]> git.proxmox.com Git - mirror_acme.sh.git/blob - dnsapi/dns_ovh.sh
projects / mirror_acme.sh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix ovh
[mirror_acme.sh.git] / dnsapi / dns_ovh.sh
1 #!/usr/bin/env sh
2
3 #Application Key
4 #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje"
5 #
6 #Application Secret
7 #OVH_AS="sdfsafsdfsdfdsfsdfsa"
8 #
9 #Consumer Key
10 #OVH_CK="sdfsdfsdfsdfsdfdsf"
11
12 #OVH_END_POINT=ovh-eu
13
14 #'ovh-eu'
15 OVH_EU='https://eu.api.ovh.com/1.0'
16
17 #'ovh-ca':
18 OVH_CA='https://ca.api.ovh.com/1.0'
19
20 #'kimsufi-eu'
21 KSF_EU='https://eu.api.kimsufi.com/1.0'
22
23 #'kimsufi-ca'
24 KSF_CA='https://ca.api.kimsufi.com/1.0'
25
26 #'soyoustart-eu'
27 SYS_EU='https://eu.api.soyoustart.com/1.0'
28
29 #'soyoustart-ca'
30 SYS_CA='https://ca.api.soyoustart.com/1.0'
31
32 #'runabove-ca'
33 RAV_CA='https://api.runabove.com/1.0'
34
35 wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api"
36
37 ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success"
38
39 _ovh_get_api() {
40 _ogaep="$1"
41
42 case "${_ogaep}" in
43
44 ovh-eu | ovheu)
45 printf "%s" $OVH_EU
46 return
47 ;;
48 ovh-ca | ovhca)
49 printf "%s" $OVH_CA
50 return
51 ;;
52 kimsufi-eu | kimsufieu)
53 printf "%s" $KSF_EU
54 return
55 ;;
56 kimsufi-ca | kimsufica)
57 printf "%s" $KSF_CA
58 return
59 ;;
60 soyoustart-eu | soyoustarteu)
61 printf "%s" $SYS_EU
62 return
63 ;;
64 soyoustart-ca | soyoustartca)
65 printf "%s" $SYS_CA
66 return
67 ;;
68 runabove-ca | runaboveca)
69 printf "%s" $RAV_CA
70 return
71 ;;
72
73 *)
74
75 _err "Unknown parameter : $1"
76 return 1
77 ;;
78 esac
79 }
80
81
82 _initAuth() {
83 if [ -z "$OVH_AK" ] || [ -z "$OVH_AS" ]; then
84 OVH_AK=""
85 OVH_AS=""
86 _err "You don't specify OVH application key and application secret yet."
87 _err "Please create you key and try again."
88 return 1
89 fi
90
91 #save the api key and email to the account conf file.
92 _saveaccountconf OVH_AK "$OVH_AK"
93 _saveaccountconf OVH_AS "$OVH_AS"
94
95 if [ -z "$OVH_END_POINT" ]; then
96 OVH_END_POINT="ovh-eu"
97 fi
98 _info "Using OVH endpoint: $OVH_END_POINT"
99 if [ "$OVH_END_POINT" != "ovh-eu" ]; then
100 _saveaccountconf OVH_END_POINT "$OVH_END_POINT"
101 fi
102
103 OVH_API="$(_ovh_get_api $OVH_END_POINT)"
104 _debug OVH_API "$OVH_API"
105
106 if [ -z "$OVH_CK" ]; then
107 _info "OVH consumer key is empty, Let's get one:"
108 if ! _ovh_authentication; then
109 _err "Can not get consumer key."
110 fi
111 #return and wait for retry.
112 return 1
113 fi
114
115 _info "Checking authentication"
116
117 if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL"; then
118 _err "The consumer key is invalid: $OVH_CK"
119 _err "Please retry to create a new one."
120 _clearaccountconf OVH_CK
121 return 1
122 fi
123 _info "Consumer key is ok."
124 return 0
125 }
126
127 ######## Public functions #####################
128
129 #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
130 dns_ovh_add() {
131 fulldomain=$1
132 txtvalue=$2
133
134 if ! _initAuth; then
135 return 1
136 fi
137
138 _debug "First detect the root zone"
139 if ! _get_root "$fulldomain"; then
140 _err "invalid domain"
141 return 1
142 fi
143
144 _debug _sub_domain "$_sub_domain"
145 _debug _domain "$_domain"
146
147 _info "Adding record"
148 if _ovh_rest POST "domain/zone/$_domain/record" "{\"fieldType\":\"TXT\",\"subDomain\":\"$_sub_domain\",\"target\":\"$txtvalue\",\"ttl\":60}"; then
149 if _contains "$response" "$txtvalue"; then
150 _ovh_rest POST "domain/zone/$_domain/refresh"
151 _debug "Refresh:$response"
152 _info "Added"
153 return 0
154 fi
155 fi
156 _err "Add txt record error."
157 return 1
158
159 }
160
161 #fulldomain
162 dns_ovh_rm() {
163 fulldomain=$1
164 txtvalue=$2
165
166 if ! _initAuth; then
167 return 1
168 fi
169
170 _debug "First detect the root zone"
171 if ! _get_root "$fulldomain"; then
172 _err "invalid domain"
173 return 1
174 fi
175
176 _debug _sub_domain "$_sub_domain"
177 _debug _domain "$_domain"
178 _debug "Getting txt records"
179 if ! _ovh_rest GET "domain/zone/$_domain/record?fieldType=TXT&subDomain=$_sub_domain"; then
180 return 1
181 fi
182
183 for rid in $(echo "$response" | tr '[,]' ' '); do
184 _debug rid "$rid"
185 if ! _ovh_rest GET "domain/zone/$_domain/record/$rid"; then
186 return 1
187 fi
188 if _contains "$response" "\"target\":\"$txtvalue\""; then
189 _debug "Found txt id:$rid"
190 if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then
191 return 1
192 fi
193 return 0
194 fi
195 done
196
197 return 1
198 }
199
200 #################### Private functions below ##################################
201
202 _ovh_authentication() {
203
204 _H1="X-Ovh-Application: $OVH_AK"
205 _H2="Content-type: application/json"
206 _H3=""
207 _H4=""
208
209 _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"},{"method": "DELETE","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
210
211 response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
212 _debug3 response "$response"
213 validationUrl="$(echo "$response" | _egrep_o "validationUrl\":\"[^\"]*\"" | _egrep_o "http.*\"" | tr -d '"')"
214 if [ -z "$validationUrl" ]; then
215 _err "Unable to get validationUrl"
216 return 1
217 fi
218 _debug validationUrl "$validationUrl"
219
220 consumerKey="$(echo "$response" | _egrep_o "consumerKey\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')"
221 if [ -z "$consumerKey" ]; then
222 _err "Unable to get consumerKey"
223 return 1
224 fi
225 _secure_debug consumerKey "$consumerKey"
226
227 OVH_CK="$consumerKey"
228 _saveaccountconf OVH_CK "$OVH_CK"
229
230 _info "Please open this link to do authentication: $(__green "$validationUrl")"
231
232 _info "Here is a guide for you: $(__green "$wiki")"
233 _info "Please retry after the authentication is done."
234
235 }
236
237 #_acme-challenge.www.domain.com
238 #returns
239 # _sub_domain=_acme-challenge.www
240 # _domain=domain.com
241 _get_root() {
242 domain=$1
243 i=2
244 p=1
245 while true; do
246 h=$(printf "%s" "$domain" | cut -d . -f $i-100)
247 if [ -z "$h" ]; then
248 #not valid
249 return 1
250 fi
251
252 if ! _ovh_rest GET "domain/zone/$h"; then
253 return 1
254 fi
255
256 if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
257 _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
258 _domain="$h"
259 return 0
260 fi
261 p=$i
262 i=$(_math "$i" + 1)
263 done
264 return 1
265 }
266
267 _ovh_timestamp() {
268 _H1=""
269 _H2=""
270 _H3=""
271 _H4=""
272 _H5=""
273 _get "$OVH_API/auth/time" "" 30
274 }
275
276 _ovh_rest() {
277 m=$1
278 ep="$2"
279 data="$3"
280 _debug "$ep"
281
282 _ovh_url="$OVH_API/$ep"
283 _debug2 _ovh_url "$_ovh_url"
284 _ovh_t="$(_ovh_timestamp)"
285 _debug2 _ovh_t "$_ovh_t"
286 _ovh_p="$OVH_AS+$OVH_CK+$m+$_ovh_url+$data+$_ovh_t"
287 _secure_debug _ovh_p "$_ovh_p"
288 _ovh_hex="$(printf "%s" "$_ovh_p" | _digest sha1 hex)"
289 _debug2 _ovh_hex "$_ovh_hex"
290
291 export _H1="X-Ovh-Application: $OVH_AK"
292 export _H2="X-Ovh-Signature: \$1\$$_ovh_hex"
293 _debug2 _H2 "$_H2"
294 export _H3="X-Ovh-Timestamp: $_ovh_t"
295 export _H4="X-Ovh-Consumer: $OVH_CK"
296 export _H5="Content-Type: application/json;charset=utf-8"
297 if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then
298 _debug data "$data"
299 response="$(_post "$data" "$_ovh_url" "" "$m")"
300 else
301 response="$(_get "$_ovh_url")"
302 fi
303
304 if [ "$?" != "0" ] || _contains "$response" "INVALID_CREDENTIAL"; then
305 _err "error $response"
306 return 1
307 fi
308 _debug2 response "$response"
309 return 0
310 }
acme.sh DNS challenge mirror