@ -4,10 +4,13 @@
#https://docs.opnsense.org/development/api.html
#
#OPNs_Host="opnsense.example.com"
#OPNs_Port="443" (optional, defaults to 443 if unset)
#OPNs_Port="443"
# optional, defaults to 443 if unset
#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
#OPNs_Api_Insecure=0 (optional, defaults to 0 if unset) # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
#OPNs_Api_Insecure=0
# optional, defaults to 0 if unset
# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
@ -44,15 +47,16 @@ dns_opnsense_rm() {
}
set_record( ) {
_info "Adding record"
fulldomain = $1
new_challenge = $2
_info " Adding record $fulldomain with challenge: $new_challenge "
_debug "Detect root zone"
if ! _get_root " $fulldomain " ; then
_err "invalid domain"
return 1
fi
_debug _domain " $_domain "
_debug _host " $_host "
_debug _domainid " $_domainid "
@ -81,7 +85,7 @@ set_record() {
_opns_rest "POST" "/service/reconfigure" "{}"
_debug "Record created"
else
_err " Error create ing record $_record_string "
_err " Error creating record $_record_string "
return 1
fi
@ -89,9 +93,9 @@ set_record() {
}
rm_record( ) {
_info "Remove record"
fulldomain = $1
new_challenge = " $2 "
_info " Remove record $fulldomain with challenge: $new_challenge "
_debug "Detect root zone"
if ! _get_root " $fulldomain " ; then
@ -110,11 +114,11 @@ rm_record() {
_opns_rest "POST" "/service/reconfigure" "{}"
_debug "Record deleted"
else
_err " Error delt eting record $fulldomain "
_err " Error deleting record $host from domain $fulldomain "
return 1
fi
else
_err " Error delt eting record $fulldomain "
_err " Error deleting record $host from domain $fulldomain "
return 1
fi
else
@ -173,6 +177,7 @@ _opns_rest() {
opnsense_url = " https:// ${ key } : ${ token } @ ${ OPNs_Host } : ${ OPNs_Port :- $OPNs_DefaultPort } /api/bind ${ ep } "
export _H1 = "Content-Type: application/json"
_debug2 " Try to call api: https:// ${ OPNs_Host } : ${ OPNs_Port :- $OPNs_DefaultPort } /api/bind ${ ep } "
if [ ! " $method " = "GET" ] ; then
_debug data " $data "
export _H1 = "Content-Type: application/json"
@ -227,7 +232,7 @@ _opns_check_auth() {
_saveaccountconf_mutable OPNs_Host " $OPNs_Host "
fi
if ! printf '%s' " $OPNs_Port " | grep -q '^[0-9]*$' ; then
if ! printf '%s' " $OPNs_Port " | grep '^[0-9]*$' >/dev/null ; then
_err 'OPNs_Port specified but not numeric value'
return 1
elif [ -z " $OPNs_Port " ] ; then
@ -236,7 +241,7 @@ _opns_check_auth() {
_saveaccountconf_mutable OPNs_Port " $OPNs_Port "
fi
if ! printf '%s' " $OPNs_Api_Insecure " | grep -q '^[01]$' ; then
if ! printf '%s' " $OPNs_Api_Insecure " | grep '^[01]$' >/dev/null ; then
_err 'OPNs_Api_Insecure specified but not 0/1 value'
return 1
elif [ -n " $OPNs_Api_Insecure " ] ; then
@ -245,23 +250,23 @@ _opns_check_auth() {
export HTTPS_INSECURE = " ${ OPNs_Api_Insecure :- $OPNs_DefaultApi_Insecure } "
if [ -z " $OPNs_Key " ] ; then
_err "You don't specify OPNsense api key id."
_err "Please set you OPNs_Key and try again."
_err "you have not specified your OPNsense api key id."
_err "Please set OPNs_Key and try again."
return 1
else
_saveaccountconf_mutable OPNs_Key " $OPNs_Key "
fi
if [ -z " $OPNs_Token " ] ; then
_err "You don't specify OPNsense token."
_err "Please create you OPNs_Token and try again."
_err "you have not specified your OPNsense token."
_err "Please create OPNs_Token and try again."
return 1
else
_saveaccountconf_mutable OPNs_Token " $OPNs_Token "
fi
if ! _opns_rest "GET" "/general/get" ; then
_err "Can't Access OPNsense "
_err "Call to OPNsense API interface failed. Unable to access OPNsense API. "
return 1
fi
return 0
Jesai Langenbach
5 years ago