From ed72b090af3fce68195b7ab3d605d70831fca45d Mon Sep 17 00:00:00 2001 From: Keith Chiem Date: Wed, 18 Oct 2023 20:32:39 -0700 Subject: [PATCH 01/80] deploy hook for Ruckus ZoneDirector / Unleashed --- deploy/ruckus.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100755 deploy/ruckus.sh diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh new file mode 100755 index 00000000..d16f40e4 --- /dev/null +++ b/deploy/ruckus.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash + +# Here is a script to deploy cert to Ruckus Zone Director/Unleashed. +# +# Adapted from: +# https://ms264556.net/pages/PfSenseLetsEncryptToRuckus +# +# ```sh +# acme.sh --deploy -d ruckus.example.com --deploy-hook ruckus +# ``` +# +# Then you need to set the environment variables for the +# deploy script to work. +# +# ```sh +# export RUCKUS_HOST=ruckus.example.com +# export RUCKUS_USER=myruckususername +# export RUCKUS_PASS=myruckuspassword +# +# acme.sh --deploy -d ruckus.example.com --deploy-hook ruckus +# ``` +# +# returns 0 means success, otherwise error. + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +ruckus_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + _err_code=0 + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _getdeployconf RUCKUS_HOST + _getdeployconf RUCKUS_USER + _getdeployconf RUCKUS_PASS + + if [ -z "$RUCKUS_HOST" ]; then + _debug "Using _cdomain as RUCKUS_HOST, please set if not correct." + RUCKUS_HOST="$_cdomain" + fi + + if [ -z "$RUCKUS_USER" ]; then + _err "Need to set the env variable RUCKUS_USER" + return 1 + fi + + if [ -z "$RUCKUS_PASS" ]; then + _err "Need to set the env variable RUCKUS_PASS" + return 1 + fi + + _savedeployconf RUCKUS_HOST "$RUCKUS_HOST" + _savedeployconf RUCKUS_USER "$RUCKUS_USER" + _savedeployconf RUCKUS_PASS "$RUCKUS_PASS" + + _debug RUCKUS_HOST "$RUCKUS_HOST" + _debug RUCKUS_USER "$RUCKUS_USER" + _debug RUCKUS_PASS "$RUCKUS_PASS" + + COOKIE_JAR=$(mktemp) + cleanup() { + rm $COOKIE_JAR + } + trap cleanup EXIT + + LOGIN_URL=$(curl https://$RUCKUS_HOST -ksSLo /dev/null -w '%{url_effective}') + _debug LOGIN_URL "$LOGIN_URL" + + XSS=$(curl -ksSic $COOKIE_JAR $LOGIN_URL -d username=$RUCKUS_USER -d password="$RUCKUS_PASS" -d ok='Log In' | awk '/^HTTP_X_CSRF_TOKEN:/ { print $2 }' | tr -d '\040\011\012\015') + _debug XSS "$XSS" + + if [ -n "$XSS" ]; then + _info "Authentication successful" + else + _err "Authentication failed" + return 1 + fi + + BASE_URL=$(dirname $LOGIN_URL) + CONF_ARGS="-ksSo /dev/null -b $COOKIE_JAR -c $COOKIE_JAR" + UPLOAD="$CONF_ARGS $BASE_URL/_upload.jsp?request_type=xhr" + CMD="$CONF_ARGS $BASE_URL/_cmdstat.jsp" + + REPLACE_CERT_AJAX='' + CERT_REBOOT_AJAX='' + + _info "Uploading certificate" + curl $UPLOAD -H "X-CSRF-Token: $XSS" -F "u=@$_ccert" -F action=uploadcert -F callback=uploader_uploadcert || return 1 + + _info "Uploading private key" + curl $UPLOAD -H "X-CSRF-Token: $XSS" -F "u=@$_ckey" -F action=uploadprivatekey -F callback=uploader_uploadprivatekey || return 1 + + _info "Replacing certificate" + curl $CMD -H "X-CSRF-Token: $XSS" --data-raw "$REPLACE_CERT_AJAX" || return 1 + + _info "Rebooting" + curl $CMD -H "X-CSRF-Token: $XSS" --data-raw "$CERT_REBOOT_AJAX" || return 1 + + return 0 +} + From 1c9423ef31cc80fee79e25b823b2c12047f01083 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Tue, 11 Jun 2024 12:50:45 -0300 Subject: [PATCH 02/80] fix pagination bug querying Linode API v4 fixes issue #4956 previous code only worked for the first 10 domains on the account (as Linode API returned a paginated response, with only 10 records). This change makes an exact search query for each subdomain, completely removing any need for walking through paginated responses. What makes it work for large accounts with any number of domains. --- dnsapi/dns_linode_v4.sh | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 9504afbf..d0545938 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -126,34 +126,41 @@ _Linode_API() { # _domain=domain.com # _domain_id=12345 _get_root() { - domain=$1 + local full_host_str="$1" + i=2 p=1 + while true; do + # loop through the received string (e.g. _acme-challenge.sub3.sub2.sub1.domain.tld), + # starting from the lowest subdomain, and check if it's a hosted domain + h=$(printf "%s" "$full_host_str" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi - if _rest GET; then - response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug h "$h" - if [ -z "$h" ]; then - #not valid - return 1 - fi - + _debug "Querying Linode APIv4 for subdomain: $h" + if _H4="X-Filter: {\"domain\":\"$h\"}" _rest GET; then + _debug "Got response from API: $response" + response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" hostedzone="$(echo "$response" | _egrep_o "\{.*\"domain\": *\"$h\".*}")" if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) + _debug "Found domain hosted on Linode DNS. Zone: $h, id: $_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$full_host_str" | cut -d . -f 1-$p) _domain=$h return 0 fi return 1 fi + p=$i i=$(_math "$i" + 1) - done - fi + fi + done + return 1 } @@ -169,6 +176,7 @@ _rest() { export _H1="Accept: application/json" export _H2="Content-Type: application/json" export _H3="Authorization: Bearer $LINODE_V4_API_KEY" + export _H4 # used to query for the root domain on _get_root() if [ "$mtd" != "GET" ]; then # both POST and DELETE. From 05ec3922f1d9b72ca6d65709f21fca2b6d1ded84 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Tue, 11 Jun 2024 17:17:37 -0300 Subject: [PATCH 03/80] minor wording fix minor fix for text coherence --- dnsapi/dns_linode_v4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index d0545938..390ec0d8 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -140,7 +140,7 @@ _get_root() { return 1 fi - _debug "Querying Linode APIv4 for subdomain: $h" + _debug "Querying Linode APIv4 for hosted zone: $h" if _H4="X-Filter: {\"domain\":\"$h\"}" _rest GET; then _debug "Got response from API: $response" response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" From 2f8fb360aa789b4198aba092ac61d0fcbb4e5df0 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Wed, 12 Jun 2024 15:03:02 -0300 Subject: [PATCH 04/80] fix CI reported problems for shellcheck and shfmt fix minor problems reported by shellcheck and shfmt --- dnsapi/dns_linode_v4.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 390ec0d8..12682dbf 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -126,7 +126,7 @@ _Linode_API() { # _domain=domain.com # _domain_id=12345 _get_root() { - local full_host_str="$1" + full_host_str="$1" i=2 p=1 @@ -140,7 +140,7 @@ _get_root() { return 1 fi - _debug "Querying Linode APIv4 for hosted zone: $h" + _debug "Querying Linode APIv4 for hosted zone: $h" if _H4="X-Filter: {\"domain\":\"$h\"}" _rest GET; then _debug "Got response from API: $response" response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" From fcffe8beb9da574818ee6f53772fcd3bbe737d72 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 15:40:45 +0200 Subject: [PATCH 05/80] feat: add bearer token support --- dnsapi/dns_azure.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 00ccd798..c482ed03 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -9,6 +9,7 @@ Options: AZUREDNS_APPID App ID. App ID of the service principal AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false" + AZUREDNS_BEARERTOKEN Optional Bearer Token. Used instead of service principal credentials or managed identity ' ######## Public functions ##################### @@ -83,7 +84,11 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + else + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" From 92a47aaac54309fd8a3ebc82044724acccc55751 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 15:41:55 +0200 Subject: [PATCH 06/80] logic --- dnsapi/dns_azure.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index c482ed03..9db028a1 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -84,10 +84,10 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then - accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") - else + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + else + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then From 1eaa2cc6198632bd03bd329fb2b6390190ccd100 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 15:53:33 +0200 Subject: [PATCH 07/80] debug --- dnsapi/dns_azure.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 9db028a1..b0db0f76 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -126,6 +126,7 @@ dns_azure_add() { # Add the txtvalue TXT Record body="{\"properties\":{\"metadata\":{\"acmetscheck\":\"$timestamp\"},\"TTL\":10, \"TXTRecords\":[$values]}}" _azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken" + _debug "$acmeRecordURI $body $accesstoken" if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then _info "validation value added" return 0 From c7fb15573300d9428c73ed3248d877b389bf40d9 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 15:56:12 +0200 Subject: [PATCH 08/80] debug --- dnsapi/dns_azure.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index b0db0f76..c1e48d23 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -101,6 +101,7 @@ dns_azure_add() { acmeRecordURI="https://management.azure.com$(printf '%s' "$_domain_id" | sed 's/\\//g')/TXT/$_sub_domain?api-version=2017-09-01" _debug "$acmeRecordURI" # Get existing TXT record + _debug "$acmeRecordURI $accesstoken" _azure_rest GET "$acmeRecordURI" "" "$accesstoken" values="{\"value\":[\"$txtvalue\"]}" timestamp="$(_time)" @@ -126,7 +127,6 @@ dns_azure_add() { # Add the txtvalue TXT Record body="{\"properties\":{\"metadata\":{\"acmetscheck\":\"$timestamp\"},\"TTL\":10, \"TXTRecords\":[$values]}}" _azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken" - _debug "$acmeRecordURI $body $accesstoken" if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then _info "validation value added" return 0 From dd634382d7c4a038e5c60d20625c89a3eacbfdef Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 15:57:48 +0200 Subject: [PATCH 09/80] debug --- dnsapi/dns_azure.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index c1e48d23..6edb19cc 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -101,7 +101,6 @@ dns_azure_add() { acmeRecordURI="https://management.azure.com$(printf '%s' "$_domain_id" | sed 's/\\//g')/TXT/$_sub_domain?api-version=2017-09-01" _debug "$acmeRecordURI" # Get existing TXT record - _debug "$acmeRecordURI $accesstoken" _azure_rest GET "$acmeRecordURI" "" "$accesstoken" values="{\"value\":[\"$txtvalue\"]}" timestamp="$(_time)" @@ -361,6 +360,7 @@ _get_root() { ## (ZoneListResult with continuation token for the next page of results) ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways ## + _debug "$accesstoken $subscriptionId" _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken" # Find matching domain name in Json response while true; do From 0b2edd28dfad12d7061ea00277d87e27e4c5192a Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 16:02:36 +0200 Subject: [PATCH 10/80] bearer check --- dnsapi/dns_azure.sh | 54 +++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 26 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 6edb19cc..95cadd07 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -45,36 +45,39 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_APPID "" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "" else - _info "You didn't ask to use Azure managed identity, checking service principal credentials" + _info "You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token" AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + _info "Using provided bearer token" + else + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi - - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi fi #save account details to account conf file, don't opt in for azure manages identity check. @@ -360,7 +363,6 @@ _get_root() { ## (ZoneListResult with continuation token for the next page of results) ## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways ## - _debug "$accesstoken $subscriptionId" _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken" # Find matching domain name in Json response while true; do From b27767e8f4ecc3ded21ed25ab9f84e4547b82cb7 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Mon, 2 Sep 2024 16:04:34 +0200 Subject: [PATCH 11/80] logic --- dnsapi/dns_azure.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 95cadd07..f67dac29 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -50,8 +50,6 @@ dns_azure_add() { AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then - _info "Using provided bearer token" - else if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -78,6 +76,8 @@ dns_azure_add() { _err "You didn't specify the Azure Client Secret" return 1 fi + else + _info "Using provided bearer token" fi #save account details to account conf file, don't opt in for azure manages identity check. From f0d486d1ff6d96554c0545c8276155b8d0d4368f Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Tue, 3 Sep 2024 20:59:17 +0200 Subject: [PATCH 12/80] add bearer token to removal --- dnsapi/dns_azure.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index f67dac29..875520cb 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -194,8 +194,12 @@ dns_azure_rm() { fi fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") - + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + else + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + fi + if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" return 1 From 8860915fb9fafde9c23456f5d7be6d3877ffd26e Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Tue, 3 Sep 2024 21:36:54 +0200 Subject: [PATCH 13/80] remove dns --- dnsapi/dns_azure.sh | 55 ++++++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 875520cb..31bc42ca 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -161,36 +161,39 @@ dns_azure_rm() { if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then _info "Using Azure managed identity" else - _info "You didn't ask to use Azure managed identity, checking service principal credentials" + _info "You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token" AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi - - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi + else + _info "Using provided bearer token" fi fi @@ -199,7 +202,7 @@ dns_azure_rm() { else accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") fi - + if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" return 1 From 1029dd3504b28ae686a0e5a32d7ebbb97eaeb7c2 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Fri, 20 Sep 2024 15:44:50 +0200 Subject: [PATCH 14/80] fix format --- dnsapi/dns_azure.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 31bc42ca..c39fc846 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,7 +49,7 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -87,7 +87,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") @@ -197,7 +197,7 @@ dns_azure_rm() { fi fi - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") From 28afe6f29f1bd6700fbfa7c87a705fd212c635da Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 10:30:54 +0200 Subject: [PATCH 15/80] comment --- dnsapi/dns_azure.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index c39fc846..d2372cca 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -87,6 +87,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi + # Use provided bearer token if available and prefix it with Bearer if not already done if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else From ba7764aeaf59c4bed00e8ac7867e329dbc3e82ef Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 10:59:29 +0200 Subject: [PATCH 16/80] saveaccountconf --- dnsapi/dns_azure.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index d2372cca..703203a1 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -85,6 +85,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" fi # Use provided bearer token if available and prefix it with Bearer if not already done From 8887a0a6d39bd08e7ae7d5c0f6adeddf78568c17 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:09:25 +0200 Subject: [PATCH 17/80] new name --- dnsapi/dns_azure.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 703203a1..7f838a6c 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,7 +49,7 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -85,14 +85,14 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" - _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN2 "$AZUREDNS_BEARERTOKEN2" fi # Use provided bearer token if available and prefix it with Bearer if not already done - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else - accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN2" | sed "s/Bearer //g") fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then @@ -167,7 +167,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -199,10 +199,10 @@ dns_azure_rm() { fi fi - if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else - accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN2" | sed "s/Bearer //g") fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then From fc87fc7cab30a888fab1fd4aff4423bd34192744 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:18:03 +0200 Subject: [PATCH 18/80] debug --- dnsapi/dns_azure.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 7f838a6c..d3248436 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,7 +49,8 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + _debug "Contents of bearertoken: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -85,14 +86,13 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" - _saveaccountconf_mutable AZUREDNS_BEARERTOKEN2 "$AZUREDNS_BEARERTOKEN2" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" fi - # Use provided bearer token if available and prefix it with Bearer if not already done - if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else - accesstoken=$(echo "$AZUREDNS_BEARERTOKEN2" | sed "s/Bearer //g") + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then @@ -167,7 +167,8 @@ dns_azure_rm() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then + _debug "Contents of bearertoken second time: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -199,10 +200,10 @@ dns_azure_rm() { fi fi - if [ -z "$AZUREDNS_BEARERTOKEN2" ]; then + if [ -z "$AZUREDNS_BEARERTOKEN" ]; then accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") else - accesstoken=$(echo "$AZUREDNS_BEARERTOKEN2" | sed "s/Bearer //g") + accesstoken=$(echo "$AZUREDNS_BEARERTOKEN" | sed "s/Bearer //g") fi if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then From 5fc41a3ea2c57e896c8de9d456cbda24007b7a2e Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:24:24 +0200 Subject: [PATCH 19/80] read account conf --- dnsapi/dns_azure.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index d3248436..caeeb76a 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,6 +49,7 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then _debug "Contents of bearertoken: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then @@ -167,6 +168,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then _debug "Contents of bearertoken second time: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then From 1305b0d8dd8fd0b0d680bf7451ec4a274537776b Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:29:34 +0200 Subject: [PATCH 20/80] revert --- dnsapi/dns_azure.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index caeeb76a..56b755cf 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -51,7 +51,6 @@ dns_azure_add() { AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then - _debug "Contents of bearertoken: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -170,7 +169,6 @@ dns_azure_rm() { AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then - _debug "Contents of bearertoken second time: $AZUREDNS_BEARERTOKEN" if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -404,4 +402,4 @@ _get_root() { i=$(_math "$i" + 1) done return 1 -} +} \ No newline at end of file From ffd3b3e6b540bd65feda1ab8c149dc1dab868b17 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:36:37 +0200 Subject: [PATCH 21/80] revert --- dnsapi/dns_azure.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 56b755cf..95087616 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,7 +49,6 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" @@ -86,7 +85,6 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" - _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" fi if [ -z "$AZUREDNS_BEARERTOKEN" ]; then @@ -167,7 +165,6 @@ dns_azure_rm() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" From 0dff1dce8fa925ddaa79585ed258027a074af94d Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:50:57 +0200 Subject: [PATCH 22/80] accoutn conf --- dnsapi/dns_azure.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 95087616..351af80e 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -49,6 +49,7 @@ dns_azure_add() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" @@ -85,6 +86,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$AZUREDNS_BEARERTOKEN" fi if [ -z "$AZUREDNS_BEARERTOKEN" ]; then @@ -165,6 +167,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + AZUREDNS_BEARERTOKEN="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" if [ -z "$AZUREDNS_BEARERTOKEN" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then AZUREDNS_SUBSCRIPTIONID="" @@ -308,7 +311,7 @@ _azure_getaccess_token() { clientID=$3 clientSecret=$4 - accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" + accesstoken="${AZUREDNS_ACCESSTOKEN:-$(_readaccountconf_mutable AZUREDNS_ACCESSTOKEN)}" expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}" # can we reuse the bearer token? @@ -352,7 +355,7 @@ _azure_getaccess_token() { _err "error $response" return 1 fi - _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "$accesstoken" + _saveaccountconf_mutable AZUREDNS_ACCESSTOKEN "$accesstoken" _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "$expires_on" printf "%s" "$accesstoken" return 0 From 40df6e87db78e5f3ff83ce4b16e1155f97aaded5 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 11:54:42 +0200 Subject: [PATCH 23/80] newline --- dnsapi/dns_azure.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 351af80e..ee2dc9d4 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -402,4 +402,4 @@ _get_root() { i=$(_math "$i" + 1) done return 1 -} \ No newline at end of file +} From a30c81dadcf9d7237c4528d9686c569b0b040e25 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 12:00:11 +0200 Subject: [PATCH 24/80] bearetoken --- dnsapi/dns_azure.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index ee2dc9d4..8ca1b359 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -30,6 +30,7 @@ dns_azure_add() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Subscription ID" return 1 fi @@ -44,6 +45,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_TENANTID "" _saveaccountconf_mutable AZUREDNS_APPID "" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "" + _saveaccountconf_mutable AZUREDNS_BEARERTOKEN "" else _info "You didn't ask to use Azure managed identity, checking service principal credentials or provided bearer token" AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" @@ -56,6 +58,7 @@ dns_azure_add() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Tenant ID " return 1 fi @@ -65,6 +68,7 @@ dns_azure_add() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure App ID" return 1 fi @@ -74,6 +78,7 @@ dns_azure_add() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Client Secret" return 1 fi @@ -155,6 +160,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Subscription ID " return 1 fi @@ -174,6 +180,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Tenant ID " return 1 fi @@ -183,6 +190,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure App ID" return 1 fi @@ -192,6 +200,7 @@ dns_azure_rm() { AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" + AZUREDNS_BEARERTOKEN="" _err "You didn't specify the Azure Client Secret" return 1 fi From b0418cb39404c68a37c00666c0c542922017f4c6 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 12:23:07 +0200 Subject: [PATCH 25/80] trigger --- dnsapi/dns_azure.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 8ca1b359..14546899 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -412,3 +412,4 @@ _get_root() { done return 1 } + From 0c10bd7dd7bba1775e03074e83256c8249697b85 Mon Sep 17 00:00:00 2001 From: stbeldarborge Date: Thu, 10 Oct 2024 12:35:05 +0200 Subject: [PATCH 26/80] shfmt --- dnsapi/dns_azure.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 14546899..8ca1b359 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -412,4 +412,3 @@ _get_root() { done return 1 } - From 1aabb7d6dec01bd49d5d507e5c99826988c3cf8f Mon Sep 17 00:00:00 2001 From: sahsanu Date: Mon, 14 Oct 2024 15:59:54 +0200 Subject: [PATCH 27/80] Fix dns_pdns.sh to use saved account conf --- dnsapi/dns_pdns.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 6cce54da..12e0e83d 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env sh +#!/usr/bin/bash # shellcheck disable=SC2034 dns_pdns_info='PowerDNS Server API Site: PowerDNS.com @@ -10,6 +10,7 @@ Options: PDNS_Ttl=60 Domain TTL. Default: "60". ' + DEFAULT_PDNS_TTL=60 ######## Public functions ##################### @@ -20,6 +21,11 @@ dns_pdns_add() { fulldomain=$1 txtvalue=$2 + PDNS_Url="${PDNS_Url:-$(_readaccountconf_mutable PDNS_Url)}" + PDNS_ServerId="${PDNS_ServerId:-$(_readaccountconf_mutable PDNS_ServerId)}" + PDNS_Token="${PDNS_Token:-$(_readaccountconf_mutable PDNS_Token)}" + PDNS_Ttl="${PDNS_Ttl:-$(_readaccountconf_mutable PDNS_Ttl)}" + if [ -z "$PDNS_Url" ]; then PDNS_Url="" _err "You don't specify PowerDNS address." @@ -73,6 +79,11 @@ dns_pdns_rm() { fulldomain=$1 txtvalue=$2 + PDNS_Url="${PDNS_Url:-$(_readaccountconf_mutable PDNS_Url)}" + PDNS_ServerId="${PDNS_ServerId:-$(_readaccountconf_mutable PDNS_ServerId)}" + PDNS_Token="${PDNS_Token:-$(_readaccountconf_mutable PDNS_Token)}" + PDNS_Ttl="${PDNS_Ttl:-$(_readaccountconf_mutable PDNS_Ttl)}" + if [ -z "$PDNS_Ttl" ]; then PDNS_Ttl="$DEFAULT_PDNS_TTL" fi From 1782eeb785372a618cd64fd6a31e1b22510678bf Mon Sep 17 00:00:00 2001 From: sahsanu Date: Mon, 14 Oct 2024 16:18:44 +0200 Subject: [PATCH 28/80] Fix dns_pdns.sh to use saved account conf --- dnsapi/dns_pdns.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 12e0e83d..3130a02b 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/usr/bin/env sh # shellcheck disable=SC2034 dns_pdns_info='PowerDNS Server API Site: PowerDNS.com @@ -10,7 +10,6 @@ Options: PDNS_Ttl=60 Domain TTL. Default: "60". ' - DEFAULT_PDNS_TTL=60 ######## Public functions ##################### From 6a9304dd1caf145ec01e11d8b40472d2734335d6 Mon Sep 17 00:00:00 2001 From: sahsanu Date: Wed, 16 Oct 2024 09:03:18 +0200 Subject: [PATCH 29/80] Change _saveaccountconf to _saveaccountconf_mutable --- dnsapi/dns_pdns.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 3130a02b..2478e19f 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -51,12 +51,12 @@ dns_pdns_add() { fi #save the api addr and key to the account conf file. - _saveaccountconf PDNS_Url "$PDNS_Url" - _saveaccountconf PDNS_ServerId "$PDNS_ServerId" - _saveaccountconf PDNS_Token "$PDNS_Token" + _saveaccountconf_mutable PDNS_Url "$PDNS_Url" + _saveaccountconf_mutable PDNS_ServerId "$PDNS_ServerId" + _saveaccountconf_mutable PDNS_Token "$PDNS_Token" if [ "$PDNS_Ttl" != "$DEFAULT_PDNS_TTL" ]; then - _saveaccountconf PDNS_Ttl "$PDNS_Ttl" + _saveaccountconf_mutable PDNS_Ttl "$PDNS_Ttl" fi _debug "Detect root zone" From 838a20ea9510860533973aa26d6741c26dcdf0f7 Mon Sep 17 00:00:00 2001 From: Ryo ONODERA Date: Thu, 24 Oct 2024 22:47:30 +0900 Subject: [PATCH 30/80] Fix POSIX shell portability POSIX standard says test command has '=" as for checking identical. '==' is bash dialect. Replace '==' with '='. See: https://pubs.opengroup.org/onlinepubs/009604399/utilities/test.html --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index e39a146b..03d4c552 100755 --- a/acme.sh +++ b/acme.sh @@ -1442,7 +1442,7 @@ _toPkcs() { else ${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" fi - if [ "$?" == "0" ]; then + if [ "$?" = "0" ]; then _savedomainconf "Le_PFXPassword" "$pfxPassword" fi From 10833dcf395d50d177b78988aa19359c919a063e Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Mon, 28 Oct 2024 11:50:28 -0300 Subject: [PATCH 31/80] trigger github action --- dnsapi/dns_linode_v4.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 12682dbf..6af076cc 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -1,5 +1,6 @@ #!/usr/bin/env sh + #Original Author: Philipp Grosswiler #v4 Update Author: Aaron W. Swenson From 03906cc055e533f444bd6731c8bab37de2dc701c Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Mon, 28 Oct 2024 12:07:33 -0300 Subject: [PATCH 32/80] trigger github action --- dnsapi/dns_linode_v4.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 6af076cc..12682dbf 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -1,6 +1,5 @@ #!/usr/bin/env sh - #Original Author: Philipp Grosswiler #v4 Update Author: Aaron W. Swenson From a4e7806d2103c03cfd3a1287fd5f5fee73311e32 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Nov 2024 13:09:44 +0100 Subject: [PATCH 33/80] fix https://github.com/acmesh-official/acme.sh/issues/5208 --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index 03d4c552..2eea666a 100755 --- a/acme.sh +++ b/acme.sh @@ -2193,7 +2193,6 @@ _send_signed_request() { _debug2 _headers "$_headers" _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" fi - _debug2 _CACHED_NONCE "$_CACHED_NONCE" if [ "$?" != "0" ]; then _err "Cannot connect to $nonceurl to get nonce." return 1 From a3032ab9456c83ff91150c3f42fc1a65f08cf7d0 Mon Sep 17 00:00:00 2001 From: vmmello Date: Tue, 5 Nov 2024 11:10:55 -0300 Subject: [PATCH 34/80] dns_linode_v4.sh: remove uneeeded extra space (shfmt error) --- dnsapi/dns_linode_v4.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index e79ec309..1c7c0db9 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -145,7 +145,6 @@ _get_root() { return 1 fi - _debug "Querying Linode APIv4 for hosted zone: $h" if _H4="X-Filter: {\"domain\":\"$h\"}" _rest GET; then _debug "Got response from API: $response" From 43ed998ed682a2c49f48d338374158c38792e672 Mon Sep 17 00:00:00 2001 From: vmmello Date: Tue, 5 Nov 2024 11:26:37 -0300 Subject: [PATCH 35/80] dns_linode_v4.sh: trigger action execution (dummy change) --- dnsapi/dns_linode_v4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 1c7c0db9..e2f06420 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -4,7 +4,7 @@ dns_linode_v4_info='Linode.com Site: Linode.com Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 Options: - LINODE_V4_API_KEY API Key + LINODE_V4_API_KEY API Key Author: Philipp Grosswiler , Aaron W. Swenson ' From 2663f500cff18b0a954f4774336ab62257c147b9 Mon Sep 17 00:00:00 2001 From: vmmello Date: Tue, 5 Nov 2024 11:43:04 -0300 Subject: [PATCH 36/80] dns_linode_v4.sh: trigger action --- dnsapi/dns_linode_v4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index e2f06420..c9511f8b 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -4,7 +4,7 @@ dns_linode_v4_info='Linode.com Site: Linode.com Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 Options: - LINODE_V4_API_KEY API Key + LINODE_V4_API_KEY API Key Author: Philipp Grosswiler , Aaron W. Swenson ' From 1ff326c89c120c0775e3522cd9ac938544a656ae Mon Sep 17 00:00:00 2001 From: vmmello Date: Tue, 5 Nov 2024 14:57:28 -0300 Subject: [PATCH 37/80] dns_linode_v4.sh: trigger action --- dnsapi/dns_linode_v4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index c9511f8b..e2f06420 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -4,7 +4,7 @@ dns_linode_v4_info='Linode.com Site: Linode.com Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 Options: - LINODE_V4_API_KEY API Key + LINODE_V4_API_KEY API Key Author: Philipp Grosswiler , Aaron W. Swenson ' From 724f3aa301da65a0a8ce472b78d88e8e99ca30d0 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Wed, 6 Nov 2024 16:18:21 -0300 Subject: [PATCH 38/80] rename variable, undo accidental revert from dev --- dnsapi/dns_linode_v4.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index e2f06420..a4cec0b3 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -4,7 +4,7 @@ dns_linode_v4_info='Linode.com Site: Linode.com Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 Options: - LINODE_V4_API_KEY API Key + LINODE_V4_API_KEY API Key Author: Philipp Grosswiler , Aaron W. Swenson ' @@ -138,24 +138,25 @@ _get_root() { while true; do # loop through the received string (e.g. _acme-challenge.sub3.sub2.sub1.domain.tld), # starting from the lowest subdomain, and check if it's a hosted domain - h=$(printf "%s" "$full_host_str" | cut -d . -f $i-100) - _debug h "$h" - if [ -z "$h" ]; then + tst_hosted_domain=$(printf "%s" "$full_host_str" | cut -d . -f "$i"-100) + _debug tst_hosted_domain "$tst_hosted_domain" + if [ -z "$tst_hosted_domain" ]; then #not valid + _err "Couldn't get domain from string '$full_host_str'." return 1 fi - _debug "Querying Linode APIv4 for hosted zone: $h" - if _H4="X-Filter: {\"domain\":\"$h\"}" _rest GET; then + _debug "Querying Linode APIv4 for hosted zone: $tst_hosted_domain" + if _H4="X-Filter: {\"domain\":\"$tst_hosted_domain\"}" _rest GET; then _debug "Got response from API: $response" response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" - hostedzone="$(echo "$response" | _egrep_o "\{.*\"domain\": *\"$h\".*}")" + hostedzone="$(echo "$response" | _egrep_o "\{.*\"domain\": *\"$tst_hosted_domain\".*}")" if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) - _debug "Found domain hosted on Linode DNS. Zone: $h, id: $_domain_id" + _debug "Found domain hosted on Linode DNS. Zone: $tst_hosted_domain, id: $_domain_id" if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$full_host_str" | cut -d . -f 1-$p) - _domain=$h + _sub_domain=$(printf "%s" "$full_host_str" | cut -d . -f 1-"$p") + _domain=$tst_hosted_domain return 0 fi return 1 From 7b63ebfcaa8e59d6099953de14b0c20e0be722e2 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Thu, 7 Nov 2024 12:33:56 -0300 Subject: [PATCH 39/80] fix random failures due to unnecessary headers on requests was unintendedly replaying the save _H4 header on all requests, what was causing random failures on responses from the API. --- dnsapi/dns_linode_v4.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index a4cec0b3..fc59c342 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -192,6 +192,10 @@ _rest() { response="$(_get "$LINODE_V4_API_URL$ep$data")" fi + # unset _H4, for it not to be used on every request unnecessarily, because it + # causes random failures inside Linode API when using unnecessary _H4 parameters (e.g. X-Filter) + unset _H4 + if [ "$?" != "0" ]; then _err "error $ep" return 1 From 4f96a2a6679a7093ef36b8746431d32dcd5e2253 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Thu, 7 Nov 2024 17:36:25 -0300 Subject: [PATCH 40/80] remove unnecessary variable 'export' on variable _H4 --- dnsapi/dns_linode_v4.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index fc59c342..20c32ad1 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -182,7 +182,6 @@ _rest() { export _H1="Accept: application/json" export _H2="Content-Type: application/json" export _H3="Authorization: Bearer $LINODE_V4_API_KEY" - export _H4 # used to query for the root domain on _get_root() if [ "$mtd" != "GET" ]; then # both POST and DELETE. @@ -192,10 +191,6 @@ _rest() { response="$(_get "$LINODE_V4_API_URL$ep$data")" fi - # unset _H4, for it not to be used on every request unnecessarily, because it - # causes random failures inside Linode API when using unnecessary _H4 parameters (e.g. X-Filter) - unset _H4 - if [ "$?" != "0" ]; then _err "error $ep" return 1 From d3cf3f7a5c672a78f7b82b024f176a5deb25c1b2 Mon Sep 17 00:00:00 2001 From: Vinicius Mello Date: Fri, 8 Nov 2024 00:59:21 -0300 Subject: [PATCH 41/80] fix pagination bug for domains with a big zone file the same pagination bug that happens for accounts with a large number of domains also happens for DNS zones with a large number of records. The previous code assumes that all records are returned in a single page. Changed the code to do an exact match search so that it returns only the few required records and never paginates replies. --- dnsapi/dns_linode_v4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 20c32ad1..3c6997a0 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -76,7 +76,7 @@ dns_linode_v4_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - if _rest GET "/$_domain_id/records" && [ -n "$response" ]; then + if _H4="X-Filter: { \"type\": \"TXT\", \"name\": \"$_sub_domain\" }" _rest GET "/$_domain_id/records" && [ -n "$response" ]; then response="$(echo "$response" | tr -d "\n" | tr '{' "|" | sed 's/|/&{/g' | tr "|" "\n")" resource="$(echo "$response" | _egrep_o "\{.*\"name\": *\"$_sub_domain\".*}")" From 1a43c81840fc9ca8a386fa3677ea530a3f5f80a3 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Nov 2024 17:24:22 +0200 Subject: [PATCH 42/80] dnsapi omg.lol: fix info Description "Based on the omg.lol API" is useless for users so removed. The link to api moved to comment bellow. Domains: omg.lol is unnecessary because the DNS provider name is anyway omg.lol. Site: changed to point to the https://omg.lol site. Issues: put a link to the support issue. Remove the useless "Please Read this guide first" comment. Fix typos. Signed-off-by: Sergey Ponomarev --- dnsapi/dns_omglol.sh | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_omglol.sh b/dnsapi/dns_omglol.sh index b6c06aee..5c137c3f 100644 --- a/dnsapi/dns_omglol.sh +++ b/dnsapi/dns_omglol.sh @@ -1,23 +1,19 @@ #!/usr/bin/env sh # shellcheck disable=SC2034 -dns_myapi_info='omg.lol - Based on the omg.lol API, defined at https://api.omg.lol/ -Domains: omg.lol -Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide -Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +dns_omglol_info='omg.lol +Site: omg.lol +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_omglol Options: - OMG_ApiKey API Key from omg.lol. This is accesible from the bottom of the account page at https://home.omg.lol/account + OMG_ApiKey API Key from omg.lol. This is accessible from the bottom of the account page at https://home.omg.lol/account OMG_Address This is your omg.lol address, without the preceding @ - you can see your list on your dashboard at https://home.omg.lol/dashboard -Issues: github.com/acmesh-official/acme.sh +Issues: github.com/acmesh-official/acme.sh/issues/5299 Author: @Kholin ' -#returns 0 means success, otherwise error. +# See API Docs https://api.omg.lol/ ######## Public functions ##################### -# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_omglol_add() { fulldomain=$1 @@ -244,8 +240,8 @@ omg_delete() { omg_validate_delete "$output" } -# Validate the response on request to delete. Confirm stastus is success and -# Message indicates deletion was successful +# Validate the response on request to delete. +# Confirm status is success and message indicates deletion was successful. # Input: Response - HTTP response received from delete request omg_validate_delete() { response=$1 From 4f17bc0d864180467a74917a11f88292bea3a60f Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Nov 2024 18:05:28 +0200 Subject: [PATCH 43/80] dnsapi timeweb: Use structured info Signed-off-by: Sergey Ponomarev --- dnsapi/dns_timeweb.sh | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_timeweb.sh b/dnsapi/dns_timeweb.sh index 9860872c..544564ea 100644 --- a/dnsapi/dns_timeweb.sh +++ b/dnsapi/dns_timeweb.sh @@ -1,16 +1,13 @@ #!/usr/bin/env sh - -# acme.sh DNS API for Timeweb Cloud provider (https://timeweb.cloud). -# -# Author: https://github.com/nikolaypronchev. -# -# Prerequisites: -# Timeweb Cloud API JWT token. Obtain one from the Timeweb Cloud control panel -# ("API and Terraform" section: https://timeweb.cloud/my/api-keys). The JWT token -# must be provided to this script in one of two ways: -# 1. As the "TW_Token" variable, for example: "export TW_Token=eyJhbG...zUxMiIs"; -# 2. As a "TW_Token" config entry in acme.sh account config file -# (usually located at ~/.acme.sh/account.conf by default). +# shellcheck disable=SC2034 +dns_timeweb_info='Timeweb.Cloud +Site: Timeweb.Cloud +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_timeweb +Options: + TW_Token API JWT token. Get it from the control panel at https://timeweb.cloud/my/api-keys +Issues: github.com/acmesh-official/acme.sh/issues/5140 +Author: Nikolay Pronchev +' TW_Api="https://api.timeweb.cloud/api/v1" From fe8ad3548bd64a0c17887b2f45f37dc085c978ef Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Nov 2024 18:22:01 +0200 Subject: [PATCH 44/80] dnsapi alviy: Use structured info Signed-off-by: Sergey Ponomarev --- dnsapi/dns_alviy.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_alviy.sh b/dnsapi/dns_alviy.sh index 2217b0df..8aa7da34 100644 --- a/dnsapi/dns_alviy.sh +++ b/dnsapi/dns_alviy.sh @@ -1,11 +1,12 @@ #!/usr/bin/env sh -# Alviy domain api -# -# Get API key and secret from https://cloud.alviy.com/token -# -# Alviy_token="some-secret-key" -# -# Ex.: acme.sh --issue --staging --dns dns_alviy -d "*.s.example.com" -d "s.example.com" +# shellcheck disable=SC2034 +dns_alviy_info='Alviy.com +Site: Alviy.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_alviy +Options: + Alviy_token API token. Get it from the https://cloud.alviy.com/token +Issues: github.com/acmesh-official/acme.sh/issues/5115 +' Alviy_Api="https://cloud.alviy.com/api/v1" From 8bf9482bc094baa6d1bf52d4cf5aa6dad9852755 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 9 Nov 2024 18:31:52 +0200 Subject: [PATCH 45/80] dnsapi ionos_cloud: Use structured info Signed-off-by: Sergey Ponomarev --- dnsapi/dns_ionos_cloud.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh index fa229e03..f255092f 100644 --- a/dnsapi/dns_ionos_cloud.sh +++ b/dnsapi/dns_ionos_cloud.sh @@ -1,12 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_ionos_cloud_info='IONOS Cloud DNS +Site: ionos.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos_cloud +Options: + IONOS_TOKEN API Token. +Issues: github.com/acmesh-official/acme.sh/issues/5243 +' # Supports IONOS Cloud DNS API v1.15.4 -# -# Usage: -# Export IONOS_TOKEN before calling acme.sh: -# $ export IONOS_TOKEN="..." -# -# $ acme.sh --issue --dns dns_ionos_cloud ... IONOS_CLOUD_API="https://dns.de-fra.ionos.com" IONOS_CLOUD_ROUTE_ZONES="/zones" From 2c67934191a9a382b1c8f6397551042dcc0f033c Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sat, 9 Nov 2024 23:29:52 +0100 Subject: [PATCH 46/80] fix(truenas): builtin service deprecation --- deploy/truenas.sh | 140 +++++++++++++++++++++++++--------------------- 1 file changed, 76 insertions(+), 64 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index c79e6dac..7f6a8ec8 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -9,7 +9,7 @@ # # Following environment variables must be set: # -# export DEPLOY_TRUENAS_APIKEY=" Date: Sun, 10 Nov 2024 00:13:53 +0100 Subject: [PATCH 47/80] fix: verify truenas os version --- deploy/truenas.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 7f6a8ec8..c98b51ab 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -66,8 +66,17 @@ truenas_deploy() { _info "Getting TrueNAS version" _response=$(_get "$_api_url/system/version") - _info "TrueNAS system version: $_response" - _truenas_version=$(echo "$_response" | cut -d '-' -f 3) + + if [[ "$_response" == *"SCALE"* ]]; then + _truenas_os=$(echo "$_response" | cut -d '-' -f 2) + _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"') + else + _truenas_os="unknown" + _truenas_version="unknown" + fi + + _info "Detected TrueNAS system os: $_truenas_os" + _info "Detected TrueNAS system version: $_truenas_version" if [ -z "$_response" ]; then _err "Unable to authenticate to $_api_url." @@ -123,7 +132,7 @@ truenas_deploy() { _truenas_version_23_10="23.10.0.0" _truenas_version_24_10="24.10.0.0" - if [ "$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_23_10" ]; then + if [[ "$_truenas_os" != "SCALE" || "$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_23_10" ]]; then _info "Checking if WebDAV certificate is the same as the TrueNAS web UI" _webdav_list=$(_get "$_api_url/webdav") _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') @@ -171,7 +180,7 @@ truenas_deploy() { fi fi - if [ "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]; then + if [[ "$_truenas_os" != "SCALE" || "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]]; then _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" if _exists jq; then _info "Query all chart release" From 34c8b882c63edbf40251f1705c7edc34c371c560 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sun, 10 Nov 2024 00:34:26 +0100 Subject: [PATCH 48/80] fix: helm chart seems available only on truenas scale Signed-off-by: Ludovic Ortega --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index c98b51ab..5cc108b3 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -180,7 +180,7 @@ truenas_deploy() { fi fi - if [[ "$_truenas_os" != "SCALE" || "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]]; then + if [[ "$_truenas_os" == "SCALE" || "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]]; then _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" if _exists jq; then _info "Query all chart release" From 64a1e889824f40fcef29503c6d8f0b44f9cdbf0c Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sun, 10 Nov 2024 02:41:38 +0100 Subject: [PATCH 49/80] feat: add support for docker apps Signed-off-by: Ludovic Ortega --- deploy/truenas.sh | 64 +++++++++++++++++++++++++++++++++-------------- 1 file changed, 45 insertions(+), 19 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 5cc108b3..75cece6d 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -180,26 +180,52 @@ truenas_deploy() { fi fi - if [[ "$_truenas_os" == "SCALE" || "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]]; then - _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" - if _exists jq; then - _info "Query all chart release" - _release_list=$(_get "$_api_url/chart/release") - _related_name_list=$(printf "%s" "$_release_list" | jq -r "[.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id) | .name ] | unique") - _release_length=$(printf "%s" "$_related_name_list" | jq -r "length") - _info "Found $_release_length related chart release in list: $_related_name_list" - for i in $(seq 0 $((_release_length - 1))); do - _release_name=$(echo "$_related_name_list" | jq -r ".[$i]") - _info "Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name" - #Read the chart release configuration - _chart_config=$(printf "%s" "$_release_list" | jq -r ".[] | select(.name==\"$_release_name\")") - #Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress - _updated_chart_config=$(printf "%s" "$_chart_config" | jq "(.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id) | .scaleCert ) |= $_cert_id | .config.ingress ") - _update_chart_result="$(_post "{\"values\" : { \"ingress\" : $_updated_chart_config } }" "$_api_url/chart/release/id/$_release_name" "" "PUT" "application/json")" - _debug3 _update_chart_result "$_update_chart_result" - done + if [ "$_truenas_os" == "SCALE" ]; then + if [ "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]; then + _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" + if _exists jq; then + _info "Query all chart release" + _release_list=$(_get "$_api_url/chart/release") + _related_name_list=$(printf "%s" "$_release_list" | jq -r "[.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id) | .name ] | unique") + _release_length=$(printf "%s" "$_related_name_list" | jq -r "length") + _info "Found $_release_length related chart release in list: $_related_name_list" + for i in $(seq 0 $((_release_length - 1))); do + _release_name=$(echo "$_related_name_list" | jq -r ".[$i]") + _info "Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name" + #Read the chart release configuration + _chart_config=$(printf "%s" "$_release_list" | jq -r ".[] | select(.name==\"$_release_name\")") + #Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress + _updated_chart_config=$(printf "%s" "$_chart_config" | jq "(.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id) | .scaleCert ) |= $_cert_id | .config.ingress ") + _update_chart_result="$(_post "{\"values\" : { \"ingress\" : $_updated_chart_config } }" "$_api_url/chart/release/id/$_release_name" "" "PUT" "application/json")" + _debug3 _update_chart_result "$_update_chart_result" + done + else + _info "Tool 'jq' does not exists, skip chart release checking" + fi else - _info "Tool 'jq' does not exists, skip chart release checking" + _info "Checking if any app is using the same certificate as TrueNAS web UI. Tool 'jq' is required" + if _exists jq; then + _info "Query all apps" + _app_list=$(_get "$_api_url/app") + _app_id_list=$(printf "%s" "$_app_list" | jq -r '.[].name') + _app_length=$(echo "$_app_id_list" | wc -l) + _info "Found $_app_length apps" + _info "Checking for each app if an update is needed" + for i in $(seq 1 $_app_length); do + _app_id=$(echo "$_app_id_list" | sed -n "${i}p") + _app_config="$(_post "\"$_app_id\"" "$_api_url/app/config" "" "POST" "application/json")" + # Check if the app use the same certificate TrueNAS web UI + _app_active_cert_config=$(echo "$_app_config" | _json_decode | jq -r ".ix_certificates[\"$_active_cert_id\"]") + if [[ "$_app_active_cert_config" != "null" ]]; then + _info "Updating certificate from $_active_cert_id to $_cert_id for app: $_app_id" + #Replace the old certificate id with the new one in path + _update_app_result="$(_post "{\"values\" : { \"network\": { \"certificate_id\": $_cert_id } } }" "$_api_url/app/id/$_app_id" "" "PUT" "application/json")" + _debug3 _update_app_result "$_update_app_result" + fi + done + else + _info "Tool 'jq' does not exists, skip chart release checking" + fi fi fi From 21b966c8e6a4fd08079aff7fa52d677e78b6381b Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sun, 10 Nov 2024 02:56:40 +0100 Subject: [PATCH 50/80] fix: don't check for subversion that can lead to error Signed-off-by: Ludovic Ortega --- deploy/truenas.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 75cece6d..944ba240 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -69,7 +69,7 @@ truenas_deploy() { if [[ "$_response" == *"SCALE"* ]]; then _truenas_os=$(echo "$_response" | cut -d '-' -f 2) - _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"') + _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"' | cut -d '.' -f 1,2) else _truenas_os="unknown" _truenas_version="unknown" @@ -129,8 +129,8 @@ truenas_deploy() { _debug3 _activate_result "$_activate_result" - _truenas_version_23_10="23.10.0.0" - _truenas_version_24_10="24.10.0.0" + _truenas_version_23_10="23.10" + _truenas_version_24_10="24.10" if [[ "$_truenas_os" != "SCALE" || "$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_23_10" ]]; then _info "Checking if WebDAV certificate is the same as the TrueNAS web UI" From b6a77e0231923ab13a31c00c73e2727ec2adb070 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Sun, 10 Nov 2024 22:12:38 +1300 Subject: [PATCH 51/80] Ruckus - use _get() and _post() --- deploy/ruckus.sh | 134 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 99 insertions(+), 35 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index d16f40e4..cbd5e353 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -1,9 +1,8 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh -# Here is a script to deploy cert to Ruckus Zone Director/Unleashed. -# -# Adapted from: -# https://ms264556.net/pages/PfSenseLetsEncryptToRuckus +# Here is a script to deploy cert to Ruckus ZoneDirector / Unleashed. +# +# Public domain, 2024, Tony Rielly # # ```sh # acme.sh --deploy -d ruckus.example.com --deploy-hook ruckus @@ -13,11 +12,11 @@ # deploy script to work. # # ```sh -# export RUCKUS_HOST=ruckus.example.com +# export RUCKUS_HOST=myruckus.example.com # export RUCKUS_USER=myruckususername # export RUCKUS_PASS=myruckuspassword # -# acme.sh --deploy -d ruckus.example.com --deploy-hook ruckus +# acme.sh --deploy -d myruckus.example.com --deploy-hook ruckus # ``` # # returns 0 means success, otherwise error. @@ -66,45 +65,110 @@ ruckus_deploy() { _debug RUCKUS_USER "$RUCKUS_USER" _debug RUCKUS_PASS "$RUCKUS_PASS" - COOKIE_JAR=$(mktemp) - cleanup() { - rm $COOKIE_JAR - } - trap cleanup EXIT - - LOGIN_URL=$(curl https://$RUCKUS_HOST -ksSLo /dev/null -w '%{url_effective}') - _debug LOGIN_URL "$LOGIN_URL" - - XSS=$(curl -ksSic $COOKIE_JAR $LOGIN_URL -d username=$RUCKUS_USER -d password="$RUCKUS_PASS" -d ok='Log In' | awk '/^HTTP_X_CSRF_TOKEN:/ { print $2 }' | tr -d '\040\011\012\015') - _debug XSS "$XSS" + export HTTPS_INSECURE=1 + export ACME_HTTP_NO_REDIRECTS=1 + + _info Discovering the login URL + _get "https://$RUCKUS_HOST" >/dev/null + _login_url="$(_response_header 'Location')" + if [ -n "$_login_url" ]; then + _login_path=$(echo "$_login_url" | sed 's|https\?://[^/]\+||') + if [ -z "$_login_path" ]; then + # redirect was to a different host + _get "$_login_url" >/dev/null + _login_url="$(_response_header 'Location')" + fi + fi - if [ -n "$XSS" ]; then - _info "Authentication successful" - else - _err "Authentication failed" + if [ -z "${_login_url}" ]; then + _err "Connection failed: couldn't find login page." return 1 fi + + _base_url=$(dirname "$_login_url") + _login_page=$(basename "$_login_url") - BASE_URL=$(dirname $LOGIN_URL) - CONF_ARGS="-ksSo /dev/null -b $COOKIE_JAR -c $COOKIE_JAR" - UPLOAD="$CONF_ARGS $BASE_URL/_upload.jsp?request_type=xhr" - CMD="$CONF_ARGS $BASE_URL/_cmdstat.jsp" + if [ "$_login_page" = "index.html" ]; then + _err "Connection temporarily unavailable: Unleashed Rebuilding." + return 1 + fi - REPLACE_CERT_AJAX='' - CERT_REBOOT_AJAX='' + if [ "$_login_page" = "wizard.jsp" ]; then + _err "Connection failed: Setup Wizard not complete." + return 1 + fi + + _info Login + _username_encoded="$(printf "%s" "$RUCKUS_USER" | _url_encode)" + _password_encoded="$(printf "%s" "$RUCKUS_PASS" | _url_encode)" + _login_query="$(printf "%s" "username=${_username_encoded}&password=${_password_encoded}&ok=Log+In")" + _post "$_login_query" "$_login_url" >/dev/null + + _login_code="$(_response_code)" + if [ "$_login_code" = "200" ]; then + _err "Login failed: incorrect credentials." + return 1 + fi + + _info Collect Session Cookie + _H1="Cookie: $(_response_cookie)" + export _H1 + _info Collect CSRF Token + _H2="X-CSRF-Token: $(_response_header 'HTTP_X_CSRF_TOKEN')" + export _H2 _info "Uploading certificate" - curl $UPLOAD -H "X-CSRF-Token: $XSS" -F "u=@$_ccert" -F action=uploadcert -F callback=uploader_uploadcert || return 1 - + _post_upload "uploadcert" "$_cfullchain" + _info "Uploading private key" - curl $UPLOAD -H "X-CSRF-Token: $XSS" -F "u=@$_ckey" -F action=uploadprivatekey -F callback=uploader_uploadprivatekey || return 1 + _post_upload "uploadprivatekey" "$_ckey" _info "Replacing certificate" - curl $CMD -H "X-CSRF-Token: $XSS" --data-raw "$REPLACE_CERT_AJAX" || return 1 + _replace_cert_ajax='' + _post "$_replace_cert_ajax" "$_base_url/_cmdstat.jsp" >/dev/null + + info "Rebooting" + _cert_reboot_ajax='' + _post "$_cert_reboot_ajax" "$_base_url/_cmdstat.jsp" >/dev/null + + return 0 +} + +_response_code() { + < "$HTTP_HEADER" _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n" | _egrep_o "^[0-9]*" +} - _info "Rebooting" - curl $CMD -H "X-CSRF-Token: $XSS" --data-raw "$CERT_REBOOT_AJAX" || return 1 +_response_header() { + < "$HTTP_HEADER" grep -i "^$1:" | cut -d ':' -f 2- | tr -d "\r\n\t " +} - return 0 +_response_cookie() { + _response_header 'Set-Cookie' | awk -F';' '{for(i=1;i<=NF;i++) if (tolower($i) !~ /(path|domain|expires|max-age|secure|httponly|samesite)/) printf "%s; ", $i}' | sed 's/; $//' } +_post_upload() { + _post_action="$1" + _post_file="$2" + _post_url="$3" + + _post_boundary="----FormBoundary$(date "+%s%N")" + + _post_data="$({ + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"u\"; filename=\"%s\"\r\n" "$_post_action" + printf -- "Content-Type: application/octet-stream\r\n\r\n" + printf -- "%s\r\n" "$(cat "$_post_file")" + + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"action\"\r\n\r\n" + printf -- "%s\r\n" "$_post_action" + + printf -- "--%s\r\n" "$_post_boundary" + printf -- "Content-Disposition: form-data; name=\"callback\"\r\n\r\n" + printf -- "%s\r\n" "uploader_$_post_action" + + printf -- "--%s--\r\n\r\n" "$_post_boundary" + })" + + _post "$_post_data" "$_base_url/_upload.jsp?request_type=xhr" "" "" "multipart/form-data; boundary=$_post_boundary" >/dev/null +} From 717802611afb4d3e36c2aa2796b013355a0643f7 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Sun, 10 Nov 2024 22:43:57 +1300 Subject: [PATCH 52/80] remove dead code --- deploy/ruckus.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index cbd5e353..def8197d 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -149,8 +149,7 @@ _response_cookie() { _post_upload() { _post_action="$1" _post_file="$2" - _post_url="$3" - + _post_boundary="----FormBoundary$(date "+%s%N")" _post_data="$({ From e8a453c567be8c5f77f8cdee69fadf1901425761 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sun, 10 Nov 2024 13:21:09 +0100 Subject: [PATCH 53/80] fix: lint Signed-off-by: Ludovic Ortega --- deploy/truenas.sh | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 944ba240..d53a5514 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -67,14 +67,14 @@ truenas_deploy() { _info "Getting TrueNAS version" _response=$(_get "$_api_url/system/version") - if [[ "$_response" == *"SCALE"* ]]; then - _truenas_os=$(echo "$_response" | cut -d '-' -f 2) - _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"' | cut -d '.' -f 1,2) + if [[ "$_response" = *"SCALE"* ]]; then + _truenas_os=$(echo "$_response" | cut -d '-' -f 2) + _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"' | cut -d '.' -f 1,2) else _truenas_os="unknown" _truenas_version="unknown" fi - + _info "Detected TrueNAS system os: $_truenas_os" _info "Detected TrueNAS system version: $_truenas_version" @@ -132,7 +132,8 @@ truenas_deploy() { _truenas_version_23_10="23.10" _truenas_version_24_10="24.10" - if [[ "$_truenas_os" != "SCALE" || "$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_23_10" ]]; then + _check_version=$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1) + if [ "$_truenas_os" != "SCALE" ] || [ "$_check_version" != "$_truenas_version_23_10" ]; then _info "Checking if WebDAV certificate is the same as the TrueNAS web UI" _webdav_list=$(_get "$_api_url/webdav") _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') @@ -180,8 +181,9 @@ truenas_deploy() { fi fi - if [ "$_truenas_os" == "SCALE" ]; then - if [ "$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1)" != "$_truenas_version_24_10" ]; then + if [ "$_truenas_os" = "SCALE" ]; then + _check_version=$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1) + if [ "$_check_version" != "$_truenas_version_24_10" ]; then _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" if _exists jq; then _info "Query all chart release" @@ -211,12 +213,12 @@ truenas_deploy() { _app_length=$(echo "$_app_id_list" | wc -l) _info "Found $_app_length apps" _info "Checking for each app if an update is needed" - for i in $(seq 1 $_app_length); do + for i in $(seq 1 "$_app_length"); do _app_id=$(echo "$_app_id_list" | sed -n "${i}p") _app_config="$(_post "\"$_app_id\"" "$_api_url/app/config" "" "POST" "application/json")" # Check if the app use the same certificate TrueNAS web UI _app_active_cert_config=$(echo "$_app_config" | _json_decode | jq -r ".ix_certificates[\"$_active_cert_id\"]") - if [[ "$_app_active_cert_config" != "null" ]]; then + if [ "$_app_active_cert_config" != "null" ]; then _info "Updating certificate from $_active_cert_id to $_cert_id for app: $_app_id" #Replace the old certificate id with the new one in path _update_app_result="$(_post "{\"values\" : { \"network\": { \"certificate_id\": $_cert_id } } }" "$_api_url/app/id/$_app_id" "" "PUT" "application/json")" From 08807b498ed7b382b503741de0c04aa38fea3176 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sun, 10 Nov 2024 13:30:18 +0100 Subject: [PATCH 54/80] fix: bad copy/paste Signed-off-by: Ludovic Ortega --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index d53a5514..4b0f17f4 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -226,7 +226,7 @@ truenas_deploy() { fi done else - _info "Tool 'jq' does not exists, skip chart release checking" + _info "Tool 'jq' does not exists, skip app checking" fi fi fi From 1bfd4672e1ca68670a362cfe78a8df78d2f3b52c Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Tue, 12 Nov 2024 22:10:34 +0100 Subject: [PATCH 55/80] fix: remove double square brackets --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 4b0f17f4..a425cff2 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -67,7 +67,7 @@ truenas_deploy() { _info "Getting TrueNAS version" _response=$(_get "$_api_url/system/version") - if [[ "$_response" = *"SCALE"* ]]; then + if echo "$_response" | grep -q "SCALE"; then _truenas_os=$(echo "$_response" | cut -d '-' -f 2) _truenas_version=$(echo "$_response" | cut -d '-' -f 3 | tr -d '"' | cut -d '.' -f 1,2) else From 2229bcc98b9a00b938f612951b8ba1d3199f128e Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Tue, 12 Nov 2024 22:15:44 +0100 Subject: [PATCH 56/80] fix: echo flag --- deploy/truenas.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index a425cff2..407395a3 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -132,7 +132,7 @@ truenas_deploy() { _truenas_version_23_10="23.10" _truenas_version_24_10="24.10" - _check_version=$(echo -e "$_truenas_version_23_10\n$_truenas_version" | sort -V | head -n 1) + _check_version=$(printf "%s\n%s" "$_truenas_version_23_10" "$_truenas_version" | sort -V | head -n 1) if [ "$_truenas_os" != "SCALE" ] || [ "$_check_version" != "$_truenas_version_23_10" ]; then _info "Checking if WebDAV certificate is the same as the TrueNAS web UI" _webdav_list=$(_get "$_api_url/webdav") @@ -182,7 +182,7 @@ truenas_deploy() { fi if [ "$_truenas_os" = "SCALE" ]; then - _check_version=$(echo -e "$_truenas_version_24_10\n$_truenas_version" | sort -V | head -n 1) + _check_version=$(printf "%s\n%s" "$_truenas_version_24_10" "$_truenas_version" | sort -V | head -n 1) if [ "$_check_version" != "$_truenas_version_24_10" ]; then _info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" if _exists jq; then From 0cc74b7cfe910d6961cd225e70dfaba884a418b4 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:50:51 +1300 Subject: [PATCH 57/80] fix insecure password debug and _info typo --- deploy/ruckus.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index def8197d..d83675bb 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -63,7 +63,7 @@ ruckus_deploy() { _debug RUCKUS_HOST "$RUCKUS_HOST" _debug RUCKUS_USER "$RUCKUS_USER" - _debug RUCKUS_PASS "$RUCKUS_PASS" + _secure_debug RUCKUS_PASS "$RUCKUS_PASS" export HTTPS_INSECURE=1 export ACME_HTTP_NO_REDIRECTS=1 @@ -127,7 +127,7 @@ ruckus_deploy() { _replace_cert_ajax='' _post "$_replace_cert_ajax" "$_base_url/_cmdstat.jsp" >/dev/null - info "Rebooting" + _info "Rebooting" _cert_reboot_ajax='' _post "$_cert_reboot_ajax" "$_base_url/_cmdstat.jsp" >/dev/null From 9c25365b1222ad944f585d043f888f6dbd7f0b0d Mon Sep 17 00:00:00 2001 From: Sergey Parfenov Date: Tue, 12 Nov 2024 01:20:39 +0300 Subject: [PATCH 58/80] Add swanctl support --- deploy/strongswan.sh | 111 ++++++++++++++++++++++++++++++------------- 1 file changed, 77 insertions(+), 34 deletions(-) diff --git a/deploy/strongswan.sh b/deploy/strongswan.sh index 3d5f1b34..14567d17 100644 --- a/deploy/strongswan.sh +++ b/deploy/strongswan.sh @@ -10,46 +10,89 @@ #domain keyfile certfile cafile fullchain strongswan_deploy() { - _cdomain="$1" - _ckey="$2" - _ccert="$3" - _cca="$4" - _cfullchain="$5" - + _cdomain="${1}" + _ckey="${2}" + _ccert="${3}" + _cca="${4}" + _cfullchain="${5}" _info "Using strongswan" - - if [ -x /usr/sbin/ipsec ]; then - _ipsec=/usr/sbin/ipsec - elif [ -x /usr/sbin/strongswan ]; then - _ipsec=/usr/sbin/strongswan - elif [ -x /usr/local/sbin/ipsec ]; then - _ipsec=/usr/local/sbin/ipsec - else + if _exists ipsec; then + _ipsec=ipsec + elif _exists strongswan; then + _ipsec=strongswan + fi + if _exists swanctl; then + _swanctl=swanctl + fi + # For legacy stroke mode + if [ -n "${_ipsec}" ]; then + _info "${_ipsec} command detected" + _confdir=$(${_ipsec} --confdir) + if [ -z "${_confdir}" ]; then + _err "no strongswan --confdir is detected" + return 1 + fi + _info _confdir "${_confdir}" + __deploy_cert "$@" "stroke" "${_confdir}" + ${_ipsec} reload + fi + # For modern vici mode + if [ -n "${_swanctl}" ]; then + _info "${_swanctl} command detected" + for _dir in /usr/local/etc/swanctl /etc/swanctl /etc/strongswan/swanctl; do + if [ -d ${_dir} ]; then + _confdir=${_dir} + _info _confdir "${_confdir}" + break + fi + done + if [ -z "${_confdir}" ]; then + _err "no swanctl config dir is found" + return 1 + fi + __deploy_cert "$@" "vici" "${_confdir}" + ${_swanctl} --load-creds + fi + if [ -z "${_swanctl}" ] && [ -z "${_ipsec}" ]; then _err "no strongswan or ipsec command is detected" + _err "no swanctl is detected" return 1 fi +} - _info _ipsec "$_ipsec" +#################### Private functions below ################################## - _confdir=$($_ipsec --confdir) - if [ $? -ne 0 ] || [ -z "$_confdir" ]; then - _err "no strongswan --confdir is detected" +__deploy_cert() { + _cdomain="${1}" + _ckey="${2}" + _ccert="${3}" + _cca="${4}" + _cfullchain="${5}" + _swan_mode="${6}" + _confdir="${7}" + _debug _cdomain "${_cdomain}" + _debug _ckey "${_ckey}" + _debug _ccert "${_ccert}" + _debug _cca "${_cca}" + _debug _cfullchain "${_cfullchain}" + _debug _swan_mode "${_swan_mode}" + _debug _confdir "${_confdir}" + if [ "${_swan_mode}" = "vici" ]; then + _dir_private="private" + _dir_cert="x509" + _dir_ca="x509ca" + elif [ "${_swan_mode}" = "stroke" ]; then + _dir_private="ipsec.d/private" + _dir_cert="ipsec.d/certs" + _dir_ca="ipsec.d/cacerts" + else + _err "unknown StrongSwan mode ${_swan_mode}" return 1 fi - - _info _confdir "$_confdir" - - _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" - _debug _ccert "$_ccert" - _debug _cca "$_cca" - _debug _cfullchain "$_cfullchain" - - cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")" - cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")" - cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")" - cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")" - - $_ipsec reload - + cat "${_ckey}" >"${_confdir}/${_dir_private}/$(basename "${_ckey}")" + cat "${_ccert}" >"${_confdir}/${_dir_cert}/$(basename "${_ccert}")" + cat "${_cca}" >"${_confdir}/${_dir_ca}/$(basename "${_cca}")" + if [ "${_swan_mode}" = "stroke" ]; then + cat "${_cfullchain}" >"${_confdir}/${_dir_ca}/$(basename "${_cfullchain}")" + fi } From e98e7a232ffa70d37bc4af6260e754a5a5060b98 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Wed, 13 Nov 2024 17:27:36 +1300 Subject: [PATCH 59/80] Fix info logging --- deploy/ruckus.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index d83675bb..3b147c25 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -68,7 +68,7 @@ ruckus_deploy() { export HTTPS_INSECURE=1 export ACME_HTTP_NO_REDIRECTS=1 - _info Discovering the login URL + _info "Discovering the login URL" _get "https://$RUCKUS_HOST" >/dev/null _login_url="$(_response_header 'Location')" if [ -n "$_login_url" ]; then @@ -98,7 +98,7 @@ ruckus_deploy() { return 1 fi - _info Login + _info "Login" _username_encoded="$(printf "%s" "$RUCKUS_USER" | _url_encode)" _password_encoded="$(printf "%s" "$RUCKUS_PASS" | _url_encode)" _login_query="$(printf "%s" "username=${_username_encoded}&password=${_password_encoded}&ok=Log+In")" @@ -110,10 +110,10 @@ ruckus_deploy() { return 1 fi - _info Collect Session Cookie + _info "Collect Session Cookie" _H1="Cookie: $(_response_cookie)" export _H1 - _info Collect CSRF Token + _info "Collect CSRF Token" _H2="X-CSRF-Token: $(_response_header 'HTTP_X_CSRF_TOKEN')" export _H2 From 38c41b72d6acc0edfe6d7a1fa072fe16a1505ff5 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Thu, 14 Nov 2024 07:16:38 +1300 Subject: [PATCH 60/80] fix acme.sh PR shfmt failure --- deploy/ruckus.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index 3b147c25..b4249472 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # Here is a script to deploy cert to Ruckus ZoneDirector / Unleashed. -# +# # Public domain, 2024, Tony Rielly # # ```sh @@ -84,20 +84,20 @@ ruckus_deploy() { _err "Connection failed: couldn't find login page." return 1 fi - + _base_url=$(dirname "$_login_url") _login_page=$(basename "$_login_url") - if [ "$_login_page" = "index.html" ]; then + if [ "$_login_page" = "index.html" ]; then _err "Connection temporarily unavailable: Unleashed Rebuilding." return 1 fi - if [ "$_login_page" = "wizard.jsp" ]; then + if [ "$_login_page" = "wizard.jsp" ]; then _err "Connection failed: Setup Wizard not complete." return 1 fi - + _info "Login" _username_encoded="$(printf "%s" "$RUCKUS_USER" | _url_encode)" _password_encoded="$(printf "%s" "$RUCKUS_PASS" | _url_encode)" @@ -109,7 +109,7 @@ ruckus_deploy() { _err "Login failed: incorrect credentials." return 1 fi - + _info "Collect Session Cookie" _H1="Cookie: $(_response_cookie)" export _H1 @@ -119,27 +119,27 @@ ruckus_deploy() { _info "Uploading certificate" _post_upload "uploadcert" "$_cfullchain" - + _info "Uploading private key" _post_upload "uploadprivatekey" "$_ckey" _info "Replacing certificate" _replace_cert_ajax='' _post "$_replace_cert_ajax" "$_base_url/_cmdstat.jsp" >/dev/null - + _info "Rebooting" _cert_reboot_ajax='' _post "$_cert_reboot_ajax" "$_base_url/_cmdstat.jsp" >/dev/null - + return 0 } _response_code() { - < "$HTTP_HEADER" _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n" | _egrep_o "^[0-9]*" + _egrep_o <"$HTTP_HEADER" "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n" | _egrep_o "^[0-9]*" } _response_header() { - < "$HTTP_HEADER" grep -i "^$1:" | cut -d ':' -f 2- | tr -d "\r\n\t " + grep <"$HTTP_HEADER" -i "^$1:" | cut -d ':' -f 2- | tr -d "\r\n\t " } _response_cookie() { @@ -149,9 +149,9 @@ _response_cookie() { _post_upload() { _post_action="$1" _post_file="$2" - + _post_boundary="----FormBoundary$(date "+%s%N")" - + _post_data="$({ printf -- "--%s\r\n" "$_post_boundary" printf -- "Content-Disposition: form-data; name=\"u\"; filename=\"%s\"\r\n" "$_post_action" From 2bb5fbdee549f6f1baacd2e7cc3cd8f1a4c4fc48 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Thu, 14 Nov 2024 07:21:19 +1300 Subject: [PATCH 61/80] Remove HTTPS_INSECURE --- deploy/ruckus.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index b4249472..1bfa6bd6 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -65,7 +65,6 @@ ruckus_deploy() { _debug RUCKUS_USER "$RUCKUS_USER" _secure_debug RUCKUS_PASS "$RUCKUS_PASS" - export HTTPS_INSECURE=1 export ACME_HTTP_NO_REDIRECTS=1 _info "Discovering the login URL" From 0c2d7b9c06a648e31a5bd7c93436088ab8a0ca83 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 14 Nov 2024 20:03:22 +0100 Subject: [PATCH 62/80] fix for latest omnios-r151052 --- acme.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 2eea666a..a55ee41c 100755 --- a/acme.sh +++ b/acme.sh @@ -1811,7 +1811,11 @@ _date2time() { return fi #Omnios - if da="$(echo "$1" | tr -d "Z" | tr "T" ' ')" perl -MTime::Piece -e 'print Time::Piece->strptime($ENV{da}, "%Y-%m-%d %H:%M:%S")->epoch, "\n";' 2>/dev/null; then + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%d %H:%M:%S\").timestamp()))" 2>/dev/null; then + return + fi + #Omnios + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%dT%H:%M:%SZ\").timestamp()))" 2>/dev/null; then return fi _err "Cannot parse _date2time $1" From 709f1e76d3ea77f3415e8bdca5d13ae4532c0e7e Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 14 Nov 2024 20:17:03 +0100 Subject: [PATCH 63/80] fix for omnios-r151052 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index a55ee41c..2791325d 100755 --- a/acme.sh +++ b/acme.sh @@ -1811,11 +1811,11 @@ _date2time() { return fi #Omnios - if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%d %H:%M:%S\").timestamp()))" 2>/dev/null; then + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%d %H:%M:%S\").replace(tzinfo=datetime.timezone.utc).timestamp()))" 2>/dev/null; then return fi #Omnios - if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%dT%H:%M:%SZ\").timestamp()))" 2>/dev/null; then + if python3 -c "import datetime; print(int(datetime.datetime.strptime(\"$1\", \"%Y-%m-%dT%H:%M:%SZ\").replace(tzinfo=datetime.timezone.utc).timestamp()))" 2>/dev/null; then return fi _err "Cannot parse _date2time $1" From 4e0686f73cf89d29d19cd24d46386b770d194bbb Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 14 Nov 2024 20:35:15 +0100 Subject: [PATCH 64/80] fix for omnios-r151052 --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index 2791325d..9842e3f1 100755 --- a/acme.sh +++ b/acme.sh @@ -1628,6 +1628,11 @@ _time2str() { return fi + #Omnios + if date -u -r "$1" +"%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then + return + fi + #Solaris if printf "%(%Y-%m-%dT%H:%M:%SZ)T\n" $1 2>/dev/null; then return From 4232923641479da186a21009cd1aae9617801da4 Mon Sep 17 00:00:00 2001 From: ms264556 <29752086+ms264556@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:39:41 +1300 Subject: [PATCH 65/80] Remove awk usage and refuse redirect to new host --- deploy/ruckus.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/ruckus.sh b/deploy/ruckus.sh index 1bfa6bd6..f62e2fc0 100755 --- a/deploy/ruckus.sh +++ b/deploy/ruckus.sh @@ -74,8 +74,8 @@ ruckus_deploy() { _login_path=$(echo "$_login_url" | sed 's|https\?://[^/]\+||') if [ -z "$_login_path" ]; then # redirect was to a different host - _get "$_login_url" >/dev/null - _login_url="$(_response_header 'Location')" + _err "Connection failed: redirected to a different host. Configure Unleashed with a Preferred Master or Management Interface." + return 1 fi fi @@ -142,7 +142,7 @@ _response_header() { } _response_cookie() { - _response_header 'Set-Cookie' | awk -F';' '{for(i=1;i<=NF;i++) if (tolower($i) !~ /(path|domain|expires|max-age|secure|httponly|samesite)/) printf "%s; ", $i}' | sed 's/; $//' + _response_header 'Set-Cookie' | sed 's/;.*//' } _post_upload() { From 276e089419592eabe1f188fdb53d161ab835cf70 Mon Sep 17 00:00:00 2001 From: mikhailkhr Date: Wed, 20 Nov 2024 12:38:06 +0300 Subject: [PATCH 66/80] fix: new version of fornex dns based on api version 2.3.1 --- dnsapi/dns_fornex.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index cede0cd0..a352547b 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -9,7 +9,7 @@ Issues: github.com/acmesh-official/acme.sh/issues/3998 Author: Timur Umarov ' -FORNEX_API_URL="https://fornex.com/api/dns/v0.1" +FORNEX_API_URL="https://fornex.com/api" ######## Public functions ##################### @@ -30,12 +30,10 @@ dns_fornex_add() { fi _info "Adding record" - if _rest POST "$_domain/entry_set/add/" "host=$fulldomain&type=TXT&value=$txtvalue&apikey=$FORNEX_API_KEY"; then + if _rest POST "dns/domain/$_domain/entry_set/" "{\"host\" : \"${fulldomain}\" , \"type\" : \"TXT\" , \"value\" : \"${txtvalue}\" , \"ttl\" : null}"; then _debug _response "$response" - if _contains "$response" '"ok": true' || _contains "$response" 'Такая запись уже существует.'; then - _info "Added, OK" - return 0 - fi + _info "Added, OK" + return 0 fi _err "Add txt record error." return 1 @@ -58,21 +56,21 @@ dns_fornex_rm() { fi _debug "Getting txt records" - _rest GET "$_domain/entry_set.json?apikey=$FORNEX_API_KEY" + _rest GET "dns/domain/$_domain/entry_set?type=TXT&q=$fulldomain" if ! _contains "$response" "$txtvalue"; then _err "Txt record not found" return 1 fi - _record_id="$(echo "$response" | _egrep_o "{[^{]*\"value\"*:*\"$txtvalue\"[^}]*}" | sed -n -e 's#.*"id": \([0-9]*\).*#\1#p')" + _record_id="$(echo "$response" | _egrep_o "\{[^\{]*\"value\"*:*\"$txtvalue\"[^\}]*\}" | sed -n -e 's#.*"id":\([0-9]*\).*#\1#p')" _debug "_record_id" "$_record_id" if [ -z "$_record_id" ]; then - _err "can not find _record_id" + _err "can not find _record_id return 1 fi - if ! _rest POST "$_domain/entry_set/$_record_id/delete/" "apikey=$FORNEX_API_KEY"; then + if ! _rest DELETE "dns/domain/$_domain/entry_set/$_record_id/"; then _err "Delete record error." return 1 fi @@ -90,18 +88,18 @@ _get_root() { i=1 while true; do - h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) + h=$(printf "%s" "$domain" | cut -d . -f $i-100) _debug h "$h" if [ -z "$h" ]; then #not valid return 1 fi - if ! _rest GET "domain_list.json?q=$h&apikey=$FORNEX_API_KEY"; then + if ! _rest GET "dns/domain/"; then return 1 fi - if _contains "$response" "\"$h\"" >/dev/null; then + if _contains "$response" "\"name\":\"$h\"" >/dev/null; then _domain=$h return 0 else @@ -134,7 +132,9 @@ _rest() { data="$3" _debug "$ep" - export _H1="Accept: application/json" + export _H1="Authorization: Api-Key $FORNEX_API_KEY" + export _H2="Content-Type: application/json" + export _H3="Accept: application/json" if [ "$m" != "GET" ]; then _debug data "$data" From 54ac0048c4bdb9c57c26e8204d1996c61fd54456 Mon Sep 17 00:00:00 2001 From: mikhailkhr Date: Wed, 20 Nov 2024 12:43:58 +0300 Subject: [PATCH 67/80] fix: missing quotes --- dnsapi/dns_fornex.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index a352547b..d1a10af8 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -66,7 +66,7 @@ dns_fornex_rm() { _record_id="$(echo "$response" | _egrep_o "\{[^\{]*\"value\"*:*\"$txtvalue\"[^\}]*\}" | sed -n -e 's#.*"id":\([0-9]*\).*#\1#p')" _debug "_record_id" "$_record_id" if [ -z "$_record_id" ]; then - _err "can not find _record_id + _err "can not find _record_id" return 1 fi From cd924099e43a1eb4ac1895b8004557945499a450 Mon Sep 17 00:00:00 2001 From: Henning Reich Date: Mon, 25 Nov 2024 17:46:59 +0000 Subject: [PATCH 68/80] add template --- dnsapi/dns_technitum.sh | 44 +++++++++++++++++++++++++++++++++++++++++ test.technitum.sh | 3 +++ 2 files changed, 47 insertions(+) create mode 100755 dnsapi/dns_technitum.sh create mode 100755 test.technitum.sh diff --git a/dnsapi/dns_technitum.sh b/dnsapi/dns_technitum.sh new file mode 100755 index 00000000..c9f5eb9f --- /dev/null +++ b/dnsapi/dns_technitum.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_myapi_info='Custom API Example + A sample custom DNS API script. +Domains: example.com +Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +Options: + MYAPI_Token API Token. Get API Token from https://example.com/api/. Optional. +Issues: github.com/acmesh-official/acme.sh +Author: Neil Pang +' + +#This file name is "dns_myapi.sh" +#So, here must be a method dns_myapi_add() +#Which will be called by acme.sh to add the txt record to your api system. +#returns 0 means success, otherwise error. + +######## Public functions ##################### + +# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide + +#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_myapi_add() { + fulldomain=$1 + txtvalue=$2 + _info "Using myapi" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + _err "Not implemented!" + return 1 +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_myapi_rm() { + fulldomain=$1 + txtvalue=$2 + _info "Using myapi" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" +} + +#################### Private functions below ################################## diff --git a/test.technitum.sh b/test.technitum.sh new file mode 100755 index 00000000..438d2f4d --- /dev/null +++ b/test.technitum.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +./acme.sh --issue --staging --debug 2 -d test.07q.de --dns dns_technitum From c3557bbe3f07052ac29b5ca95ff2405a557af817 Mon Sep 17 00:00:00 2001 From: qupfer Date: Mon, 25 Nov 2024 20:26:23 +0100 Subject: [PATCH 69/80] 1 --- dnsapi/dns_technitum.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_technitum.sh b/dnsapi/dns_technitum.sh index c9f5eb9f..8eb2e4b8 100755 --- a/dnsapi/dns_technitum.sh +++ b/dnsapi/dns_technitum.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # shellcheck disable=SC2034 -dns_myapi_info='Custom API Example - A sample custom DNS API script. +dns_technitum_info='Technitum DNS Server + Domains: example.com Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns @@ -21,10 +21,10 @@ Author: Neil Pang # Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_myapi_add() { +dns_technitum_add() { fulldomain=$1 txtvalue=$2 - _info "Using myapi" + _info "Using technitum" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" _err "Not implemented!" @@ -33,12 +33,17 @@ dns_myapi_add() { #Usage: fulldomain txtvalue #Remove the txt record after validation. -dns_myapi_rm() { +dns_technitum_rm() { fulldomain=$1 txtvalue=$2 - _info "Using myapi" + _info "Using technitum" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _err "Not implemented!" + return 1 } #################### Private functions below ################################## + + +dns_technitum_add "_acme-challenge.test.07q.de" "abcd" \ No newline at end of file From 9cd1d1a9dcbabcc2a316f1d655e2f5f2db8682cb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Tue, 26 Nov 2024 09:20:18 +0100 Subject: [PATCH 70/80] dns_world4you: Adapt to change in world4you.com DeleteDnsRecordForm --- dnsapi/dns_world4you.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index be6ef5c8..2e8efe82 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -115,7 +115,7 @@ dns_world4you_rm() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[_token]=$form_token" + body="DeleteDnsRecordForm[id]=$recordid&DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns/record/delete" '' POST 'application/x-www-form-urlencoded') _resethttp @@ -203,6 +203,7 @@ _get_paketnr() { form="$2" domains=$(echo "$form" | grep '