|
|
|---|
| 62 |
|
62 |
|
| 63 |
def handler(dn, new, old): |
63 |
def handler(dn, new, old): |
| 64 |
"""Handle changes to 'dn'.""" |
64 |
"""Handle changes to 'dn'.""" |
| 65 |
setuid(0) |
65 |
if configRegistry['server/role'] != 'domaincontroller_master': |
|
|
66 |
return |
| 67 |
|
| 68 |
global uidNumber |
| 66 |
try: |
69 |
try: |
| 67 |
if configRegistry['server/role'] != 'domaincontroller_master': |
70 |
uidNumber = int(new.get('uidNumber', ['0'])[0]) |
| 68 |
return |
71 |
except (LookupError, TypeError, ValueError): |
|
|
72 |
uidNumber = 0 |
| 69 |
|
73 |
|
| 70 |
global uidNumber |
74 |
global gidNumber |
| 71 |
try: |
75 |
try: |
| 72 |
uidNumber = int(new.get('uidNumber', ['0'])[0]) |
76 |
gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) |
| 73 |
except (LookupError, TypeError, ValueError): |
77 |
except (LookupError, TypeError, ValueError): |
| 74 |
uidNumber = 0 |
78 |
ud.debug(ud.LISTENER, ud.WARN, |
| 75 |
|
79 |
'CERTIFICATE: Failed to get groupID for "%s"' % dn) |
| 76 |
global gidNumber |
80 |
gidNumber = 0 |
| 77 |
try: |
81 |
|
| 78 |
gidNumber = int(grp.getgrnam('DC Backup Hosts')[2]) |
82 |
old_domain = new_domain = configRegistry['domainname'] |
| 79 |
except (LookupError, TypeError, ValueError): |
83 |
if old and 'associatedDomain' in old: |
| 80 |
ud.debug(ud.LISTENER, ud.WARN, |
84 |
old_domain = old['associatedDomain'][0] |
| 81 |
'CERTIFICATE: Failed to get groupID for "%s"' % dn) |
85 |
if new and 'associatedDomain' in new: |
| 82 |
gidNumber = 0 |
86 |
old_domain = new['associatedDomain'][0] |
| 83 |
|
87 |
|
| 84 |
if new and not old: |
88 |
setuid(0) |
| 85 |
# changeType: add |
89 |
try: |
| 86 |
try: |
90 |
if not new or new_domain != old_domain: |
| 87 |
domain = new['associatedDomain'][0] |
91 |
remove_certificate(old['cn'][0], domainname=old_domain) |
| 88 |
except LookupError: |
92 |
if new: |
| 89 |
domain = configRegistry['domainname'] |
93 |
fqdn = "%s.%s" % (new['cn'][0], new_domain) |
| 90 |
create_certificate(new['cn'][0], domainname=domain) |
94 |
certpath = os.path.join(SSLDIR, fqdn) |
| 91 |
elif old and not new: |
95 |
if new_domain != old_domain or not os.path.exists(certpath): |
| 92 |
# changeType: delete |
|
|
| 93 |
try: |
| 94 |
domain = old['associatedDomain'][0] |
| 95 |
except LookupError: |
| 96 |
domain = configRegistry['domainname'] |
| 97 |
remove_certificate(old['cn'][0], domainname=domain) |
| 98 |
else: |
| 99 |
# changeType: modify |
| 100 |
try: |
| 101 |
old_domain = old['associatedDomain'][0] |
| 102 |
except LookupError: |
| 103 |
old_domain = configRegistry['domainname'] |
| 104 |
|
| 105 |
try: |
| 106 |
new_domain = new['associatedDomain'][0] |
| 107 |
except LookupError: |
| 108 |
new_domain = configRegistry['domainname'] |
| 109 |
|
| 110 |
if new_domain != old_domain: |
| 111 |
remove_certificate(old['cn'][0], domainname=old_domain) |
| 112 |
create_certificate(new['cn'][0], domainname=new_domain) |
96 |
create_certificate(new['cn'][0], domainname=new_domain) |
| 113 |
else: |
97 |
else: |
| 114 |
# Reset permissions |
|
|
| 115 |
fqdn = "%s.%s" % (new['cn'][0], new_domain) |
| 116 |
certpath = os.path.join(SSLDIR, fqdn) |
| 117 |
os.path.walk(certpath, set_permissions, None) |
98 |
os.path.walk(certpath, set_permissions, None) |
| 118 |
finally: |
99 |
finally: |
| 119 |
unsetuid() |
100 |
unsetuid() |
| 120 |
- |
|
|