nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create temporary session directory for 'init-pki' as required

Browse Source 
'init-pki' is run in two different states:

* Without a pre-existing PKI
* With a pre-existing PKI

This causes 'init-pki' temporary session directory status to be undefined.

If a PKI does exist then a "session" directory will exist.
If a PKI does not exist then a "session" will not be defined and a directory
will not exist.

Additionally, a 'soft' init-pki leaves the current "session" directory
completely intact.

Resolve this by Always deleting the old "session" and creating a new "session".
* Only 'init-pki' is allowed to do this.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-04-18 01:13:29 +01:00
parent a289da60cf
commit c42364ab32
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
easyrsa3/easyrsa
View File

@ -341,6 +341,9 @@ Type the word '$value' to continue, or any other input to abort."
# Create session directory atomically or fail
secure_session() {
# Session is already defined
[ "$EASYRSA_TEMP_DIR_session" ] && die "session overload"
# temporary directory must exist
[ -n "$EASYRSA_TEMP_DIR" ] || return
[ -d "$EASYRSA_TEMP_DIR" ] || return
@ -732,8 +735,17 @@ install_data_to_pki () {
"${EASYRSA_PKI}/${vars_file}" || return
fi
# Initialise temporary session for easyrsa_openssl makesafeconf
secure_session || return
# if session is already defined
if [ "$EASYRSA_TEMP_DIR_session" ]; then
# Only init-pki can inherit a previous session when deleting a PKI
# Only init-pki is allowed to create a new session
# 'init-pki soft' does not delete the old session, delete it now
[ -d "$EASYRSA_TEMP_DIR_session" ] && rm -rf "$EASYRSA_TEMP_DIR_session" ]
unset -v EASYRSA_TEMP_DIR_session
fi
# Initialise new temporary session for easyrsa_openssl makesafeconf
secure_session || die "install_data_to_pki - secure_session"
;;
vars-setup)
shift ;; # ok
@ -743,7 +755,6 @@ install_data_to_pki () {
die "install_data_to_pki - unknown context: $1"
esac
# Check PKI is updated - Omit unnecessary checks
#[ -e "${EASYRSA_PKI}/${vars_file}" ] || return
#[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return