Commit 0d2e99cc authored by Ted Trask's avatar Ted Trask

Replace io.popen calls with modelfunctions.run_executable

parent 6de0d119
......@@ -14,8 +14,6 @@ local processname = "racoon"
local packagename = "ipsec-tools"
local baseurl = "/etc/racoon/"
local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
local descr = {
state={
['9']="Established",
......@@ -35,30 +33,23 @@ local descr = {
-- ################################################################################
-- LOCAL FUNCTIONS
-- Make sure to escape special characters before calling this function
local function ip_xfrm(mode)
local cmd_output_result
local cmd = path .. "ip xfrm " .. (mode or "") .. " 2>/dev/null"
local f = io.popen( cmd )
local cmd_output_result = f:read("*a")
f:close()
return cmd_output_result
end
local function phase2details(dst)
local output = {}
dst = string.match(dst,"^(.*)%.") -- Removes the portnumber
table.insert(output, {label="Outgoing", value=ip_xfrm("state list src ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
table.insert(output, {label="Incoming", value=ip_xfrm("state list dst ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
local value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "src", dst})
-- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
table.insert(output, {label="Outgoing", value=value})
value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "dst", dst})
-- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
table.insert(output, {label="Incoming", value=value})
return output
end
local function racoonctl_table()
local output = {}
local cmd = path .. "racoonctl -lll show-sa isakmp 2>/dev/null"
local f = io.popen( cmd )
local value = f:read("*a")
f:close()
local value = modelfunctions.run_executable({"racoonctl", "-lll", "show-sa", "isakmp"})
for i,line in pairs(format.string_to_table(value,"\n")) do
if not ((string.find(line,"^Source")) or (#line == 0)) then
entry={}
......@@ -134,7 +125,8 @@ end
function getstatusdetails()
local status = {}
status.show_isakmp = cfe({ type="list", value=racoonctl_table(), label="Tunnels" })
status.ip_xfrm_policy = cfe({ type="longtext", value=ip_xfrm("policy"), label="ip xfrm policy" })
status.ip_xfrm_policy = cfe({ type="longtext", label="ip xfrm policy" })
status.ip_xfrm_policy.value, status.ip_xfrm_policy.errtxt = modelfunctions.run_executable({"ip", "xfrm", "policy"})
return cfe({ type="group", value=status, label="Racoon Status Details" })
end
......@@ -197,15 +189,12 @@ function upload_cert(self, newcert)
-- Trying to upload a cert/key
-- The way haserl works, cert contains the temporary file name
-- First, get the cert
local cmd, f, cmdresult
local cmd, f, cmdresult, errtxt
if validator.is_valid_filename(newcert.value.cert.value, "/tmp/") and fs.is_file(newcert.value.cert.value) then
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."cert.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -clcerts 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."cert.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-clcerts"}, true)
local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
if errtxt or not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not open certificate\n"..(errtxt or cmdresult)
success = false
end
else
......@@ -215,23 +204,17 @@ function upload_cert(self, newcert)
-- Now, get the key and the ca certs
if success then
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."key.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nocerts -nodes 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."key.pem", "-password", "pass:"..newcert.value.password.value, "-nocerts", "-nodes"}, true)
filestats = posix.stat(newcert.value.cert.value.."key.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find key\n"..cmdresult
if errtxt or not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find key\n"..(errtxt or cmdresult)
success = false
end
cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."ca.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -cacerts 2>&1"
f = io.popen(cmd)
cmdresult = f:read("*a")
f:close()
cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."ca.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-cacerts"}, true)
filestats = posix.stat(newcert.value.cert.value.."ca.pem")
if not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult
if errtxt or not filestats or filestats.size == 0 then
newcert.value.cert.errtxt = "Could not find CA certs\n"..(errtxt or cmdresult)
success = false
end
end
......@@ -279,12 +262,9 @@ view_cert = function(self, viewcert)
viewcert.errtxt = "Failed to find cert"
for i,cert in ipairs(list.value) do
if cert == viewcert.value.cert.value then
local cmd = path .. "openssl x509 -in "..baseurl..format.escapespecialcharacters(cert).." -noout -text"
local f = io.popen(cmd)
local cmdresult = f:read("*a")
f:close()
viewcert.value.result = cfe({ type="longtext", value=cmdresult, label="Certificate", readonly=true })
viewcert.errtxt = nil
viewcert.value.result = cfe({ type="longtext", label="Certificate", readonly=true })
viewcert.value.result.value, viewcert.value.result.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", baseurl..cert, "-noout", "-text"})
viewcert.errtxt = viewcert.value.result.errtxt
viewcert.value.cert.errtxt = nil
break
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment