diff --git a/common.py b/common.py index cf59eb0..7256877 100644 --- a/common.py +++ b/common.py @@ -96,7 +96,8 @@ class TisPKI: def check_directories(path,verbose=False): - print('Check directories') + if verbose: + Printing.information('Check directories') directories_list = ['certs','config','crl','newcerts','private','csr','crl','p12'] @@ -117,15 +118,23 @@ def check_directories(path,verbose=False): pass -def create_openssl_config(verbose=False): +def create_openssl_config(force=False,verbose=False): Printing.information('Check Root CA OpenSSL Config') if config.get('general','pki_dir'): - check_directories(path=config.get('general','pki_dir'),verbose) + check_directories(path=config.get('general','pki_dir'),verbose=verbose) else: Printing.error('No pki_dir set in samba-pki-tools.ini') sys.exit(1) + if force: + Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY") + Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS") + destroy = input('If you are realy sure, please enter : "I want to remove all my PKI"') + if destroy == 'I want to remove all my PKI': + Printing.information('OK, too late ! Destroying your PKI !') + os.removedirs(TisPKI.pki_dir()) + root_ca_config = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca.ini') if not os.path.isfile(root_ca_config): diff --git a/manage_pki.py b/manage_pki.py index 1c73f30..83f29a9 100644 --- a/manage_pki.py +++ b/manage_pki.py @@ -9,7 +9,7 @@ # Licence: #------------------------------------------------------------------------------- -from optparse import OptionParser +from optparse import OptionParser, OptionGroup from common import * @@ -19,12 +19,19 @@ def main(): parser.add_option('--initialize', dest="initialize", action="store_true", help="Create PKI") parser.add_option('--create-intermediate', dest="create_intermediate", action="store_true", help="Create an intermediate CA") parser.add_option('--create-dc-cert', dest="create_dc_cert", action="store_true", help="Create a certificat for a Domain Controler") - parser.add_option('-v', '--verbose', dest="verbose", action="store_true", help="Print all command") + + dangerous_group = OptionGroup(parser,'Dangerous options', "Caution: use these options at your own risk.") + dangerous_group.add_option('-f', '--force', dest="force", action="store_true", help="Force reinitialize PKI. VERY DANGEROUS") + parser.add_option_group(dangerous_group) + + debug_group = OptionGroup(parser, 'Debug options', 'Get more information to debug') + debug_group.add_option('-v', '--verbose', dest="verbose", action="store_true", help="Print all command") + parser.add_option_group(debug_group) (options, args) = parser.parse_args() if options.initialize: - create_openssl_config(verbose=options.verbose) + create_openssl_config(force=options.force,verbose=options.verbose) if __name__ == '__main__':