2pvbkNhw

1#!/bin/sh
2#
3#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
4#
5# script for sending updates to cloudflare.com
6#.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
7#.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
8#.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
9# CloudFlare API documentation at https://api.cloudflare.com/
10#
11# This script is parsed by dynamic_dns_functions.sh inside send_update() function
12#
13# using following options from /etc/config/ddns
14# option username  - your cloudflare e-mail
15# option password  - cloudflare api key, you can get it from cloudflare.com/my-account/
16# option domain    - "hostname@yourdomain.TLD"	# syntax changed to remove split_FQDN() function and tld_names.dat.gz
17#
18# The proxy status would not be changed by this script. Please change it in Cloudflare dashboard manually. 
19#
20# variable __IP already defined with the ip-address to use for update
21#
22
23# check parameters
24[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "Cloudflare communication require cURL with SSL support. Please install"
25[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
26[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
27[ $use_https -eq 0 ] && use_https=1	# force HTTPS
28
29# used variables
30local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
31local __URLBASE="https://api.cloudflare.com/client/v4"
32
33# split __HOST __DOMAIN from $domain
34# given data:
35# @example.com for "domain record"
36# host.sub@example.com for a "host record"
37__HOST=$(printf %s "$domain" | cut -d@ -f1)
38__DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
39
40# Cloudflare v4 needs:
41# __DOMAIN = the base domain i.e. example.com
42# __HOST   = the FQDN of record to modify
43# i.e. example.com for the "domain record" or host.sub.example.com for "host record"
44
45# handling domain record then set __HOST = __DOMAIN
46[ -z "$__HOST" ] && __HOST=$__DOMAIN
47# handling host record then rebuild fqdn host@domain.tld => host.domain.tld
48[ "$__HOST" != "$__DOMAIN" ] && __HOST="${__HOST}.${__DOMAIN}"
49
50# set record type
51[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
52
53# transfer function to use for godaddy
54# all needed variables are set global here
55# so we can use them directly
56cloudflare_transfer() {
57	local __CNT=0
58	local __ERR
59	while : ; do
60		write_log 7 "#> $__RUNPROG"
61		eval "$__RUNPROG"
62		__ERR=$?			# save communication error
63		[ $__ERR -eq 0 ] && break	# no error break while
64
65		write_log 3 "cURL Error: '$__ERR'"
66		write_log 7 "$(cat $ERRFILE)"		# report error
67
68		[ $VERBOSE_MODE -gt 1 ] && {
69			# VERBOSE_MODE > 1 then NO retry
70			write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
71			break
72		}
73
74		__CNT=$(( $__CNT + 1 ))	# increment error counter
75		# if error count > retry_count leave here
76		[ $retry_count -gt 0 -a $__CNT -gt $retry_count ] && \
77			write_log 14 "Transfer failed after $retry_count retries"
78
79		write_log 4 "Transfer failed - retry $__CNT/$retry_count in $RETRY_SECONDS seconds"
80		sleep $RETRY_SECONDS &
81		PID_SLEEP=$!
82		wait $PID_SLEEP	# enable trap-handler
83		PID_SLEEP=0
84	done
85
86	# check for error
87	grep -q '"success":true' $DATFILE || {
88		write_log 4 "CloudFlare reported an error:"
89		write_log 7 "$(cat $DATFILE)"		# report error
90		return 1	# HTTP-Fehler
91	}
92}
93
94# Build base command to use
95__PRGBASE="$CURL --insecure -RsS -o $DATFILE --stderr $ERRFILE"
96# force network/interface-device to use for communication
97if [ -n "$bind_network" ]; then
98	local __DEVICE
99	network_get_physdev __DEVICE $bind_network || \
100		write_log 13 "Can not detect local device using 'network_get_physdev $bind_network' - Error: '$?'"
101	write_log 7 "Force communication via device '$__DEVICE'"
102	__PRGBASE="$__PRGBASE --interface $__DEVICE"
103fi
104# force ip version to use
105if [ $force_ipversion -eq 1 ]; then
106	[ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6"	# force IPv4/IPv6
107fi
108# set certificate parameters
109if [ "$cacert" = "IGNORE" ]; then	# idea from Ticket #15327 to ignore server cert
110	__PRGBASE="$__PRGBASE --insecure"	# but not empty better to use "IGNORE"
111elif [ -f "$cacert" ]; then
112	__PRGBASE="$__PRGBASE --cacert $cacert"
113elif [ -d "$cacert" ]; then
114	__PRGBASE="$__PRGBASE --capath $cacert"
115elif [ -n "$cacert" ]; then		# it's not a file and not a directory but given
116	write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
117fi
118# disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
119# or check if libcurl compiled with proxy support
120if [ -z "$proxy" ]; then
121	__PRGBASE="$__PRGBASE --noproxy '*'"
122elif [ -z "$CURL_PROXY" ]; then
123	# if libcurl has no proxy support and proxy should be used then force ERROR
124	write_log 13 "cURL: libcurl compiled without Proxy support"
125fi
126# set headers
127__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
128__PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
129__PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
130# __PRGBASE="$__PRGBASE --header 'Accept: application/json' "
131
132# read zone id for registered domain.TLD
133__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
134cloudflare_transfer || return 1
135# extract zone id
136__ZONEID=$(grep -o '"id":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
137[ -z "$__ZONEID" ] && {
138	write_log 4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
139	return 127
140}
141
142# read record id for A or AAAA record of host.domain.TLD
143__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
144cloudflare_transfer || return 1
145# extract record id
146__RECID=$(grep -o '"id":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
147[ -z "$__RECID" ] && {
148	write_log 4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
149	return 127
150}
151
152# extract current stored IP
153__DATA=$(grep -o '"content":"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
154
155# check data
156[ $use_ipv6 -eq 0 ] \
157	&& __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
158	|| __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
159
160# we got data so verify
161[ -n "$__DATA" ] && {
162	# expand IPv6 for compare
163	if [ $use_ipv6 -eq 1 ]; then
164		expand_ipv6 $__IP __IPV6
165		expand_ipv6 $__DATA __DATA
166		[ "$__DATA" = "$__IPV6" ] && {		# IPv6 no update needed
167			write_log 7 "IPv6 at CloudFlare.com already up to date"
168			return 0
169		}
170	else
171		[ "$__DATA" = "$__IP" ] && {		# IPv4 no update needed
172			write_log 7 "IPv4 at CloudFlare.com already up to date"
173			return 0
174		}
175	fi
176}
177
178# update is needed
179# let's build data to send
180# set proxied parameter
181__PROXIED=$(grep -o '"proxied":[^",]*' $DATFILE | grep -o '[^:]*$')
182
183# use file to work around " needed for json
184cat > $DATFILE << EOF
185{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","proxied":$__PROXIED}
186EOF
187
188# let's complete transfer command
189__RUNPROG="$__PRGBASE --request PUT --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
190cloudflare_transfer || return 1
191
192return 0