232 lines
5.4 KiB

8 years ago
  1. #!/usr/bin/env sh
  2. #PowerDNS Embedded API
  3. #https://doc.powerdns.com/md/httpapi/api_spec/
  4. #
  5. #PDNS_Url="http://ns.example.com:8081"
  6. #PDNS_ServerId="localhost"
  7. #PDNS_Token="0123456789ABCDEF"
  8. #PDNS_Ttl=60
  9. DEFAULT_PDNS_TTL=60
  10. ######## Public functions #####################
  11. #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
  12. #fulldomain
  13. #txtvalue
  14. dns_pdns_add() {
  15. fulldomain=$1
  16. txtvalue=$2
  17. if [ -z "$PDNS_Url" ]; then
  18. PDNS_Url=""
  19. _err "You don't specify PowerDNS address."
  20. _err "Please set PDNS_Url and try again."
  21. return 1
  22. fi
  23. if [ -z "$PDNS_ServerId" ]; then
  24. PDNS_ServerId=""
  25. _err "You don't specify PowerDNS server id."
  26. _err "Please set you PDNS_ServerId and try again."
  27. return 1
  28. fi
  29. if [ -z "$PDNS_Token" ]; then
  30. PDNS_Token=""
  31. _err "You don't specify PowerDNS token."
  32. _err "Please create you PDNS_Token and try again."
  33. return 1
  34. fi
  35. if [ -z "$PDNS_Ttl" ]; then
  36. PDNS_Ttl="$DEFAULT_PDNS_TTL"
  37. fi
  38. #save the api addr and key to the account conf file.
  39. _saveaccountconf PDNS_Url "$PDNS_Url"
  40. _saveaccountconf PDNS_ServerId "$PDNS_ServerId"
  41. _saveaccountconf PDNS_Token "$PDNS_Token"
  42. if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then
  43. _saveaccountconf PDNS_Ttl "$PDNS_Ttl"
  44. fi
  45. _debug "Detect root zone"
  46. if ! _get_root "$fulldomain"; then
  47. _err "invalid domain"
  48. return 1
  49. fi
  50. _debug _domain "$_domain"
  51. if ! set_record "$_domain" "$fulldomain" "$txtvalue"; then
  52. return 1
  53. fi
  54. return 0
  55. }
  56. #fulldomain
  57. dns_pdns_rm() {
  58. fulldomain=$1
  59. txtvalue=$2
  60. if [ -z "$PDNS_Ttl" ]; then
  61. PDNS_Ttl="$DEFAULT_PDNS_TTL"
  62. fi
  63. _debug "Detect root zone"
  64. if ! _get_root "$fulldomain"; then
  65. _err "invalid domain"
  66. return 1
  67. fi
  68. _debug _domain "$_domain"
  69. if ! rm_record "$_domain" "$fulldomain" "$txtvalue"; then
  70. return 1
  71. fi
  72. return 0
  73. }
  74. set_record() {
  75. _info "Adding record"
  76. root=$1
  77. full=$2
  78. new_challenge=$3
  79. _record_string=""
  80. _build_record_string "$new_challenge"
  81. _list_existingchallenges
  82. for oldchallenge in $_existing_challenges; do
  83. _build_record_string "$oldchallenge"
  84. done
  85. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
  86. _err "Set txt record error."
  87. return 1
  88. fi
  89. if ! notify_slaves "$root"; then
  90. return 1
  91. fi
  92. return 0
  93. }
  94. rm_record() {
  95. _info "Remove record"
  96. root=$1
  97. full=$2
  98. txtvalue=$3
  99. #Enumerate existing acme challenges
  100. _list_existingchallenges
  101. if _contains "$_existing_challenges" "$txtvalue"; then
  102. #Delete all challenges (PowerDNS API does not allow to delete content)
  103. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
  104. _err "Delete txt record error."
  105. return 1
  106. fi
  107. _record_string=""
  108. #If the only existing challenge was the challenge to delete: nothing to do
  109. if ! [ "$_existing_challenges" = "$txtvalue" ]; then
  110. for oldchallenge in $_existing_challenges; do
  111. #Build up the challenges to re-add, ommitting the one what should be deleted
  112. if ! [ "$oldchallenge" = "$txtvalue" ]; then
  113. _build_record_string "$oldchallenge"
  114. fi
  115. done
  116. #Recreate the existing challenges
  117. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
  118. _err "Set txt record error."
  119. return 1
  120. fi
  121. fi
  122. if ! notify_slaves "$root"; then
  123. return 1
  124. fi
  125. else
  126. _info "Record not found, nothing to remove"
  127. fi
  128. return 0
  129. }
  130. notify_slaves() {
  131. root=$1
  132. if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root/notify"; then
  133. _err "Notify slaves error."
  134. return 1
  135. fi
  136. return 0
  137. }
  138. #################### Private functions below ##################################
  139. #_acme-challenge.www.domain.com
  140. #returns
  141. # _domain=domain.com
  142. _get_root() {
  143. domain=$1
  144. i=1
  145. if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
  146. _zones_response=$(echo "$response" | _normalizeJson)
  147. fi
  148. while true; do
  149. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  150. if _contains "$_zones_response" "\"name\":\"$h.\""; then
  151. _domain="$h."
  152. if [ -z "$h" ]; then
  153. _domain="=2E"
  154. fi
  155. return 0
  156. fi
  157. if [ -z "$h" ]; then
  158. return 1
  159. fi
  160. i=$(_math $i + 1)
  161. done
  162. _debug "$domain not found"
  163. return 1
  164. }
  165. _pdns_rest() {
  166. method=$1
  167. ep=$2
  168. data=$3
  169. export _H1="X-API-Key: $PDNS_Token"
  170. if [ ! "$method" = "GET" ]; then
  171. _debug data "$data"
  172. response="$(_post "$data" "$PDNS_Url$ep" "" "$method")"
  173. else
  174. response="$(_get "$PDNS_Url$ep")"
  175. fi
  176. if [ "$?" != "0" ]; then
  177. _err "error $ep"
  178. return 1
  179. fi
  180. _debug2 response "$response"
  181. return 0
  182. }
  183. _build_record_string() {
  184. _record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}"
  185. }
  186. _list_existingchallenges() {
  187. _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones/$root"
  188. _existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p')
  189. }