encode the full multi-line string as base64 single-line string on
each config write, and decode at config parse time. pass both the data
key/value pairs and the secret txtvalue via STDIN instead of as command
line arguments.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+sub encode_value {
+ my ($self, $type, $key, $value) = @_;
+
+ if ($key eq 'data') {
+ $value = MIME::Base64::encode_base64url($value);
+ }
+
+ return $value;
+};
+
+sub decode_value {
+ my ($self, $type, $key, $value) = @_;
+
+ if ($key eq 'data') {
+ $value = MIME::Base64::decode_base64url($value);
+ }
+
+ return $value;
+};
+
sub supported_challenge_types {
return [];
}
sub supported_challenge_types {
return [];
}
} else {
push @$cmd, $domain;
}
} else {
push @$cmd, $domain;
}
- push @$cmd, $txtvalue, $plugin_conf_string;
+ my $input = "$txtvalue\n";
+ $input .= "$plugin_conf_string\n" if $plugin_conf_string;
- PVE::Tools::run_command($cmd);
+ PVE::Tools::run_command($cmd, input => $input);
$data->{url} = $challenge->{url};
$data->{url} = $challenge->{url};
# Proxmox implementation to inject the DNSAPI variables
_load_plugin_config() {
# Proxmox implementation to inject the DNSAPI variables
_load_plugin_config() {
- tmp_str="${plugin_conf_string//[^,]}"
- index="$(_math ${#tmp_str} + 1)"
- while [ "$index" -gt "0" ]
- do
- field=$(_getfield $plugin_conf_string "$index" ",")
- ADDR=(${field/=/ })
+ while IFS= read -r line; do
+ ADDR=(${line/=/ })
key="${ADDR[0]}"
value="${ADDR[1]}"
key="${ADDR[0]}"
value="${ADDR[1]}"
- # decode base64 encoded values
- value=$(echo $value | /usr/bin/openssl base64 -d -A)
-
# acme.sh uses eval insted of export
# acme.sh uses eval insted of export
- export "$key"="$value"
- index="$(_math "$index" - 1)"
+ if [ -n "$key" ]; then
+ export "$key"="$value"
+ fi
dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2"
dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2"
+ DEBUG=$3
+ IFS= read -r txtvalue
- if [ -n "$plugin_conf_string" ]; then
- _load_plugin_config
- fi
if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error."
if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error."
dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2"
dns_plugin="dns_$1"
dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh"
fqdn="_acme-challenge.$2"
- txtvalue=$3
- plugin_conf_string=$4
- DEBUG=$5
+ DEBUG=$3
+ IFS= read -r txtvalue
- if [ -n "$plugin_conf_string" ]; then
- _load_plugin_config
- fi
if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error."
if ! . "$dns_plugin_path"; then
_err "Load file $dns_plugin error."