Add some sanity check to args passed to hook handler

8 years ago · 233c6e4945
parent eedcb47c0b
commit 233c6e4945
2 changed files with 20 additions and 1 deletions
--- a/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_clean_challenge.d/10smeserver.sh
@ -1,7 +1,7 @@
 #!/bin/sh

 ALTNAME=${1}
-if [[ "$ALTNAME" == "" ]]; then
+if [[ -z $ALTNAME ]]; then
  echo "Error while creating or renewing letsencrypt certificate" | mail -s "Letsencrypt error" admin
 fi

--- a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
+++ b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh
@ -5,6 +5,25 @@ DOM=${1}
 KEY=${2}
 CRT=${3}
 CHAIN=${4}
+
+if [ -z $DOM -o -z $KEY -o -z $CRT -o -z $CHAIN ]; then
+  echo "Usage: $0 domain /path/to/key /path/to/cert /path/to/chain" >&2
+  exit 1
+fi
+
+if [ \! -e "$KEY" ]; then
+  echo "Can't use $KEY as key (file doesn't exist)" >&2
+  exit 1
+fi
+if [ \! -e "$CRT" ]; then
+  echo "Can't use $CRT as certificate (file doesn't exist)" >&2
+  exit 1
+fi
+if [ \! -e "$CHAIN" ]; then
+  echo "Can't use $chain as certificate chain (file doesn't exist)" >&2
+  exit 1
+fi
+
 /sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
 # There's a new ssl-udpate event which update everything in a single event
 # fallback to manual operations if this event doesn't exist