1 package PVE
::ACME
::DNSChallenge
;
6 use Digest
::SHA
qw(sha256);
9 use base
qw(PVE::ACME::Challenge);
11 my $ACME_PATH = '/usr/share/proxmox-acme/proxmox-acme';
13 sub supported_challenge_types
{
14 return { 'dns-01' => 1 };
126 description
=> "API plugin name",
128 enum
=> $api_name_list,
132 description
=> 'DNS plugin data.',
140 data
=> { optional
=> 1 },
141 nodes
=> { optional
=> 1 },
142 disable
=> { optional
=> 1 },
151 sub extract_challenge
{
152 my ($self, $challenge) = @_;
154 return PVE
::ACME
::Challenge-
>extract_challenge($challenge, 'dns-01');
158 return $api_name_list;
161 # The order of the parameters passed to proxmox-acme is important
162 # proxmox-acme setup $plugin [$domain|$alias] $txtvalue $plugin_conf_string
164 my ($self, $data) = @_;
166 die "No plugin data for DNSChallenge\n" if !defined($data->{plugin
});
167 my $domain = $data->{plugin
}->{alias
} ?
$data->{plugin
}->{alias
} : $data->{domain
};
168 my $txtvalue = PVE
::ACME
::encode
(sha256
($data->{key_authorization
}));
169 my $dnsplugin = $data->{plugin
}->{api
};
170 my $plugin_conf_string = $data->{plugin
}->{data
};
172 # for security reasons, we execute the command as nobody
173 # we can't verify that the code of the DNSPlugins are harmless.
174 my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
175 push @$cmd, "/bin/bash", $ACME_PATH, "setup", $dnsplugin, $domain;
176 push @$cmd, $txtvalue, $plugin_conf_string;
178 PVE
::Tools
::run_command
($cmd, outfunc
=> $outfunc);
179 print "Add TXT record: _acme-challenge.$domain\n";
182 # The order of the parameters passed to proxmox-acme is important
183 # proxmox-acme teardown $plugin [$domain|$alias] $txtvalue $plugin_conf_string
185 my ($self, $data) = @_;
187 die "No plugin data for DNSChallenge\n" if !defined($data->{plugin
});
188 my $domain = $data->{plugin
}->{alias
} ?
$data->{plugin
}->{alias
} : $data->{domain
};
189 my $txtvalue = PVE
::ACME
::encode
(sha256
($data->{key_authorization
}));
190 my $dnsplugin = $data->{plugin
}->{api
};
191 my $plugin_conf_string = $data->{plugin
}->{data
};
193 # for security reasons, we execute the command as nobody
194 # we can't verify that the code of the DNSPlugins are harmless.
195 my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
196 push @$cmd, "/bin/bash", "$ACME_PATH", "teardown", $dnsplugin, $domain ;
197 push @$cmd, $txtvalue, $plugin_conf_string;
198 PVE
::Tools
::run_command
($cmd, outfunc
=> $outfunc);
199 print "Remove TXT record: _acme-challenge.$domain\n";