diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 13:25:38 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-24 13:44:57 +0100 |
commit | d1a862d9cb98a54e12c9fdbc405b896f3f0efcfe (patch) | |
tree | 5a292eaec4f5adf73e1f43a12d05840fe67022f9 | |
parent | 539e3a8b8a2baf6746716125e99231da14a153a9 (diff) |
lacme: Ignore empty values in 'chown'/'chmod'/'certificate'/'certificate-chain'.
-rw-r--r-- | Changelog | 2 | ||||
-rwxr-xr-x | lacme | 30 |
2 files changed, 17 insertions, 15 deletions
@@ -11,6 +11,8 @@ lacme (0.8.1) upstream; error instead of retaining root priviliges. - tests/cert-install: include tests for failing chown(2) due to unknown user/group name. + - lacme: ignore empty values in settings 'chown', 'chmod', 'certificate' + and 'certificate-chain'. -- Guilhem Moulin <guilhem@fripost.org> Mon, 22 Feb 2021 12:04:28 +0100 @@ -766,15 +766,15 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { print STDERR " $_ = $conf->{$_}\n" foreach grep { defined $conf->{$_} } (sort keys %$conf); } - my $cert = $conf->{'certificate-chain'} // $conf->{'certificate'}; - unless (defined $cert) { + my @certs = grep {defined $_ and $_ ne ""} @$conf{qw/certificate-chain certificate/}; + unless (@certs) { print STDERR "[$s] Warning: Missing 'certificate' and 'certificate-chain', skipping\n"; $rv = 1; next; } # skip certificates that expire at least $conf->{'min-days'} days in the future - if (-f $cert and defined (my $t = x509_enddate($cert))) { + if (-f $certs[0] and defined (my $t = x509_enddate($certs[0]))) { my $d = $OPTS{'min-days'} // $conf->{'min-days'} // 21; if ($d >= 0 and $t - time > $d*86400) { my $d = POSIX::strftime('%Y-%m-%d %H:%M:%S UTC', gmtime($t)); @@ -838,26 +838,26 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { } # install certificate - if (defined $conf->{'certificate'}) { - print STDERR "Installing X.509 certificate $conf->{'certificate'}\n"; - install_cert($conf->{'certificate'}, $x509, 1); + if ((my $path = $conf->{'certificate'} // "") ne "") { + print STDERR "Installing X.509 certificate $path\n"; + install_cert($path, $x509, 1); } - if (defined $conf->{'certificate-chain'}) { - print STDERR "Installing X.509 certificate chain $conf->{'certificate-chain'}\n"; - install_cert($conf->{'certificate-chain'}, $x509); + if ((my $path = $conf->{'certificate-chain'} // "") ne "") { + print STDERR "Installing X.509 certificate chain $path\n"; + install_cert($path, $x509); } - if (defined $conf->{chown}) { - my ($user, $group) = split /:/, $conf->{chown}, 2; + if ((my $own = $conf->{chown} // "") ne "") { + my ($user, $group) = split /:/, $own, 2; my $uid = getpwnam($user) // die "getpwnam($user)", ($! ? ": $!" : "\n"); my $gid = getgrnam($group) // die "getgrnam($group)", ($! ? ": $!" : "\n") if defined $group; - foreach (grep defined, @$conf{qw/certificate certificate-chain/}) { + foreach (@certs) { chown($uid, $gid // -1, $_) or die "chown: $!"; } } - if (defined $conf->{chmod}) { - my $mode = oct($conf->{chmod}) // die; - foreach (grep defined, @$conf{qw/certificate certificate-chain/}) { + if ((my $mode = $conf->{chmod} // "") ne "") { + my $mode = oct($mode) // die; + foreach (@certs) { chmod($mode, $_) or die "chown: $!"; } } |