From 3e23022d547a5f9e8eed01f036e50ca93d94c8cf Mon Sep 17 00:00:00 2001
From: Santeri Pikarinen <santeri.pikarinen@gmail.com>
Date: Jun 09 2024 14:30:02 +0000
Subject: Add more environment variables to be passed on to the notification command


The notification command is now called with two new environment variables
storing the notification type and the nickname of the related request
in addition to the environment variable containing the notification message.

Signed-off-by: Santeri Pikarinen <santeri.pikarinen@gmail.com>

---

diff --git a/configure.ac b/configure.ac
index c508cfe..262498d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -131,6 +131,14 @@ CM_NOTIFICATION_ENV="${UPCASE_PACKAGE_NAME}_NOTIFICATION"
 AC_DEFINE_UNQUOTED(CM_NOTIFICATION_ENV,"${CM_NOTIFICATION_ENV}",[Define to the variable name to be used to hold a notification message.])
 AC_SUBST(CM_NOTIFICATION_ENV)
 
+CM_NOTIFICATION_TYPE_ENV="${UPCASE_PACKAGE_NAME}_NOTIFICATION_TYPE"
+AC_DEFINE_UNQUOTED(CM_NOTIFICATION_TYPE_ENV,"${CM_NOTIFICATION_TYPE_ENV}",[Define to the variable name to be used to hold the notification type.])
+AC_SUBST(CM_NOTIFICATION_TYPE_ENV)
+
+CM_NOTIFICATION_CERT_NICKNAME_ENV="${UPCASE_PACKAGE_NAME}_NOTIFICATION_CERT_NICKNAME"
+AC_DEFINE_UNQUOTED(CM_NOTIFICATION_CERT_NICKNAME_ENV,"${CM_NOTIFICATION_CERT_NICKNAME_ENV}",[Define to the variable name to be used to hold the certificate nickname regarding the notification.])
+AC_SUBST(CM_NOTIFICATION_CERT_NICKNAME_ENV)
+
 CERTMONGER_PVT_ADDRESS_ENV=CERTMONGER_PVT_ADDRESS
 AC_DEFINE_UNQUOTED(CERTMONGER_PVT_ADDRESS_ENV,"${CERTMONGER_PVT_ADDRESS_ENV}",[Define to the variable name used to pass the location of the private D-Bus connection to subprocesses.])
 AC_SUBST(CERTMONGER_PVT_ADDRESS_ENV)
diff --git a/src/certmonger.conf.5.in b/src/certmonger.conf.5.in
index 1b941b9..49b6e09 100644
--- a/src/certmonger.conf.5.in
+++ b/src/certmonger.conf.5.in
@@ -32,8 +32,10 @@ This is the method by which \fIcertmonger\fP will notify the system
 administrator that a certificate will soon become invalid.  The recognized
 values are \fIsyslog\fP, \fImail\fP, and \fIcommand\fP.  The default is \fIsyslog\fP.
 When sending mail, the notification message will be the mail message subject.
-When invoking a command, the notification message will be available in the
-"@CM_NOTIFICATION_ENV@" environment variable.
+When invoking a command, the notification message and type will be available in the
+"@CM_NOTIFICATION_ENV@" and "@CM_NOTIFICATION_TYPE_ENV@" environment variables and
+the related request's nickname/ID will be available in the
+"@CM_NOTIFICATION_CERT_NICKNAME_ENV@" environment variable.
 
 .IP notification_destination
 This is the destination to which \fIcertmonger\fP will send notifications.  It
diff --git a/src/notify.c b/src/notify.c
index 54cbddd..77656c1 100644
--- a/src/notify.c
+++ b/src/notify.c
@@ -36,6 +36,7 @@
 #include "store-int.h"
 #include "subproc.h"
 #include "tm.h"
+#include "util.h"
 
 struct cm_notify_state {
 	struct cm_subproc_state *subproc;
@@ -342,6 +343,8 @@ cm_notify_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 		cm_log(1, "Running notification helper \"%s\".\n", argv[0]);
 		cm_subproc_mark_most_cloexec(-1, -1, -1);
 		setenv(CM_NOTIFICATION_ENV, message, 1);
+		setenv(CM_NOTIFICATION_TYPE_ENV, cm_notify_event_names[details->event], 1);
+		setenv(CM_NOTIFICATION_CERT_NICKNAME_ENV, shell_escape(NULL, entry->cm_nickname), 1);
 		if (execvp(argv[0], argv) == -1) {
 			cm_log(0, "Error execvp()ing command \"%s\" (\"%s\"): %s.\n",
 			       argv[0], entry->cm_post_certsave_command,
diff --git a/src/notify.h b/src/notify.h
index fe2726f..152f045 100644
--- a/src/notify.h
+++ b/src/notify.h
@@ -31,6 +31,16 @@ enum cm_notify_event {
 	cm_notify_event_ca_not_saved
 };
 
+static const char *cm_notify_event_names[] = {
+	"unknown",
+	"validity_ending",
+	"rejected",
+	"issued_not_saved",
+	"issued_and_saved",
+	"issued_ca_not_saved",
+	"ca_not_saved"
+};
+
 /* Start to notify the administrator or user that expiration is imminent. */
 struct cm_notify_state *cm_notify_start(struct cm_store_entry *entry,
 					enum cm_notify_event event);
diff --git a/tests/010-iterate/expected.out b/tests/010-iterate/expected.out
index fe06242..77add1c 100644
--- a/tests/010-iterate/expected.out
+++ b/tests/010-iterate/expected.out
@@ -1208,6 +1208,10 @@ NOTIFYING_ISSUED_SAVED
 MONITORING
 -STOP-
 The sky is falling: Certificate in file "$tmpdir/certfile10" is no longer valid.
+Request ID: Test
+Notification type: validity_ending
 The sky is falling: Certificate in file "$tmpdir/certfile10" issued by CA and saved.
+Request ID: Test
+Notification type: issued_and_saved
 
 Test complete.
diff --git a/tests/010-iterate/run.sh b/tests/010-iterate/run.sh
index 04b6cfe..3ca6ec9 100755
--- a/tests/010-iterate/run.sh
+++ b/tests/010-iterate/run.sh
@@ -920,6 +920,8 @@ cat > $tmpdir/notify.sh << EOF
 #!/bin/sh
 touch $tmpdir/notification.txt
 echo The sky is falling: \$CERTMONGER_NOTIFICATION >> $tmpdir/notification.txt
+echo Request ID: \$CERTMONGER_NOTIFICATION_CERT_NICKNAME >> $tmpdir/notification.txt
+echo Notification type: \$CERTMONGER_NOTIFICATION_TYPE >> $tmpdir/notification.txt
 EOF
 chmod u+x $tmpdir/notify.sh
 cp $tmpdir/certfile10.bak $tmpdir/certfile10