source: dyndns/dyndns.sh@ 344

#!/bin/sh -
#
# KISS Dynamic DNS service (no locking (hint lockf wrapper), no advanced checking)
# 'ping' is based on ssh call or CGI call
#
# = PREREQUISITES =
# 1) Make sure your SOA is within the first 10 lines of your zone file and has
#      the format YYYYMMDDNN
# 2) Make sure your DNS entries has zones like this to allow remote updating
#      example 60 IN A 192.0.32.10
#      example 60 IN TXT "dyndns"
#
# = INSTALL - SSH =
# 1) Make sure to allow rndc reload in your sudoers file
#      ssh_user  ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload
# 2) prefix your ssh authorized key to allow only this script
#      command="/home/ssh_user/dyndns/dyndns.sh" 
# 3) Call for the remote host from crontab:
#      ssh -a -p 1022 -i id_rsa dnsserver.example.net `hostname -s`
#
# = INSTALL - CGI =
# 1) Put your secret password in ``.cgi_secret''
# 2) Alter your apache configuration to allow executing the script
#      ScriptAlias /dyndns /path/to/dyndns/dyndns.sh
# 1) Make sure to allow rndc reload in your sudoers file
#      www_user  ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload
# 3) Call from the remote host from crontab:
#      fetch -q -o - "http://dnsserver.example.net/dyndns/`hostname -s`/SECRET/"
#
#
# License: BSDLike - http://rickvanderzwet.nl/LICENSE
# Rick van der Zwet <info@rickvanderzwet.nl>
#
ZONE='vanderzwet.net'
ZONEFILE="/etc/namedb/master/$ZONE"
CGI_SECRET_FILE="`dirname $0`/.cgi_secret"

### NO USER EDITABLE PARTS BELOW HERE ###
exec 2>&1
if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
  # SSH specific details
  HOSTNAME=`echo $SSH_ORIGINAL_COMMAND | tr -c -d '[a-zA-Z0-9\-_\.]' | cut -d ' ' -f 1 | cut -d '.' -f 1`
  REMOTEIP=`echo $SSH_CLIENT | cut -d ' ' -f 1`
else
  # CGI specific details
  HOSTNAME=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./]' | awk -F/ '{print $3}'`
  SECRET=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./\!_]' | awk -F/ '{print $4}'`
  REMOTEIP=$REMOTE_ADDR
  echo "Content-Type: text/plain"
  echo ""
  CGI_SECRET=`cat $CGI_SECRET_FILE`
  if [ -z "$CGI_SECRET" ]; then
    echo "Secret not readable from $CGI_SECRET_FILE"
    exit 1
  fi
  if [ "$SECRET" != "$CGI_SECRET" ]; then
    echo "Secret invalid"
    exit 1
  fi
fi

# Tmpfile creation for editing 'in between'
TMPFILE=`mktemp -t $(basename $0 .sh).XXX`
trap "rm -f $TMPFILE; exit 1" 0 1 2 15
cp $ZONEFILE $TMPFILE || exit 1


# See whether there exists a dynamic entry for it, like this
# example 60 IN A 192.0.32.10
# example 60 IN TXT "dyndns"
LINENR=`awk -v host=$HOSTNAME '{if ($1 == host) { if ($4 == "A") { line=NR } else if($5 ~ /dyndns/) {print line; exit} }}' $TMPFILE`
if [ -z "$LINENR" ]; then
  echo "$HOSTNAME does not exists or is not marked as dynamic"
  exit 1
fi

# Do we need to update the entry
OLDIP=`awk -v linenr=$LINENR 'NR==linenr {print $5}' $TMPFILE`
if [ "$OLDIP" = "$REMOTEIP" ]; then
  echo "No changes ($HOSTNAME.$ZONE IN A $REMOTEIP)"
  exit 0
fi

# Update the entry
sed -i '' "${LINENR}s/$OLDIP/$REMOTEIP/" $TMPFILE || exit 1

# Update serial of zone name
# YYYYMMDDNN where NN is from 00 till 99
TODAY=`date "+%Y%m%d"`
OLDSERIAL=`sed -n '1,10s/.*\([0-9]\{10\}\).*/\1/p' $TMPFILE`
if [ -z "$OLDSERIAL" ]; then
  echo "Error Unable to find SERIAL of zone"
  exit 1
fi
if `echo $OLDSERIAL | grep -q "^$TODAY"`; then
  if `echo $OLDSERIAL | grep -q '99$'`; then
    echo "Sorry domain update limit reached no more updates for today"
    exit 1
  fi
  NEWSERIAL=`expr $OLDSERIAL + 1`
else
  NEWSERIAL="${TODAY}00"
fi
sed -i '' "1,10s/$OLDSERIAL/$NEWSERIAL/g" $TMPFILE || exit 1

# Install and activate
if `/usr/sbin/named-checkzone -q $TMPFILE $ZONE`; then
  echo "New zone failed to validate"
  exit 1
fi
cp  $TMPFILE $ZONEFILE || exit 1
sudo /usr/sbin/rndc reload || exit 1
echo "Entry updated ($HOSTNAME.$ZONE IN A $REMOTEIP)"