dnsapi/dns_ovh.sh

   1 #!/usr/bin/env sh
   2
   3 #Application Key
   4 #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
   5 #
   6 #Application Secret
   7 #OVH_AS="sdfsafsdfsdfdsfsdfsa"
   8 #
   9 #Consumer Key
  10 #OVH_CK="sdfsdfsdfsdfsdfdsf"
  11
  12 #OVH_END_POINT=ovh-eu
  13
  14 #'ovh-eu'
  15 OVH_EU='https://eu.api.ovh.com/1.0'
  16
  17 #'ovh-ca':
  18 OVH_CA='https://ca.api.ovh.com/1.0'
  19
  20 #'kimsufi-eu'
  21 KSF_EU='https://eu.api.kimsufi.com/1.0'
  22
  23 #'kimsufi-ca'
  24 KSF_CA='https://ca.api.kimsufi.com/1.0'
  25
  26 #'soyoustart-eu'
  27 SYS_EU='https://eu.api.soyoustart.com/1.0'
  28
  29 #'soyoustart-ca'
  30 SYS_CA='https://ca.api.soyoustart.com/1.0'
  31
  32 #'runabove-ca'
  33 RAV_CA='https://api.runabove.com/1.0'
  34
  35 wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api"
  36
  37 ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success"
  38
  39 _ovh_get_api() {
  40   _ogaep="$1"
  41
  42   case "${_ogaep}" in
  43
  44   ovh-eu | ovheu)
  45     printf "%s" $OVH_EU
  46     return
  47     ;;
  48   ovh-ca | ovhca)
  49     printf "%s" $OVH_CA
  50     return
  51     ;;
  52   kimsufi-eu | kimsufieu)
  53     printf "%s" $KSF_EU
  54     return
  55     ;;
  56   kimsufi-ca | kimsufica)
  57     printf "%s" $KSF_CA
  58     return
  59     ;;
  60   soyoustart-eu | soyoustarteu)
  61     printf "%s" $SYS_EU
  62     return
  63     ;;
  64   soyoustart-ca | soyoustartca)
  65     printf "%s" $SYS_CA
  66     return
  67     ;;
  68   runabove-ca | runaboveca)
  69     printf "%s" $RAV_CA
  70     return
  71     ;;
  72
  73   *)
  74
  75     _err "Unknown parameter : $1"
  76     return 1
  77     ;;
  78   esac
  79 }
  80
  81 _initAuth() {
  82   OVH_AK="${OVH_AK:-$(_readaccountconf_mutable OVH_AK)}"
  83   OVH_AS="${OVH_AS:-$(_readaccountconf_mutable OVH_AS)}"
  84
  85   if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
  86     OVH_AK=""
  87     OVH_AS=""
  88     _err "You don't specify OVH application key and application secret yet."
  89     _err "Please create you key and try again."
  90     return 1
  91   fi
  92
  93   if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then
  94     _info "It seems that your ovh key is changed, let's clear consumer key first."
  95     _clearaccountconf_mutable OVH_CK
  96   fi
  97   _saveaccountconf_mutable OVH_AK "$OVH_AK"
  98   _saveaccountconf_mutable OVH_AS "$OVH_AS"
  99
 100   OVH_END_POINT="${OVH_END_POINT:-$(_readaccountconf_mutable OVH_END_POINT)}"
 101   if [ -z "$OVH_END_POINT" ]; then
 102     OVH_END_POINT="ovh-eu"
 103   fi
 104   _info "Using OVH endpoint: $OVH_END_POINT"
 105   if [ "$OVH_END_POINT" != "ovh-eu" ]; then
 106     _saveaccountconf_mutable OVH_END_POINT "$OVH_END_POINT"
 107   fi
 108
 109   OVH_API="$(_ovh_get_api $OVH_END_POINT)"
 110   _debug OVH_API "$OVH_API"
 111
 112   OVH_CK="${OVH_CK:-$(_readaccountconf_mutable OVH_CK)}"
 113   if [ -z "$OVH_CK" ]; then
 114     _info "OVH consumer key is empty, Let's get one:"
 115     if ! _ovh_authentication; then
 116       _err "Can not get consumer key."
 117     fi
 118     #return and wait for retry.
 119     return 1
 120   fi
 121   _saveaccountconf_mutable OVH_CK "$OVH_CK"
 122
 123   _info "Checking authentication"
 124
 125   if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then
 126     _err "The consumer key is invalid: $OVH_CK"
 127     _err "Please retry to create a new one."
 128     _clearaccountconf_mutable OVH_CK
 129     return 1
 130   fi
 131   _info "Consumer key is ok."
 132   return 0
 133 }
 134
 135 ########  Public functions #####################
 136
 137 #Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
 138 dns_ovh_add() {
 139   fulldomain=$1
 140   txtvalue=$2
 141
 142   if ! _initAuth; then
 143     return 1
 144   fi
 145
 146   _debug "First detect the root zone"
 147   if ! _get_root "$fulldomain"; then
 148     _err "invalid domain"
 149     return 1
 150   fi
 151
 152   _debug _sub_domain "$_sub_domain"
 153   _debug _domain "$_domain"
 154
 155   _info "Adding record"
 156   if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
 157     if _contains "$response" "$txtvalue"; then
 158       _ovh_rest POST "domain/zone/$_domain/refresh"
 159       _debug "Refresh:$response"
 160       _info "Added, sleep 10 seconds."
 161       _sleep 10
 162       return 0
 163     fi
 164   fi
 165   _err "Add txt record error."
 166   return 1
 167
 168 }
 169
 170 #fulldomain
 171 dns_ovh_rm() {
 172   fulldomain=$1
 173   txtvalue=$2
 174
 175   if ! _initAuth; then
 176     return 1
 177   fi
 178
 179   _debug "First detect the root zone"
 180   if ! _get_root "$fulldomain"; then
 181     _err "invalid domain"
 182     return 1
 183   fi
 184
 185   _debug _sub_domain "$_sub_domain"
 186   _debug _domain "$_domain"
 187   _debug "Getting txt records"
 188   if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
 189     return 1
 190   fi
 191
 192   for rid in $(echo "$response" | tr '][,' '   '); do
 193     _debug rid "$rid"
 194     if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
 195       return 1
 196     fi
 197     if _contains "$response" "\"target\":\"$txtvalue\""; then
 198       _debug "Found txt id:$rid"
 199       if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
 200         return 1
 201       fi
 202       _ovh_rest POST "domain/zone/$_domain/refresh"
 203       _debug "Refresh:$response"
 204       return 0
 205     fi
 206   done
 207
 208   return 1
 209 }
 210
 211 ####################  Private functions below ##################################
 212
 213 _ovh_authentication() {
 214
 215   _H1="X-Ovh-Application: $OVH_AK"
 216   _H2="Content-type: application/json"
 217   _H3=""
 218   _H4=""
 219
 220   _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
 221
 222   response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
 223   _debug3 response "$response"
 224   validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
 225   if [ -z "$validationUrl" ]; then
 226     _err "Unable to get validationUrl"
 227     return 1
 228   fi
 229   _debug validationUrl "$validationUrl"
 230
 231   consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
 232   if [ -z "$consumerKey" ]; then
 233     _err "Unable to get consumerKey"
 234     return 1
 235   fi
 236   _secure_debug consumerKey "$consumerKey"
 237
 238   OVH_CK="$consumerKey"
 239   _saveaccountconf_mutable OVH_CK "$OVH_CK"
 240   _info "Please open this link to do authentication: $(__green "$validationUrl")"
 241
 242   _info "Here is a guide for you: $(__green "$wiki")"
 243   _info "Please retry after the authentication is done."
 244
 245 }
 246
 247 #_acme-challenge.www.domain.com
 248 #returns
 249 # _sub_domain=_acme-challenge.www
 250 # _domain=domain.com
 251 _get_root() {
 252   domain=$1
 253   i=1
 254   p=1
 255   while true; do
 256     h=$(printf "%s" "$domain" | cut -d . -f $i-100)
 257     if [ -z "$h" ]; then
 258       #not valid
 259       return 1
 260     fi
 261
 262     if ! _ovh_rest GET "domain/zone/$h"; then
 263       return 1
 264     fi
 265
 266     if ! _contains "$response" "This service does not exist" >/dev/null &&
 267       ! _contains "$response" "This call has not been granted" >/dev/null &&
 268       ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
 269       _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
 270       _domain="$h"
 271       return 0
 272     fi
 273     p=$i
 274     i=$(_math "$i" + 1)
 275   done
 276   return 1
 277 }
 278
 279 _ovh_timestamp() {
 280   _H1=""
 281   _H2=""
 282   _H3=""
 283   _H4=""
 284   _H5=""
 285   _get "$OVH_API/auth/time" "" 30
 286 }
 287
 288 _ovh_rest() {
 289   m=$1
 290   ep="$2"
 291   data="$3"
 292   _debug "$ep"
 293
 294   _ovh_url="$OVH_API/$ep"
 295   _debug2 _ovh_url "$_ovh_url"
 296   _ovh_t="$(_ovh_timestamp)"
 297   _debug2 _ovh_t "$_ovh_t"
 298   _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
 299   _secure_debug _ovh_p "$_ovh_p"
 300   _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
 301   _debug2 _ovh_hex "$_ovh_hex"
 302
 303   export _H1="X-Ovh-Application: $OVH_AK"
 304   export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
 305   _debug2 _H2 "$_H2"
 306   export _H3="X-Ovh-Timestamp: $_ovh_t"
 307   export _H4="X-Ovh-Consumer: $OVH_CK"
 308   export _H5="Content-Type: application/json;charset=utf-8"
 309   if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
 310     _debug data "$data"
 311     response="$(_post "$data" "$_ovh_url" "" "$m")"
 312   else
 313     response="$(_get "$_ovh_url")"
 314   fi
 315
 316   if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
 317     _err "error $response"
 318     return 1
 319   fi
 320   _debug2 response "$response"
 321   return 0
 322 }