From: Andreas Schneider <asn@samba.org>
Date: Mon, 22 Jan 2024 13:07:47 +0000 (+0100)
Subject: python:gp: Improve logging for certificate enrollment
X-Git-Tag: talloc-2.4.2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6d5507e05050690cd4c56f3f97f5fb7de0338b87;p=thirdparty%2Fsamba.git

python:gp: Improve logging for certificate enrollment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
---

diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index ddc14ae8e8d..e07f4276b84 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -274,6 +274,9 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
     """Install the root certificate chain."""
     data = dict({'files': [], 'templates': []}, **ca)
     url = 'http://%s/CertSrv/mscep/mscep.dll/pkiclient.exe?' % ca['hostname']
+
+    log.info("Try to get root or server certificates")
+
     root_certs = getca(ca, url, trust_dir)
     data['files'].extend(root_certs)
     global_trust_dir = find_global_trust_dir()
@@ -283,6 +286,7 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
         try:
             os.symlink(src, dst)
             data['files'].append(dst)
+            log.info("Created symlink: %s -> %s" % (src, dst))
         except PermissionError:
             log.warn('Failed to symlink root certificate to the'
                      ' admin trust anchors')
@@ -295,9 +299,14 @@ def cert_enroll(ca, ldb, trust_dir, private_dir, auth='Kerberos'):
             # already exists. Ignore the FileExistsError. Preserve the
             # existing symlink in the unapply data.
             data['files'].append(dst)
+
     update = update_ca_command()
+    log.info("Running %s" % (update))
     if update is not None:
-        Popen([update]).wait()
+        ret = Popen([update]).wait()
+        if ret != 0:
+            log.error('Failed to run %s' % (update))
+
     # Setup Certificate Auto Enrollment
     getcert = which('getcert')
     cepces_submit = find_cepces_submit()