summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2011-10-21 20:20:27 +0200
committerMichael Tänzer <neo@nhng.de>2011-10-21 20:20:27 +0200
commit8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e (patch)
treeb59f918e159fc6fae64d735e20530eea352f3d5d
parent99d0ec582fb1f76479424c0300005284c58e67b0 (diff)
downloadcacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.tar.gz
cacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.tar.xz
cacert-devel-8d2e661d78cc1fb095e3a37d80cb4e0d37ac1e9e.zip
bug 978: New helper function runCommand() -> reduce boilerplate code
Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/lib/check_weak_key.php93
-rw-r--r--includes/lib/general.php80
2 files changed, 99 insertions, 74 deletions
diff --git a/includes/lib/check_weak_key.php b/includes/lib/check_weak_key.php
index d2aa33d..adf74c0 100644
--- a/includes/lib/check_weak_key.php
+++ b/includes/lib/check_weak_key.php
@@ -33,37 +33,18 @@ require_once 'general.php';
*/
function checkWeakKeyCSR($csr, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl req -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $csr);
- fclose($pipes[0]);
-
- $csrText = "";
- while (!feof($pipes[1]))
- {
- $csrText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $csrText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
+ $status = runCommand("openssl req -inform $encoding -text -noout",
+ $csr, $csrText);
+ if ($status === true) {
return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $csrText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($csrText);
}
@@ -80,37 +61,18 @@ function checkWeakKeyCSR($csr, $encoding = "PEM")
*/
function checkWeakKeyX509($cert, $encoding = "PEM")
{
- // non-PEM-encodings may be binary so don't use echo
- $descriptorspec = array(
- 0 => array("pipe", "r"), // STDIN for child
- 1 => array("pipe", "w"), // STDOUT for child
- );
$encoding = escapeshellarg($encoding);
- $proc = proc_open("openssl x509 -inform $encoding -text -noout",
- $descriptorspec, $pipes);
-
- if (is_resource($proc))
- {
- fwrite($pipes[0], $cert);
- fclose($pipes[0]);
-
- $certText = "";
- while (!feof($pipes[1]))
- {
- $certText .= fread($pipes[1], 8192);
- }
- fclose($pipes[1]);
-
- if (($status = proc_close($proc)) !== 0 || $certText === "")
- {
- return _("I didn't receive a valid Certificate Request, hit ".
- "the back button and try again.");
- }
- } else {
+ $status = runCommand("openssl x509 -inform $encoding -text -noout",
+ $cert, $certText);
+ if ($status === true) {
return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
-
+
+ if ($status !== 0 || $certText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit ".
+ "the back button and try again.");
+ }
+
return checkWeakKeyText($certText);
}
@@ -127,16 +89,17 @@ function checkWeakKeyX509($cert, $encoding = "PEM")
*/
function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
{
- /* Check for the debian OpenSSL vulnerability */
-
- $spkac = escapeshellarg($spkac);
$spkacname = escapeshellarg($spkacname);
- $spkacText = `echo $spkac | openssl spkac -spkac $spkacname`;
- if ($spkacText === null) {
- return _("I didn't receive a valid Certificate Request, hit the ".
- "back button and try again.");
+ $status = runCommand("openssl spkac -spkac $spkacname", $spkac, $spkacText);
+ if ($status === true) {
+ return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
}
-
+
+ if ($status !== 0 || $spkacText === "") {
+ return _("I didn't receive a valid Certificate Request. Hit the ".
+ "back button and try again.");
+ }
+
return checkWeakKeyText($spkacText);
}
@@ -339,7 +302,7 @@ function checkDebianVulnerability($text, $keysize = 0)
// $checksum and $blacklist should be safe, but just to make sure
$checksum = escapeshellarg($checksum);
$blacklist = escapeshellarg($blacklist);
- exec("grep $checksum $blacklist", $dummy, $debianVuln);
+ $debianVuln = runCommand("grep $checksum $blacklist");
if ($debianVuln === 0) // grep returned something => it is on the list
{
return true;
diff --git a/includes/lib/general.php b/includes/lib/general.php
index 6cfbd10..d91b24e 100644
--- a/includes/lib/general.php
+++ b/includes/lib/general.php
@@ -48,15 +48,15 @@ function get_user_id_from_cert($serial, $issuer_cn)
}
/**
-* Produces a log entry with the error message with log level E_USER_WARN
-* and a random ID an returns a message that can be displayed to the user
-* including the generated ID
-*
-* @param $errormessage string
-* The error message that should be logged
-* @return string containing the generated ID that can be displayed to the
-* user
-*/
+ * Produces a log entry with the error message with log level E_USER_WARN
+ * and a random ID an returns a message that can be displayed to the user
+ * including the generated ID
+ *
+ * @param $errormessage string
+ * The error message that should be logged
+ * @return string containing the generated ID that can be displayed to the
+ * user
+ */
function failWithId($errormessage) {
$errorId = rand();
trigger_error("$errormessage. ID: $errorId", E_USER_WARNING);
@@ -68,3 +68,65 @@ function failWithId($errormessage) {
$errorId);
}
+
+/**
+ * Runs a command on the shell and return it's exit code and output
+ *
+ * @param string $command
+ * The command to run. Make sure that you escapeshellarg() any non-constant
+ * parts as this is executed on a shell!
+ * @param string|bool $input
+ * The input that is passed to the command via STDIN, if true the real
+ * STDIN is passed through
+ * @param string|bool $output
+ * The output the command wrote to STDOUT (this is passed as reference),
+ * if true the output will be written to the real STDOUT. Output is ignored
+ * by default
+ * @param string|bool $errors
+ * The output the command wrote to STDERR (this is passed as reference),
+ * if true (default) the output will be written to the real STDERR
+ *
+ * @return int|bool
+ * The exit code of the command, true if the execution of the command
+ * failed (true because then
+ * <code>if (runCommand('echo "foo"')) handle_error();</code> will work)
+ */
+function runCommand($command, $input = "", &$output = null, &$errors = true) {
+ $descriptorspec = array();
+
+ if ($input !== true) {
+ $descriptorspec[0] = array("pipe", "r"); // STDIN for child
+ }
+
+ if ($output !== true) {
+ $descriptorspec[1] = array("pipe", "w"); // STDOUT for child
+ }
+
+ if ($errors !== true) {
+ $descriptorspec[2] = array("pipe", "w"); // STDERR for child
+ }
+
+ $proc = proc_open($command, $descriptorspec, $pipes);
+
+ if (is_resource($proc))
+ {
+ if ($input !== true) {
+ fwrite($pipes[0], $input);
+ fclose($pipes[0]);
+ }
+
+ if ($output !== true) {
+ $output = stream_get_contents($pipes[1]);
+ }
+
+ if ($errors !== true) {
+ $errors = stream_get_contents($pipes[2]);
+ }
+
+ return proc_close($proc);
+
+ } else {
+ return true;
+ }
+}
+