aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xsrc/usr/share/laps/laps.sh14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/usr/share/laps/laps.sh b/src/usr/share/laps/laps.sh
index b95ce3e..daa0d2f 100755
--- a/src/usr/share/laps/laps.sh
+++ b/src/usr/share/laps/laps.sh
@@ -109,7 +109,8 @@ main_workflow() {
# 2. fetch timestamp from ldap
LAPS_epoch="$( wrapper_get_timestamp_from_ldap "${LAPS_LDAPSEARCH_BIN}" "${LAPS_LDAPSEARCH_FLAGS}" "${LAPS_LDAPSEARCH_FILTER}" "${LAPS_ATTRIB_TIME}" "${LAPS_LDAPCONF}" "${LAPS_DATETIME_PY}" "${LAPS_KRB5CC_TMPFILE}" )"
- test $? -eq 0 || return 1
+ LAPS_epoch_response="$?"
+ test ${LAPS_epoch_response} -eq 0 || return "${LAPS_epoch_response}"
# 3. check timestamp to see if close to expiration
check_ts_against_expiration_threshold "${LAPS_THRESHOLD}" "${LAPS_epoch}" "${LAPS_FORCE}"
@@ -154,6 +155,7 @@ get_host_keytab() {
ferror "${scriptname}: 4 fatal! Unable to find kinit. Please use variable LAPS_KINIT_BIN. Aborted."
fi
# cannot use requested server name here. root@localhost can only use its own kerberos ticket.
+ # observe that no domain name is given (after the dollar sign). This will force kerberos to choose, based on the default_realm value in /etc/krb5.conf.
"${___ghk_kinit_bin}" -k -c "${___ghk_krb5cc_tmpfile}" "$( hostname -s | tr '[[:lower:]]' '[[:upper:]]' )\$" | debuglevoutput 7
fi
@@ -181,7 +183,8 @@ get_attrib_from_ldap() {
# execute to check for ldap or kerberos errors
___gtfl_stderr="$( KRB5CCNAME="${___gtfl_krb5cc_tmpfile}" LDAPCONF="${___gtfl_ldapconf}" "${___gtfl_ldapsearch_bin}" ${___gtfl_ldapsearch_flags} "${___gtfl_ldapsearch_filter}" "${___gtfl_attrib}" 2>&1 1>/dev/null )"
- if test "$?" -ne 0 ;
+ ___gtfl_stderr_response="$?"
+ if test ${___gtfl_stderr_response} -ne 0 ;
then
if echo "${___gtfl_stderr}" | grep -qiE 'Ticket expired' ;
then
@@ -226,7 +229,7 @@ get_attrib_from_ldap() {
wrapper_get_timestamp_from_ldap() {
# call: wrapper_get_timestamp_from_ldap "${LAPS_LDAPSEARCH_BIN}" "${LAPS_LDAPSEARCH_FLAGS}" "${LAPS_LDAPSEARCH_FILTER}" "${LAPS_ATTRIB_TIME}" "${LAPS_LDAPCONF}" "${LAPS_DATETIME_PY}" "${LAPS_KRB5CC_TMPFILE}"
- debuglev 10 && ferror "$wrapper_get_timestamp_from_ldap $@"
+ debuglev 10 && ferror "wrapper_get_timestamp_from_ldap $@"
___wgtfl_ldapsearch_bin="${1}"
___wgtfl_ldapsearch_flags="${2}"
___wgtfl_ldapsearch_filter="${3}"
@@ -236,10 +239,11 @@ wrapper_get_timestamp_from_ldap() {
___wgtfl_krb5cc_tmpfile="${7}"
ts_filetime="$( get_attrib_from_ldap "${___wgtfl_ldapsearch_bin}" "${___wgtfl_ldapsearch_flags}" "${___wgtfl_ldapsearch_filter}" "${___wgtfl_attrib}" "${___wgtfl_ldapconf}" "${___wgtfl_krb5cc_tmpfile}" )"
- test "$?" -eq 0 || return 1
+ ts_filetime_response="$?"
+ test ${ts_filetime_response} -eq 0 || return "${ts_filetime_response}"
ts_epoch=0
- if test -n "$ts_filetime" ;
+ if test -n "${ts_filetime}" ;
then
debuglev 3 && ferror "timestamp(FILETIME): ${ts_filetime}"
ts_epoch="$( "${___wgtfl_datetime_py}" -e "${ts_filetime}" )"
bgstack15