Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[8425] branches/1.0/package/acme
|
From: <abe...@us...> - 2017-07-07 02:58:44
|
Revision: 8425
http://sourceforge.net/p/astlinux/code/8425
Author: abelbeck
Date: 2017-07-07 02:58:42 +0000 (Fri, 07 Jul 2017)
Log Message:
-----------
acme, add 'dns_dyn' DNS challenge validation script for Dyn Managed DNS API
Modified Paths:
--------------
branches/1.0/package/acme/acme.mk
Added Paths:
-----------
branches/1.0/package/acme/dnsapi/
branches/1.0/package/acme/dnsapi/dns_dyn.sh
Modified: branches/1.0/package/acme/acme.mk
===================================================================
--- branches/1.0/package/acme/acme.mk 2017-07-03 20:47:57 UTC (rev 8424)
+++ branches/1.0/package/acme/acme.mk 2017-07-07 02:58:42 UTC (rev 8425)
@@ -18,6 +18,7 @@
define ACME_INSTALL_TARGET_CMDS
$(INSTALL) -D -m 0644 package/acme/deploy/astlinux.sh $(TARGET_DIR)/stat/etc/acme/deploy/astlinux.sh
$(INSTALL) -D -m 0644 package/acme/deploy/ssh.sh $(TARGET_DIR)/stat/etc/acme/deploy/ssh.sh
+ $(INSTALL) -D -m 0644 package/acme/dnsapi/dns_dyn.sh $(TARGET_DIR)/stat/etc/acme/dnsapi/dns_dyn.sh
$(INSTALL) -D -m 0755 package/acme/acme-client.sh $(TARGET_DIR)/usr/sbin/acme-client
$(INSTALL) -D -m 0755 $(@D)/acme.sh $(TARGET_DIR)/stat/etc/acme/acme.sh
cp -a $(@D)/dnsapi $(TARGET_DIR)/stat/etc/acme/
Added: branches/1.0/package/acme/dnsapi/dns_dyn.sh
===================================================================
--- branches/1.0/package/acme/dnsapi/dns_dyn.sh (rev 0)
+++ branches/1.0/package/acme/dnsapi/dns_dyn.sh 2017-07-07 02:58:42 UTC (rev 8425)
@@ -0,0 +1,340 @@
+#!/usr/bin/env sh
+#
+# Dyn.com Domain API
+#
+# Author: Gerd Naschenweng
+# https://github.com/magicdude4eva
+#
+# Dyn Managed DNS API
+# https://help.dyn.com/dns-api-knowledge-base/
+#
+# It is recommended to add a "Dyn Managed DNS" user specific for API access.
+# The "Zones & Records Permissions" required by this script are:
+# --
+# RecordAdd
+# RecordUpdate
+# RecordDelete
+# RecordGet
+# ZoneGet
+# ZoneAddNode
+# ZoneRemoveNode
+# ZonePublish
+# --
+#
+# Pass credentials before "acme.sh --issue --dns dns_dyn ..."
+# --
+# export DYN_Customer="customer"
+# export DYN_Username="apiuser"
+# export DYN_Password="secret"
+# --
+
+DYN_API="https://api.dynect.net/REST"
+
+#REST_API
+######## Public functions #####################
+
+#Usage: add _acme-challenge.www.domain.com "Challenge-code"
+dns_dyn_add() {
+ fulldomain="$1"
+ txtvalue="$2"
+
+ DYN_Customer="${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}"
+ DYN_Username="${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}"
+ DYN_Password="${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}"
+ if [ -z "$DYN_Customer" ] || [ -z "$DYN_Username" ] || [ -z "$DYN_Password" ]; then
+ DYN_Customer=""
+ DYN_Username=""
+ DYN_Password=""
+ _err "You must export variables: DYN_Customer, DYN_Username and DYN_Password"
+ return 1
+ fi
+
+ #save the config variables to the account conf file.
+ _saveaccountconf_mutable DYN_Customer "$DYN_Customer"
+ _saveaccountconf_mutable DYN_Username "$DYN_Username"
+ _saveaccountconf_mutable DYN_Password "$DYN_Password"
+
+ if ! _dyn_get_authtoken; then
+ return 1
+ fi
+
+ if [ -z "$_dyn_authtoken" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_add_record; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_publish_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ _dyn_end_session
+
+ return 0
+}
+
+#Usage: fulldomain txtvalue
+#Remove the txt record after validation.
+dns_dyn_rm() {
+ fulldomain="$1"
+ txtvalue="$2"
+
+ DYN_Customer="${DYN_Customer:-$(_readaccountconf_mutable DYN_Customer)}"
+ DYN_Username="${DYN_Username:-$(_readaccountconf_mutable DYN_Username)}"
+ DYN_Password="${DYN_Password:-$(_readaccountconf_mutable DYN_Password)}"
+ if [ -z "$DYN_Customer" ] || [ -z "$DYN_Username" ] || [ -z "$DYN_Password" ]; then
+ DYN_Customer=""
+ DYN_Username=""
+ DYN_Password=""
+ _err "You must export variables: DYN_Customer, DYN_Username and DYN_Password"
+ return 1
+ fi
+
+ if ! _dyn_get_authtoken; then
+ return 1
+ fi
+
+ if [ -z "$_dyn_authtoken" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_get_record_id; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if [ -z "$_dyn_record_id" ]; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_rm_record; then
+ _dyn_end_session
+ return 1
+ fi
+
+ if ! _dyn_publish_zone; then
+ _dyn_end_session
+ return 1
+ fi
+
+ _dyn_end_session
+
+ return 0
+}
+
+#################### Private functions below ##################################
+
+#get Auth-Token
+_dyn_get_authtoken() {
+
+ _info "Start Dyn API Session"
+
+ data="{\"customer_name\":\"$DYN_Customer\", \"user_name\":\"$DYN_Username\", \"password\":\"$DYN_Password\"}"
+ dyn_url="$DYN_API/Session/"
+ method="POST"
+
+ _debug data "$data"
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_authtoken="$(printf "%s\n" "$response" | _egrep_o '"token" *: *"[^"]*' | head -n 1 | sed 's#^"token" *: *"##')"
+ _info "Token received"
+ _debug _dyn_authtoken "$_dyn_authtoken"
+ return 0
+ fi
+
+ _dyn_authtoken=""
+ _err "get token failed"
+ return 1
+}
+
+#fulldomain=_acme-challenge.www.domain.com
+#returns
+# _dyn_zone=domain.com
+_dyn_get_zone() {
+ i=2
+ while true; do
+ domain="$(printf "%s" "$fulldomain" | cut -d . -f "$i-100")"
+ if [ -z "$domain" ]; then
+ break
+ fi
+
+ dyn_url="$DYN_API/Zone/$domain/"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_get "$dyn_url" "" "")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug dyn_url "$dyn_url"
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_zone="$domain"
+ return 0
+ fi
+ i=$(_math "$i" + 1)
+ done
+
+ _dyn_zone=""
+ _err "get zone failed"
+ return 1
+}
+
+#add TXT record
+_dyn_add_record() {
+
+ _info "Adding TXT record"
+
+ data="{\"rdata\":{\"txtdata\":\"$txtvalue\"},\"ttl\":\"300\"}"
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/"
+ method="POST"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "TXT Record successfully added"
+ return 0
+ fi
+
+ _err "add TXT record failed"
+ return 1
+}
+
+#publish the zone
+_dyn_publish_zone() {
+
+ _info "Publishing zone"
+
+ data="{\"publish\":\"true\"}"
+ dyn_url="$DYN_API/Zone/$_dyn_zone/"
+ method="PUT"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "$data" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "Zone published"
+ return 0
+ fi
+
+ _err "publish zone failed"
+ return 1
+}
+
+#get record_id of TXT record so we can delete the record
+_dyn_get_record_id() {
+
+ _info "Getting record_id of TXT record"
+
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_get "$dyn_url" "" "")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _dyn_record_id="$(printf "%s\n" "$response" | _egrep_o "\"data\" *: *\[\"/REST/TXTRecord/$_dyn_zone/$fulldomain/[^\"]*" | head -n 1 | sed "s#^\"data\" *: *\[\"/REST/TXTRecord/$_dyn_zone/$fulldomain/##")"
+ _debug _dyn_record_id "$_dyn_record_id"
+ return 0
+ fi
+
+ _dyn_record_id=""
+ _err "getting record_id failed"
+ return 1
+}
+
+#delete TXT record
+_dyn_rm_record() {
+
+ _info "Deleting TXT record"
+
+ dyn_url="$DYN_API/TXTRecord/$_dyn_zone/$fulldomain/$_dyn_record_id/"
+ method="DELETE"
+
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "" "$dyn_url" "" "$method")"
+ sessionstatus="$(printf "%s\n" "$response" | _egrep_o '"status" *: *"[^"]*' | head -n 1 | sed 's#^"status" *: *"##')"
+
+ _debug response "$response"
+ _debug sessionstatus "$sessionstatus"
+
+ if [ "$sessionstatus" = "success" ]; then
+ _info "TXT record successfully deleted"
+ return 0
+ fi
+
+ _err "delete TXT record failed"
+ return 1
+}
+
+#logout
+_dyn_end_session() {
+
+ _info "End Dyn API Session"
+
+ dyn_url="$DYN_API/Session/"
+ method="DELETE"
+
+ _debug dyn_url "$dyn_url"
+
+ export _H1="Auth-Token: $_dyn_authtoken"
+ export _H2="Content-Type: application/json"
+
+ response="$(_post "" "$dyn_url" "" "$method")"
+
+ _debug response "$response"
+
+ _dyn_authtoken=""
+ return 0
+}
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
