From 83e2a17e96b9c383ef6928296b69a3b24123001a Mon Sep 17 00:00:00 2001 From: srvrco Date: Sun, 7 Aug 2016 14:32:26 +0100 Subject: [PATCH] enable use of a single ACL for all checks (if USE_SINGLE_ACL=true) #84 --- getssl | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/getssl b/getssl index 0d6ab3e..6df4114 100755 --- a/getssl +++ b/getssl @@ -93,10 +93,11 @@ # 2016-08-04 set permissions for token folders - issue #81 (1.27) # 2016-08-07 allow default chained file creation - issue #85 (1.28) # 2016-08-07 use copy rather than move when archiving certs - issue #86 (1.29) +# 2016-08-07 enable use of a single ACL for all checks (if USE_SINGLE_ACL="true" (1.30) # --------------------------------------------------------------------------- PROGNAME=${0##*/} -VERSION="1.29" +VERSION="1.30" # defaults CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" @@ -111,6 +112,7 @@ RENEW_ALLOW="30" PRIVATE_KEY_ALG="rsa" SERVER_TYPE="https" CHECK_REMOTE="true" +USE_SINGLE_ACL="false" DNS_WAIT=10 DNS_EXTRA_WAIT="" PUBLIC_DNS_SERVER="" @@ -1044,7 +1046,12 @@ dn=0 for d in $alldomains; do # $d is domain in current loop, which is number $dn for ACL info "Verifing $d" - debug "domain $d has location ${ACL[$dn]}" + if [[ "$USE_SINGLE_ACL" == "true" ]]; then + DOMAIN_ACL="${ACL[0]}" + else + DOMAIN_ACL="${ACL[$dn]}" + fi + debug "domain $d has location ${DOMAIN_ACL}" # check if we have the information needed to place the challenge if [[ $VALIDATE_VIA_DNS == "true" ]]; then @@ -1055,7 +1062,7 @@ for d in $alldomains; do error_exit "DNS_DEL_COMMAND not defined for domain $d" fi else - if [ -z "${ACL[$dn]}" ]; then + if [ -z "${DOMAIN_ACL}" ]; then error_exit "ACL location not specified for domain $d in $DOMAIN_DIR/getssl.cfg" fi fi @@ -1151,8 +1158,8 @@ for d in $alldomains; do # copy to token to acme challenge location umask 0022 - debug "copying file from $TEMP_DIR/$token to ${ACL[$dn]}" - copy_file_to_location "challenge token" "$TEMP_DIR/$token" "${ACL[$dn]}/$token" + debug "copying file from $TEMP_DIR/$token to ${DOMAIN_ACL}" + copy_file_to_location "challenge token" "$TEMP_DIR/$token" "${DOMAIN_ACL}/$token" umask "$ORIG_UMASK" wellknown_url="${CHALLENGE_CHECK_TYPE}://$d/.well-known/acme-challenge/$token" @@ -1165,21 +1172,21 @@ for d in $alldomains; do check_challenge_completion "$uri" "$d" "$keyauthorization" - debug "remove token from ${ACL[$dn]}" - if [[ "${ACL[$dn]:0:4}" == "ssh:" ]] ; then - sshhost=$(echo "${ACL[$dn]}"| awk -F: '{print $2}') - command="rm -f ${ACL[$dn]:(( ${#sshhost} + 5))}/${token:?}" + debug "remove token from ${DOMAIN_ACL}" + if [[ "${DOMAIN_ACL:0:4}" == "ssh:" ]] ; then + sshhost=$(echo "${DOMAIN_ACL}"| awk -F: '{print $2}') + command="rm -f ${DOMAIN_ACL:(( ${#sshhost} + 5))}/${token:?}" debug "running following comand to remove token" debug "ssh $sshhost ${command}" # shellcheck disable=SC2029 ssh "$sshhost" "${command}" 1>/dev/null 2>&1 rm -f "${TEMP_DIR:?}/${token:?}" - elif [[ "${ACL[$dn]:0:4}" == "ftp:" ]] ; then + elif [[ "${DOMAIN_ACL:0:4}" == "ftp:" ]] ; then debug "using ftp to remove token file" - ftpuser=$(echo "${ACL[$dn]}"| awk -F: '{print $2}') - ftppass=$(echo "${ACL[$dn]}"| awk -F: '{print $3}') - ftphost=$(echo "${ACL[$dn]}"| awk -F: '{print $4}') - ftplocn=$(echo "${ACL[$dn]}"| awk -F: '{print $5}') + ftpuser=$(echo "${DOMAIN_ACL}"| awk -F: '{print $2}') + ftppass=$(echo "${DOMAIN_ACL}"| awk -F: '{print $3}') + ftphost=$(echo "${DOMAIN_ACL}"| awk -F: '{print $4}') + ftplocn=$(echo "${DOMAIN_ACL}"| awk -F: '{print $5}') debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost loction=$ftplocn" ftp -n <<- EOF open $ftphost @@ -1188,7 +1195,7 @@ for d in $alldomains; do delete ${token:?} EOF else - rm -f "${ACL[$dn]:?}/${token:?}" + rm -f "${DOMAIN_ACL:?}/${token:?}" fi fi # increment domain-counter