You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

235 lines
5.6 KiB

8 years ago
1 month ago
1 month ago
  1. #!/usr/bin/env sh
  2. # shellcheck disable=SC2034
  3. dns_pdns_info='PowerDNS Server API
  4. Site: PowerDNS.com
  5. Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_pdns
  6. Options:
  7. PDNS_Url API URL. E.g. "http://ns.example.com:8081"
  8. PDNS_ServerId Server ID. E.g. "localhost"
  9. PDNS_Token API Token
  10. PDNS_Ttl=60 Domain TTL. Default: "60".
  11. '
  12. DEFAULT_PDNS_TTL=60
  13. ######## Public functions #####################
  14. #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
  15. #fulldomain
  16. #txtvalue
  17. dns_pdns_add() {
  18. fulldomain=$1
  19. txtvalue=$2
  20. if [ -z "$PDNS_Url" ]; then
  21. PDNS_Url=""
  22. _err "You don't specify PowerDNS address."
  23. _err "Please set PDNS_Url and try again."
  24. return 1
  25. fi
  26. if [ -z "$PDNS_ServerId" ]; then
  27. PDNS_ServerId=""
  28. _err "You don't specify PowerDNS server id."
  29. _err "Please set you PDNS_ServerId and try again."
  30. return 1
  31. fi
  32. if [ -z "$PDNS_Token" ]; then
  33. PDNS_Token=""
  34. _err "You don't specify PowerDNS token."
  35. _err "Please create you PDNS_Token and try again."
  36. return 1
  37. fi
  38. if [ -z "$PDNS_Ttl" ]; then
  39. PDNS_Ttl="$DEFAULT_PDNS_TTL"
  40. fi
  41. #save the api addr and key to the account conf file.
  42. _saveaccountconf PDNS_Url "$PDNS_Url"
  43. _saveaccountconf PDNS_ServerId "$PDNS_ServerId"
  44. _saveaccountconf PDNS_Token "$PDNS_Token"
  45. if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then
  46. _saveaccountconf PDNS_Ttl "$PDNS_Ttl"
  47. fi
  48. _debug "Detect root zone"
  49. if ! _get_root "$fulldomain"; then
  50. _err "invalid domain"
  51. return 1
  52. fi
  53. _debug _domain "$_domain"
  54. if ! set_record "$_domain" "$fulldomain" "$txtvalue"; then
  55. return 1
  56. fi
  57. return 0
  58. }
  59. #fulldomain
  60. dns_pdns_rm() {
  61. fulldomain=$1
  62. txtvalue=$2
  63. if [ -z "$PDNS_Ttl" ]; then
  64. PDNS_Ttl="$DEFAULT_PDNS_TTL"
  65. fi
  66. _debug "Detect root zone"
  67. if ! _get_root "$fulldomain"; then
  68. _err "invalid domain"
  69. return 1
  70. fi
  71. _debug _domain "$_domain"
  72. if ! rm_record "$_domain" "$fulldomain" "$txtvalue"; then
  73. return 1
  74. fi
  75. return 0
  76. }
  77. set_record() {
  78. _info "Adding record"
  79. root=$1
  80. full=$2
  81. new_challenge=$3
  82. _record_string=""
  83. _build_record_string "$new_challenge"
  84. _list_existingchallenges
  85. for oldchallenge in $_existing_challenges; do
  86. _build_record_string "$oldchallenge"
  87. done
  88. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
  89. _err "Set txt record error."
  90. return 1
  91. fi
  92. if ! notify_slaves "$root"; then
  93. return 1
  94. fi
  95. return 0
  96. }
  97. rm_record() {
  98. _info "Remove record"
  99. root=$1
  100. full=$2
  101. txtvalue=$3
  102. #Enumerate existing acme challenges
  103. _list_existingchallenges
  104. if _contains "$_existing_challenges" "$txtvalue"; then
  105. #Delete all challenges (PowerDNS API does not allow to delete content)
  106. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}" "application/json"; then
  107. _err "Delete txt record error."
  108. return 1
  109. fi
  110. _record_string=""
  111. #If the only existing challenge was the challenge to delete: nothing to do
  112. if ! [ "$_existing_challenges" = "$txtvalue" ]; then
  113. for oldchallenge in $_existing_challenges; do
  114. #Build up the challenges to re-add, ommitting the one what should be deleted
  115. if ! [ "$oldchallenge" = "$txtvalue" ]; then
  116. _build_record_string "$oldchallenge"
  117. fi
  118. done
  119. #Recreate the existing challenges
  120. if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
  121. _err "Set txt record error."
  122. return 1
  123. fi
  124. fi
  125. if ! notify_slaves "$root"; then
  126. return 1
  127. fi
  128. else
  129. _info "Record not found, nothing to remove"
  130. fi
  131. return 0
  132. }
  133. notify_slaves() {
  134. root=$1
  135. if ! _pdns_rest "PUT" "/api/v1/servers/$PDNS_ServerId/zones/$root/notify"; then
  136. _err "Notify slaves error."
  137. return 1
  138. fi
  139. return 0
  140. }
  141. #################### Private functions below ##################################
  142. #_acme-challenge.www.domain.com
  143. #returns
  144. # _domain=domain.com
  145. _get_root() {
  146. domain=$1
  147. i=1
  148. if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
  149. _zones_response=$(echo "$response" | _normalizeJson)
  150. fi
  151. while true; do
  152. h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
  153. if _contains "$_zones_response" "\"name\":\"$h.\""; then
  154. _domain="$h."
  155. if [ -z "$h" ]; then
  156. _domain="=2E"
  157. fi
  158. return 0
  159. fi
  160. if [ -z "$h" ]; then
  161. return 1
  162. fi
  163. i=$(_math "$i" + 1)
  164. done
  165. _debug "$domain not found"
  166. return 1
  167. }
  168. _pdns_rest() {
  169. method=$1
  170. ep=$2
  171. data=$3
  172. ct=$4
  173. export _H1="X-API-Key: $PDNS_Token"
  174. if [ ! "$method" = "GET" ]; then
  175. _debug data "$data"
  176. response="$(_post "$data" "$PDNS_Url$ep" "" "$method" "$ct")"
  177. else
  178. response="$(_get "$PDNS_Url$ep")"
  179. fi
  180. if [ "$?" != "0" ]; then
  181. _err "error $ep"
  182. return 1
  183. fi
  184. _debug2 response "$response"
  185. return 0
  186. }
  187. _build_record_string() {
  188. _record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}"
  189. }
  190. _list_existingchallenges() {
  191. _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones/$root"
  192. _existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p')
  193. }