aboutsummaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rwxr-xr-xfiles/certreq.sh26
1 files changed, 5 insertions, 21 deletions
diff --git a/files/certreq.sh b/files/certreq.sh
index 9249bf1..459df53 100755
--- a/files/certreq.sh
+++ b/files/certreq.sh
@@ -28,16 +28,16 @@ certreqversion="2023-06-06a"
usage() {
less -F >&2 <<ENDUSAGE
-usage: certreq.sh [-dhV] [-u username] [-p password] [-pf passwordfile ][-w tempdir] [-t template] [--cn CN] [--ca <CA hostname>] [-l|-g] [--list|--csr /path/to/file|--fetch|--request] [--no-ca] [--reqid <reqid_string>] [--openssl-bin /bin/openssl] [--openssl-conf /opt/openssl.cnf] [--auth basic|ntlm|negotiate]
+usage: certreq.sh [-dhV] [-u username] [-p password] [--pf passwordfile ][-w tempdir] [-t template] [--cn CN] [--ca <CA hostname>] [-l|-g] [--list|--csr /path/to/file|--fetch|--request] [--no-ca] [--reqid <reqid_string>] [--openssl-bin /bin/openssl] [--openssl-conf /opt/openssl.cnf] [--auth basic|ntlm|negotiate]
version ${certreqversion}
-d debug Show debugging info, including parsed variables.
-h usage Show this usage block.
-V version Show script version number.
-u username User to connect via basic or ntlm auth (or negotiate) to CA. Can be "username" or "domain\\username"
-p password
- -pf --password-file Passwordfile in case you don't want to write password in clear text.
-w workdir Temp directory to work in. Default is \$(mktemp -d).
-t template Template to request from CA. Default is "ConfigMgrLinuxClientCertificate"
+ --pf --password-file Passwordfile in case you don't want to write password in clear text.
--cn CN to request. Default is \$( hostname -f )
--ca CA hostname or base URL. Example: ca2.example.com
--reqid <value> Request ID. Needed by --fetch action.
@@ -468,23 +468,7 @@ parseFlag() {
"V" | "fcheck" | "version" ) ferror "${scriptfile} version ${certreqversion}"; exit 1001;;
"u" | "user" | "username" ) getval; CERTREQ_USER="${tempval}";;
"p" | "pass" | "password" ) getval; CERTREQ_PASS="${tempval}";;
- # I am struggling to find a way to add a option for -p|--password-file. When enabling this code the script just prints a newline with no output to tmpfiles.
- # "pf" | "password-file" )
- # shift # Skip the flag itself
- # if [ $# -gt 0 ]; then
- # password_file="$1"
- # if [ -r "$password_file" ]; then
- # CERTREQ_PASS=$(cat "$password_file")
- # else
- # ferror "Unable to read password file: $password_file"
- # exit 1
- # fi
- # hasval=1
- # else
- # ferror "Missing value for flag: $flag"
- # exit 1
- # fi
- # ;;
+ "pf" | "password-file" ) getval; test -r "${tempval}" && CERTREQ_PASS="$( cat "${tempval}" )" || ferror "Invalid password file ${tempval}; leaving password blank!";; # Read password from file
"w" | "work" | "workdir" ) getval; CERTREQ_WORKDIR="${tempval}";;
"t" | "temp" | "template" ) getval; CERTREQ_TEMPLATE="${tempval}";;
"cn" | "common-name" | "commonname" ) getval; CERTREQ_CNPARAM="${tempval}";;
@@ -507,7 +491,7 @@ parseFlag() {
"basic") CERTREQ_AUTH=basic ;;
"ntlm") CERTREQ_AUTH=ntlm ;;
"negotiate") CERTREQ_AUTH=negotiate ;;
- *) ferror "Warning: --auth must be either \"basic\", \"ntlm\" or \"negotiate\". Using \"basic.\"" CERTREQ_AUTH=basic ;;
+ *) ferror "Warning: --auth must be either \"basic\", \"ntlm\" or \"negotiate\". Using \"basic.\"" ; CERTREQ_AUTH=basic ;;
esac
;;
esac
@@ -796,7 +780,7 @@ debuglev 5 && {
# 4 invalid cert file: incomplete cert file, or no issuer
# Wrapped in if statement to not grep when doing --list since no cert is created during that process.
- if [[ "$CERTREQ_ACTION" != "list" ]]; then
+ if test "${CERTREQ_ACTION}" != "list" ; then
if { ! grep -qE -- '--END CERTIFICATE--' "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" ; } || { ! echo "${openssloutput}" | grep -qE "issuer.*" ; } ;
then
failed=$(( failed + 4 ))
bgstack15