From: Fabian Grünbichler Date: Fri, 17 Apr 2020 13:09:34 +0000 (+0200) Subject: dns plugin: improve 'data' string encoding/passing X-Git-Url: https://git.proxmox.com/?p=proxmox-acme.git;a=commitdiff_plain;h=13bc64ea1df4adc59bb8cddd8c5d63b0466ab5af dns plugin: improve 'data' string encoding/passing encode the full multi-line string as base64 single-line string on each config write, and decode at config parse time. pass both the data key/value pairs and the secret txtvalue via STDIN instead of as command line arguments. Signed-off-by: Fabian Grünbichler --- diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm index 16d75ad..0af77a3 100644 --- a/src/PVE/ACME/Challenge.pm +++ b/src/PVE/ACME/Challenge.pm @@ -47,6 +47,26 @@ sub parse_config { return $cfg; } +sub encode_value { + my ($self, $type, $key, $value) = @_; + + if ($key eq 'data') { + $value = MIME::Base64::encode_base64url($value); + } + + return $value; +}; + +sub decode_value { + my ($self, $type, $key, $value) = @_; + + if ($key eq 'data') { + $value = MIME::Base64::decode_base64url($value); + } + + return $value; +}; + sub supported_challenge_types { return []; } diff --git a/src/PVE/ACME/DNSChallenge.pm b/src/PVE/ACME/DNSChallenge.pm index 869f858..dec57a6 100644 --- a/src/PVE/ACME/DNSChallenge.pm +++ b/src/PVE/ACME/DNSChallenge.pm @@ -170,9 +170,10 @@ my $proxmox_acme_command = sub { } else { push @$cmd, $domain; } - push @$cmd, $txtvalue, $plugin_conf_string; + my $input = "$txtvalue\n"; + $input .= "$plugin_conf_string\n" if $plugin_conf_string; - PVE::Tools::run_command($cmd); + PVE::Tools::run_command($cmd, input => $input); $data->{url} = $challenge->{url}; diff --git a/src/proxmox-acme b/src/proxmox-acme index 29deba4..49a86ad 100644 --- a/src/proxmox-acme +++ b/src/proxmox-acme @@ -583,21 +583,15 @@ _source_plugin_config() { # Proxmox implementation to inject the DNSAPI variables _load_plugin_config() { - tmp_str="${plugin_conf_string//[^,]}" - index="$(_math ${#tmp_str} + 1)" - while [ "$index" -gt "0" ] - do - field=$(_getfield $plugin_conf_string "$index" ",") - ADDR=(${field/=/ }) + while IFS= read -r line; do + ADDR=(${line/=/ }) key="${ADDR[0]}" value="${ADDR[1]}" - # decode base64 encoded values - value=$(echo $value | /usr/bin/openssl base64 -d -A) - # acme.sh uses eval insted of export - export "$key"="$value" - index="$(_math "$index" - 1)" + if [ -n "$key" ]; then + export "$key"="$value" + fi done } @@ -613,13 +607,11 @@ setup() { dns_plugin="dns_$1" dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh" fqdn="_acme-challenge.$2" - txtvalue=$3 + DEBUG=$3 + IFS= read -r txtvalue plugin_conf_string=$4 - DEBUG=$5 - if [ -n "$plugin_conf_string" ]; then - _load_plugin_config - fi + _load_plugin_config if ! . "$dns_plugin_path"; then _err "Load file $dns_plugin error." @@ -642,13 +634,10 @@ teardown() { dns_plugin="dns_$1" dns_plugin_path="${DNS_PLUGIN_PATH}/${dns_plugin}.sh" fqdn="_acme-challenge.$2" - txtvalue=$3 - plugin_conf_string=$4 - DEBUG=$5 + DEBUG=$3 + IFS= read -r txtvalue - if [ -n "$plugin_conf_string" ]; then - _load_plugin_config - fi + _load_plugin_config if ! . "$dns_plugin_path"; then _err "Load file $dns_plugin error."