summaryrefslogtreecommitdiffstats
path: root/ipsectools-model.lua
diff options
context:
space:
mode:
Diffstat (limited to 'ipsectools-model.lua')
-rw-r--r--ipsectools-model.lua68
1 files changed, 24 insertions, 44 deletions
diff --git a/ipsectools-model.lua b/ipsectools-model.lua
index 568375c..de05ba1 100644
--- a/ipsectools-model.lua
+++ b/ipsectools-model.lua
@@ -14,8 +14,6 @@ local processname = "racoon"
local packagename = "ipsec-tools"
local baseurl = "/etc/racoon/"
-local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
-
local descr = {
state={
['9']="Established",
@@ -35,30 +33,23 @@ local descr = {
-- ################################################################################
-- LOCAL FUNCTIONS
--- Make sure to escape special characters before calling this function
-local function ip_xfrm(mode)
- local cmd_output_result
- local cmd = path .. "ip xfrm " .. (mode or "") .. " 2>/dev/null"
- local f = io.popen( cmd )
- local cmd_output_result = f:read("*a")
- f:close()
- return cmd_output_result
-end
-
local function phase2details(dst)
local output = {}
dst = string.match(dst,"^(.*)%.") -- Removes the portnumber
- table.insert(output, {label="Outgoing", value=ip_xfrm("state list src ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
- table.insert(output, {label="Incoming", value=ip_xfrm("state list dst ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
+ local value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "src", dst})
+ -- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
+ table.insert(output, {label="Outgoing", value=value})
+
+ value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "dst", dst})
+ -- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
+ table.insert(output, {label="Incoming", value=value})
+
return output
end
local function racoonctl_table()
local output = {}
- local cmd = path .. "racoonctl -lll show-sa isakmp 2>/dev/null"
- local f = io.popen( cmd )
- local value = f:read("*a")
- f:close()
+ local value = modelfunctions.run_executable({"racoonctl", "-lll", "show-sa", "isakmp"})
for i,line in pairs(format.string_to_table(value,"\n")) do
if not ((string.find(line,"^Source")) or (#line == 0)) then
entry={}
@@ -134,7 +125,8 @@ end
function getstatusdetails()
local status = {}
status.show_isakmp = cfe({ type="list", value=racoonctl_table(), label="Tunnels" })
- status.ip_xfrm_policy = cfe({ type="longtext", value=ip_xfrm("policy"), label="ip xfrm policy" })
+ status.ip_xfrm_policy = cfe({ type="longtext", label="ip xfrm policy" })
+ status.ip_xfrm_policy.value, status.ip_xfrm_policy.errtxt = modelfunctions.run_executable({"ip", "xfrm", "policy"})
return cfe({ type="group", value=status, label="Racoon Status Details" })
end
@@ -197,15 +189,12 @@ function upload_cert(self, newcert)
-- Trying to upload a cert/key
-- The way haserl works, cert contains the temporary file name
-- First, get the cert
- local cmd, f, cmdresult
+ local cmd, f, cmdresult, errtxt
if validator.is_valid_filename(newcert.value.cert.value, "/tmp/") and fs.is_file(newcert.value.cert.value) then
- cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."cert.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -clcerts 2>&1"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."cert.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-clcerts"}, true)
local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
- if not filestats or filestats.size == 0 then
- newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
+ if errtxt or not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not open certificate\n"..(errtxt or cmdresult)
success = false
end
else
@@ -215,23 +204,17 @@ function upload_cert(self, newcert)
-- Now, get the key and the ca certs
if success then
- cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."key.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nocerts -nodes 2>&1"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."key.pem", "-password", "pass:"..newcert.value.password.value, "-nocerts", "-nodes"}, true)
filestats = posix.stat(newcert.value.cert.value.."key.pem")
- if not filestats or filestats.size == 0 then
- newcert.value.cert.errtxt = "Could not find key\n"..cmdresult
+ if errtxt or not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not find key\n"..(errtxt or cmdresult)
success = false
end
- cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."ca.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -cacerts 2>&1"
- f = io.popen(cmd)
- cmdresult = f:read("*a")
- f:close()
+ cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."ca.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-cacerts"}, true)
filestats = posix.stat(newcert.value.cert.value.."ca.pem")
- if not filestats or filestats.size == 0 then
- newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult
+ if errtxt or not filestats or filestats.size == 0 then
+ newcert.value.cert.errtxt = "Could not find CA certs\n"..(errtxt or cmdresult)
success = false
end
end
@@ -279,12 +262,9 @@ view_cert = function(self, viewcert)
viewcert.errtxt = "Failed to find cert"
for i,cert in ipairs(list.value) do
if cert == viewcert.value.cert.value then
- local cmd = path .. "openssl x509 -in "..baseurl..format.escapespecialcharacters(cert).." -noout -text"
- local f = io.popen(cmd)
- local cmdresult = f:read("*a")
- f:close()
- viewcert.value.result = cfe({ type="longtext", value=cmdresult, label="Certificate", readonly=true })
- viewcert.errtxt = nil
+ viewcert.value.result = cfe({ type="longtext", label="Certificate", readonly=true })
+ viewcert.value.result.value, viewcert.value.result.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", baseurl..cert, "-noout", "-text"})
+ viewcert.errtxt = viewcert.value.result.errtxt
viewcert.value.cert.errtxt = nil
break
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 16:30:10 +0000