github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Return instead of exit. 

Clear OTP secret if environment variable is set to empty. This is for when the 2FA is disabled.
Rename `_is_idn` function to `_is_idn_cyon`.
Remove usage of curl (except for URL encoding of data).
Instead of cleaning up the cookie jar, get rid of it completely and logout of cyon instead.
pull/414/head
Armando Lüscher 2016-11-23 11:16:51 +01:00
parent 46b2ee3bae
commit 2698ef6c5f
No known key found for this signature in database
GPG Key ID: 3D71085D14920359
1 changed files with 118 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

242
dnsapi/dns_cyon.sh
View File

@ -33,29 +33,23 @@
######## ########
dns_cyon_add() { dns_cyon_add() {
_load_credentials _load_credentials \
_load_parameters "$@" && _load_parameters "$@" \
&& _info_header "add" \
_info_header "add" && _login \
_login && _domain_env \
_domain_env && _add_txt \
_add_txt && _logout
_cleanup
return 0
} }
dns_cyon_rm() { dns_cyon_rm() {
_load_credentials _load_credentials \
_load_parameters "$@" && _load_parameters "$@" \
&& _info_header "delete" \
_info_header "delete" && _login \
_login && _domain_env \
_domain_env && _delete_txt \
_delete_txt && _logout
_cleanup
return 0
} }
######################### #########################
@ -65,20 +59,22 @@ dns_cyon_rm() {
_load_credentials() { _load_credentials() {
# Convert loaded password to/from base64 as needed. # Convert loaded password to/from base64 as needed.
if [ "${cyon_password_b64}" ]; then if [ "${cyon_password_b64}" ]; then
cyon_password="$(printf "%s" "${cyon_password_b64}" | _dbase64)" cyon_password="$(printf "%s" "${cyon_password_b64}" | _dbase64 "multiline")"
elif [ "${cyon_password}" ]; then elif [ "${cyon_password}" ]; then
cyon_password_b64="$(printf "%s" "${cyon_password}" | _base64)" cyon_password_b64="$(printf "%s" "${cyon_password}" | _base64)"
fi fi
if [ -z "${cyon_username}" ] || [ -z "${cyon_password}" ]; then if [ -z "${cyon_username}" ] || [ -z "${cyon_password}" ]; then
# Dummy entries to satify script checker.
cyon_username="" cyon_username=""
cyon_password="" cyon_password=""
cyon_otp_secret="" cyon_otp_secret=""
_err "" _err ""
_err "You haven't set your cyon.ch login credentials yet." _err "You haven't set your cyon.ch login credentials yet."
_err "Please set the required cyon environment variables." _err "Please set the required cyon environment variables."
_err "" _err ""
exit 1 return 1
fi fi
# Save the login credentials to the account.conf file. # Save the login credentials to the account.conf file.
@ -87,44 +83,52 @@ _load_credentials() {
_saveaccountconf cyon_password_b64 "$cyon_password_b64" _saveaccountconf cyon_password_b64 "$cyon_password_b64"
if [ ! -z "${cyon_otp_secret}" ]; then if [ ! -z "${cyon_otp_secret}" ]; then
_saveaccountconf cyon_otp_secret "$cyon_otp_secret" _saveaccountconf cyon_otp_secret "$cyon_otp_secret"
else
_clearaccountconf cyon_otp_secret
fi fi
} }
_is_idn() { _is_idn_cyon() {
_idn_temp=$(printf "%s" "$1" | tr -d "[0-9a-zA-Z.,-]") _idn_temp="$(printf "%s" "${1}" | tr -d "[0-9a-zA-Z.,-_]")"
_idn_temp2="$(printf "%s" "$1" | grep -o "xn--")" _idn_temp2="$(printf "%s" "${1}" | grep -o "xn--")"
[ "$_idn_temp" ] || [ "$_idn_temp2" ] [ "$_idn_temp" ] || [ "$_idn_temp2" ]
} }
# comment on https://stackoverflow.com/a/10797966
_urlencode_cyon() {
curl -Gso /dev/null -w %{url_effective} --data-urlencode @- "" | cut -c 3-
}
_load_parameters() { _load_parameters() {
# Read the required parameters to add the TXT entry. # Read the required parameters to add the TXT entry.
fulldomain="$(printf "%s" "$1" | tr '[:upper:]' '[:lower:]')" fulldomain="$(printf "%s" "${1}" | tr '[:upper:]' '[:lower:]')"
fulldomain_idn="${fulldomain}" fulldomain_idn="${fulldomain}"
# Special case for IDNs, as cyon needs a domain environment change, # Special case for IDNs, as cyon needs a domain environment change,
# which uses the "pretty" instead of the punycode version. # which uses the "pretty" instead of the punycode version.
if _is_idn "$1"; then if _is_idn_cyon "${fulldomain}"; then
if ! _exists idn; then if ! _exists idn; then
_fail "Please install idn to process IDN names." _err "Please install idn to process IDN names."
_err ""
return 1
fi fi
fulldomain="$(idn -u "${fulldomain}")" fulldomain="$(idn -u "${fulldomain}")"
fulldomain_idn="$(idn -a "${fulldomain}")" fulldomain_idn="$(idn -a "${fulldomain}")"
fi fi
_debug fulldomain "$fulldomain" _debug fulldomain "${fulldomain}"
_debug fulldomain_idn "$fulldomain_idn" _debug fulldomain_idn "${fulldomain_idn}"
txtvalue="$2" txtvalue="${2}"
_debug txtvalue "$txtvalue" _debug txtvalue "${txtvalue}"
# Cookiejar required for login session, as cyon.ch has no official API (yet). # This header is required for curl calls.
cookiejar=$(tempfile) _H1="X-Requested-With: XMLHttpRequest"
_debug cookiejar "$cookiejar"
} }
_info_header() { _info_header() {
if [ "$1" = "add" ]; then if [ "${1}" = "add" ]; then
_info "" _info ""
_info "+---------------------------------------------+" _info "+---------------------------------------------+"
_info "| Adding DNS TXT entry to your cyon.ch domain |" _info "| Adding DNS TXT entry to your cyon.ch domain |"
@ -132,42 +136,46 @@ _info_header() {
_info "" _info ""
_info " * Full Domain: ${fulldomain}" _info " * Full Domain: ${fulldomain}"
_info " * TXT Value: ${txtvalue}" _info " * TXT Value: ${txtvalue}"
_info " * Cookie Jar: ${cookiejar}"
_info "" _info ""
elif [ "$1" = "delete" ]; then elif [ "${1}" = "delete" ]; then
_info "" _info ""
_info "+-------------------------------------------------+" _info "+-------------------------------------------------+"
_info "| Deleting DNS TXT entry from your cyon.ch domain |" _info "| Deleting DNS TXT entry from your cyon.ch domain |"
_info "+-------------------------------------------------+" _info "+-------------------------------------------------+"
_info "" _info ""
_info " * Full Domain: ${fulldomain}" _info " * Full Domain: ${fulldomain}"
_info " * Cookie Jar: ${cookiejar}"
_info "" _info ""
fi fi
} }
_get_cookie_header() {
printf "%s" "$(sed -n 's/Set-\(Cookie:.*cyon=[^;]*\).*/\1/p' "$HTTP_HEADER" | _tail_n 1)"
}
_login() { _login() {
_info " - Logging in..." _info " - Logging in..."
login_response=$(curl \
"https://my.cyon.ch/auth/index/dologin-async" \
-s \
-c "${cookiejar}" \
-H "X-Requested-With: XMLHttpRequest" \
--data-urlencode "username=${cyon_username}" \
--data-urlencode "password=${cyon_password}" \
--data-urlencode "pathname=/")
username_encoded="$(printf "%s" "${cyon_username}" | _urlencode_cyon)"
password_encoded="$(printf "%s" "${cyon_password}" | _urlencode_cyon)"
login_url="https://my.cyon.ch/auth/index/dologin-async"
login_data="$(printf "%s" "username=${username_encoded}&password=${password_encoded}&pathname=%2F")"
login_response="$(_post "$login_data" "$login_url")"
_debug login_response "${login_response}" _debug login_response "${login_response}"
# Bail if login fails. # Bail if login fails.
if [ "$(printf "%s" "${login_response}" | _get_response_success)" != "success" ]; then if [ "$(printf "%s" "${login_response}" | _get_response_success)" != "success" ]; then
_fail " $(printf "%s" "${login_response}" | _get_response_message)" _err " $(printf "%s" "${login_response}" | _get_response_message)"
_err ""
return 1
fi fi
_info " success" _info " success"
# NECESSARY!! Load the main page after login, before the OTP check. # NECESSARY!! Load the main page after login, to get the new cookie.
curl "https://my.cyon.ch/" -s --compressed -b "${cookiejar}" >/dev/null _H2="$(_get_cookie_header)"
_get "https://my.cyon.ch/" > /dev/null
# todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request. # todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request.
@ -176,26 +184,25 @@ _login() {
_info " - Authorising with OTP code..." _info " - Authorising with OTP code..."
if ! _exists oathtool; then if ! _exists oathtool; then
_fail "Please install oathtool to use 2 Factor Authentication." _err "Please install oathtool to use 2 Factor Authentication."
_err ""
return 1
fi fi
# Get OTP code with the defined secret. # Get OTP code with the defined secret.
otp_code=$(oathtool --base32 --totp "${cyon_otp_secret}" 2>/dev/null) otp_code="$(oathtool --base32 --totp "${cyon_otp_secret}" 2>/dev/null)"
otp_response=$(curl \ login_otp_url="https://my.cyon.ch/auth/multi-factor/domultifactorauth-async"
"https://my.cyon.ch/auth/multi-factor/domultifactorauth-async" \ login_otp_data="totpcode=${otp_code}&pathname=%2F&rememberme=0"
-s \
--compressed \
-b "${cookiejar}" \
-c "${cookiejar}" \
-H "X-Requested-With: XMLHttpRequest" \
-d "totpcode=${otp_code}&pathname=%2F&rememberme=0")
_debug otp_response "${otp_response}" login_otp_response="$(_post "$login_otp_data" "$login_otp_url")"
_debug login_otp_response "${login_otp_response}"
# Bail if OTP authentication fails. # Bail if OTP authentication fails.
if [ "$(printf "%s" "${otp_response}" | _get_response_success)" != "success" ]; then if [ "$(printf "%s" "${login_otp_response}" | _get_response_success)" != "success" ]; then
_fail " $(printf "%s" "${otp_response}" | _get_response_message)" _err " $(printf "%s" "${login_otp_response}" | _get_response_message)"
_err ""
return 1
fi fi
_info " success" _info " success"
@ -204,29 +211,36 @@ _login() {
_info "" _info ""
} }
_logout() {
_info " - Logging out..."
_get "https://my.cyon.ch/auth/index/dologout" > /dev/null
_info " success"
_info ""
}
_domain_env() { _domain_env() {
_info " - Changing domain environment..." _info " - Changing domain environment..."
# Get the "example.com" part of the full domain name. # Get the "example.com" part of the full domain name.
domain_env=$(printf "%s" "${fulldomain}" | sed -E -e 's/.*\.(.*\..*)$/\1/') domain_env="$(printf "%s" "${fulldomain}" | sed -E -e 's/.*\.(.*\..*)$/\1/')"
_debug "Changing domain environment to ${domain_env}" _debug "Changing domain environment to ${domain_env}"
domain_env_response=$(curl \ domain_env_url="https://my.cyon.ch/user/environment/setdomain/d/${domain_env}/gik/domain%3A${domain_env}"
"https://my.cyon.ch/user/environment/setdomain/d/${domain_env}/gik/domain%3A${domain_env}" \
-s \
--compressed \
-b "${cookiejar}" \
-H "X-Requested-With: XMLHttpRequest")
domain_env_response="$(_get "${domain_env_url}")"
_debug domain_env_response "${domain_env_response}" _debug domain_env_response "${domain_env_response}"
_check_2fa_miss "${domain_env_response}" if ! _check_if_2fa_missed "${domain_env_response}"; then return 1; fi
domain_env_success=$(printf "%s" "${domain_env_response}" | _egrep_o '"authenticated":\w*' | cut -d : -f 2) domain_env_success="$(printf "%s" "${domain_env_response}" | _egrep_o '"authenticated":\w*' | cut -d : -f 2)"
# Bail if domain environment change fails. # Bail if domain environment change fails.
if [ "${domain_env_success}" != "true" ]; then if [ "${domain_env_success}" != "true" ]; then
_fail " $(printf "%s" "${domain_env_response}" | _get_response_message)" _err " $(printf "%s" "${domain_env_response}" | _get_response_message)"
_err ""
return 1
fi fi
_info " success" _info " success"
@ -235,47 +249,41 @@ _domain_env() {
_add_txt() { _add_txt() {
_info " - Adding DNS TXT entry..." _info " - Adding DNS TXT entry..."
addtxt_response=$(curl \
"https://my.cyon.ch/domain/dnseditor/add-record-async" \
-s \
--compressed \
-b "${cookiejar}" \
-H "X-Requested-With: XMLHttpRequest" \
-d "zone=${fulldomain_idn}.&ttl=900&type=TXT&value=${txtvalue}")
_debug addtxt_response "${addtxt_response}" add_txt_url="https://my.cyon.ch/domain/dnseditor/add-record-async"
add_txt_data="zone=${fulldomain_idn}.&ttl=900&type=TXT&value=${txtvalue}"
_check_2fa_miss "${addtxt_response}" add_txt_response="$(_post "$add_txt_data" "$add_txt_url")"
_debug add_txt_response "${add_txt_response}"
addtxt_message=$(printf "%s" "${addtxt_response}" | _get_response_message) if ! _check_if_2fa_missed "${add_txt_response}"; then return 1; fi
addtxt_status=$(printf "%s" "${addtxt_response}" | _get_response_status)
add_txt_message="$(printf "%s" "${add_txt_response}" | _get_response_message)"
add_txt_status="$(printf "%s" "${add_txt_response}" | _get_response_status)"
# Bail if adding TXT entry fails. # Bail if adding TXT entry fails.
if [ "${addtxt_status}" != "true" ]; then if [ "${add_txt_status}" != "true" ]; then
_fail " ${addtxt_message}" _err " ${add_txt_message}"
_err ""
return 1
fi fi
_info " success" _info " success (TXT|${fulldomain_idn}.|${txtvalue})"
_info "" _info ""
} }
_delete_txt() { _delete_txt() {
_info " - Deleting DNS TXT entry..." _info " - Deleting DNS TXT entry..."
list_txt_response=$(curl \ list_txt_url="https://my.cyon.ch/domain/dnseditor/list-async"
"https://my.cyon.ch/domain/dnseditor/list-async" \
-s \
-b "${cookiejar}" \
--compressed \
-H "X-Requested-With: XMLHttpRequest" \
| sed -e 's/data-hash/\\ndata-hash/g')
list_txt_response="$(_get "${list_txt_url}" | sed -e 's/data-hash/\\ndata-hash/g')"
_debug list_txt_response "${list_txt_response}" _debug list_txt_response "${list_txt_response}"
_check_2fa_miss "${list_txt_response}" if ! _check_if_2fa_missed "${list_txt_response}"; then return 1; fi
# Find and delete all acme challenge entries for the $fulldomain. # Find and delete all acme challenge entries for the $fulldomain.
_dns_entries=$(printf "%s" "$list_txt_response" | sed -n 's/data-hash=\\"\([^"]*\)\\" data-identifier=\\"\([^"]*\)\\".*/\1 \2/p') _dns_entries="$(printf "%b\n" "${list_txt_response}" | sed -n 's/data-hash=\\"\([^"]*\)\\" data-identifier=\\"\([^"]*\)\\".*/\1 \2/p')"
printf "%s" "${_dns_entries}" | while read -r _hash _identifier; do printf "%s" "${_dns_entries}" | while read -r _hash _identifier; do
dns_type="$(printf "%s" "$_identifier" | cut -d'|' -f1)" dns_type="$(printf "%s" "$_identifier" | cut -d'|' -f1)"
@ -285,21 +293,19 @@ _delete_txt() {
continue continue
fi fi
delete_txt_response=$(curl \ hash_encoded="$(printf "%s" "${_hash}" | _urlencode_cyon)"
"https://my.cyon.ch/domain/dnseditor/delete-record-async" \ identifier_encoded="$(printf "%s" "${_identifier}" | _urlencode_cyon)"
-s \
--compressed \
-b "${cookiejar}" \
-H "X-Requested-With: XMLHttpRequest" \
--data-urlencode "hash=${_hash}" \
--data-urlencode "identifier=${_identifier}")
delete_txt_url="https://my.cyon.ch/domain/dnseditor/delete-record-async"
delete_txt_data="$(printf "%s" "hash=${hash_encoded}&identifier=${identifier_encoded}")"
delete_txt_response="$(_post "$delete_txt_data" "$delete_txt_url")"
_debug delete_txt_response "${delete_txt_response}" _debug delete_txt_response "${delete_txt_response}"
_check_2fa_miss "${delete_txt_response}" if ! _check_if_2fa_missed "${delete_txt_response}"; then return 1; fi
delete_txt_message=$(printf "%s" "${delete_txt_response}" | _get_response_message) delete_txt_message="$(printf "%s" "${delete_txt_response}" | _get_response_message)"
delete_txt_status=$(printf "%s" "${delete_txt_response}" | _get_response_status) delete_txt_status="$(printf "%s" "${delete_txt_response}" | _get_response_status)"
# Skip if deleting TXT entry fails. # Skip if deleting TXT entry fails.
if [ "${delete_txt_status}" != "true" ]; then if [ "${delete_txt_status}" != "true" ]; then
@ -325,23 +331,11 @@ _get_response_success() {
_egrep_o '"onSuccess":"[^"]*"' | cut -d : -f 2 | tr -d '"' _egrep_o '"onSuccess":"[^"]*"' | cut -d : -f 2 | tr -d '"'
} }
_check_2fa_miss() { _check_if_2fa_missed() {
# Did we miss the 2FA? # Did we miss the 2FA?
if test "${1#*multi_factor_form}" != "$1"; then if test "${1#*multi_factor_form}" != "${1}"; then
_fail " Missed OTP authentication!" _err " Missed OTP authentication!"
_err ""
return 1
fi fi
} }
_fail() {
_err "$1"
_err ""
_cleanup
exit 1
}
_cleanup() {
_info " - Cleanup."
_debug "Remove cookie jar: ${cookiejar}"
rm "${cookiejar}" 2>/dev/null
_info ""
}