nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'luizluca-fix_dirtemp_windows'

Browse Source 
workaround for but in the win32 mktemp utility

Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
This commit is contained in:
Eric F Crist 2019-06-07 07:31:07 -05:00
commit e8811e10e6
No known key found for this signature in database
GPG Key ID: 72964219390D0D0E
1 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
easyrsa3/easyrsa
View File

@ -311,7 +311,18 @@ easyrsa_mktemp() {
[ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!" [ -n "$EASYRSA_TEMP_DIR_session" ] || die "EASYRSA_TEMP_DIR_session not initialized!"
[ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" || [ -d "$EASYRSA_TEMP_DIR_session" ] || mkdir -p "$EASYRSA_TEMP_DIR_session" ||
die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?" die "Could not create temporary directory '$EASYRSA_TEMP_DIR_session'. Permission or concurrency problem?"
mktemp "$EASYRSA_TEMP_DIR_session/tmp.XXXXXX" [ -d "$EASYRSA_TEMP_DIR_session" ] || die "Temporary directory '$EASYRSA_TEMP_DIR_session' does not exist"
template="$EASYRSA_TEMP_DIR_session/tmp.XXXXXX"
tempfile=$(mktemp "$template") || return
# win32 mktemp shipped by easyrsa returns template as file!
if [ "$template" = "$tempfile" ]; then
# but win32 mktemp -d does work
tempfile=$(mktemp -du "$tempfile") || return
printf "" > "$tempfile" || return
fi
echo "$tempfile"
} # => easyrsa_mktemp } # => easyrsa_mktemp
# remove temp files and do terminal cleanups # remove temp files and do terminal cleanups
@ -334,10 +345,10 @@ easyrsa_openssl() {
return return
fi fi
easyrsa_openssl_conf=$(easyrsa_mktemp) easyrsa_openssl_conf=$(easyrsa_mktemp) || die "Failed to create temporary file"
easyrsa_extra_exts= easyrsa_extra_exts=
if [ -n "$EASYRSA_EXTRA_EXTS" ]; then if [ -n "$EASYRSA_EXTRA_EXTS" ]; then
easyrsa_extra_exts=$(easyrsa_mktemp) easyrsa_extra_exts=$(easyrsa_mktemp) || die "Failed to create temporary file"
cat >"$easyrsa_extra_exts" <<-EOF cat >"$easyrsa_extra_exts" <<-EOF
req_extensions = req_extra req_extensions = req_extra
[ req_extra ] [ req_extra ]
@ -587,11 +598,11 @@ current CA keypair. If you intended to start a new CA, run init-pki first."
# shellcheck disable=SC2015 # shellcheck disable=SC2015
[ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA" [ "$EASYRSA_BATCH" ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
out_key_tmp="$(easyrsa_mktemp)" out_key_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
out_file_tmp="$(easyrsa_mktemp)" out_file_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
# Get password from user if necessary # Get password from user if necessary
if [ ! $nopass ] && ( [ -z "$EASYRSA_PASSOUT" ] || [ -z "$EASYRSA_PASSIN" ] ); then if [ ! $nopass ] && ( [ -z "$EASYRSA_PASSOUT" ] || [ -z "$EASYRSA_PASSIN" ] ); then
out_key_pass_tmp="$(easyrsa_mktemp)" out_key_pass_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
echo echo
printf "Enter New CA Key Passphrase: " printf "Enter New CA Key Passphrase: "
hide_read_pass kpass hide_read_pass kpass
@ -714,7 +725,7 @@ $EASYRSA_EXTRA_EXTS"
{ while ( getline<"/dev/stdin" ) {print} next } { while ( getline<"/dev/stdin" ) {print} next }
{print} {print}
}' }'
conf_tmp="$(easyrsa_mktemp)" conf_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
print "$extra_exts" | \ print "$extra_exts" | \
awk "$awkscript" "$EASYRSA_SSL_CONF" \ awk "$awkscript" "$EASYRSA_SSL_CONF" \
> "$conf_tmp" \ > "$conf_tmp" \
@ -723,8 +734,8 @@ $EASYRSA_EXTRA_EXTS"
EASYRSA_SSL_CONF="$conf_tmp" EASYRSA_SSL_CONF="$conf_tmp"
fi fi
key_out_tmp="$(easyrsa_mktemp)" key_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
req_out_tmp="$(easyrsa_mktemp)" req_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
# generate request # generate request
[ $EASYRSA_BATCH ] && opts="$opts -batch" [ $EASYRSA_BATCH ] && opts="$opts -batch"
# shellcheck disable=2086,2148 # shellcheck disable=2086,2148
@ -803,7 +814,7 @@ $(display_dn req "$req_in")
" # => confirm end " # => confirm end
# Generate the extensions file for this cert: # Generate the extensions file for this cert:
ext_tmp="$(easyrsa_mktemp)" ext_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
{ {
# Append first any COMMON file (if present) then the cert-type extensions # Append first any COMMON file (if present) then the cert-type extensions
cat "$EASYRSA_EXT_DIR/COMMON" cat "$EASYRSA_EXT_DIR/COMMON"
@ -845,7 +856,7 @@ Failed to create temp extension file (bad permissions?) at:
$ext_tmp" $ext_tmp"
# sign request # sign request
crt_out_tmp="$(easyrsa_mktemp)" crt_out_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
easyrsa_openssl ca -utf8 -in "$req_in" -out "$crt_out_tmp" \ easyrsa_openssl ca -utf8 -in "$req_in" -out "$crt_out_tmp" \
-extfile "$ext_tmp" -days "$EASYRSA_CERT_EXPIRE" -batch $opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \ -extfile "$ext_tmp" -days "$EASYRSA_CERT_EXPIRE" -batch $opts ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} \
|| die "signing failed (openssl output above may have more detail)" || die "signing failed (openssl output above may have more detail)"
@ -1189,7 +1200,7 @@ gen_crl() {
verify_ca_init verify_ca_init
out_file="$EASYRSA_PKI/crl.pem" out_file="$EASYRSA_PKI/crl.pem"
out_file_tmp="$(easyrsa_mktemp)" out_file_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\ easyrsa_openssl ca -utf8 -gencrl -out "$out_file_tmp" ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} || die "\
CRL Generation failed. CRL Generation failed.
" "
@ -1347,7 +1358,7 @@ $file"
If the key is currently encrypted you must supply the decryption passphrase. If the key is currently encrypted you must supply the decryption passphrase.
${crypto:+You will then enter a new PEM passphrase for this key.$NL}" ${crypto:+You will then enter a new PEM passphrase for this key.$NL}"
out_key_tmp="$(easyrsa_mktemp)" out_key_tmp="$(easyrsa_mktemp)" || die "Failed to create temporary file"
easyrsa_openssl "$key_type" -in "$file" -out "$out_key_tmp" $crypto ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\ easyrsa_openssl "$key_type" -in "$file" -out "$out_key_tmp" $crypto ${EASYRSA_PASSIN:+-passin "$EASYRSA_PASSIN"} ${EASYRSA_PASSOUT:+-passout "$EASYRSA_PASSOUT"} || die "\
Failed to change the private key passphrase. See above for possible openssl Failed to change the private key passphrase. See above for possible openssl
error messages." error messages."