mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-19 21:01:45 +00:00
commit
c768581829
8
acme.sh
8
acme.sh
@ -6216,7 +6216,7 @@ Parameters:
|
||||
--force, -f Used to force to install or force to renew a cert immediately.
|
||||
--staging, --test Use staging server, just for test.
|
||||
--debug Output debug info.
|
||||
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for secure.
|
||||
--output-insecure Output all the sensitive messages. By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
|
||||
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
||||
--standalone Use standalone mode.
|
||||
--alpn Use standalone alpn mode.
|
||||
@ -6225,8 +6225,8 @@ Parameters:
|
||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
||||
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
||||
|
||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384.
|
||||
--accountkeylength, -ak [2048] Specifies the account key length.
|
||||
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
|
||||
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096
|
||||
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here.
|
||||
--log-level 1|2 Specifies the log level, default is 1.
|
||||
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
|
||||
@ -6240,7 +6240,7 @@ Parameters:
|
||||
|
||||
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server.
|
||||
|
||||
--server SERVER ACME Directory Resource URI. (default: https://acme-v01.api.letsencrypt.org/directory)
|
||||
--server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA)
|
||||
--accountconf Specifies a customized account config file.
|
||||
--home Specifies the home dir for $PROJECT_NAME.
|
||||
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command.
|
||||
|
139
deploy/panos.sh
Normal file
139
deploy/panos.sh
Normal file
@ -0,0 +1,139 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Script to deploy certificates to Palo Alto Networks PANOS via API
|
||||
# Note PANOS API KEY and IP address needs to be set prior to running.
|
||||
# The following variables exported from environment will be used.
|
||||
# If not set then values previously saved in domain.conf file are used.
|
||||
#
|
||||
# Firewall admin with superuser and IP address is required.
|
||||
#
|
||||
# export PANOS_USER="" # required
|
||||
# export PANOS_PASS="" # required
|
||||
# export PANOS_HOST="" # required
|
||||
|
||||
# This function is to parse the XML
|
||||
parse_response() {
|
||||
type=$2
|
||||
if [ "$type" = 'keygen' ]; then
|
||||
status=$(echo "$1" | sed 's/^.*\(['\'']\)\([a-z]*\)'\''.*/\2/g')
|
||||
if [ "$status" = "success" ]; then
|
||||
panos_key=$(echo "$1" | sed 's/^.*\(<key>\)\(.*\)<\/key>.*/\2/g')
|
||||
_panos_key=$panos_key
|
||||
else
|
||||
message="PAN-OS Key could not be set."
|
||||
fi
|
||||
else
|
||||
status=$(echo "$1" | sed 's/^.*"\([a-z]*\)".*/\1/g')
|
||||
message=$(echo "$1" | sed 's/^.*<result>\(.*\)<\/result.*/\1/g')
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
deployer() {
|
||||
content=""
|
||||
type=$1 # Types are keygen, cert, key, commit
|
||||
_debug "**** Deploying $type *****"
|
||||
panos_url="https://$_panos_host/api/"
|
||||
if [ "$type" = 'keygen' ]; then
|
||||
_H1="Content-Type: application/x-www-form-urlencoded"
|
||||
content="type=keygen&user=$_panos_user&password=$_panos_pass"
|
||||
# content="$content${nl}--$delim${nl}Content-Disposition: form-data; type=\"keygen\"; user=\"$_panos_user\"; password=\"$_panos_pass\"${nl}Content-Type: application/octet-stream${nl}${nl}"
|
||||
fi
|
||||
|
||||
if [ "$type" = 'cert' ] || [ "$type" = 'key' ]; then
|
||||
#Generate DEIM
|
||||
delim="-----MultipartDelimiter$(date "+%s%N")"
|
||||
nl="\015\012"
|
||||
#Set Header
|
||||
export _H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||
if [ "$type" = 'cert' ]; then
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\ncertificate"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||
fi
|
||||
if [ "$type" = 'key' ]; then
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\nprivate-key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n\r\n123456"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||
fi
|
||||
#Close multipart
|
||||
content="$content${nl}--$delim--${nl}"
|
||||
#Convert CRLF
|
||||
content=$(printf %b "$content")
|
||||
fi
|
||||
|
||||
if [ "$type" = 'commit' ]; then
|
||||
export _H1="Content-Type: application/x-www-form-urlencoded"
|
||||
cmd=$(printf "%s" "<commit><partial><$_panos_user></$_panos_user></partial></commit>" | _url_encode)
|
||||
content="type=commit&key=$_panos_key&cmd=$cmd"
|
||||
fi
|
||||
response=$(_post "$content" "$panos_url" "" "POST")
|
||||
parse_response "$response" "$type"
|
||||
# Saving response to variables
|
||||
response_status=$status
|
||||
#DEBUG
|
||||
_debug response_status "$response_status"
|
||||
if [ "$response_status" = "success" ]; then
|
||||
_debug "Successfully deployed $type"
|
||||
return 0
|
||||
else
|
||||
_err "Deploy of type $type failed. Try deploying with --debug to troubleshoot."
|
||||
_debug "$message"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# This is the main function that will call the other functions to deploy everything.
|
||||
panos_deploy() {
|
||||
_cdomain="$1"
|
||||
_ckey="$2"
|
||||
_cfullchain="$5"
|
||||
# PANOS ENV VAR check
|
||||
if [ -z "$PANOS_USER" ] || [ -z "$PANOS_PASS" ] || [ -z "$PANOS_HOST" ]; then
|
||||
_debug "No ENV variables found lets check for saved variables"
|
||||
_getdeployconf PANOS_USER
|
||||
_getdeployconf PANOS_PASS
|
||||
_getdeployconf PANOS_HOST
|
||||
_panos_user=$PANOS_USER
|
||||
_panos_pass=$PANOS_PASS
|
||||
_panos_host=$PANOS_HOST
|
||||
if [ -z "$_panos_user" ] && [ -z "$_panos_pass" ] && [ -z "$_panos_host" ]; then
|
||||
_err "No host, user and pass found.. If this is the first time deploying please set PANOS_HOST, PANOS_USER and PANOS_PASS in environment variables. Delete them after you have succesfully deployed certs."
|
||||
return 1
|
||||
else
|
||||
_debug "Using saved env variables."
|
||||
fi
|
||||
else
|
||||
_debug "Detected ENV variables to be saved to the deploy conf."
|
||||
# Encrypt and save user
|
||||
_savedeployconf PANOS_USER "$PANOS_USER" 1
|
||||
_savedeployconf PANOS_PASS "$PANOS_PASS" 1
|
||||
_savedeployconf PANOS_HOST "$PANOS_HOST" 1
|
||||
_panos_user="$PANOS_USER"
|
||||
_panos_pass="$PANOS_PASS"
|
||||
_panos_host="$PANOS_HOST"
|
||||
fi
|
||||
_debug "Let's use username and pass to generate token."
|
||||
if [ -z "$_panos_user" ] || [ -z "$_panos_pass" ] || [ -z "$_panos_host" ]; then
|
||||
_err "Please pass username and password and host as env variables PANOS_USER, PANOS_PASS and PANOS_HOST"
|
||||
return 1
|
||||
else
|
||||
_debug "Getting PANOS KEY"
|
||||
deployer keygen
|
||||
if [ -z "$_panos_key" ]; then
|
||||
_err "Missing apikey."
|
||||
return 1
|
||||
else
|
||||
deployer cert
|
||||
deployer key
|
||||
deployer commit
|
||||
fi
|
||||
fi
|
||||
}
|
152
deploy/synology_dsm.sh
Normal file
152
deploy/synology_dsm.sh
Normal file
@ -0,0 +1,152 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Here is a script to deploy cert to Synology DSM
|
||||
#
|
||||
# it requires the jq and curl are in the $PATH and the following
|
||||
# environment variables must be set:
|
||||
#
|
||||
# SYNO_Username - Synology Username to login (must be an administrator)
|
||||
# SYNO_Password - Synology Password to login
|
||||
# SYNO_Certificate - Certificate description to target for replacement
|
||||
#
|
||||
# The following environmental variables may be set if you don't like their
|
||||
# default values:
|
||||
#
|
||||
# SYNO_Scheme - defaults to http
|
||||
# SYNO_Hostname - defaults to localhost
|
||||
# SYNO_Port - defaults to 5000
|
||||
#
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
_syno_get_cookie_data() {
|
||||
grep "\W$1=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
|
||||
}
|
||||
|
||||
#domain keyfile certfile cafile fullchain
|
||||
synology_dsm_deploy() {
|
||||
|
||||
_cdomain="$1"
|
||||
_ckey="$2"
|
||||
_ccert="$3"
|
||||
_cca="$4"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
|
||||
# Get Username and Password, but don't save until we successfully authenticate
|
||||
_getdeployconf SYNO_Username
|
||||
_getdeployconf SYNO_Password
|
||||
_getdeployconf SYNO_Create
|
||||
if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then
|
||||
SYNO_Username=""
|
||||
SYNO_Password=""
|
||||
_err "SYNO_Username & SYNO_Password must be set"
|
||||
return 1
|
||||
fi
|
||||
_debug2 SYNO_Username "$SYNO_Username"
|
||||
_secure_debug2 SYNO_Password "$SYNO_Password"
|
||||
|
||||
# Optional scheme, hostname, and port for Synology DSM
|
||||
_getdeployconf SYNO_Scheme
|
||||
_getdeployconf SYNO_Hostname
|
||||
_getdeployconf SYNO_Port
|
||||
|
||||
# default vaules for scheme, hostname, and port
|
||||
# defaulting to localhost and http because it's localhost...
|
||||
[ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http"
|
||||
[ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost"
|
||||
[ -n "${SYNO_Port}" ] || SYNO_Port="5000"
|
||||
|
||||
_savedeployconf SYNO_Scheme "$SYNO_Scheme"
|
||||
_savedeployconf SYNO_Hostname "$SYNO_Hostname"
|
||||
_savedeployconf SYNO_Port "$SYNO_Port"
|
||||
|
||||
_debug2 SYNO_Scheme "$SYNO_Scheme"
|
||||
_debug2 SYNO_Hostname "$SYNO_Hostname"
|
||||
_debug2 SYNO_Port "$SYNO_Port"
|
||||
|
||||
# Get the certificate description, but don't save it until we verfiy it's real
|
||||
_getdeployconf SYNO_Certificate
|
||||
if [ -z "${SYNO_Certificate:?}" ]; then
|
||||
_err "SYNO_Certificate needs to be defined (with the Certificate description name)"
|
||||
return 1
|
||||
fi
|
||||
_debug SYNO_Certificate "$SYNO_Certificate"
|
||||
|
||||
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
|
||||
_debug _base_url "$_base_url"
|
||||
|
||||
# Login, get the token from JSON and session id from cookie
|
||||
_info "Logging into $SYNO_Hostname:$SYNO_Port"
|
||||
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes")
|
||||
token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p')
|
||||
_debug3 response "$response"
|
||||
|
||||
if [ -z "$token" ]; then
|
||||
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
||||
_err "Check your username and password."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")"
|
||||
_H2="X-SYNO-TOKEN: $token"
|
||||
export _H1
|
||||
export _H2
|
||||
_debug2 H1 "${_H1}"
|
||||
_debug2 H2 "${_H2}"
|
||||
|
||||
# Now that we know the username and password are good, save them
|
||||
_savedeployconf SYNO_Username "$SYNO_Username"
|
||||
_savedeployconf SYNO_Password "$SYNO_Password"
|
||||
_debug token "$token"
|
||||
|
||||
_info "Getting certificates in Synology DSM"
|
||||
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
|
||||
_debug3 response "$response"
|
||||
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
|
||||
_debug2 id "$id"
|
||||
|
||||
if [ -z "$id" ] && [ -z "${SYNO_Create:?}" ]; then
|
||||
_err "Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# we've verified this certificate description is a thing, so save it
|
||||
_savedeployconf SYNO_Certificate "$SYNO_Certificate"
|
||||
|
||||
default=false
|
||||
if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
|
||||
default=true
|
||||
fi
|
||||
_debug2 default "$default"
|
||||
|
||||
_info "Generate form POST request"
|
||||
nl="\015\012"
|
||||
delim="--------------------------$(_utc_date | tr -d -- '-: ')"
|
||||
content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\012"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\012"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\012"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}"
|
||||
content="$content${nl}--$delim--${nl}"
|
||||
content="$(printf "%b_" "$content")"
|
||||
content="${content%_}" # protect trailing \n
|
||||
|
||||
_info "Upload certificate to the Synology DSM"
|
||||
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}")
|
||||
_debug3 response "$response"
|
||||
|
||||
if ! echo "$response" | grep '"error":' >/dev/null; then
|
||||
if echo "$response" | grep '"restart_httpd":true' >/dev/null; then
|
||||
_info "http services were restarted"
|
||||
else
|
||||
_info "http services were NOT restarted"
|
||||
fi
|
||||
return 0
|
||||
else
|
||||
_err "Unable to update certificate, error code $response"
|
||||
return 1
|
||||
fi
|
||||
}
|
141
dnsapi/dns_constellix.sh
Normal file
141
dnsapi/dns_constellix.sh
Normal file
@ -0,0 +1,141 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Author: Wout Decre <wout@canodus.be>
|
||||
|
||||
CONSTELLIX_Api="https://api.dns.constellix.com/v1"
|
||||
#CONSTELLIX_Key="XXX"
|
||||
#CONSTELLIX_Secret="XXX"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
# Used to add txt record
|
||||
dns_constellix_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
|
||||
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
|
||||
|
||||
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
|
||||
_err "You did not specify the Contellix API key and secret yet."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key"
|
||||
_saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret"
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Adding TXT record"
|
||||
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":120,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then
|
||||
if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then
|
||||
_info "Added"
|
||||
return 0
|
||||
else
|
||||
_err "Error adding TXT record"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Usage: fulldomain txtvalue
|
||||
# Used to remove the txt record after validation
|
||||
dns_constellix_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
|
||||
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
|
||||
|
||||
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
|
||||
_err "You did not specify the Contellix API key and secret yet."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Removing TXT record"
|
||||
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then
|
||||
if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then
|
||||
_info "Removed"
|
||||
return 0
|
||||
else
|
||||
_err "Error removing TXT record"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=2
|
||||
p=1
|
||||
_debug "Detecting root zone"
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
if [ -z "$h" ]; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _constellix_rest GET "domains"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "\"name\":\"$h\""; then
|
||||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d ':' -f 2 | tr -d '}')
|
||||
if [ "$_domain_id" ]; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p)
|
||||
_domain="$h"
|
||||
|
||||
_debug _domain_id "$_domain_id"
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
_constellix_rest() {
|
||||
m=$1
|
||||
ep="$2"
|
||||
data="$3"
|
||||
_debug "$ep"
|
||||
|
||||
rdate=$(date +"%s")"000"
|
||||
hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64)
|
||||
|
||||
export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key"
|
||||
export _H2="x-cnsdns-requestDate: $rdate"
|
||||
export _H3="x-cnsdns-hmac: $hmac"
|
||||
export _H4="Accept: application/json"
|
||||
export _H5="Content-Type: application/json"
|
||||
|
||||
if [ "$m" != "GET" ]; then
|
||||
_debug data "$data"
|
||||
response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")"
|
||||
else
|
||||
response="$(_get "$CONSTELLIX_Api/$ep")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "Error $ep"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug response "$response"
|
||||
return 0
|
||||
}
|
@ -12,7 +12,7 @@
|
||||
# --
|
||||
#
|
||||
|
||||
DDNSS_DNS_API="https://ddnss.de/upd.php"
|
||||
DDNSS_DNS_API="https://ip4.ddnss.de/upd.php"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
|
121
dnsapi/dns_dynv6.sh
Normal file
121
dnsapi/dns_dynv6.sh
Normal file
@ -0,0 +1,121 @@
|
||||
#!/usr/bin/env sh
|
||||
#Author StefanAbl
|
||||
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
|
||||
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
|
||||
######## Public functions #####################
|
||||
# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
|
||||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_dynv6_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
_info "Using dynv6 api"
|
||||
_debug fulldomain "$fulldomain"
|
||||
_debug txtvalue "$txtvalue"
|
||||
_get_keyfile
|
||||
_info "using keyfile $dynv6_keyfile"
|
||||
_get_domain "$fulldomain"
|
||||
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
|
||||
if ! _contains "$_your_hosts" "$_host"; then
|
||||
_debug "The host is $_host and the record $_record"
|
||||
_debug "Dynv6 returned $_your_hosts"
|
||||
_err "The host $_host does not exists on your dynv6 account"
|
||||
return 1
|
||||
fi
|
||||
_debug "found host on your account"
|
||||
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
|
||||
_debug "Dynv6 returend this after record was added: $returnval"
|
||||
if _contains "$returnval" "created"; then
|
||||
return 0
|
||||
elif _contains "$returnval" "updated"; then
|
||||
return 0
|
||||
else
|
||||
_err "Something went wrong! it does not seem like the record was added succesfully"
|
||||
return 1
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
#Usage: fulldomain txtvalue
|
||||
#Remove the txt record after validation.
|
||||
dns_dynv6_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
_info "Using dynv6 api"
|
||||
_debug fulldomain "$fulldomain"
|
||||
_debug txtvalue "$txtvalue"
|
||||
_get_keyfile
|
||||
_info "using keyfile $dynv6_keyfile"
|
||||
_get_domain "$fulldomain"
|
||||
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
|
||||
if ! _contains "$_your_hosts" "$_host"; then
|
||||
_debug "The host is $_host and the record $_record"
|
||||
_debug "Dynv6 returned $_your_hosts"
|
||||
_err "The host $_host does not exists on your dynv6 account"
|
||||
return 1
|
||||
fi
|
||||
_debug "found host on your account"
|
||||
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
|
||||
return 0
|
||||
|
||||
}
|
||||
#################### Private functions below ##################################
|
||||
#Usage: No Input required
|
||||
#returns
|
||||
#dynv6_keyfile the path to the new keyfile that has been generated
|
||||
_generate_new_key() {
|
||||
dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6"
|
||||
_info "Path to key file used: $dynv6_keyfile"
|
||||
if [ ! -f "$dynv6_keyfile" ] && [ ! -f "$dynv6_keyfile.pub" ]; then
|
||||
_debug "generating key in $dynv6_keyfile and $dynv6_keyfile.pub"
|
||||
ssh-keygen -f "$dynv6_keyfile" -t ssh-ed25519 -N ''
|
||||
else
|
||||
_err "There is already a file in $dynv6_keyfile or $dynv6_keyfile.pub"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
#Usage: _acme-challenge.www.example.dynv6.net
|
||||
#returns
|
||||
#_host= example.dynv6.net
|
||||
#_record=_acme-challenge.www
|
||||
#aborts if not a valid domain
|
||||
_get_domain() {
|
||||
_full_domain="$1"
|
||||
_debug "getting domain for $_full_domain"
|
||||
if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy'; then
|
||||
_err "The hosts does not seem to be a dynv6 host"
|
||||
return 1
|
||||
fi
|
||||
_record="${_full_domain%.*}"
|
||||
_record="${_record%.*}"
|
||||
_record="${_record%.*}"
|
||||
_debug "The record we are ging to use is $_record"
|
||||
_host="$_full_domain"
|
||||
while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do
|
||||
_host="${_host#*.}"
|
||||
done
|
||||
_debug "And the host is $_host"
|
||||
return 0
|
||||
|
||||
}
|
||||
|
||||
# Usage: No input required
|
||||
#returns
|
||||
#dynv6_keyfile path to the key that will be used
|
||||
_get_keyfile() {
|
||||
_debug "get keyfile method called"
|
||||
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
|
||||
_debug Your key is "$dynv6_keyfile"
|
||||
if [ -z "$dynv6_keyfile" ]; then
|
||||
if [ -z "$KEY" ]; then
|
||||
_err "You did not specify a key to use with dynv6"
|
||||
_info "Creating new dynv6 api key to add to dynv6.com"
|
||||
_generate_new_key
|
||||
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
|
||||
_info "Hit Enter to contiue"
|
||||
read -r _
|
||||
#save the credentials to the account conf file.
|
||||
else
|
||||
dynv6_keyfile="$KEY"
|
||||
fi
|
||||
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
|
||||
fi
|
||||
}
|
168
dnsapi/dns_kas.sh
Executable file
168
dnsapi/dns_kas.sh
Executable file
@ -0,0 +1,168 @@
|
||||
#!/usr/bin/env sh
|
||||
########################################################################
|
||||
# All-inkl Kasserver hook script for acme.sh
|
||||
#
|
||||
# Environment variables:
|
||||
#
|
||||
# - $KAS_Login (Kasserver API login name)
|
||||
# - $KAS_Authtype (Kasserver API auth type. Default: sha1)
|
||||
# - $KAS_Authdata (Kasserver API auth data.)
|
||||
#
|
||||
# Author: Martin Kammerlander, Phlegx Systems OG <martin.kammerlander@phlegx.com>
|
||||
# Updated by: Marc-Oliver Lange <git@die-lang.es>
|
||||
# Credits: Inspired by dns_he.sh. Thanks a lot man!
|
||||
# Git repo: https://github.com/phlegx/acme.sh
|
||||
# TODO: Better Error handling
|
||||
########################################################################
|
||||
KAS_Api="https://kasapi.kasserver.com/dokumentation/formular.php"
|
||||
######## Public functions #####################
|
||||
dns_kas_add() {
|
||||
_fulldomain=$1
|
||||
_txtvalue=$2
|
||||
_info "Using DNS-01 All-inkl/Kasserver hook"
|
||||
_info "Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver"
|
||||
_info "Check and Save Props"
|
||||
_check_and_save
|
||||
_info "Checking Zone and Record_Name"
|
||||
_get_zone_and_record_name "$_fulldomain"
|
||||
_info "Getting Record ID"
|
||||
_get_record_id
|
||||
|
||||
_info "Creating TXT DNS record"
|
||||
params="?kas_login=$KAS_Login"
|
||||
params="$params&kas_auth_type=$KAS_Authtype"
|
||||
params="$params&kas_auth_data=$KAS_Authdata"
|
||||
params="$params&var1=record_name"
|
||||
params="$params&wert1=$_record_name"
|
||||
params="$params&var2=record_type"
|
||||
params="$params&wert2=TXT"
|
||||
params="$params&var3=record_data"
|
||||
params="$params&wert3=$_txtvalue"
|
||||
params="$params&var4=record_aux"
|
||||
params="$params&wert4=0"
|
||||
params="$params&kas_action=add_dns_settings"
|
||||
params="$params&var5=zone_host"
|
||||
params="$params&wert5=$_zone"
|
||||
_debug2 "Wait for 10 seconds by default before calling KAS API."
|
||||
_sleep 10
|
||||
response="$(_get "$KAS_Api$params")"
|
||||
_debug2 "response" "$response"
|
||||
|
||||
if ! _contains "$response" "TRUE"; then
|
||||
_err "An unkown error occurred, please check manually."
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
dns_kas_rm() {
|
||||
_fulldomain=$1
|
||||
_txtvalue=$2
|
||||
_info "Using DNS-01 All-inkl/Kasserver hook"
|
||||
_info "Cleaning up after All-inkl/Kasserver hook"
|
||||
_info "Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver"
|
||||
|
||||
_info "Check and Save Props"
|
||||
_check_and_save
|
||||
_info "Checking Zone and Record_Name"
|
||||
_get_zone_and_record_name "$_fulldomain"
|
||||
_info "Getting Record ID"
|
||||
_get_record_id
|
||||
|
||||
# If there is a record_id, delete the entry
|
||||
if [ -n "$_record_id" ]; then
|
||||
params="?kas_login=$KAS_Login"
|
||||
params="$params&kas_auth_type=$KAS_Authtype"
|
||||
params="$params&kas_auth_data=$KAS_Authdata"
|
||||
params="$params&kas_action=delete_dns_settings"
|
||||
|
||||
for i in $_record_id; do
|
||||
params2="$params&var1=record_id"
|
||||
params2="$params2&wert1=$i"
|
||||
_debug2 "Wait for 10 seconds by default before calling KAS API."
|
||||
_sleep 10
|
||||
response="$(_get "$KAS_Api$params2")"
|
||||
_debug2 "response" "$response"
|
||||
if ! _contains "$response" "TRUE"; then
|
||||
_err "Either the txt record is not found or another error occurred, please check manually."
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
else # Cannot delete or unkown error
|
||||
_err "No record_id found that can be deleted. Please check manually."
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
########################## PRIVATE FUNCTIONS ###########################
|
||||
|
||||
# Checks for the ENV variables and saves them
|
||||
_check_and_save() {
|
||||
KAS_Login="${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}"
|
||||
KAS_Authtype="${KAS_Authtype:-$(_readaccountconf_mutable KAS_Authtype)}"
|
||||
KAS_Authdata="${KAS_Authdata:-$(_readaccountconf_mutable KAS_Authdata)}"
|
||||
|
||||
if [ -z "$KAS_Login" ] || [ -z "$KAS_Authtype" ] || [ -z "$KAS_Authdata" ]; then
|
||||
KAS_Login=
|
||||
KAS_Authtype=
|
||||
KAS_Authdata=
|
||||
_err "No auth details provided. Please set user credentials using the \$KAS_Login, \$KAS_Authtype, and \$KAS_Authdata environment variables."
|
||||
return 1
|
||||
fi
|
||||
_saveaccountconf_mutable KAS_Login "$KAS_Login"
|
||||
_saveaccountconf_mutable KAS_Authtype "$KAS_Authtype"
|
||||
_saveaccountconf_mutable KAS_Authdata "$KAS_Authdata"
|
||||
return 0
|
||||
}
|
||||
|
||||
# Gets back the base domain/zone and record name.
|
||||
# See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
|
||||
_get_zone_and_record_name() {
|
||||
params="?kas_login=$KAS_Login"
|
||||
params="?kas_login=$KAS_Login"
|
||||
params="$params&kas_auth_type=$KAS_Authtype"
|
||||
params="$params&kas_auth_data=$KAS_Authdata"
|
||||
params="$params&kas_action=get_domains"
|
||||
|
||||
_debug2 "Wait for 10 seconds by default before calling KAS API."
|
||||
_sleep 10
|
||||
response="$(_get "$KAS_Api$params")"
|
||||
_debug2 "response" "$response"
|
||||
_zonen="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "domain_name" | tr '<' '\n' | grep "domain_name" | sed "s/domain_name>=>//g")"
|
||||
_domain="$1"
|
||||
_temp_domain="$(echo "$1" | sed 's/\.$//')"
|
||||
_rootzone="$_domain"
|
||||
for i in $_zonen; do
|
||||
l1=${#_rootzone}
|
||||
l2=${#i}
|
||||
if _endswith "$_domain" "$i" && [ "$l1" -ge "$l2" ]; then
|
||||
_rootzone="$i"
|
||||
fi
|
||||
done
|
||||
_zone="${_rootzone}."
|
||||
_temp_record_name="$(echo "$_temp_domain" | sed "s/$_rootzone//g")"
|
||||
_record_name="$(echo "$_temp_record_name" | sed 's/\.$//')"
|
||||
_debug2 "Zone:" "$_zone"
|
||||
_debug2 "Domain:" "$_domain"
|
||||
_debug2 "Record_Name:" "$_record_name"
|
||||
return 0
|
||||
}
|
||||
|
||||
# Retrieve the DNS record ID
|
||||
_get_record_id() {
|
||||
params="?kas_login=$KAS_Login"
|
||||
params="$params&kas_auth_type=$KAS_Authtype"
|
||||
params="$params&kas_auth_data=$KAS_Authdata"
|
||||
params="$params&kas_action=get_dns_settings"
|
||||
params="$params&var1=zone_host"
|
||||
params="$params&wert1=$_zone"
|
||||
|
||||
_debug2 "Wait for 10 seconds by default before calling KAS API."
|
||||
_sleep 10
|
||||
response="$(_get "$KAS_Api$params")"
|
||||
_debug2 "response" "$response"
|
||||
_record_id="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "=>$_record_name<" | grep '>TXT<' | tr '<' '\n' | grep record_id | sed "s/record_id>=>//g")"
|
||||
_debug2 _record_id "$_record_id"
|
||||
return 0
|
||||
}
|
@ -114,7 +114,7 @@ _get_root() {
|
||||
fi
|
||||
|
||||
if _contains "$response" "\"name\":\"$h\""; then
|
||||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d : -f 2 | tr -d '}')
|
||||
_domain_id=$(printf "%s\n" "$response" | cut -c 2- | head -c -2 | sed 's/{.*}//' | sed -r 's/^.*"id":([0-9]+).*$/\1/')
|
||||
if [ "$_domain_id" ]; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
|
273
dnsapi/dns_opnsense.sh
Executable file
273
dnsapi/dns_opnsense.sh
Executable file
@ -0,0 +1,273 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#OPNsense Bind API
|
||||
#https://docs.opnsense.org/development/api.html
|
||||
#
|
||||
#OPNs_Host="opnsense.example.com"
|
||||
#OPNs_Port="443"
|
||||
# optional, defaults to 443 if unset
|
||||
#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
|
||||
#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
|
||||
#OPNs_Api_Insecure=0
|
||||
# optional, defaults to 0 if unset
|
||||
# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
|
||||
|
||||
######## Public functions #####################
|
||||
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
|
||||
#fulldomain
|
||||
#txtvalue
|
||||
OPNs_DefaultPort=443
|
||||
OPNs_DefaultApi_Insecure=0
|
||||
|
||||
dns_opnsense_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_opns_check_auth || return 1
|
||||
|
||||
if ! set_record "$fulldomain" "$txtvalue"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
#fulldomain
|
||||
dns_opnsense_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_opns_check_auth || return 1
|
||||
|
||||
if ! rm_record "$fulldomain" "$txtvalue"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
set_record() {
|
||||
fulldomain=$1
|
||||
new_challenge=$2
|
||||
_info "Adding record $fulldomain with challenge: $new_challenge"
|
||||
|
||||
_debug "Detect root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _domain "$_domain"
|
||||
_debug _host "$_host"
|
||||
_debug _domainid "$_domainid"
|
||||
_return_str=""
|
||||
_record_string=""
|
||||
_build_record_string "$_domainid" "$_host" "$new_challenge"
|
||||
_uuid=""
|
||||
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then
|
||||
# Update
|
||||
if _opns_rest "POST" "/record/setRecord/${_uuid}" "$_record_string"; then
|
||||
_return_str="$response"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
else
|
||||
#create
|
||||
if _opns_rest "POST" "/record/addRecord" "$_record_string"; then
|
||||
_return_str="$response"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if echo "$_return_str" | _egrep_o "\"result\":\"saved\"" >/dev/null; then
|
||||
_opns_rest "POST" "/service/reconfigure" "{}"
|
||||
_debug "Record created"
|
||||
else
|
||||
_err "Error creating record $_record_string"
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
rm_record() {
|
||||
fulldomain=$1
|
||||
new_challenge="$2"
|
||||
_info "Remove record $fulldomain with challenge: $new_challenge"
|
||||
|
||||
_debug "Detect root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _domain "$_domain"
|
||||
_debug _host "$_host"
|
||||
_debug _domainid "$_domainid"
|
||||
_uuid=""
|
||||
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then
|
||||
# Delete
|
||||
if _opns_rest "POST" "/record/delRecord/${_uuid}" "\{\}"; then
|
||||
if echo "$_return_str" | _egrep_o "\"result\":\"deleted\"" >/dev/null; then
|
||||
_opns_rest "POST" "/service/reconfigure" "{}"
|
||||
_debug "Record deleted"
|
||||
else
|
||||
_err "Error deleting record $_host from domain $fulldomain"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
_err "Error deleting record $_host from domain $fulldomain"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
_info "Record not found, nothing to remove"
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
#_acme-challenge.www.domain.com
|
||||
#returns
|
||||
# _domainid=domid
|
||||
#_domain=domain.com
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=2
|
||||
p=1
|
||||
if _opns_rest "GET" "/domain/get"; then
|
||||
_domain_response="$response"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
if [ -z "$h" ]; then
|
||||
#not valid
|
||||
return 1
|
||||
fi
|
||||
_debug h "$h"
|
||||
id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\",\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2)
|
||||
|
||||
if [ -n "$id" ]; then
|
||||
_debug id "$id"
|
||||
_host=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="${h}"
|
||||
_domainid="${id}"
|
||||
return 0
|
||||
fi
|
||||
p=$i
|
||||
i=$(_math $i + 1)
|
||||
done
|
||||
_debug "$domain not found"
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
_opns_rest() {
|
||||
method=$1
|
||||
ep=$2
|
||||
data=$3
|
||||
#Percent encode user and token
|
||||
key=$(echo "$OPNs_Key" | tr -d "\n\r" | _url_encode)
|
||||
token=$(echo "$OPNs_Token" | tr -d "\n\r" | _url_encode)
|
||||
|
||||
opnsense_url="https://${key}:${token}@${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}"
|
||||
export _H1="Content-Type: application/json"
|
||||
_debug2 "Try to call api: https://${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}"
|
||||
if [ ! "$method" = "GET" ]; then
|
||||
_debug data "$data"
|
||||
export _H1="Content-Type: application/json"
|
||||
response="$(_post "$data" "$opnsense_url" "" "$method")"
|
||||
else
|
||||
export _H1=""
|
||||
response="$(_get "$opnsense_url")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "error $ep"
|
||||
return 1
|
||||
fi
|
||||
_debug2 response "$response"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_build_record_string() {
|
||||
_record_string="{\"record\":{\"enabled\":\"1\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"}}"
|
||||
}
|
||||
|
||||
_existingchallenge() {
|
||||
if _opns_rest "GET" "/record/searchRecord"; then
|
||||
_record_response="$response"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
_uuid=""
|
||||
_uuid=$(echo "$_record_response" | _egrep_o "\"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"" | cut -d ':' -f 2 | cut -d '"' -f 2)
|
||||
|
||||
if [ -n "$_uuid" ]; then
|
||||
_debug uuid "$_uuid"
|
||||
return 0
|
||||
fi
|
||||
_debug "${2}.$1{1} record not found"
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
_opns_check_auth() {
|
||||
OPNs_Host="${OPNs_Host:-$(_readaccountconf_mutable OPNs_Host)}"
|
||||
OPNs_Port="${OPNs_Port:-$(_readaccountconf_mutable OPNs_Port)}"
|
||||
OPNs_Key="${OPNs_Key:-$(_readaccountconf_mutable OPNs_Key)}"
|
||||
OPNs_Token="${OPNs_Token:-$(_readaccountconf_mutable OPNs_Token)}"
|
||||
OPNs_Api_Insecure="${OPNs_Api_Insecure:-$(_readaccountconf_mutable OPNs_Api_Insecure)}"
|
||||
|
||||
if [ -z "$OPNs_Host" ]; then
|
||||
_err "You don't specify OPNsense address."
|
||||
return 1
|
||||
else
|
||||
_saveaccountconf_mutable OPNs_Host "$OPNs_Host"
|
||||
fi
|
||||
|
||||
if ! printf '%s' "$OPNs_Port" | grep '^[0-9]*$' >/dev/null; then
|
||||
_err 'OPNs_Port specified but not numeric value'
|
||||
return 1
|
||||
elif [ -z "$OPNs_Port" ]; then
|
||||
_info "OPNSense port not specified. Defaulting to using port $OPNs_DefaultPort"
|
||||
else
|
||||
_saveaccountconf_mutable OPNs_Port "$OPNs_Port"
|
||||
fi
|
||||
|
||||
if ! printf '%s' "$OPNs_Api_Insecure" | grep '^[01]$' >/dev/null; then
|
||||
_err 'OPNs_Api_Insecure specified but not 0/1 value'
|
||||
return 1
|
||||
elif [ -n "$OPNs_Api_Insecure" ]; then
|
||||
_saveaccountconf_mutable OPNs_Api_Insecure "$OPNs_Api_Insecure"
|
||||
fi
|
||||
export HTTPS_INSECURE="${OPNs_Api_Insecure:-$OPNs_DefaultApi_Insecure}"
|
||||
|
||||
if [ -z "$OPNs_Key" ]; then
|
||||
_err "you have not specified your OPNsense api key id."
|
||||
_err "Please set OPNs_Key and try again."
|
||||
return 1
|
||||
else
|
||||
_saveaccountconf_mutable OPNs_Key "$OPNs_Key"
|
||||
fi
|
||||
|
||||
if [ -z "$OPNs_Token" ]; then
|
||||
_err "you have not specified your OPNsense token."
|
||||
_err "Please create OPNs_Token and try again."
|
||||
return 1
|
||||
else
|
||||
_saveaccountconf_mutable OPNs_Token "$OPNs_Token"
|
||||
fi
|
||||
|
||||
if ! _opns_rest "GET" "/general/get"; then
|
||||
_err "Call to OPNsense API interface failed. Unable to access OPNsense API."
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
Loading…
Reference in New Issue
Block a user