infra/samba-pki-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[IMP] Add force option to regenerate PKI and security to protect this option

Browse Source
This commit is contained in:
Kevin GUERINEAU
2024-05-07 17:29:08 +02:00
parent 4827e3e5a0
commit 7e00e9dbbf
2 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
common.py
+12 -3
View File
@@ -96,7 +96,8 @@ class TisPKI:
def check_directories(path,verbose=False):
print('Check directories')
if verbose:
Printing.information('Check directories')
directories_list = ['certs','config','crl','newcerts','private','csr','crl','p12']
@@ -117,15 +118,23 @@ def check_directories(path,verbose=False):
pass
def create_openssl_config(verbose=False):
def create_openssl_config(force=False,verbose=False):
Printing.information('Check Root CA OpenSSL Config')
if config.get('general','pki_dir'):
check_directories(path=config.get('general','pki_dir'),verbose)
check_directories(path=config.get('general','pki_dir'),verbose=verbose)
else:
Printing.error('No pki_dir set in samba-pki-tools.ini')
sys.exit(1)
if force:
Printing.error("Do you realy want to remove ALL you PKI ? This will destroy ALL YOUR CERTIFICATES AND PRIVATE KEY")
Printing.error("After that, you MUST REGENERATE YOUR PKI with NEW certificates and private key for ALL YOUR DOMAIN CONTROLLERS AND USERS")
destroy = input('If you are realy sure, please enter : "I want to remove all my PKI"')
if destroy == 'I want to remove all my PKI':
Printing.information('OK, too late ! Destroying your PKI !')
os.removedirs(TisPKI.pki_dir())
root_ca_config = os.path.join(TisPKI.pki_dir(),'config','openssl_root_ca.ini')
if not os.path.isfile(root_ca_config):