From a364299f220482f37e90760e32d65f5c6293b201 Mon Sep 17 00:00:00 2001 From: Richard T Bonhomme Date: Sun, 3 Sep 2023 20:15:59 +0100 Subject: [PATCH] vars_setup: Multiple vars files, downgrade FATAL error to WARNING Finding multiple vars files will result in a WARNING instead of a FATAL error, then a vars file is selected. If --vars= is used or EASYRSA_VARS_FILE is defined then only the vars file defined is used, all other vars files are ignored without warning. If multiple vars files are found then select in the following order: * EASYRSA/vars - User has preset EASYRSA, highest priority. * PWD/vars - The expected default. * Program directory - This is essentially the same as PWD/vars However, it is explicitly listed due to code history. * pki/vars - This is least wanted. See note below. Note: The pki/vars was an attempt to change the default expected location of the vars file. After extensive testing, this change has proven to be fraught with misuse. Specifically, setting EASYRSA_PKI from with in a different PKI, an obvious conflict of inerests. Signed-off-by: Richard T Bonhomme --- easyrsa3/easyrsa | 104 ++++++++++++++++++++++++----------------------- 1 file changed, 54 insertions(+), 50 deletions(-) diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa index df81a4f72..f91a3d961 100755 --- a/easyrsa3/easyrsa +++ b/easyrsa3/easyrsa @@ -5624,44 +5624,40 @@ The 'vars' file was not found: # Otherwise, find vars else - # set up program path - prog_file="$0" - prog_dir="${prog_file%/*}" + # User defined EASYRSA vars + if [ "$EASYRSA" ]; then + easy_vars="${EASYRSA}/vars" + else + unset -v easy_vars + fi + + # Working dir vars + # This location is most suitable + pwd_vars="$PWD/vars" + + # Program dir + prog_dir="${0%/*}" + verbose "vars_setup: prog_dir=$prog_dir" + + # If prog_dir is PWD then do not check prog_vars if [ "$prog_dir" = . ] || [ "$prog_dir" = "$PWD" ] then - prog_in_pwd=1 + unset -v prog_vars else - unset -v prog_in_pwd + prog_vars="${prog_dir}/vars" fi - # Program dir vars - prog_vars="${prog_dir}/vars" - # set up PKI path vars # Due to EASYRSA_PKI being a usable variable # in the vars file, this is currently NOT a # suitable location for vars pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - # Some other place vars, out of scope. - if [ "$EASYRSA" ]; then - easy_vars="${EASYRSA}/vars" - else - unset -v easy_vars - fi - - # Working dir vars - # This location is most suitable - pwd_vars="$PWD/vars" - # Clear flags unset -v \ e_pki_vars e_easy_vars e_pwd_vars e_prog_vars \ found_vars vars_in_pki - # PKI location, if present: - [ -e "$pki_vars" ] && e_pki_vars=1 - # EASYRSA, if defined: [ -e "$easy_vars" ] && e_easy_vars=1 @@ -5671,21 +5667,17 @@ The 'vars' file was not found: # Program location: [ -e "$prog_vars" ] && e_prog_vars=1 - # Filter duplicates - if [ "$e_prog_vars" ] && [ "$e_pwd_vars" ] && \ - [ "$prog_in_pwd" ] - then - unset -v prog_vars e_prog_vars - fi + # PKI location, if present: + [ -e "$pki_vars" ] && e_pki_vars=1 - # Allow only one vars to be found, No exceptions! + # Count found vars files found_vars="$(( e_pki_vars + e_easy_vars + e_pwd_vars + e_prog_vars ))" verbose "vars_setup: found_vars = '$found_vars'" # If found_vars greater than 1 - # then output user info and exit + # then output user info case "$found_vars" in 0) : # ok @@ -5701,32 +5693,44 @@ The 'vars' file was not found: : # Wipe error status ;; *) - [ "$e_pki_vars" ] && print "Found: $pki_vars" - [ "$e_easy_vars" ] && print "Found: $easy_vars" - [ "$e_pwd_vars" ] && print "Found: $pwd_vars" - [ "$e_prog_vars" ] && print "Found: $prog_vars" - - # For init-pki, version and help, skip this - #if [ "$require_pki" ]; then - user_error "\ -Conflicting 'vars' files found, see above. + # Multiple vars files + warn "\ +Conflicting 'vars' files found, see below. EasyRSA cannot be used with multiple 'vars' files. Either declare which 'vars' file to use with --vars= -or remove the 'vars' files which are not in use." - #fi - - # For init-pki, pki/vars will be deleted - # However, another vars file exists - # so don't create pki/vars - #no_new_vars=1 - #verbose "vars_setup: no_new_vars = '$no_new_vars'" +or remove the 'vars' files which are not in use.${NL}" + + # Show found vars files + [ "$e_easy_vars" ] && \ + print " easy_vars Found: $easy_vars" + [ "$e_pwd_vars" ] && \ + print " pwd_vars Found: $pwd_vars" + [ "$e_prog_vars" ] && \ + print " prog_vars Found: $prog_vars" + [ "$e_pki_vars" ] && \ + print " pki_vars Found: $pki_vars" + + # Select single vars file, with priority + if [ "$e_easy_vars" ]; then + vars="$easy_vars" + elif [ "$e_pwd_vars" ]; then + vars="$pwd_vars" + elif [ "$e_prog_vars" ]; then + vars="$prog_vars" + elif [ "$e_pki_vars" ]; then + vars="$pki_vars" + else + # This cannot happen + die "Detecting vars file failed!" + fi esac - verbose "vars_setup: vars = '$vars'" + # Show selected vars + print " * Selected vars: $vars" + [ "$EASYRSA_VERBOSE" ] && print # Clean up - unset -v prog_vars pwd_vars easy_vars pki_vars \ - expected_pki_vars + unset -v prog_vars pwd_vars easy_vars pki_vars # END: Find vars fi