diff options
-rwxr-xr-x | src/usr/share/laps/laps.sh | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/usr/share/laps/laps.sh b/src/usr/share/laps/laps.sh index b95ce3e..daa0d2f 100755 --- a/src/usr/share/laps/laps.sh +++ b/src/usr/share/laps/laps.sh @@ -109,7 +109,8 @@ main_workflow() { # 2. fetch timestamp from ldap LAPS_epoch="$( wrapper_get_timestamp_from_ldap "${LAPS_LDAPSEARCH_BIN}" "${LAPS_LDAPSEARCH_FLAGS}" "${LAPS_LDAPSEARCH_FILTER}" "${LAPS_ATTRIB_TIME}" "${LAPS_LDAPCONF}" "${LAPS_DATETIME_PY}" "${LAPS_KRB5CC_TMPFILE}" )" - test $? -eq 0 || return 1 + LAPS_epoch_response="$?" + test ${LAPS_epoch_response} -eq 0 || return "${LAPS_epoch_response}" # 3. check timestamp to see if close to expiration check_ts_against_expiration_threshold "${LAPS_THRESHOLD}" "${LAPS_epoch}" "${LAPS_FORCE}" @@ -154,6 +155,7 @@ get_host_keytab() { ferror "${scriptname}: 4 fatal! Unable to find kinit. Please use variable LAPS_KINIT_BIN. Aborted." fi # cannot use requested server name here. root@localhost can only use its own kerberos ticket. + # observe that no domain name is given (after the dollar sign). This will force kerberos to choose, based on the default_realm value in /etc/krb5.conf. "${___ghk_kinit_bin}" -k -c "${___ghk_krb5cc_tmpfile}" "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )\$" | debuglevoutput 7 fi @@ -181,7 +183,8 @@ get_attrib_from_ldap() { # execute to check for ldap or kerberos errors ___gtfl_stderr="$( KRB5CCNAME="${___gtfl_krb5cc_tmpfile}" LDAPCONF="${___gtfl_ldapconf}" "${___gtfl_ldapsearch_bin}" ${___gtfl_ldapsearch_flags} "${___gtfl_ldapsearch_filter}" "${___gtfl_attrib}" 2>&1 1>/dev/null )" - if test "$?" -ne 0 ; + ___gtfl_stderr_response="$?" + if test ${___gtfl_stderr_response} -ne 0 ; then if echo "${___gtfl_stderr}" | grep -qiE 'Ticket expired' ; then @@ -226,7 +229,7 @@ get_attrib_from_ldap() { wrapper_get_timestamp_from_ldap() { # call: wrapper_get_timestamp_from_ldap "${LAPS_LDAPSEARCH_BIN}" "${LAPS_LDAPSEARCH_FLAGS}" "${LAPS_LDAPSEARCH_FILTER}" "${LAPS_ATTRIB_TIME}" "${LAPS_LDAPCONF}" "${LAPS_DATETIME_PY}" "${LAPS_KRB5CC_TMPFILE}" - debuglev 10 && ferror "$wrapper_get_timestamp_from_ldap $@" + debuglev 10 && ferror "wrapper_get_timestamp_from_ldap $@" ___wgtfl_ldapsearch_bin="${1}" ___wgtfl_ldapsearch_flags="${2}" ___wgtfl_ldapsearch_filter="${3}" @@ -236,10 +239,11 @@ wrapper_get_timestamp_from_ldap() { ___wgtfl_krb5cc_tmpfile="${7}" ts_filetime="$( get_attrib_from_ldap "${___wgtfl_ldapsearch_bin}" "${___wgtfl_ldapsearch_flags}" "${___wgtfl_ldapsearch_filter}" "${___wgtfl_attrib}" "${___wgtfl_ldapconf}" "${___wgtfl_krb5cc_tmpfile}" )" - test "$?" -eq 0 || return 1 + ts_filetime_response="$?" + test ${ts_filetime_response} -eq 0 || return "${ts_filetime_response}" ts_epoch=0 - if test -n "$ts_filetime" ; + if test -n "${ts_filetime}" ; then debuglev 3 && ferror "timestamp(FILETIME): ${ts_filetime}" ts_epoch="$( "${___wgtfl_datetime_py}" -e "${ts_filetime}" )" |