From c42364ab321b03306db4875af70f1d8196c8f923 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Mon, 18 Apr 2022 01:13:29 +0100
Subject: [PATCH] Create temporary session directory for 'init-pki' as required

'init-pki' is run in two different states:

* Without a pre-existing PKI
* With a pre-existing PKI

This causes 'init-pki' temporary session directory status to be undefined.

If a PKI does exist then a "session" directory will exist.
If a PKI does not exist then a "session" will not be defined and a directory
will not exist.

Additionally, a 'soft' init-pki leaves the current "session" directory
completely intact.

Resolve this by Always deleting the old "session" and creating a new "session".
* Only 'init-pki' is allowed to do this.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index bfbd285..e27ba6c 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -341,6 +341,9 @@ Type the word '$value' to continue, or any other input to abort."
 
 # Create session directory atomically or fail
 secure_session() {
+	# Session is already defined
+	[ "$EASYRSA_TEMP_DIR_session" ] && die "session overload"
+
 	# temporary directory must exist
 	[ -n "$EASYRSA_TEMP_DIR" ] || return
 	[ -d "$EASYRSA_TEMP_DIR" ] || return
@@ -732,8 +735,17 @@ install_data_to_pki () {
 				"${EASYRSA_PKI}/${vars_file}" || return
 		fi
 
-		# Initialise temporary session for easyrsa_openssl makesafeconf
-		secure_session || return
+		# if session is already defined
+		if [ "$EASYRSA_TEMP_DIR_session" ]; then
+			# Only init-pki can inherit a previous session when deleting a PKI
+			# Only init-pki is allowed to create a new session
+			# 'init-pki soft' does not delete the old session, delete it now
+			[ -d "$EASYRSA_TEMP_DIR_session" ] && rm -rf "$EASYRSA_TEMP_DIR_session" ]
+			unset -v EASYRSA_TEMP_DIR_session
+		fi
+
+		# Initialise new temporary session for easyrsa_openssl makesafeconf
+		secure_session || die "install_data_to_pki - secure_session"
 	;;
 	vars-setup)
 		shift ;; # ok
@@ -743,7 +755,6 @@ install_data_to_pki () {
 		die "install_data_to_pki - unknown context: $1"
 	esac
 
-
 	# Check PKI is updated - Omit unnecessary checks
 	#[ -e "${EASYRSA_PKI}/${vars_file}" ] || return
 	#[ -e "${EASYRSA_PKI}/${vars_file_example}" ] || return