Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 143 lines (125 sloc) 3.45 KB
#!/bin/bash
#
#Copyright 2016-2018 Lukas Metzger <developer@lukas-metzger.com>.
#
#Licensed under the Apache License, Version 2.0 (the "License");
#you may not use this file except in compliance with the License.
#You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
#Unless required by applicable law or agreed to in writing, software
#distributed under the License is distributed on an "AS IS" BASIS,
#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#See the License for the specific language governing permissions and
#limitations under the License.
SD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SERVER=""
DOMAIN=""
ID=""
CONTENT=""
KEY=""
BASIC=""
exit_error() {
echo "ERROR: ${1}" >&2
exit 1
}
check_dependencies() {
openssl version > /dev/null 2>&1 || exit_error "This script requires an openssl binary."
curl -V > /dev/null 2>&1 || exit_error "This script requires curl."
jq --version > /dev/null 2>&1 || exit_error "This script requires jq."
}
print_help() {
cat << EOF
Usage: $0 [options]
Options are:
-h Show this help message
-s SERVER Server where PDNS manager runs
-i ID Id of record to change
-c CONTENT Content to set
-k KEY Private key to sign with (default pdns.private.pem)
-b ID:PW ID and password for HTTP Basic authentication (optional)
EOF
exit 0
}
validate_arguments() {
if [[ ! "$SERVER" =~ ^https?://.+/$ ]]
then
exit_error "The server must be in form of https://dns.example.com/ with trailing slash"
fi
if [[ ! "$ID" =~ ^[0-9]+$ ]]
then
exit_error "The id must be a positive integer"
fi
if [[ ! "$CONTENT" =~ ^.+$ ]]
then
exit_error "The content cannot be empty"
fi
}
resolve_keyfile() {
if [ -n "$KEY" ]
then
openssl rsa -in "$KEY" -check -noout > /dev/null 2>&1 || exit_error "$KEY ist not a valid rsa private key"
else
if openssl rsa -in "pdns.private.pem" -check -noout >/dev/null 2>&1
then
KEY="pdns.private.pem"
elif openssl rsa -in "$SD/pdns.private.pem" -check -noout >/dev/null 2>&1
then
KEY="$SD/pdns.private.pem"
else
exit_error "No valid key found. Make shure it is in pdns.private.pem or supply it with -k."
fi
fi
}
#main
while getopts "s:i:c:k:b:h" opt
do
case $opt in
s)
SERVER="$OPTARG"
;;
i)
ID="$OPTARG"
;;
c)
CONTENT="$OPTARG"
;;
k)
KEY="$OPTARG"
;;
b)
BASIC="$OPTARG"
;;
h)
print_help
;;
esac
done
check_dependencies
validate_arguments
resolve_keyfile
if [ -n "${BASIC}" ]
then
BASIC="--basic --user ${BASIC}"
fi
#Get timestamp for signing
TIME=$(curl -s ${BASIC} ${SERVER}api/v1/remote/servertime | jq -r .time)
if [ -z $TIME ]
then
exit_error "Error when trying to get server time"
fi
#Sign request
SIGNATURE=$(echo -n "$ID$CONTENT$TIME" | openssl dgst -sha512 -sign $KEY | base64)
#Send signed request to server
readarray result < <(echo "{}" |\
jq -c .record="\"$ID\"" |\
jq -c .content="\"$CONTENT\"" |\
jq -c .time="$TIME" |\
jq -c .signature="\"$SIGNATURE\"" |\
curl -s ${BASIC} --data-binary @- -H "Content-Type: application/json" "${SERVER}api/v1/remote/updatekey")
if [ ! -z "${result[@]}" ]
then
echo "${result[@]}" | jq -r .error
exit 1
fi
You can’t perform that action at this time.