From da0d4e3a3bc4e6e331145258ec8bb009beea7d15 Mon Sep 17 00:00:00 2001
From: "Skylar \"The Cobra\" Widulski" <cobra@vern.cc>
Date: Wed, 22 Nov 2023 16:50:53 -0500
Subject: [PATCH] Put recovery script directories in variables

Signed-off-by: Skylar "The Cobra" Widulski <cobra@vern.cc>
---
 en/recovery-challenge.cgi | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/en/recovery-challenge.cgi b/en/recovery-challenge.cgi
index 69f478a..373449e 100755
--- a/en/recovery-challenge.cgi
+++ b/en/recovery-challenge.cgi
@@ -8,6 +8,9 @@ do
     declare arg_${parm[i]}=${parm[i+1]}
 done
 
+runtime_dir=/var/log/challenges
+gpg_home="$runtime_dir"/.gnupg
+
 urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
 sig="$(urldecode "$arg_signature")"
 key="$(urldecode "$arg_newkey")"
@@ -26,7 +29,7 @@ generate_challenge() {
 		page=default
 		return
 	fi
-	openssl rand -hex 32 > "/var/log/challenges/$arg_username"
+	openssl rand -hex 32 > "$runtime_dir/$arg_username"
 	page=submit
 	return
 }
@@ -57,16 +60,16 @@ submit_challenge() {
 		page=default
 		return
 	fi
-	echo "$sig" > "/var/log/challenges/$arg_username.gpg"
-	gpg --homedir /var/log/challenges --import "/vm/$arg_username/.pgp.asc" &> /dev/null
-	if gpg --homedir /var/log/challenges \
+	echo "$sig" > "$runtime_dir/$arg_username.gpg"
+	gpg --homedir "$gpg_home" --import "/vm/$arg_username/.pgp.asc" &> /dev/null
+	if gpg --homedir "$gpg_home" \
 		--trust-model always \
-		--verify "/var/log/challenges/$arg_username.gpg" \
-		"/var/log/challenges/$arg_username" &> /dev/null; then
-		if [[ "$(gpg --homedir /var/log/challenges \
+		--verify "$runtime_dir/$arg_username.gpg" \
+		"$runtime_dir/$arg_username" &> /dev/null; then
+		if [[ "$(gpg --homedir $gpg_home \
 			--trust-model always \
-			--verify "/var/log/challenges/$arg_username.gpg" \
-			"/var/log/challenges/$arg_username" 2>&1 | 
+			--verify "$runtime_dir/$arg_username.gpg" \
+			"$runtime_dir/$arg_username" 2>&1 | 
 			sed -n 's/.*using.*key \(.*\)/\1/p')" == \
 			"$keyid" ]]; then
 			echo "$key" >> "/vm/$username/.ssh/authorized_keys"
@@ -101,7 +104,7 @@ case "$arg_method" in
 		;;
 esac
 
-sedcmd=" -e 's/USERNAME/$arg_username/' -e 's/CHALLENGE/$(</var/log/challenges/$arg_username)/' -e 's/KEYID/$keyid/'"
+sedcmd=" -e 's/USERNAME/$arg_username/' -e 's/CHALLENGE/$(<$runtime_dir/$arg_username)/' -e 's/KEYID/$keyid/'"
 sedcmd="$sedcmd $(if [[ $nokey == 1 ]]; then
 	printf '%s' '-e "s/NOKEY/This user has no <code>.pgp.asc</code> file/"'
 else