MINOR: acme: emit the DNS-01 challenge details on the dpapi sink

This commit adds a new message to the dpapi sink which is emitted during
the new authorization request.

One message is emitted by challenge to resolve. The certificate name as
well as the thumprint of the account key are on the first line of the
message. A dump of the JSON response for 1 challenge is dumped, en the
message ends with a \0.

The agent consuming these messages MUST NOT access the URLs, and SHOULD
only uses the thumbprint, dns and token to configure a challenge.

Example:

    $ ( echo "@@1 show events dpapi -w -0"; cat - ) | socat /tmp/master.sock -  | cat -e
    <0>2025-08-01T16:23:14.797733+02:00 acme deploy foobar.pem.rsa thumbprint Gv7pmGKiv_cjo3aZDWkUPz5ZMxctmd-U30P2GeqpnCo$
    {$
       "status": "pending",$
       "identifier": {$
          "type": "dns",$
          "value": "foobar.com"$
       },$
       "challenges": [$
          {$
             "type": "dns-01",$
             "url": "https://0.0.0.0:14000/chalZ/1o7sxLnwcVCcmeriH1fbHJhRgn4UBIZ8YCbcrzfREZc",$
             "token": "tvAcRXpNjbgX964ScRVpVL2NXPid1_V8cFwDbRWH_4Q",$
             "status": "pending"$
          },$
          {$
             "type": "dns-account-01",$
             "url": "https://0.0.0.0:14000/chalZ/z2_WzibwTPvE2zzIiP3BF0zNy3fgpU_8Nj-V085equ0",$
             "token": "UedIMFsI-6Y9Nq3oXgHcG72vtBFWBTqZx-1snG_0iLs",$
             "status": "pending"$
          },$
          {$
             "type": "tls-alpn-01",$
             "url": "https://0.0.0.0:14000/chalZ/AHnQcRvZlFw6e7F6rrc7GofUMq7S8aIoeDileByYfEI",$
             "token": "QhT4ejBEu6ZLl6pI1HsOQ3jD9piu__N0Hr8PaWaIPyo",$
             "status": "pending"$
          },$
          {$
             "type": "http-01",$
             "url": "https://0.0.0.0:14000/chalZ/Q_qTTPDW43-hsPW3C60NHpGDm_-5ZtZaRfOYDsK3kY8",$
             "token": "g5Y1WID1v-hZeuqhIa6pvdDyae7Q7mVdxG9CfRV2-t4",$
             "status": "pending"$
          }$
       ],$
       "expires": "2025-08-01T15:23:14Z"$
    }$
    ^@

diff --git a/src/acme.c b/src/acme.c
index b93add22647093ffa3bcf42af4a1a7efb6449a3d..b67240c0e15ccf666e7ffdea819228dd1a3523c0 100644 (file)
--- a/src/acme.c
+++ b/src/acme.c
@@ -1580,9 +1580,27 @@ int acme_res_auth(struct task *task, struct acme_ctx *ctx, struct acme_auth *aut
 
                /* compute a response for the TXT entry */
                if (strcasecmp(ctx->cfg->challenge, "DNS-01") == 0) {
+                       struct sink *dpapi;
+                       struct ist line[7];
+
+
                        trash.data = acme_txt_record(ist(ctx->cfg->account.thumbprint), auth->token, &trash);
                        send_log(NULL, LOG_NOTICE,"acme: %s: DNS-01 requires to set the \"acme-challenge.%.*s\" TXT record to \"%.*s\"\n",
                                                                     ctx->store->path, (int)auth->dns.len, auth->dns.ptr, (int)trash.data, trash.area);
+
+                       /* dump to the "dpapi" sink */
+
+                       line[0] = ist("acme deploy ");
+                       line[1] = ist(ctx->store->path);
+                       line[2] = ist(" thumbprint ");
+                       line[3] = ist(ctx->cfg->account.thumbprint);
+                       line[4] = ist("\n");
+                       line[5] = ist2( hc->res.buf.area, hc->res.buf.data); /* dump the HTTP response */
+                       line[6] = ist("\n\0");
+
+                       dpapi = sink_find("dpapi");
+                       if (dpapi)
+                               sink_write(dpapi, LOG_HEADER_NONE, 0, line, 7);
                }
 
                /* only useful for HTTP-01 */