]>
Commit | Line | Data |
---|---|---|
690a5e20 | 1 | #!/usr/bin/env sh |
2 | ||
8afd3190 | 3 | #Application Key |
690a5e20 | 4 | #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" |
5 | # | |
6 | #Application Secret | |
7 | #OVH_AS="sdfsafsdfsdfdsfsdfsa" | |
8 | # | |
9 | #Consumer Key | |
10 | #OVH_CK="sdfsdfsdfsdfsdfdsf" | |
11 | ||
690a5e20 | 12 | #OVH_END_POINT=ovh-eu |
13 | ||
690a5e20 | 14 | #'ovh-eu' |
15 | OVH_EU='https://eu.api.ovh.com/1.0' | |
16 | ||
3c07f57a | 17 | #'ovh-ca': |
690a5e20 | 18 | OVH_CA='https://ca.api.ovh.com/1.0' |
19 | ||
20 | #'kimsufi-eu' | |
21 | KSF_EU='https://eu.api.kimsufi.com/1.0' | |
22 | ||
23 | #'kimsufi-ca' | |
24 | KSF_CA='https://ca.api.kimsufi.com/1.0' | |
25 | ||
26 | #'soyoustart-eu' | |
27 | SYS_EU='https://eu.api.soyoustart.com/1.0' | |
28 | ||
29 | #'soyoustart-ca' | |
30 | SYS_CA='https://ca.api.soyoustart.com/1.0' | |
31 | ||
32 | #'runabove-ca' | |
33 | RAV_CA='https://api.runabove.com/1.0' | |
34 | ||
d795fac3 | 35 | wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api" |
690a5e20 | 36 | |
d795fac3 | 37 | ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success" |
690a5e20 | 38 | |
690a5e20 | 39 | _ovh_get_api() { |
40 | _ogaep="$1" | |
41 | ||
42 | case "${_ogaep}" in | |
4c2a3841 | 43 | |
19c43451 | 44 | ovh-eu | ovheu) |
45 | printf "%s" $OVH_EU | |
46 | return | |
47 | ;; | |
48 | ovh-ca | ovhca) | |
49 | printf "%s" $OVH_CA | |
50 | return | |
51 | ;; | |
52 | kimsufi-eu | kimsufieu) | |
53 | printf "%s" $KSF_EU | |
54 | return | |
55 | ;; | |
56 | kimsufi-ca | kimsufica) | |
57 | printf "%s" $KSF_CA | |
58 | return | |
59 | ;; | |
60 | soyoustart-eu | soyoustarteu) | |
61 | printf "%s" $SYS_EU | |
62 | return | |
63 | ;; | |
64 | soyoustart-ca | soyoustartca) | |
65 | printf "%s" $SYS_CA | |
66 | return | |
67 | ;; | |
68 | runabove-ca | runaboveca) | |
69 | printf "%s" $RAV_CA | |
70 | return | |
71 | ;; | |
72 | ||
73 | *) | |
74 | ||
75 | _err "Unknown parameter : $1" | |
76 | return 1 | |
77 | ;; | |
4c2a3841 | 78 | esac |
690a5e20 | 79 | } |
80 | ||
be186bd3 | 81 | _initAuth() { |
28145a9d | 82 | OVH_AK="${OVH_AK:-$(_readaccountconf_mutable OVH_AK)}" |
83 | OVH_AS="${OVH_AS:-$(_readaccountconf_mutable OVH_AS)}" | |
84 | ||
4c2a3841 | 85 | if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then |
422e5026 | 86 | OVH_AK="" |
87 | OVH_AS="" | |
690a5e20 | 88 | _err "You don't specify OVH application key and application secret yet." |
89 | _err "Please create you key and try again." | |
90 | return 1 | |
91 | fi | |
4c2a3841 | 92 | |
abd0dad2 | 93 | if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then |
94 | _info "It seems that your ovh key is changed, let's clear consumer key first." | |
95 | _clearaccountconf OVH_CK | |
96 | fi | |
28145a9d | 97 | _saveaccountconf_mutable OVH_AK "$OVH_AK" |
98 | _saveaccountconf_mutable OVH_AS "$OVH_AS" | |
4c2a3841 | 99 | |
28145a9d | 100 | OVH_END_POINT="${OVH_END_POINT:-$(_readaccountconf_mutable OVH_END_POINT)}" |
4c2a3841 | 101 | if [ -z "$OVH_END_POINT" ]; then |
690a5e20 | 102 | OVH_END_POINT="ovh-eu" |
103 | fi | |
104 | _info "Using OVH endpoint: $OVH_END_POINT" | |
4c2a3841 | 105 | if [ "$OVH_END_POINT" != "ovh-eu" ]; then |
28145a9d | 106 | _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT" |
690a5e20 | 107 | fi |
4c2a3841 | 108 | |
109 | OVH_API="$(_ovh_get_api $OVH_END_POINT)" | |
690a5e20 | 110 | _debug OVH_API "$OVH_API" |
111 | ||
28145a9d | 112 | OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}" |
4c2a3841 | 113 | if [ -z "$OVH_CK" ]; then |
690a5e20 | 114 | _info "OVH consumer key is empty, Let's get one:" |
4c2a3841 | 115 | if ! _ovh_authentication; then |
690a5e20 | 116 | _err "Can not get consumer key." |
117 | fi | |
118 | #return and wait for retry. | |
4c2a3841 | 119 | return 1 |
690a5e20 | 120 | fi |
4c2a3841 | 121 | |
690a5e20 | 122 | _info "Checking authentication" |
4c2a3841 | 123 | |
c83f2f98 | 124 | if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then |
690a5e20 | 125 | _err "The consumer key is invalid: $OVH_CK" |
126 | _err "Please retry to create a new one." | |
4c2a3841 | 127 | _clearaccountconf OVH_CK |
690a5e20 | 128 | return 1 |
129 | fi | |
130 | _info "Consumer key is ok." | |
be186bd3 | 131 | return 0 |
132 | } | |
133 | ||
134 | ######## Public functions ##################### | |
135 | ||
136 | #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" | |
137 | dns_ovh_add() { | |
138 | fulldomain=$1 | |
139 | txtvalue=$2 | |
140 | ||
141 | if ! _initAuth; then | |
142 | return 1 | |
143 | fi | |
4c2a3841 | 144 | |
690a5e20 | 145 | _debug "First detect the root zone" |
e9f9f515 | 146 | if ! _get_root "$fulldomain"; then |
690a5e20 | 147 | _err "invalid domain" |
148 | return 1 | |
149 | fi | |
e440223b | 150 | |
690a5e20 | 151 | _debug _sub_domain "$_sub_domain" |
152 | _debug _domain "$_domain" | |
4c2a3841 | 153 | |
ea25492c | 154 | _info "Adding record" |
155 | if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then | |
156 | if _contains "$response" "$txtvalue"; then | |
157 | _ovh_rest POST "domain/zone/$_domain/refresh" | |
158 | _debug "Refresh:$response" | |
01cc2e13 | 159 | _info "Added, sleep 10 seconds." |
160 | _sleep 10 | |
ea25492c | 161 | return 0 |
690a5e20 | 162 | fi |
690a5e20 | 163 | fi |
ea25492c | 164 | _err "Add txt record error." |
165 | return 1 | |
690a5e20 | 166 | |
4c2a3841 | 167 | } |
690a5e20 | 168 | |
5d6fd809 | 169 | #fulldomain |
170 | dns_ovh_rm() { | |
171 | fulldomain=$1 | |
ea25492c | 172 | txtvalue=$2 |
be186bd3 | 173 | |
174 | if ! _initAuth; then | |
175 | return 1 | |
176 | fi | |
177 | ||
178 | _debug "First detect the root zone" | |
179 | if ! _get_root "$fulldomain"; then | |
180 | _err "invalid domain" | |
181 | return 1 | |
182 | fi | |
183 | ||
184 | _debug _sub_domain "$_sub_domain" | |
185 | _debug _domain "$_domain" | |
ea25492c | 186 | _debug "Getting txt records" |
be186bd3 | 187 | if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then |
188 | return 1 | |
189 | fi | |
5d6fd809 | 190 | |
0170c20e | 191 | for rid in $(echo "$response" | tr '][,' ' '); do |
be186bd3 | 192 | _debug rid "$rid" |
193 | if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then | |
194 | return 1 | |
195 | fi | |
196 | if _contains "$response" "\"target\":\"$txtvalue\""; then | |
197 | _debug "Found txt id:$rid" | |
198 | if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then | |
199 | return 1 | |
200 | fi | |
201 | return 0 | |
202 | fi | |
203 | done | |
204 | ||
205 | return 1 | |
5d6fd809 | 206 | } |
207 | ||
329174b6 | 208 | #################### Private functions below ################################## |
690a5e20 | 209 | |
210 | _ovh_authentication() { | |
4c2a3841 | 211 | |
690a5e20 | 212 | _H1="X-Ovh-Application: $OVH_AK" |
213 | _H2="Content-type: application/json" | |
214 | _H3="" | |
215 | _H4="" | |
4c2a3841 | 216 | |
be186bd3 | 217 | _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}' |
4c2a3841 | 218 | |
690a5e20 | 219 | response="$(_post "$_ovhdata" "$OVH_API/auth/credential")" |
220 | _debug3 response "$response" | |
221 | validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')" | |
4c2a3841 | 222 | if [ -z "$validationUrl" ]; then |
690a5e20 | 223 | _err "Unable to get validationUrl" |
224 | return 1 | |
225 | fi | |
226 | _debug validationUrl "$validationUrl" | |
4c2a3841 | 227 | |
690a5e20 | 228 | consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" |
4c2a3841 | 229 | if [ -z "$consumerKey" ]; then |
690a5e20 | 230 | _err "Unable to get consumerKey" |
231 | return 1 | |
232 | fi | |
e6e85b0c | 233 | _secure_debug consumerKey "$consumerKey" |
4c2a3841 | 234 | |
690a5e20 | 235 | OVH_CK="$consumerKey" |
236 | _saveaccountconf OVH_CK "$OVH_CK" | |
690a5e20 | 237 | |
4c2a3841 | 238 | _info "Please open this link to do authentication: $(__green "$validationUrl")" |
239 | ||
240 | _info "Here is a guide for you: $(__green "$wiki")" | |
690a5e20 | 241 | _info "Please retry after the authentication is done." |
242 | ||
243 | } | |
244 | ||
690a5e20 | 245 | #_acme-challenge.www.domain.com |
246 | #returns | |
247 | # _sub_domain=_acme-challenge.www | |
248 | # _domain=domain.com | |
690a5e20 | 249 | _get_root() { |
250 | domain=$1 | |
b561666d | 251 | i=1 |
690a5e20 | 252 | p=1 |
c7b16249 | 253 | while true; do |
254 | h=$(printf "%s" "$domain" | cut -d . -f $i-100) | |
4c2a3841 | 255 | if [ -z "$h" ]; then |
690a5e20 | 256 | #not valid |
4c2a3841 | 257 | return 1 |
690a5e20 | 258 | fi |
4c2a3841 | 259 | |
260 | if ! _ovh_rest GET "domain/zone/$h"; then | |
690a5e20 | 261 | return 1 |
262 | fi | |
4c2a3841 | 263 | |
486e77f4 | 264 | if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then |
c7b16249 | 265 | _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
266 | _domain="$h" | |
690a5e20 | 267 | return 0 |
268 | fi | |
269 | p=$i | |
c7b16249 | 270 | i=$(_math "$i" + 1) |
690a5e20 | 271 | done |
272 | return 1 | |
273 | } | |
274 | ||
275 | _ovh_timestamp() { | |
276 | _H1="" | |
277 | _H2="" | |
278 | _H3="" | |
279 | _H4="" | |
280 | _H5="" | |
281 | _get "$OVH_API/auth/time" "" 30 | |
282 | } | |
283 | ||
284 | _ovh_rest() { | |
285 | m=$1 | |
286 | ep="$2" | |
287 | data="$3" | |
c7b16249 | 288 | _debug "$ep" |
4c2a3841 | 289 | |
690a5e20 | 290 | _ovh_url="$OVH_API/$ep" |
291 | _debug2 _ovh_url "$_ovh_url" | |
292 | _ovh_t="$(_ovh_timestamp)" | |
293 | _debug2 _ovh_t "$_ovh_t" | |
294 | _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t" | |
e6e85b0c | 295 | _secure_debug _ovh_p "$_ovh_p" |
690a5e20 | 296 | _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)" |
297 | _debug2 _ovh_hex "$_ovh_hex" | |
690a5e20 | 298 | |
3ca93f4a BB |
299 | export _H1="X-Ovh-Application: $OVH_AK" |
300 | export _H2="X-Ovh-Signature: \$1\$$_ovh_hex" | |
690a5e20 | 301 | _debug2 _H2 "$_H2" |
3ca93f4a BB |
302 | export _H3="X-Ovh-Timestamp: $_ovh_t" |
303 | export _H4="X-Ovh-Consumer: $OVH_CK" | |
304 | export _H5="Content-Type: application/json;charset=utf-8" | |
be186bd3 | 305 | if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then |
690a5e20 | 306 | _debug data "$data" |
e9f9f515 | 307 | response="$(_post "$data" "$_ovh_url" "" "$m")" |
690a5e20 | 308 | else |
309 | response="$(_get "$_ovh_url")" | |
310 | fi | |
4c2a3841 | 311 | |
f823f170 | 312 | if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then |
313 | _err "error $response" | |
690a5e20 | 314 | return 1 |
315 | fi | |
316 | _debug2 response "$response" | |
317 | return 0 | |
318 | } |