|
63 |
exit 1 |
63 |
exit 1 |
64 |
} |
64 |
} |
65 |
run_only () { |
65 |
run_only () { |
66 |
local role="$1" mode="$2" |
66 |
local role="$1" mode="${2:-unlock}" |
67 |
case "$role/$(ucr get server/role)" in |
67 |
case "$role/$(ucr get server/role)" in |
68 |
master/domaincontroller_master) ;; |
68 |
master/domaincontroller_master) ;; |
69 |
backup/domaincontroller_master) ;; |
69 |
backup/domaincontroller_master) ;; |
|
76 |
esac |
76 |
esac |
77 |
[ 0 -eq "$(id -u)" ] || |
77 |
[ 0 -eq "$(id -u)" ] || |
78 |
die "Only user 'root' can use this" |
78 |
die "Only user 'root' can use this" |
79 |
exec 3<"$SSLBASE" |
79 |
[ 0 -eq ${#FD} ] && |
80 |
flock -n --"$mode" 3 || |
80 |
exec {FD}<${SSLBASE} |
81 |
die "Failed to get $mode lock" |
81 |
for i in {1..99}; do jitter ${i} flock -n --${mode} ${FD} && return || continue; done |
|
|
82 |
flock -n --${mode} ${FD} || |
83 |
die "Failed to get ${mode} lock" |
82 |
} |
84 |
} |
83 |
|
85 |
|
84 |
command= |
86 |
command= |
|
109 |
|
111 |
|
110 |
. "${MAKE_CERTIFICATES_SH_INCLUDE:=/usr/share/univention-ssl/make-certificates.sh}" |
112 |
. "${MAKE_CERTIFICATES_SH_INCLUDE:=/usr/share/univention-ssl/make-certificates.sh}" |
111 |
|
113 |
|
|
|
114 |
exec {FD}<${SSLBASE} |
115 |
|
112 |
case "$command" in |
116 |
case "$command" in |
113 |
new|renew) : "${name:?Missing argument '-name'}" ;; |
117 |
new|renew) : "${name:?Missing argument '-name'}" ;; |
114 |
revoke|check|dump) : "${name:="$(get_cert_name_from_id "$id")"}" |
118 |
revoke|check|dump) : "${name:="$(get_cert_name_from_id "$id")"}" |
|
129 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
133 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
130 |
chmod -R g+rX "$SSLBASE/$name" |
134 |
chmod -R g+rX "$SSLBASE/$name" |
131 |
fi |
135 |
fi |
|
|
136 |
run_only master |
132 |
} |
137 |
} |
133 |
|
138 |
|
134 |
revoke () { |
139 |
revoke () { |
|
139 |
else |
144 |
else |
140 |
revoke_cert "$name" |
145 |
revoke_cert "$name" |
141 |
fi |
146 |
fi |
|
|
147 |
run_only master |
142 |
} |
148 |
} |
143 |
|
149 |
|
144 |
renew () { |
150 |
renew () { |
|
151 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
157 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
152 |
chmod -R g+rX "$SSLBASE/$name" |
158 |
chmod -R g+rX "$SSLBASE/$name" |
153 |
fi |
159 |
fi |
|
|
160 |
run_only master |
154 |
} |
161 |
} |
155 |
|
162 |
|
156 |
check () { |
163 |
check () { |
|
170 |
*) echo "invalid" ;; |
177 |
*) echo "invalid" ;; |
171 |
esac |
178 |
esac |
172 |
done <<< "$id" |
179 |
done <<< "$id" |
|
|
180 |
run_only backup |
173 |
exit "$exitcode" |
181 |
exit "$exitcode" |
174 |
} |
182 |
} |
175 |
|
183 |
|
|
177 |
run_only backup shared |
185 |
run_only backup shared |
178 |
echo "List all certificates" |
186 |
echo "List all certificates" |
179 |
list_cert_names |
187 |
list_cert_names |
|
|
188 |
run_only backup |
180 |
} |
189 |
} |
181 |
|
190 |
|
182 |
list_all () { |
191 |
list_all () { |
183 |
run_only backup shared |
192 |
run_only backup shared |
184 |
echo "List all certificates (including revoked and expired certificates)" |
193 |
echo "List all certificates (including revoked and expired certificates)" |
185 |
list_cert_names_all |
194 |
list_cert_names_all |
|
|
195 |
run_only backup |
186 |
} |
196 |
} |
187 |
|
197 |
|
188 |
update_expired () { |
198 |
update_expired () { |
189 |
run_only master exclusive |
199 |
run_only master exclusive |
190 |
echo "Updating db for expired certificates" |
200 |
echo "Updating db for expired certificates" |
191 |
update_db |
201 |
update_db |
|
|
202 |
run_only master |
192 |
} |
203 |
} |
193 |
|
204 |
|
194 |
dump () { |
205 |
dump () { |
|
214 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
225 |
chgrp -R "DC Backup Hosts" "$SSLBASE/$name" |
215 |
chmod -R g+rX "$SSLBASE/$name" |
226 |
chmod -R g+rX "$SSLBASE/$name" |
216 |
fi |
227 |
fi |
|
|
228 |
run_only master |
217 |
} |
229 |
} |
218 |
|
230 |
|
219 |
"$command" |
231 |
"$command" |