upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-06 15:22:38 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #98 from kuba/fix-chmods

Browse source 
Fix chmods security error: 644 != 0644
This commit is contained in:
James Kasten 2014-11-28 21:36:44 -08:00
commit 90aab1ab7e
6 changed files with 24 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
letsencrypt/client/apache_configurator.py
View file

@ -1242,9 +1242,9 @@ LogLevel warn \n\
have permissions of root
"""
le_util.make_or_verify_dir(CONFIG.CONFIG_DIR, 0755)
le_util.make_or_verify_dir(CONFIG.WORK_DIR, 0755)
le_util.make_or_verify_dir(CONFIG.BACKUP_DIR, 0755)
le_util.make_or_verify_dir(CONFIG.CONFIG_DIR, 0o755)
le_util.make_or_verify_dir(CONFIG.WORK_DIR, 0o755)
le_util.make_or_verify_dir(CONFIG.BACKUP_DIR, 0o755)
def standardize_excl(self):
"""Standardize the excl arguments for the Httpd lens in Augeas.

2
letsencrypt/client/augeas_configurator.py
View file

@ -257,7 +257,7 @@ class AugeasConfigurator(configurator.Configurator):
:type save_files: set
"""
le_util.make_or_verify_dir(cp_dir, 0755)
le_util.make_or_verify_dir(cp_dir, 0o755)
existing_filepaths = []
op_fd = None

14
letsencrypt/client/client.py
View file

@ -384,7 +384,7 @@ class Client(object):
"""
cert_chain_abspath = None
cert_fd, cert_file = le_util.unique_file(CONFIG.CERT_PATH, 644)
cert_fd, cert_file = le_util.unique_file(CONFIG.CERT_PATH, 0o644)
cert_fd.write(
crypto_util.b64_cert_to_pem(certificate_dict["certificate"]))
cert_fd.close()
@ -392,7 +392,7 @@ class Client(object):
cert_file)
if certificate_dict.get("chain", None):
chain_fd, chain_fn = le_util.unique_file(CONFIG.CHAIN_PATH, 644)
chain_fd, chain_fn = le_util.unique_file(CONFIG.CHAIN_PATH, 0o644)
for cert in certificate_dict.get("chain", []):
chain_fd.write(crypto_util.b64_cert_to_pem(cert))
chain_fd.close()
@ -498,7 +498,7 @@ class Client(object):
"""
list_file = os.path.join(CONFIG.CERT_KEY_BACKUP, "LIST")
le_util.make_or_verify_dir(CONFIG.CERT_KEY_BACKUP, 0700)
le_util.make_or_verify_dir(CONFIG.CERT_KEY_BACKUP, 0o700)
idx = 0
if encrypt:
@ -627,9 +627,9 @@ class Client(object):
if not self.key_file:
key_pem = crypto_util.make_key(CONFIG.RSA_KEY_SIZE)
# Save file
le_util.make_or_verify_dir(CONFIG.KEY_DIR, 0700)
le_util.make_or_verify_dir(CONFIG.KEY_DIR, 0o700)
key_f, self.key_file = le_util.unique_file(
os.path.join(CONFIG.KEY_DIR, "key-letsencrypt.pem"), 0600)
os.path.join(CONFIG.KEY_DIR, "key-letsencrypt.pem"), 0o600)
key_f.write(key_pem)
key_f.close()
logger.info("Generating key: %s" % self.key_file)
@ -643,9 +643,9 @@ class Client(object):
if not self.csr_file:
csr_pem, csr_der = crypto_util.make_csr(self.key_file, self.names)
# Save CSR
le_util.make_or_verify_dir(CONFIG.CERT_DIR, 0755)
le_util.make_or_verify_dir(CONFIG.CERT_DIR, 0o755)
csr_f, self.csr_file = le_util.unique_file(
os.path.join(CONFIG.CERT_DIR, "csr-letsencrypt.pem"), 0644)
os.path.join(CONFIG.CERT_DIR, "csr-letsencrypt.pem"), 0o644)
csr_f.write(csr_pem)
csr_f.close()
logger.info("Creating CSR: %s" % self.csr_file)

4
letsencrypt/client/le_util.py
View file

@ -5,7 +5,7 @@ import os
import stat
def make_or_verify_dir(directory, mode=0755, uid=0):
def make_or_verify_dir(directory, mode=0o755, uid=0):
"""Make sure directory exists with proper permissions.
:param directory: Path to a directry.
@ -50,7 +50,7 @@ def check_permissions(filepath, mode, uid=0):
return stat.S_IMODE(file_stat.st_mode) == mode and file_stat.st_uid == uid
def unique_file(default_name, mode=0777):
def unique_file(default_name, mode=0o777):
"""Safely finds a unique file for writing only (by default)."""
count = 1
f_parsed = os.path.splitext(default_name)

16
letsencrypt/client/le_util_test.py
View file

@ -16,7 +16,7 @@ class MakeOrVerifyDirTest(unittest.TestCase):
def setUp(self):
self.root_path = tempfile.mkdtemp()
self.path = os.path.join(self.root_path, 'foo')
os.mkdir(self.path, 0400)
os.mkdir(self.path, 0o400)
self.uid = os.getuid()
@ -29,16 +29,16 @@ class MakeOrVerifyDirTest(unittest.TestCase):
def test_creates_dir_when_missing(self):
path = os.path.join(self.root_path, 'bar')
self._call(path, 0650)
self._call(path, 0o650)
self.assertTrue(os.path.isdir(path))
# TODO: check mode
def test_existing_correct_mode_does_not_fail(self):
self._call(self.path, 0400)
self._call(self.path, 0o400)
# TODO: check mode
def test_existing_wrong_mode_fails(self):
self.assertRaises(Exception, self._call, self.path, 0600)
self.assertRaises(Exception, self._call, self.path, 0o600)
class CheckPermissionsTest(unittest.TestCase):
@ -61,12 +61,12 @@ class CheckPermissionsTest(unittest.TestCase):
return check_permissions(self.path, mode, self.uid)
def test_ok_mode(self):
os.chmod(self.path, 0600)
self.assertTrue(self._call(0600))
os.chmod(self.path, 0o600)
self.assertTrue(self._call(0o600))
def test_wrong_mode(self):
os.chmod(self.path, 0400)
self.assertFalse(self._call(0600))
os.chmod(self.path, 0o400)
self.assertFalse(self._call(0o600))
# https://en.wikipedia.org/wiki/Base64#Examples

6
letsencrypt/client/nginx_configurator.py
View file

@ -174,9 +174,9 @@ class NginxConfigurator(augeas_configurator.AugeasConfigurator):
# permissions. Aim for defensive coding... make sure all input files
# have permissions of root
# """
# le_util.make_or_verify_dir(CONFIG.CONFIG_DIR, 0755)
# le_util.make_or_verify_dir(CONFIG.WORK_DIR, 0755)
# le_util.make_or_verify_dir(CONFIG.BACKUP_DIR, 0755)
# le_util.make_or_verify_dir(CONFIG.CONFIG_DIR, 0o755)
# le_util.make_or_verify_dir(CONFIG.WORK_DIR, 0o755)
# le_util.make_or_verify_dir(CONFIG.BACKUP_DIR, 0o755)
def restart(self, quiet=False):
"""Restarts nginx server"""