plantroon/acme.sh
1
0
Fork 0
mirror of https://github.com/plantroon/acme.sh.git synced 2024-12-22 13:11:41 +00:00
Code Issues Projects Releases Wiki Activity

Rewrite to conform to Dev guide

Browse Source 
Created _get_root() that tests the requested host is a subdomain to the domains hosted on MailinaBox (MIAB) DNS Server. Created common _miab_rest() used with dns_miab_add(), dns_miab_rm() and _get_root(). Also created barbaric _is_json() to test the response given by the MIAB Custom DNS API at least looks like a JSON file. We should add a hint to use _normalizeJson with JSON responses so _startswith, _endswith won't perplexingly fail.
This commit is contained in:
Bill Gertz 2019-10-13 19:56:04 +02:00 committed by GitHub
parent f64b061a28
commit aa6112482d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 147 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

273
dnsapi/dns_miab.sh
View File

@ -6,186 +6,207 @@
# Darven Dissek 2018 # Darven Dissek 2018
# William Gertz 2019 # William Gertz 2019
# #
# Thanks to Neil Pang for the code reused from acme.sh from HTTP-01 validation # Thanks to Neil Pang and other developers here for code reused from acme.sh from DNS-01
# used to communicate with the MailintheBox Custom DNS API # used to communicate with the MailinaBox Custom DNS API
# Report Bugs here: # Report Bugs here:
# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) # https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh)
# https://github.com/Neilpang/acme.sh (for acme.sh) # https://github.com/Neilpang/acme.sh (for acme.sh)
# #
######## Public functions ##################### ######## Public functions #####################
#Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_miab_add() { dns_miab_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using miab" _info "Using miab challange add"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}" #retrieve MIAB environemt vars
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}" if ! _retrieve_miab_env; then
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}" return 1
fi
#debug log the environmental variables
_debug MIAB_Username "$MIAB_Username" #check domain and seperate into doamin and host
_debug MIAB_Password "$MIAB_Password" if ! _get_root "$fulldomain"; then
_debug MIAB_Server "$MIAB_Server" _err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}"
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
MIAB_Username=""
MIAB_Password=""
MIAB_Server=""
_err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server."
_err "Please try again."
return 1 return 1
fi fi
#save the credentials to the account conf file. _debug2 _sub_domain "$_sub_domain"
_saveaccountconf_mutable MIAB_Username "$MIAB_Username" _debug2 _domain "$_domain"
_saveaccountconf_mutable MIAB_Password "$MIAB_Password"
_saveaccountconf_mutable MIAB_Server "$MIAB_Server"
baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt" #add the challenge record
_api_path="custom/${fulldomain}/txt"
#Add the challenge record _miab_rest "$txtvalue" "$_api_path" "POST"
result="$(_miab_post "$txtvalue" "$baseurl" "POST" "$MIAB_Username" "$MIAB_Password")"
_debug result "$result"
#check if result was good #check if result was good
if _contains "$result" "updated DNS"; then if _contains "$response" "updated DNS"; then
_info "Successfully created the txt record" _info "Successfully created the txt record"
return 0 return 0
else else
_err "Error encountered during record addition" _err "Error encountered during record add"
_err "$result" _err "$response"
return 1 return 1
fi fi
} }
#Usage: fulldomain txtvalue #Usage: dns_miab_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
#Remove the txt record after validation.
dns_miab_rm() { dns_miab_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using miab"
_info "Using miab challage delete"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}" #retrieve MIAB environemt vars
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}" if ! _retrieve_miab_env; then
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}" return 1
fi
#debug log the environmental variables #check domain and seperate into doamin and host
_debug MIAB_Username "$MIAB_Username" if ! _get_root "$fulldomain"; then
_debug MIAB_Password "$MIAB_Password" _err "Cannot find any part of ${fulldomain} is hosted on ${MIAB_Server}"
_debug MIAB_Server "$MIAB_Server"
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
MIAB_Username=""
MIAB_Password=""
MIAB_Server=""
_err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server."
_err "Please try again."
return 1 return 1
fi fi
#save the credentials to the account conf file. _debug2 _sub_domain "$_sub_domain"
_saveaccountconf_mutable MIAB_Username "$MIAB_Username" _debug2 _domain "$_domain"
_saveaccountconf_mutable MIAB_Password "$MIAB_Password"
_saveaccountconf_mutable MIAB_Server "$MIAB_Server"
baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt"
#Remove the challenge record #Remove the challenge record
result="$(_miab_post "$txtvalue" "$baseurl" "DELETE" "$MIAB_Username" "$MIAB_Password")" _api_path="custom/${fulldomain}/txt"
_miab_rest "$txtvalue" "$_api_path" "DELETE"
_debug result "$result"
#check if result was good #check if result was good
if _contains "$result" "updated DNS"; then if _contains "$response" "updated DNS"; then
_info "Successfully created the txt record" _info "Successfully removed the txt record"
return 0 return 0
else else
_err "Error encountered during record addition" _err "Error encountered during record remove"
_err "$result" _err "$response"
return 1 return 1
fi fi
} }
#################### Private functions below ################################## #################### Private functions below ##################################
# #
# post changes to MIAB dns (taken from acme.sh) #Usage: _get_root _acme-challenge.www.domain.com
_miab_post() { #Returns:
body="$1" # _sub_domain=_acme-challenge.www
_post_url="$2" # _domain=domain.com
httpmethod="$3" _get_root() {
username="$4" _passed_domain=$1
password="$5" _debug _passed_domain "$_passed_domain"
_i=2
_p=1
if [ -z "$httpmethod" ]; then #get the zones hosed on MIAB server, must be a json stream
httpmethod="POST" _miab_rest "" "zones" "GET"
_info "_startswith test:$(_startswith "test" "t")"
_info "_endstest test:$(_endswith "test" "t")"
if ! _is_json "$response"; then
_err "ERROR fetching domain list"
_err "$response"
return 1
fi fi
_debug $httpmethod #cycle through the passed domain seperating out a test domain discarding
_debug "_post_url" "$_post_url" # the subdomain by marching thorugh the dots
_debug2 "body" "$body" while true; do
_test_domain=$(printf "%s" "$_passed_domain" | cut -d . -f ${_i}-100)
_debug _test_domain "$_test_domain"
_inithttp if [ -z "$_test_domain" ]; then
return 1
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
_CURL="$_ACME_CURL"
if [ "$HTTPS_INSECURE" ]; then
_CURL="$_CURL --insecure "
fi fi
_debug "_CURL" "$_CURL" #report found if the test domain is in the json response and
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")" # report the subdomain
_ret="$?" if _contains "$response" "\"$_test_domain\""; then
_sub_domain=$(printf "%s" "$_passed_domain" | cut -d . -f 1-${_p})
if [ "$_ret" != "0" ]; then _domain=${_test_domain}
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" return 0
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
_err "Here is the curl dump log:"
_err "$(cat "$_CURL_DUMP")"
fi
fi fi
elif [ "$_ACME_WGET" ]; then #cycle to the next dot in the passed domain
_WGET="$_ACME_WGET" _p=${_i}
_i=$(_math "$_i" + 1)
done
if [ "$HTTPS_INSECURE" ]; then return 1
_WGET="$_WGET --no-check-certificate " }
fi
#Usage: _retrieve_miab_env
_debug "_WGET" "$_WGET" #Returns (from store or environment variables):
# MIAB_Username
if [ "$httpmethod" = "POST" ]; then # MIAB_Password
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")" # MIAB_Server
else #retrieve MIAB environment variables, report errors and quit if problems
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")" _retrieve_miab_env() {
fi MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}"
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}"
_ret="$?" MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}"
if [ "$_ret" = "8" ]; then #debug log the environmental variables
_ret=0 _debug MIAB_Username "$MIAB_Username"
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." _debug MIAB_Password "$MIAB_Password"
fi _debug MIAB_Server "$MIAB_Server"
if [ "$_ret" != "0" ]; then #check if MIAB environemt vars set and quit if not
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then
fi _err "You didn't specify one or more of MIAB_Username, MIAB_Password or MIAB_Server."
_err "Please check these environment variables and try again."
_sed_i "s/^ *//g" "$HTTP_HEADER" return 1
fi
else
_ret="$?" #save the credentials to the account conf file.
_err "Neither curl nor wget was found, cannot do $httpmethod." _saveaccountconf_mutable MIAB_Username "$MIAB_Username"
fi _saveaccountconf_mutable MIAB_Password "$MIAB_Password"
_saveaccountconf_mutable MIAB_Server "$MIAB_Server"
_debug "_ret" "$_ret" }
printf "%s" "$response"
return $_ret #Useage: _miab_rest "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" "custom/_acme-challenge.www.domain.com/txt "POST"
#Returns: "updated DNS: domain.com"
#rest interface MIAB dns
_miab_rest() {
_data="$1"
_api_path="$2"
_httpmethod="$3"
#encode username and password for url
_username="$(printf "%s" "$MIAB_Username" | _url_encode)"
_password="$(printf "%s" "$MIAB_Password" | _url_encode)"
_url="https://${_username}:${_password}@${MIAB_Server}/admin/dns/${_api_path}"
_debug2 _data "$_data"
_debug _api_path "$_api_path"
_debug2 _url "$_url"
_debug _httpmethod "$_httpmethod"
if [ "$_httpmethod" = "GET" ]; then
response="$(_get "$_url")"
else
response="$(_post "$_data" "$_url" "" "$_httpmethod")"
fi
_retcode="$?"
if [ "$_retcode" != "0" ]; then
_err "MAAB REST authentication failed on $_httpmethod"
return 1
fi
_debug response "$response"
return 0
}
#Usage: _is_json "\[\n "mydomain.com"\n]"
#Reurns "\[\n "mydomain.com"\n]"
#returns the string if it begins and ends with square braces
_is_json() {
_str="$(echo "$1" | _normalizeJson)"
echo "$_str" | grep '^\[.*\]$' >/dev/null 2>&1
} }