forked from Github/acme.sh
neil
5 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 1000 additions and 6 deletions
-
8acme.sh
-
139deploy/panos.sh
-
152deploy/synology_dsm.sh
-
141dnsapi/dns_constellix.sh
-
2dnsapi/dns_ddnss.sh
-
121dnsapi/dns_dynv6.sh
-
168dnsapi/dns_kas.sh
-
2dnsapi/dns_me.sh
-
273dnsapi/dns_opnsense.sh
@ -0,0 +1,139 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script to deploy certificates to Palo Alto Networks PANOS via API |
||||
|
# Note PANOS API KEY and IP address needs to be set prior to running. |
||||
|
# The following variables exported from environment will be used. |
||||
|
# If not set then values previously saved in domain.conf file are used. |
||||
|
# |
||||
|
# Firewall admin with superuser and IP address is required. |
||||
|
# |
||||
|
# export PANOS_USER="" # required |
||||
|
# export PANOS_PASS="" # required |
||||
|
# export PANOS_HOST="" # required |
||||
|
|
||||
|
# This function is to parse the XML |
||||
|
parse_response() { |
||||
|
type=$2 |
||||
|
if [ "$type" = 'keygen' ]; then |
||||
|
status=$(echo "$1" | sed 's/^.*\(['\'']\)\([a-z]*\)'\''.*/\2/g') |
||||
|
if [ "$status" = "success" ]; then |
||||
|
panos_key=$(echo "$1" | sed 's/^.*\(<key>\)\(.*\)<\/key>.*/\2/g') |
||||
|
_panos_key=$panos_key |
||||
|
else |
||||
|
message="PAN-OS Key could not be set." |
||||
|
fi |
||||
|
else |
||||
|
status=$(echo "$1" | sed 's/^.*"\([a-z]*\)".*/\1/g') |
||||
|
message=$(echo "$1" | sed 's/^.*<result>\(.*\)<\/result.*/\1/g') |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
deployer() { |
||||
|
content="" |
||||
|
type=$1 # Types are keygen, cert, key, commit |
||||
|
_debug "**** Deploying $type *****" |
||||
|
panos_url="https://$_panos_host/api/" |
||||
|
if [ "$type" = 'keygen' ]; then |
||||
|
_H1="Content-Type: application/x-www-form-urlencoded" |
||||
|
content="type=keygen&user=$_panos_user&password=$_panos_pass" |
||||
|
# content="$content${nl}--$delim${nl}Content-Disposition: form-data; type=\"keygen\"; user=\"$_panos_user\"; password=\"$_panos_pass\"${nl}Content-Type: application/octet-stream${nl}${nl}" |
||||
|
fi |
||||
|
|
||||
|
if [ "$type" = 'cert' ] || [ "$type" = 'key' ]; then |
||||
|
#Generate DEIM |
||||
|
delim="-----MultipartDelimiter$(date "+%s%N")" |
||||
|
nl="\015\012" |
||||
|
#Set Header |
||||
|
export _H1="Content-Type: multipart/form-data; boundary=$delim" |
||||
|
if [ "$type" = 'cert' ]; then |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\ncertificate" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" |
||||
|
fi |
||||
|
if [ "$type" = 'key' ]; then |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"type\"\r\n\r\n\r\nimport" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\n\r\nprivate-key" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n\r\n$_cdomain" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n\r\n$_panos_key" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\n\r\npem" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n\r\n123456" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" |
||||
|
fi |
||||
|
#Close multipart |
||||
|
content="$content${nl}--$delim--${nl}" |
||||
|
#Convert CRLF |
||||
|
content=$(printf %b "$content") |
||||
|
fi |
||||
|
|
||||
|
if [ "$type" = 'commit' ]; then |
||||
|
export _H1="Content-Type: application/x-www-form-urlencoded" |
||||
|
cmd=$(printf "%s" "<commit><partial><$_panos_user></$_panos_user></partial></commit>" | _url_encode) |
||||
|
content="type=commit&key=$_panos_key&cmd=$cmd" |
||||
|
fi |
||||
|
response=$(_post "$content" "$panos_url" "" "POST") |
||||
|
parse_response "$response" "$type" |
||||
|
# Saving response to variables |
||||
|
response_status=$status |
||||
|
#DEBUG |
||||
|
_debug response_status "$response_status" |
||||
|
if [ "$response_status" = "success" ]; then |
||||
|
_debug "Successfully deployed $type" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Deploy of type $type failed. Try deploying with --debug to troubleshoot." |
||||
|
_debug "$message" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# This is the main function that will call the other functions to deploy everything. |
||||
|
panos_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_cfullchain="$5" |
||||
|
# PANOS ENV VAR check |
||||
|
if [ -z "$PANOS_USER" ] || [ -z "$PANOS_PASS" ] || [ -z "$PANOS_HOST" ]; then |
||||
|
_debug "No ENV variables found lets check for saved variables" |
||||
|
_getdeployconf PANOS_USER |
||||
|
_getdeployconf PANOS_PASS |
||||
|
_getdeployconf PANOS_HOST |
||||
|
_panos_user=$PANOS_USER |
||||
|
_panos_pass=$PANOS_PASS |
||||
|
_panos_host=$PANOS_HOST |
||||
|
if [ -z "$_panos_user" ] && [ -z "$_panos_pass" ] && [ -z "$_panos_host" ]; then |
||||
|
_err "No host, user and pass found.. If this is the first time deploying please set PANOS_HOST, PANOS_USER and PANOS_PASS in environment variables. Delete them after you have succesfully deployed certs." |
||||
|
return 1 |
||||
|
else |
||||
|
_debug "Using saved env variables." |
||||
|
fi |
||||
|
else |
||||
|
_debug "Detected ENV variables to be saved to the deploy conf." |
||||
|
# Encrypt and save user |
||||
|
_savedeployconf PANOS_USER "$PANOS_USER" 1 |
||||
|
_savedeployconf PANOS_PASS "$PANOS_PASS" 1 |
||||
|
_savedeployconf PANOS_HOST "$PANOS_HOST" 1 |
||||
|
_panos_user="$PANOS_USER" |
||||
|
_panos_pass="$PANOS_PASS" |
||||
|
_panos_host="$PANOS_HOST" |
||||
|
fi |
||||
|
_debug "Let's use username and pass to generate token." |
||||
|
if [ -z "$_panos_user" ] || [ -z "$_panos_pass" ] || [ -z "$_panos_host" ]; then |
||||
|
_err "Please pass username and password and host as env variables PANOS_USER, PANOS_PASS and PANOS_HOST" |
||||
|
return 1 |
||||
|
else |
||||
|
_debug "Getting PANOS KEY" |
||||
|
deployer keygen |
||||
|
if [ -z "$_panos_key" ]; then |
||||
|
_err "Missing apikey." |
||||
|
return 1 |
||||
|
else |
||||
|
deployer cert |
||||
|
deployer key |
||||
|
deployer commit |
||||
|
fi |
||||
|
fi |
||||
|
} |
@ -0,0 +1,152 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Here is a script to deploy cert to Synology DSM |
||||
|
# |
||||
|
# it requires the jq and curl are in the $PATH and the following |
||||
|
# environment variables must be set: |
||||
|
# |
||||
|
# SYNO_Username - Synology Username to login (must be an administrator) |
||||
|
# SYNO_Password - Synology Password to login |
||||
|
# SYNO_Certificate - Certificate description to target for replacement |
||||
|
# |
||||
|
# The following environmental variables may be set if you don't like their |
||||
|
# default values: |
||||
|
# |
||||
|
# SYNO_Scheme - defaults to http |
||||
|
# SYNO_Hostname - defaults to localhost |
||||
|
# SYNO_Port - defaults to 5000 |
||||
|
# |
||||
|
#returns 0 means success, otherwise error. |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
_syno_get_cookie_data() { |
||||
|
grep "\W$1=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
||||
|
} |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
synology_dsm_deploy() { |
||||
|
|
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
|
||||
|
# Get Username and Password, but don't save until we successfully authenticate |
||||
|
_getdeployconf SYNO_Username |
||||
|
_getdeployconf SYNO_Password |
||||
|
_getdeployconf SYNO_Create |
||||
|
if [ -z "$SYNO_Username" ] || [ -z "$SYNO_Password" ]; then |
||||
|
SYNO_Username="" |
||||
|
SYNO_Password="" |
||||
|
_err "SYNO_Username & SYNO_Password must be set" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 SYNO_Username "$SYNO_Username" |
||||
|
_secure_debug2 SYNO_Password "$SYNO_Password" |
||||
|
|
||||
|
# Optional scheme, hostname, and port for Synology DSM |
||||
|
_getdeployconf SYNO_Scheme |
||||
|
_getdeployconf SYNO_Hostname |
||||
|
_getdeployconf SYNO_Port |
||||
|
|
||||
|
# default vaules for scheme, hostname, and port |
||||
|
# defaulting to localhost and http because it's localhost... |
||||
|
[ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http" |
||||
|
[ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost" |
||||
|
[ -n "${SYNO_Port}" ] || SYNO_Port="5000" |
||||
|
|
||||
|
_savedeployconf SYNO_Scheme "$SYNO_Scheme" |
||||
|
_savedeployconf SYNO_Hostname "$SYNO_Hostname" |
||||
|
_savedeployconf SYNO_Port "$SYNO_Port" |
||||
|
|
||||
|
_debug2 SYNO_Scheme "$SYNO_Scheme" |
||||
|
_debug2 SYNO_Hostname "$SYNO_Hostname" |
||||
|
_debug2 SYNO_Port "$SYNO_Port" |
||||
|
|
||||
|
# Get the certificate description, but don't save it until we verfiy it's real |
||||
|
_getdeployconf SYNO_Certificate |
||||
|
if [ -z "${SYNO_Certificate:?}" ]; then |
||||
|
_err "SYNO_Certificate needs to be defined (with the Certificate description name)" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug SYNO_Certificate "$SYNO_Certificate" |
||||
|
|
||||
|
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port" |
||||
|
_debug _base_url "$_base_url" |
||||
|
|
||||
|
# Login, get the token from JSON and session id from cookie |
||||
|
_info "Logging into $SYNO_Hostname:$SYNO_Port" |
||||
|
response=$(_get "$_base_url/webman/login.cgi?username=$SYNO_Username&passwd=$SYNO_Password&enable_syno_token=yes") |
||||
|
token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p') |
||||
|
_debug3 response "$response" |
||||
|
|
||||
|
if [ -z "$token" ]; then |
||||
|
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." |
||||
|
_err "Check your username and password." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")" |
||||
|
_H2="X-SYNO-TOKEN: $token" |
||||
|
export _H1 |
||||
|
export _H2 |
||||
|
_debug2 H1 "${_H1}" |
||||
|
_debug2 H2 "${_H2}" |
||||
|
|
||||
|
# Now that we know the username and password are good, save them |
||||
|
_savedeployconf SYNO_Username "$SYNO_Username" |
||||
|
_savedeployconf SYNO_Password "$SYNO_Password" |
||||
|
_debug token "$token" |
||||
|
|
||||
|
_info "Getting certificates in Synology DSM" |
||||
|
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi") |
||||
|
_debug3 response "$response" |
||||
|
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p") |
||||
|
_debug2 id "$id" |
||||
|
|
||||
|
if [ -z "$id" ] && [ -z "${SYNO_Create:?}" ]; then |
||||
|
_err "Unable to find certificate: $SYNO_Certificate and \$SYNO_Create is not set" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# we've verified this certificate description is a thing, so save it |
||||
|
_savedeployconf SYNO_Certificate "$SYNO_Certificate" |
||||
|
|
||||
|
default=false |
||||
|
if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then |
||||
|
default=true |
||||
|
fi |
||||
|
_debug2 default "$default" |
||||
|
|
||||
|
_info "Generate form POST request" |
||||
|
nl="\015\012" |
||||
|
delim="--------------------------$(_utc_date | tr -d -- '-: ')" |
||||
|
content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\012" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\012" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\012" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}" |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}" |
||||
|
content="$content${nl}--$delim--${nl}" |
||||
|
content="$(printf "%b_" "$content")" |
||||
|
content="${content%_}" # protect trailing \n |
||||
|
|
||||
|
_info "Upload certificate to the Synology DSM" |
||||
|
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}") |
||||
|
_debug3 response "$response" |
||||
|
|
||||
|
if ! echo "$response" | grep '"error":' >/dev/null; then |
||||
|
if echo "$response" | grep '"restart_httpd":true' >/dev/null; then |
||||
|
_info "http services were restarted" |
||||
|
else |
||||
|
_info "http services were NOT restarted" |
||||
|
fi |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Unable to update certificate, error code $response" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
@ -0,0 +1,141 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Author: Wout Decre <wout@canodus.be> |
||||
|
|
||||
|
CONSTELLIX_Api="https://api.dns.constellix.com/v1" |
||||
|
#CONSTELLIX_Key="XXX" |
||||
|
#CONSTELLIX_Secret="XXX" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_constellix_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
||||
|
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" |
||||
|
|
||||
|
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
||||
|
_err "You did not specify the Contellix API key and secret yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key" |
||||
|
_saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret" |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Adding TXT record" |
||||
|
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":120,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then |
||||
|
if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then |
||||
|
_info "Added" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Error adding TXT record" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_constellix_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}" |
||||
|
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}" |
||||
|
|
||||
|
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then |
||||
|
_err "You did not specify the Contellix API key and secret yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Removing TXT record" |
||||
|
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then |
||||
|
if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then |
||||
|
_info "Removed" |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Error removing TXT record" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
_debug "Detecting root zone" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _constellix_rest GET "domains"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | head -n 1 | cut -d ':' -f 2 | tr -d '}') |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) |
||||
|
_domain="$h" |
||||
|
|
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_constellix_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
rdate=$(date +"%s")"000" |
||||
|
hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64) |
||||
|
|
||||
|
export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key" |
||||
|
export _H2="x-cnsdns-requestDate: $rdate" |
||||
|
export _H3="x-cnsdns-hmac: $hmac" |
||||
|
export _H4="Accept: application/json" |
||||
|
export _H5="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$CONSTELLIX_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "Error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,121 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
#Author StefanAbl |
||||
|
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' |
||||
|
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub |
||||
|
######## Public functions ##################### |
||||
|
# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide |
||||
|
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_dynv6_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using dynv6 api" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
_get_keyfile |
||||
|
_info "using keyfile $dynv6_keyfile" |
||||
|
_get_domain "$fulldomain" |
||||
|
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" |
||||
|
if ! _contains "$_your_hosts" "$_host"; then |
||||
|
_debug "The host is $_host and the record $_record" |
||||
|
_debug "Dynv6 returned $_your_hosts" |
||||
|
_err "The host $_host does not exists on your dynv6 account" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "found host on your account" |
||||
|
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" |
||||
|
_debug "Dynv6 returend this after record was added: $returnval" |
||||
|
if _contains "$returnval" "created"; then |
||||
|
return 0 |
||||
|
elif _contains "$returnval" "updated"; then |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Something went wrong! it does not seem like the record was added succesfully" |
||||
|
return 1 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_dynv6_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_info "Using dynv6 api" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
_get_keyfile |
||||
|
_info "using keyfile $dynv6_keyfile" |
||||
|
_get_domain "$fulldomain" |
||||
|
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" |
||||
|
if ! _contains "$_your_hosts" "$_host"; then |
||||
|
_debug "The host is $_host and the record $_record" |
||||
|
_debug "Dynv6 returned $_your_hosts" |
||||
|
_err "The host $_host does not exists on your dynv6 account" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug "found host on your account" |
||||
|
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" |
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
#################### Private functions below ################################## |
||||
|
#Usage: No Input required |
||||
|
#returns |
||||
|
#dynv6_keyfile the path to the new keyfile that has been generated |
||||
|
_generate_new_key() { |
||||
|
dynv6_keyfile="$(eval echo ~"$USER")/.ssh/dynv6" |
||||
|
_info "Path to key file used: $dynv6_keyfile" |
||||
|
if [ ! -f "$dynv6_keyfile" ] && [ ! -f "$dynv6_keyfile.pub" ]; then |
||||
|
_debug "generating key in $dynv6_keyfile and $dynv6_keyfile.pub" |
||||
|
ssh-keygen -f "$dynv6_keyfile" -t ssh-ed25519 -N '' |
||||
|
else |
||||
|
_err "There is already a file in $dynv6_keyfile or $dynv6_keyfile.pub" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
#Usage: _acme-challenge.www.example.dynv6.net |
||||
|
#returns |
||||
|
#_host= example.dynv6.net |
||||
|
#_record=_acme-challenge.www |
||||
|
#aborts if not a valid domain |
||||
|
_get_domain() { |
||||
|
_full_domain="$1" |
||||
|
_debug "getting domain for $_full_domain" |
||||
|
if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy'; then |
||||
|
_err "The hosts does not seem to be a dynv6 host" |
||||
|
return 1 |
||||
|
fi |
||||
|
_record="${_full_domain%.*}" |
||||
|
_record="${_record%.*}" |
||||
|
_record="${_record%.*}" |
||||
|
_debug "The record we are ging to use is $_record" |
||||
|
_host="$_full_domain" |
||||
|
while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do |
||||
|
_host="${_host#*.}" |
||||
|
done |
||||
|
_debug "And the host is $_host" |
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
# Usage: No input required |
||||
|
#returns |
||||
|
#dynv6_keyfile path to the key that will be used |
||||
|
_get_keyfile() { |
||||
|
_debug "get keyfile method called" |
||||
|
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" |
||||
|
_debug Your key is "$dynv6_keyfile" |
||||
|
if [ -z "$dynv6_keyfile" ]; then |
||||
|
if [ -z "$KEY" ]; then |
||||
|
_err "You did not specify a key to use with dynv6" |
||||
|
_info "Creating new dynv6 api key to add to dynv6.com" |
||||
|
_generate_new_key |
||||
|
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" |
||||
|
_info "Hit Enter to contiue" |
||||
|
read -r _ |
||||
|
#save the credentials to the account conf file. |
||||
|
else |
||||
|
dynv6_keyfile="$KEY" |
||||
|
fi |
||||
|
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" |
||||
|
fi |
||||
|
} |
@ -0,0 +1,168 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
######################################################################## |
||||
|
# All-inkl Kasserver hook script for acme.sh |
||||
|
# |
||||
|
# Environment variables: |
||||
|
# |
||||
|
# - $KAS_Login (Kasserver API login name) |
||||
|
# - $KAS_Authtype (Kasserver API auth type. Default: sha1) |
||||
|
# - $KAS_Authdata (Kasserver API auth data.) |
||||
|
# |
||||
|
# Author: Martin Kammerlander, Phlegx Systems OG <martin.kammerlander@phlegx.com> |
||||
|
# Updated by: Marc-Oliver Lange <git@die-lang.es> |
||||
|
# Credits: Inspired by dns_he.sh. Thanks a lot man! |
||||
|
# Git repo: https://github.com/phlegx/acme.sh |
||||
|
# TODO: Better Error handling |
||||
|
######################################################################## |
||||
|
KAS_Api="https://kasapi.kasserver.com/dokumentation/formular.php" |
||||
|
######## Public functions ##################### |
||||
|
dns_kas_add() { |
||||
|
_fulldomain=$1 |
||||
|
_txtvalue=$2 |
||||
|
_info "Using DNS-01 All-inkl/Kasserver hook" |
||||
|
_info "Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" |
||||
|
_info "Check and Save Props" |
||||
|
_check_and_save |
||||
|
_info "Checking Zone and Record_Name" |
||||
|
_get_zone_and_record_name "$_fulldomain" |
||||
|
_info "Getting Record ID" |
||||
|
_get_record_id |
||||
|
|
||||
|
_info "Creating TXT DNS record" |
||||
|
params="?kas_login=$KAS_Login" |
||||
|
params="$params&kas_auth_type=$KAS_Authtype" |
||||
|
params="$params&kas_auth_data=$KAS_Authdata" |
||||
|
params="$params&var1=record_name" |
||||
|
params="$params&wert1=$_record_name" |
||||
|
params="$params&var2=record_type" |
||||
|
params="$params&wert2=TXT" |
||||
|
params="$params&var3=record_data" |
||||
|
params="$params&wert3=$_txtvalue" |
||||
|
params="$params&var4=record_aux" |
||||
|
params="$params&wert4=0" |
||||
|
params="$params&kas_action=add_dns_settings" |
||||
|
params="$params&var5=zone_host" |
||||
|
params="$params&wert5=$_zone" |
||||
|
_debug2 "Wait for 10 seconds by default before calling KAS API." |
||||
|
_sleep 10 |
||||
|
response="$(_get "$KAS_Api$params")" |
||||
|
_debug2 "response" "$response" |
||||
|
|
||||
|
if ! _contains "$response" "TRUE"; then |
||||
|
_err "An unkown error occurred, please check manually." |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
dns_kas_rm() { |
||||
|
_fulldomain=$1 |
||||
|
_txtvalue=$2 |
||||
|
_info "Using DNS-01 All-inkl/Kasserver hook" |
||||
|
_info "Cleaning up after All-inkl/Kasserver hook" |
||||
|
_info "Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" |
||||
|
|
||||
|
_info "Check and Save Props" |
||||
|
_check_and_save |
||||
|
_info "Checking Zone and Record_Name" |
||||
|
_get_zone_and_record_name "$_fulldomain" |
||||
|
_info "Getting Record ID" |
||||
|
_get_record_id |
||||
|
|
||||
|
# If there is a record_id, delete the entry |
||||
|
if [ -n "$_record_id" ]; then |
||||
|
params="?kas_login=$KAS_Login" |
||||
|
params="$params&kas_auth_type=$KAS_Authtype" |
||||
|
params="$params&kas_auth_data=$KAS_Authdata" |
||||
|
params="$params&kas_action=delete_dns_settings" |
||||
|
|
||||
|
for i in $_record_id; do |
||||
|
params2="$params&var1=record_id" |
||||
|
params2="$params2&wert1=$i" |
||||
|
_debug2 "Wait for 10 seconds by default before calling KAS API." |
||||
|
_sleep 10 |
||||
|
response="$(_get "$KAS_Api$params2")" |
||||
|
_debug2 "response" "$response" |
||||
|
if ! _contains "$response" "TRUE"; then |
||||
|
_err "Either the txt record is not found or another error occurred, please check manually." |
||||
|
return 1 |
||||
|
fi |
||||
|
done |
||||
|
else # Cannot delete or unkown error |
||||
|
_err "No record_id found that can be deleted. Please check manually." |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
########################## PRIVATE FUNCTIONS ########################### |
||||
|
|
||||
|
# Checks for the ENV variables and saves them |
||||
|
_check_and_save() { |
||||
|
KAS_Login="${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}" |
||||
|
KAS_Authtype="${KAS_Authtype:-$(_readaccountconf_mutable KAS_Authtype)}" |
||||
|
KAS_Authdata="${KAS_Authdata:-$(_readaccountconf_mutable KAS_Authdata)}" |
||||
|
|
||||
|
if [ -z "$KAS_Login" ] || [ -z "$KAS_Authtype" ] || [ -z "$KAS_Authdata" ]; then |
||||
|
KAS_Login= |
||||
|
KAS_Authtype= |
||||
|
KAS_Authdata= |
||||
|
_err "No auth details provided. Please set user credentials using the \$KAS_Login, \$KAS_Authtype, and \$KAS_Authdata environment variables." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable KAS_Login "$KAS_Login" |
||||
|
_saveaccountconf_mutable KAS_Authtype "$KAS_Authtype" |
||||
|
_saveaccountconf_mutable KAS_Authdata "$KAS_Authdata" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Gets back the base domain/zone and record name. |
||||
|
# See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide |
||||
|
_get_zone_and_record_name() { |
||||
|
params="?kas_login=$KAS_Login" |
||||
|
params="?kas_login=$KAS_Login" |
||||
|
params="$params&kas_auth_type=$KAS_Authtype" |
||||
|
params="$params&kas_auth_data=$KAS_Authdata" |
||||
|
params="$params&kas_action=get_domains" |
||||
|
|
||||
|
_debug2 "Wait for 10 seconds by default before calling KAS API." |
||||
|
_sleep 10 |
||||
|
response="$(_get "$KAS_Api$params")" |
||||
|
_debug2 "response" "$response" |
||||
|
_zonen="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "domain_name" | tr '<' '\n' | grep "domain_name" | sed "s/domain_name>=>//g")" |
||||
|
_domain="$1" |
||||
|
_temp_domain="$(echo "$1" | sed 's/\.$//')" |
||||
|
_rootzone="$_domain" |
||||
|
for i in $_zonen; do |
||||
|
l1=${#_rootzone} |
||||
|
l2=${#i} |
||||
|
if _endswith "$_domain" "$i" && [ "$l1" -ge "$l2" ]; then |
||||
|
_rootzone="$i" |
||||
|
fi |
||||
|
done |
||||
|
_zone="${_rootzone}." |
||||
|
_temp_record_name="$(echo "$_temp_domain" | sed "s/$_rootzone//g")" |
||||
|
_record_name="$(echo "$_temp_record_name" | sed 's/\.$//')" |
||||
|
_debug2 "Zone:" "$_zone" |
||||
|
_debug2 "Domain:" "$_domain" |
||||
|
_debug2 "Record_Name:" "$_record_name" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# Retrieve the DNS record ID |
||||
|
_get_record_id() { |
||||
|
params="?kas_login=$KAS_Login" |
||||
|
params="$params&kas_auth_type=$KAS_Authtype" |
||||
|
params="$params&kas_auth_data=$KAS_Authdata" |
||||
|
params="$params&kas_action=get_dns_settings" |
||||
|
params="$params&var1=zone_host" |
||||
|
params="$params&wert1=$_zone" |
||||
|
|
||||
|
_debug2 "Wait for 10 seconds by default before calling KAS API." |
||||
|
_sleep 10 |
||||
|
response="$(_get "$KAS_Api$params")" |
||||
|
_debug2 "response" "$response" |
||||
|
_record_id="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "=>$_record_name<" | grep '>TXT<' | tr '<' '\n' | grep record_id | sed "s/record_id>=>//g")" |
||||
|
_debug2 _record_id "$_record_id" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,273 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#OPNsense Bind API |
||||
|
#https://docs.opnsense.org/development/api.html |
||||
|
# |
||||
|
#OPNs_Host="opnsense.example.com" |
||||
|
#OPNs_Port="443" |
||||
|
# optional, defaults to 443 if unset |
||||
|
#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA" |
||||
|
#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv" |
||||
|
#OPNs_Api_Insecure=0 |
||||
|
# optional, defaults to 0 if unset |
||||
|
# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000" |
||||
|
#fulldomain |
||||
|
#txtvalue |
||||
|
OPNs_DefaultPort=443 |
||||
|
OPNs_DefaultApi_Insecure=0 |
||||
|
|
||||
|
dns_opnsense_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_opns_check_auth || return 1 |
||||
|
|
||||
|
if ! set_record "$fulldomain" "$txtvalue"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#fulldomain |
||||
|
dns_opnsense_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_opns_check_auth || return 1 |
||||
|
|
||||
|
if ! rm_record "$fulldomain" "$txtvalue"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
set_record() { |
||||
|
fulldomain=$1 |
||||
|
new_challenge=$2 |
||||
|
_info "Adding record $fulldomain with challenge: $new_challenge" |
||||
|
|
||||
|
_debug "Detect root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _domain "$_domain" |
||||
|
_debug _host "$_host" |
||||
|
_debug _domainid "$_domainid" |
||||
|
_return_str="" |
||||
|
_record_string="" |
||||
|
_build_record_string "$_domainid" "$_host" "$new_challenge" |
||||
|
_uuid="" |
||||
|
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then |
||||
|
# Update |
||||
|
if _opns_rest "POST" "/record/setRecord/${_uuid}" "$_record_string"; then |
||||
|
_return_str="$response" |
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
else |
||||
|
#create |
||||
|
if _opns_rest "POST" "/record/addRecord" "$_record_string"; then |
||||
|
_return_str="$response" |
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
if echo "$_return_str" | _egrep_o "\"result\":\"saved\"" >/dev/null; then |
||||
|
_opns_rest "POST" "/service/reconfigure" "{}" |
||||
|
_debug "Record created" |
||||
|
else |
||||
|
_err "Error creating record $_record_string" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
rm_record() { |
||||
|
fulldomain=$1 |
||||
|
new_challenge="$2" |
||||
|
_info "Remove record $fulldomain with challenge: $new_challenge" |
||||
|
|
||||
|
_debug "Detect root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug _domain "$_domain" |
||||
|
_debug _host "$_host" |
||||
|
_debug _domainid "$_domainid" |
||||
|
_uuid="" |
||||
|
if _existingchallenge "$_domain" "$_host" "$new_challenge"; then |
||||
|
# Delete |
||||
|
if _opns_rest "POST" "/record/delRecord/${_uuid}" "\{\}"; then |
||||
|
if echo "$_return_str" | _egrep_o "\"result\":\"deleted\"" >/dev/null; then |
||||
|
_opns_rest "POST" "/service/reconfigure" "{}" |
||||
|
_debug "Record deleted" |
||||
|
else |
||||
|
_err "Error deleting record $_host from domain $fulldomain" |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_err "Error deleting record $_host from domain $fulldomain" |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
_info "Record not found, nothing to remove" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _domainid=domid |
||||
|
#_domain=domain.com |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
if _opns_rest "GET" "/domain/get"; then |
||||
|
_domain_response="$response" |
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug h "$h" |
||||
|
id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\",\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) |
||||
|
|
||||
|
if [ -n "$id" ]; then |
||||
|
_debug id "$id" |
||||
|
_host=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="${h}" |
||||
|
_domainid="${id}" |
||||
|
return 0 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math $i + 1) |
||||
|
done |
||||
|
_debug "$domain not found" |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_opns_rest() { |
||||
|
method=$1 |
||||
|
ep=$2 |
||||
|
data=$3 |
||||
|
#Percent encode user and token |
||||
|
key=$(echo "$OPNs_Key" | tr -d "\n\r" | _url_encode) |
||||
|
token=$(echo "$OPNs_Token" | tr -d "\n\r" | _url_encode) |
||||
|
|
||||
|
opnsense_url="https://${key}:${token}@${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}" |
||||
|
export _H1="Content-Type: application/json" |
||||
|
_debug2 "Try to call api: https://${OPNs_Host}:${OPNs_Port:-$OPNs_DefaultPort}/api/bind${ep}" |
||||
|
if [ ! "$method" = "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
export _H1="Content-Type: application/json" |
||||
|
response="$(_post "$data" "$opnsense_url" "" "$method")" |
||||
|
else |
||||
|
export _H1="" |
||||
|
response="$(_get "$opnsense_url")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_build_record_string() { |
||||
|
_record_string="{\"record\":{\"enabled\":\"1\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"}}" |
||||
|
} |
||||
|
|
||||
|
_existingchallenge() { |
||||
|
if _opns_rest "GET" "/record/searchRecord"; then |
||||
|
_record_response="$response" |
||||
|
else |
||||
|
return 1 |
||||
|
fi |
||||
|
_uuid="" |
||||
|
_uuid=$(echo "$_record_response" | _egrep_o "\"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\"$1\",\"name\":\"$2\",\"type\":\"TXT\",\"value\":\"$3\"" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
|
||||
|
if [ -n "$_uuid" ]; then |
||||
|
_debug uuid "$_uuid" |
||||
|
return 0 |
||||
|
fi |
||||
|
_debug "${2}.$1{1} record not found" |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_opns_check_auth() { |
||||
|
OPNs_Host="${OPNs_Host:-$(_readaccountconf_mutable OPNs_Host)}" |
||||
|
OPNs_Port="${OPNs_Port:-$(_readaccountconf_mutable OPNs_Port)}" |
||||
|
OPNs_Key="${OPNs_Key:-$(_readaccountconf_mutable OPNs_Key)}" |
||||
|
OPNs_Token="${OPNs_Token:-$(_readaccountconf_mutable OPNs_Token)}" |
||||
|
OPNs_Api_Insecure="${OPNs_Api_Insecure:-$(_readaccountconf_mutable OPNs_Api_Insecure)}" |
||||
|
|
||||
|
if [ -z "$OPNs_Host" ]; then |
||||
|
_err "You don't specify OPNsense address." |
||||
|
return 1 |
||||
|
else |
||||
|
_saveaccountconf_mutable OPNs_Host "$OPNs_Host" |
||||
|
fi |
||||
|
|
||||
|
if ! printf '%s' "$OPNs_Port" | grep '^[0-9]*$' >/dev/null; then |
||||
|
_err 'OPNs_Port specified but not numeric value' |
||||
|
return 1 |
||||
|
elif [ -z "$OPNs_Port" ]; then |
||||
|
_info "OPNSense port not specified. Defaulting to using port $OPNs_DefaultPort" |
||||
|
else |
||||
|
_saveaccountconf_mutable OPNs_Port "$OPNs_Port" |
||||
|
fi |
||||
|
|
||||
|
if ! printf '%s' "$OPNs_Api_Insecure" | grep '^[01]$' >/dev/null; then |
||||
|
_err 'OPNs_Api_Insecure specified but not 0/1 value' |
||||
|
return 1 |
||||
|
elif [ -n "$OPNs_Api_Insecure" ]; then |
||||
|
_saveaccountconf_mutable OPNs_Api_Insecure "$OPNs_Api_Insecure" |
||||
|
fi |
||||
|
export HTTPS_INSECURE="${OPNs_Api_Insecure:-$OPNs_DefaultApi_Insecure}" |
||||
|
|
||||
|
if [ -z "$OPNs_Key" ]; then |
||||
|
_err "you have not specified your OPNsense api key id." |
||||
|
_err "Please set OPNs_Key and try again." |
||||
|
return 1 |
||||
|
else |
||||
|
_saveaccountconf_mutable OPNs_Key "$OPNs_Key" |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$OPNs_Token" ]; then |
||||
|
_err "you have not specified your OPNsense token." |
||||
|
_err "Please create OPNs_Token and try again." |
||||
|
return 1 |
||||
|
else |
||||
|
_saveaccountconf_mutable OPNs_Token "$OPNs_Token" |
||||
|
fi |
||||
|
|
||||
|
if ! _opns_rest "GET" "/general/get"; then |
||||
|
_err "Call to OPNsense API interface failed. Unable to access OPNsense API." |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue