Fix permissions on acme token upload, dont append well-known automatically

2020-09-30 17:40:51 +02:00 · 2020-09-30 17:40:51 +02:00 · d24fae0bac
parent 66cab6abd3
commit d24fae0bac
2 changed files with 3 additions and 5 deletions
--- a/lemur/plugins/lemur_acme/plugin.py
+++ b/lemur/plugins/lemur_acme/plugin.py
@ -866,7 +866,6 @@ class ACMEHttpIssuerPlugin(IssuerPlugin):
        current_app.logger.info("Uploaded HTTP-01 challenge tokens, trying to poll and finalize the order")

        # Wait for challenge status and then issue a certificate.
-
        for authz in orderr.authorizations:
            authzr, resp = acme_client.poll(authz)
            current_app.logger.info(authzr.body.status)
--- a/lemur/plugins/lemur_sftp/plugin.py
+++ b/lemur/plugins/lemur_sftp/plugin.py
@ -126,7 +126,6 @@ class SFTPDestinationPlugin(DestinationPlugin):
        current_app.logger.debug("SFTP destination plugin is started for HTTP-01 challenge")

        dst_path = self.get_option("destinationPath", options)
-        dst_path = path.join(dst_path, ".well-known/acme-challenge/")

        _, filename = path.split(token_path)

@ -220,8 +219,8 @@ class SFTPDestinationPlugin(DestinationPlugin):
                        sftp.chmod(path.join(dst_path, filename), 0o600)
                        with sftp.open(path.join(dst_path, filename), "w") as f:
                            f.write(data)
-                # read only for owner, -r--------
-                sftp.chmod(path.join(dst_path, filename), 0o400)
+                # most likely the upload user isn't the webuser, -rw-r--r--
+                sftp.chmod(path.join(dst_path, filename), 0o644)

            ssh.close()