From 4e5866ab5d97f278ff710f0ad3ad5a8256b5f4e0 Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 30 Jul 2018 16:19:06 -0400 Subject: add error check for "401 - Unauthorized" --- files/certreq.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'files') diff --git a/files/certreq.sh b/files/certreq.sh index bacdf75..2aa27f8 100755 --- a/files/certreq.sh +++ b/files/certreq.sh @@ -11,7 +11,7 @@ # 2018-04-16 Add --list and --csr options # 2018-05-07 Add actions for using a CA with manually-approved certs # 2018-06-19 Fix get number of ca cert -# 2018-07-30 add error check for "Denied" messages +# 2018-07-30 add error checking on the request and authorization # Usage: in ansible role certreq # Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template. # Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a @@ -47,7 +47,8 @@ Return values under 1000: A non-zero value is the sum of the items listed here: 4 Return code of curl statement that saves cert file is non-zero 8 Cert file does not contain whole certificate 16 Cert does not contain an issuer -32 Request denied. +32 Cert request denied +64 Invalid credentials Return values above 1000: 1001 Help or version info displayed 1002 Count or type of flaglessvals is incorrect @@ -155,6 +156,8 @@ submit_csr() { esac DISPOSITION="$( echo "${FULLPAGE}" | grep -oiE "The disposition message is.*" | grep -oiE "\".*\"" )" + MESSAGE="$( echo "${FULLPAGE}" | grep -oiE "401.*" | grep -oiE ">.*<" | tr -d '<>' )" + MESSAGE="${MESSAGE:-${DISPOSITION}}" # use disposition if message is not available } @@ -286,6 +289,7 @@ action_get_cert() { echo "OUTPUTLINK=${OUTPUTLINK}" echo "CERTLINK=${CERTLINK}" echo "DISPOSITION=${DISPOSITION}" + echo "MESSAGE=${MESSAGE}" } # FETCH SIGNED CERTIFICATE @@ -340,6 +344,7 @@ action_request() { echo "OUTPUTLINK=${OUTPUTLINK}" echo "CERTLINK=${CERTLINK}" echo "DISPOSITION=${DISPOSITION}" + echo "MESSAGE=${MESSAGE}" } } @@ -631,7 +636,8 @@ debuglev 5 && { grep -qE -- '--END CERTIFICATE--' "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" || failed=$(( failed + 8 )) #echo "${openssloutput}" | grep -qE "subject.*${CERTREQ_SUBJECT}" || failed=$(( failed + 16 )) echo "${openssloutput}" | grep -qE "issuer.*" || failed=$(( failed + 16 )) - echo "${DISPOSITION}" | grep -qiE 'denied' && failed=$(( failed + 32 )) + echo "${MESSAGE}" | grep -qiE 'policy' && failed=$(( failed + 32 )) + echo "${MESSAGE}" | grep -qiE 'unauthorized' && failed=$(( failed + 64 )) ;; esac @@ -650,7 +656,7 @@ case "${CERTREQ_ACTION}" in echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.csr" echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key" echo "reqid: ${REQUESTID}" - echo "disposition: ${DISPOSITION}" + echo "message: ${MESSAGE}" echo "rc: ${failed}" ;; @@ -666,11 +672,11 @@ case "${CERTREQ_ACTION}" in # for generate and generate-csr and everything else really echo "workdir: ${CERTREQ_WORKDIR}" echo "logfile: ${logfile}" - echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" + echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.csr" echo "certificate: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key" ! fistruthy "${CERTREQ_SKIP_CACERTS}" && echo "chain: ${CERTREQ_WORKDIR}/${CHAIN_FILE}" - echo "disposition: ${DISPOSITION}" + echo "message: ${MESSAGE}" echo "rc: ${failed}" ;; -- cgit