From 0d2e99cc6c62be1dae0d2f9037570cdd911937d7 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Tue, 8 Jan 2013 15:56:16 +0000
Subject: Replace io.popen calls with modelfunctions.run_executable

---
 ipsectools-model.lua | 68 +++++++++++++++++++---------------------------------
 1 file changed, 24 insertions(+), 44 deletions(-)

diff --git a/ipsectools-model.lua b/ipsectools-model.lua
index 568375c..de05ba1 100644
--- a/ipsectools-model.lua
+++ b/ipsectools-model.lua
@@ -14,8 +14,6 @@ local processname = "racoon"
 local packagename = "ipsec-tools"
 local baseurl = "/etc/racoon/"
 
-local path = "PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin "
-
 local descr = {
 	state={
 	['9']="Established",
@@ -35,30 +33,23 @@ local descr = {
 -- ################################################################################
 -- LOCAL FUNCTIONS
 
--- Make sure to escape special characters before calling this function
-local function ip_xfrm(mode)
-	local cmd_output_result
-	local cmd = path .. "ip xfrm " .. (mode or "") .. " 2>/dev/null"
-	local f = io.popen( cmd )
-	local cmd_output_result = f:read("*a")
-	f:close()
-	return cmd_output_result
-end
-
 local function phase2details(dst)
 	local output = {}
 	dst = string.match(dst,"^(.*)%.")	-- Removes the portnumber
-	table.insert(output, {label="Outgoing", value=ip_xfrm("state list src ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
-	table.insert(output, {label="Incoming", value=ip_xfrm("state list dst ".. format.escapespecialcharacters(dst) .. " | grep '^src'")})
+	local value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "src", dst})
+	-- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
+	table.insert(output, {label="Outgoing", value=value})
+	
+	value = modelfunctions.run_executable({"ip", "xfrm", "state", "list", "dst", dst})
+	-- REMOVE THE LINES THAT DON'T START WITH "src" io.popen
+	table.insert(output, {label="Incoming", value=value})
+
 	return output
 end
 
 local function racoonctl_table()
 	local output = {}
-	local cmd = path .. "racoonctl -lll show-sa isakmp 2>/dev/null"
-	local f = io.popen( cmd )
-	local value = f:read("*a")
-	f:close()
+	local value = modelfunctions.run_executable({"racoonctl", "-lll", "show-sa", "isakmp"})
  	for i,line in pairs(format.string_to_table(value,"\n")) do
 		if not ((string.find(line,"^Source")) or (#line == 0)) then
 			entry={}
@@ -134,7 +125,8 @@ end
 function getstatusdetails()
 	local status = {}
 	status.show_isakmp = cfe({ type="list", value=racoonctl_table(), label="Tunnels" })
-	status.ip_xfrm_policy = cfe({ type="longtext", value=ip_xfrm("policy"), label="ip xfrm policy" })
+	status.ip_xfrm_policy = cfe({ type="longtext", label="ip xfrm policy" })
+	status.ip_xfrm_policy.value, status.ip_xfrm_policy.errtxt = modelfunctions.run_executable({"ip", "xfrm", "policy"})
 
 	return cfe({ type="group", value=status, label="Racoon Status Details" })
 end
@@ -197,15 +189,12 @@ function upload_cert(self, newcert)
 	-- Trying to upload a cert/key
 	-- The way haserl works, cert contains the temporary file name
 	-- First, get the cert
-	local cmd, f, cmdresult
+	local cmd, f, cmdresult, errtxt
 	if validator.is_valid_filename(newcert.value.cert.value, "/tmp/") and fs.is_file(newcert.value.cert.value) then
-		cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."cert.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -clcerts 2>&1"
-		f = io.popen(cmd)
-		cmdresult = f:read("*a")
-		f:close()
+		cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."cert.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-clcerts"}, true)
 		local filestats = posix.stat(newcert.value.cert.value.."cert.pem")
-		if not filestats or filestats.size == 0 then
-			newcert.value.cert.errtxt = "Could not open certificate\n"..cmdresult
+		if errtxt or not filestats or filestats.size == 0 then
+			newcert.value.cert.errtxt = "Could not open certificate\n"..(errtxt or cmdresult)
 			success = false
 		end
 	else
@@ -215,23 +204,17 @@ function upload_cert(self, newcert)
 
 	-- Now, get the key and the ca certs
 	if success then
-		cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."key.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nocerts -nodes 2>&1"
-		f = io.popen(cmd)
-		cmdresult = f:read("*a")
-		f:close()
+		cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."key.pem", "-password", "pass:"..newcert.value.password.value, "-nocerts", "-nodes"}, true)
 		filestats = posix.stat(newcert.value.cert.value.."key.pem")
-		if not filestats or filestats.size == 0 then
-			newcert.value.cert.errtxt = "Could not find key\n"..cmdresult
+		if errtxt or not filestats or filestats.size == 0 then
+			newcert.value.cert.errtxt = "Could not find key\n"..(errtxt or cmdresult)
 			success = false
 		end
 
-		cmd = path .. "openssl pkcs12 -in "..format.escapespecialcharacters(newcert.value.cert.value).." -out "..format.escapespecialcharacters(newcert.value.cert.value).."ca.pem -password pass:"..format.escapespecialcharacters(newcert.value.password.value).." -nokeys -cacerts 2>&1"
-		f = io.popen(cmd)
-		cmdresult = f:read("*a")
-		f:close()
+		cmdresult, errtxt = modelfunctions.run_executable({"openssl", "pkcs12", "-in", newcert.value.cert.value, "-out", newcert.value.cert.value.."ca.pem", "-password", "pass:"..newcert.value.password.value, "-nokeys", "-cacerts"}, true)
 		filestats = posix.stat(newcert.value.cert.value.."ca.pem")
-		if not filestats or filestats.size == 0 then
-			newcert.value.cert.errtxt = "Could not find CA certs\n"..cmdresult
+		if errtxt or not filestats or filestats.size == 0 then
+			newcert.value.cert.errtxt = "Could not find CA certs\n"..(errtxt or cmdresult)
 			success = false
 		end
 	end
@@ -279,12 +262,9 @@ view_cert = function(self, viewcert)
 	viewcert.errtxt = "Failed to find cert"
 	for i,cert in ipairs(list.value) do
 		if cert == viewcert.value.cert.value then
-			local cmd = path .. "openssl x509 -in "..baseurl..format.escapespecialcharacters(cert).." -noout -text"
-			local f = io.popen(cmd)
-			local cmdresult = f:read("*a")
-			f:close()
-			viewcert.value.result = cfe({ type="longtext", value=cmdresult, label="Certificate", readonly=true })
-			viewcert.errtxt = nil
+			viewcert.value.result = cfe({ type="longtext", label="Certificate", readonly=true })
+			viewcert.value.result.value, viewcert.value.result.errtxt = modelfunctions.run_executable({"openssl", "x509", "-in", baseurl..cert, "-noout", "-text"})
+			viewcert.errtxt = viewcert.value.result.errtxt
 			viewcert.value.cert.errtxt = nil
 			break
 		end
-- 
cgit v1.2.3