You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

329 lines
8.1 KiB

4 years ago
4 years ago
4 years ago
4 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
1 month ago
3 years ago
1 month ago
7 years ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_ovh_info='OVH.com
  4. Domains: kimsufi.com soyoustart.com
  5. Site: OVH.com
  6. Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api
  7. Options:
  8. OVH_END_POINT Endpoint. "ovh-eu", "ovh-us", "ovh-ca", "kimsufi-eu", "kimsufi-ca", "soyoustart-eu", "soyoustart-ca" or raw URL. Default: "ovh-eu".
  9. OVH_AK Application Key
  10. OVH_AS Application Secret
  11. OVH_CK Consumer Key
  12. '
  13. #OVH_END_POINT=ovh-eu
  14. #'ovh-eu'
  15. OVH_EU='https://eu.api.ovh.com/1.0'
  16. #'ovh-us'
  17. OVH_US='https://api.us.ovhcloud.com/1.0'
  18. #'ovh-ca':
  19. OVH_CA='https://ca.api.ovh.com/1.0'
  20. #'kimsufi-eu'
  21. KSF_EU='https://eu.api.kimsufi.com/1.0'
  22. #'kimsufi-ca'
  23. KSF_CA='https://ca.api.kimsufi.com/1.0'
  24. #'soyoustart-eu'
  25. SYS_EU='https://eu.api.soyoustart.com/1.0'
  26. #'soyoustart-ca'
  27. SYS_CA='https://ca.api.soyoustart.com/1.0'
  28. wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
  29. ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
  30. _ovh_get_api() {
  31. _ogaep="$1"
  32. case "${_ogaep}" in
  33. ovh-eu | ovheu)
  34. printf "%s" $OVH_EU
  35. return
  36. ;;
  37. ovh-us | ovhus)
  38. printf "%s" $OVH_US
  39. return
  40. ;;
  41. ovh-ca | ovhca)
  42. printf "%s" $OVH_CA
  43. return
  44. ;;
  45. kimsufi-eu | kimsufieu)
  46. printf "%s" $KSF_EU
  47. return
  48. ;;
  49. kimsufi-ca | kimsufica)
  50. printf "%s" $KSF_CA
  51. return
  52. ;;
  53. soyoustart-eu | soyoustarteu)
  54. printf "%s" $SYS_EU
  55. return
  56. ;;
  57. soyoustart-ca | soyoustartca)
  58. printf "%s" $SYS_CA
  59. return
  60. ;;
  61. # raw API url starts with https://
  62. https*)
  63. printf "%s" "$1"
  64. return
  65. ;;
  66. *)
  67. _err "Unknown endpoint : $1"
  68. return 1
  69. ;;
  70. esac
  71. }
  72. _initAuth() {
  73. OVH_AK="${OVH_AK:-$(_readaccountconf_mutable OVH_AK)}"
  74. OVH_AS="${OVH_AS:-$(_readaccountconf_mutable OVH_AS)}"
  75. if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
  76. OVH_AK=""
  77. OVH_AS=""
  78. _err "You don't specify OVH application key and application secret yet."
  79. _err "Please create you key and try again."
  80. return 1
  81. fi
  82. if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then
  83. _info "It seems that your ovh key is changed, let's clear consumer key first."
  84. _clearaccountconf_mutable OVH_CK
  85. fi
  86. _saveaccountconf_mutable OVH_AK "$OVH_AK"
  87. _saveaccountconf_mutable OVH_AS "$OVH_AS"
  88. OVH_END_POINT="${OVH_END_POINT:-$(_readaccountconf_mutable OVH_END_POINT)}"
  89. if [ -z "$OVH_END_POINT" ]; then
  90. OVH_END_POINT="ovh-eu"
  91. fi
  92. _info "Using OVH endpoint: $OVH_END_POINT"
  93. if [ "$OVH_END_POINT" != "ovh-eu" ]; then
  94. _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT"
  95. fi
  96. OVH_API="$(_ovh_get_api $OVH_END_POINT)"
  97. _debug OVH_API "$OVH_API"
  98. OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}"
  99. if [ -z "$OVH_CK" ]; then
  100. _info "OVH consumer key is empty, Let's get one:"
  101. if ! _ovh_authentication; then
  102. _err "Can not get consumer key."
  103. fi
  104. #return and wait for retry.
  105. return 1
  106. fi
  107. _saveaccountconf_mutable OVH_CK "$OVH_CK"
  108. _info "Checking authentication"
  109. if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then
  110. _err "The consumer key is invalid: $OVH_CK"
  111. _err "Please retry to create a new one."
  112. _clearaccountconf_mutable OVH_CK
  113. return 1
  114. fi
  115. _info "Consumer key is ok."
  116. return 0
  117. }
  118. ######## Public functions #####################
  119. #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  120. dns_ovh_add() {
  121. fulldomain=$1
  122. txtvalue=$2
  123. if ! _initAuth; then
  124. return 1
  125. fi
  126. _debug "First detect the root zone"
  127. if ! _get_root "$fulldomain"; then
  128. _err "invalid domain"
  129. return 1
  130. fi
  131. _debug _sub_domain "$_sub_domain"
  132. _debug _domain "$_domain"
  133. _info "Adding record"
  134. if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
  135. if _contains "$response" "$txtvalue"; then
  136. _ovh_rest POST "domain/zone/$_domain/refresh"
  137. _debug "Refresh:$response"
  138. _info "Added, sleep 10 seconds."
  139. _sleep 10
  140. return 0
  141. fi
  142. fi
  143. _err "Add txt record error."
  144. return 1
  145. }
  146. #fulldomain
  147. dns_ovh_rm() {
  148. fulldomain=$1
  149. txtvalue=$2
  150. if ! _initAuth; then
  151. return 1
  152. fi
  153. _debug "First detect the root zone"
  154. if ! _get_root "$fulldomain"; then
  155. _err "invalid domain"
  156. return 1
  157. fi
  158. _debug _sub_domain "$_sub_domain"
  159. _debug _domain "$_domain"
  160. _debug "Getting txt records"
  161. if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
  162. return 1
  163. fi
  164. for rid in $(echo "$response" | tr '][,' ' '); do
  165. _debug rid "$rid"
  166. if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
  167. return 1
  168. fi
  169. if _contains "$response" "\"target\":\"$txtvalue\""; then
  170. _debug "Found txt id:$rid"
  171. if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
  172. return 1
  173. fi
  174. _ovh_rest POST "domain/zone/$_domain/refresh"
  175. _debug "Refresh:$response"
  176. return 0
  177. fi
  178. done
  179. return 1
  180. }
  181. #################### Private functions below ##################################
  182. _ovh_authentication() {
  183. _H1="X-Ovh-Application: $OVH_AK"
  184. _H2="Content-type: application/json"
  185. _H3=""
  186. _H4=""
  187. _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
  188. response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
  189. _debug3 response "$response"
  190. validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
  191. if [ -z "$validationUrl" ]; then
  192. _err "Unable to get validationUrl"
  193. return 1
  194. fi
  195. _debug validationUrl "$validationUrl"
  196. consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
  197. if [ -z "$consumerKey" ]; then
  198. _err "Unable to get consumerKey"
  199. return 1
  200. fi
  201. _secure_debug consumerKey "$consumerKey"
  202. OVH_CK="$consumerKey"
  203. _saveaccountconf_mutable OVH_CK "$OVH_CK"
  204. _info "Please open this link to do authentication: $(__green "$validationUrl")"
  205. _info "Here is a guide for you: $(__green "$wiki")"
  206. _info "Please retry after the authentication is done."
  207. }
  208. #_acme-challenge.www.domain.com
  209. #returns
  210. # _sub_domain=_acme-challenge.www
  211. # _domain=domain.com
  212. _get_root() {
  213. domain=$1
  214. i=1
  215. p=1
  216. while true; do
  217. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  218. if [ -z "$h" ]; then
  219. #not valid
  220. return 1
  221. fi
  222. if ! _ovh_rest GET "domain/zone/$h"; then
  223. return 1
  224. fi
  225. if ! _contains "$response" "This service does not exist" >/dev/null &&
  226. ! _contains "$response" "This call has not been granted" >/dev/null &&
  227. ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
  228. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
  229. _domain="$h"
  230. return 0
  231. fi
  232. p=$i
  233. i=$(_math "$i" + 1)
  234. done
  235. return 1
  236. }
  237. _ovh_timestamp() {
  238. _H1=""
  239. _H2=""
  240. _H3=""
  241. _H4=""
  242. _H5=""
  243. _get "$OVH_API/auth/time" "" 30
  244. }
  245. _ovh_rest() {
  246. m=$1
  247. ep="$2"
  248. data="$3"
  249. _debug "$ep"
  250. _ovh_url="$OVH_API/$ep"
  251. _debug2 _ovh_url "$_ovh_url"
  252. _ovh_t="$(_ovh_timestamp)"
  253. _debug2 _ovh_t "$_ovh_t"
  254. _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
  255. _secure_debug _ovh_p "$_ovh_p"
  256. _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
  257. _debug2 _ovh_hex "$_ovh_hex"
  258. export _H1="X-Ovh-Application: $OVH_AK"
  259. export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
  260. _debug2 _H2 "$_H2"
  261. export _H3="X-Ovh-Timestamp: $_ovh_t"
  262. export _H4="X-Ovh-Consumer: $OVH_CK"
  263. export _H5="Content-Type: application/json;charset=utf-8"
  264. if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
  265. _debug data "$data"
  266. response="$(_post "$data" "$_ovh_url" "" "$m")"
  267. else
  268. response="$(_get "$_ovh_url")"
  269. fi
  270. if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
  271. _err "error $response"
  272. return 1
  273. fi
  274. _debug2 response "$response"
  275. return 0
  276. }