You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

191 lines
5.3 KiB

4 years ago
4 years ago
1 month ago
8 years ago
1 month ago
4 years ago
4 years ago
4 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_gandi_livedns_info='Gandi.net LiveDNS
  4. Site: Gandi.net/domain/dns
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns
  6. Options:
  7. GANDI_LIVEDNS_KEY API Key
  8. Issues: github.com/fcrozat/acme.sh
  9. Author: Frédéric Crozat <fcrozat@suse.com>, Dominik Röttsches <drott@google.com>
  10. '
  11. # Gandi LiveDNS v5 API
  12. # https://api.gandi.net/docs/livedns/
  13. # https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication
  14. # currently under beta
  15. ######## Public functions #####################
  16. GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns"
  17. #Usage: dns_gandi_livedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  18. dns_gandi_livedns_add() {
  19. fulldomain=$1
  20. txtvalue=$2
  21. if [ -z "$GANDI_LIVEDNS_KEY" ] && [ -z "$GANDI_LIVEDNS_TOKEN" ]; then
  22. _err "No Token or API key (deprecated) specified for Gandi LiveDNS."
  23. _err "Create your token or key and export it as GANDI_LIVEDNS_KEY or GANDI_LIVEDNS_TOKEN respectively"
  24. return 1
  25. fi
  26. # Keep only one secret in configuration
  27. if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
  28. _saveaccountconf GANDI_LIVEDNS_TOKEN "$GANDI_LIVEDNS_TOKEN"
  29. _clearaccountconf GANDI_LIVEDNS_KEY
  30. elif [ -n "$GANDI_LIVEDNS_KEY" ]; then
  31. _saveaccountconf GANDI_LIVEDNS_KEY "$GANDI_LIVEDNS_KEY"
  32. _clearaccountconf GANDI_LIVEDNS_TOKEN
  33. fi
  34. _debug "First detect the root zone"
  35. if ! _get_root "$fulldomain"; then
  36. _err "invalid domain"
  37. return 1
  38. fi
  39. _debug fulldomain "$fulldomain"
  40. _debug txtvalue "$txtvalue"
  41. _debug domain "$_domain"
  42. _debug sub_domain "$_sub_domain"
  43. _dns_gandi_append_record "$_domain" "$_sub_domain" "$txtvalue"
  44. }
  45. #Usage: fulldomain txtvalue
  46. #Remove the txt record after validation.
  47. dns_gandi_livedns_rm() {
  48. fulldomain=$1
  49. txtvalue=$2
  50. _debug "First detect the root zone"
  51. if ! _get_root "$fulldomain"; then
  52. _err "invalid domain"
  53. return 1
  54. fi
  55. _debug fulldomain "$fulldomain"
  56. _debug domain "$_domain"
  57. _debug sub_domain "$_sub_domain"
  58. _debug txtvalue "$txtvalue"
  59. if ! _dns_gandi_existing_rrset_values "$_domain" "$_sub_domain"; then
  60. return 1
  61. fi
  62. _new_rrset_values=$(echo "$_rrset_values" | sed "s/...$txtvalue...//g")
  63. # Cleanup dangling commata.
  64. _new_rrset_values=$(echo "$_new_rrset_values" | sed "s/, ,/ ,/g")
  65. _new_rrset_values=$(echo "$_new_rrset_values" | sed "s/, *\]/\]/g")
  66. _new_rrset_values=$(echo "$_new_rrset_values" | sed "s/\[ *,/\[/g")
  67. _debug "New rrset_values" "$_new_rrset_values"
  68. _gandi_livedns_rest PUT \
  69. "domains/$_domain/records/$_sub_domain/TXT" \
  70. "{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
  71. _contains "$response" '{"message":"DNS Record Created"}' &&
  72. _info "Removing record $(__green "success")"
  73. }
  74. #################### Private functions below ##################################
  75. #_acme-challenge.www.domain.com
  76. #returns
  77. # _sub_domain=_acme-challenge.www
  78. # _domain=domain.com
  79. _get_root() {
  80. domain=$1
  81. i=2
  82. p=1
  83. while true; do
  84. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  85. _debug h "$h"
  86. if [ -z "$h" ]; then
  87. #not valid
  88. return 1
  89. fi
  90. if ! _gandi_livedns_rest GET "domains/$h"; then
  91. return 1
  92. fi
  93. if _contains "$response" '"code": 401'; then
  94. _err "$response"
  95. return 1
  96. elif _contains "$response" '"code": 404'; then
  97. _debug "$h not found"
  98. else
  99. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
  100. _domain="$h"
  101. return 0
  102. fi
  103. p="$i"
  104. i=$(_math "$i" + 1)
  105. done
  106. return 1
  107. }
  108. _dns_gandi_append_record() {
  109. domain=$1
  110. sub_domain=$2
  111. txtvalue=$3
  112. if _dns_gandi_existing_rrset_values "$domain" "$sub_domain"; then
  113. _debug "Appending new value"
  114. _rrset_values=$(echo "$_rrset_values" | sed "s/\"]/\",\"$txtvalue\"]/")
  115. else
  116. _debug "Creating new record" "$_rrset_values"
  117. _rrset_values="[\"$txtvalue\"]"
  118. fi
  119. _debug new_rrset_values "$_rrset_values"
  120. _gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
  121. "{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
  122. _contains "$response" '{"message":"DNS Record Created"}' &&
  123. _info "Adding record $(__green "success")"
  124. }
  125. _dns_gandi_existing_rrset_values() {
  126. domain=$1
  127. sub_domain=$2
  128. if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then
  129. return 1
  130. fi
  131. if ! _contains "$response" '"rrset_type":"TXT"'; then
  132. _debug "Does not have a _acme-challenge TXT record yet."
  133. return 1
  134. fi
  135. if _contains "$response" '"rrset_values":\[\]'; then
  136. _debug "Empty rrset_values for TXT record, no previous TXT record."
  137. return 1
  138. fi
  139. _debug "Already has TXT record."
  140. _rrset_values=$(echo "$response" | _egrep_o 'rrset_values.*\[.*\]' |
  141. _egrep_o '\[".*\"]')
  142. return 0
  143. }
  144. _gandi_livedns_rest() {
  145. m=$1
  146. ep="$2"
  147. data="$3"
  148. _debug "$ep"
  149. export _H1="Content-Type: application/json"
  150. if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
  151. export _H2="Authorization: Bearer $GANDI_LIVEDNS_TOKEN"
  152. else
  153. export _H2="Authorization: Apikey $GANDI_LIVEDNS_KEY"
  154. fi
  155. if [ "$m" = "GET" ]; then
  156. response="$(_get "$GANDI_LIVEDNS_API/$ep")"
  157. else
  158. _debug data "$data"
  159. response="$(_post "$data" "$GANDI_LIVEDNS_API/$ep" "" "$m")"
  160. fi
  161. if [ "$?" != "0" ]; then
  162. _err "error $ep"
  163. return 1
  164. fi
  165. _debug2 response "$response"
  166. return 0
  167. }