Merge branch 'prohibit-vars-export' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-prohibit-vars-export

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
2023-03-10 20:26:42 +00:00 · 2023-03-10 20:26:42 +00:00 · 59c4e6f62f
commit 59c4e6f62f
parent e57fef63f1 7bb3eb5d03
1 changed files with 22 additions and 17 deletions
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@ -4649,22 +4649,30 @@ Priority should be given to your PKI vars file:
 			# 'vars' now MUST exist
 			[ -e "$vars" ] || die "Missing vars file, expected: $vars"

-			# Sanitize vars
-			if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then
-				die "\
-Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration
-file. Storing sensitive information in the configuration file is not
-recommended - please remove it from there before continuing."
-			fi
+			# Installation information
+			information "\
+Using Easy-RSA configuration:
+  $vars"

-			# Warning: Unsupported  characters
-			if grep '^[[:blank:]]*set_var[[:blank:]]*.*$' "$vars" | \
-				grep -q -e '`'
+			# Sanitize vars
+			if grep -q \
+				-e 'EASYRSA_PASSIN' -e 'EASYRSA_PASSOUT' \
+				-e '^[^#]*export *_*[[:alpha:]]*[[:alnum:]]*.*$' \
+				-e '[^(]`[^)]' "$vars"
 			then
-				warn '\
-Unsupported characters are present in the vars file.
-These characters are not supported: ` backtick
-Sourcing the vars file and building certificates will probably fail ..'
+				die "\
+One or more of these problems has been found in your 'vars' file:
+
+* Use of 'EASYRSA_PASSIN' or 'EASYRSA_PASSOUT':
+  Storing password information in the 'vars' file is not permitted.
+
+* Use of 'export':
+  Remove 'export' or replace it with 'set_var'.
+
+* Use of unsupported characters:
+  These characters are not supported: \` backtick
+
+Please, correct these errors and try again."
 			fi

 			# Enable sourcing 'vars'
@ -4748,9 +4756,6 @@ Sourcing the vars file and building certificates will probably fail ..'
 			install_data_to_pki vars-setup || \
 				warn "install_data_to_pki vars-setup Failed"

-			# Installation information
-			[ "$no_new_vars" ] || \
-				information "Using Easy-RSA configuration: $vars"
 			# if the vars file in use is not in the PKI and not user defined
 			# Show messages
 			if [ "$vars_in_pki" ] || [ "$user_vars_true" ] || \