1 package PVE
::ACME
::DNSChallenge
;
6 use Digest
::SHA
qw(sha256);
9 use base
qw(PVE::ACME::Challenge);
11 my $ACME_PATH = '/usr/share/proxmox-acme/proxmox-acme';
13 sub supported_challenge_types
{
14 return { 'dns-01' => 1 };
126 description
=> "API plugin name",
128 enum
=> $api_name_list,
132 description
=> 'DNS plugin data.',
141 nodes
=> { optional
=> 1 },
142 disable
=> { optional
=> 1 },
151 sub extract_challenge
{
152 my ($self, $challenge) = @_;
154 return PVE
::ACME
::Challenge-
>extract_challenge($challenge, 'dns-01');
157 # The order of the parameters passed to proxmox-acme is important
158 # proxmox-acme setup $plugin [$domain|$alias] $txtvalue $plugin_conf_string
160 my ($self, $data) = @_;
162 die "No plugin data for DNSChallenge\n" if !defined($data->{plugin
});
163 my $domain = $data->{plugin
}->{alias
} ?
$data->{plugin
}->{alias
} : $data->{domain
};
164 my $txtvalue = PVE
::ACME
::encode
(sha256
($data->{key_authorization
}));
165 my $dnsplugin = $data->{plugin
}->{api
};
166 my $plugin_conf_string = $data->{plugin
}->{data
};
168 # for security reasons, we execute the command as nobody
169 # we can't verify that the code of the DNSPlugins are harmless.
170 my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
171 push @$cmd, "/usr/bin/bash", $ACME_PATH, "setup", $dnsplugin, $domain;
172 push @$cmd, $txtvalue, $plugin_conf_string;
174 PVE
::Tools
::run_command
($cmd, outfunc
=> $outfunc);
175 print "Add TXT record: _acme-challenge.$domain\n";
178 # The order of the parameters passed to proxmox-acme is important
179 # proxmox-acme teardown $plugin [$domain|$alias] $txtvalue $plugin_conf_string
181 my ($self, $data) = @_;
183 die "No plugin data for DNSChallenge\n" if !defined($data->{plugin
});
184 my $domain = $data->{plugin
}->{alias
} ?
$data->{plugin
}->{alias
} : $data->{domain
};
185 my $txtvalue = PVE
::ACME
::encode
(sha256
($data->{key_authorization
}));
186 my $dnsplugin = $data->{plugin
}->{api
};
187 my $plugin_conf_string = $data->{plugin
}->{data
};
189 # for security reasons, we execute the command as nobody
190 # we can't verify that the code of the DNSPlugins are harmless.
191 my $cmd = ["setpriv", "--reuid", "nobody", "--regid", "nogroup", "--clear-groups", "--"];
192 push @$cmd, "/usr/bin/bash", "$ACME_PATH", "teardown", $dnsplugin, $domain ;
193 push @$cmd, $txtvalue, $plugin_conf_string;
194 PVE
::Tools
::run_command
($cmd, outfunc
=> $outfunc);
195 print "Remove TXT record: _acme-challenge.$domain\n";