|
|
|---|
| 63 |
exit 1 |
63 |
exit 1 |
| 64 |
} |
64 |
} |
| 65 |
run_only () { |
65 |
run_only () { |
| 66 |
local role="$1" mode="$2" |
66 |
local role="$1" mode="${2:-unlock}" |
| 67 |
case "$role/$(ucr get server/role)" in |
67 |
case "$role/$(ucr get server/role)" in |
| 68 |
master/domaincontroller_master) ;; |
68 |
master/domaincontroller_master) ;; |
| 69 |
backup/domaincontroller_master) ;; |
69 |
backup/domaincontroller_master) ;; |
|
|
|---|
| 76 |
esac |
76 |
esac |
| 77 |
[ 0 -eq "$(id -u)" ] || |
77 |
[ 0 -eq "$(id -u)" ] || |
| 78 |
die "Only user 'root' can use this" |
78 |
die "Only user 'root' can use this" |
| 79 |
exec 3<"$SSLBASE" |
79 |
[ 0 -eq ${#FD} ] && |
| 80 |
flock -n --"$mode" 3 || |
80 |
exec {FD}<${SSLBASE} |
| 81 |
die "Failed to get $mode lock" |
81 |
for i in {1..99}; do jitter ${i} flock -n --${mode} ${FD} && return || continue; done |
|
|
82 |
flock -n --${mode} ${FD} || |
| 83 |
die "Failed to get ${mode} lock" |
| 82 |
} |
84 |
} |
| 83 |
|
85 |
|
| 84 |
command= |
86 |
command= |
|
|
|---|
| 109 |
|
111 |
|
| 110 |
. "${MAKE_CERTIFICATES_SH_INCLUDE:=/usr/share/univention-ssl/make-certificates.sh}" |
112 |
. "${MAKE_CERTIFICATES_SH_INCLUDE:=/usr/share/univention-ssl/make-certificates.sh}" |
| 111 |
|
113 |
|
|
|
114 |
exec {FD}<${SSLBASE} |
| 115 |
|
| 112 |
case "$command" in |
116 |
case "$command" in |
| 113 |
new|renew) : "${name:?Missing argument '-name'}" ;; |
117 |
new|renew) : "${name:?Missing argument '-name'}" ;; |
| 114 |
revoke|check|dump) : "${name:="$(get_cert_name_from_id "$id")"}" |
118 |
revoke|check|dump) : "${name:="$(get_cert_name_from_id "$id")"}" |
|
|
|---|
| 129 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
133 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
| 130 |
chmod -R g+rX "$SSLBASE/$name" |
134 |
chmod -R g+rX "$SSLBASE/$name" |
| 131 |
fi |
135 |
fi |
|
|
136 |
run_only master |
| 132 |
} |
137 |
} |
| 133 |
|
138 |
|
| 134 |
revoke () { |
139 |
revoke () { |
|
|
|---|
| 139 |
else |
144 |
else |
| 140 |
revoke_cert "$name" |
145 |
revoke_cert "$name" |
| 141 |
fi |
146 |
fi |
|
|
147 |
run_only master |
| 142 |
} |
148 |
} |
| 143 |
|
149 |
|
| 144 |
renew () { |
150 |
renew () { |
|
|
|---|
| 151 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
157 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
| 152 |
chmod -R g+rX "$SSLBASE/$name" |
158 |
chmod -R g+rX "$SSLBASE/$name" |
| 153 |
fi |
159 |
fi |
|
|
160 |
run_only master |
| 154 |
} |
161 |
} |
| 155 |
|
162 |
|
| 156 |
check () { |
163 |
check () { |
|
|
|---|
| 170 |
*) echo "invalid" ;; |
177 |
*) echo "invalid" ;; |
| 171 |
esac |
178 |
esac |
| 172 |
done <<< "$id" |
179 |
done <<< "$id" |
|
|
180 |
run_only backup |
| 173 |
exit "$exitcode" |
181 |
exit "$exitcode" |
| 174 |
} |
182 |
} |
| 175 |
|
183 |
|
|
|
|---|
| 177 |
run_only backup shared |
185 |
run_only backup shared |
| 178 |
echo "List all certificates" |
186 |
echo "List all certificates" |
| 179 |
list_cert_names |
187 |
list_cert_names |
|
|
188 |
run_only backup |
| 180 |
} |
189 |
} |
| 181 |
|
190 |
|
| 182 |
list_all () { |
191 |
list_all () { |
| 183 |
run_only backup shared |
192 |
run_only backup shared |
| 184 |
echo "List all certificates (including revoked and expired certificates)" |
193 |
echo "List all certificates (including revoked and expired certificates)" |
| 185 |
list_cert_names_all |
194 |
list_cert_names_all |
|
|
195 |
run_only backup |
| 186 |
} |
196 |
} |
| 187 |
|
197 |
|
| 188 |
update_expired () { |
198 |
update_expired () { |
| 189 |
run_only master exclusive |
199 |
run_only master exclusive |
| 190 |
echo "Updating db for expired certificates" |
200 |
echo "Updating db for expired certificates" |
| 191 |
update_db |
201 |
update_db |
|
|
202 |
run_only master |
| 192 |
} |
203 |
} |
| 193 |
|
204 |
|
| 194 |
dump () { |
205 |
dump () { |
|
|
|---|
| 214 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
225 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
| 215 |
chmod -R g+rX "$SSLBASE/$name" |
226 |
chmod -R g+rX "$SSLBASE/$name" |
| 216 |
fi |
227 |
fi |
|
|
228 |
run_only master |
| 217 |
} |
229 |
} |
| 218 |
|
230 |
|
| 219 |
"$command" |
231 |
"$command" |