Home Explore Project
Register Sign In
linux
/
acme.sh
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Browse Source

Merge branch 'dev' of https://github.com/Neilpang/acme.sh into dev

neilpang 7 years ago
parent
5f345d2089 cc81668c8f
commit
fa991c8501
3 changed files with 22 additions and 8 deletions
Split View Show Diff Stats
  1. 1 1
      acme.sh
  2. 5 2
      dnsapi/README.md
  3. 16 5
      dnsapi/dns_cloudns.sh

+ 1 - 1
acme.sh
View File 

@@ -4545,7 +4545,7 @@ _installcert() {
 
       cat "$CERT_KEY_PATH" >"$_real_key"
 
     else
 
       cat "$CERT_KEY_PATH" >"$_real_key"
 
-      chmod 700 "$_real_key"
 
+      chmod 600 "$_real_key"
 
     fi
 
   fi

+ 5 - 2
dnsapi/README.md
View File 

@@ -409,10 +409,13 @@ acme.sh --issue --dns dns_dgon -d example.com -d www.example.com
 
 
 ## 21. Use ClouDNS.net API
 
 
-You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/
 
+You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/. For security reasons, it's recommended to use a sub user ID that only has access to the necessary zones, as a regular API user has access to your entire account.
 
 
 ```
 
-export CLOUDNS_AUTH_ID=XXXXX
 
+# Use this for a sub auth ID
 
+export CLOUDNS_SUB_AUTH_ID=XXXXX
 
+# Use this for a regular auth ID
 
+#export CLOUDNS_AUTH_ID=XXXXX
 
 export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
 
 ```

+ 16 - 5
dnsapi/dns_cloudns.sh
View File 

@@ -4,6 +4,7 @@
 
 # Repository: https://github.com/ClouDNS/acme.sh/
 
 
 #CLOUDNS_AUTH_ID=XXXXX
 
+#CLOUDNS_SUB_AUTH_ID=XXXXX
 
 #CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
 
 CLOUDNS_API="https://api.cloudns.net"
 
 
@@ -97,17 +98,19 @@ _dns_cloudns_init_check() {
 
   fi
 
 
   CLOUDNS_AUTH_ID="${CLOUDNS_AUTH_ID:-$(_readaccountconf_mutable CLOUDNS_AUTH_ID)}"
 
+  CLOUDNS_SUB_AUTH_ID="${CLOUDNS_SUB_AUTH_ID:-$(_readaccountconf_mutable CLOUDNS_SUB_AUTH_ID)}"
 
   CLOUDNS_AUTH_PASSWORD="${CLOUDNS_AUTH_PASSWORD:-$(_readaccountconf_mutable CLOUDNS_AUTH_PASSWORD)}"
 
-  if [ -z "$CLOUDNS_AUTH_ID" ] || [ -z "$CLOUDNS_AUTH_PASSWORD" ]; then
 
+  if [ -z "$CLOUDNS_AUTH_ID$CLOUDNS_SUB_AUTH_ID" ] || [ -z "$CLOUDNS_AUTH_PASSWORD" ]; then
 
     CLOUDNS_AUTH_ID=""
 
+    CLOUDNS_SUB_AUTH_ID=""
 
     CLOUDNS_AUTH_PASSWORD=""
 
     _err "You don't specify cloudns api id and password yet."
 
     _err "Please create you id and password and try again."
 
     return 1
 
   fi
 
 
-  if [ -z "$CLOUDNS_AUTH_ID" ]; then
 
-    _err "CLOUDNS_AUTH_ID is not configured"
 
+  if [ -z "$CLOUDNS_AUTH_ID" ] && [ -z "$CLOUDNS_SUB_AUTH_ID" ]; then
 
+    _err "CLOUDNS_AUTH_ID or CLOUDNS_SUB_AUTH_ID is not configured"
 
     return 1
 
   fi
 
 
@@ -125,6 +128,7 @@ _dns_cloudns_init_check() {
 
 
   #save the api id and password to the account conf file.
 
   _saveaccountconf_mutable CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID"
 
+  _saveaccountconf_mutable CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID"
 
   _saveaccountconf_mutable CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD"
 
 
   CLOUDNS_INIT_CHECK_COMPLETED=1
 
@@ -168,12 +172,19 @@ _dns_cloudns_http_api_call() {
 
   method=$1
 
 
   _debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID"
 
+  _debug CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID"
 
   _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD"
 
 
+  if [ ! -z "$CLOUDNS_SUB_AUTH_ID" ]; then
 
+    auth_user="sub-auth-id=$CLOUDNS_SUB_AUTH_ID"
 
+  else
 
+    auth_user="auth-id=$CLOUDNS_AUTH_ID"
 
+  fi
 
+
 
   if [ -z "$2" ]; then
 
-    data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD"
 
+    data="$auth_user&auth-password=$CLOUDNS_AUTH_PASSWORD"
 
   else
 
-    data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2"
 
+    data="$auth_user&auth-password=$CLOUDNS_AUTH_PASSWORD&$2"
 
   fi
 
 
   response="$(_get "$CLOUDNS_API/$method?$data")"