mirror of
https://github.com/loewexy/pdns-client
synced 2024-05-08 06:16:35 +02:00
133 lines
3.2 KiB
Bash
Executable file
133 lines
3.2 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
#Copyright 2016-2018 Lukas Metzger <developer@lukas-metzger.com>.
|
|
#
|
|
#Licensed under the Apache License, Version 2.0 (the "License");
|
|
#you may not use this file except in compliance with the License.
|
|
#You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
#Unless required by applicable law or agreed to in writing, software
|
|
#distributed under the License is distributed on an "AS IS" BASIS,
|
|
#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
#See the License for the specific language governing permissions and
|
|
#limitations under the License.
|
|
|
|
SD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
|
|
SERVER=""
|
|
DOMAIN=""
|
|
ID=""
|
|
CONTENT=""
|
|
KEY=""
|
|
|
|
exit_error() {
|
|
echo "ERROR: ${1}" >&2
|
|
exit 1
|
|
}
|
|
|
|
check_dependencies() {
|
|
openssl version > /dev/null 2>&1 || exit_error "This script requires an openssl binary."
|
|
curl -V > /dev/null 2>&1 || exit_error "This script requires curl."
|
|
jq --version > /dev/null 2>&1 || exit_error "This script requires jq."
|
|
}
|
|
|
|
print_help() {
|
|
cat << EOF
|
|
Usage: $0 [options]
|
|
|
|
Options are:
|
|
-h Show this help message
|
|
-s SERVER Server where PDNS manager runs
|
|
-i ID Id of record to change
|
|
-c CONTENT Content to set
|
|
-k KEY Private key to sign with (default pdns.private.pem)
|
|
EOF
|
|
|
|
exit 0
|
|
}
|
|
|
|
validate_arguments() {
|
|
if [[ ! "$SERVER" =~ ^https?://.+/$ ]]
|
|
then
|
|
exit_error "The server must be in form of https://dns.example.com/ with trailing slash"
|
|
fi
|
|
if [[ ! "$ID" =~ ^[0-9]+$ ]]
|
|
then
|
|
exit_error "The id must be a positive integer"
|
|
fi
|
|
if [[ ! "$CONTENT" =~ ^.+$ ]]
|
|
then
|
|
exit_error "The content cannot be empty"
|
|
fi
|
|
}
|
|
|
|
resolve_keyfile() {
|
|
if [ -n "$KEY" ]
|
|
then
|
|
openssl rsa -in "$KEY" -check -noout > /dev/null 2>&1 || exit_error "$KEY ist not a valid rsa private key"
|
|
else
|
|
if openssl rsa -in "pdns.private.pem" -check -noout >/dev/null 2>&1
|
|
then
|
|
KEY="pdns.private.pem"
|
|
elif openssl rsa -in "$SD/pdns.private.pem" -check -noout >/dev/null 2>&1
|
|
then
|
|
KEY="$SD/pdns.private.pem"
|
|
else
|
|
exit_error "No valid key found. Make shure it is in pdns.private.pem or supply it with -k."
|
|
fi
|
|
fi
|
|
}
|
|
|
|
#main
|
|
while getopts "s:i:c:k:h" opt
|
|
do
|
|
case $opt in
|
|
s)
|
|
SERVER="$OPTARG"
|
|
;;
|
|
i)
|
|
ID="$OPTARG"
|
|
;;
|
|
c)
|
|
CONTENT="$OPTARG"
|
|
;;
|
|
k)
|
|
KEY="$OPTARG"
|
|
;;
|
|
h)
|
|
print_help
|
|
;;
|
|
esac
|
|
done
|
|
|
|
check_dependencies
|
|
validate_arguments
|
|
resolve_keyfile
|
|
|
|
#Get timestamp for signing
|
|
TIME=$(curl -s ${SERVER}api/v1/remote/servertime | jq -r .time)
|
|
|
|
if [ -z $TIME ]
|
|
then
|
|
exit_error "Error when trying to get server time"
|
|
fi
|
|
|
|
#Sign request
|
|
SIGNATURE=$(echo -n "$ID$CONTENT$TIME" | openssl dgst -sha512 -sign $KEY | base64)
|
|
|
|
#Send signed request to server
|
|
readarray result < <(echo "{}" |\
|
|
jq -c .record="\"$ID\"" |\
|
|
jq -c .content="\"$CONTENT\"" |\
|
|
jq -c .time="$TIME" |\
|
|
jq -c .signature="\"$SIGNATURE\"" |\
|
|
curl -s --data-binary @- -H "Content-Type: application/json" "${SERVER}api/v1/remote/updatekey")
|
|
|
|
if [ ! -z "${result[@]}" ]
|
|
then
|
|
echo "${result[@]}" | jq -r .error
|
|
exit 1
|
|
fi
|