forked from Github/acme.sh
Browse Source
dnsapi/dns_miab.sh MIAB DNS-01 Validation
dnsapi/dns_miab.sh MIAB DNS-01 Validation
Know I'm new to contorting to this project. I i've broke conventions please let me know what I've screwed up and I'll set it right as quickly as possible. Propose this as a new DNS-01 validation script to dynamically add challenge DNS records to MailinaBox (MIAB) DNS. MIAB uses a custom DNS API to manage external DNS records. The script was originally written by Darven Dissek and can be found in his repository: https://framagit.org/DarvenDissek/acme.sh-MIAB-DNS-API/). This has been forked and some slight cleanup applied and change shebang to UNIx shell. The forked repository can be found here: https://github.com/billgertz/MIAB_dns_api. Wrote to Darven but received no reply. Support for this script has been submitted to the OPNsense project via this pull request: https://github.com/opnsense/plugins/pull/1531shebang
Bill Gertz
5 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 273 additions and 0 deletions
@ -0,0 +1,273 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Name: dns_miab.sh |
|||
# |
|||
#Authors: |
|||
# Darven Dissek 2018 |
|||
# William Gertz 2019 |
|||
# |
|||
# Thanks to Neil Pang for the code reused from acme.sh from HTTP-01 validation |
|||
# used to communicate with the MailintheBox Custom DNS API |
|||
#Report Bugs here: |
|||
# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) |
|||
# https://github.com/Neilpang/acme.sh (for acme.sh) |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_miab_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using miab" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}" |
|||
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}" |
|||
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}" |
|||
|
|||
#debug log the environmental variables |
|||
_debug MIAB_Username "$MIAB_Username" |
|||
_debug MIAB_Password "$MIAB_Password" |
|||
_debug MIAB_Server "$MIAB_Server" |
|||
|
|||
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then |
|||
MIAB_Username="" |
|||
MIAB_Password="" |
|||
MIAB_Server="" |
|||
_err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server." |
|||
_err "Please try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable MIAB_Username "$MIAB_Username" |
|||
_saveaccountconf_mutable MIAB_Password "$MIAB_Password" |
|||
_saveaccountconf_mutable MIAB_Server "$MIAB_Server" |
|||
|
|||
baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt" |
|||
|
|||
#Add the challenge record |
|||
result="$(_miab_post "$txtvalue" "$baseurl" "" "POST" "" "$MIAB_Username" "$MIAB_Password")" |
|||
|
|||
_debug result "$result" |
|||
|
|||
#check if result was good |
|||
if _contains "$result" "updated DNS"; then |
|||
_info "Successfully created the txt record" |
|||
return 0 |
|||
else |
|||
_err "Error encountered during record addition" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_miab_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using miab" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
MIAB_Username="${MIAB_Username:-$(_readaccountconf_mutable MIAB_Username)}" |
|||
MIAB_Password="${MIAB_Password:-$(_readaccountconf_mutable MIAB_Password)}" |
|||
MIAB_Server="${MIAB_Server:-$(_readaccountconf_mutable MIAB_Server)}" |
|||
|
|||
#debug log the environmental variables |
|||
_debug MIAB_Username "$MIAB_Username" |
|||
_debug MIAB_Password "$MIAB_Password" |
|||
_debug MIAB_Server "$MIAB_Server" |
|||
|
|||
if [ -z "$MIAB_Username" ] || [ -z "$MIAB_Password" ] || [ -z "$MIAB_Server" ]; then |
|||
MIAB_Username="" |
|||
MIAB_Password="" |
|||
MIAB_Server="" |
|||
_err "You didn't specify MIAB_Username or MIAB_Password or MIAB_Server." |
|||
_err "Please try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable MIAB_Username "$MIAB_Username" |
|||
_saveaccountconf_mutable MIAB_Password "$MIAB_Password" |
|||
_saveaccountconf_mutable MIAB_Server "$MIAB_Server" |
|||
|
|||
baseurl="https://$MIAB_Server/admin/dns/custom/$fulldomain/txt" |
|||
|
|||
#Remove the challenge record |
|||
result="$(_miab_post "$txtvalue" "$baseurl" "" "DELETE" "" "$MIAB_Username" "$MIAB_Password")" |
|||
|
|||
_debug result $result |
|||
|
|||
#check if result was good |
|||
if _contains "$result" "updated DNS"; then |
|||
_info "Successfully created the txt record" |
|||
return 0 |
|||
else |
|||
_err "Error encountered during record addition" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then |
|||
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") |
|||
|
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
# post changes to MIAB dns (taken from acme.sh) |
|||
_miab_post() { |
|||
body="$1" |
|||
_post_url="$2" |
|||
needbase64="$3" |
|||
httpmethod="$4" |
|||
_postContentType="$5" |
|||
username="$6" |
|||
password="$7" |
|||
|
|||
if [ -z "$httpmethod" ]; then |
|||
httpmethod="POST" |
|||
fi |
|||
|
|||
_debug $httpmethod |
|||
_debug "_post_url" "$_post_url" |
|||
_debug2 "body" "$body" |
|||
_debug2 "_postContentType" "$_postContentType" |
|||
|
|||
_inithttp |
|||
|
|||
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then |
|||
_CURL="$_ACME_CURL" |
|||
|
|||
if [ "$HTTPS_INSECURE" ]; then |
|||
_CURL="$_CURL --insecure " |
|||
fi |
|||
|
|||
_debug "_CURL" "$_CURL" |
|||
|
|||
if [ "$needbase64" ]; then |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)" |
|||
else |
|||
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)" |
|||
fi |
|||
else |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")" |
|||
else |
|||
response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod --user "$username:$password" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")" |
|||
fi |
|||
fi |
|||
|
|||
_ret="$?" |
|||
|
|||
if [ "$_ret" != "0" ]; then |
|||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" |
|||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then |
|||
_err "Here is the curl dump log:" |
|||
_err "$(cat "$_CURL_DUMP")" |
|||
fi |
|||
fi |
|||
|
|||
elif [ "$_ACME_WGET" ]; then |
|||
_WGET="$_ACME_WGET" |
|||
|
|||
if [ "$HTTPS_INSECURE" ]; then |
|||
_WGET="$_WGET --no-check-certificate " |
|||
fi |
|||
|
|||
_debug "_WGET" "$_WGET" |
|||
|
|||
if [ "$needbase64" ]; then |
|||
|
|||
if [ "$httpmethod" = "POST" ]; then |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)" |
|||
else |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)" |
|||
fi |
|||
else |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)" |
|||
else |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)" |
|||
fi |
|||
fi |
|||
|
|||
else |
|||
|
|||
if [ "$httpmethod" = "POST" ]; then |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")" |
|||
else |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")" |
|||
fi |
|||
else |
|||
if [ "$_postContentType" ]; then |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")" |
|||
else |
|||
response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")" |
|||
fi |
|||
fi |
|||
|
|||
fi |
|||
|
|||
_ret="$?" |
|||
|
|||
if [ "$_ret" = "8" ]; then |
|||
_ret=0 |
|||
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." |
|||
fi |
|||
|
|||
if [ "$_ret" != "0" ]; then |
|||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" |
|||
fi |
|||
|
|||
_sed_i "s/^ *//g" "$HTTP_HEADER" |
|||
|
|||
else |
|||
_ret="$?" |
|||
_err "Neither curl nor wget was found, cannot do $httpmethod." |
|||
fi |
|||
|
|||
_debug "_ret" "$_ret" |
|||
printf "%s" "$response" |
|||
return $_ret |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue