You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

327 lines
7.9 KiB

4 years ago
4 years ago
4 years ago
4 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
3 years ago
7 years ago
  1. #!/usr/bin/env sh
  2. #Application Key
  3. #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
  4. #
  5. #Application Secret
  6. #OVH_AS="sdfsafsdfsdfdsfsdfsa"
  7. #
  8. #Consumer Key
  9. #OVH_CK="sdfsdfsdfsdfsdfdsf"
  10. #OVH_END_POINT=ovh-eu
  11. #'ovh-eu'
  12. OVH_EU='https://eu.api.ovh.com/1.0'
  13. #'ovh-us'
  14. OVH_US='https://api.us.ovhcloud.com/1.0'
  15. #'ovh-ca':
  16. OVH_CA='https://ca.api.ovh.com/1.0'
  17. #'kimsufi-eu'
  18. KSF_EU='https://eu.api.kimsufi.com/1.0'
  19. #'kimsufi-ca'
  20. KSF_CA='https://ca.api.kimsufi.com/1.0'
  21. #'soyoustart-eu'
  22. SYS_EU='https://eu.api.soyoustart.com/1.0'
  23. #'soyoustart-ca'
  24. SYS_CA='https://ca.api.soyoustart.com/1.0'
  25. wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
  26. ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
  27. _ovh_get_api() {
  28. _ogaep="$1"
  29. case "${_ogaep}" in
  30. ovh-eu | ovheu)
  31. printf "%s" $OVH_EU
  32. return
  33. ;;
  34. ovh-us | ovhus)
  35. printf "%s" $OVH_US
  36. return
  37. ;;
  38. ovh-ca | ovhca)
  39. printf "%s" $OVH_CA
  40. return
  41. ;;
  42. kimsufi-eu | kimsufieu)
  43. printf "%s" $KSF_EU
  44. return
  45. ;;
  46. kimsufi-ca | kimsufica)
  47. printf "%s" $KSF_CA
  48. return
  49. ;;
  50. soyoustart-eu | soyoustarteu)
  51. printf "%s" $SYS_EU
  52. return
  53. ;;
  54. soyoustart-ca | soyoustartca)
  55. printf "%s" $SYS_CA
  56. return
  57. ;;
  58. # raw API url starts with https://
  59. https*)
  60. printf "%s" "$1"
  61. return
  62. ;;
  63. *)
  64. _err "Unknown endpoint : $1"
  65. return 1
  66. ;;
  67. esac
  68. }
  69. _initAuth() {
  70. OVH_AK="${OVH_AK:-$(_readaccountconf_mutable OVH_AK)}"
  71. OVH_AS="${OVH_AS:-$(_readaccountconf_mutable OVH_AS)}"
  72. if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
  73. OVH_AK=""
  74. OVH_AS=""
  75. _err "You don't specify OVH application key and application secret yet."
  76. _err "Please create you key and try again."
  77. return 1
  78. fi
  79. if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then
  80. _info "It seems that your ovh key is changed, let's clear consumer key first."
  81. _clearaccountconf_mutable OVH_CK
  82. fi
  83. _saveaccountconf_mutable OVH_AK "$OVH_AK"
  84. _saveaccountconf_mutable OVH_AS "$OVH_AS"
  85. OVH_END_POINT="${OVH_END_POINT:-$(_readaccountconf_mutable OVH_END_POINT)}"
  86. if [ -z "$OVH_END_POINT" ]; then
  87. OVH_END_POINT="ovh-eu"
  88. fi
  89. _info "Using OVH endpoint: $OVH_END_POINT"
  90. if [ "$OVH_END_POINT" != "ovh-eu" ]; then
  91. _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT"
  92. fi
  93. OVH_API="$(_ovh_get_api $OVH_END_POINT)"
  94. _debug OVH_API "$OVH_API"
  95. OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}"
  96. if [ -z "$OVH_CK" ]; then
  97. _info "OVH consumer key is empty, Let's get one:"
  98. if ! _ovh_authentication; then
  99. _err "Can not get consumer key."
  100. fi
  101. #return and wait for retry.
  102. return 1
  103. fi
  104. _saveaccountconf_mutable OVH_CK "$OVH_CK"
  105. _info "Checking authentication"
  106. if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then
  107. _err "The consumer key is invalid: $OVH_CK"
  108. _err "Please retry to create a new one."
  109. _clearaccountconf_mutable OVH_CK
  110. return 1
  111. fi
  112. _info "Consumer key is ok."
  113. return 0
  114. }
  115. ######## Public functions #####################
  116. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  117. dns_ovh_add() {
  118. fulldomain=$1
  119. txtvalue=$2
  120. if ! _initAuth; then
  121. return 1
  122. fi
  123. _debug "First detect the root zone"
  124. if ! _get_root "$fulldomain"; then
  125. _err "invalid domain"
  126. return 1
  127. fi
  128. _debug _sub_domain "$_sub_domain"
  129. _debug _domain "$_domain"
  130. _info "Adding record"
  131. if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
  132. if _contains "$response" "$txtvalue"; then
  133. _ovh_rest POST "domain/zone/$_domain/refresh"
  134. _debug "Refresh:$response"
  135. _info "Added, sleep 10 seconds."
  136. _sleep 10
  137. return 0
  138. fi
  139. fi
  140. _err "Add txt record error."
  141. return 1
  142. }
  143. #fulldomain
  144. dns_ovh_rm() {
  145. fulldomain=$1
  146. txtvalue=$2
  147. if ! _initAuth; then
  148. return 1
  149. fi
  150. _debug "First detect the root zone"
  151. if ! _get_root "$fulldomain"; then
  152. _err "invalid domain"
  153. return 1
  154. fi
  155. _debug _sub_domain "$_sub_domain"
  156. _debug _domain "$_domain"
  157. _debug "Getting txt records"
  158. if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
  159. return 1
  160. fi
  161. for rid in $(echo "$response" | tr '][,' ' '); do
  162. _debug rid "$rid"
  163. if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
  164. return 1
  165. fi
  166. if _contains "$response" "\"target\":\"$txtvalue\""; then
  167. _debug "Found txt id:$rid"
  168. if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
  169. return 1
  170. fi
  171. _ovh_rest POST "domain/zone/$_domain/refresh"
  172. _debug "Refresh:$response"
  173. return 0
  174. fi
  175. done
  176. return 1
  177. }
  178. #################### Private functions below ##################################
  179. _ovh_authentication() {
  180. _H1="X-Ovh-Application: $OVH_AK"
  181. _H2="Content-type: application/json"
  182. _H3=""
  183. _H4=""
  184. _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
  185. response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
  186. _debug3 response "$response"
  187. validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
  188. if [ -z "$validationUrl" ]; then
  189. _err "Unable to get validationUrl"
  190. return 1
  191. fi
  192. _debug validationUrl "$validationUrl"
  193. consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  194. if [ -z "$consumerKey" ]; then
  195. _err "Unable to get consumerKey"
  196. return 1
  197. fi
  198. _secure_debug consumerKey "$consumerKey"
  199. OVH_CK="$consumerKey"
  200. _saveaccountconf_mutable OVH_CK "$OVH_CK"
  201. _info "Please open this link to do authentication: $(__green "$validationUrl")"
  202. _info "Here is a guide for you: $(__green "$wiki")"
  203. _info "Please retry after the authentication is done."
  204. }
  205. #_acme-challenge.www.domain.com
  206. #returns
  207. # _sub_domain=_acme-challenge.www
  208. # _domain=domain.com
  209. _get_root() {
  210. domain=$1
  211. i=1
  212. p=1
  213. while true; do
  214. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  215. if [ -z "$h" ]; then
  216. #not valid
  217. return 1
  218. fi
  219. if ! _ovh_rest GET "domain/zone/$h"; then
  220. return 1
  221. fi
  222. if ! _contains "$response" "This service does not exist" >/dev/null &&
  223. ! _contains "$response" "This call has not been granted" >/dev/null &&
  224. ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
  225. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  226. _domain="$h"
  227. return 0
  228. fi
  229. p=$i
  230. i=$(_math "$i" + 1)
  231. done
  232. return 1
  233. }
  234. _ovh_timestamp() {
  235. _H1=""
  236. _H2=""
  237. _H3=""
  238. _H4=""
  239. _H5=""
  240. _get "$OVH_API/auth/time" "" 30
  241. }
  242. _ovh_rest() {
  243. m=$1
  244. ep="$2"
  245. data="$3"
  246. _debug "$ep"
  247. _ovh_url="$OVH_API/$ep"
  248. _debug2 _ovh_url "$_ovh_url"
  249. _ovh_t="$(_ovh_timestamp)"
  250. _debug2 _ovh_t "$_ovh_t"
  251. _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
  252. _secure_debug _ovh_p "$_ovh_p"
  253. _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
  254. _debug2 _ovh_hex "$_ovh_hex"
  255. export _H1="X-Ovh-Application: $OVH_AK"
  256. export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
  257. _debug2 _H2 "$_H2"
  258. export _H3="X-Ovh-Timestamp: $_ovh_t"
  259. export _H4="X-Ovh-Consumer: $OVH_CK"
  260. export _H5="Content-Type: application/json;charset=utf-8"
  261. if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
  262. _debug data "$data"
  263. response="$(_post "$data" "$_ovh_url" "" "$m")"
  264. else
  265. response="$(_get "$_ovh_url")"
  266. fi
  267. if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
  268. _err "error $response"
  269. return 1
  270. fi
  271. _debug2 response "$response"
  272. return 0
  273. }