]> granicus.if.org Git - icinga2/commitdiff
Ignore repeated requests from client after using ca remove command
authorAndrew Jaffie <ajaffie@gmail.com>
Wed, 8 Aug 2018 15:34:37 +0000 (11:34 -0400)
committerMichael Friedrich <michael.friedrich@icinga.com>
Fri, 7 Jun 2019 08:33:55 +0000 (10:33 +0200)
lib/cli/caremovecommand.cpp
lib/remote/jsonrpcconnection-pki.cpp

index ab6e0f811900330819f35d96dcaa496fb00669ca..a174d9e579705cb373533f69e78654dd676e9ccf 100644 (file)
@@ -61,7 +61,7 @@ int CARemoveCommand::Run(const boost::program_options::variables_map& vm, const
                        << "No request exists for fingerprint '" << ap[0] << "'.";
                return 1;
        }
-
+       Utility::SaveJsonFile(ApiListener::GetCertificateRequestsDir() + "/" + ap[0] + ".removed", 700, Utility::LoadJsonFile(requestFile));
        if(remove(requestFile.CStr()) != 0)
                return 1;
 
index 9b537d13864a44b7b8527c39b37e250c3476366d..27a21a6b3e5a0d3904acf8c7fbcad8f7c922d75e 100644 (file)
@@ -129,6 +129,12 @@ Value RequestCertificateHandler(const MessageOrigin::Ptr& origin, const Dictiona
 
                        return result;
                }
+       } else if (Utility::PathExists(requestDir + "/" + certFingerprint + ".removed")) {
+               Log(LogInformation, "JsonRpcConnection")
+                       << "Certificate for CN " << cn << " has been removed. Ignoring signing request.";
+               result->Set("status_code", 1);
+               result->Set("error", "Ticket for CN " + cn + " declined by administrator.");
+               return result;
        }
 
        std::shared_ptr<X509> newcert;