proxmox-mirrors/proxmox-acme
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-acme synced 2025-05-29 21:17:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dns plugin: improve 'data' string encoding/passing

Browse Source 
encode the full multi-line string as base64 single-line string on
each config write, and decode at config parse time. pass both the data
key/value pairs and the secret txtvalue via STDIN instead of as command
line arguments.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2020-04-17 15:09:34 +02:00
parent f0ed07330c
commit 13bc64ea1d
3 changed files with 34 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/PVE/ACME/Challenge.pm
View File

@ -47,6 +47,26 @@ sub parse_config {
return $cfg; return $cfg;
} }
sub encode_value {
my ($self, $type, $key, $value) = @_;
if ($key eq 'data') {
$value = MIME::Base64::encode_base64url($value);
}
return $value;
};
sub decode_value {
my ($self, $type, $key, $value) = @_;
if ($key eq 'data') {
$value = MIME::Base64::decode_base64url($value);
}
return $value;
};
sub supported_challenge_types { sub supported_challenge_types {
return []; return [];
} }

5
src/PVE/ACME/DNSChallenge.pm
View File

@ -170,9 +170,10 @@ my $proxmox_acme_command = sub {
} else { } else {
push @$cmd, $domain; push @$cmd, $domain;
} }
push @$cmd, $txtvalue, $plugin_conf_string; my $input = "$txtvalue\n";
$input .= "$plugin_conf_string\n" if $plugin_conf_string;
PVE::Tools::run_command($cmd); PVE::Tools::run_command($cmd, input => $input);
$data->{url} = $challenge->{url}; $data->{url} = $challenge->{url};

27
src/proxmox-acme
View File

@ -583,21 +583,15 @@ _source_plugin_config() {
# Proxmox implementation to inject the DNSAPI variables # Proxmox implementation to inject the DNSAPI variables
_load_plugin_config() { _load_plugin_config() {
tmp_str="${plugin_conf_string//[^,]}" while IFS= read -r line; do
index="$(_math ${#tmp_str} + 1)" ADDR=(${line/=/ })
while [ "$index" -gt "0" ]
do
field=$(_getfield $plugin_conf_string "$index" ",")
ADDR=(${field/=/ })
key="${ADDR[0]}" key="${ADDR[0]}"
value="${ADDR[1]}" value="${ADDR[1]}"
# decode base64 encoded values
value=$(echo $value | /usr/bin/openssl base64 -d -A)
# acme.sh uses eval insted of export # acme.sh uses eval insted of export
if [ -n "$key" ]; then
export "$key"="$value" export "$key"="$value"
index="$(_math "$index" - 1)" fi
done done
} }
@ -613,13 +607,11 @@ setup() {
dns_plugin="dns_$1" dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh" dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2" fqdn="_acme-challenge.$2"
txtvalue=$3 DEBUG=$3
IFS= read -r txtvalue
plugin_conf_string=$4 plugin_conf_string=$4
DEBUG=$5
if [ -n "$plugin_conf_string" ]; then
_load_plugin_config _load_plugin_config
fi
if ! . "$dns_plugin_path"; then if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error." _err "Load file $dns_plugin error."
@ -642,13 +634,10 @@ teardown() {
dns_plugin="dns_$1" dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh" dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2" fqdn="_acme-challenge.$2"
txtvalue=$3 DEBUG=$3
plugin_conf_string=$4 IFS= read -r txtvalue
DEBUG=$5
if [ -n "$plugin_conf_string" ]; then
_load_plugin_config _load_plugin_config
fi
if ! . "$dns_plugin_path"; then if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error." _err "Load file $dns_plugin error."