Commit 6abe7758 authored by ssrq's avatar ssrq

[type/__easy_rsa_cert] Safer command quoting

parent 51ed853d
......@@ -20,6 +20,12 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
quote() { printf "'%s'" "$(printf '%s' "$*" | sed -e "s/'/'\\\\''/g")"; }
base_dir=$(cat "${__object:?}/parameter/dir")
state_is=$(cat "${__object:?}/explorer/cert-presence")
# Set the executable for easy-rsa
easyrsa_executable=
os=$(cat "${__global:?}/explorer/os")
......@@ -57,12 +63,14 @@ then
req_options="--req-cn='$(head -n1 "${__object:?}/parameter/common-name")'"
fi
cert_already_present=$(cat "${__object:?}/explorer/cert-presence")
if test "${cert_already_present}" != 'present'
if test "${state_is}" != 'present'
then
base_dir=$(cat "${__object:?}/parameter/dir")
echo "cd ${base_dir}"
printf 'cd %s\n' "$(quote "${base_dir}")"
easyrsa_cmd="${easyrsa_executable} --pki-dir=$(quote "${base_dir}/pki") --vars=$(quote "${base_dir}/vars") --batch"
echo "${easyrsa_executable} --pki-dir=${base_dir}/pki ${req_options} --batch gen-req ${__object_id:?} nopass"
echo "${easyrsa_executable} --pki-dir=${base_dir}/pki --batch sign-req ${cert_type} ${__object_id:?}"
printf '%s %s gen-req %s nopass\n' \
"${easyrsa_cmd}" "${req_options# }" "$(quote "${__object_id:?}")"
printf '%s sign-req %s %s\n' \
"${easyrsa_cmd}" "${cert_type}" "$(quote "${__object_id:?}")"
fi
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment