You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

177 lines
6.5 KiB

  1. #!/usr/bin/env sh
  2. # ISPConfig 3.1 API
  3. # User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to:
  4. # - DNS zone Functions
  5. # - DNS txt Functions
  6. # Report bugs to https://github.com/sjau/acme.sh
  7. # Values to export:
  8. # export ISPC_User="remoteUser"
  9. # export ISPC_Password="remotePassword"
  10. # export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
  11. # export ISPC_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
  12. ######## Public functions #####################
  13. #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  14. dns_ispconfig_add() {
  15. fulldomain="${1}"
  16. txtvalue="${2}"
  17. _debug "Calling: dns_ispconfig_add() '${fulldomain}' '${txtvalue}'"
  18. _ISPC_credentials && _ISPC_login && _ISPC_getZoneInfo && _ISPC_addTxt
  19. }
  20. #Usage: dns_myapi_rm _acme-challenge.www.domain.com
  21. dns_ispconfig_rm() {
  22. fulldomain="${1}"
  23. _debug "Calling: dns_ispconfig_rm() '${fulldomain}'"
  24. _ISPC_credentials && _ISPC_login && _ISPC_rmTxt
  25. }
  26. #################### Private functions bellow ##################################
  27. _ISPC_credentials() {
  28. if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then
  29. ISPC_User=""
  30. ISPC_Password=""
  31. ISPC_Api=""
  32. ISPC_Api_Insecure=""
  33. _err "You haven't specified the ISPConfig Login data, URL and whether you want check the ISPC SSL cert. Please try again."
  34. return 1
  35. else
  36. _saveaccountconf ISPC_User "${ISPC_User}"
  37. _saveaccountconf ISPC_Password "${ISPC_Password}"
  38. _saveaccountconf ISPC_Api "${ISPC_Api}"
  39. _saveaccountconf ISPC_Api_Insecure "${ISPC_Api_Insecure}"
  40. # Set whether curl should use secure or insecure mode
  41. HTTPS_INSECURE="${ISPC_Api_Insecure}"
  42. fi
  43. }
  44. _ISPC_login() {
  45. _info "Getting Session ID"
  46. curData="{\"username\":\"${ISPC_User}\",\"password\":\"${ISPC_Password}\",\"client_login\":false}"
  47. curResult="$(_post "${curData}" "${ISPC_Api}?login")"
  48. _debug "Calling _ISPC_login: '${curData}' '${ISPC_Api}?login'"
  49. _debug "Result of _ISPC_login: '$curResult'"
  50. if _contains "${curResult}" '"code":"ok"'; then
  51. sessionID=$(echo "${curResult}" | _egrep_o "response.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  52. _info "Retrieved Session ID."
  53. _debug "Session ID: '${sessionID}'"
  54. else
  55. _err "Couldn't retrieve the Session ID."
  56. return 1
  57. fi
  58. }
  59. _ISPC_getZoneInfo() {
  60. _info "Getting Zoneinfo"
  61. zoneEnd=false
  62. curZone="${fulldomain}"
  63. while [ "${zoneEnd}" = false ]; do
  64. # we can strip the first part of the fulldomain, since it's just the _acme-challenge string
  65. curZone="${curZone#*.}"
  66. # suffix . needed for zone -> domain.tld.
  67. curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"origin\":\"${curZone}.\"}}"
  68. curResult="$(_post "${curData}" "${ISPC_Api}?dns_zone_get")"
  69. _debug "Calling _ISPC_getZoneInfo: '${curData}' '${ISPC_Api}?login'"
  70. _debug "Result of _ISPC_getZoneInfo: '$curResult'"
  71. if _contains "${curResult}" '"id":"'; then
  72. zoneFound=true
  73. zoneEnd=true
  74. _info "Retrieved zone data."
  75. _debug "Zone data: '${curResult}'"
  76. fi
  77. if [ "${curZone#*.}" != "$curZone" ]; then
  78. _debug2 "$curZone still contains a '.' - so we can check next higher level"
  79. else
  80. zoneEnd=true
  81. _err "Couldn't retrieve zone data."
  82. return 1
  83. fi
  84. done
  85. if [ "${zoneFound}" ]; then
  86. server_id=$(echo "${curResult}" | _egrep_o "server_id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  87. _debug "Server ID: '${server_id}'"
  88. case "${server_id}" in
  89. '' | *[!0-9]*)
  90. _err "Server ID is not numeric."
  91. return 1
  92. ;;
  93. *) _info "Retrieved Server ID" ;;
  94. esac
  95. zone=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  96. _debug "Zone: '${zone}'"
  97. case "${zone}" in
  98. '' | *[!0-9]*)
  99. _err "Zone ID is not numeric."
  100. return 1
  101. ;;
  102. *) _info "Retrieved Zone ID" ;;
  103. esac
  104. client_id=$(echo "${curResult}" | _egrep_o "sys_userid.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  105. _debug "Client ID: '${client_id}'"
  106. case "${client_id}" in
  107. '' | *[!0-9]*)
  108. _err "Client ID is not numeric."
  109. return 1
  110. ;;
  111. *) _info "Retrieved Client ID." ;;
  112. esac
  113. zoneFound=""
  114. zoneEnd=""
  115. fi
  116. }
  117. _ISPC_addTxt() {
  118. curSerial="$(date +%s)"
  119. curStamp="$(date +'%F %T')"
  120. params="\"server_id\":\"${server_id}\",\"zone\":\"${zone}\",\"name\":\"${fulldomain}.\",\"type\":\"txt\",\"data\":\"${txtvalue}\",\"aux\":\"0\",\"ttl\":\"3600\",\"active\":\"y\",\"stamp\":\"${curStamp}\",\"serial\":\"${curSerial}\""
  121. curData="{\"session_id\":\"${sessionID}\",\"client_id\":\"${client_id}\",\"params\":{${params}}}"
  122. curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_add")"
  123. _debug "Calling _ISPC_addTxt: '${curData}' '${ISPC_Api}?dns_txt_add'"
  124. _debug "Result of _ISPC_addTxt: '$curResult'"
  125. record_id=$(echo "${curResult}" | _egrep_o "\"response.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  126. _debug "Record ID: '${record_id}'"
  127. case "${record_id}" in
  128. '' | *[!0-9]*)
  129. _err "Couldn't add ACME Challenge TXT record to zone."
  130. return 1
  131. ;;
  132. *) _info "Added ACME Challenge TXT record to zone." ;;
  133. esac
  134. }
  135. _ISPC_rmTxt() {
  136. # Need to get the record ID.
  137. curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"name\":\"${fulldomain}.\",\"type\":\"TXT\"}}"
  138. curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_get")"
  139. _debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_get'"
  140. _debug "Result of _ISPC_rmTxt: '$curResult'"
  141. if _contains "${curResult}" '"code":"ok"'; then
  142. record_id=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2)
  143. _debug "Record ID: '${record_id}'"
  144. case "${record_id}" in
  145. '' | *[!0-9]*)
  146. _err "Record ID is not numeric."
  147. return 1
  148. ;;
  149. *)
  150. unset IFS
  151. _info "Retrieved Record ID."
  152. curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\"}"
  153. curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_delete")"
  154. _debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'"
  155. _debug "Result of _ISPC_rmTxt: '$curResult'"
  156. if _contains "${curResult}" '"code":"ok"'; then
  157. _info "Removed ACME Challenge TXT record from zone."
  158. else
  159. _err "Couldn't remove ACME Challenge TXT record from zone."
  160. return 1
  161. fi
  162. ;;
  163. esac
  164. fi
  165. }