nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'prohibit-vars-export' of ssh://github.com/TinCanTech/easy-rsa into TinCanTech-prohibit-vars-export

Browse Source 
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2023-03-10 20:26:42 +00:00
commit 59c4e6f62f
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
easyrsa3/easyrsa
View File

@ -4649,22 +4649,30 @@ Priority should be given to your PKI vars file:
# 'vars' now MUST exist # 'vars' now MUST exist
[ -e "$vars" ] || die "Missing vars file, expected: $vars" [ -e "$vars" ] || die "Missing vars file, expected: $vars"
# Sanitize vars # Installation information
if grep -Eq 'EASYRSA_PASSIN|EASYRSA_PASSOUT' "$vars"; then information "\
die "\ Using Easy-RSA configuration:
Variable EASYRSA_PASSIN or EASYRSA_PASSOUT has been found in the configuration $vars"
file. Storing sensitive information in the configuration file is not
recommended - please remove it from there before continuing."
fi
# Warning: Unsupported characters # Sanitize vars
if grep '^[[:blank:]]*set_var[[:blank:]]*.*$' "$vars" | \ if grep -q \
grep -q -e '`' -e 'EASYRSA_PASSIN' -e 'EASYRSA_PASSOUT' \
-e '^[^#]*export *_*[[:alpha:]]*[[:alnum:]]*.*$' \
-e '[^(]`[^)]' "$vars"
then then
warn '\ die "\
Unsupported characters are present in the vars file. One or more of these problems has been found in your 'vars' file:
These characters are not supported: ` backtick
Sourcing the vars file and building certificates will probably fail ..' * Use of 'EASYRSA_PASSIN' or 'EASYRSA_PASSOUT':
Storing password information in the 'vars' file is not permitted.
* Use of 'export':
Remove 'export' or replace it with 'set_var'.
* Use of unsupported characters:
These characters are not supported: \` backtick
Please, correct these errors and try again."
fi fi
# Enable sourcing 'vars' # Enable sourcing 'vars'
@ -4748,9 +4756,6 @@ Sourcing the vars file and building certificates will probably fail ..'
install_data_to_pki vars-setup || \ install_data_to_pki vars-setup || \
warn "install_data_to_pki vars-setup Failed" warn "install_data_to_pki vars-setup Failed"
# Installation information
[ "$no_new_vars" ] || \
information "Using Easy-RSA configuration: $vars"
# if the vars file in use is not in the PKI and not user defined # if the vars file in use is not in the PKI and not user defined
# Show messages # Show messages
if [ "$vars_in_pki" ] || [ "$user_vars_true" ] || \ if [ "$vars_in_pki" ] || [ "$user_vars_true" ] || \