current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems. It's 100% free, no registration required.
up vote 0 down vote favorite

A nooby2death question: In a vpn project, I generate keys automatically for clients. I do this with a script file containing :

pkitool clientNameForKey

This line : - does work if I execute the script from terminal, root, ssh - does NOT if I execute the script from (php) : shell_exec("/etc/pathtoscript")

I'm sure I noob a lot about it... but I really need to make this done with php. Note : all the script works, but the "pkitool" call.

Thanks

Here is the full script (it checks, generates, tarballs) :

#!/bin/bash

client=$1

# #######################################
# did you provide a client param name ?

if [ x$client = x ]; then
    echo "Usage: $0 clientname"
    exit 1
fi




# ############## KEY ####################
# generate, if not yet done :

if [ ! -e keys/$client.key ]; then
    echo "Generating keys..."
    . vars
    ./pkitool $client
    echo "...keys generated." 
fi




# ############### TAR ###################
# TARBALL KEY, CRT ... if not already done :

tarball=./keys/tgz_clients/$client.tgz
if [ ! -e $tarball ]; then
    echo "Creating tarball..."
    tmpdir=/tmp/client-tar.$$
    mkdir $tmpdir
    # TODO : cp company.ovpn $tmpdir/company.ovpn
    cp keys/ca.crt $tmpdir 
    cp keys/$client.key $tmpdir/client.key
    cp keys/$client.crt $tmpdir/client.crt
    tar -C $tmpdir -czvf $tarball .
    rm -rf $tmpdir
    echo "...tarball created" 
else
    echo "Nothing to do, so nothing done. (keys/tgz_client/$client.tgz already exists)" 
fi

here is the PHP stuff, in /home/non-root-user/public_html/testphp :

<?php
              if(!isset($_GET['nomclient']) ) {

                  echo ("manque :  nom client<p>Dans l'url, "
                        ."renseigner :  ?nomclient='monnom'"
                        ."<p>exemple : www.ardeurdelire.com/vpn_auth/?nomclient=monnom</p>");

              }
              elseif( strlen($_GET['nomclient'])>8 ) {
                   echo (" nom client torp long : max 8 caractères");
              }
              else {
                // --- FORMATTAGE NOM CLIENT ---
                    $nomClient = "testauto_"."client_".addslashes(  trim ( $_GET['nomclient'] ) );
                    echo 'nomclient ='.$nomClient."<br/>";


                // --- GENERATION DES CLEFS ---
                    $output1 = shell_exec('source /etc/openvpn/easy-rsa/vars') ;


                    $keyShell = '/etc/openvpn/easy-rsa/build-key.automatik '.  $nomClient ;
                    echo "> (info) generating : ".$keyShell. "... ";
                      $output = shell_exec( $keyShell ) ;
                    echo '<br/>> build-key: '.$output."<br/>";
                    echo "> (info) generation done.<br/><br/>";


               // --- ZIP DU PACKAGE A REMETTRE AU CLIENT ---
                   // NON : c est géré dans le bash...
                    echo "Get ".$nomClient.".tgz ... ";
                    //TEST :
                    //$nomClient ="moktar";
                    $outputtar = shell_exec('cp /etc/openvpn/easy-rsa/keys/tgz_clients/'.  $nomClient  .'.tgz /home/ardeurdelire/public_html/vpn_auth/render');
                    echo 'Getting done. ( See render dir '. $outputtar.')';


                    //render infos
                    echo "<hr/>"."call getMyKeys(UDIB) with the provided UDIB :<br/>";
                    //UDIB est un UUID : http://fr.wikipedia.org/wiki/Universal_Unique_Identifier 
                    echo json_encode( array( 'UDIB'=>uniqid() , 'OTPassword'=> generateRandomString(), 'result'=>'success') );

              }
      ?>
share|improve this question
    
You are using relative paths in your script. Is the user running the php script in the same context as the user you use from the commandline? –  Lambert Jun 5 at 9:03
    
Hi, thanks. I tried with absolute path, trust me, it s not the cause. The matter is about permissions of php : "Is the user running the php script in the same context as the user you use from the commandline?" Thats it I guess, the php script is in public_html of the non-root user... but I dont know how to do. –  ArchiT3K Jun 5 at 9:33
    
I edited my post w/ php stuff. Much thanks for your time. –  ArchiT3K Jun 5 at 9:43
    
Can you also add the output of the $output variable, This should contain the complete output of the shell_exec command which is failing. Hopefully it returns some useful information. –  Lambert Jun 5 at 9:52
    
here is outputs : –  ArchiT3K Jun 5 at 9:58

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.