[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri May 13 15:39:01 UTC 2022
The branch, master has been updated
via 8231eaf856b gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
via 73b12a80724 gpo: Fix Cert Auto Enroll docstrings
via d3e0eec03cd gpo: Remove sscep depends from Cert Auto Enroll
via 53a55428948 bootstrap: Add python3-requests dependency
from dcdc9859b90 gpo: Halt Cert Auto Enroll process if data corrupted
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8231eaf856b11bce5cec0b31129f709d0d6d2cc7
Author: David Mulder <dmulder at suse.com>
Date: Thu May 12 13:24:07 2022 -0600
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
commit 73b12a807240c6ae1f54ce84de8770d050a098ac
Author: David Mulder <dmulder at suse.com>
Date: Thu May 5 07:30:16 2022 -0600
gpo: Fix Cert Auto Enroll docstrings
These were flagged by pydocstyle.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit d3e0eec03cd93dcceaec7328ba8252bfa78f968e
Author: David Mulder <dmulder at suse.com>
Date: Wed May 4 15:01:22 2022 -0600
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 53a55428948e20f6ce42fbf39f99190ef55fb81f
Author: David Mulder <dmulder at suse.com>
Date: Fri May 6 09:06:23 2022 -0600
bootstrap: Add python3-requests dependency
Certificate Auto Enrollment will depend on
python3-requests in order to fetch the
root chain.
Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 2 +-
bootstrap/config.py | 2 +
bootstrap/generated-dists/centos7/bootstrap.sh | 1 +
bootstrap/generated-dists/centos7/packages.yml | 1 +
bootstrap/generated-dists/centos8s/bootstrap.sh | 1 +
bootstrap/generated-dists/centos8s/packages.yml | 1 +
bootstrap/generated-dists/debian11/bootstrap.sh | 1 +
bootstrap/generated-dists/debian11/packages.yml | 1 +
bootstrap/generated-dists/f35mit120/bootstrap.sh | 1 +
bootstrap/generated-dists/f35mit120/packages.yml | 1 +
bootstrap/generated-dists/fedora35/bootstrap.sh | 1 +
bootstrap/generated-dists/fedora35/packages.yml | 1 +
bootstrap/generated-dists/opensuse153/bootstrap.sh | 1 +
bootstrap/generated-dists/opensuse153/packages.yml | 1 +
bootstrap/generated-dists/ubuntu1804/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu1804/packages.yml | 1 +
bootstrap/generated-dists/ubuntu2004/bootstrap.sh | 1 +
bootstrap/generated-dists/ubuntu2004/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
python/samba/gp_cert_auto_enroll_ext.py | 173 ++++++++++++++-------
python/samba/tests/bin/sscep | 19 ---
python/samba/tests/gpo.py | 58 ++++++-
22 files changed, 184 insertions(+), 88 deletions(-)
delete mode 100755 python/samba/tests/bin/sscep
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index ee32c57a3a6..95ca23475e6 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -42,7 +42,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 2bfb75bf56b5b40fd57f22b7cfcfdd69d65e4f78
+ SAMBA_CI_CONTAINER_TAG: a4bf899c9709c67254c5bb3964e3dce6bb2e4d1e
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/bootstrap/config.py b/bootstrap/config.py
index dc1ff100cfd..6b3f97d4fd0 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -144,6 +144,7 @@ PKGS = [
('python3-pexpect', ''), # for wintest only
('python3-pyasn1', 'python3-pyasn1'), # for krb5 tests
('python3-setproctitle', 'python3-setproctitle'),
+ ('python3-requests', 'python3-requests'), # for cert auto enroll
('', 'python3-libsemanage'),
('', 'python3-policycoreutils'),
@@ -448,6 +449,7 @@ RPM_DISTS = {
'python3-gpg': 'python36-gpg',
'python3-iso8601' : 'python36-iso8601',
'python3-markdown': 'python36-markdown',
+ 'python3-requests': 'python36-requests',
# although python36-devel is available
# after epel-release installed
# however, all other python3 pkgs are still python36-ish
diff --git a/bootstrap/generated-dists/centos7/bootstrap.sh b/bootstrap/generated-dists/centos7/bootstrap.sh
index 43572bb532a..ebd46784863 100755
--- a/bootstrap/generated-dists/centos7/bootstrap.sh
+++ b/bootstrap/generated-dists/centos7/bootstrap.sh
@@ -91,6 +91,7 @@ yum install -y \
python36-iso8601 \
python36-markdown \
python36-pyasn1 \
+ python36-requests \
python36-setproctitle \
quota-devel \
readline-devel \
diff --git a/bootstrap/generated-dists/centos7/packages.yml b/bootstrap/generated-dists/centos7/packages.yml
index 3998c875057..f8a821f45dc 100644
--- a/bootstrap/generated-dists/centos7/packages.yml
+++ b/bootstrap/generated-dists/centos7/packages.yml
@@ -77,6 +77,7 @@ packages:
- python36-iso8601
- python36-markdown
- python36-pyasn1
+ - python36-requests
- python36-setproctitle
- quota-devel
- readline-devel
diff --git a/bootstrap/generated-dists/centos8s/bootstrap.sh b/bootstrap/generated-dists/centos8s/bootstrap.sh
index 1111450c400..5b95521f438 100755
--- a/bootstrap/generated-dists/centos8s/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8s/bootstrap.sh
@@ -99,6 +99,7 @@ yum install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
quota-devel \
readline-devel \
diff --git a/bootstrap/generated-dists/centos8s/packages.yml b/bootstrap/generated-dists/centos8s/packages.yml
index f5d0ac5ffe6..79f74bbac51 100644
--- a/bootstrap/generated-dists/centos8s/packages.yml
+++ b/bootstrap/generated-dists/centos8s/packages.yml
@@ -80,6 +80,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- quota-devel
- readline-devel
diff --git a/bootstrap/generated-dists/debian11/bootstrap.sh b/bootstrap/generated-dists/debian11/bootstrap.sh
index f90cac1c817..f59d224026f 100755
--- a/bootstrap/generated-dists/debian11/bootstrap.sh
+++ b/bootstrap/generated-dists/debian11/bootstrap.sh
@@ -93,6 +93,7 @@ apt-get -y install \
python3-markdown \
python3-pexpect \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
rng-tools \
rsync \
diff --git a/bootstrap/generated-dists/debian11/packages.yml b/bootstrap/generated-dists/debian11/packages.yml
index c98575758ed..d1c92af8884 100644
--- a/bootstrap/generated-dists/debian11/packages.yml
+++ b/bootstrap/generated-dists/debian11/packages.yml
@@ -82,6 +82,7 @@ packages:
- python3-markdown
- python3-pexpect
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- rng-tools
- rsync
diff --git a/bootstrap/generated-dists/f35mit120/bootstrap.sh b/bootstrap/generated-dists/f35mit120/bootstrap.sh
index aa77d63efa0..3b937f4abb1 100755
--- a/bootstrap/generated-dists/f35mit120/bootstrap.sh
+++ b/bootstrap/generated-dists/f35mit120/bootstrap.sh
@@ -98,6 +98,7 @@ dnf install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
quota-devel \
readline-devel \
diff --git a/bootstrap/generated-dists/f35mit120/packages.yml b/bootstrap/generated-dists/f35mit120/packages.yml
index b4a5ec40ab9..0fb207dc137 100644
--- a/bootstrap/generated-dists/f35mit120/packages.yml
+++ b/bootstrap/generated-dists/f35mit120/packages.yml
@@ -84,6 +84,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- quota-devel
- readline-devel
diff --git a/bootstrap/generated-dists/fedora35/bootstrap.sh b/bootstrap/generated-dists/fedora35/bootstrap.sh
index 0d8a3366ab9..ad38475228f 100755
--- a/bootstrap/generated-dists/fedora35/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora35/bootstrap.sh
@@ -95,6 +95,7 @@ dnf install -y \
python3-markdown \
python3-policycoreutils \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
quota-devel \
readline-devel \
diff --git a/bootstrap/generated-dists/fedora35/packages.yml b/bootstrap/generated-dists/fedora35/packages.yml
index b4a5ec40ab9..0fb207dc137 100644
--- a/bootstrap/generated-dists/fedora35/packages.yml
+++ b/bootstrap/generated-dists/fedora35/packages.yml
@@ -84,6 +84,7 @@ packages:
- python3-markdown
- python3-policycoreutils
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- quota-devel
- readline-devel
diff --git a/bootstrap/generated-dists/opensuse153/bootstrap.sh b/bootstrap/generated-dists/opensuse153/bootstrap.sh
index ffef2d9cd2a..8f1715f9edb 100755
--- a/bootstrap/generated-dists/opensuse153/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse153/bootstrap.sh
@@ -90,6 +90,7 @@ zypper --non-interactive install \
python3-policycoreutils \
python3-pyasn1 \
python3-python-dateutil \
+ python3-requests \
python3-setproctitle \
readline-devel \
rng-tools \
diff --git a/bootstrap/generated-dists/opensuse153/packages.yml b/bootstrap/generated-dists/opensuse153/packages.yml
index 8198464c43d..29fa159b5d4 100644
--- a/bootstrap/generated-dists/opensuse153/packages.yml
+++ b/bootstrap/generated-dists/opensuse153/packages.yml
@@ -78,6 +78,7 @@ packages:
- python3-policycoreutils
- python3-pyasn1
- python3-python-dateutil
+ - python3-requests
- python3-setproctitle
- readline-devel
- rng-tools
diff --git a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
index da5e2d7e335..6a28e2d655d 100755
--- a/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu1804/bootstrap.sh
@@ -93,6 +93,7 @@ apt-get -y install \
python3-markdown \
python3-pexpect \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
rng-tools \
rsync \
diff --git a/bootstrap/generated-dists/ubuntu1804/packages.yml b/bootstrap/generated-dists/ubuntu1804/packages.yml
index a497af15d59..e03b05a6e4a 100644
--- a/bootstrap/generated-dists/ubuntu1804/packages.yml
+++ b/bootstrap/generated-dists/ubuntu1804/packages.yml
@@ -82,6 +82,7 @@ packages:
- python3-markdown
- python3-pexpect
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- rng-tools
- rsync
diff --git a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
index da5e2d7e335..6a28e2d655d 100755
--- a/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
+++ b/bootstrap/generated-dists/ubuntu2004/bootstrap.sh
@@ -93,6 +93,7 @@ apt-get -y install \
python3-markdown \
python3-pexpect \
python3-pyasn1 \
+ python3-requests \
python3-setproctitle \
rng-tools \
rsync \
diff --git a/bootstrap/generated-dists/ubuntu2004/packages.yml b/bootstrap/generated-dists/ubuntu2004/packages.yml
index a497af15d59..e03b05a6e4a 100644
--- a/bootstrap/generated-dists/ubuntu2004/packages.yml
+++ b/bootstrap/generated-dists/ubuntu2004/packages.yml
@@ -82,6 +82,7 @@ packages:
- python3-markdown
- python3-pexpect
- python3-pyasn1
+ - python3-requests
- python3-setproctitle
- rng-tools
- rsync
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index b8f70028a27..d0359be9b54 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-2bfb75bf56b5b40fd57f22b7cfcfdd69d65e4f78
+a4bf899c9709c67254c5bb3964e3dce6bb2e4d1e
diff --git a/python/samba/gp_cert_auto_enroll_ext.py b/python/samba/gp_cert_auto_enroll_ext.py
index 7b604e5065d..680525c9ced 100644
--- a/python/samba/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp_cert_auto_enroll_ext.py
@@ -16,6 +16,7 @@
import os
import operator
+import requests
from samba.gpclass import gp_pol_ext
from samba import Ldb
from ldb import SCOPE_SUBTREE, SCOPE_BASE
@@ -25,10 +26,19 @@ import base64
from shutil import which
from subprocess import Popen, PIPE
import re
-from glob import glob
import json
from samba.gp.util.logging import log
import struct
+try:
+ from cryptography.hazmat.primitives.serialization.pkcs7 import \
+ load_der_pkcs7_certificates
+except ModuleNotFoundError:
+ def load_der_pkcs7_certificates(x): return []
+ log.error('python cryptography missing pkcs7 support. '
+ 'Certificate chain parsing will fail')
+from cryptography.hazmat.primitives.serialization import Encoding
+from cryptography.x509 import load_der_x509_certificate
+from cryptography.hazmat.backends import default_backend
cert_wrap = b"""
-----BEGIN CERTIFICATE-----
@@ -38,21 +48,24 @@ global_trust_dir = '/etc/pki/trust/anchors'
endpoint_re = '(https|HTTPS)://(?P<server>[a-zA-Z0-9.-]+)/ADPolicyProvider' + \
'_CEP_(?P<auth>[a-zA-Z]+)/service.svc/CEP'
+
def octet_string_to_objectGUID(data):
+ """Convert an octet string to an objectGUID."""
return '%s-%s-%s-%s-%s' % ('%02x' % struct.unpack('<L', data[0:4])[0],
'%02x' % struct.unpack('<H', data[4:6])[0],
'%02x' % struct.unpack('<H', data[6:8])[0],
'%02x' % struct.unpack('>H', data[8:10])[0],
'%02x%02x' % struct.unpack('>HL', data[10:]))
-'''
-Group and Sort End Point Information
-[MS-CAESO] 4.4.5.3.2.3
-In this step autoenrollment processes the end point information by grouping it
-by CEP ID and sorting in the order with which it will use the end point to
-access the CEP information.
-'''
+
def group_and_sort_end_point_information(end_point_information):
+ """Group and Sort End Point Information.
+
+ [MS-CAESO] 4.4.5.3.2.3
+ In this step autoenrollment processes the end point information by grouping
+ it by CEP ID and sorting in the order with which it will use the end point
+ to access the CEP information.
+ """
# Create groups of the CertificateEnrollmentPolicyEndPoint instances that
# have the same value of the EndPoint.PolicyID datum.
end_point_groups = {}
@@ -93,13 +106,13 @@ def group_and_sort_end_point_information(end_point_information):
key=sort_auth)
return list(end_point_groups.values())
-'''
-Obtaining End Point Information
-[MS-CAESO] 4.4.5.3.2.2
-In this step autoenrollment initializes the
-CertificateEnrollmentPolicyEndPoints table.
-'''
def obtain_end_point_information(entries):
+ """Obtain End Point Information.
+
+ [MS-CAESO] 4.4.5.3.2.2
+ In this step autoenrollment initializes the
+ CertificateEnrollmentPolicyEndPoints table.
+ """
end_point_information = {}
section = 'Software\\Policies\\Microsoft\\Cryptography\\PolicyServers\\'
for e in entries:
@@ -124,11 +137,11 @@ def obtain_end_point_information(entries):
group_and_sort_end_point_information(end_point_information.values())
return end_point_information
-'''
-Initializing CAs
-[MS-CAESO] 4.4.5.3.1.2
-'''
def fetch_certification_authorities(ldb):
+ """Initialize CAs.
+
+ [MS-CAESO] 4.4.5.3.1.2
+ """
result = []
basedn = ldb.get_default_basedn()
# Autoenrollment MUST do an LDAP search for the CA information
@@ -180,43 +193,83 @@ def get_supported_templates(server):
return out.strip().split()
return []
-def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
- # Install the root certificate chain
- data = {'files': [], 'templates': []}
- sscep = which('sscep')
- if sscep is not None:
- url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % \
- ca['hostname']
- root_cert = os.path.join(trust_dir, '%s.crt' % ca['name'])
- ret = Popen([sscep, 'getca', '-F', 'sha1', '-c',
- root_cert, '-u', url]).wait()
- if ret != 0:
- log.warn('sscep failed to fetch the root certificate chain.')
- log.warn('Ensure you have installed and configured the' +
- ' Network Device Enrollment Service.')
- root_certs = glob('%s*' % root_cert)
- data['files'].extend(root_certs)
- for src in root_certs:
- # Symlink the certs to global trust dir
- dst = os.path.join(global_trust_dir, os.path.basename(src))
+
+def getca(ca, url, trust_dir):
+ """Fetch Certificate Chain from the CA."""
+ root_cert = os.path.join(trust_dir, '%s.crt' % ca['name'])
+ root_certs = []
+
+ try:
+ r = requests.get(url=url, params={'operation': 'GetCACert',
+ 'message': 'CAIdentifier'})
+ except requests.exceptions.ConnectionError:
+ log.warn('Failed to establish a new connection')
+ r = None
+ if r is None or r.content == b'' or r.headers['Content-Type'] == 'text/html':
+ log.warn('Failed to fetch the root certificate chain.')
+ log.warn('The Network Device Enrollment Service is either not' +
+ ' installed or not configured.')
+ if 'cACertificate' in ca:
+ log.warn('Installing the server certificate only.')
try:
- os.symlink(src, dst)
- data['files'].append(dst)
- except PermissionError:
- log.warn('Failed to symlink root certificate to the' +
- ' admin trust anchors')
- except FileNotFoundError:
- log.warn('Failed to symlink root certificate to the' +
- ' admin trust anchors.' +
- ' The directory was not found', global_trust_dir)
- except FileExistsError:
- # If we're simply downloading a renewed cert, the symlink
- # already exists. Ignore the FileExistsError. Preserve the
- # existing symlink in the unapply data.
- data['files'].append(dst)
+ cert = load_der_x509_certificate(ca['cACertificate'])
+ except TypeError:
+ cert = load_der_x509_certificate(ca['cACertificate'],
+ default_backend())
+ cert_data = cert.public_bytes(Encoding.PEM)
+ with open(root_cert, 'wb') as w:
+ w.write(cert_data)
+ root_certs.append(root_cert)
+ return root_certs
+
+ if r.headers['Content-Type'] == 'application/x-x509-ca-cert':
+ # Older versions of load_der_x509_certificate require a backend param
+ try:
+ cert = load_der_x509_certificate(r.content)
+ except TypeError:
+ cert = load_der_x509_certificate(r.content, default_backend())
+ cert_data = cert.public_bytes(Encoding.PEM)
+ with open(root_cert, 'wb') as w:
+ w.write(cert_data)
+ root_certs.append(root_cert)
+ elif r.headers['Content-Type'] == 'application/x-x509-ca-ra-cert':
+ certs = load_der_pkcs7_certificates(r.content)
+ for i in range(0, len(certs)):
+ cert = certs[i].public_bytes(Encoding.PEM)
+ dest = '%s.%d' % (root_cert, i)
+ with open(dest, 'wb') as w:
+ w.write(cert)
+ root_certs.append(dest)
else:
- log.warn('sscep is not installed, which prevents the installation' +
- ' of the root certificate chain.')
+ log.warn('getca: Wrong (or missing) MIME content type')
+
+ return root_certs
+
+
+def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
+ """Install the root certificate chain."""
+ data = {'files': [], 'templates': []}
+ url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % ca['hostname']
+ root_certs = getca(ca, url, trust_dir)
+ data['files'].extend(root_certs)
+ for src in root_certs:
+ # Symlink the certs to global trust dir
+ dst = os.path.join(global_trust_dir, os.path.basename(src))
+ try:
+ os.symlink(src, dst)
+ data['files'].append(dst)
+ except PermissionError:
+ log.warn('Failed to symlink root certificate to the'
+ ' admin trust anchors')
+ except FileNotFoundError:
+ log.warn('Failed to symlink root certificate to the'
+ ' admin trust anchors.'
+ ' The directory was not found', global_trust_dir)
+ except FileExistsError:
+ # If we're simply downloading a renewed cert, the symlink
+ # already exists. Ignore the FileExistsError. Preserve the
+ # existing symlink in the unapply data.
+ data['files'].append(dst)
update = which('update-ca-certificates')
if update is not None:
Popen([update]).wait()
@@ -313,15 +366,15 @@ class gp_cert_auto_enroll_ext(gp_pol_ext):
private_dir)
self.gp_db.commit()
- '''
- Read CEP Data
- [MS-CAESO] 4.4.5.3.2.4
- In this step autoenrollment initializes instances of the
- CertificateEnrollmentPolicy by accessing end points associated with CEP
- groups created in the previous step.
- '''
def __read_cep_data(self, ldb, end_point_information,
trust_dir, private_dir):
+ """Read CEP Data.
+
+ [MS-CAESO] 4.4.5.3.2.4
+ In this step autoenrollment initializes instances of the
+ CertificateEnrollmentPolicy by accessing end points associated with CEP
+ groups created in the previous step.
+ """
# For each group created in the previous step:
for end_point_group in end_point_information:
# Pick an arbitrary instance of the
diff --git a/python/samba/tests/bin/sscep b/python/samba/tests/bin/sscep
deleted file mode 100755
index d0d88926766..00000000000
--- a/python/samba/tests/bin/sscep
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/python3
-import optparse
-import os, sys, re
-
-sys.path.insert(0, "bin/python")
-
-if __name__ == "__main__":
- parser = optparse.OptionParser('sscep <cmd> [options]')
- parser.add_option('-F')
- parser.add_option('-c')
- parser.add_option('-u')
-
- (opts, args) = parser.parse_args()
- assert len(args) == 1
- assert args[0] == 'getca'
- assert opts.F == 'sha1'
- # Create dummy root cert (empty file)
- with open(opts.c, 'w') as w:
- pass
--
Samba Shared Repository
More information about the samba-cvs
mailing list