blob: fe46987f778b2e3d21fd686fd8eec25accda0fa5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/bin/sh
#
# 2021 Martijn Atema <martijn@atema.one>
#
# This script sends ddns updates using the TransIP API (see https://api.transip.nl/)
# and is parsed by dynamic_dns_functions.sh inside send_update().
#
# The following options provided by ddns are used:
# username - Username of account used for logging in to TransIP
# password - Private key generated at https://www.transip.nl/cp/account/api/
# (make sure to accept non-whitelisted IP addresses)
# domain - Base domain name registered at TransIP
# ('domain.tld' when updating 'hostname.domain.tld')
# param_enc - Name of DNS record to update
# ('hostname' when updating 'hostname.domain.tld')
# param_opt - TTL of the DNS record to update (in seconds)
#
# Note: Make sure that there is exactly one record of type A (for IPv4) or
# AAAA (for IPv6) with the specified name and TTL. That record will be
# updated by this script.
#
# The script requires cURL with SSL and the openssl binary
[ -z "${username}" ] && write_log 14 "Service config is missing 'username'"
[ -z "${password}" ] && write_log 14 "Service config is missing 'password' (private key)"
[ -z "${domain}" ] && write_log 14 "Service config is missing 'domain' (base domain name)"
[ -z "${param_enc}" ] && write_log 14 "Service config is missing 'param_enc' (DNS record name)"
[ -z "${param_opt}" ] && write_log 14 "Service config is missing 'param_opt' (DNS record TTL)"
[ -z "${CURL_SSL}" ] && write_log 14 "TransIP update requires cURL with SSL"
[ -z "$(openssl version)" ] && write_log 14 "TransIP update requires openssl binary"
. /usr/share/libubox/jshn.sh
# Re-format the private key and write to a temporary file
__tmp_keyfile="$(mktemp -t ddns-transip.XXXXXX)"
echo "${password}" | \
sed -e "s/-----BEGIN PRIVATE KEY-----\s*/&\n/" \
-e "s/-----END PRIVATE KEY-----/\n&/" \
-e "s/\S\{64\}\s*/&\n/g" \
> "${__tmp_keyfile}"
# Create authentication request
json_init
json_add_string "login" "${username}"
json_add_string "label" "DDNS-script ($(openssl rand -hex 4))"
json_add_string "nonce" $(openssl rand -hex 16)
json_add_boolean "read_only" 0
json_add_boolean "global_key" 1
__auth_body="$(json_dump)"
# Sign body using the private key and encode with base64
__auth_signature=$(echo -n "${__auth_body}" | \
openssl dgst -sha512 -sign "${__tmp_keyfile}" | \
openssl base64 | \
tr -d " \t\n\r")
rm "${__tmp_keyfile}"
# Send and parse request for a temporary authentication token
__auth_status=$(curl -s -X POST "https://api.transip.nl/v6/auth" \
-H "Content-Type: application/json" \
-H "Signature: ${__auth_signature}" \
-d "${__auth_body}" \
-w "%{http_code}\n" \
-o "${DATFILE}" 2>"${ERRFILE}")
# Logging for error and debug
if [ $? -ne 0 ]; then
write_log 14 "Curl failed: $(cat "${ERRFILE}")"
return 1
fi
if [ -z ${__auth_status} ] || [ ${__auth_status} -ne 201 ]; then
write_log 14 "TransIP authentication (status ${__auth_status}) failed: $(cat ${DATFILE})"
return 1
fi
write_log 7 "TransIP authentication successful"
## Extract token from the response
__auth_token=$(cat ${DATFILE} | sed 's/^.*"token" *: *"\([^"]*\)".*$/\1/')
# Create request body for update
json_init
json_add_object "dnsEntry"
json_add_string "name" "${param_enc}"
json_add_string "type" "$([ $use_ipv6 -ne 0 ] && echo -n AAAA || echo -n A)"
json_add_int "expire" "${param_opt}"
json_add_string "content" "${__IP}"
json_close_object
__update_body="$(json_dump)"
# Send update request
__update_status=$(curl -s -X PATCH "https://api.transip.nl/v6/domains/${domain}/dns" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${__auth_token}" \
-d "${__update_body}" \
-w "%{http_code}\n" \
-o "${DATFILE}" 2>"${ERRFILE}")
# Logging for error and debug
if [ $? -ne 0 ]; then
write_log 14 "Curl failed: $(cat "${ERRFILE}")"
return 1
fi
if [ -z ${__update_status} ] || [ ${__update_status} -ne 204 ]; then
write_log 14 "TransIP DNS update (status ${__update_status}) failed: $(cat ${DATFILE})"
return 1
fi
write_log 7 "TransIP DNS update successful"
return 0
|