From 99151a2db842a850a2860af3e77532370802ca69 Mon Sep 17 00:00:00 2001
From: Lexi Winter <ivy@FreeBSD.org>
Date: Tue, 3 Jun 2025 10:49:05 +0100
Subject: make the challenge handler configurable

perhaps one day we'll even support something other than Kerberos!
---
 init.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

(limited to 'init.sh')

diff --git a/init.sh b/init.sh
index 3c9de04..9674bc1 100644
--- a/init.sh
+++ b/init.sh
@@ -25,6 +25,7 @@ _warn() {
 _BASEDIR="/usr/local"
 # Where the internal scripts are.
 _SHARE="${_BASEDIR}/share/lfacme"
+_CHALLENGE="${_SHARE}/challenge"
 
 # Our configuration directory.  This might be overridden by command-line
 # arguments.
@@ -71,3 +72,56 @@ _UACME=/usr/local/bin/uacme
 _uacme() {
 	"$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@"
 }
+
+# Find a challenge script and make sure it's valid.  If the challenge name
+# begins with a '/' it's a full path, otherwise we search $_CHALLENGE and
+# $_CONFDIR/challenge.
+_findchallenge() {
+	local identifier="$1"
+	local challenge="$2"
+	local path=""
+
+	if [ "${challenge#/*}" != "$challenge" ]; then
+		path="${challenge}"
+	elif [ -f "${_CHALLENGE}/${challenge}" ]; then
+		path="${_CHALLENGE}/${challenge}"
+	elif [ -f "${_CONFDIR}/challenge/${challenge}" ]; then
+		path="${_CONFDIR}/challenge/${challenge}"
+	else
+		_error "%s: could not find challenge script '%s'" \
+			"$identifier" "$challenge"
+		return 1
+	fi
+
+	if ! [ -x "$path" ]; then
+		_error "%s: challenge is not executable: %s" \
+			"$identifier" "$path"
+		return 1
+	fi
+
+	echo "$path"
+}
+
+# Find a hook script and make sure it's valid.  If the hook name begins with a
+# '/' it's a full path, otherwise it's relative to ACME_HOOKDIR.
+_findhook() {
+	hook="$1"
+
+	if [ "${hook#/*}" = "$hook" ]; then
+		hook="${ACME_HOOKDIR}/$hook"
+	fi
+
+	if ! [ -f "$hook" ]; then
+		_error "%s: hook does not exist: %s" \
+			"$identifier" "$hook"
+		return 1
+	fi
+
+	if ! [ -x "$hook" ]; then
+		_error "%s: hook is not executable: %s" \
+			"$identifier" "$hook"
+		return 1
+	fi
+
+	echo "$hook"
+}
-- 
cgit v1.2.3