aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xfiles/certreq.sh18
1 files changed, 12 insertions, 6 deletions
diff --git a/files/certreq.sh b/files/certreq.sh
index bacdf75..2aa27f8 100755
--- a/files/certreq.sh
+++ b/files/certreq.sh
@@ -11,7 +11,7 @@
# 2018-04-16 Add --list and --csr options
# 2018-05-07 Add actions for using a CA with manually-approved certs
# 2018-06-19 Fix get number of ca cert
-# 2018-07-30 add error check for "Denied" messages
+# 2018-07-30 add error checking on the request and authorization
# Usage: in ansible role certreq
# Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template.
# Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a
@@ -47,7 +47,8 @@ Return values under 1000: A non-zero value is the sum of the items listed here:
4 Return code of curl statement that saves cert file is non-zero
8 Cert file does not contain whole certificate
16 Cert does not contain an issuer
-32 Request denied.
+32 Cert request denied
+64 Invalid credentials
Return values above 1000:
1001 Help or version info displayed
1002 Count or type of flaglessvals is incorrect
@@ -155,6 +156,8 @@ submit_csr() {
esac
DISPOSITION="$( echo "${FULLPAGE}" | grep -oiE "The disposition message is.*" | grep -oiE "\".*\"" )"
+ MESSAGE="$( echo "${FULLPAGE}" | grep -oiE "<title>401.*" | grep -oiE ">.*<" | tr -d '<>' )"
+ MESSAGE="${MESSAGE:-${DISPOSITION}}" # use disposition if message is not available
}
@@ -286,6 +289,7 @@ action_get_cert() {
echo "OUTPUTLINK=${OUTPUTLINK}"
echo "CERTLINK=${CERTLINK}"
echo "DISPOSITION=${DISPOSITION}"
+ echo "MESSAGE=${MESSAGE}"
}
# FETCH SIGNED CERTIFICATE
@@ -340,6 +344,7 @@ action_request() {
echo "OUTPUTLINK=${OUTPUTLINK}"
echo "CERTLINK=${CERTLINK}"
echo "DISPOSITION=${DISPOSITION}"
+ echo "MESSAGE=${MESSAGE}"
}
}
@@ -631,7 +636,8 @@ debuglev 5 && {
grep -qE -- '--END CERTIFICATE--' "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" || failed=$(( failed + 8 ))
#echo "${openssloutput}" | grep -qE "subject.*${CERTREQ_SUBJECT}" || failed=$(( failed + 16 ))
echo "${openssloutput}" | grep -qE "issuer.*" || failed=$(( failed + 16 ))
- echo "${DISPOSITION}" | grep -qiE 'denied' && failed=$(( failed + 32 ))
+ echo "${MESSAGE}" | grep -qiE 'policy' && failed=$(( failed + 32 ))
+ echo "${MESSAGE}" | grep -qiE 'unauthorized' && failed=$(( failed + 64 ))
;;
esac
@@ -650,7 +656,7 @@ case "${CERTREQ_ACTION}" in
echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.csr"
echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key"
echo "reqid: ${REQUESTID}"
- echo "disposition: ${DISPOSITION}"
+ echo "message: ${MESSAGE}"
echo "rc: ${failed}"
;;
@@ -666,11 +672,11 @@ case "${CERTREQ_ACTION}" in
# for generate and generate-csr and everything else really
echo "workdir: ${CERTREQ_WORKDIR}"
echo "logfile: ${logfile}"
- echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt"
+ echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.csr"
echo "certificate: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt"
echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key"
! fistruthy "${CERTREQ_SKIP_CACERTS}" && echo "chain: ${CERTREQ_WORKDIR}/${CHAIN_FILE}"
- echo "disposition: ${DISPOSITION}"
+ echo "message: ${MESSAGE}"
echo "rc: ${failed}"
;;
bgstack15