X-Git-Url: https://pwan.org/git/?p=certmaster.git;a=blobdiff_plain;f=certmaster%2Futils.py;h=e348ec492b5e37c743eba7913249eda6ad9efdf9;hp=773b0ebfc5270a83baf2a40f350b669b4d6731d1;hb=240ba9b7e2ee00a8f6014c7d597a5afd1f96249c;hpb=4575d4c9942579a235eb7b46a726ddcd557a2edd

diff --git a/certmaster/utils.py b/certmaster/utils.py
index 773b0eb..e348ec4 100644
--- a/certmaster/utils.py
+++ b/certmaster/utils.py
@@ -28,7 +28,6 @@ import sub_process
 
 # FIXME: module needs better pydoc
 
-
 # FIXME: can remove this constant?
 REMOTE_ERROR = "REMOTE_ERROR"
 
@@ -38,9 +37,6 @@ if (hasattr(os, "devnull")):
 else:
     REDIRECT_TO = "/dev/null"
 
-
-
-
 def trace_me():
     x = traceback.extract_stack()
     bar = string.join(traceback.format_list(x))
@@ -57,7 +53,7 @@ def daemonize(pidfile=None):
         sys.exit(0)
     os.chdir("/")
     os.setsid()
-    os.umask(0)
+    os.umask(077)
     pid = os.fork()
 
     os.close(0)
@@ -65,10 +61,10 @@ def daemonize(pidfile=None):
     os.close(2)
 
     # based on http://code.activestate.com/recipes/278731/
-    os.open(REDIRECT_TO, os.O_RDWR)	# standard input (0)
+    os.open(REDIRECT_TO, os.O_RDWR)     # standard input (0)
 
-    os.dup2(0, 1)			# standard output (1)
-    os.dup2(0, 2)			# standard error (2)
+    os.dup2(0, 1)                       # standard output (1)
+    os.dup2(0, 2)                       # standard error (2)
 
 
 
@@ -87,7 +83,7 @@ def nice_exception(etype, evalue, etb):
     except:
         nicetype = etype
     nicestack = string.join(traceback.format_list(traceback.extract_tb(etb)))
-    return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ] 
+    return [ REMOTE_ERROR, nicetype, str(evalue), nicestack ]
 
 def is_error(result):
     # FIXME: I believe we can remove this function
@@ -104,10 +100,10 @@ def get_hostname(talk_to_certmaster=True):
     "localhost" is a lame hostname to use for a key, so try to get
     a more meaningful hostname. We do this by connecting to the certmaster
     and seeing what interface/ip it uses to make that connection, and looking
-    up the hostname for that. 
+    up the hostname for that.
     """
     # FIXME: this code ignores http proxies (which granted, we don't
-    #      support elsewhere either. 
+    #      support elsewhere either.
     hostname = None
     hostname = socket.gethostname()
     # print "DEBUG: HOSTNAME TRY1: %s" % hostname
@@ -122,25 +118,37 @@ def get_hostname(talk_to_certmaster=True):
 # FIXME: move to requestor module and also create a verbose mode
 # prints to the screen for usage by /usr/bin/certmaster-request
 
-def create_minion_keys():
+def create_minion_keys(hostname=None, ca_name=''):
+    log = logger.Logger().logger
+
     # FIXME: paths should not be hard coded here, move to settings universally
     config_file = '/etc/certmaster/minion.conf'
     config = read_config(config_file, MinionConfig)
-    cert_dir = config.cert_dir
+
+    try:
+        certauth=config.ca[ca_name]
+    except:
+        raise codes.CMException("Unknown cert authority: %s" % ca_name)
+
+    cert_dir = certauth.cert_dir
+        
     master_uri = 'http://%s:%s/' % (config.certmaster, config.certmaster_port)
-    # print "DEBUG: acquiring hostname"
-    hn = get_hostname()
-    # print "DEBUG: hostname = %s\n" % hn
+
+    hn = hostname
+    if hn is None:
+        hn = get_hostname()
 
     if hn is None:
         raise codes.CMException("Could not determine a hostname other than localhost")
+    else:
+        # use lowercase letters for hostnames
+        hn = hn.lower()
 
     key_file = '%s/%s.pem' % (cert_dir, hn)
     csr_file = '%s/%s.csr' % (cert_dir, hn)
     cert_file = '%s/%s.cert' % (cert_dir, hn)
     ca_cert_file = '%s/ca.cert' % cert_dir
 
-
     if os.path.exists(cert_file) and os.path.exists(ca_cert_file):
         # print "DEBUG: err, no cert_file"
         return
@@ -154,20 +162,20 @@ def create_minion_keys():
         if not os.path.exists(csr_file):
             if not keypair:
                 keypair = certs.retrieve_key_from_file(key_file)
-            csr = certs.make_csr(keypair, dest=csr_file)
+            csr = certs.make_csr(keypair, dest=csr_file, hostname=hn)
     except Exception, e:
         traceback.print_exc()
         raise codes.CMException, "Could not create local keypair or csr for session"
 
     result = False
-    log = logger.Logger().logger
+
     while not result:
         try:
             # print "DEBUG: submitting CSR to certmaster: %s" % master_uri
-            log.debug("submitting CSR to certmaster %s" % master_uri)
-            result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri)
-        except socket.gaierror, e:
-            raise codes.CMException, "Could not locate certmaster at %s" % master_uri
+            log.debug("submitting CSR: %s  to certmaster %s" % (csr_file, master_uri))
+            result, cert_string, ca_cert_string = submit_csr_to_master(csr_file, master_uri, ca_name)
+        except socket.error, e:
+            log.warning("Could not locate certmaster at %s" % master_uri)
 
         # logging here would be nice
         if not result:
@@ -225,7 +233,7 @@ def run_triggers(ref, globber):
             raise codes.CMException, "certmaster trigger failed: %(file)s returns %(code)d" % { "file" : file, "code" : rc }
 
 
-def submit_csr_to_master(csr_file, master_uri):
+def submit_csr_to_master(csr_file, master_uri, ca_name=''):
     """"
     gets us our cert back from the certmaster.wait_for_cert() method
     takes csr_file as path location and master_uri
@@ -237,5 +245,4 @@ def submit_csr_to_master(csr_file, master_uri):
     s = xmlrpclib.ServerProxy(master_uri)
 
     # print "DEBUG: waiting for cert"
-    return s.wait_for_cert(csr)
-              
+    return s.wait_for_cert(csr,ca_name)