acme.sh icon indicating copy to clipboard operation
acme.sh copied to clipboard

Published 20 hours ago verified publisher icon acmesh-official

Bug and a fix in `dns_ovh.sh`

Open Yanksi opened this issue 2 years ago • 3 comments

In dns_ovh.sh, from line 112-121. The overall client key getting procedure is not working correctly.

  OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}"
  if [ -z "$OVH_CK" ]; then
    _info "OVH consumer key is empty, Let's get one:"
    if ! _ovh_authentication; then
      _err "Can not get consumer key."
    fi
    #return and wait for retry.
    return 1
  fi
  _saveaccountconf OVH_CK "$OVH_CK"

The location of the _saveaccountconf OVH_CK "$OVH_CK" command in the wrong location at this point. As the save Customer Key command was put after the return 1 command, the Customer Key will never actually been saven to the config file. And this will lead the program to ask for a new Customer Key again, while just ignore the previous Customer Key that might have already been authorized.

The fix to the problem is easy, just move the _saveaccountconf OVH_CK "$OVH_CK" line into the _ovh_authentication function in the same file like this

_ovh_authentication() {

  _H1="X-Ovh-Application: $OVH_AK"
  _H2="Content-type: application/json"
  _H3=""
  _H4=""

  _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'

  response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
  _debug3 response "$response"
  validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
  if [ -z "$validationUrl" ]; then
    _err "Unable to get validationUrl"
    return 1
  fi
  _debug validationUrl "$validationUrl"

  consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  if [ -z "$consumerKey" ]; then
    _err "Unable to get consumerKey"
    return 1
  fi
  _secure_debug consumerKey "$consumerKey"

  OVH_CK="$consumerKey"
  _saveaccountconf OVH_CK "$OVH_CK" # <------- Line moved to here

  _info "Please open this link to do authentication: $(__green "$validationUrl")"

  _info "Here is a guide for you: $(__green "$wiki")"
  _info "Please retry after the authentication is done."

}

Yanksi avatar Aug 07 '22 19:08 Yanksi

sorry, it was bug imported recently. just fixed it. please try again with the latest dev branch

acme.sh --upgrade -b dev

Neilpang avatar Aug 08 '22 05:08 Neilpang

Was about to follow up on this, didn't pay attention that OVH_CK was read as mutable conf, and the saving obviously should have been kept inside _ovh_authentication too. Sorry for that.

Now, shoudn't the corresponding _clearaccountconf be changed to _clearaccountconf_mutable?

Maxime-J avatar Aug 08 '22 11:08 Maxime-J

For those, who can't/want switch to /dev , a workaroud may be running acme.sh with --debug --output-insecure there the CK is shown. Copy it, and after validating it, export it as an env

qupfer avatar Aug 08 '22 11:08 qupfer