wangdachui
5 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
104 changed files with 8582 additions and 1681 deletions
-
12.github/FUNDING.yml
-
6.github/ISSUE_TEMPLATE.md
-
2.github/PULL_REQUEST_TEMPLATE.md
-
40.github/auto-comment.yml
-
99.github/workflows/LetsEncrypt.yml
-
39.github/workflows/PebbleStrict.yml
-
66.github/workflows/dockerhub.yml
-
33.github/workflows/shellcheck.yml
-
38.travis.yml
-
8Dockerfile
-
149README.md
-
2644acme.sh
-
2deploy/README.md
-
4deploy/docker.sh
-
4deploy/exim4.sh
-
8deploy/gcore_cdn.sh
-
51deploy/haproxy.sh
-
4deploy/kong.sh
-
262deploy/openstack.sh
-
139deploy/panos.sh
-
34deploy/qiniu.sh
-
26deploy/routeros.sh
-
149deploy/ssh.sh
-
152deploy/synology_dsm.sh
-
6deploy/vault_cli.sh
-
6deploy/vsftpd.sh
-
2dnsapi/README.md
-
254dnsapi/dns_1984hosting.sh
-
3dnsapi/dns_ali.sh
-
163dnsapi/dns_arvan.sh
-
49dnsapi/dns_aws.sh
-
6dnsapi/dns_azure.sh
-
40dnsapi/dns_cf.sh
-
197dnsapi/dns_clouddns.sh
-
6dnsapi/dns_cloudns.sh
-
6dnsapi/dns_conoha.sh
-
141dnsapi/dns_constellix.sh
-
34dnsapi/dns_cyon.sh
-
36dnsapi/dns_da.sh
-
4dnsapi/dns_ddnss.sh
-
65dnsapi/dns_df.sh
-
10dnsapi/dns_dgon.sh
-
24dnsapi/dns_do.sh
-
6dnsapi/dns_doapi.sh
-
155dnsapi/dns_domeneshop.sh
-
14dnsapi/dns_dp.sh
-
7dnsapi/dns_duckdns.sh
-
10dnsapi/dns_durabledns.sh
-
4dnsapi/dns_dynu.sh
-
285dnsapi/dns_dynv6.sh
-
171dnsapi/dns_easydns.sh
-
2dnsapi/dns_euserv.sh
-
22dnsapi/dns_freedns.sh
-
16dnsapi/dns_gandi_livedns.sh
-
14dnsapi/dns_gcloud.sh
-
2dnsapi/dns_gd.sh
-
11dnsapi/dns_gdnsdk.sh
-
6dnsapi/dns_he.sh
-
252dnsapi/dns_hetzner.sh
-
8dnsapi/dns_hexonet.sh
-
84dnsapi/dns_inwx.sh
-
74dnsapi/dns_ispconfig.sh
-
129dnsapi/dns_joker.sh
-
150dnsapi/dns_kappernet.sh
-
168dnsapi/dns_kas.sh
-
2dnsapi/dns_kinghost.sh
-
149dnsapi/dns_leaseweb.sh
-
16dnsapi/dns_lexicon.sh
-
13dnsapi/dns_linode_v4.sh
-
2dnsapi/dns_loopia.sh
-
4dnsapi/dns_me.sh
-
210dnsapi/dns_miab.sh
-
159dnsapi/dns_misaka.sh
-
4dnsapi/dns_myapi.sh
-
6dnsapi/dns_namecheap.sh
-
2dnsapi/dns_namesilo.sh
-
162dnsapi/dns_netlify.sh
-
205dnsapi/dns_nic.sh
-
168dnsapi/dns_njalla.sh
-
88dnsapi/dns_nm.sh
-
4dnsapi/dns_nsupdate.sh
-
168dnsapi/dns_one.sh
-
21dnsapi/dns_openprovider.sh
-
348dnsapi/dns_openstack.sh
-
273dnsapi/dns_opnsense.sh
-
72dnsapi/dns_ovh.sh
-
417dnsapi/dns_pleskxml.sh
-
4dnsapi/dns_rackspace.sh
-
224dnsapi/dns_rcode0.sh
-
73dnsapi/dns_regru.sh
-
2dnsapi/dns_servercow.sh
-
162dnsapi/dns_transip.sh
-
10dnsapi/dns_unoeuro.sh
-
147dnsapi/dns_variomedia.sh
-
2dnsapi/dns_vscale.sh
-
10dnsapi/dns_vultr.sh
-
126dnsapi/dns_yandex.sh
-
4dnsapi/dns_zone.sh
-
64notify/cqhttp.sh
-
68notify/dingtalk.sh
@ -0,0 +1,12 @@ |
|||
# These are supported funding model platforms |
|||
|
|||
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] |
|||
patreon: # Replace with a single Patreon username |
|||
open_collective: acmesh |
|||
ko_fi: # Replace with a single Ko-fi username |
|||
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel |
|||
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry |
|||
liberapay: # Replace with a single Liberapay username |
|||
issuehunt: # Replace with a single IssueHunt username |
|||
otechie: # Replace with a single Otechie username |
|||
custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] |
|||
@ -0,0 +1,40 @@ |
|||
# Comment to a new issue. |
|||
issuesOpened: > |
|||
If this is a bug report, please upgrade to the latest code and try again: |
|||
|
|||
如果有 bug, 请先更新到最新版试试: |
|||
|
|||
``` |
|||
acme.sh --upgrade |
|||
``` |
|||
|
|||
please also provide the log with `--debug 2`. |
|||
|
|||
同时请提供调试输出 `--debug 2` |
|||
|
|||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh |
|||
|
|||
Without `--debug 2` log, your issue will NEVER get replied. |
|||
|
|||
没有调试输出, 你的 issue 不会得到任何解答. |
|||
|
|||
|
|||
pullRequestOpened: > |
|||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. |
|||
|
|||
If this is a PR to support new DNS API or new notification API, please read this guide first: |
|||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
Please check the guide items one by one. |
|||
|
|||
Then add your usage here: |
|||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi |
|||
|
|||
Or some other wiki pages: |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/notify |
|||
|
|||
|
|||
|
|||
@ -0,0 +1,99 @@ |
|||
name: LetsEncrypt |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
|
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "$NGROK_TOKEN" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Ubuntu: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Ubuntu |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: brew update && brew install socat; |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. |
|||
Le_HTTPPort: 8888 |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v2 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
run: | |
|||
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' |
|||
- name: Clone acmetest |
|||
shell: cmd |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: cmd |
|||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|||
|
|||
|
|||
@ -0,0 +1,39 @@ |
|||
name: PebbleStrict |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
|
|||
jobs: |
|||
PebbleStrict: |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TestingDomain: example.com |
|||
TestingAltDomains: www.example.com |
|||
ACME_DIRECTORY: https://localhost:14000/dir |
|||
HTTPS_INSECURE: 1 |
|||
Le_HTTPPort: 5002 |
|||
TEST_LOCAL: 1 |
|||
TEST_CA: "Pebble Intermediate CA" |
|||
|
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat |
|||
- name: Run Pebble |
|||
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d |
|||
- name: Set up Pebble |
|||
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && ./letest.sh |
|||
@ -0,0 +1,66 @@ |
|||
|
|||
name: Build DockerHub |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
tags: |
|||
- '*' |
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
env: |
|||
DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "$DOCKER_PASSWORD" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
build: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
steps: |
|||
- name: checkout code |
|||
uses: actions/checkout@v2 |
|||
- name: install buildx |
|||
id: buildx |
|||
uses: crazy-max/ghaction-docker-buildx@v3 |
|||
with: |
|||
buildx-version: latest |
|||
qemu-version: latest |
|||
- name: login to docker hub |
|||
run: | |
|||
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin |
|||
- name: build and push the image |
|||
run: | |
|||
DOCKER_IMAGE=neilpang/acme.sh |
|||
|
|||
if [[ $GITHUB_REF == refs/tags/* ]]; then |
|||
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/} |
|||
fi |
|||
|
|||
if [[ $GITHUB_REF == refs/heads/* ]]; then |
|||
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/} |
|||
|
|||
if [[ $DOCKER_IMAGE_TAG == master ]]; then |
|||
DOCKER_IMAGE_TAG=latest |
|||
AUTO_UPGRADE=1 |
|||
fi |
|||
fi |
|||
|
|||
docker buildx build \ |
|||
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \ |
|||
--output "type=image,push=true" \ |
|||
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \ |
|||
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 . |
|||
@ -0,0 +1,33 @@ |
|||
name: Shellcheck |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
|
|||
jobs: |
|||
ShellCheck: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install Shellcheck |
|||
run: sudo apt-get install -y shellcheck |
|||
- name: DoShellcheck |
|||
run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" |
|||
|
|||
shfmt: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install shfmt |
|||
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt |
|||
- name: shfmt |
|||
run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK" |
|||
@ -1,38 +0,0 @@ |
|||
language: shell |
|||
sudo: required |
|||
dist: trusty |
|||
|
|||
os: |
|||
- linux |
|||
- osx |
|||
|
|||
services: |
|||
- docker |
|||
|
|||
env: |
|||
global: |
|||
- SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64 |
|||
|
|||
|
|||
install: |
|||
- if [ "$TRAVIS_OS_NAME" = 'osx' ]; then |
|||
brew update && brew install socat; |
|||
export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ; |
|||
fi |
|||
|
|||
script: |
|||
- echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)" |
|||
- command -V openssl && openssl version |
|||
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi |
|||
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi |
|||
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi |
|||
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi |
|||
- cd .. |
|||
- git clone https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest |
|||
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi |
|||
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi |
|||
|
|||
matrix: |
|||
fast_finish: true |
|||
|
|||
|
|||
2644
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,262 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# OpenStack Barbican deploy hook |
|||
# |
|||
# This requires you to have OpenStackClient and python-barbicanclient |
|||
# installed. |
|||
# |
|||
# You will require Keystone V3 credentials loaded into your environment, which |
|||
# could be either password or v3applicationcredential type. |
|||
# |
|||
# Author: Andy Botting <andy@andybotting.com> |
|||
|
|||
openstack_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
if ! _exists openstack; then |
|||
_err "OpenStack client not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_openstack_credentials || return $? |
|||
|
|||
_info "Generate import pkcs12" |
|||
_import_pkcs12="$(_mktemp)" |
|||
if ! _openstack_to_pkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca"; then |
|||
_err "Error creating pkcs12 certificate" |
|||
return 1 |
|||
fi |
|||
_debug _import_pkcs12 "$_import_pkcs12" |
|||
_base64_pkcs12=$(_base64 "multiline" <"$_import_pkcs12") |
|||
|
|||
secretHrefs=$(_openstack_get_secrets) |
|||
_debug secretHrefs "$secretHrefs" |
|||
_openstack_store_secret || return $? |
|||
|
|||
if [ -n "$secretHrefs" ]; then |
|||
_info "Cleaning up existing secret" |
|||
_openstack_delete_secrets || return $? |
|||
fi |
|||
|
|||
_info "Certificate successfully deployed" |
|||
return 0 |
|||
} |
|||
|
|||
_openstack_store_secret() { |
|||
if ! openstack secret store --name "$_cdomain." -t 'application/octet-stream' -e base64 --payload "$_base64_pkcs12"; then |
|||
_err "Failed to create OpenStack secret" |
|||
return 1 |
|||
fi |
|||
return |
|||
} |
|||
|
|||
_openstack_delete_secrets() { |
|||
echo "$secretHrefs" | while read -r secretHref; do |
|||
_info "Deleting old secret $secretHref" |
|||
if ! openstack secret delete "$secretHref"; then |
|||
_err "Failed to delete OpenStack secret" |
|||
return 1 |
|||
fi |
|||
done |
|||
return |
|||
} |
|||
|
|||
_openstack_get_secrets() { |
|||
if ! secretHrefs=$(openstack secret list -f value --name "$_cdomain." | cut -d' ' -f1); then |
|||
_err "Failed to list secrets" |
|||
return 1 |
|||
fi |
|||
echo "$secretHrefs" |
|||
} |
|||
|
|||
_openstack_to_pkcs() { |
|||
# The existing _toPkcs command can't allow an empty password, due to sh |
|||
# -z test, so copied here and forcing the empty password. |
|||
_cpfx="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
|
|||
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" -password "pass:" |
|||
} |
|||
|
|||
_openstack_credentials() { |
|||
_debug "Check OpenStack credentials" |
|||
|
|||
# If we have OS_AUTH_URL already set in the environment, then assume we want |
|||
# to use those, otherwise use stored credentials |
|||
if [ -n "$OS_AUTH_URL" ]; then |
|||
_debug "OS_AUTH_URL env var found, using environment" |
|||
else |
|||
_debug "OS_AUTH_URL not found, loading stored credentials" |
|||
OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}" |
|||
OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}" |
|||
OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}" |
|||
OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}" |
|||
OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}" |
|||
OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}" |
|||
OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}" |
|||
OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}" |
|||
OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}" |
|||
OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}" |
|||
OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}" |
|||
OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}" |
|||
OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}" |
|||
fi |
|||
|
|||
# Check each var and either save or clear it depending on whether its set. |
|||
# The helps us clear out old vars in the case where a user may want |
|||
# to switch between password and app creds |
|||
_debug "OS_AUTH_URL" "$OS_AUTH_URL" |
|||
if [ -n "$OS_AUTH_URL" ]; then |
|||
export OS_AUTH_URL |
|||
_saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL" |
|||
else |
|||
unset OS_AUTH_URL |
|||
_clearaccountconf SAVED_OS_AUTH_URL |
|||
fi |
|||
|
|||
_debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION" |
|||
if [ -n "$OS_IDENTITY_API_VERSION" ]; then |
|||
export OS_IDENTITY_API_VERSION |
|||
_saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION" |
|||
else |
|||
unset OS_IDENTITY_API_VERSION |
|||
_clearaccountconf SAVED_OS_IDENTITY_API_VERSION |
|||
fi |
|||
|
|||
_debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE" |
|||
if [ -n "$OS_AUTH_TYPE" ]; then |
|||
export OS_AUTH_TYPE |
|||
_saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE" |
|||
else |
|||
unset OS_AUTH_TYPE |
|||
_clearaccountconf SAVED_OS_AUTH_TYPE |
|||
fi |
|||
|
|||
_debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID" |
|||
if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then |
|||
export OS_APPLICATION_CREDENTIAL_ID |
|||
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID" |
|||
else |
|||
unset OS_APPLICATION_CREDENTIAL_ID |
|||
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID |
|||
fi |
|||
|
|||
_secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET" |
|||
if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then |
|||
export OS_APPLICATION_CREDENTIAL_SECRET |
|||
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET" |
|||
else |
|||
unset OS_APPLICATION_CREDENTIAL_SECRET |
|||
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET |
|||
fi |
|||
|
|||
_debug "OS_USERNAME" "$OS_USERNAME" |
|||
if [ -n "$OS_USERNAME" ]; then |
|||
export OS_USERNAME |
|||
_saveaccountconf_mutable OS_USERNAME "$OS_USERNAME" |
|||
else |
|||
unset OS_USERNAME |
|||
_clearaccountconf SAVED_OS_USERNAME |
|||
fi |
|||
|
|||
_secure_debug "OS_PASSWORD" "$OS_PASSWORD" |
|||
if [ -n "$OS_PASSWORD" ]; then |
|||
export OS_PASSWORD |
|||
_saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD" |
|||
else |
|||
unset OS_PASSWORD |
|||
_clearaccountconf SAVED_OS_PASSWORD |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME" |
|||
if [ -n "$OS_PROJECT_NAME" ]; then |
|||
export OS_PROJECT_NAME |
|||
_saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME" |
|||
else |
|||
unset OS_PROJECT_NAME |
|||
_clearaccountconf SAVED_OS_PROJECT_NAME |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_ID" "$OS_PROJECT_ID" |
|||
if [ -n "$OS_PROJECT_ID" ]; then |
|||
export OS_PROJECT_ID |
|||
_saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID" |
|||
else |
|||
unset OS_PROJECT_ID |
|||
_clearaccountconf SAVED_OS_PROJECT_ID |
|||
fi |
|||
|
|||
_debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME" |
|||
if [ -n "$OS_USER_DOMAIN_NAME" ]; then |
|||
export OS_USER_DOMAIN_NAME |
|||
_saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME" |
|||
else |
|||
unset OS_USER_DOMAIN_NAME |
|||
_clearaccountconf SAVED_OS_USER_DOMAIN_NAME |
|||
fi |
|||
|
|||
_debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID" |
|||
if [ -n "$OS_USER_DOMAIN_ID" ]; then |
|||
export OS_USER_DOMAIN_ID |
|||
_saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID" |
|||
else |
|||
unset OS_USER_DOMAIN_ID |
|||
_clearaccountconf SAVED_OS_USER_DOMAIN_ID |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME" |
|||
if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then |
|||
export OS_PROJECT_DOMAIN_NAME |
|||
_saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME" |
|||
else |
|||
unset OS_PROJECT_DOMAIN_NAME |
|||
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID" |
|||
if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then |
|||
export OS_PROJECT_DOMAIN_ID |
|||
_saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID" |
|||
else |
|||
unset OS_PROJECT_DOMAIN_ID |
|||
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID |
|||
fi |
|||
|
|||
if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then |
|||
# Application Credential auth |
|||
if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then |
|||
_err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID" |
|||
_err "and OS_APPLICATION_CREDENTIAL_SECRET must be set." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
else |
|||
# Password auth |
|||
if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then |
|||
_err "OpenStack username or password not found." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then |
|||
_err "When using password authentication, OS_PROJECT_NAME or" |
|||
_err "OS_PROJECT_ID must be set." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,139 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to deploy certificates to Palo Alto Networks PANOS via API |
|||
# Note PANOS API KEY and IP address needs to be set prior to running. |
|||
# The following variables exported from environment will be used. |
|||
# If not set then values previously saved in domain.conf file are used. |
|||
# |
|||
# Firewall admin with superuser and IP address is required. |
|||
# |
|||
# export PANOS_USER="" # required |
|||
# export PANOS_PASS="" # required |
|||
# export PANOS_HOST="" # required |
|||
|
|||
# This function is to parse the XML |
|||
parse_response() { |
|||
type=$2 |
|||
if [ "$type" = 'keygen' ]; then |
|||
status=$(echo "$1" | sed 's/^.*\(['\'']\)\([a-z]*\)'\''.*/\2/g') |
|||
if [ "$status" = "success" ]; then |
|||
panos_key=$(echo "$1" | sed 's/^.*\(<key>\)\(.*\)<\/key>.*/\2/g') |
|||
_panos_key=$panos_key |
|||
else |
|||
message="PAN-OS Key could not be set." |
|||
fi |
|||
else |
|||
status=$(echo "$1" | sed 's/^.*"\([a-z]*\)".*/\1/g') |
|||
message=$(echo "$1" | sed 's/^.*<result>\(.*\)<\/result.*/\1/g') |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
deployer() { |
|||
content="" |
|||
type=$1 # Types are keygen, cert, key, commit |
|||
_debug "**** Deploying $type *****" |
|||
panos_url="https://$_panos_host/api/" |
|||
if [ "$type" = 'keygen' ]; then |
|||
_H1="Content-Type: application/x-www-form-urlencoded" |
|||
content="type=keygen&user=$_panos_user&password=$_panos_pass" |
|||
# content="$content${nl}--$delim${nl}Content-Disposition: form-data; type=\"keygen\"; user=\"$_panos_user\"; password=\"$_panos_pass\"${nl}Content-Type: application/octet-stream${nl}${nl}" |
|||
fi |
|||
|
|||
if [ "$type" = 'cert' ] || [ "$type" = 'key' ]; then |
|||
#Generate DEIM |
|||
delim="-----MultipartDelimiter$(date "+%s%N")" |
|||
nl="\015\012" |
|||
#Set Header |
|||
export _H1="Content-Type: multipart/form-data; boundary=$delim" |
|||
if [ "$type" = 'cert' ]; then |
|||
panos_url="${panos_url}?type=import" |
|||
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" |
|||
fi |
|||
if [ "$type" = 'key' ]; then |
|||
panos_url="${panos_url}?type=import" |
|||
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" |
|||
fi |
|||
#Close multipart |
|||
content="$content${nl}--$delim--${nl}${nl}" |
|||
#Convert CRLF |
|||
content=$(printf %b "$content") |
|||
fi |
|||
|
|||
if [ "$type" = 'commit' ]; then |
|||
export _H1="Content-Type: application/x-www-form-urlencoded" |
|||
cmd=$(printf "%s" "<commit><partial><$_panos_user></$_panos_user></partial></commit>" | _url_encode) |
|||
content="type=commit&key=$_panos_key&cmd=$cmd" |
|||
fi |
|||
response=$(_post "$content" "$panos_url" "" "POST") |
|||
parse_response "$response" "$type" |
|||
# Saving response to variables |
|||
response_status=$status |
|||
#DEBUG |
|||
_debug response_status "$response_status" |
|||
if [ "$response_status" = "success" ]; then |
|||
_debug "Successfully deployed $type" |
|||
return 0 |
|||
else |
|||
_err "Deploy of type $type failed. Try deploying with --debug to troubleshoot." |
|||
_debug "$message" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# This is the main function that will call the other functions to deploy everything. |
|||
panos_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_cfullchain="$5" |
|||
# PANOS ENV VAR check |
|||
if [ -z "$PANOS_USER" ] || [ -z "$PANOS_PASS" ] || [ -z "$PANOS_HOST" ]; then |
|||
_debug "No ENV variables found lets check for saved variables" |
|||
_getdeployconf PANOS_USER |
|||
_getdeployconf PANOS_PASS |
|||
_getdeployconf PANOS_HOST |
|||
_panos_user=$PANOS_USER |
|||
_panos_pass=$PANOS_PASS |
|||
_panos_host=$PANOS_HOST |
|||
if [ -z "$_panos_user" ] && [ -z "$_panos_pass" ] && [ -z "$_panos_host" ]; then |
|||
_err "No host, user and pass found.. If this is the first time deploying please set PANOS_HOST, PANOS_USER and PANOS_PASS in environment variables. Delete them after you have succesfully deployed certs." |
|||
return 1 |
|||
else |
|||
_debug "Using saved env variables." |
|||
fi |
|||
else |
|||
_debug "Detected ENV variables to be saved to the deploy conf." |
|||
# Encrypt and save user |
|||
_savedeployconf PANOS_USER "$PANOS_USER" 1 |
|||
_savedeployconf PANOS_PASS "$PANOS_PASS" 1 |
|||
_savedeployconf PANOS_HOST "$PANOS_HOST" 1 |
|||
_panos_user="$PANOS_USER" |
|||
_panos_pass="$PANOS_PASS" |
|||
_panos_host="$PANOS_HOST" |
|||
fi |
|||
_debug "Let's use username and pass to generate token." |
|||
if [ -z "$_panos_user" ] || [ -z "$_panos_pass" ] || [ -z "$_panos_host" ]; then |
|||
_err "Please pass username and password and host as env variables PANOS_USER, PANOS_PASS and PANOS_HOST" |
|||
return 1 |
|||
else |
|||
_debug "Getting PANOS KEY" |
|||
deployer keygen |
|||
if [ -z "$_panos_key" ]; then |
|||
_err "Missing apikey." |
|||
return 1 |
|||
else |
|||
deployer cert |
|||
deployer key |
|||
deployer commit |
|||
fi |
|||
fi |
|||
} |
|||
@ -0,0 +1,152 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a script to deploy cert to Synology DSM |
|||
# |
|||
# it requires the jq and curl are in the $PATH and the following |
|||
# environment variables must be set: |
|||
# |
|||
# SYNO_Username - Synology Username to login (must be an administrator) |
|||
# SYNO_Password - Synology Password to login |
|||
# SYNO_Certificate - Certificate description to target for replacement |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# SYNO_Scheme - defaults to http |
|||
# SYNO_Hostname - defaults to localhost |
|||
# SYNO_Port - defaults to 5000 |
|||
# SYNO_DID - device ID to skip OTP - defaults to empty |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
_syno_get_cookie_data() { |
|||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
|||
} |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
synology_dsm_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
|
|||
# Get Username and Password, but don't save until we successfully authenticate |
|||
_getdeployconf SYNO_Username |
|||
_getdeployconf SYNO_Password |
|||
_getdeployconf SYNO_Create |
|||
_getdeployconf SYNO_DID |
|||
if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then |
|||
_err "SYNO_Username & SYNO_Password must be set" |
|||
return 1 |
|||
fi |
|||
_debug2 SYNO_Username "$SYNO_Username" |
|||
_secure_debug2 SYNO_Password "$SYNO_Password" |
|||
|
|||
# Optional scheme, hostname, and port for Synology DSM |
|||
_getdeployconf SYNO_Scheme |
|||
_getdeployconf SYNO_Hostname |
|||
_getdeployconf SYNO_Port |
|||
|
|||
# default vaules for scheme, hostname, and port |
|||
# defaulting to localhost and http because it's localhost... |
|||
[ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http" |
|||
[ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost" |
|||
[ -n "${SYNO_Port}" ] || SYNO_Port="5000" |
|||
|
|||
_savedeployconf SYNO_Scheme "$SYNO_Scheme" |
|||
_savedeployconf SYNO_Hostname "$SYNO_Hostname" |
|||
_savedeployconf SYNO_Port "$SYNO_Port" |
|||
|
|||
_debug2 SYNO_Scheme "$SYNO_Scheme" |
|||
_debug2 SYNO_Hostname "$SYNO_Hostname" |
|||
_debug2 SYNO_Port "$SYNO_Port" |
|||
|
|||
# Get the certificate description, but don't save it until we verfiy it's real |
|||
_getdeployconf SYNO_Certificate |
|||
_debug SYNO_Certificate "${SYNO_Certificate:-}" |
|||
|
|||
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port" |
|||
_debug _base_url "$_base_url" |
|||
|
|||
# Login, get the token from JSON and session id from cookie |
|||
_info "Logging into $SYNO_Hostname:$SYNO_Port" |
|||
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" |
|||
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" |
|||
encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)" |
|||
response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1) |
|||
token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n") |
|||
_debug3 response "$response" |
|||
_debug token "$token" |
|||
|
|||
if [ -z "$token" ]; then |
|||
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." |
|||
_err "Check your username and password." |
|||
return 1 |
|||
fi |
|||
|
|||
_H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")" |
|||
_H2="X-SYNO-TOKEN: $token" |
|||
export _H1 |
|||
export _H2 |
|||
_debug2 H1 "${_H1}" |
|||
_debug2 H2 "${_H2}" |
|||
|
|||
# Now that we know the username and password are good, save them |
|||
_savedeployconf SYNO_Username "$SYNO_Username" |
|||
_savedeployconf SYNO_Password "$SYNO_Password" |
|||
_savedeployconf SYNO_DID "$SYNO_DID" |
|||
|
|||
_info "Getting certificates in Synology DSM" |
|||
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi") |
|||
_debug3 response "$response" |
|||
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p") |
|||
_debug2 id "$id" |
|||
|
|||
if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then |
|||
_err "Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set" |
|||
return 1 |
|||
fi |
|||
|
|||
# we've verified this certificate description is a thing, so save it |
|||
_savedeployconf SYNO_Certificate "$SYNO_Certificate" |
|||
|
|||
default=false |
|||
if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then |
|||
default=true |
|||
fi |
|||
_debug2 default "$default" |
|||
|
|||
_info "Generate form POST request" |
|||
nl="\0015\0012" |
|||
delim="--------------------------$(_utc_date | tr -d -- '-: ')" |
|||
content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}" |
|||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}" |
|||
content="$content${nl}--$delim--${nl}" |
|||
content="$(printf "%b_" "$content")" |
|||
content="${content%_}" # protect trailing \n |
|||
|
|||
_info "Upload certificate to the Synology DSM" |
|||
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}") |
|||
_debug3 response "$response" |
|||
|
|||
if ! echo "$response" | grep '"error":' >/dev/null; then |
|||
if echo "$response" | grep '"restart_httpd":true' >/dev/null; then |
|||
_info "http services were restarted" |
|||
else |
|||
_info "http services were NOT restarted" |
|||
fi |
|||
return 0 |
|||
else |
|||
_err "Unable to update certificate, error code $response" |
|||
return 1 |
|||
fi |
|||
} |
|||
@ -0,0 +1,254 @@ |
|||
#!/usr/bin/env sh |
|||
#This file name is "dns_1984hosting.sh" |
|||
#So, here must be a method dns_1984hosting_add() |
|||
#Which will be called by acme.sh to add the txt record to your api system. |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
#Author: Adrian Fedoreanu |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
# or here... https://github.com/acmesh-official/acme.sh/issues/2851 |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
# Export 1984HOSTING username and password in following variables |
|||
# |
|||
# One984HOSTING_Username=username |
|||
# One984HOSTING_Password=password |
|||
# |
|||
# sessionid cookie is saved in ~/.acme.sh/account.conf |
|||
# username/password need to be set only when changed. |
|||
|
|||
#Usage: dns_1984hosting_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_1984hosting_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Add TXT record using 1984Hosting" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
if ! _1984hosting_login; then |
|||
_err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_1984hosting_add_txt_record "$_domain" "$_sub_domain" "$txtvalue" |
|||
return $? |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_1984hosting_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Delete TXT record using 1984Hosting" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
if ! _1984hosting_login; then |
|||
_err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_1984hosting_delete_txt_record "$_domain" "$_sub_domain" |
|||
return $? |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
# usage _1984hosting_add_txt_record domain subdomain value |
|||
# returns 0 success |
|||
_1984hosting_add_txt_record() { |
|||
_debug "Add TXT record $1 with value '$3'" |
|||
domain="$1" |
|||
subdomain="$2" |
|||
value="$(printf '%s' "$3" | _url_encode)" |
|||
url="https://management.1984hosting.com/domains/entry/" |
|||
|
|||
postdata="entry=new" |
|||
postdata="$postdata&type=TXT" |
|||
postdata="$postdata&ttl=3600" |
|||
postdata="$postdata&zone=$domain" |
|||
postdata="$postdata&host=$subdomain" |
|||
postdata="$postdata&rdata=%22$value%22" |
|||
_debug2 postdata "$postdata" |
|||
|
|||
_authpost "$postdata" "$url" |
|||
response="$(echo "$_response" | _normalizeJson)" |
|||
_debug2 response "$response" |
|||
|
|||
if _contains "$response" '"haserrors": true'; then |
|||
_err "1984Hosting failed to add TXT record for $subdomain bad RC from _post" |
|||
return 1 |
|||
elif _contains "$response" "<html>"; then |
|||
_err "1984Hosting failed to add TXT record for $subdomain. Check $HTTP_HEADER file" |
|||
return 1 |
|||
elif _contains "$response" '"auth": false'; then |
|||
_err "1984Hosting failed to add TXT record for $subdomain. Invalid or expired cookie" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Added acme challenge TXT record for $fulldomain at 1984Hosting" |
|||
return 0 |
|||
} |
|||
|
|||
# usage _1984hosting_delete_txt_record entry_id |
|||
# returns 0 success |
|||
_1984hosting_delete_txt_record() { |
|||
_debug "Delete $fulldomain TXT record" |
|||
domain="$1" |
|||
subdomain="$2" |
|||
url="https://management.1984hosting.com/domains" |
|||
|
|||
_htmlget "$url" "$domain" |
|||
_debug2 _response "$_response" |
|||
zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" |
|||
_debug2 zone_id "$zone_id" |
|||
if [ -z "$zone_id" ]; then |
|||
_err "Error getting zone_id for $1" |
|||
return 1 |
|||
fi |
|||
|
|||
_htmlget "$url/$zone_id" "$subdomain" |
|||
_debug2 _response "$_response" |
|||
entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" |
|||
_debug2 entry_id "$entry_id" |
|||
if [ -z "$entry_id" ]; then |
|||
_err "Error getting TXT entry_id for $1" |
|||
return 1 |
|||
fi |
|||
|
|||
_authpost "entry=$entry_id" "$url/delentry/" |
|||
response="$(echo "$_response" | _normalizeJson)" |
|||
_debug2 response "$response" |
|||
|
|||
if ! _contains "$response" '"ok": true'; then |
|||
_err "1984Hosting failed to delete TXT record for $entry_id bad RC from _post" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Deleted acme challenge TXT record for $fulldomain at 1984Hosting" |
|||
return 0 |
|||
} |
|||
|
|||
# usage: _1984hosting_login username password |
|||
# returns 0 success |
|||
_1984hosting_login() { |
|||
if ! _check_credentials; then return 1; fi |
|||
|
|||
if _check_cookie; then |
|||
_debug "Already logged in" |
|||
return 0 |
|||
fi |
|||
|
|||
_debug "Login to 1984Hosting as user $One984HOSTING_Username" |
|||
username=$(printf '%s' "$One984HOSTING_Username" | _url_encode) |
|||
password=$(printf '%s' "$One984HOSTING_Password" | _url_encode) |
|||
url="https://management.1984hosting.com/accounts/checkuserauth/" |
|||
|
|||
response="$(_post "username=$username&password=$password&otpkey=" "$url")" |
|||
response="$(echo "$response" | _normalizeJson)" |
|||
_debug2 response "$response" |
|||
|
|||
if _contains "$response" '"loggedin": true'; then |
|||
One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')" |
|||
export One984HOSTING_COOKIE |
|||
_saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_check_credentials() { |
|||
if [ -z "$One984HOSTING_Username" ] || [ -z "$One984HOSTING_Password" ]; then |
|||
One984HOSTING_Username="" |
|||
One984HOSTING_Password="" |
|||
_err "You haven't specified 1984Hosting username or password yet." |
|||
_err "Please export as One984HOSTING_Username / One984HOSTING_Password and try again." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_check_cookie() { |
|||
One984HOSTING_COOKIE="${One984HOSTING_COOKIE:-$(_readaccountconf_mutable One984HOSTING_COOKIE)}" |
|||
if [ -z "$One984HOSTING_COOKIE" ]; then |
|||
_debug "No cached cookie found" |
|||
return 1 |
|||
fi |
|||
|
|||
_authget "https://management.1984hosting.com/accounts/loginstatus/" |
|||
response="$(echo "$_response" | _normalizeJson)" |
|||
if _contains "$response" '"ok": true'; then |
|||
_debug "Cached cookie still valid" |
|||
return 0 |
|||
fi |
|||
_debug "Cached cookie no longer valid" |
|||
One984HOSTING_COOKIE="" |
|||
_saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" |
|||
return 1 |
|||
} |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain="$1" |
|||
i=2 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
|
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." |
|||
if _contains "$_response" "serial"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
# add extra headers to request |
|||
_authget() { |
|||
export _H1="Cookie: $One984HOSTING_COOKIE" |
|||
_response=$(_get "$1") |
|||
} |
|||
|
|||
# truncate huge HTML response |
|||
# echo: Argument list too long |
|||
_htmlget() { |
|||
export _H1="Cookie: $One984HOSTING_COOKIE" |
|||
_response=$(_get "$1" | grep "$2" | _head_n 1) |
|||
} |
|||
|
|||
# add extra headers to request |
|||
_authpost() { |
|||
export _H1="Cookie: $One984HOSTING_COOKIE" |
|||
_response=$(_post "$1" "$2") |
|||
} |
|||
@ -0,0 +1,163 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Arvan_Token="xxxx" |
|||
|
|||
ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" |
|||
|
|||
#Author: Ehsan Aliakbar |
|||
#Report Bugs here: https://github.com/Neilpang/acme.sh |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_arvan_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_arvan_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using Arvan" |
|||
|
|||
Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}" |
|||
|
|||
if [ -z "$Arvan_Token" ]; then |
|||
_err "You didn't specify \"Arvan_Token\" token yet." |
|||
_err "You can get yours from here https://npanel.arvancloud.com/profile/api-keys" |
|||
return 1 |
|||
fi |
|||
#save the api token to the account conf file. |
|||
_saveaccountconf_mutable Arvan_Token "$Arvan_Token" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Adding record" |
|||
if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "Record Data is Duplicated"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_arvan_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using Arvan" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1) |
|||
_arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue" |
|||
|
|||
if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then |
|||
_err "Error on Arvan Api" |
|||
_err "Please create a github issue with debbug log" |
|||
return 1 |
|||
fi |
|||
|
|||
count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2) |
|||
_debug count "$count" |
|||
if [ "$count" = "0" ]; then |
|||
_info "Don't need to remove." |
|||
else |
|||
record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
_debug "$response" |
|||
_contains "$response" 'dns record deleted' |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _arvan_rest GET "?search=$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then |
|||
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_arvan_rest() { |
|||
mtd="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
|
|||
token_trimmed=$(echo "$Arvan_Token" | tr -d '"') |
|||
|
|||
export _H1="Authorization: $token_trimmed" |
|||
|
|||
if [ "$mtd" = "DELETE" ]; then |
|||
#DELETE Request shouldn't have Content-Type |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")" |
|||
elif [ "$mtd" = "POST" ]; then |
|||
export _H2="Content-Type: application/json" |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")" |
|||
else |
|||
response="$(_get "$ARVAN_API_URL/$ep$data")" |
|||
fi |
|||
} |
|||
@ -0,0 +1,197 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Author: Radek Sprta <sprta@vshosting.cz> |
|||
|
|||
#CLOUDDNS_EMAIL=XXXXX |
|||
#CLOUDDNS_PASSWORD="YYYYYYYYY" |
|||
#CLOUDDNS_CLIENT_ID=XXXXX |
|||
|
|||
CLOUDDNS_API='https://admin.vshosting.cloud/clouddns' |
|||
CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login' |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_clouddns_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "fulldomain" "$fulldomain" |
|||
|
|||
CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" |
|||
CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" |
|||
CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}" |
|||
|
|||
if [ -z "$CLOUDDNS_PASSWORD" ] || [ -z "$CLOUDDNS_EMAIL" ] || [ -z "$CLOUDDNS_CLIENT_ID" ]; then |
|||
CLOUDDNS_CLIENT_ID="" |
|||
CLOUDDNS_EMAIL="" |
|||
CLOUDDNS_PASSWORD="" |
|||
_err "You didn't specify a CloudDNS password, email and client ID yet." |
|||
return 1 |
|||
fi |
|||
if ! _contains "$CLOUDDNS_EMAIL" "@"; then |
|||
_err "It seems that the CLOUDDNS_EMAIL=$CLOUDDNS_EMAIL is not a valid email address." |
|||
_err "Please check and retry." |
|||
return 1 |
|||
fi |
|||
# Save CloudDNS client id, email and password to config file |
|||
_saveaccountconf_mutable CLOUDDNS_CLIENT_ID "$CLOUDDNS_CLIENT_ID" |
|||
_saveaccountconf_mutable CLOUDDNS_EMAIL "$CLOUDDNS_EMAIL" |
|||
_saveaccountconf_mutable CLOUDDNS_PASSWORD "$CLOUDDNS_PASSWORD" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# Add TXT record |
|||
data="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}" |
|||
if _clouddns_api POST "record-txt" "$data"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
elif _contains "$response" '"code":4136'; then |
|||
_info "Already exists, OK" |
|||
else |
|||
_err "Add TXT record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_debug "Publishing record changes" |
|||
_clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" |
|||
} |
|||
|
|||
# Usage: rm _acme-challenge.www.domain.com |
|||
dns_clouddns_rm() { |
|||
fulldomain=$1 |
|||
_debug "fulldomain" "$fulldomain" |
|||
|
|||
CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" |
|||
CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" |
|||
CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# Get record ID |
|||
_clouddns_api GET "domain/$_domain_id" |
|||
if _contains "$response" "lastDomainRecordList"; then |
|||
re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," |
|||
_last_domains=$(echo "$response" | _egrep_o "$re") |
|||
re2="\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," |
|||
_record_id=$(echo "$_last_domains" | _egrep_o "$re2" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d "\"") |
|||
_debug _record_id "$_record_id" |
|||
else |
|||
_err "Could not retrieve record ID" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Removing record" |
|||
if _clouddns_api DELETE "record/$_record_id"; then |
|||
if _contains "$response" "\"error\":"; then |
|||
_err "Could not remove record" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_debug "Publishing record changes" |
|||
_clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
# Usage: _get_root _acme-challenge.www.domain.com |
|||
# Returns: |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
|
|||
# Get domain root |
|||
data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}" |
|||
_clouddns_api "POST" "domain/search" "$data" |
|||
domain_slice="$domain" |
|||
while [ -z "$domain_root" ]; do |
|||
if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then |
|||
domain_root="$domain_slice" |
|||
_debug domain_root "$domain_root" |
|||
fi |
|||
domain_slice="$(echo "$domain_slice" | cut -d . -f 2-)" |
|||
done |
|||
|
|||
# Get domain id |
|||
data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \ |
|||
{\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" |
|||
_clouddns_api "POST" "domain/search" "$data" |
|||
if _contains "$response" "\"id\":\""; then |
|||
re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id |
|||
_domain_id=$(echo "$response" | _egrep_o "$re" | _head_n 1 | cut -d : -f 3 | tr -d "\",") |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | sed "s/.$domain_root//") |
|||
_domain="$domain_root" |
|||
return 0 |
|||
fi |
|||
_err 'Domain name not found on your CloudDNS account' |
|||
return 1 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: _clouddns_api GET domain/search '{"data": "value"}' |
|||
# Returns: |
|||
# response='{"message": "api response"}' |
|||
_clouddns_api() { |
|||
method=$1 |
|||
endpoint="$2" |
|||
data="$3" |
|||
_debug endpoint "$endpoint" |
|||
|
|||
if [ -z "$CLOUDDNS_TOKEN" ]; then |
|||
_clouddns_login |
|||
fi |
|||
_debug CLOUDDNS_TOKEN "$CLOUDDNS_TOKEN" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $CLOUDDNS_TOKEN" |
|||
|
|||
if [ "$method" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$CLOUDDNS_API/$endpoint" "" "$method" | tr -d '\t\r\n ')" |
|||
else |
|||
response="$(_get "$CLOUDDNS_API/$endpoint" | tr -d '\t\r\n ')" |
|||
fi |
|||
|
|||
# shellcheck disable=SC2181 |
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $endpoint" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
# Returns: |
|||
# CLOUDDNS_TOKEN=dslfje2rj23l |
|||
_clouddns_login() { |
|||
login_data="{\"email\": \"$CLOUDDNS_EMAIL\", \"password\": \"$CLOUDDNS_PASSWORD\"}" |
|||
response="$(_post "$login_data" "$CLOUDDNS_LOGIN_API" "" "POST" "Content-Type: application/json")" |
|||
|
|||
if _contains "$response" "\"accessToken\":\""; then |
|||
CLOUDDNS_TOKEN=$(echo "$response" | _egrep_o "\"accessToken\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
|||
export CLOUDDNS_TOKEN |
|||
else |
|||
echo 'Could not get CloudDNS access token; check your credentials' |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,141 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Author: Wout Decre <wout@canodus.be> |
|||
|
|||
CONSTELLIX_Api="https://api.dns.constellix.com/v1" |
|||
#CONSTELLIX_Key="XXX" |
|||
#CONSTELLIX_Secret="XXX" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_constellix_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
|||
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" |
|||
|
|||
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
|||
_err "You did not specify the Contellix API key and secret yet." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key" |
|||
_saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Adding TXT record" |
|||
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":120,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then |
|||
if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then |
|||
_info "Added" |
|||
return 0 |
|||
else |
|||
_err "Error adding TXT record" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_constellix_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
|||
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" |
|||
|
|||
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
|||
_err "You did not specify the Contellix API key and secret yet." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Removing TXT record" |
|||
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then |
|||
if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then |
|||
_info "Removed" |
|||
return 0 |
|||
else |
|||
_err "Error removing TXT record" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
_debug "Detecting root zone" |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _constellix_rest GET "domains/search?exact=$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2) |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) |
|||
_domain="$h" |
|||
|
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_constellix_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
rdate=$(date +"%s")"000" |
|||
hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64) |
|||
|
|||
export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key" |
|||
export _H2="x-cnsdns-requestDate: $rdate" |
|||
export _H3="x-cnsdns-hmac: $hmac" |
|||
export _H4="Accept: application/json" |
|||
export _H5="Content-Type: application/json" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$CONSTELLIX_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,65 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
######################################################################## |
|||
# https://dyndnsfree.de hook script for acme.sh |
|||
# |
|||
# Environment variables: |
|||
# |
|||
# - $DF_user (your dyndnsfree.de username) |
|||
# - $DF_password (your dyndnsfree.de password) |
|||
# |
|||
# Author: Thilo Gass <thilo.gass@gmail.com> |
|||
# Git repo: https://github.com/ThiloGa/acme.sh |
|||
|
|||
#-- dns_df_add() - Add TXT record -------------------------------------- |
|||
# Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..." |
|||
|
|||
dyndnsfree_api="https://dynup.de/acme.php" |
|||
|
|||
dns_df_add() { |
|||
fulldomain=$1 |
|||
txt_value=$2 |
|||
_info "Using DNS-01 dyndnsfree.de hook" |
|||
|
|||
DF_user="${DF_user:-$(_readaccountconf_mutable DF_user)}" |
|||
DF_password="${DF_password:-$(_readaccountconf_mutable DF_password)}" |
|||
if [ -z "$DF_user" ] || [ -z "$DF_password" ]; then |
|||
DF_user="" |
|||
DF_password="" |
|||
_err "No auth details provided. Please set user credentials using the \$DF_user and \$DF_password environment variables." |
|||
return 1 |
|||
fi |
|||
#save the api user and password to the account conf file. |
|||
_debug "Save user and password" |
|||
_saveaccountconf_mutable DF_user "$DF_user" |
|||
_saveaccountconf_mutable DF_password "$DF_password" |
|||
|
|||
domain="$(printf "%s" "$fulldomain" | cut -d"." -f2-)" |
|||
|
|||
get="$dyndnsfree_api?username=$DF_user&password=$DF_password&hostname=$domain&add_hostname=$fulldomain&txt=$txt_value" |
|||
|
|||
if ! erg="$(_get "$get")"; then |
|||
_err "error Adding $fulldomain TXT: $txt_value" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$erg" "success"; then |
|||
_info "Success, TXT Added, OK" |
|||
else |
|||
_err "error Adding $fulldomain TXT: $txt_value erg: $erg" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "ok Auto $fulldomain TXT: $txt_value erg: $erg" |
|||
return 0 |
|||
} |
|||
|
|||
dns_df_rm() { |
|||
|
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "TXT enrty in $fulldomain is deleted automatically" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
} |
|||
@ -0,0 +1,155 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0" |
|||
|
|||
##################### Public functions ##################### |
|||
|
|||
# Usage: dns_domeneshop_add <full domain> <txt record> |
|||
# Example: dns_domeneshop_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_domeneshop_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
# Get token and secret |
|||
DOMENESHOP_Token="${DOMENESHOP_Token:-$(_readaccountconf_mutable DOMENESHOP_Token)}" |
|||
DOMENESHOP_Secret="${DOMENESHOP_Secret:-$(_readaccountconf_mutable DOMENESHOP_Secret)}" |
|||
|
|||
if [ -z "$DOMENESHOP_Token" ] || [ -z "$DOMENESHOP_Secret" ]; then |
|||
DOMENESHOP_Token="" |
|||
DOMENESHOP_Secret="" |
|||
_err "You need to spesify a Domeneshop/Domainnameshop API Token and Secret." |
|||
return 1 |
|||
fi |
|||
|
|||
# Save the api token and secret. |
|||
_saveaccountconf_mutable DOMENESHOP_Token "$DOMENESHOP_Token" |
|||
_saveaccountconf_mutable DOMENESHOP_Secret "$DOMENESHOP_Secret" |
|||
|
|||
# Get the domain name id |
|||
if ! _get_domainid "$fulldomain"; then |
|||
_err "Did not find domainname" |
|||
return 1 |
|||
fi |
|||
|
|||
# Create record |
|||
_domeneshop_rest POST "domains/$_domainid/dns" "{\"type\":\"TXT\",\"host\":\"$_sub_domain\",\"data\":\"$txtvalue\",\"ttl\":120}" |
|||
} |
|||
|
|||
# Usage: dns_domeneshop_rm <full domain> <txt record> |
|||
# Example: dns_domeneshop_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_domeneshop_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
# Get token and secret |
|||
DOMENESHOP_Token="${DOMENESHOP_Token:-$(_readaccountconf_mutable DOMENESHOP_Token)}" |
|||
DOMENESHOP_Secret="${DOMENESHOP_Secret:-$(_readaccountconf_mutable DOMENESHOP_Secret)}" |
|||
|
|||
if [ -z "$DOMENESHOP_Token" ] || [ -z "$DOMENESHOP_Secret" ]; then |
|||
DOMENESHOP_Token="" |
|||
DOMENESHOP_Secret="" |
|||
_err "You need to spesify a Domeneshop/Domainnameshop API Token and Secret." |
|||
return 1 |
|||
fi |
|||
|
|||
# Get the domain name id |
|||
if ! _get_domainid "$fulldomain"; then |
|||
_err "Did not find domainname" |
|||
return 1 |
|||
fi |
|||
|
|||
# Find record |
|||
if ! _get_recordid "$_domainid" "$_sub_domain" "$txtvalue"; then |
|||
_err "Did not find dns record" |
|||
return 1 |
|||
fi |
|||
|
|||
# Remove record |
|||
_domeneshop_rest DELETE "domains/$_domainid/dns/$_recordid" |
|||
} |
|||
|
|||
##################### Private functions ##################### |
|||
|
|||
_get_domainid() { |
|||
domain=$1 |
|||
|
|||
# Get domains |
|||
_domeneshop_rest GET "domains" |
|||
|
|||
if ! _contains "$response" "\"id\":"; then |
|||
_err "failed to get domain names" |
|||
return 1 |
|||
fi |
|||
|
|||
i=2 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug "h" "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"$h\"" >/dev/null; then |
|||
# We have found the domain name. |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
_domainid=$(printf "%s" "$response" | _egrep_o "[^{]*\"domain\":\"$_domain\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2) |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_get_recordid() { |
|||
domainid=$1 |
|||
subdomain=$2 |
|||
txtvalue=$3 |
|||
|
|||
# Get all dns records for the domainname |
|||
_domeneshop_rest GET "domains/$domainid/dns" |
|||
|
|||
if ! _contains "$response" "\"id\":"; then |
|||
_debug "No records in dns" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "\"host\":\"$subdomain\""; then |
|||
_debug "Record does not exist" |
|||
return 1 |
|||
fi |
|||
|
|||
# Get the id of the record in question |
|||
_recordid=$(printf "%s" "$response" | _egrep_o "[^{]*\"host\":\"$subdomain\"[^}]*" | _egrep_o "[^{]*\"data\":\"$txtvalue\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2) |
|||
if [ -z "$_recordid" ]; then |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_domeneshop_rest() { |
|||
method=$1 |
|||
endpoint=$2 |
|||
data=$3 |
|||
|
|||
credentials=$(printf "%b" "$DOMENESHOP_Token:$DOMENESHOP_Secret" | _base64) |
|||
|
|||
export _H1="Authorization: Basic $credentials" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
if [ "$method" != "GET" ]; then |
|||
response="$(_post "$data" "$DOMENESHOP_Api_Endpoint/$endpoint" "" "$method")" |
|||
else |
|||
response="$(_get "$DOMENESHOP_Api_Endpoint/$endpoint")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $endpoint" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,285 @@ |
|||
#!/usr/bin/env sh |
|||
#Author StefanAbl |
|||
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' |
|||
#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value" |
|||
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub |
|||
|
|||
dynv6_api="https://dynv6.com/api/v2" |
|||
######## Public functions ##################### |
|||
# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide |
|||
#Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dynv6_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using dynv6 api" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
_get_authentication |
|||
if [ "$dynv6_token" ]; then |
|||
_dns_dynv6_add_http |
|||
return $? |
|||
else |
|||
_info "using key file $dynv6_keyfile" |
|||
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" |
|||
if ! _get_domain "$fulldomain" "$_your_hosts"; then |
|||
_err "Host not found on your account" |
|||
return 1 |
|||
fi |
|||
_debug "found host on your account" |
|||
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" |
|||
_debug "Dynv6 returned this after record was added: $returnval" |
|||
if _contains "$returnval" "created"; then |
|||
return 0 |
|||
elif _contains "$returnval" "updated"; then |
|||
return 0 |
|||
else |
|||
_err "Something went wrong! it does not seem like the record was added successfully" |
|||
return 1 |
|||
fi |
|||
return 1 |
|||
fi |
|||
return 1 |
|||
} |
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_dynv6_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using dynv6 API" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
_get_authentication |
|||
if [ "$dynv6_token" ]; then |
|||
_dns_dynv6_rm_http |
|||
return $? |
|||
else |
|||
_info "using key file $dynv6_keyfile" |
|||
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" |
|||
if ! _get_domain "$fulldomain" "$_your_hosts"; then |
|||
_err "Host not found on your account" |
|||
return 1 |
|||
fi |
|||
_debug "found host on your account" |
|||
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" |
|||
return 0 |
|||
fi |
|||
} |
|||
#################### Private functions below ################################## |
|||
#Usage: No Input required |
|||
#returns |
|||
#dynv6_keyfile the path to the new key file that has been generated |
|||
_generate_new_key() { |
|||
dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6" |
|||
_info "Path to key file used: $dynv6_keyfile" |
|||
if [ ! -f "$dynv6_keyfile" ] && [ ! -f "$dynv6_keyfile.pub" ]; then |
|||
_debug "generating key in $dynv6_keyfile and $dynv6_keyfile.pub" |
|||
ssh-keygen -f "$dynv6_keyfile" -t ssh-ed25519 -N '' |
|||
else |
|||
_err "There is already a file in $dynv6_keyfile or $dynv6_keyfile.pub" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts" |
|||
#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts |
|||
#returns |
|||
#_host= example.dynv6.net |
|||
#_record=_acme-challenge.www |
|||
#aborts if not a valid domain |
|||
_get_domain() { |
|||
#_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)" |
|||
_full_domain="$1" |
|||
_your_hosts="$2" |
|||
|
|||
_your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')" |
|||
for l in $_your_hosts; do |
|||
#echo "host: $l" |
|||
if test "${_full_domain#*$l}" != "$_full_domain"; then |
|||
_record="${_full_domain%.$l}" |
|||
_host=$l |
|||
_debug "The host is $_host and the record $_record" |
|||
return 0 |
|||
fi |
|||
done |
|||
_err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key" |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: No input required |
|||
#returns |
|||
#dynv6_keyfile path to the key that will be used |
|||
_get_authentication() { |
|||
dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}" |
|||
if [ "$dynv6_token" ]; then |
|||
_debug "Found HTTP Token. Going to use the HTTP API and not the SSH API" |
|||
if [ "$DYNV6_TOKEN" ]; then |
|||
_saveaccountconf_mutable dynv6_token "$dynv6_token" |
|||
fi |
|||
else |
|||
_debug "no HTTP token found. Looking for an SSH key" |
|||
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" |
|||
_debug "Your key is $dynv6_keyfile" |
|||
if [ -z "$dynv6_keyfile" ]; then |
|||
if [ -z "$KEY" ]; then |
|||
_err "You did not specify a key to use with dynv6" |
|||
_info "Creating new dynv6 API key to add to dynv6.com" |
|||
_generate_new_key |
|||
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" |
|||
_info "Hit Enter to continue" |
|||
read -r _ |
|||
#save the credentials to the account conf file. |
|||
else |
|||
dynv6_keyfile="$KEY" |
|||
fi |
|||
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
_dns_dynv6_add_http() { |
|||
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" |
|||
if ! _get_zone_id "$fulldomain"; then |
|||
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" |
|||
return 1 |
|||
fi |
|||
_get_zone_name "$_zone_id" |
|||
record="${fulldomain%%.$_zone_name}" |
|||
_set_record TXT "$record" "$txtvalue" |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Successfully added record" |
|||
return 0 |
|||
else |
|||
_err "Something went wrong while adding the record" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_dns_dynv6_rm_http() { |
|||
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API" |
|||
if ! _get_zone_id "$fulldomain"; then |
|||
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone" |
|||
return 1 |
|||
fi |
|||
_get_zone_name "$_zone_id" |
|||
record="${fulldomain%%.$_zone_name}" |
|||
_get_record_id "$_zone_id" "$record" "$txtvalue" |
|||
_del_record "$_zone_id" "$_record_id" |
|||
if [ -z "$response" ]; then |
|||
_info "Successfully deleted record" |
|||
return 0 |
|||
else |
|||
_err "Something went wrong while deleting the record" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#get the zoneid for a specifc record or zone |
|||
#usage: _get_zone_id §record |
|||
#where $record is the record to get the id for |
|||
#returns _zone_id the id of the zone |
|||
_get_zone_id() { |
|||
record="$1" |
|||
_debug "getting zone id for $record" |
|||
_dynv6_rest GET zones |
|||
|
|||
zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')" |
|||
#echo $zones |
|||
|
|||
selected="" |
|||
for z in $zones; do |
|||
z="${z#name:}" |
|||
_debug zone: "$z" |
|||
if _contains "$record" "$z"; then |
|||
_debug "$z found in $record" |
|||
selected="$z" |
|||
fi |
|||
done |
|||
if [ -z "$selected" ]; then |
|||
_err "no zone found" |
|||
return 1 |
|||
fi |
|||
|
|||
zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')" |
|||
_zone_id="${zone_id#id:}" |
|||
_debug "zone id: $_zone_id" |
|||
} |
|||
|
|||
_get_zone_name() { |
|||
_zone_id="$1" |
|||
_dynv6_rest GET zones/"$_zone_id" |
|||
_zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')" |
|||
_zone_name="${_zone_name#name:}" |
|||
} |
|||
|
|||
#usaage _get_record_id $zone_id $record |
|||
# where zone_id is thevalue returned by _get_zone_id |
|||
# and record ist in the form _acme.www for an fqdn of _acme.www.example.com |
|||
# returns _record_id |
|||
_get_record_id() { |
|||
_zone_id="$1" |
|||
record="$2" |
|||
value="$3" |
|||
_dynv6_rest GET "zones/$_zone_id/records" |
|||
if ! _get_record_id_from_response "$response"; then |
|||
_err "no such record $record found in zone $_zone_id" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_get_record_id_from_response() { |
|||
response="$1" |
|||
_record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')" |
|||
#_record_id="${_record_id#id:}" |
|||
if [ -z "$_record_id" ]; then |
|||
_err "no such record: $record found in zone $_zone_id" |
|||
return 1 |
|||
fi |
|||
_debug "record id: $_record_id" |
|||
return 0 |
|||
} |
|||
#usage: _set_record TXT _acme_challenge.www longvalue 12345678 |
|||
#zone id is optional can also be set as vairable bevor calling this method |
|||
_set_record() { |
|||
type="$1" |
|||
record="$2" |
|||
value="$3" |
|||
if [ "$4" ]; then |
|||
_zone_id="$4" |
|||
fi |
|||
data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}" |
|||
#data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}' |
|||
echo "$data" |
|||
#"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}" |
|||
_dynv6_rest POST "zones/$_zone_id/records" "$data" |
|||
} |
|||
_del_record() { |
|||
_zone_id=$1 |
|||
_record_id=$2 |
|||
_dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id" |
|||
} |
|||
|
|||
_dynv6_rest() { |
|||
m=$1 #method GET,POST,DELETE or PUT |
|||
ep="$2" #the endpoint |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
token_trimmed=$(echo "$dynv6_token" | tr -d '"') |
|||
|
|||
export _H1="Authorization: Bearer $token_trimmed" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$dynv6_api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$dynv6_api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,171 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
####################################################### |
|||
# |
|||
# easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh |
|||
# |
|||
# API Documentation: https://sandbox.rest.easydns.net:3001/ |
|||
# |
|||
# Author: wurzelpanzer [wurzelpanzer@maximolider.net] |
|||
# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647 |
|||
# |
|||
#################### Public functions ################# |
|||
|
|||
#EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx" |
|||
#EASYDNS_Token="xxxxxxxxxxxxxxxxxxxxxxxx" |
|||
EASYDNS_Api="https://rest.easydns.net" |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_easydns_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
EASYDNS_Token="${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}" |
|||
EASYDNS_Key="${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}" |
|||
|
|||
if [ -z "$EASYDNS_Token" ] || [ -z "$EASYDNS_Key" ]; then |
|||
_err "You didn't specify an easydns.net token or api key. Signup at https://cp.easydns.com/manage/security/api/signup.php" |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable EASYDNS_Token "$EASYDNS_Token" |
|||
_saveaccountconf_mutable EASYDNS_Key "$EASYDNS_Key" |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_EASYDNS_rest GET "zones/records/all/${_domain}/search/${_sub_domain}" |
|||
|
|||
if ! printf "%s" "$response" | grep \"status\":200 >/dev/null; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Adding record" |
|||
if _EASYDNS_rest PUT "zones/records/add/$_domain/TXT" "{\"host\":\"$_sub_domain\",\"rdata\":\"$txtvalue\"}"; then |
|||
if _contains "$response" "\"status\":201"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "Record already exists"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
dns_easydns_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
EASYDNS_Token="${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}" |
|||
EASYDNS_Key="${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_EASYDNS_rest GET "zones/records/all/${_domain}/search/${_sub_domain}" |
|||
|
|||
if ! printf "%s" "$response" | grep \"status\":200 >/dev/null; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
|||
_debug count "$count" |
|||
if [ "$count" = "0" ]; then |
|||
_info "Don't need to remove." |
|||
else |
|||
record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _EASYDNS_rest DELETE "zones/records/$_domain/$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
_contains "$response" "\"status\":200" |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _EASYDNS_rest GET "zones/records/all/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"status\":200"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_EASYDNS_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
basicauth=$(printf "%s" "$EASYDNS_Token":"$EASYDNS_Key" | _base64) |
|||
|
|||
export _H1="accept: application/json" |
|||
if [ "$basicauth" ]; then |
|||
export _H2="Authorization: Basic $basicauth" |
|||
fi |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
export _H3="Content-Type: application/json" |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$EASYDNS_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$EASYDNS_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,252 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
|
|||
HETZNER_Api="https://dns.hetzner.com/api/v1" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
# Ref: https://dns.hetzner.com/api-docs/ |
|||
dns_hetzner_add() { |
|||
full_domain=$1 |
|||
txt_value=$2 |
|||
|
|||
HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}" |
|||
|
|||
if [ -z "$HETZNER_Token" ]; then |
|||
HETZNER_Token="" |
|||
_err "You didn't specify a Hetzner api token." |
|||
_err "You can get yours from here https://dns.hetzner.com/settings/api-token." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable HETZNER_Token "$HETZNER_Token" |
|||
|
|||
_debug "First detect the root zone" |
|||
|
|||
if ! _get_root "$full_domain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting TXT records" |
|||
if ! _find_record "$_sub_domain" "$txt_value"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$_record_id" ]; then |
|||
_info "Adding record" |
|||
if _hetzner_rest POST "records" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then |
|||
if _contains "$response" "$txt_value"; then |
|||
_info "Record added, OK" |
|||
_sleep 2 |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "Add txt record error${_response_error}" |
|||
return 1 |
|||
else |
|||
_info "Found record id: $_record_id." |
|||
_info "Record found, do nothing." |
|||
return 0 |
|||
# we could modify a record, if the names for txt records for *.example.com and example.com would be not the same |
|||
#if _hetzner_rest PUT "records/${_record_id}" "{\"zone_id\":\"${HETZNER_Zone_ID}\",\"type\":\"TXT\",\"name\":\"$full_domain\",\"value\":\"$txt_value\",\"ttl\":120}"; then |
|||
# if _contains "$response" "$txt_value"; then |
|||
# _info "Modified, OK" |
|||
# return 0 |
|||
# fi |
|||
#fi |
|||
#_err "Add txt record error (modify)." |
|||
#return 1 |
|||
fi |
|||
} |
|||
|
|||
# Usage: full_domain txt_value |
|||
# Used to remove the txt record after validation |
|||
dns_hetzner_rm() { |
|||
full_domain=$1 |
|||
txt_value=$2 |
|||
|
|||
HETZNER_Token="${HETZNER_Token:-$(_readaccountconf_mutable HETZNER_Token)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$full_domain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting TXT records" |
|||
if ! _find_record "$_sub_domain" "$txt_value"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$_record_id" ]; then |
|||
_info "Remove not needed. Record not found." |
|||
else |
|||
if ! _hetzner_rest DELETE "records/$_record_id"; then |
|||
_err "Delete record error${_response_error}" |
|||
return 1 |
|||
fi |
|||
_sleep 2 |
|||
_info "Record deleted" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#returns |
|||
# _record_id=a8d58f22d6931bf830eaa0ec6464bf81 if found; or 1 if error |
|||
_find_record() { |
|||
unset _record_id |
|||
_record_name=$1 |
|||
_record_value=$2 |
|||
|
|||
if [ -z "$_record_value" ]; then |
|||
_record_value='[^"]*' |
|||
fi |
|||
|
|||
_debug "Getting all records" |
|||
_hetzner_rest GET "records?zone_id=${_domain_id}" |
|||
|
|||
if _response_has_error; then |
|||
_err "Error${_response_error}" |
|||
return 1 |
|||
else |
|||
_record_id=$( |
|||
echo "$response" | |
|||
grep -o "{[^\{\}]*\"name\":\"$_record_name\"[^\}]*}" | |
|||
grep "\"value\":\"$_record_value\"" | |
|||
while read -r record; do |
|||
# test for type and |
|||
if [ -n "$(echo "$record" | _egrep_o '"type":"TXT"')" ]; then |
|||
echo "$record" | _egrep_o '"id":"[^"]*"' | cut -d : -f 2 | tr -d \" |
|||
break |
|||
fi |
|||
done |
|||
) |
|||
fi |
|||
} |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
domain_without_acme=$(echo "$domain" | cut -d . -f 2-) |
|||
domain_param_name=$(echo "HETZNER_Zone_ID_for_${domain_without_acme}" | sed 's/[\.\-]/_/g') |
|||
|
|||
_debug "Reading zone_id for '$domain_without_acme' from config..." |
|||
HETZNER_Zone_ID=$(_readdomainconf "$domain_param_name") |
|||
if [ "$HETZNER_Zone_ID" ]; then |
|||
_debug "Found, using: $HETZNER_Zone_ID" |
|||
if ! _hetzner_rest GET "zones/${HETZNER_Zone_ID}"; then |
|||
_debug "Zone with id '$HETZNER_Zone_ID' does not exist." |
|||
_cleardomainconf "$domain_param_name" |
|||
unset HETZNER_Zone_ID |
|||
else |
|||
if _contains "$response" "\"id\":\"$HETZNER_Zone_ID\""; then |
|||
_domain=$(printf "%s\n" "$response" | _egrep_o '"name":"[^"]*"' | cut -d : -f 2 | tr -d \" | head -n 1) |
|||
if [ "$_domain" ]; then |
|||
_cut_length=$((${#domain} - ${#_domain} - 1)) |
|||
_sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cut_length") |
|||
_domain_id="$HETZNER_Zone_ID" |
|||
return 0 |
|||
else |
|||
return 1 |
|||
fi |
|||
else |
|||
return 1 |
|||
fi |
|||
fi |
|||
fi |
|||
|
|||
_debug "Trying to get zone id by domain name for '$domain_without_acme'." |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
_debug h "$h" |
|||
|
|||
_hetzner_rest GET "zones?name=$h" |
|||
|
|||
if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_entries":1'; then |
|||
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
HETZNER_Zone_ID=$_domain_id |
|||
_savedomainconf "$domain_param_name" "$HETZNER_Zone_ID" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#returns |
|||
# _response_error |
|||
_response_has_error() { |
|||
unset _response_error |
|||
|
|||
err_part="$(echo "$response" | _egrep_o '"error":{[^}]*}')" |
|||
|
|||
if [ -n "$err_part" ]; then |
|||
err_code=$(echo "$err_part" | _egrep_o '"code":[0-9]+' | cut -d : -f 2) |
|||
err_message=$(echo "$err_part" | _egrep_o '"message":"[^"]+"' | cut -d : -f 2 | tr -d \") |
|||
|
|||
if [ -n "$err_code" ] && [ -n "$err_message" ]; then |
|||
_response_error=" - message: ${err_message}, code: ${err_code}" |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#returns |
|||
# response |
|||
_hetzner_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
key_trimmed=$(echo "$HETZNER_Token" | tr -d \") |
|||
|
|||
export _H1="Content-TType: application/json" |
|||
export _H2="Auth-API-Token: $key_trimmed" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$HETZNER_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$HETZNER_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ] || _response_has_error; then |
|||
_debug "Error$_response_error" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,129 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Joker.com API for acme.sh |
|||
# |
|||
# This script adds the necessary TXT record to a domain in Joker.com. |
|||
# |
|||
# You must activate Dynamic DNS in Joker.com DNS configuration first. |
|||
# Username and password below refer to Dynamic DNS authentication, |
|||
# not your Joker.com login credentials. |
|||
# See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html |
|||
# |
|||
# NOTE: This script does not support wildcard certificates, because |
|||
# Joker.com API does not support adding two TXT records with the same |
|||
# subdomain. Adding the second record will overwrite the first one. |
|||
# See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html |
|||
# "... this request will replace all TXT records for the specified |
|||
# label by the provided content" |
|||
# |
|||
# Author: aattww (https://github.com/aattww/) |
|||
# |
|||
# Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840 |
|||
# |
|||
# JOKER_USERNAME="xxxx" |
|||
# JOKER_PASSWORD="xxxx" |
|||
|
|||
JOKER_API="https://svc.joker.com/nic/replace" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_joker_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_joker_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
JOKER_USERNAME="${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}" |
|||
JOKER_PASSWORD="${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}" |
|||
|
|||
if [ -z "$JOKER_USERNAME" ] || [ -z "$JOKER_PASSWORD" ]; then |
|||
_err "No Joker.com username and password specified." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable JOKER_USERNAME "$JOKER_USERNAME" |
|||
_saveaccountconf_mutable JOKER_PASSWORD "$JOKER_PASSWORD" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Adding TXT record" |
|||
if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value=$txtvalue"; then |
|||
if _startswith "$response" "OK"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "Error adding TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_joker_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
JOKER_USERNAME="${JOKER_USERNAME:-$(_readaccountconf_mutable JOKER_USERNAME)}" |
|||
JOKER_PASSWORD="${JOKER_PASSWORD:-$(_readaccountconf_mutable JOKER_PASSWORD)}" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Removing TXT record" |
|||
# TXT record is removed by setting its value to empty. |
|||
if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$_domain&label=$_sub_domain&type=TXT&value="; then |
|||
if _startswith "$response" "OK"; then |
|||
_info "Removed, OK" |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "Error removing TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
fulldomain=$1 |
|||
i=1 |
|||
while true; do |
|||
h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
# Try to remove a test record. With correct root domain, username and password this will return "OK: ..." regardless |
|||
# of record in question existing or not. |
|||
if _joker_rest "username=$JOKER_USERNAME&password=$JOKER_PASSWORD&zone=$h&label=jokerTXTUpdateTest&type=TXT&value="; then |
|||
if _startswith "$response" "OK"; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")" |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
_debug "Root domain not found" |
|||
return 1 |
|||
} |
|||
|
|||
_joker_rest() { |
|||
data="$1" |
|||
_debug data "$data" |
|||
|
|||
if ! response="$(_post "$data" "$JOKER_API" "" "POST")"; then |
|||
_err "Error POSTing" |
|||
return 1 |
|||
fi |
|||
_debug response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,150 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# kapper.net domain api |
|||
# for further questions please contact: support@kapper.net |
|||
# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977 |
|||
|
|||
#KAPPERNETDNS_Key="yourKAPPERNETapikey" |
|||
#KAPPERNETDNS_Secret="yourKAPPERNETapisecret" |
|||
|
|||
KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" |
|||
|
|||
############################################################################### |
|||
# called with |
|||
# fullhostname: something.example.com |
|||
# txtvalue: someacmegenerated string |
|||
dns_kappernet_add() { |
|||
fullhostname=$1 |
|||
txtvalue=$2 |
|||
|
|||
KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" |
|||
KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" |
|||
|
|||
if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then |
|||
KAPPERNETDNS_Key="" |
|||
KAPPERNETDNS_Secret="" |
|||
_err "Please specify your kapper.net api key and secret." |
|||
_err "If you have not received yours - send your mail to" |
|||
_err "support@kapper.net to get your key and secret." |
|||
return 1 |
|||
fi |
|||
|
|||
#store the api key and email to the account conf file. |
|||
_saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key" |
|||
_saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret" |
|||
_debug "Checking Domain ..." |
|||
if ! _get_root "$fullhostname"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "SUBDOMAIN: $_sub_domain" |
|||
_debug _domain "DOMAIN: $_domain" |
|||
|
|||
_info "Trying to add TXT DNS Record" |
|||
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" |
|||
if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then |
|||
|
|||
if _contains "$response" "{\"OK\":true"; then |
|||
_info "Waiting 120 seconds for DNS to spread the new record" |
|||
_sleep 120 |
|||
return 0 |
|||
else |
|||
_err "Error creating a TXT DNS Record: $fullhostname TXT $txtvalue" |
|||
_err "Error Message: $response" |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Failed creating TXT Record" |
|||
} |
|||
|
|||
############################################################################### |
|||
# called with |
|||
# fullhostname: something.example.com |
|||
dns_kappernet_rm() { |
|||
fullhostname=$1 |
|||
txtvalue=$2 |
|||
|
|||
KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" |
|||
KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" |
|||
|
|||
if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then |
|||
KAPPERNETDNS_Key="" |
|||
KAPPERNETDNS_Secret="" |
|||
_err "Please specify your kapper.net api key and secret." |
|||
_err "If you have not received yours - send your mail to" |
|||
_err "support@kapper.net to get your key and secret." |
|||
return 1 |
|||
fi |
|||
|
|||
#store the api key and email to the account conf file. |
|||
_saveaccountconf_mutable KAPPERNETDNS_Key "$KAPPERNETDNS_Key" |
|||
_saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret" |
|||
|
|||
_info "Trying to remove the TXT Record: $fullhostname containing $txtvalue" |
|||
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" |
|||
if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then |
|||
if _contains "$response" "{\"OK\":true"; then |
|||
return 0 |
|||
else |
|||
_err "Error deleting DNS Record: $fullhostname containing $txtvalue" |
|||
_err "Problem: $response" |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Problem deleting TXT DNS record" |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
# called with hostname |
|||
# e.g._acme-challenge.www.domain.com returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
if ! _kappernet_api GET "action=list&subject=$h"; then |
|||
return 1 |
|||
fi |
|||
if _contains "$response" '"OK":false'; then |
|||
_debug "$h not found" |
|||
else |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
################################################################################ |
|||
# calls the kapper.net DNS Panel API |
|||
# with |
|||
# method |
|||
# param |
|||
_kappernet_api() { |
|||
method=$1 |
|||
param="$2" |
|||
|
|||
_debug param "PARAMETER=$param" |
|||
url="$KAPPERNETDNS_Api&$param" |
|||
_debug url "URL=$url" |
|||
|
|||
if [ "$method" = "GET" ]; then |
|||
response="$(_get "$url")" |
|||
else |
|||
_err "Unsupported method" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,168 @@ |
|||
#!/usr/bin/env sh |
|||
######################################################################## |
|||
# All-inkl Kasserver hook script for acme.sh |
|||
# |
|||
# Environment variables: |
|||
# |
|||
# - $KAS_Login (Kasserver API login name) |
|||
# - $KAS_Authtype (Kasserver API auth type. Default: sha1) |
|||
# - $KAS_Authdata (Kasserver API auth data.) |
|||
# |
|||
# Author: Martin Kammerlander, Phlegx Systems OG <martin.kammerlander@phlegx.com> |
|||
# Updated by: Marc-Oliver Lange <git@die-lang.es> |
|||
# Credits: Inspired by dns_he.sh. Thanks a lot man! |
|||
# Git repo: https://github.com/phlegx/acme.sh |
|||
# TODO: Better Error handling |
|||
######################################################################## |
|||
KAS_Api="https://kasapi.kasserver.com/dokumentation/formular.php" |
|||
######## Public functions ##################### |
|||
dns_kas_add() { |
|||
_fulldomain=$1 |
|||
_txtvalue=$2 |
|||
_info "Using DNS-01 All-inkl/Kasserver hook" |
|||
_info "Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" |
|||
_info "Check and Save Props" |
|||
_check_and_save |
|||
_info "Checking Zone and Record_Name" |
|||
_get_zone_and_record_name "$_fulldomain" |
|||
_info "Getting Record ID" |
|||
_get_record_id |
|||
|
|||
_info "Creating TXT DNS record" |
|||
params="?kas_login=$KAS_Login" |
|||
params="$params&kas_auth_type=$KAS_Authtype" |
|||
params="$params&kas_auth_data=$KAS_Authdata" |
|||
params="$params&var1=record_name" |
|||
params="$params&wert1=$_record_name" |
|||
params="$params&var2=record_type" |
|||
params="$params&wert2=TXT" |
|||
params="$params&var3=record_data" |
|||
params="$params&wert3=$_txtvalue" |
|||
params="$params&var4=record_aux" |
|||
params="$params&wert4=0" |
|||
params="$params&kas_action=add_dns_settings" |
|||
params="$params&var5=zone_host" |
|||
params="$params&wert5=$_zone" |
|||
_debug2 "Wait for 10 seconds by default before calling KAS API." |
|||
_sleep 10 |
|||
response="$(_get "$KAS_Api$params")" |
|||
_debug2 "response" "$response" |
|||
|
|||
if ! _contains "$response" "TRUE"; then |
|||
_err "An unkown error occurred, please check manually." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
dns_kas_rm() { |
|||
_fulldomain=$1 |
|||
_txtvalue=$2 |
|||
_info "Using DNS-01 All-inkl/Kasserver hook" |
|||
_info "Cleaning up after All-inkl/Kasserver hook" |
|||
_info "Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" |
|||
|
|||
_info "Check and Save Props" |
|||
_check_and_save |
|||
_info "Checking Zone and Record_Name" |
|||
_get_zone_and_record_name "$_fulldomain" |
|||
_info "Getting Record ID" |
|||
_get_record_id |
|||
|
|||
# If there is a record_id, delete the entry |
|||
if [ -n "$_record_id" ]; then |
|||
params="?kas_login=$KAS_Login" |
|||
params="$params&kas_auth_type=$KAS_Authtype" |
|||
params="$params&kas_auth_data=$KAS_Authdata" |
|||
params="$params&kas_action=delete_dns_settings" |
|||
|
|||
for i in $_record_id; do |
|||
params2="$params&var1=record_id" |
|||
params2="$params2&wert1=$i" |
|||
_debug2 "Wait for 10 seconds by default before calling KAS API." |
|||
_sleep 10 |
|||
response="$(_get "$KAS_Api$params2")" |
|||
_debug2 "response" "$response" |
|||
if ! _contains "$response" "TRUE"; then |
|||
_err "Either the txt record is not found or another error occurred, please check manually." |
|||
return 1 |
|||
fi |
|||
done |
|||
else # Cannot delete or unkown error |
|||
_err "No record_id found that can be deleted. Please check manually." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
########################## PRIVATE FUNCTIONS ########################### |
|||
|
|||
# Checks for the ENV variables and saves them |
|||
_check_and_save() { |
|||
KAS_Login="${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}" |
|||
KAS_Authtype="${KAS_Authtype:-$(_readaccountconf_mutable KAS_Authtype)}" |
|||
KAS_Authdata="${KAS_Authdata:-$(_readaccountconf_mutable KAS_Authdata)}" |
|||
|
|||
if [ -z "$KAS_Login" ] || [ -z "$KAS_Authtype" ] || [ -z "$KAS_Authdata" ]; then |
|||
KAS_Login= |
|||
KAS_Authtype= |
|||
KAS_Authdata= |
|||
_err "No auth details provided. Please set user credentials using the \$KAS_Login, \$KAS_Authtype, and \$KAS_Authdata environment variables." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable KAS_Login "$KAS_Login" |
|||
_saveaccountconf_mutable KAS_Authtype "$KAS_Authtype" |
|||
_saveaccountconf_mutable KAS_Authdata "$KAS_Authdata" |
|||
return 0 |
|||
} |
|||
|
|||
# Gets back the base domain/zone and record name. |
|||
# See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide |
|||
_get_zone_and_record_name() { |
|||
params="?kas_login=$KAS_Login" |
|||
params="?kas_login=$KAS_Login" |
|||
params="$params&kas_auth_type=$KAS_Authtype" |
|||
params="$params&kas_auth_data=$KAS_Authdata" |
|||
params="$params&kas_action=get_domains" |
|||
|
|||
_debug2 "Wait for 10 seconds by default before calling KAS API." |
|||
_sleep 10 |
|||
response="$(_get "$KAS_Api$params")" |
|||
_debug2 "response" "$response" |
|||
_zonen="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "domain_name" | tr '<' '\n' | grep "domain_name" | sed "s/domain_name>=>//g")" |
|||
_domain="$1" |
|||
_temp_domain="$(echo "$1" | sed 's/\.$//')" |
|||
_rootzone="$_domain" |
|||
for i in $_zonen; do |
|||
l1=${#_rootzone} |
|||
l2=${#i} |
|||
if _endswith "$_domain" "$i" && [ "$l1" -ge "$l2" ]; then |
|||
_rootzone="$i" |
|||
fi |
|||
done |
|||
_zone="${_rootzone}." |
|||
_temp_record_name="$(echo "$_temp_domain" | sed "s/$_rootzone//g")" |
|||
_record_name="$(echo "$_temp_record_name" | sed 's/\.$//')" |
|||
_debug2 "Zone:" "$_zone" |
|||
_debug2 "Domain:" "$_domain" |
|||
_debug2 "Record_Name:" "$_record_name" |
|||
return 0 |
|||
} |
|||
|
|||
# Retrieve the DNS record ID |
|||
_get_record_id() { |
|||
params="?kas_login=$KAS_Login" |
|||
params="$params&kas_auth_type=$KAS_Authtype" |
|||
params="$params&kas_auth_data=$KAS_Authdata" |
|||
params="$params&kas_action=get_dns_settings" |
|||
params="$params&var1=zone_host" |
|||
params="$params&wert1=$_zone" |
|||
|
|||
_debug2 "Wait for 10 seconds by default before calling KAS API." |
|||
_sleep 10 |
|||
response="$(_get "$KAS_Api$params")" |
|||
_debug2 "response" "$response" |
|||
_record_id="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "=>$_record_name<" | grep '>TXT<' | tr '<' '\n' | grep record_id | sed "s/record_id>=>//g")" |
|||
_debug2 _record_id "$_record_id" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,149 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Author: Rolph Haspers <r.haspers@global.leaseweb.com> |
|||
#Utilize leaseweb.com API to finish dns-01 verifications. |
|||
#Requires a Leaseweb API Key (export LSW_Key="Your Key") |
|||
#See http://developer.leaseweb.com for more information. |
|||
######## Public functions ##################### |
|||
|
|||
LSW_API="https://api.leaseweb.com/hosting/v2/domains/" |
|||
|
|||
#Usage: dns_leaseweb_add _acme-challenge.www.domain.com |
|||
dns_leaseweb_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LSW_Key="${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}" |
|||
if [ -z "$LSW_Key" ]; then |
|||
LSW_Key="" |
|||
_err "You don't specify Leaseweb api key yet." |
|||
_err "Please create your key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key to the account conf file. |
|||
_saveaccountconf_mutable LSW_Key "$LSW_Key" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _root_domain "$_domain" |
|||
_debug _domain "$fulldomain" |
|||
|
|||
if _lsw_api "POST" "$_domain" "$fulldomain" "$txtvalue"; then |
|||
if [ "$_code" = "201" ]; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error, invalid code. Code: $_code" |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_leaseweb_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LSW_Key="${LSW_Key:-$(_readaccountconf_mutable LSW_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _root_domain "$_domain" |
|||
_debug _domain "$fulldomain" |
|||
|
|||
if _lsw_api "DELETE" "$_domain" "$fulldomain" "$txtvalue"; then |
|||
if [ "$_code" = "204" ]; then |
|||
_info "Deleted, OK" |
|||
return 0 |
|||
else |
|||
_err "Delete txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Delete txt record error." |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
# _acme-challenge.www.domain.com |
|||
# returns |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
rdomain=$1 |
|||
i="$(echo "$rdomain" | tr '.' ' ' | wc -w)" |
|||
i=$(_math "$i" - 1) |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$rdomain" | cut -d . -f "$i"-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
return 1 #not valid domain |
|||
fi |
|||
|
|||
#Check API if domain exists |
|||
if _lsw_api "GET" "$h"; then |
|||
if [ "$_code" = "200" ]; then |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
fi |
|||
i=$(_math "$i" - 1) |
|||
if [ "$i" -lt 2 ]; then |
|||
return 1 #not found, no need to check _acme-challenge.sub.domain in leaseweb api. |
|||
fi |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_lsw_api() { |
|||
cmd=$1 |
|||
d=$2 |
|||
fd=$3 |
|||
tvalue=$4 |
|||
|
|||
# Construct the HTTP Authorization header |
|||
export _H2="Content-Type: application/json" |
|||
export _H1="X-Lsw-Auth: ${LSW_Key}" |
|||
|
|||
if [ "$cmd" = "GET" ]; then |
|||
response="$(_get "$LSW_API/$d")" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
_debug "http response code $_code" |
|||
_debug response "$response" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$cmd" = "POST" ]; then |
|||
data="{\"name\": \"$fd.\",\"type\": \"TXT\",\"content\": [\"$tvalue\"],\"ttl\": 60}" |
|||
response="$(_post "$data" "$LSW_API/$d/resourceRecordSets" "$data" "POST")" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
_debug "http response code $_code" |
|||
_debug response "$response" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$cmd" = "DELETE" ]; then |
|||
response="$(_post "" "$LSW_API/$d/resourceRecordSets/$fd/TXT" "" "DELETE")" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
_debug "http response code $_code" |
|||
_debug response "$response" |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
@ -0,0 +1,210 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Name: dns_miab.sh |
|||
# |
|||
# Authors: |
|||
# Darven Dissek 2018 |
|||
# William Gertz 2019 |
|||
# |
|||
# Thanks to Neil Pang and other developers here for code reused from acme.sh from DNS-01 |
|||
# used to communicate with the MailinaBox Custom DNS API |
|||
# Report Bugs here: |
|||
# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) |
|||
# https://github.com/acmesh-official/acme.sh (for acme.sh) |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_miab_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using miab challange add" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
#retrieve MIAB environemt vars |
|||
if ! _retrieve_miab_env; then |
|||
return 1 |
|||
fi |
|||
|
|||
#check domain and seperate into doamin and host |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _sub_domain "$_sub_domain" |
|||
_debug2 _domain "$_domain" |
|||
|
|||
#add the challenge record |
|||
_api_path="custom/${fulldomain}/txt" |
|||
_miab_rest "$txtvalue" "$_api_path" "POST" |
|||
|
|||
#check if result was good |
|||
if _contains "$response" "updated DNS"; then |
|||
_info "Successfully created the txt record" |
|||
return 0 |
|||
else |
|||
_err "Error encountered during record add" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#Usage: dns_miab_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_miab_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using miab challage delete" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
#retrieve MIAB environemt vars |
|||
if ! _retrieve_miab_env; then |
|||
return 1 |
|||
fi |
|||
|
|||
#check domain and seperate into doamin and host |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _sub_domain "$_sub_domain" |
|||
_debug2 _domain "$_domain" |
|||
|
|||
#Remove the challenge record |
|||
_api_path="custom/${fulldomain}/txt" |
|||
_miab_rest "$txtvalue" "$_api_path" "DELETE" |
|||
|
|||
#check if result was good |
|||
if _contains "$response" "updated DNS"; then |
|||
_info "Successfully removed the txt record" |
|||
return 0 |
|||
else |
|||
_err "Error encountered during record remove" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
# |
|||
#Usage: _get_root _acme-challenge.www.domain.com |
|||
#Returns: |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
_passed_domain=$1 |
|||
_debug _passed_domain "$_passed_domain" |
|||
_i=2 |
|||
_p=1 |
|||
|
|||
#get the zones hosed on MIAB server, must be a json stream |
|||
_miab_rest "" "zones" "GET" |
|||
|
|||
if ! _is_json "$response"; then |
|||
_err "ERROR fetching domain list" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
#cycle through the passed domain seperating out a test domain discarding |
|||
# the subdomain by marching thorugh the dots |
|||
while true; do |
|||
_test_domain=$(printf "%s" "$_passed_domain" | cut -d . -f ${_i}-100) |
|||
_debug _test_domain "$_test_domain" |
|||
|
|||
if [ -z "$_test_domain" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
#report found if the test domain is in the json response and |
|||
# report the subdomain |
|||
if _contains "$response" "\"$_test_domain\""; then |
|||
_sub_domain=$(printf "%s" "$_passed_domain" | cut -d . -f 1-${_p}) |
|||
_domain=${_test_domain} |
|||
return 0 |
|||
fi |
|||
|
|||
#cycle to the next dot in the passed domain |
|||
_p=${_i} |
|||
_i=$(_math "$_i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#Usage: _retrieve_miab_env |
|||
#Returns (from store or environment variables): |
|||
# MIAB_Username |
|||
# MIAB_Password |
|||
# MIAB_Server |
|||
#retrieve MIAB environment variables, report errors and quit if problems |
|||
_retrieve_miab_env() { |
|||
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}" |
|||
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}" |
|||
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}" |
|||
|
|||
#debug log the environmental variables |
|||
_debug MIAB_Username "$MIAB_Username" |
|||
_debug MIAB_Password "$MIAB_Password" |
|||
_debug MIAB_Server "$MIAB_Server" |
|||
|
|||
#check if MIAB environemt vars set and quit if not |
|||
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then |
|||
_err "You didn't specify one or more of MIAB_Username, MIAB_Password or MIAB_Server." |
|||
_err "Please check these environment variables and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable MIAB_Username "$MIAB_Username" |
|||
_saveaccountconf_mutable MIAB_Password "$MIAB_Password" |
|||
_saveaccountconf_mutable MIAB_Server "$MIAB_Server" |
|||
} |
|||
|
|||
#Useage: _miab_rest "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" "custom/_acme-challenge.www.domain.com/txt "POST" |
|||
#Returns: "updated DNS: domain.com" |
|||
#rest interface MIAB dns |
|||
_miab_rest() { |
|||
_data="$1" |
|||
_api_path="$2" |
|||
_httpmethod="$3" |
|||
|
|||
#encode username and password for basic authentication |
|||
_credentials="$(printf "%s" "$MIAB_Username:$MIAB_Password" | _base64)" |
|||
export _H1="Authorization: Basic $_credentials" |
|||
_url="https://${MIAB_Server}/admin/dns/${_api_path}" |
|||
|
|||
_debug2 _data "$_data" |
|||
_debug _api_path "$_api_path" |
|||
_debug2 _url "$_url" |
|||
_debug2 _credentails "$_credentials" |
|||
_debug _httpmethod "$_httpmethod" |
|||
|
|||
if [ "$_httpmethod" = "GET" ]; then |
|||
response="$(_get "$_url")" |
|||
else |
|||
response="$(_post "$_data" "$_url" "" "$_httpmethod")" |
|||
fi |
|||
|
|||
_retcode="$?" |
|||
|
|||
if [ "$_retcode" != "0" ]; then |
|||
_err "MIAB REST authentication failed on $_httpmethod" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: _is_json "\[\n "mydomain.com"\n]" |
|||
#Reurns "\[\n "mydomain.com"\n]" |
|||
#returns the string if it begins and ends with square braces |
|||
_is_json() { |
|||
_str="$(echo "$1" | _normalizeJson)" |
|||
echo "$_str" | grep '^\[.*\]$' >/dev/null 2>&1 |
|||
} |
|||
@ -0,0 +1,159 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# bug reports to support+acmesh@misaka.io |
|||
# based on dns_nsone.sh by dev@1e.ca |
|||
|
|||
# |
|||
#Misaka_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
|
|||
Misaka_Api="https://dnsapi.misaka.io/dns" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_misaka_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if [ -z "$Misaka_Key" ]; then |
|||
Misaka_Key="" |
|||
_err "You didn't specify misaka.io dns api key yet." |
|||
_err "Please create you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf Misaka_Key "$Misaka_Key" |
|||
|
|||
_debug "checking root zone [$fulldomain]" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_misaka_rest GET "zones/${_domain}/recordsets?search=${_sub_domain}" |
|||
|
|||
if ! _contains "$response" "\"results\":"; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") |
|||
_debug count "$count" |
|||
if [ "$count" = "0" ]; then |
|||
_info "Adding record" |
|||
|
|||
if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then |
|||
_debug response "$response" |
|||
if _contains "$response" "$_sub_domain"; then |
|||
_info "Added" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
else |
|||
_info "Updating record" |
|||
|
|||
_misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" |
|||
if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then |
|||
_info "Updated!" |
|||
#todo: check if the record takes effect |
|||
return 0 |
|||
fi |
|||
_err "Update error" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#fulldomain |
|||
dns_misaka_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_misaka_rest GET "zones/${_domain}/recordsets?search=${_sub_domain}" |
|||
|
|||
count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") |
|||
_debug count "$count" |
|||
if [ "$count" = "0" ]; then |
|||
_info "Don't need to remove." |
|||
else |
|||
if ! _misaka_rest DELETE "zones/${_domain}/recordsets/${_sub_domain}/TXT"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
_contains "$response" "" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
if ! _misaka_rest GET "zones?limit=1000"; then |
|||
return 1 |
|||
fi |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_misaka_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="User-Agent: acme.sh/$VER misaka-dns-acmesh/20191213" |
|||
export _H3="Authorization: Token $Misaka_Key" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$Misaka_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$Misaka_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,162 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#NETLIFY_ACCESS_TOKEN="xxxx" |
|||
|
|||
NETLIFY_HOST="api.netlify.com/api/v1/" |
|||
NETLIFY_URL="https://$NETLIFY_HOST" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_netlify_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}" |
|||
|
|||
if [ -z "$NETLIFY_ACCESS_TOKEN" ]; then |
|||
NETLIFY_ACCESS_TOKEN="" |
|||
_err "Please specify your Netlify Access Token and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Netlify" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN" |
|||
|
|||
if ! _get_root "$fulldomain" "$accesstoken"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
dnsRecordURI="dns_zones/$_domain_id/dns_records" |
|||
|
|||
body="{\"type\":\"TXT\", \"hostname\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"ttl\":\"10\"}" |
|||
|
|||
_netlify_rest POST "$dnsRecordURI" "$body" "$NETLIFY_ACCESS_TOKEN" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then |
|||
_info "validation value added" |
|||
return 0 |
|||
else |
|||
_err "error adding validation value ($_code)" |
|||
return 1 |
|||
fi |
|||
|
|||
_err "Not fully implemented!" |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: dns_myapi_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
#Remove the txt record after validation. |
|||
dns_netlify_rm() { |
|||
_info "Using Netlify" |
|||
txtdomain="$1" |
|||
txt="$2" |
|||
_debug txtdomain "$txtdomain" |
|||
_debug txt "$txt" |
|||
|
|||
_saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN" |
|||
|
|||
if ! _get_root "$txtdomain" "$accesstoken"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
dnsRecordURI="dns_zones/$_domain_id/dns_records" |
|||
|
|||
_netlify_rest GET "$dnsRecordURI" "" "$NETLIFY_ACCESS_TOKEN" |
|||
|
|||
_record_id=$(echo "$response" | _egrep_o "\"type\":\"TXT\",[^\}]*\"value\":\"$txt\"" | head -n 1 | _egrep_o "\"id\":\"[^\"\}]*\"" | cut -d : -f 2 | tr -d \") |
|||
_debug _record_id "$_record_id" |
|||
if [ "$_record_id" ]; then |
|||
_netlify_rest DELETE "$dnsRecordURI/$_record_id" "" "$NETLIFY_ACCESS_TOKEN" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
if [ "$_code" = "200" ] || [ "$_code" = '204' ]; then |
|||
_info "validation value removed" |
|||
return 0 |
|||
else |
|||
_err "error removing validation value ($_code)" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
accesstoken=$2 |
|||
i=1 |
|||
p=1 |
|||
|
|||
_netlify_rest GET "dns_zones" "" "$accesstoken" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug2 "Checking domain: $h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then |
|||
_domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h" | cut -d , -f 1 | tr -d \") |
|||
if [ "$_domain_id" ]; then |
|||
if [ "$i" = 1 ]; then |
|||
#create the record at the domain apex (@) if only the domain name was provided as --domain-alias |
|||
_sub_domain="@" |
|||
else |
|||
_sub_domain=$(echo "$domain" | cut -d . -f 1-$p) |
|||
fi |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_netlify_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
token_trimmed=$(echo "$NETLIFY_ACCESS_TOKEN" | tr -d '"') |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $token_trimmed" |
|||
|
|||
: >"$HTTP_HEADER" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$NETLIFY_URL$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$NETLIFY_URL$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,205 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88' |
|||
#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8' |
|||
#NIC_Username="000000/NIC-D" |
|||
#NIC_Password="xxxxxxx" |
|||
|
|||
NIC_Api="https://api.nic.ru" |
|||
|
|||
dns_nic_add() { |
|||
fulldomain="${1}" |
|||
txtvalue="${2}" |
|||
|
|||
if ! _nic_get_authtoken save; then |
|||
_err "get NIC auth token failed" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _service "$_service" |
|||
|
|||
_info "Adding record" |
|||
if ! _nic_rest PUT "services/$_service/zones/$_domain/records" "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><request><rr-list><rr><name>$_sub_domain</name><type>TXT</type><txt><string>$txtvalue</string></txt></rr></rr-list></request>"; then |
|||
_err "Add TXT record error" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then |
|||
return 1 |
|||
fi |
|||
_info "Added, OK" |
|||
} |
|||
|
|||
dns_nic_rm() { |
|||
fulldomain="${1}" |
|||
txtvalue="${2}" |
|||
|
|||
if ! _nic_get_authtoken; then |
|||
_err "get NIC auth token failed" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _service "$_service" |
|||
|
|||
if ! _nic_rest GET "services/$_service/zones/$_domain/records"; then |
|||
_err "Get records error" |
|||
return 1 |
|||
fi |
|||
|
|||
_domain_id=$(printf "%s" "$response" | grep "$_sub_domain" | grep -- "$txtvalue" | sed -r "s/.*<rr id=\"(.*)\".*/\1/g") |
|||
|
|||
if ! _nic_rest DELETE "services/$_service/zones/$_domain/records/$_domain_id"; then |
|||
_err "Delete record error" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _nic_rest POST "services/$_service/zones/$_domain/commit" ""; then |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
#_nic_get_auth_elements [need2save] |
|||
_nic_get_auth_elements() { |
|||
_need2save=$1 |
|||
|
|||
NIC_ClientID="${NIC_ClientID:-$(_readaccountconf_mutable NIC_ClientID)}" |
|||
NIC_ClientSecret="${NIC_ClientSecret:-$(_readaccountconf_mutable NIC_ClientSecret)}" |
|||
NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}" |
|||
NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}" |
|||
|
|||
## for backward compatibility |
|||
if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ]; then |
|||
NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}" |
|||
_debug NIC_Token "$NIC_Token" |
|||
if [ -n "$NIC_Token" ]; then |
|||
_two_values="$(echo "${NIC_Token}" | _dbase64)" |
|||
_debug _two_values "$_two_values" |
|||
NIC_ClientID=$(echo "$_two_values" | cut -d':' -f1) |
|||
NIC_ClientSecret=$(echo "$_two_values" | cut -d':' -f2-) |
|||
_debug restored_NIC_ClientID "$NIC_ClientID" |
|||
_debug restored_NIC_ClientSecret "$NIC_ClientSecret" |
|||
fi |
|||
fi |
|||
|
|||
if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then |
|||
NIC_ClientID="" |
|||
NIC_ClientSecret="" |
|||
NIC_Username="" |
|||
NIC_Password="" |
|||
_err "You must export variables: NIC_ClientID, NIC_ClientSecret, NIC_Username and NIC_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$_need2save" ]; then |
|||
_saveaccountconf_mutable NIC_ClientID "$NIC_ClientID" |
|||
_saveaccountconf_mutable NIC_ClientSecret "$NIC_ClientSecret" |
|||
_saveaccountconf_mutable NIC_Username "$NIC_Username" |
|||
_saveaccountconf_mutable NIC_Password "$NIC_Password" |
|||
fi |
|||
|
|||
NIC_BasicAuth=$(printf "%s:%s" "${NIC_ClientID}" "${NIC_ClientSecret}" | _base64) |
|||
_debug NIC_BasicAuth "$NIC_BasicAuth" |
|||
|
|||
} |
|||
|
|||
#_nic_get_authtoken [need2save] |
|||
_nic_get_authtoken() { |
|||
_need2save=$1 |
|||
|
|||
if ! _nic_get_auth_elements "$_need2save"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Getting NIC auth token" |
|||
|
|||
export _H1="Authorization: Basic ${NIC_BasicAuth}" |
|||
export _H2="Content-Type: application/x-www-form-urlencoded" |
|||
|
|||
res=$(_post "grant_type=password&username=${NIC_Username}&password=${NIC_Password}&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST") |
|||
if _contains "$res" "access_token"; then |
|||
_auth_token=$(printf "%s" "$res" | cut -d , -f2 | tr -d "\"" | sed "s/access_token://") |
|||
_info "Token received" |
|||
_debug _auth_token "$_auth_token" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain="$1" |
|||
i=1 |
|||
p=1 |
|||
|
|||
if ! _nic_rest GET "zones"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_all_domains=$(printf "%s" "$response" | grep "idn-name" | sed -r "s/.*idn-name=\"(.*)\" name=.*/\1/g") |
|||
_debug2 _all_domains "$_all_domains" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
_debug h "$h" |
|||
|
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$_all_domains" "^$h$"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
_service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") |
|||
return 0 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_nic_rest() { |
|||
m="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Content-Type: application/xml" |
|||
export _H2="Authorization: Bearer $_auth_token" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response=$(_post "$data" "$NIC_Api/dns-master/$ep" "" "$m") |
|||
else |
|||
response=$(_get "$NIC_Api/dns-master/$ep") |
|||
fi |
|||
|
|||
if _contains "$response" "<errors>"; then |
|||
error=$(printf "%s" "$response" | grep "error code" | sed -r "s/.*<error code=.*>(.*)<\/error>/\1/g") |
|||
_err "Error: $error" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "<status>success</status>"; then |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,168 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#NJALLA_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
|
|||
NJALLA_Api="https://njal.la/api/1/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_njalla_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}" |
|||
|
|||
if [ "$NJALLA_Token" ]; then |
|||
_saveaccountconf_mutable NJALLA_Token "$NJALLA_Token" |
|||
else |
|||
NJALLA_Token="" |
|||
_err "You didn't specify a Njalla api token yet." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
|||
# we can not use updating anymore. |
|||
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
|||
# _debug count "$count" |
|||
# if [ "$count" = "0" ]; then |
|||
_info "Adding record" |
|||
if _njalla_rest "{\"method\":\"add-record\",\"params\":{\"domain\":\"$_domain\",\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_njalla_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NJALLA_Token="${NJALLA_Token:-$(_readaccountconf_mutable NJALLA_Token)}" |
|||
|
|||
if [ "$NJALLA_Token" ]; then |
|||
_saveaccountconf_mutable NJALLA_Token "$NJALLA_Token" |
|||
else |
|||
NJALLA_Token="" |
|||
_err "You didn't specify a Njalla api token yet." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting records for domain" |
|||
if ! _njalla_rest "{\"method\":\"list-records\",\"params\":{\"domain\":\"${_domain}\"}}"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! echo "$response" | tr -d " " | grep "\"id\":" >/dev/null; then |
|||
_err "Error: $response" |
|||
return 1 |
|||
fi |
|||
|
|||
records=$(echo "$response" | _egrep_o "\"records\":\s?\[(.*)\]\}" | _egrep_o "\[.*\]" | _egrep_o "\{[^\{\}]*\"id\":[^\{\}]*\}") |
|||
count=$(echo "$records" | wc -l) |
|||
_debug count "$count" |
|||
|
|||
if [ "$count" = "0" ]; then |
|||
_info "Don't need to remove." |
|||
else |
|||
echo "$records" | while read -r record; do |
|||
record_name=$(echo "$record" | _egrep_o "\"name\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \") |
|||
record_content=$(echo "$record" | _egrep_o "\"content\":\s?\"[^\"]*\"" | cut -d : -f 2 | tr -d " " | tr -d \") |
|||
record_id=$(echo "$record" | _egrep_o "\"id\":\s?[0-9]+" | cut -d : -f 2 | tr -d " " | tr -d \") |
|||
if [ "$_sub_domain" = "$record_name" ]; then |
|||
if [ "$txtvalue" = "$record_content" ]; then |
|||
_debug "record_id" "$record_id" |
|||
if ! _njalla_rest "{\"method\":\"remove-record\",\"params\":{\"domain\":\"${_domain}\",\"id\":${record_id}}}"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
echo "$response" | tr -d " " | grep "\"result\"" >/dev/null |
|||
fi |
|||
fi |
|||
done |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _njalla_rest "{\"method\":\"get-domain\",\"params\":{\"domain\":\"${h}\"}}"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"$h\""; then |
|||
_domain_returned=$(echo "$response" | _egrep_o "\{\"name\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") |
|||
if [ "$_domain_returned" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_njalla_rest() { |
|||
data="$1" |
|||
|
|||
token_trimmed=$(echo "$NJALLA_Token" | tr -d '"') |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Njalla $token_trimmed" |
|||
|
|||
_debug data "$data" |
|||
response="$(_post "$data" "$NJALLA_Api" "" "POST")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $data" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,88 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
######################################################################## |
|||
# https://namemaster.de hook script for acme.sh |
|||
# |
|||
# Environment variables: |
|||
# |
|||
# - $NM_user (your namemaster.de API username) |
|||
# - $NM_sha256 (your namemaster.de API password_as_sha256hash) |
|||
# |
|||
# Author: Thilo Gass <thilo.gass@gmail.com> |
|||
# Git repo: https://github.com/ThiloGa/acme.sh |
|||
|
|||
#-- dns_nm_add() - Add TXT record -------------------------------------- |
|||
# Usage: dns_nm_add _acme-challenge.subdomain.domain.com "XyZ123..." |
|||
|
|||
namemaster_api="https://namemaster.de/api/api.php" |
|||
|
|||
dns_nm_add() { |
|||
fulldomain=$1 |
|||
txt_value=$2 |
|||
_info "Using DNS-01 namemaster hook" |
|||
|
|||
NM_user="${NM_user:-$(_readaccountconf_mutable NM_user)}" |
|||
NM_sha256="${NM_sha256:-$(_readaccountconf_mutable NM_sha256)}" |
|||
if [ -z "$NM_user" ] || [ -z "$NM_sha256" ]; then |
|||
NM_user="" |
|||
NM_sha256="" |
|||
_err "No auth details provided. Please set user credentials using the \$NM_user and \$NM_sha256 environment variables." |
|||
return 1 |
|||
fi |
|||
#save the api user and sha256 password to the account conf file. |
|||
_debug "Save user and hash" |
|||
_saveaccountconf_mutable NM_user "$NM_user" |
|||
_saveaccountconf_mutable NM_sha256 "$NM_sha256" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "die Zone lautet:" "$zone" |
|||
|
|||
get="$namemaster_api?User=$NM_user&Password=$NM_sha256&Antwort=csv&Typ=ACME&zone=$zone&hostname=$fulldomain&TXT=$txt_value&Action=Auto&Lifetime=3600" |
|||
|
|||
if ! erg="$(_get "$get")"; then |
|||
_err "error Adding $fulldomain TXT: $txt_value" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$erg" "Success"; then |
|||
_info "Success, TXT Added, OK" |
|||
else |
|||
_err "error Adding $fulldomain TXT: $txt_value erg: $erg" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "ok Auto $fulldomain TXT: $txt_value erg: $erg" |
|||
return 0 |
|||
} |
|||
|
|||
dns_nm_rm() { |
|||
|
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "TXT enrty in $fulldomain is deleted automatically" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
} |
|||
|
|||
_get_root() { |
|||
|
|||
domain=$1 |
|||
|
|||
get="$namemaster_api?User=$NM_user&Password=$NM_sha256&Typ=acme&hostname=$domain&Action=getzone&antwort=csv" |
|||
|
|||
if ! zone="$(_get "$get")"; then |
|||
_err "error getting Zone" |
|||
return 1 |
|||
else |
|||
if _contains "$zone" "hostname not found"; then |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
} |
|||
@ -0,0 +1,348 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# OpenStack Designate API plugin |
|||
# |
|||
# This requires you to have OpenStackClient and python-desginateclient |
|||
# installed. |
|||
# |
|||
# You will require Keystone V3 credentials loaded into your environment, which |
|||
# could be either password or v3applicationcredential type. |
|||
# |
|||
# Author: Andy Botting <andy@andybotting.com> |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: dns_openstack_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_openstack_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_dns_openstack_credentials || return $? |
|||
_dns_openstack_check_setup || return $? |
|||
_dns_openstack_find_zone || return $? |
|||
_dns_openstack_get_recordset || return $? |
|||
_debug _recordset_id "$_recordset_id" |
|||
if [ -n "$_recordset_id" ]; then |
|||
_dns_openstack_get_records || return $? |
|||
_debug _records "$_records" |
|||
fi |
|||
_dns_openstack_create_recordset || return $? |
|||
} |
|||
|
|||
# Usage: dns_openstack_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Remove the txt record after validation. |
|||
dns_openstack_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_dns_openstack_credentials || return $? |
|||
_dns_openstack_check_setup || return $? |
|||
_dns_openstack_find_zone || return $? |
|||
_dns_openstack_get_recordset || return $? |
|||
_debug _recordset_id "$_recordset_id" |
|||
if [ -n "$_recordset_id" ]; then |
|||
_dns_openstack_get_records || return $? |
|||
_debug _records "$_records" |
|||
fi |
|||
_dns_openstack_delete_recordset || return $? |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_dns_openstack_create_recordset() { |
|||
|
|||
if [ -z "$_recordset_id" ]; then |
|||
_info "Creating a new recordset" |
|||
if ! _recordset_id=$(openstack recordset create -c id -f value --type TXT --record "$txtvalue" "$_zone_id" "$fulldomain."); then |
|||
_err "No recordset ID found after create" |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "Updating existing recordset" |
|||
# Build new list of --record <rec> args for update |
|||
_record_args="--record $txtvalue" |
|||
for _rec in $_records; do |
|||
_record_args="$_record_args --record $_rec" |
|||
done |
|||
# shellcheck disable=SC2086 |
|||
if ! _recordset_id=$(openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain."); then |
|||
_err "Recordset update failed" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_max_retries=60 |
|||
_sleep_sec=5 |
|||
_retry_times=0 |
|||
while [ "$_retry_times" -lt "$_max_retries" ]; do |
|||
_retry_times=$(_math "$_retry_times" + 1) |
|||
_debug3 _retry_times "$_retry_times" |
|||
|
|||
_record_status=$(openstack recordset show -c status -f value "$_zone_id" "$_recordset_id") |
|||
_info "Recordset status is $_record_status" |
|||
if [ "$_record_status" = "ACTIVE" ]; then |
|||
return 0 |
|||
elif [ "$_record_status" = "ERROR" ]; then |
|||
return 1 |
|||
else |
|||
_sleep $_sleep_sec |
|||
fi |
|||
done |
|||
|
|||
_err "Recordset failed to become ACTIVE" |
|||
return 1 |
|||
} |
|||
|
|||
_dns_openstack_delete_recordset() { |
|||
|
|||
if [ "$_records" = "$txtvalue" ]; then |
|||
_info "Only one record found, deleting recordset" |
|||
if ! openstack recordset delete "$_zone_id" "$fulldomain." >/dev/null; then |
|||
_err "Failed to delete recordset" |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "Found existing records, updating recordset" |
|||
# Build new list of --record <rec> args for update |
|||
_record_args="" |
|||
for _rec in $_records; do |
|||
if [ "$_rec" = "$txtvalue" ]; then |
|||
continue |
|||
fi |
|||
_record_args="$_record_args --record $_rec" |
|||
done |
|||
# shellcheck disable=SC2086 |
|||
if ! openstack recordset set -c id -f value $_record_args "$_zone_id" "$fulldomain." >/dev/null; then |
|||
_err "Recordset update failed" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
_dns_openstack_get_root() { |
|||
# Take the full fqdn and strip away pieces until we get an exact zone name |
|||
# match. For example, _acme-challenge.something.domain.com might need to go |
|||
# into something.domain.com or domain.com |
|||
_zone_name=$1 |
|||
_zone_list=$2 |
|||
while [ "$_zone_name" != "" ]; do |
|||
_zone_name="$(echo "$_zone_name" | sed 's/[^.]*\.*//')" |
|||
echo "$_zone_list" | while read -r id name; do |
|||
if _startswith "$_zone_name." "$name"; then |
|||
echo "$id" |
|||
fi |
|||
done |
|||
done | _head_n 1 |
|||
} |
|||
|
|||
_dns_openstack_find_zone() { |
|||
if ! _zone_list="$(openstack zone list -c id -c name -f value)"; then |
|||
_err "Can't list zones. Check your OpenStack credentials" |
|||
return 1 |
|||
fi |
|||
_debug _zone_list "$_zone_list" |
|||
|
|||
if ! _zone_id="$(_dns_openstack_get_root "$fulldomain" "$_zone_list")"; then |
|||
_err "Can't find a matching zone. Check your OpenStack credentials" |
|||
return 1 |
|||
fi |
|||
_debug _zone_id "$_zone_id" |
|||
} |
|||
|
|||
_dns_openstack_get_records() { |
|||
if ! _records=$(openstack recordset show -c records -f value "$_zone_id" "$fulldomain."); then |
|||
_err "Failed to get records" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_dns_openstack_get_recordset() { |
|||
if ! _recordset_id=$(openstack recordset list -c id -f value --name "$fulldomain." "$_zone_id"); then |
|||
_err "Failed to get recordset" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_dns_openstack_check_setup() { |
|||
if ! _exists openstack; then |
|||
_err "OpenStack client not found" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_dns_openstack_credentials() { |
|||
_debug "Check OpenStack credentials" |
|||
|
|||
# If we have OS_AUTH_URL already set in the environment, then assume we want |
|||
# to use those, otherwise use stored credentials |
|||
if [ -n "$OS_AUTH_URL" ]; then |
|||
_debug "OS_AUTH_URL env var found, using environment" |
|||
else |
|||
_debug "OS_AUTH_URL not found, loading stored credentials" |
|||
OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}" |
|||
OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}" |
|||
OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}" |
|||
OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}" |
|||
OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}" |
|||
OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}" |
|||
OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}" |
|||
OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}" |
|||
OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}" |
|||
OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}" |
|||
OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}" |
|||
OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}" |
|||
OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}" |
|||
fi |
|||
|
|||
# Check each var and either save or clear it depending on whether its set. |
|||
# The helps us clear out old vars in the case where a user may want |
|||
# to switch between password and app creds |
|||
_debug "OS_AUTH_URL" "$OS_AUTH_URL" |
|||
if [ -n "$OS_AUTH_URL" ]; then |
|||
export OS_AUTH_URL |
|||
_saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL" |
|||
else |
|||
unset OS_AUTH_URL |
|||
_clearaccountconf SAVED_OS_AUTH_URL |
|||
fi |
|||
|
|||
_debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION" |
|||
if [ -n "$OS_IDENTITY_API_VERSION" ]; then |
|||
export OS_IDENTITY_API_VERSION |
|||
_saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION" |
|||
else |
|||
unset OS_IDENTITY_API_VERSION |
|||
_clearaccountconf SAVED_OS_IDENTITY_API_VERSION |
|||
fi |
|||
|
|||
_debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE" |
|||
if [ -n "$OS_AUTH_TYPE" ]; then |
|||
export OS_AUTH_TYPE |
|||
_saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE" |
|||
else |
|||
unset OS_AUTH_TYPE |
|||
_clearaccountconf SAVED_OS_AUTH_TYPE |
|||
fi |
|||
|
|||
_debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID" |
|||
if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then |
|||
export OS_APPLICATION_CREDENTIAL_ID |
|||
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID" |
|||
else |
|||
unset OS_APPLICATION_CREDENTIAL_ID |
|||
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID |
|||
fi |
|||
|
|||
_secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET" |
|||
if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then |
|||
export OS_APPLICATION_CREDENTIAL_SECRET |
|||
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET" |
|||
else |
|||
unset OS_APPLICATION_CREDENTIAL_SECRET |
|||
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET |
|||
fi |
|||
|
|||
_debug "OS_USERNAME" "$OS_USERNAME" |
|||
if [ -n "$OS_USERNAME" ]; then |
|||
export OS_USERNAME |
|||
_saveaccountconf_mutable OS_USERNAME "$OS_USERNAME" |
|||
else |
|||
unset OS_USERNAME |
|||
_clearaccountconf SAVED_OS_USERNAME |
|||
fi |
|||
|
|||
_secure_debug "OS_PASSWORD" "$OS_PASSWORD" |
|||
if [ -n "$OS_PASSWORD" ]; then |
|||
export OS_PASSWORD |
|||
_saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD" |
|||
else |
|||
unset OS_PASSWORD |
|||
_clearaccountconf SAVED_OS_PASSWORD |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME" |
|||
if [ -n "$OS_PROJECT_NAME" ]; then |
|||
export OS_PROJECT_NAME |
|||
_saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME" |
|||
else |
|||
unset OS_PROJECT_NAME |
|||
_clearaccountconf SAVED_OS_PROJECT_NAME |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_ID" "$OS_PROJECT_ID" |
|||
if [ -n "$OS_PROJECT_ID" ]; then |
|||
export OS_PROJECT_ID |
|||
_saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID" |
|||
else |
|||
unset OS_PROJECT_ID |
|||
_clearaccountconf SAVED_OS_PROJECT_ID |
|||
fi |
|||
|
|||
_debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME" |
|||
if [ -n "$OS_USER_DOMAIN_NAME" ]; then |
|||
export OS_USER_DOMAIN_NAME |
|||
_saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME" |
|||
else |
|||
unset OS_USER_DOMAIN_NAME |
|||
_clearaccountconf SAVED_OS_USER_DOMAIN_NAME |
|||
fi |
|||
|
|||
_debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID" |
|||
if [ -n "$OS_USER_DOMAIN_ID" ]; then |
|||
export OS_USER_DOMAIN_ID |
|||
_saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID" |
|||
else |
|||
unset OS_USER_DOMAIN_ID |
|||
_clearaccountconf SAVED_OS_USER_DOMAIN_ID |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME" |
|||
if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then |
|||
export OS_PROJECT_DOMAIN_NAME |
|||
_saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME" |
|||
else |
|||
unset OS_PROJECT_DOMAIN_NAME |
|||
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME |
|||
fi |
|||
|
|||
_debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID" |
|||
if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then |
|||
export OS_PROJECT_DOMAIN_ID |
|||
_saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID" |
|||
else |
|||
unset OS_PROJECT_DOMAIN_ID |
|||
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID |
|||
fi |
|||
|
|||
if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then |
|||
# Application Credential auth |
|||
if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then |
|||
_err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID" |
|||
_err "and OS_APPLICATION_CREDENTIAL_SECRET must be set." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
else |
|||
# Password auth |
|||
if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then |
|||
_err "OpenStack username or password not found." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then |
|||
_err "When using password authentication, OS_PROJECT_NAME or" |
|||
_err "OS_PROJECT_ID must be set." |
|||
_err "Please check your credentials and try again." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,273 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#OPNsense Bind API |
|||
#https://docs.opnsense.org/development/api.html |
|||
# |
|||
#OPNs_Host="opnsense.example.com" |
|||
#OPNs_Port="443" |
|||
# optional, defaults to 443 if unset |
|||
#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA" |
|||
#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv" |
|||
#OPNs_Api_Insecure=0 |
|||
# optional, defaults to 0 if unset |
|||
# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000" |
|||
#fulldomain |
|||
#txtvalue |
|||
OPNs_DefaultPort=443 |
|||
OPNs_DefaultApi_Insecure=0 |
|||
|
|||
dns_opnsense_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_opns_check_auth || return 1 |
|||
|
|||
if ! set_record "$fulldomain" "$txtvalue"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#fulldomain |
|||
dns_opnsense_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_opns_check_auth || return 1 |
|||
|
|||
if ! rm_record "$fulldomain" "$txtvalue"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
set_record() { |
|||
fulldomain=$1 |
|||
new_challenge=$2 |
|||
_info "Adding record $fulldomain with challenge: $new_challenge" |
|||
|
|||
_debug "Detect root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _domain "$_domain" |
|||
_debug _host "$_host" |
|||
_debug _domainid "$_domainid" |
|||
_return_str="" |
|||
_record_string="" |
|||
_build_record_string "$_domainid" "$_host" "$new_challenge" |
|||
_uuid="" |
|||
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then |
|||
# Update |
|||
if _opns_rest "POST" "/record/setRecord/${_uuid}" "$_record_string"; then |
|||
_return_str="$response" |
|||
else |
|||
return 1 |
|||
fi |
|||
|
|||
else |
|||
#create |
|||
if _opns_rest "POST" "/record/addRecord" "$_record_string"; then |
|||
_return_str="$response" |
|||
else |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
if echo "$_return_str" | _egrep_o "\"result\":\"saved\"" >/dev/null; then |
|||
_opns_rest "POST" "/service/reconfigure" "{}" |
|||
_debug "Record created" |
|||
else |
|||
_err "Error creating record $_record_string" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
rm_record() { |
|||
fulldomain=$1 |
|||
new_challenge="$2" |
|||
_info "Remove record $fulldomain with challenge: $new_challenge" |
|||
|
|||
_debug "Detect root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _domain "$_domain" |
|||
_debug _host "$_host" |
|||
_debug _domainid "$_domainid" |
|||
_uuid="" |
|||
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then |
|||
# Delete |
|||
if _opns_rest "POST" "/record/delRecord/${_uuid}" "\{\}"; then |
|||
if echo "$_return_str" | _egrep_o "\"result\":\"deleted\"" >/dev/null; then |
|||
_opns_rest "POST" "/service/reconfigure" "{}" |
|||
_debug "Record deleted" |
|||
else |
|||
_err "Error deleting record $_host from domain $fulldomain" |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "Error deleting record $_host from domain $fulldomain" |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "Record not found, nothing to remove" |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _domainid=domid |
|||
#_domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
if _opns_rest "GET" "/domain/get"; then |
|||
_domain_response="$response" |
|||
else |
|||
return 1 |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
_debug h "$h" |
|||
id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) |
|||
|
|||
if [ -n "$id" ]; then |
|||
_debug id "$id" |
|||
_host=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="${h}" |
|||
_domainid="${id}" |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math $i + 1) |
|||
done |
|||
_debug "$domain not found" |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_opns_rest() { |
|||
method=$1 |
|||
ep=$2 |
|||
data=$3 |
|||
#Percent encode user and token |
|||
key=$(echo "$OPNs_Key" | tr -d "\n\r" | _url_encode) |
|||
token=$(echo "$OPNs_Token" | tr -d "\n\r" | _url_encode) |
|||
|
|||
opnsense_url="https://${key}:${token}@${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}" |
|||
export _H1="Content-Type: application/json" |
|||
_debug2 "Try to call api: https://${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}" |
|||
if [ ! "$method" = "GET" ]; then |
|||
_debug data "$data" |
|||
export _H1="Content-Type: application/json" |
|||
response="$(_post "$data" "$opnsense_url" "" "$method")" |
|||
else |
|||
export _H1="" |
|||
response="$(_get "$opnsense_url")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_build_record_string() { |
|||
_record_string="{\"record\":{\"enabled\":\"1\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"}}" |
|||
} |
|||
|
|||
_existingchallenge() { |
|||
if _opns_rest "GET" "/record/searchRecord"; then |
|||
_record_response="$response" |
|||
else |
|||
return 1 |
|||
fi |
|||
_uuid="" |
|||
_uuid=$(echo "$_record_response" | _egrep_o "\"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"" | cut -d ':' -f 2 | cut -d '"' -f 2) |
|||
|
|||
if [ -n "$_uuid" ]; then |
|||
_debug uuid "$_uuid" |
|||
return 0 |
|||
fi |
|||
_debug "${2}.$1{1} record not found" |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_opns_check_auth() { |
|||
OPNs_Host="${OPNs_Host:-$(_readaccountconf_mutable OPNs_Host)}" |
|||
OPNs_Port="${OPNs_Port:-$(_readaccountconf_mutable OPNs_Port)}" |
|||
OPNs_Key="${OPNs_Key:-$(_readaccountconf_mutable OPNs_Key)}" |
|||
OPNs_Token="${OPNs_Token:-$(_readaccountconf_mutable OPNs_Token)}" |
|||
OPNs_Api_Insecure="${OPNs_Api_Insecure:-$(_readaccountconf_mutable OPNs_Api_Insecure)}" |
|||
|
|||
if [ -z "$OPNs_Host" ]; then |
|||
_err "You don't specify OPNsense address." |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable OPNs_Host "$OPNs_Host" |
|||
fi |
|||
|
|||
if ! printf '%s' "$OPNs_Port" | grep '^[0-9]*$' >/dev/null; then |
|||
_err 'OPNs_Port specified but not numeric value' |
|||
return 1 |
|||
elif [ -z "$OPNs_Port" ]; then |
|||
_info "OPNSense port not specified. Defaulting to using port $OPNs_DefaultPort" |
|||
else |
|||
_saveaccountconf_mutable OPNs_Port "$OPNs_Port" |
|||
fi |
|||
|
|||
if ! printf '%s' "$OPNs_Api_Insecure" | grep '^[01]$' >/dev/null; then |
|||
_err 'OPNs_Api_Insecure specified but not 0/1 value' |
|||
return 1 |
|||
elif [ -n "$OPNs_Api_Insecure" ]; then |
|||
_saveaccountconf_mutable OPNs_Api_Insecure "$OPNs_Api_Insecure" |
|||
fi |
|||
export HTTPS_INSECURE="${OPNs_Api_Insecure:-$OPNs_DefaultApi_Insecure}" |
|||
|
|||
if [ -z "$OPNs_Key" ]; then |
|||
_err "you have not specified your OPNsense api key id." |
|||
_err "Please set OPNs_Key and try again." |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable OPNs_Key "$OPNs_Key" |
|||
fi |
|||
|
|||
if [ -z "$OPNs_Token" ]; then |
|||
_err "you have not specified your OPNsense token." |
|||
_err "Please create OPNs_Token and try again." |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable OPNs_Token "$OPNs_Token" |
|||
fi |
|||
|
|||
if ! _opns_rest "GET" "/general/get"; then |
|||
_err "Call to OPNsense API interface failed. Unable to access OPNsense API." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,417 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
## Name: dns_pleskxml.sh |
|||
## Created by Stilez. |
|||
## Also uses some code from PR#1832 by @romanlum (https://github.com/acmesh-official/acme.sh/pull/1832/files) |
|||
|
|||
## This DNS-01 method uses the Plesk XML API described at: |
|||
## https://docs.plesk.com/en-US/12.5/api-rpc/about-xml-api.28709 |
|||
## and more specifically: https://docs.plesk.com/en-US/12.5/api-rpc/reference.28784 |
|||
|
|||
## Note: a DNS ID with host = empty string is OK for this API, see |
|||
## https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-dns/managing-dns-records/adding-dns-record.34798 |
|||
## For example, to add a TXT record to DNS alias domain "acme-alias.com" would be a valid Plesk action. |
|||
## So this API module can handle such a request, if needed. |
|||
|
|||
## For ACME v2 purposes, new TXT records are appended when added, and removing one TXT record will not affect any other TXT records. |
|||
|
|||
## The user credentials (username+password) and URL/URI for the Plesk XML API must be set by the user |
|||
## before this module is called (case sensitive): |
|||
## |
|||
## ``` |
|||
## export pleskxml_uri="https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php" |
|||
## (or probably something similar) |
|||
## export pleskxml_user="my plesk username" |
|||
## export pleskxml_pass="my plesk password" |
|||
## ``` |
|||
|
|||
## Ok, let's issue a cert now: |
|||
## ``` |
|||
## acme.sh --issue --dns dns_pleskxml -d example.com -d www.example.com |
|||
## ``` |
|||
## |
|||
## The `pleskxml_uri`, `pleskxml_user` and `pleskxml_pass` will be saved in `~/.acme.sh/account.conf` and reused when needed. |
|||
|
|||
#################### INTERNAL VARIABLES + NEWLINE + API TEMPLATES ################################## |
|||
|
|||
pleskxml_init_checks_done=0 |
|||
|
|||
# Variable containing bare newline - not a style issue |
|||
# shellcheck disable=SC1004 |
|||
NEWLINE='\ |
|||
' |
|||
|
|||
pleskxml_tplt_get_domains="<packet><customer><get-domain-list><filter/></get-domain-list></customer></packet>" |
|||
# Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh |
|||
# Also used to test credentials and URI. |
|||
# No params. |
|||
|
|||
pleskxml_tplt_get_dns_records="<packet><dns><get_rec><filter><site-id>%s</site-id></filter></get_rec></dns></packet>" |
|||
# Get all DNS records for a Plesk domain ID. |
|||
# PARAM = Plesk domain id to query |
|||
|
|||
pleskxml_tplt_add_txt_record="<packet><dns><add_rec><site-id>%s</site-id><type>TXT</type><host>%s</host><value>%s</value></add_rec></dns></packet>" |
|||
# Add a TXT record to a domain. |
|||
# PARAMS = (1) Plesk internal domain ID, (2) "hostname" for the new record, eg '_acme_challenge', (3) TXT record value |
|||
|
|||
pleskxml_tplt_rmv_dns_record="<packet><dns><del_rec><filter><id>%s</id></filter></del_rec></dns></packet>" |
|||
# Delete a specific TXT record from a domain. |
|||
# PARAM = the Plesk internal ID for the DNS record to be deleted |
|||
|
|||
#################### Public functions ################################## |
|||
|
|||
#Usage: dns_pleskxml_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_pleskxml_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Entering dns_pleskxml_add() to add TXT record '$txtvalue' to domain '$fulldomain'..." |
|||
|
|||
# Get credentials if not already checked, and confirm we can log in to Plesk XML API |
|||
if ! _credential_check; then |
|||
return 1 |
|||
fi |
|||
|
|||
# Get root and subdomain details, and Plesk domain ID |
|||
if ! _pleskxml_get_root_domain "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Credentials OK, and domain identified. Calling Plesk XML API to add TXT record' |
|||
|
|||
# printf using template in a variable - not a style issue |
|||
# shellcheck disable=SC2059 |
|||
request="$(printf "$pleskxml_tplt_add_txt_record" "$root_domain_id" "$sub_domain_name" "$txtvalue")" |
|||
if ! _call_api "$request"; then |
|||
return 1 |
|||
fi |
|||
|
|||
# OK, we should have added a TXT record. Let's check and return success if so. |
|||
# All that should be left in the result, is one section, containing <result><status>ok</status><id>NEW_DNS_RECORD_ID</id></result> |
|||
|
|||
results="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>')" |
|||
|
|||
if ! _value "$results" | grep '<status>ok</status>' | grep '<id>[0-9]\{1,\}</id>' >/dev/null; then |
|||
# Error - doesn't contain expected string. Something's wrong. |
|||
_err 'Error when calling Plesk XML API.' |
|||
_err 'The result did not contain the expected <id>XXXXX</id> section, or contained other values as well.' |
|||
_err 'This is unexpected: something has gone wrong.' |
|||
_err 'The full response was:' |
|||
_err "$pleskxml_prettyprint_result" |
|||
return 1 |
|||
fi |
|||
|
|||
recid="$(_value "$results" | grep '<id>[0-9]\{1,\}</id>' | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/')" |
|||
|
|||
_info "Success. TXT record appears to be correctly added (Plesk record ID=$recid). Exiting dns_pleskxml_add()." |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: dns_pleskxml_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_pleskxml_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Entering dns_pleskxml_rm() to remove TXT record '$txtvalue' from domain '$fulldomain'..." |
|||
|
|||
# Get credentials if not already checked, and confirm we can log in to Plesk XML API |
|||
if ! _credential_check; then |
|||
return 1 |
|||
fi |
|||
|
|||
# Get root and subdomain details, and Plesk domain ID |
|||
if ! _pleskxml_get_root_domain "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug 'Credentials OK, and domain identified. Calling Plesk XML API to get list of TXT records and their IDs' |
|||
|
|||
# printf using template in a variable - not a style issue |
|||
# shellcheck disable=SC2059 |
|||
request="$(printf "$pleskxml_tplt_get_dns_records" "$root_domain_id")" |
|||
if ! _call_api "$request"; then |
|||
return 1 |
|||
fi |
|||
|
|||
# Reduce output to one line per DNS record, filtered for TXT records with a record ID only (which they should all have) |
|||
# Also strip out spaces between tags, redundant <data> and </data> group tags and any <self-closing/> tags |
|||
reclist="$( |
|||
_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>ok</status>' | |
|||
sed 's# \{1,\}<\([a-zA-Z]\)#<\1#g;s#</\{0,1\}data>##g;s#<[a-z][^/<>]*/>##g' | |
|||
grep "<site-id>${root_domain_id}</site-id>" | |
|||
grep '<id>[0-9]\{1,\}</id>' | |
|||
grep '<type>TXT</type>' |
|||
)" |
|||
|
|||
if [ -z "$reclist" ]; then |
|||
_err "No TXT records found for root domain ${root_domain_name} (Plesk domain ID ${root_domain_id}). Exiting." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Got list of DNS TXT records for root domain '$root_domain_name':" |
|||
_debug "$reclist" |
|||
|
|||
recid="$( |
|||
_value "$reclist" | |
|||
grep "<host>${fulldomain}.</host>" | |
|||
grep "<value>${txtvalue}</value>" | |
|||
sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/' |
|||
)" |
|||
|
|||
if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then |
|||
_err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" |
|||
_err "Cannot delete TXT record. Exiting." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Found Plesk record ID for target text string '${txtvalue}': ID=${recid}" |
|||
_debug 'Calling Plesk XML API to remove TXT record' |
|||
|
|||
# printf using template in a variable - not a style issue |
|||
# shellcheck disable=SC2059 |
|||
request="$(printf "$pleskxml_tplt_rmv_dns_record" "$recid")" |
|||
if ! _call_api "$request"; then |
|||
return 1 |
|||
fi |
|||
|
|||
# OK, we should have removed a TXT record. Let's check and return success if so. |
|||
# All that should be left in the result, is one section, containing <result><status>ok</status><id>PLESK_DELETED_DNS_RECORD_ID</id></result> |
|||
|
|||
results="$(_api_response_split "$pleskxml_prettyprint_result" 'result' '<status>')" |
|||
|
|||
if ! _value "$results" | grep '<status>ok</status>' | grep '<id>[0-9]\{1,\}</id>' >/dev/null; then |
|||
# Error - doesn't contain expected string. Something's wrong. |
|||
_err 'Error when calling Plesk XML API.' |
|||
_err 'The result did not contain the expected <id>XXXXX</id> section, or contained other values as well.' |
|||
_err 'This is unexpected: something has gone wrong.' |
|||
_err 'The full response was:' |
|||
_err "$pleskxml_prettyprint_result" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Success. TXT record appears to be correctly removed. Exiting dns_pleskxml_rm()." |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below (utility functions) ################################## |
|||
|
|||
# Outputs value of a variable without additional newlines etc |
|||
_value() { |
|||
printf '%s' "$1" |
|||
} |
|||
|
|||
# Outputs value of a variable (FQDN) and cuts it at 2 specified '.' delimiters, returning the text in between |
|||
# $1, $2 = where to cut |
|||
# $3 = FQDN |
|||
_valuecut() { |
|||
printf '%s' "$3" | cut -d . -f "${1}-${2}" |
|||
} |
|||
|
|||
# Counts '.' present in a domain name or other string |
|||
# $1 = domain name |
|||
_countdots() { |
|||
_value "$1" | tr -dc '.' | wc -c | sed 's/ //g' |
|||
} |
|||
|
|||
# Cleans up an API response, splits it "one line per item in the response" and greps for a string that in the context, identifies "useful" lines |
|||
# $1 - result string from API |
|||
# $2 - plain text tag to resplit on (usually "result" or "domain"). NOT REGEX |
|||
# $3 - basic regex to recognise useful return lines |
|||
# note: $3 matches via basic NOT extended regex (BRE), as extended regex capabilities not needed at the moment. |
|||
# Last line could change to <sed -n '/.../p'> instead, with suitable escaping of ['"/$], |
|||
# if future Plesk XML API changes ever require extended regex |
|||
_api_response_split() { |
|||
printf '%s' "$1" | |
|||
sed 's/^ +//;s/ +$//' | |
|||
tr -d '\n\r' | |
|||
sed "s/<\/\{0,1\}$2>/${NEWLINE}/g" | |
|||
grep "$3" |
|||
} |
|||
|
|||
#################### Private functions below (DNS functions) ################################## |
|||
|
|||
# Calls Plesk XML API, and checks results for obvious issues |
|||
_call_api() { |
|||
request="$1" |
|||
errtext='' |
|||
|
|||
_debug 'Entered _call_api(). Calling Plesk XML API with request:' |
|||
_debug "'$request'" |
|||
|
|||
export _H1="HTTP_AUTH_LOGIN: $pleskxml_user" |
|||
export _H2="HTTP_AUTH_PASSWD: $pleskxml_pass" |
|||
export _H3="content-Type: text/xml" |
|||
export _H4="HTTP_PRETTY_PRINT: true" |
|||
pleskxml_prettyprint_result="$(_post "${request}" "$pleskxml_uri" "" "POST")" |
|||
pleskxml_retcode="$?" |
|||
_debug 'The responses from the Plesk XML server were:' |
|||
_debug "retcode=$pleskxml_retcode. Literal response:" |
|||
_debug "'$pleskxml_prettyprint_result'" |
|||
|
|||
# Detect any <status> that isn't "ok". None of the used calls should fail if the API is working correctly. |
|||
# Also detect if there simply aren't any status lines (null result?) and report that, as well. |
|||
|
|||
statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *<status>[^<]*</status> *$')" |
|||
statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *<status>ok</status> *$')" |
|||
|
|||
if [ -z "$statuslines_count_total" ]; then |
|||
|
|||
# We have no status lines at all. Results are empty |
|||
errtext='The Plesk XML API unexpectedly returned an empty set of results for this call.' |
|||
|
|||
elif [ "$statuslines_count_okay" -ne "$statuslines_count_total" ]; then |
|||
|
|||
# We have some status lines that aren't "ok". Any available details are in API response fields "status" "errcode" and "errtext" |
|||
# Workaround for basic regex: |
|||
# - filter output to keep only lines like this: "SPACES<TAG>text</TAG>SPACES" (shouldn't be necessary with prettyprint but guarantees subsequent code is ok) |
|||
# - then edit the 3 "useful" error tokens individually and remove closing tags on all lines |
|||
# - then filter again to remove all lines not edited (which will be the lines not starting A-Z) |
|||
errtext="$( |
|||
_value "$pleskxml_prettyprint_result" | |
|||
grep '^ *<[a-z]\{1,\}>[^<]*<\/[a-z]\{1,\}> *$' | |
|||
sed 's/^ *<status>/Status: /;s/^ *<errcode>/Error code: /;s/^ *<errtext>/Error text: /;s/<\/.*$//' | |
|||
grep '^[A-Z]' |
|||
)" |
|||
|
|||
fi |
|||
|
|||
if [ "$pleskxml_retcode" -ne 0 ] || [ "$errtext" != "" ]; then |
|||
# Call failed, for reasons either in the retcode or the response text... |
|||
|
|||
if [ "$pleskxml_retcode" -eq 0 ]; then |
|||
_err "The POST request was successfully sent to the Plesk server." |
|||
else |
|||
_err "The return code for the POST request was $pleskxml_retcode (non-zero = failure in submitting request to server)." |
|||
fi |
|||
|
|||
if [ "$errtext" != "" ]; then |
|||
_err 'The error responses received from the Plesk server were:' |
|||
_err "$errtext" |
|||
else |
|||
_err "No additional error messages were received back from the Plesk server" |
|||
fi |
|||
|
|||
_err "The Plesk XML API call failed." |
|||
return 1 |
|||
|
|||
fi |
|||
|
|||
_debug "Leaving _call_api(). Successful call." |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Startup checks (credentials, URI) |
|||
_credential_check() { |
|||
_debug "Checking Plesk XML API login credentials and URI..." |
|||
|
|||
if [ "$pleskxml_init_checks_done" -eq 1 ]; then |
|||
_debug "Initial checks already done, no need to repeat. Skipped." |
|||
return 0 |
|||
fi |
|||
|
|||
pleskxml_user="${pleskxml_user:-$(_readaccountconf_mutable pleskxml_user)}" |
|||
pleskxml_pass="${pleskxml_pass:-$(_readaccountconf_mutable pleskxml_pass)}" |
|||
pleskxml_uri="${pleskxml_uri:-$(_readaccountconf_mutable pleskxml_uri)}" |
|||
|
|||
if [ -z "$pleskxml_user" ] || [ -z "$pleskxml_pass" ] || [ -z "$pleskxml_uri" ]; then |
|||
pleskxml_user="" |
|||
pleskxml_pass="" |
|||
pleskxml_uri="" |
|||
_err "You didn't specify one or more of the Plesk XML API username, password, or URI." |
|||
_err "Please create these and try again." |
|||
_err "Instructions are in the 'dns_pleskxml' plugin source code or in the acme.sh documentation." |
|||
return 1 |
|||
fi |
|||
|
|||
# Test the API is usable, by trying to read the list of managed domains... |
|||
_call_api "$pleskxml_tplt_get_domains" |
|||
if [ "$pleskxml_retcode" -ne 0 ]; then |
|||
_err 'Failed to access Plesk XML API.' |
|||
_err "Please check your login credentials and Plesk URI, and that the URI is reachable, and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable pleskxml_uri "$pleskxml_uri" |
|||
_saveaccountconf_mutable pleskxml_user "$pleskxml_user" |
|||
_saveaccountconf_mutable pleskxml_pass "$pleskxml_pass" |
|||
|
|||
_debug "Test login to Plesk XML API successful. Login credentials and URI successfully saved to the acme.sh configuration file for future use." |
|||
|
|||
pleskxml_init_checks_done=1 |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# For a FQDN, identify the root domain managed by Plesk, its domain ID in Plesk, and the host if any. |
|||
|
|||
# IMPORTANT NOTE: a result with host = empty string is OK for this API, see |
|||
# https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-dns/managing-dns-records/adding-dns-record.34798 |
|||
# See notes at top of this file |
|||
|
|||
_pleskxml_get_root_domain() { |
|||
original_full_domain_name="$1" |
|||
|
|||
_debug "Identifying DNS root domain for '$original_full_domain_name' that is managed by the Plesk account." |
|||
|
|||
# test if the domain as provided is valid for splitting. |
|||
|
|||
if [ "$(_countdots "$original_full_domain_name")" -eq 0 ]; then |
|||
_err "Invalid domain. The ACME domain must contain at least two parts (aa.bb) to identify a domain and tld for the TXT record." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Querying Plesk server for list of managed domains..." |
|||
|
|||
_call_api "$pleskxml_tplt_get_domains" |
|||
if [ "$pleskxml_retcode" -ne 0 ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
# Generate a crude list of domains known to this Plesk account. |
|||
# We convert <ascii-name> tags to <name> so it'll flag on a hit with either <name> or <ascii-name> fields, |
|||
# for non-Western character sets. |
|||
# Output will be one line per known domain, containing 2 <name> tages and a single <id> tag |
|||
# We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned. |
|||
|
|||
output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' '<type>domain</type>' | sed 's/<ascii-name>/<name>/g;s/<\/ascii-name>/<\/name>/g' | grep '<name>' | grep '<id>')" |
|||
|
|||
_debug 'Domains managed by Plesk server are (ignore the hacked output):' |
|||
_debug "$output" |
|||
|
|||
# loop and test if domain, or any parent domain, is managed by Plesk |
|||
# Loop until we don't have any '.' in the string we're testing as a candidate Plesk-managed domain |
|||
|
|||
root_domain_name="$original_full_domain_name" |
|||
|
|||
while true; do |
|||
|
|||
_debug "Checking if '$root_domain_name' is managed by the Plesk server..." |
|||
|
|||
root_domain_id="$(_value "$output" | grep "<name>$root_domain_name</name>" | _head_n 1 | sed 's/^.*<id>\([0-9]\{1,\}\)<\/id>.*$/\1/')" |
|||
|
|||
if [ -n "$root_domain_id" ]; then |
|||
# Found a match |
|||
# SEE IMPORTANT NOTE ABOVE - THIS FUNCTION CAN RETURN HOST='', AND THAT'S OK FOR PLESK XML API WHICH ALLOWS IT. |
|||
# SO WE HANDLE IT AND DON'T PREVENT IT |
|||
sub_domain_name="$(_value "$original_full_domain_name" | sed "s/\.\{0,1\}${root_domain_name}"'$//')" |
|||
_info "Success. Matched host '$original_full_domain_name' to: DOMAIN '${root_domain_name}' (Plesk ID '${root_domain_id}'), HOST '${sub_domain_name}'. Returning." |
|||
return 0 |
|||
fi |
|||
|
|||
# No match, try next parent up (if any)... |
|||
|
|||
root_domain_name="$(_valuecut 2 1000 "$root_domain_name")" |
|||
|
|||
if [ "$(_countdots "$root_domain_name")" -eq 0 ]; then |
|||
_debug "No match, and next parent would be a TLD..." |
|||
_err "Cannot find '$original_full_domain_name' or any parent domain of it, in Plesk." |
|||
_err "Are you sure that this domain is managed by this Plesk server?" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "No match, trying next parent up..." |
|||
|
|||
done |
|||
} |
|||
@ -0,0 +1,224 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Rcode0 API Integration |
|||
#https://my.rcodezero.at/api-doc |
|||
# |
|||
# log into https://my.rcodezero.at/enableapi and get your ACME API Token (the ACME API token has limited |
|||
# access to the REST calls needed for acme.sh only) |
|||
# |
|||
#RCODE0_URL="https://my.rcodezero.at" |
|||
#RCODE0_API_TOKEN="0123456789ABCDEF" |
|||
#RCODE0_TTL=60 |
|||
|
|||
DEFAULT_RCODE0_URL="https://my.rcodezero.at" |
|||
DEFAULT_RCODE0_TTL=60 |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000" |
|||
#fulldomain |
|||
#txtvalue |
|||
dns_rcode0_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}" |
|||
RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}" |
|||
RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}" |
|||
|
|||
if [ -z "$RCODE0_URL" ]; then |
|||
RCODE0_URL="$DEFAULT_RCODE0_URL" |
|||
fi |
|||
|
|||
if [ -z "$RCODE0_API_TOKEN" ]; then |
|||
RCODE0_API_TOKEN="" |
|||
_err "Missing Rcode0 ACME API Token." |
|||
_err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$RCODE0_TTL" ]; then |
|||
RCODE0_TTL="$DEFAULT_RCODE0_TTL" |
|||
fi |
|||
|
|||
#save the token to the account conf file. |
|||
_saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN" |
|||
|
|||
if [ "$RCODE0_URL" != "$DEFAULT_RCODE0_URL" ]; then |
|||
_saveaccountconf_mutable RCODE0_URL "$RCODE0_URL" |
|||
fi |
|||
|
|||
if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then |
|||
_saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL" |
|||
fi |
|||
|
|||
_debug "Detect root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "No 'MASTER' zone for $fulldomain found at RcodeZero Anycast." |
|||
return 1 |
|||
fi |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Adding record" |
|||
|
|||
_record_string="" |
|||
_build_record_string "$txtvalue" |
|||
_list_existingchallenges |
|||
for oldchallenge in $_existing_challenges; do |
|||
_build_record_string "$oldchallenge" |
|||
done |
|||
|
|||
_debug "Challenges: $_existing_challenges" |
|||
|
|||
if [ -z "$_existing_challenges" ]; then |
|||
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"add\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
else |
|||
# try update in case a records exists (need for wildcard certs) |
|||
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then |
|||
_err "Set txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_rcode0_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
RCODE0_API_TOKEN="${RCODE0_API_TOKEN:-$(_readaccountconf_mutable RCODE0_API_TOKEN)}" |
|||
RCODE0_URL="${RCODE0_URL:-$(_readaccountconf_mutable RCODE0_URL)}" |
|||
RCODE0_TTL="${RCODE0_TTL:-$(_readaccountconf_mutable RCODE0_TTL)}" |
|||
|
|||
if [ -z "$RCODE0_URL" ]; then |
|||
RCODE0_URL="$DEFAULT_RCODE0_URL" |
|||
fi |
|||
|
|||
if [ -z "$RCODE0_API_TOKEN" ]; then |
|||
RCODE0_API_TOKEN="" |
|||
_err "Missing Rcode0 API Token." |
|||
_err "Please login and create your token at httsp://my.rcodezero.at/enableapi and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api addr and key to the account conf file. |
|||
_saveaccountconf_mutable RCODE0_URL "$RCODE0_URL" |
|||
_saveaccountconf_mutable RCODE0_API_TOKEN "$RCODE0_API_TOKEN" |
|||
|
|||
if [ "$RCODE0_TTL" != "$DEFAULT_RCODE0_TTL" ]; then |
|||
_saveaccountconf_mutable RCODE0_TTL "$RCODE0_TTL" |
|||
fi |
|||
|
|||
if [ -z "$RCODE0_TTL" ]; then |
|||
RCODE0_TTL="$DEFAULT_RCODE0_TTL" |
|||
fi |
|||
|
|||
_debug "Detect root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Remove record" |
|||
|
|||
#Enumerate existing acme challenges |
|||
_list_existingchallenges |
|||
|
|||
if _contains "$_existing_challenges" "$txtvalue"; then |
|||
#Delete all challenges (PowerDNS API does not allow to delete content) |
|||
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"delete\", \"name\": \"$fulldomain.\", \"type\": \"TXT\"}]"; then |
|||
_err "Delete txt record error." |
|||
return 1 |
|||
fi |
|||
_record_string="" |
|||
#If the only existing challenge was the challenge to delete: nothing to do |
|||
if ! [ "$_existing_challenges" = "$txtvalue" ]; then |
|||
for oldchallenge in $_existing_challenges; do |
|||
#Build up the challenges to re-add, ommitting the one what should be deleted |
|||
if ! [ "$oldchallenge" = "$txtvalue" ]; then |
|||
_build_record_string "$oldchallenge" |
|||
fi |
|||
done |
|||
#Recreate the existing challenges |
|||
if ! _rcode0_rest "PATCH" "/api/v1/acme/zones/$_domain/rrsets" "[{\"changetype\": \"update\", \"name\": \"$fulldomain.\", \"type\": \"TXT\", \"ttl\": $RCODE0_TTL, \"records\": [$_record_string]}]"; then |
|||
_err "Set txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
else |
|||
_info "Record not found, nothing to remove" |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
|
|||
_debug "try to find: $h" |
|||
if _rcode0_rest "GET" "/api/v1/acme/zones/$h"; then |
|||
if [ "$response" = "[\"found\"]" ]; then |
|||
_domain="$h" |
|||
if [ -z "$h" ]; then |
|||
_domain="=2E" |
|||
fi |
|||
return 0 |
|||
elif [ "$response" = "[\"not a master domain\"]" ]; then |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
i=$(_math $i + 1) |
|||
done |
|||
_debug "no matching domain for $domain found" |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_rcode0_rest() { |
|||
method=$1 |
|||
ep=$2 |
|||
data=$3 |
|||
|
|||
export _H1="Authorization: Bearer $RCODE0_API_TOKEN" |
|||
|
|||
if [ ! "$method" = "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$RCODE0_URL$ep" "" "$method")" |
|||
else |
|||
response="$(_get "$RCODE0_URL$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_build_record_string() { |
|||
_record_string="${_record_string:+${_record_string}, }{\"content\": \"\\\"${1}\\\"\", \"disabled\": false}" |
|||
} |
|||
|
|||
_list_existingchallenges() { |
|||
_rcode0_rest "GET" "/api/v1/acme/zones/$_domain/rrsets" |
|||
_existing_challenges=$(echo "$response" | _normalizeJson | _egrep_o "\"name\":\"${fulldomain}[^]]*}" | _egrep_o 'content\":\"\\"[^\\]*' | sed -n 's/^content":"\\"//p') |
|||
_debug2 "$_existing_challenges" |
|||
} |
|||
@ -0,0 +1,162 @@ |
|||
#!/usr/bin/env sh |
|||
TRANSIP_Api_Url="https://api.transip.nl/v6" |
|||
TRANSIP_Token_Read_Only="false" |
|||
TRANSIP_Token_Global_Key="false" |
|||
TRANSIP_Token_Expiration="30 minutes" |
|||
# You can't reuse a label token, so we leave this empty normally |
|||
TRANSIP_Token_Label="" |
|||
|
|||
######## Public functions ##################### |
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_transip_add() { |
|||
fulldomain="$1" |
|||
_debug fulldomain="$fulldomain" |
|||
txtvalue="$2" |
|||
_debug txtvalue="$txtvalue" |
|||
_transip_setup "$fulldomain" || return 1 |
|||
_info "Creating TXT record." |
|||
if ! _transip_rest POST "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then |
|||
_err "Could not add TXT record." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
dns_transip_rm() { |
|||
fulldomain=$1 |
|||
_debug fulldomain="$fulldomain" |
|||
txtvalue=$2 |
|||
_debug txtvalue="$txtvalue" |
|||
_transip_setup "$fulldomain" || return 1 |
|||
_info "Removing TXT record." |
|||
if ! _transip_rest DELETE "domains/$_domain/dns" "{\"dnsEntry\":{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"expire\":300}}"; then |
|||
_err "Could not remove TXT record $_sub_domain for $domain" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain="$1" |
|||
i=2 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
|
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
|
|||
if _transip_rest GET "domains/$h/dns" && _contains "$response" "dnsEntries"; then |
|||
return 0 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
_err "Unable to parse this domain" |
|||
return 1 |
|||
} |
|||
|
|||
_transip_rest() { |
|||
m="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
_debug ep "$ep" |
|||
export _H1="Accept: application/json" |
|||
export _H2="Authorization: Bearer $_token" |
|||
export _H4="Content-Type: application/json" |
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$TRANSIP_Api_Url/$ep" "" "$m")" |
|||
retcode=$? |
|||
else |
|||
response="$(_get "$TRANSIP_Api_Url/$ep")" |
|||
retcode=$? |
|||
fi |
|||
|
|||
if [ "$retcode" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_transip_get_token() { |
|||
nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32) |
|||
_debug nonce "$nonce" |
|||
|
|||
data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key}\"}" |
|||
_debug data "$data" |
|||
|
|||
#_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64) |
|||
_signature=$(printf "%s" "$data" | _sign "$TRANSIP_Key_File" "sha512") |
|||
_debug2 _signature "$_signature" |
|||
|
|||
export _H1="Signature: $_signature" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
response="$(_post "$data" "$TRANSIP_Api_Url/auth" "" "POST")" |
|||
retcode=$? |
|||
_debug2 response "$response" |
|||
if [ "$retcode" != "0" ]; then |
|||
_err "Authentication failed." |
|||
return 1 |
|||
fi |
|||
if _contains "$response" "token"; then |
|||
_token="$(echo "$response" | _normalizeJson | sed -n 's/^{"token":"\(.*\)"}/\1/p')" |
|||
_debug _token "$_token" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_transip_setup() { |
|||
fulldomain=$1 |
|||
|
|||
# retrieve the transip creds |
|||
TRANSIP_Username="${TRANSIP_Username:-$(_readaccountconf_mutable TRANSIP_Username)}" |
|||
TRANSIP_Key_File="${TRANSIP_Key_File:-$(_readaccountconf_mutable TRANSIP_Key_File)}" |
|||
# check their vals for null |
|||
if [ -z "$TRANSIP_Username" ] || [ -z "$TRANSIP_Key_File" ]; then |
|||
TRANSIP_Username="" |
|||
TRANSIP_Key_File="" |
|||
_err "You didn't specify a TransIP username and api key file location" |
|||
_err "Please set those values and try again." |
|||
return 1 |
|||
fi |
|||
# save the username and api key to the account conf file. |
|||
_saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username" |
|||
_saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File" |
|||
|
|||
if [ -f "$TRANSIP_Key_File" ]; then |
|||
if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then |
|||
_err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}" |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "Can't read private key file: ${TRANSIP_Key_File}" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$_token" ]; then |
|||
if ! _transip_get_token; then |
|||
_err "Can not get token." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_get_root "$fulldomain" || return 1 |
|||
|
|||
return 0 |
|||
} |
|||
@ -0,0 +1,147 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#VARIOMEDIA_API_TOKEN=000011112222333344445555666677778888 |
|||
|
|||
VARIOMEDIA_API="https://api.variomedia.de" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_variomedia_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
VARIOMEDIA_API_TOKEN="${VARIOMEDIA_API_TOKEN:-$(_readaccountconf_mutable VARIOMEDIA_API_TOKEN)}" |
|||
if test -z "$VARIOMEDIA_API_TOKEN"; then |
|||
VARIOMEDIA_API_TOKEN="" |
|||
_err 'VARIOMEDIA_API_TOKEN was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable VARIOMEDIA_API_TOKEN "$VARIOMEDIA_API_TOKEN" |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
if ! _variomedia_rest POST "dns-records" "{\"data\": {\"type\": \"dns-record\", \"attributes\": {\"record_type\": \"TXT\", \"name\": \"$_sub_domain\", \"domain\": \"$_domain\", \"data\": \"$txtvalue\", \"ttl\":300}}}"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_variomedia_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
VARIOMEDIA_API_TOKEN="${VARIOMEDIA_API_TOKEN:-$(_readaccountconf_mutable VARIOMEDIA_API_TOKEN)}" |
|||
if test -z "$VARIOMEDIA_API_TOKEN"; then |
|||
VARIOMEDIA_API_TOKEN="" |
|||
_err 'VARIOMEDIA_API_TOKEN was not exported' |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable VARIOMEDIA_API_TOKEN "$VARIOMEDIA_API_TOKEN" |
|||
|
|||
_debug 'First detect the root zone' |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug 'Getting txt records' |
|||
|
|||
if ! _variomedia_rest GET "dns-records?filter[domain]=$_domain"; then |
|||
_err 'Error' |
|||
return 1 |
|||
fi |
|||
|
|||
_record_id="$(echo "$response" | cut -d '[' -f2 | cut -d']' -f1 | sed 's/},[ \t]*{/\},§\{/g' | tr § '\n' | grep "$_sub_domain" | grep "$txtvalue" | sed 's/^{//;s/}[,]?$//' | tr , '\n' | tr -d '\"' | grep ^id | cut -d : -f2 | tr -d ' ')" |
|||
_debug _record_id "$_record_id" |
|||
if [ "$_record_id" ]; then |
|||
_info "Successfully retrieved the record id for ACME challenge." |
|||
else |
|||
_info "Empty record id, it seems no such record." |
|||
return 0 |
|||
fi |
|||
|
|||
if ! _variomedia_rest DELETE "/dns-records/$_record_id"; then |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 _response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
fulldomain=$1 |
|||
i=1 |
|||
while true; do |
|||
h=$(printf "%s" "$fulldomain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _variomedia_rest GET "domains/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _startswith "$response" "\{\"data\":"; then |
|||
if _contains "$response" "\"id\":\"$h\""; then |
|||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$h\$//")" |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
_debug "root domain not found" |
|||
return 1 |
|||
} |
|||
|
|||
_variomedia_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Authorization: token $VARIOMEDIA_API_TOKEN" |
|||
export _H2="Content-Type: application/vnd.api+json" |
|||
export _H3="Accept: application/vnd.variomedia.v1+json" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$VARIOMEDIA_API/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$VARIOMEDIA_API/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $ep" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
@ -0,0 +1,64 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Support for CQHTTP api. Push notification on CoolQ |
|||
#CQHTTP_TOKEN="" Recommended to be not empty, QQ application token |
|||
#CQHTTP_USER="" Required, QQ receiver ID |
|||
#CQHTTP_APIROOT="" Required, CQHTTP Server URL (without slash suffix) |
|||
#CQHTTP_CUSTOM_MSGHEAD="" Optional, custom message header |
|||
|
|||
CQHTTP_APIPATH="/send_private_msg" |
|||
|
|||
cqhttp_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
CQHTTP_TOKEN="${CQHTTP_TOKEN:-$(_readaccountconf_mutable CQHTTP_TOKEN)}" |
|||
if [ -z "$CQHTTP_TOKEN" ]; then |
|||
CQHTTP_TOKEN="" |
|||
_info "You didn't specify a CQHTTP application token yet, which is unsafe. Assuming it to be empty." |
|||
else |
|||
_saveaccountconf_mutable CQHTTP_TOKEN "$CQHTTP_TOKEN" |
|||
fi |
|||
|
|||
CQHTTP_USER="${CQHTTP_USER:-$(_readaccountconf_mutable CQHTTP_USER)}" |
|||
if [ -z "$CQHTTP_USER" ]; then |
|||
CQHTTP_USER="" |
|||
_err "You didn't specify a QQ user yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable CQHTTP_USER "$CQHTTP_USER" |
|||
|
|||
CQHTTP_APIROOT="${CQHTTP_APIROOT:-$(_readaccountconf_mutable CQHTTP_APIROOT)}" |
|||
if [ -z "$CQHTTP_APIROOT" ]; then |
|||
CQHTTP_APIROOT="" |
|||
_err "You didn't specify the API root yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable CQHTTP_APIROOT "$CQHTTP_APIROOT" |
|||
|
|||
CQHTTP_CUSTOM_MSGHEAD="${CQHTTP_CUSTOM_MSGHEAD:-$(_readaccountconf_mutable CQHTTP_CUSTOM_MSGHEAD)}" |
|||
if [ -z "$CQHTTP_CUSTOM_MSGHEAD" ]; then |
|||
CQHTTP_CUSTOM_MSGHEAD="A message from acme.sh:" |
|||
else |
|||
_saveaccountconf_mutable CQHTTP_CUSTOM_MSGHEAD "$CQHTTP_CUSTOM_MSGHEAD" |
|||
fi |
|||
|
|||
_access_token="$(printf "%s" "$CQHTTP_TOKEN" | _url_encode)" |
|||
_user_id="$(printf "%s" "$CQHTTP_USER" | _url_encode)" |
|||
_message="$(printf "$CQHTTP_CUSTOM_MSGHEAD %s\\n%s" "$_subject" "$_content" | _url_encode)" |
|||
|
|||
_finalUrl="$CQHTTP_APIROOT$CQHTTP_APIPATH?access_token=$_access_token&user_id=$_user_id&message=$_message" |
|||
response="$(_get "$_finalUrl")" |
|||
|
|||
if [ "$?" = "0" ] && _contains "$response" "\"retcode\":0,\"status\":\"ok\""; then |
|||
_info "QQ send success." |
|||
return 0 |
|||
fi |
|||
|
|||
_err "QQ send error." |
|||
_debug "URL" "$_finalUrl" |
|||
_debug "Response" "$response" |
|||
return 1 |
|||
} |
|||
@ -0,0 +1,68 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Support dingtalk webhooks api |
|||
|
|||
#DINGTALK_WEBHOOK="xxxx" |
|||
|
|||
#optional |
|||
#DINGTALK_KEYWORD="yyyy" |
|||
|
|||
#DINGTALK_SIGNING_KEY="SEC08ffdbd403cbc3fc8a65xxxxxxxxxxxxxxxxxxxx" |
|||
|
|||
# subject content statusCode |
|||
dingtalk_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_subject" "$_subject" |
|||
_debug "_content" "$_content" |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
DINGTALK_WEBHOOK="${DINGTALK_WEBHOOK:-$(_readaccountconf_mutable DINGTALK_WEBHOOK)}" |
|||
if [ -z "$DINGTALK_WEBHOOK" ]; then |
|||
DINGTALK_WEBHOOK="" |
|||
_err "You didn't specify a dingtalk webhooks DINGTALK_WEBHOOK yet." |
|||
_err "You can get yours from https://dingtalk.com" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable DINGTALK_WEBHOOK "$DINGTALK_WEBHOOK" |
|||
|
|||
DINGTALK_KEYWORD="${DINGTALK_KEYWORD:-$(_readaccountconf_mutable DINGTALK_KEYWORD)}" |
|||
if [ "$DINGTALK_KEYWORD" ]; then |
|||
_saveaccountconf_mutable DINGTALK_KEYWORD "$DINGTALK_KEYWORD" |
|||
fi |
|||
|
|||
# DINGTALK_SIGNING_KEY="${DINGTALK_SIGNING_KEY:-$(_readaccountconf_mutable DINGTALK_SIGNING_KEY)}" |
|||
# if [ -z "$DINGTALK_SIGNING_KEY" ]; then |
|||
# DINGTALK_SIGNING_KEY="value1" |
|||
# _info "The DINGTALK_SIGNING_KEY is not set, so use the default value1 as key." |
|||
# elif ! _hasfield "$_IFTTT_AVAIL_MSG_KEYS" "$DINGTALK_SIGNING_KEY"; then |
|||
# _err "The DINGTALK_SIGNING_KEY \"$DINGTALK_SIGNING_KEY\" is not available, should be one of $_IFTTT_AVAIL_MSG_KEYS" |
|||
# DINGTALK_SIGNING_KEY="" |
|||
# return 1 |
|||
# else |
|||
# _saveaccountconf_mutable DINGTALK_SIGNING_KEY "$DINGTALK_SIGNING_KEY" |
|||
# fi |
|||
|
|||
# if [ "$DINGTALK_SIGNING_KEY" = "$IFTTT_CONTENT_KEY" ]; then |
|||
# DINGTALK_SIGNING_KEY="" |
|||
# IFTTT_CONTENT_KEY="" |
|||
# _err "The DINGTALK_SIGNING_KEY must not be same as IFTTT_CONTENT_KEY." |
|||
# return 1 |
|||
# fi |
|||
|
|||
_content=$(echo "$_content" | _json_encode) |
|||
_subject=$(echo "$_subject" | _json_encode) |
|||
_data="{\"msgtype\": \"text\", \"text\": {\"content\": \"[$DINGTALK_KEYWORD]\n$_subject\n$_content\"}}" |
|||
|
|||
response="$(_post "$_data" "$DINGTALK_WEBHOOK" "" "POST" "application/json")" |
|||
|
|||
if [ "$?" = "0" ] && _contains "$response" "errmsg\":\"ok"; then |
|||
_info "dingtalk webhooks event fired success." |
|||
return 0 |
|||
fi |
|||
|
|||
_err "dingtalk webhooks event fired error." |
|||
_err "$response" |
|||
return 1 |
|||
} |
|||
Some files were not shown because too many files changed in this diff
Write
Preview
Loading…
Cancel
Save
Reference in new issue