You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

292 lines
8.8 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_dynv6_info='DynV6.com
  4. Site: DynV6.com
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6
  6. Options:
  7. DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys
  8. OptionsAlt:
  9. KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6"
  10. Issues: github.com/acmesh-official/acme.sh/issues/2702
  11. Author: StefanAbl
  12. '
  13. dynv6_api="https://dynv6.com/api/v2"
  14. ######## Public functions #####################
  15. # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
  16. #Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  17. dns_dynv6_add() {
  18. fulldomain="$(echo "$1" | _lower_case)"
  19. txtvalue="$2"
  20. _info "Using dynv6 api"
  21. _debug fulldomain "$fulldomain"
  22. _debug txtvalue "$txtvalue"
  23. _get_authentication
  24. if [ "$dynv6_token" ]; then
  25. _dns_dynv6_add_http
  26. return $?
  27. else
  28. _info "using key file $dynv6_keyfile"
  29. _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
  30. if ! _get_domain "$fulldomain" "$_your_hosts"; then
  31. _err "Host not found on your account"
  32. return 1
  33. fi
  34. _debug "found host on your account"
  35. returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
  36. _debug "Dynv6 returned this after record was added: $returnval"
  37. if _contains "$returnval" "created"; then
  38. return 0
  39. elif _contains "$returnval" "updated"; then
  40. return 0
  41. else
  42. _err "Something went wrong! it does not seem like the record was added successfully"
  43. return 1
  44. fi
  45. return 1
  46. fi
  47. return 1
  48. }
  49. #Usage: fulldomain txtvalue
  50. #Remove the txt record after validation.
  51. dns_dynv6_rm() {
  52. fulldomain="$(echo "$1" | _lower_case)"
  53. txtvalue="$2"
  54. _info "Using dynv6 API"
  55. _debug fulldomain "$fulldomain"
  56. _debug txtvalue "$txtvalue"
  57. _get_authentication
  58. if [ "$dynv6_token" ]; then
  59. _dns_dynv6_rm_http
  60. return $?
  61. else
  62. _info "using key file $dynv6_keyfile"
  63. _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
  64. if ! _get_domain "$fulldomain" "$_your_hosts"; then
  65. _err "Host not found on your account"
  66. return 1
  67. fi
  68. _debug "found host on your account"
  69. _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
  70. return 0
  71. fi
  72. }
  73. #################### Private functions below ##################################
  74. #Usage: No Input required
  75. #returns
  76. #dynv6_keyfile the path to the new key file that has been generated
  77. _generate_new_key() {
  78. dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6"
  79. _info "Path to key file used: $dynv6_keyfile"
  80. if [ ! -f "$dynv6_keyfile" ] && [ ! -f "$dynv6_keyfile.pub" ]; then
  81. _debug "generating key in $dynv6_keyfile and $dynv6_keyfile.pub"
  82. ssh-keygen -f "$dynv6_keyfile" -t ssh-ed25519 -N ''
  83. else
  84. _err "There is already a file in $dynv6_keyfile or $dynv6_keyfile.pub"
  85. return 1
  86. fi
  87. }
  88. #Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts"
  89. #where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts
  90. #returns
  91. #_host= example.dynv6.net
  92. #_record=_acme-challenge.www
  93. #aborts if not a valid domain
  94. _get_domain() {
  95. #_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)"
  96. _full_domain="$1"
  97. _your_hosts="$2"
  98. _your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
  99. for l in $_your_hosts; do
  100. #echo "host: $l"
  101. if test "${_full_domain#*"$l"}" != "$_full_domain"; then
  102. _record=${_full_domain%."$l"}
  103. _host=$l
  104. _debug "The host is $_host and the record $_record"
  105. return 0
  106. fi
  107. done
  108. _err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key"
  109. return 1
  110. }
  111. # Usage: No input required
  112. #returns
  113. #dynv6_keyfile path to the key that will be used
  114. _get_authentication() {
  115. dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}"
  116. if [ "$dynv6_token" ]; then
  117. _debug "Found HTTP Token. Going to use the HTTP API and not the SSH API"
  118. if [ "$DYNV6_TOKEN" ]; then
  119. _saveaccountconf_mutable dynv6_token "$dynv6_token"
  120. fi
  121. else
  122. _debug "no HTTP token found. Looking for an SSH key"
  123. dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
  124. _debug "Your key is $dynv6_keyfile"
  125. if [ -z "$dynv6_keyfile" ]; then
  126. if [ -z "$KEY" ]; then
  127. _err "You did not specify a key to use with dynv6"
  128. _info "Creating new dynv6 API key to add to dynv6.com"
  129. _generate_new_key
  130. _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
  131. _info "Hit Enter to continue"
  132. read -r _
  133. #save the credentials to the account conf file.
  134. else
  135. dynv6_keyfile="$KEY"
  136. fi
  137. _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
  138. fi
  139. fi
  140. }
  141. _dns_dynv6_add_http() {
  142. _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
  143. if ! _get_zone_id "$fulldomain"; then
  144. _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
  145. return 1
  146. fi
  147. _get_zone_name "$_zone_id"
  148. record=${fulldomain%%."$_zone_name"}
  149. _set_record TXT "$record" "$txtvalue"
  150. if _contains "$response" "$txtvalue"; then
  151. _info "Successfully added record"
  152. return 0
  153. else
  154. _err "Something went wrong while adding the record"
  155. return 1
  156. fi
  157. }
  158. _dns_dynv6_rm_http() {
  159. _debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
  160. if ! _get_zone_id "$fulldomain"; then
  161. _err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
  162. return 1
  163. fi
  164. _get_zone_name "$_zone_id"
  165. record=${fulldomain%%."$_zone_name"}
  166. _get_record_id "$_zone_id" "$record" "$txtvalue"
  167. _del_record "$_zone_id" "$_record_id"
  168. if [ -z "$response" ]; then
  169. _info "Successfully deleted record"
  170. return 0
  171. else
  172. _err "Something went wrong while deleting the record"
  173. return 1
  174. fi
  175. }
  176. #get the zoneid for a specifc record or zone
  177. #usage: _get_zone_id §record
  178. #where $record is the record to get the id for
  179. #returns _zone_id the id of the zone
  180. _get_zone_id() {
  181. record="$1"
  182. _debug "getting zone id for $record"
  183. _dynv6_rest GET zones
  184. zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')"
  185. #echo $zones
  186. selected=""
  187. for z in $zones; do
  188. z="${z#name:}"
  189. _debug zone: "$z"
  190. if _contains "$record" "$z"; then
  191. _debug "$z found in $record"
  192. selected="$z"
  193. fi
  194. done
  195. if [ -z "$selected" ]; then
  196. _err "no zone found"
  197. return 1
  198. fi
  199. zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep '"id":' | tr -d '"')"
  200. _zone_id="${zone_id#id:}"
  201. _debug "zone id: $_zone_id"
  202. }
  203. _get_zone_name() {
  204. _zone_id="$1"
  205. _dynv6_rest GET zones/"$_zone_id"
  206. _zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')"
  207. _zone_name="${_zone_name#name:}"
  208. }
  209. #usaage _get_record_id $zone_id $record
  210. # where zone_id is thevalue returned by _get_zone_id
  211. # and record ist in the form _acme.www for an fqdn of _acme.www.example.com
  212. # returns _record_id
  213. _get_record_id() {
  214. _zone_id="$1"
  215. record="$2"
  216. value="$3"
  217. _dynv6_rest GET "zones/$_zone_id/records"
  218. if ! _get_record_id_from_response "$response"; then
  219. _err "no such record $record found in zone $_zone_id"
  220. return 1
  221. fi
  222. }
  223. _get_record_id_from_response() {
  224. response="$1"
  225. _record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')"
  226. #_record_id="${_record_id#id:}"
  227. if [ -z "$_record_id" ]; then
  228. _err "no such record: $record found in zone $_zone_id"
  229. return 1
  230. fi
  231. _debug "record id: $_record_id"
  232. return 0
  233. }
  234. #usage: _set_record TXT _acme_challenge.www longvalue 12345678
  235. #zone id is optional can also be set as vairable bevor calling this method
  236. _set_record() {
  237. type="$1"
  238. record="$2"
  239. value="$3"
  240. if [ "$4" ]; then
  241. _zone_id="$4"
  242. fi
  243. data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}"
  244. #data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}'
  245. echo "$data"
  246. #"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"
  247. _dynv6_rest POST "zones/$_zone_id/records" "$data"
  248. }
  249. _del_record() {
  250. _zone_id=$1
  251. _record_id=$2
  252. _dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id"
  253. }
  254. _dynv6_rest() {
  255. m=$1 #method GET,POST,DELETE or PUT
  256. ep="$2" #the endpoint
  257. data="$3"
  258. _debug "$ep"
  259. token_trimmed=$(echo "$dynv6_token" | tr -d '"')
  260. export _H1="Authorization: Bearer $token_trimmed"
  261. export _H2="Content-Type: application/json"
  262. if [ "$m" != "GET" ]; then
  263. _debug data "$data"
  264. response="$(_post "$data" "$dynv6_api/$ep" "" "$m")"
  265. else
  266. response="$(_get "$dynv6_api/$ep")"
  267. fi
  268. if [ "$?" != "0" ]; then
  269. _err "error $ep"
  270. return 1
  271. fi
  272. _debug2 response "$response"
  273. return 0
  274. }