRegistry['server/role'] != 'domaincontroller_master': |
70 |
uidNumber = int(new.get('uidNumber', ['0'])[0]) |
68 |
return |
71 |
except (LookupError, TypeError, ValueError): |
|
|
72 |
uidNumber = 0 |
69 |
|
73 |
|
70 |
global uidNumber |
74 |
global gidNumber |
71 |
try: |
75 |
try: |
72 |
uidNumber = int(new.get('uidNumber', ['0'])[0]) |
76 |
gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) |
73 |
except (LookupError, TypeError, ValueError): |
77 |
except (LookupError, TypeError, ValueError): |
74 |
uidNumber = 0 |
78 |
ud.debug(ud.LISTENER, ud.WARN, |
75 |
|
79 |
'CERTIFICATE: Failed to get groupID for "%s"' % dn) |
76 |
global gidNumber |
80 |
gidNumber = 0 |
77 |
try: |
81 |
|
78 |
gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) |
82 |
old_domain = new_domain = configRegistry['domainname'] |
79 |
except (LookupError, TypeError, ValueError): |
83 |
if old and 'associatedDomain' in old: |
80 |
ud.debug(ud.LISTENER, ud.WARN, |
84 |
old_domain = old['associatedDomain'][0] |
81 |
'CERTIFICATE: Failed to get groupID for "%s"' % dn) |
85 |
if new and 'associatedDomain' in new: |
82 |
gidNumber = 0 |
86 |
old_domain = new['associatedDomain'][0] |
83 |
|
87 |
|
84 |
if new and not old: |
88 |
setuid(0) |
85 |
# changeType: add |
89 |
try: |
86 |
try: |
90 |
if not new or new_domain != old_domain: |
87 |
domain = new['associatedDomain'][0] |
91 |
remove_certificate(old['cn'][0], domainname=old_domain) |
88 |
except LookupError: |
92 |
if new: |
89 |
domain = configRegistry['domainname'] |
93 |
fqdn = "%s.%s" % (new['cn'][0], new_domain) |
90 |
create_certificate(new['cn'][0], domainname=domain) |
94 |
certpath = os.path.join(SSLDIR, fqdn) |
91 |
elif old and not new: |
95 |
if new_domain != old_domain or not os.path.exists(certpath): |
92 |
# changeType: delete |
|
|
93 |
try: |
94 |
domain = old['associatedDomain'][0] |
95 |
except LookupError: |
96 |
domain = configRegistry['domainname'] |
97 |
remove_certificate(old['cn'][0], domainname=domain) |
98 |
else: |
99 |
# changeType: modify |
100 |
try: |
101 |
old_domain = old['associatedDomain'][0] |
102 |
except LookupError: |
103 |
old_domain = configRegistry['domainname'] |
104 |
|
105 |
try: |
106 |
new_domain = new['associatedDomain'][0] |
107 |
except LookupError: |
108 |
new_domain = configRegistry['domainname'] |
109 |
|
110 |
if new_domain != old_domain: |
111 |
remove_certificate(old['cn'][0], domainname=old_domain) |
112 |
create_certificate(new['cn'][0], domainname=new_domain) |
96 |
create_certificate(new['cn'][0], domainname=new_domain) |
113 |
else: |
97 |
else: |
114 |
# Reset permissions |
|
|
115 |
fqdn = "%s.%s" % (new['cn'][0], new_domain) |
116 |
certpath = os.path.join(SSLDIR, fqdn) |
117 |
os.path.walk(certpath, set_permissions, None) |
98 |
os.path.walk(certpath, set_permissions, None) |
118 |
finally: |
99 |
finally: |
119 |
unsetuid() |
100 |
unsetuid() |
120 |
- |
|
|