[IMP] Add force option to regenerate PKI and security to protect this option
This commit is contained in:
@@ -96,7 +96,8 @@ class TisPKI:
|
||||
|
||||
|
||||
def check_directories(path,verbose=False):
|
||||
print('Check directories')
|
||||
if verbose:
|
||||
Printing.information('Check directories')
|
||||
|
||||
directories_list = ['certs','config','crl','newcerts','private','csr','crl','p12']
|
||||
|
||||
@@ -117,15 +118,23 @@ def check_directories(path,verbose=False):
|
||||
pass
|
||||
|
||||
|
||||
def create_openssl_config(verbose=False):
|
||||
def create_openssl_config(force=False,verbose=False):
|
||||
Printing.information('Check Root CA OpenSSL Config')
|
||||
|
||||
if config.get('general','pki_dir'):
|
||||
check_directories(path=config.get('general','pki_dir'),verbose)
|
||||
check_directories(path=config.get('general','pki_dir'),verbose=verbose)
|
||||
else:
|
||||
Printing.error('No pki_dir set in samba-pki-tools.ini')
|
||||
sys.exit(1)
|
||||
|
||||
if force:
|
||||
Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
|
||||
Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
|
||||
destroy = input('If you are realy sure, please enter : "I want to remove all my PKI"')
|
||||
if destroy == 'I want to remove all my PKI':
|
||||
Printing.information('OK, too late ! Destroying your PKI !')
|
||||
os.removedirs(TisPKI.pki_dir())
|
||||
|
||||
root_ca_config = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca.ini')
|
||||
|
||||
if not os.path.isfile(root_ca_config):
|
||||
|
||||
+10
-3
@@ -9,7 +9,7 @@
|
||||
# Licence: <your licence>
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
from optparse import OptionParser
|
||||
from optparse import OptionParser, OptionGroup
|
||||
|
||||
from common import *
|
||||
|
||||
@@ -19,12 +19,19 @@ def main():
|
||||
parser.add_option('--initialize', dest="initialize", action="store_true", help="Create PKI")
|
||||
parser.add_option('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA")
|
||||
parser.add_option('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler")
|
||||
parser.add_option('-v', '--verbose', dest="verbose", action="store_true", help="Print all command")
|
||||
|
||||
dangerous_group = OptionGroup(parser,'Dangerous options', "Caution: use these options at your own risk.")
|
||||
dangerous_group.add_option('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS")
|
||||
parser.add_option_group(dangerous_group)
|
||||
|
||||
debug_group = OptionGroup(parser, 'Debug options', 'Get more information to debug')
|
||||
debug_group.add_option('-v', '--verbose', dest="verbose", action="store_true", help="Print all command")
|
||||
parser.add_option_group(debug_group)
|
||||
|
||||
(options, args) = parser.parse_args()
|
||||
|
||||
if options.initialize:
|
||||
create_openssl_config(verbose=options.verbose)
|
||||
create_openssl_config(force=options.force,verbose=options.verbose)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
||||
Reference in New Issue
Block a user