Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2966 Commits
9 Branches
44 Tags
32 MiB
Tree: f500c7abcb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f500c7abcb'
${ noResults }
acme.sh/dnsapi/dns_miab.sh

273 lines
9.0 KiB
Raw Normal View History

dnsapi/dns_miab.sh MIAB DNS-01 Validation Know I'm new to contorting to this project. I i've broke conventions please let me know what I've screwed up and I'll set it right as quickly as possible. Propose this as a new DNS-01 validation script to dynamically add challenge DNS records to MailinaBox (MIAB) DNS. MIAB uses a custom DNS API to manage external DNS records. The script was originally written by Darven Dissek and can be found in his repository: https://framagit.org/DarvenDissek/acme.sh-MIAB-DNS-API/). This has been forked and some slight cleanup applied and change shebang to UNIx shell. The forked repository can be found here: https://github.com/billgertz/MIAB_dns_api. Wrote to Darven but received no reply. Support for this script has been submitted to the OPNsense project via this pull request: https://github.com/opnsense/plugins/pull/1531
5 years ago
  1. #!/usr/bin/env sh
  3. #Name: dns_miab.sh
  4. #
  5. #Authors:
  6. # Darven Dissek 2018
  7. # William Gertz 2019
  8. #
  9. # Thanks to Neil Pang for the code reused from acme.sh from HTTP-01 validation
  10. # used to communicate with the MailintheBox Custom DNS API
  11. #Report Bugs here:
  12. # https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh)
  13. # https://github.com/Neilpang/acme.sh (for acme.sh)
  14. #
  15. ######## Public functions #####################
  17. #Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  18. dns_miab_add() {
  19. fulldomain=$1
  20. txtvalue=$2
  21. _info "Using miab"
  22. _debug fulldomain "$fulldomain"
  23. _debug txtvalue "$txtvalue"
  25. MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}"
  26. MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}"
  27. MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}"
  29. #debug log the environmental variables
  30. _debug MIAB_Username "$MIAB_Username"
  31. _debug MIAB_Password "$MIAB_Password"
  32. _debug MIAB_Server "$MIAB_Server"
  34. if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
  35. MIAB_Username=""
  36. MIAB_Password=""
  37. MIAB_Server=""
  38. _err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server."
  39. _err "Please try again."
  40. return 1
  41. fi
  43. #save the credentials to the account conf file.
  44. _saveaccountconf_mutable MIAB_Username "$MIAB_Username"
  45. _saveaccountconf_mutable MIAB_Password "$MIAB_Password"
  46. _saveaccountconf_mutable MIAB_Server "$MIAB_Server"
  48. baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt"
  50. #Add the challenge record
  51. result="$(_miab_post "$txtvalue" "$baseurl" "" "POST" "" "$MIAB_Username" "$MIAB_Password")"
  53. _debug result "$result"
  55. #check if result was good
  56. if _contains "$result" "updated DNS"; then
  57. _info "Successfully created the txt record"
  58. return 0
  59. else
  60. _err "Error encountered during record addition"
  61. _err "$result"
  62. return 1
  63. fi
  65. }
  67. #Usage: fulldomain txtvalue
  68. #Remove the txt record after validation.
  69. dns_miab_rm() {
  70. fulldomain=$1
  71. txtvalue=$2
  72. _info "Using miab"
  73. _debug fulldomain "$fulldomain"
  74. _debug txtvalue "$txtvalue"
  76. MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}"
  77. MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}"
  78. MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}"
  80. #debug log the environmental variables
  81. _debug MIAB_Username "$MIAB_Username"
  82. _debug MIAB_Password "$MIAB_Password"
  83. _debug MIAB_Server "$MIAB_Server"
  85. if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
  86. MIAB_Username=""
  87. MIAB_Password=""
  88. MIAB_Server=""
  89. _err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server."
  90. _err "Please try again."
  91. return 1
  92. fi
  94. #save the credentials to the account conf file.
  95. _saveaccountconf_mutable MIAB_Username "$MIAB_Username"
  96. _saveaccountconf_mutable MIAB_Password "$MIAB_Password"
  97. _saveaccountconf_mutable MIAB_Server "$MIAB_Server"
  99. baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt"
  101. #Remove the challenge record
  102. result="$(_miab_post "$txtvalue" "$baseurl" "" "DELETE" "" "$MIAB_Username" "$MIAB_Password")"
  104. _debug result $result
  106. #check if result was good
  107. if _contains "$result" "updated DNS"; then
  108. _info "Successfully created the txt record"
  109. return 0
  110. else
  111. _err "Error encountered during record addition"
  112. _err "$result"
  113. return 1
  114. fi
  115. }
  117. #################### Private functions below ##################################
  118. #_acme-challenge.www.domain.com
  119. #returns
  120. # _sub_domain=_acme-challenge.www
  121. # _domain=domain.com
  122. # _domain_id=sdjkglgdfewsdfg
  123. _get_root() {
  124. domain=$1
  125. i=2
  126. p=1
  128. while true; do
  129. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  130. _debug h "$h"
  131. if [ -z "$h" ]; then
  132. #not valid
  133. return 1
  134. fi
  136. if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
  137. _domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
  139. if [ "$_domain_id" ]; then
  140. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  141. _domain=$h
  142. return 0
  143. fi
  145. return 1
  146. fi
  148. p=$i
  149. i=$(_math "$i" + 1)
  150. done
  152. return 1
  153. }
  155. # post changes to MIAB dns (taken from acme.sh)
  156. _miab_post() {
  157. body="$1"
  158. _post_url="$2"
  159. needbase64="$3"
  160. httpmethod="$4"
  161. _postContentType="$5"
  162. username="$6"
  163. password="$7"
  165. if [ -z "$httpmethod" ]; then
  166. httpmethod="POST"
  167. fi
  169. _debug $httpmethod
  170. _debug "_post_url" "$_post_url"
  171. _debug2 "body" "$body"
  172. _debug2 "_postContentType" "$_postContentType"
  174. _inithttp
  176. if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
  177. _CURL="$_ACME_CURL"
  179. if [ "$HTTPS_INSECURE" ]; then
  180. _CURL="$_CURL --insecure "
  181. fi
  183. _debug "_CURL" "$_CURL"
  185. if [ "$needbase64" ]; then
  186. if [ "$_postContentType" ]; then
  187. response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
  188. else
  189. response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
  190. fi
  191. else
  192. if [ "$_postContentType" ]; then
  193. response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
  194. else
  195. response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
  196. fi
  197. fi
  199. _ret="$?"
  201. if [ "$_ret" != "0" ]; then
  202. _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
  203. if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
  204. _err "Here is the curl dump log:"
  205. _err "$(cat "$_CURL_DUMP")"
  206. fi
  207. fi
  209. elif [ "$_ACME_WGET" ]; then
  210. _WGET="$_ACME_WGET"
  212. if [ "$HTTPS_INSECURE" ]; then
  213. _WGET="$_WGET --no-check-certificate "
  214. fi
  216. _debug "_WGET" "$_WGET"
  218. if [ "$needbase64" ]; then
  220. if [ "$httpmethod" = "POST" ]; then
  221. if [ "$_postContentType" ]; then
  222. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
  223. else
  224. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
  225. fi
  226. else
  227. if [ "$_postContentType" ]; then
  228. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
  229. else
  230. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
  231. fi
  232. fi
  234. else
  236. if [ "$httpmethod" = "POST" ]; then
  237. if [ "$_postContentType" ]; then
  238. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
  239. else
  240. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
  241. fi
  242. else
  243. if [ "$_postContentType" ]; then
  244. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
  245. else
  246. response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
  247. fi
  248. fi
  250. fi
  252. _ret="$?"
  254. if [ "$_ret" = "8" ]; then
  255. _ret=0
  256. _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
  257. fi
  259. if [ "$_ret" != "0" ]; then
  260. _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
  261. fi
  263. _sed_i "s/^ *//g" "$HTTP_HEADER"
  265. else
  266. _ret="$?"
  267. _err "Neither curl nor wget was found, cannot do $httpmethod."
  268. fi
  270. _debug "_ret" "$_ret"
  271. printf "%s" "$response"
  272. return $_ret
  273. }