From c46695c0301af79e02a2e376a6e005fa239ebbfa Mon Sep 17 00:00:00 2001
From: Bill Gertz <bill.gertz@blockfish.net>
Date: Thu, 28 May 2020 15:21:08 +0200
Subject: [PATCH] security/acme-client: Add NSUPDATE_ZONE support to nsupdate
 DNS-01 Service (#1851)

Add NSUPDATE_ZONE nsupdate support

Adds new validation.dns_nsudate_zone field to implement support for NSUPDATE_ZONE. See https://github.com/acmesh-official/acme.sh/pull/1963 for more information.
---
 .../OPNsense/AcmeClient/forms/dialogValidation.xml          | 6 ++++++
 .../mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml       | 3 +++
 .../src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php | 1 +
 3 files changed, 10 insertions(+)

diff --git a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
index c45394a47..fd36767e0 100644
--- a/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
+++ b/security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogValidation.xml
@@ -772,6 +772,12 @@
         <label>Server (FQDN)</label>
         <type>text</type>
     </field>
+    <field>
+        <id>validation.dns_nsupdate_zone</id>
+        <label>Zone</label>
+        <type>text</type>
+        <help>Set hosted zone (e.g. example.com) as some DNS Providers require, like dyn.com's 'Standard DNS'.</help>
+    </field>
     <field>
         <id>validation.dns_nsupdate_key</id>
         <label>Secret Key</label>
diff --git a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
index e093a3494..2ec2e16b2 100644
--- a/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
+++ b/security/acme-client/src/opnsense/mvc/app/models/OPNsense/AcmeClient/AcmeClient.xml
@@ -751,6 +751,9 @@
                 <dns_nsupdate_server type="TextField">
                     <Required>N</Required>
                 </dns_nsupdate_server>
+                <dns_nsupdate_zone type="TextField">
+                    <Required>N</Required>
+                </dns_nsupdate_zone>
                 <!-- TODO: maybe we should base64encode this field? -->
                 <dns_nsupdate_key type="TextField">
                     <Required>N</Required>
diff --git a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
index 997b7fb3c..8e482c39d 100755
--- a/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
+++ b/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
@@ -893,6 +893,7 @@ function run_acme_validation($certObj, $valObj, $acctObj)
                 file_put_contents($secret_key_filename, $secret_key_data);
                 $proc_env['NSUPDATE_KEY'] = $secret_key_filename;
                 $proc_env['NSUPDATE_SERVER'] = (string)$valObj->dns_nsupdate_server;
+                $proc_env['NSUPDATE_ZONE'] = (string)$valObj->dns_nsupdate_zone;
                 break;
             case 'dns_opnsense':
                 # BIND plugin must be installed.