New Samba AD DC DNS API

2023-11-01 20:24:48 +01:00 · 2023-11-01 20:24:48 +01:00 · fb5082f858
parent 377a37e4c9
commit fb5082f858
1 changed files with 130 additions and 0 deletions
--- a/dnsapi/dns_samba.sh
+++ b/dnsapi/dns_samba.sh
@ -0,0 +1,130 @@
+#!/usr/bin/env sh
+
+# Samba AD DC
+#
+# `samba-tool` binary is necessary.
+# On Debian, it can be installed with `apt-get install samba-common-bin`
+#
+# Then the following environment variable will need to be set:
+# SAMBA_HOST="dc1.example.com"
+# SAMBA_USER="Administrator"
+# SAMBA_PASS="fzaoiv23RGgqg"
+
+# Author: Adnan RIHAN <adnan@rihan.fr>
+# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4852
+#
+########  Public functions #####################
+#
+# Usage: dns_samba_add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+
+dns_samba_add() {
+  _debug 'Checking if `samba-tool` is available'
+  if ! _exists samba-tool; then
+    _err "samba-tool could not be found. Please install samba-common-bin"
+    return 1
+  fi
+
+  fulldomain=$1
+  txtvalue=$2
+
+  SAMBA_HOST="${SAMBA_HOST:-$(_readaccountconf_mutable SAMBA_HOST)}"
+  SAMBA_USER="${SAMBA_USER:-$(_readaccountconf_mutable SAMBA_USER)}"
+  SAMBA_PASS="${SAMBA_PASS:-$(_readaccountconf_mutable SAMBA_PASS)}"
+
+  if [ -z "$SAMBA_HOST" ] || [ -z "$SAMBA_USER" ] || [ -z "$SAMBA_PASS" ]; then
+    SAMBA_HOST=""
+    SAMBA_USER=""
+    SAMBA_PASS=""
+    _err "You must specify a Samba host, username and password."
+    return 1
+  fi
+
+  # save the credentials to the account conf file.
+  _saveaccountconf_mutable SAMBA_HOST "$SAMBA_HOST"
+  _saveaccountconf_mutable SAMBA_USER "$SAMBA_USER"
+  _saveaccountconf_mutable SAMBA_PASS "$SAMBA_PASS"
+
+  if ! _get_zone $fulldomain; then
+    return 1
+  fi
+
+  _debug "Adding \"$_subdomain\" = \"$txtvalue\" to $_zone"
+  if ! samba-tool dns add "$SAMBA_HOST" "$_zone" "$_subdomain" TXT "$txtvalue" --username="$SAMBA_USER" --password="$SAMBA_PASS" 2>/dev/null; then
+    _err "Couldn't add TXT field"
+    return 1
+  fi
+}
+
+# Usage: fulldomain txtvalue
+# Remove the txt record after validation.
+dns_samba_rm() {
+  _debug 'Checking if `samba-tool` is available'
+  if ! _exists samba-tool; then
+    _err "samba-tool could not be found. Please install samba-common-bin"
+    exit 1
+  fi
+
+  fulldomain=$1
+  txtvalue=$2
+
+  SAMBA_HOST="${SAMBA_HOST:-$(_readaccountconf_mutable SAMBA_HOST)}"
+  SAMBA_USER="${SAMBA_USER:-$(_readaccountconf_mutable SAMBA_USER)}"
+  SAMBA_PASS="${SAMBA_PASS:-$(_readaccountconf_mutable SAMBA_PASS)}"
+
+  if [ -z "$SAMBA_HOST" ] || [ -z "$SAMBA_USER" ] || [ -z "$SAMBA_PASS" ]; then
+    SAMBA_HOST=""
+    SAMBA_USER=""
+    SAMBA_PASS=""
+    _err "You must specify a Samba host, username and password."
+    return 1
+  fi
+
+  # save the credentials to the account conf file.
+  _saveaccountconf_mutable SAMBA_HOST "$SAMBA_HOST"
+  _saveaccountconf_mutable SAMBA_USER "$SAMBA_USER"
+  _saveaccountconf_mutable SAMBA_PASS "$SAMBA_PASS"
+
+  if ! _get_zone $fulldomain; then
+    return 1
+  fi
+
+  _debug "Removing \"$_subdomain\" = \"$txtvalue\" from $_zone"
+  if ! samba-tool dns delete "$SAMBA_HOST" "$_zone" "$_subdomain" TXT "$txtvalue" --username="$SAMBA_USER" --password="$SAMBA_PASS" 2>/dev/null; then
+    _info "Couldn't remove TXT field, may be non existant. Ignoring error."
+  fi
+}
+
+####################  Private functions below ##################################
+
+_get_zone() {
+  _fulldomain=$1
+
+  _debug 'Retrieving samba zonelist'
+  _subdomain=""
+  _zone=""
+  if ! _zones=$(samba-tool dns zonelist "$SAMBA_HOST" --username="$SAMBA_USER" --password="$SAMBA_PASS" 2>/dev/null | grep pszZoneName | cut -d: -f2 | sed 's/ //g'); then
+    _err "Couldn't contact Samba AD DC host"
+    return 1
+  fi
+
+  _debug 'Loop in zonelist to find the correct zone:'
+  for z in $_zones; do
+    _debug "  Checking \"$z\" against \"$_fulldomain\""
+    if _endswith "$_fulldomain" ".$z"; then
+      _debug "    Found! \"$_fulldomain\" ends with \".$z\""
+      _zone=$z
+      _subdomain=${fulldomain%.$z}
+      break
+    elif [ "$_fulldomain" = "$z" ]; then
+      _debug "    Found! \"$_fulldomain\" == \"$z\""
+      _zone=$z
+      _subdomain="@"
+      break
+    fi
+  done
+
+  if [ -z "$_zone" ]; then
+    _err "Can't find a corresponding zone for this domain"
+    return 1
+  fi
+}