upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-02-03 20:40:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/acme-client: use mwexec/file_safe

Browse source 
Although technically we shouldn't from classes inside MVC but it is what
it is.

PR: https://github.com/opnsense/core/issues/9325
This commit is contained in:
Franco Fichtner 2025-10-28 15:37:39 +01:00
parent 3af63008f9
commit ad06910687
3 changed files with 13 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
security/acme-client/Makefile
View file

@ -1,5 +1,6 @@
PLUGIN_NAME= acme-client
PLUGIN_VERSION= 4.10
PLUGIN_REVISION= 1
PLUGIN_COMMENT= ACME Client
PLUGIN_MAINTAINER= opnsense@moov.de
PLUGIN_DEPENDS= acme.sh py${PLUGIN_PYTHON}-dns-lexicon

13
security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/HttpOpnsense.php
View file

@ -126,18 +126,17 @@ class HttpOpnsense extends Base implements LeValidationInterface
// Create temporary port forward to allow acme challenges to get through
$anchor_setup = "rdr-anchor \"acme-client\"\n";
file_put_contents("{$configdir}/acme_anchor_setup", $anchor_setup);
chmod("{$configdir}/acme_anchor_setup", 0600);
mwexec("/sbin/pfctl -f {$configdir}/acme_anchor_setup");
file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules);
chmod("{$configdir}/acme_anchor_rules", 0600);
mwexec("/sbin/pfctl -a acme-client -f {$configdir}/acme_anchor_rules");
// XXX Should not be using util.inc from here
file_safe("{$configdir}/acme_anchor_setup", $anchor_setup, 0600);
mwexecf('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
file_safe("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
mwexecf('/sbin/pfctl -a %s -f %s', ['acme-client', "{$configdir}/acme_anchor_rules"]);
}
public function cleanup()
{
// Flush OPNsense port forward rules.
mwexec('/sbin/pfctl -a acme-client -F all');
mwexecf('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
// Workaround to solve disconnection issues reported by some users.
$backend = new \OPNsense\Core\Backend();

13
security/acme-client/src/opnsense/mvc/app/library/OPNsense/AcmeClient/LeValidation/TlsalpnAcme.php
View file

@ -127,18 +127,17 @@ class TlsalpnAcme extends Base implements LeValidationInterface
// Create temporary port forward to allow acme challenges to get through
$anchor_setup = "rdr-anchor \"acme-client\"\n";
file_put_contents("{$configdir}/acme_anchor_setup", $anchor_setup);
chmod("{$configdir}/acme_anchor_setup", 0600);
mwexec("/sbin/pfctl -f {$configdir}/acme_anchor_setup");
file_put_contents("{$configdir}/acme_anchor_rules", $anchor_rules);
chmod("{$configdir}/acme_anchor_rules", 0600);
mwexec("/sbin/pfctl -a acme-client -f {$configdir}/acme_anchor_rules");
// XXX Should not be using util.inc from here
file_safe("{$configdir}/acme_anchor_setup", $anchor_setup, 0600);
mwexecf('/sbin/pfctl -f %s', ["{$configdir}/acme_anchor_setup"]);
file_safe("{$configdir}/acme_anchor_rules", $anchor_rules, 0600);
mwexecf("/sbin/pfctl -a %s -f %s", ['acme-client', "{$configdir}/acme_anchor_rules"]);
}
public function cleanup()
{
// Flush OPNsense port forward rules.
mwexec('/sbin/pfctl -a acme-client -F all');
mwexecf('/sbin/pfctl -a %s -F %s', ['acme-client', 'all']);
// Workaround to solve disconnection issues reported by some users.
$backend = new \OPNsense\Core\Backend();