Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vars_setup: Multiple vars files, downgrade FATAL error to WARNING
Browse files Browse the repository at this point in the history
Finding multiple vars files will result in a WARNING instead of a
FATAL error, then a vars file is selected.

If --vars=<FILE> is used or EASYRSA_VARS_FILE is defined then only
the vars file defined is used, all other vars files are ignored
without warning.

If multiple vars files are found then select in the following order:
* EASYRSA/vars - User has preset EASYRSA, highest priority.
* PWD/vars - The expected default.
* Program directory - This is essentially the same as PWD/vars
  However, it is explicitly listed due to code history.
* pki/vars - This is least wanted. See note below.

Note:
The pki/vars was an attempt to change the default expected location
of the vars file. After extensive testing, this change has proven to
be fraught with misuse. Specifically, setting EASYRSA_PKI from with
in a different PKI, an obvious conflict of inerests.

If a single vars file is found then select it with the same priority
as multiple vars files.

Signed-off-by: Richard T Bonhomme <[email protected]>
TinCanTech committed Sep 3, 2023

Verified

This commit was signed with the committer’s verified signature.
1 parent 3b4ac2e commit b19beb2
Showing 1 changed file with 69 additions and 58 deletions.
127 changes: 69 additions & 58 deletions easyrsa3/easyrsa
Original file line number Diff line number Diff line change
@@ -5624,44 +5624,40 @@ The 'vars' file was not found:
# Otherwise, find vars
else

# set up program path
prog_file="$0"
prog_dir="${prog_file%/*}"
# User defined EASYRSA vars
if [ "$EASYRSA" ]; then
easy_vars="${EASYRSA}/vars"
else
unset -v easy_vars
fi

# Working dir vars
# This location is most suitable
pwd_vars="$PWD/vars"

# Program dir
prog_dir="${0%/*}"
verbose "vars_setup: prog_dir=$prog_dir"

# If prog_dir is PWD then do not check prog_vars
if [ "$prog_dir" = . ] || [ "$prog_dir" = "$PWD" ]
then
prog_in_pwd=1
unset -v prog_vars
else
unset -v prog_in_pwd
prog_vars="${prog_dir}/vars"
fi

# Program dir vars
prog_vars="${prog_dir}/vars"

# set up PKI path vars
# Due to EASYRSA_PKI being a usable variable
# in the vars file, this is currently NOT a
# suitable location for vars
pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars"

# Some other place vars, out of scope.
if [ "$EASYRSA" ]; then
easy_vars="${EASYRSA}/vars"
else
unset -v easy_vars
fi

# Working dir vars
# This location is most suitable
pwd_vars="$PWD/vars"

# Clear flags
unset -v \
e_pki_vars e_easy_vars e_pwd_vars e_prog_vars \
found_vars vars_in_pki

# PKI location, if present:
[ -e "$pki_vars" ] && e_pki_vars=1

# EASYRSA, if defined:
[ -e "$easy_vars" ] && e_easy_vars=1

@@ -5671,62 +5667,77 @@ The 'vars' file was not found:
# Program location:
[ -e "$prog_vars" ] && e_prog_vars=1

# Filter duplicates
if [ "$e_prog_vars" ] && [ "$e_pwd_vars" ] && \
[ "$prog_in_pwd" ]
then
unset -v prog_vars e_prog_vars
fi
# PKI location, if present:
[ -e "$pki_vars" ] && e_pki_vars=1

# Allow only one vars to be found, No exceptions!
# Count found vars files
found_vars="$((
e_pki_vars + e_easy_vars + e_pwd_vars + e_prog_vars
))"
verbose "vars_setup: found_vars = '$found_vars'"

# If found_vars greater than 1
# then output user info and exit
# then output user info
case "$found_vars" in
0)
: # ok
;;
1)
# If a SINGLE vars file is found
# then assign $vars
[ "$e_prog_vars" ] && vars="$prog_vars"
[ "$e_pwd_vars" ] && vars="$pwd_vars"
[ "$e_easy_vars" ] && vars="$easy_vars"
[ "$e_pki_vars" ] && \
vars="$pki_vars" && vars_in_pki=1
: # Wipe error status
# If a SINGLE vars file is found then
# Select single vars file, with priority
if [ "$e_easy_vars" ]; then
vars="$easy_vars"
elif [ "$e_pwd_vars" ]; then
vars="$pwd_vars"
elif [ "$e_prog_vars" ]; then
vars="$prog_vars"
elif [ "$e_pki_vars" ]; then
vars="$pki_vars"
vars_in_pki=1
else
# This cannot happen
die "Detecting vars file failed!"
fi
;;
*)
[ "$e_pki_vars" ] && print "Found: $pki_vars"
[ "$e_easy_vars" ] && print "Found: $easy_vars"
[ "$e_pwd_vars" ] && print "Found: $pwd_vars"
[ "$e_prog_vars" ] && print "Found: $prog_vars"

# For init-pki, version and help, skip this
#if [ "$require_pki" ]; then
user_error "\
Conflicting 'vars' files found, see above.
# Multiple vars files
warn "\
Conflicting 'vars' files found, see below.
EasyRSA cannot be used with multiple 'vars' files.
Either declare which 'vars' file to use with --vars=<FILE>
or remove the 'vars' files which are not in use."
#fi

# For init-pki, pki/vars will be deleted
# However, another vars file exists
# so don't create pki/vars
#no_new_vars=1
#verbose "vars_setup: no_new_vars = '$no_new_vars'"
or remove the 'vars' files which are not in use.${NL}"

# Show found vars files
[ "$e_easy_vars" ] && \
print " easy_vars Found: $easy_vars"
[ "$e_pwd_vars" ] && \
print " pwd_vars Found: $pwd_vars"
[ "$e_prog_vars" ] && \
print " prog_vars Found: $prog_vars"
[ "$e_pki_vars" ] && \
print " pki_vars Found: $pki_vars"

# Select single vars file, with priority
if [ "$e_easy_vars" ]; then
vars="$easy_vars"
elif [ "$e_pwd_vars" ]; then
vars="$pwd_vars"
elif [ "$e_prog_vars" ]; then
vars="$prog_vars"
elif [ "$e_pki_vars" ]; then
vars="$pki_vars"
else
# This cannot happen
die "Detecting vars file failed!"
fi
esac

verbose "vars_setup: vars = '$vars'"
# Show selected vars
print " * Selected vars: $vars"
[ "$EASYRSA_VERBOSE" ] && print

# Clean up
unset -v prog_vars pwd_vars easy_vars pki_vars \
expected_pki_vars
unset -v prog_vars pwd_vars easy_vars pki_vars
# END: Find vars
fi

0 comments on commit b19beb2

Please sign in to comment.