From 1f15a7d9d6d2ed6728d643a988034833523a2d40 Mon Sep 17 00:00:00 2001 From: Erling Li Teigen Date: Wed, 21 Jun 2023 16:12:52 +0200 Subject: Fixed correct syntaxes and now have a valid passwordfile option --- files/certreq.sh | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) (limited to 'files') diff --git a/files/certreq.sh b/files/certreq.sh index 9249bf1..459df53 100755 --- a/files/certreq.sh +++ b/files/certreq.sh @@ -28,16 +28,16 @@ certreqversion="2023-06-06a" usage() { less -F >&2 <] [-l|-g] [--list|--csr /path/to/file|--fetch|--request] [--no-ca] [--reqid ] [--openssl-bin /bin/openssl] [--openssl-conf /opt/openssl.cnf] [--auth basic|ntlm|negotiate] +usage: certreq.sh [-dhV] [-u username] [-p password] [--pf passwordfile ][-w tempdir] [-t template] [--cn CN] [--ca ] [-l|-g] [--list|--csr /path/to/file|--fetch|--request] [--no-ca] [--reqid ] [--openssl-bin /bin/openssl] [--openssl-conf /opt/openssl.cnf] [--auth basic|ntlm|negotiate] version ${certreqversion} -d debug Show debugging info, including parsed variables. -h usage Show this usage block. -V version Show script version number. -u username User to connect via basic or ntlm auth (or negotiate) to CA. Can be "username" or "domain\\username" -p password - -pf --password-file Passwordfile in case you don't want to write password in clear text. -w workdir Temp directory to work in. Default is \$(mktemp -d). -t template Template to request from CA. Default is "ConfigMgrLinuxClientCertificate" + --pf --password-file Passwordfile in case you don't want to write password in clear text. --cn CN to request. Default is \$( hostname -f ) --ca CA hostname or base URL. Example: ca2.example.com --reqid Request ID. Needed by --fetch action. @@ -468,23 +468,7 @@ parseFlag() { "V" | "fcheck" | "version" ) ferror "${scriptfile} version ${certreqversion}"; exit 1001;; "u" | "user" | "username" ) getval; CERTREQ_USER="${tempval}";; "p" | "pass" | "password" ) getval; CERTREQ_PASS="${tempval}";; - # I am struggling to find a way to add a option for -p|--password-file. When enabling this code the script just prints a newline with no output to tmpfiles. - # "pf" | "password-file" ) - # shift # Skip the flag itself - # if [ $# -gt 0 ]; then - # password_file="$1" - # if [ -r "$password_file" ]; then - # CERTREQ_PASS=$(cat "$password_file") - # else - # ferror "Unable to read password file: $password_file" - # exit 1 - # fi - # hasval=1 - # else - # ferror "Missing value for flag: $flag" - # exit 1 - # fi - # ;; + "pf" | "password-file" ) getval; test -r "${tempval}" && CERTREQ_PASS="$( cat "${tempval}" )" || ferror "Invalid password file ${tempval}; leaving password blank!";; # Read password from file "w" | "work" | "workdir" ) getval; CERTREQ_WORKDIR="${tempval}";; "t" | "temp" | "template" ) getval; CERTREQ_TEMPLATE="${tempval}";; "cn" | "common-name" | "commonname" ) getval; CERTREQ_CNPARAM="${tempval}";; @@ -507,7 +491,7 @@ parseFlag() { "basic") CERTREQ_AUTH=basic ;; "ntlm") CERTREQ_AUTH=ntlm ;; "negotiate") CERTREQ_AUTH=negotiate ;; - *) ferror "Warning: --auth must be either \"basic\", \"ntlm\" or \"negotiate\". Using \"basic.\"" CERTREQ_AUTH=basic ;; + *) ferror "Warning: --auth must be either \"basic\", \"ntlm\" or \"negotiate\". Using \"basic.\"" ; CERTREQ_AUTH=basic ;; esac ;; esac @@ -796,7 +780,7 @@ debuglev 5 && { # 4 invalid cert file: incomplete cert file, or no issuer # Wrapped in if statement to not grep when doing --list since no cert is created during that process. - if [[ "$CERTREQ_ACTION" != "list" ]]; then + if test "${CERTREQ_ACTION}" != "list" ; then if { ! grep -qE -- '--END CERTIFICATE--' "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" ; } || { ! echo "${openssloutput}" | grep -qE "issuer.*" ; } ; then failed=$(( failed + 4 )) -- cgit