blob: e469b599f158a7205858e6f6b48d227586703513 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
|
#!/bin/sh
#
#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
#
# script for sending updates to cloudflare.com
#.based on Ben Kulbertis cloudflare-update-record.sh found at http://gist.github.com/benkulbertis
#.and on George Johnson's cf-ddns.sh found at https://github.com/gstuartj/cf-ddns.sh
#.2016-2018 Christian Schoenebeck <christian dot schoenebeck at gmail dot com>
#
# 2026 Wayne King
# Added GET_REGISTERED_IP mode to retrieve the actual backend IP from Cloudflare API
# (DNS lookups return Cloudflare's proxy IP, not the actual registered IP)
# CloudFlare API documentation, section DNS at https://developers.cloudflare.com/api/resources/dns/
#
# This script is parsed by dynamic_dns_functions.sh inside send_update() function
#
# using following options from /etc/config/ddns
# option username - "Bearer" or your Cloudflare e-mail, depending on the type of credentials used
# for API Token, use "Bearer"; otherwise, with Global API Key, use your Cloudflare e-mail
# option password - Your API Token or your Global API Key, you can create/get either at
# https://dash.cloudflare.com/profile/api-tokens
# option domain - "hostname@yourdomain.TLD"
# option param_opt - (Optional) key=value pairs that are separated by space
# if duplicate keys found, only the last occurrence will be used
# example: "zone_id=123456789 dns_record_id=987654321"
# current supported keys:
# 1. zone_id (API: GET https://api.cloudflare.com/client/v4/zones)
# note: zone_id must be specified if dns_record_id is specified
# 2. dns_record_id (API: GET https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records)
#
# The proxy status would not be changed by this script. Please change it in Cloudflare dashboard manually.
#
# variable __IP already defined with the ip-address to use for update
#
# check parameters
[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "Cloudflare communication require cURL with SSL support. Please install"
[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
[ $use_https -eq 0 ] && use_https=1 # force HTTPS
# parse param_opt
if [ -n "$param_opt" ]; then
for pair in $param_opt; do
case $pair in
zone_id=*)
zone_id=${pair#*=}
write_log 7 "User defined zone_id: $zone_id"
;;
dns_record_id=*)
dns_record_id=${pair#*=}
write_log 7 "User defined dns_record_id: $dns_record_id"
;;
*)
# Ignore others
;;
esac
done
fi
# If dns_record_id is specified, zone_id must also be specified
if [ -n "$dns_record_id" ] && [ -z "$zone_id" ]; then
write_log 4 "zone_id cannot be empty if dns_record_id is specified"
return 127
fi
# used variables
local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID
local __URLBASE="https://api.cloudflare.com/client/v4"
if echo "$domain" | grep -Fq '@'; then
# split __HOST __DOMAIN from $domain
# given data:
# @example.com for "domain record"
# host.sub@example.com for a "host record"
__HOST=$(printf %s "$domain" | cut -d@ -f1)
__DOMAIN=$(printf %s "$domain" | cut -d@ -f2)
else
__DOMAIN=$domain
fi
# Cloudflare v4 needs:
# __DOMAIN = the base domain i.e. example.com
# __HOST = the FQDN of record to modify
# i.e. example.com for the "domain record" or host.sub.example.com for "host record"
if [ -z "$__HOST" ]; then
# handling domain record then set __HOST = __DOMAIN
__HOST=$__DOMAIN
else
# handling host record then rebuild fqdn host@domain.tld => host.domain.tld
__HOST="${__HOST}.${__DOMAIN}"
fi
# set record type
[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
# transfer function to use for godaddy
# all needed variables are set global here
# so we can use them directly
cloudflare_transfer() {
local __CNT=0
local __ERR
while : ; do
write_log 7 "#> $__RUNPROG"
eval "$__RUNPROG"
__ERR=$? # save communication error
[ $__ERR -eq 0 ] && break # no error break while
write_log 3 "cURL Error: '$__ERR'"
write_log 7 "$(cat $ERRFILE)" # report error
[ $VERBOSE_MODE -gt 1 ] && {
# VERBOSE_MODE > 1 then NO retry
write_log 4 "Transfer failed - Verbose Mode: $VERBOSE_MODE - NO retry on error"
break
}
__CNT=$(( $__CNT + 1 )) # increment error counter
# if error count > retry_max_count leave here
[ $retry_max_count -gt 0 -a $__CNT -gt $retry_max_count ] && \
write_log 14 "Transfer failed after $retry_max_count retries"
write_log 4 "Transfer failed - retry $__CNT/$retry_max_count in $RETRY_SECONDS seconds"
sleep $RETRY_SECONDS &
PID_SLEEP=$!
wait $PID_SLEEP # enable trap-handler
PID_SLEEP=0
done
# check for error
grep -q '"success":\s*true' $DATFILE || {
write_log 4 "CloudFlare reported an error:"
write_log 7 "$(cat $DATFILE)" # report error
return 1 # HTTP-Fehler
}
}
# Build base command to use
__PRGBASE="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
# force network/interface-device to use for communication
if [ -n "$bind_network" ]; then
local __DEVICE
network_get_device __DEVICE $bind_network || \
write_log 13 "Can not detect local device using 'network_get_device $bind_network' - Error: '$?'"
write_log 7 "Force communication via device '$__DEVICE'"
__PRGBASE="$__PRGBASE --interface $__DEVICE"
fi
# force ip version to use
if [ $force_ipversion -eq 1 ]; then
[ $use_ipv6 -eq 0 ] && __PRGBASE="$__PRGBASE -4" || __PRGBASE="$__PRGBASE -6" # force IPv4/IPv6
fi
# set certificate parameters
if [ "$cacert" = "IGNORE" ]; then # idea from Ticket #15327 to ignore server cert
__PRGBASE="$__PRGBASE --insecure" # but not empty better to use "IGNORE"
elif [ -f "$cacert" ]; then
__PRGBASE="$__PRGBASE --cacert $cacert"
elif [ -d "$cacert" ]; then
__PRGBASE="$__PRGBASE --capath $cacert"
elif [ -n "$cacert" ]; then # it's not a file and not a directory but given
write_log 14 "No valid certificate(s) found at '$cacert' for HTTPS communication"
fi
# disable proxy if not set (there might be .wgetrc or .curlrc or wrong environment set)
# or check if libcurl compiled with proxy support
if [ -z "$proxy" ]; then
__PRGBASE="$__PRGBASE --noproxy '*'"
elif [ -z "$CURL_PROXY" ]; then
# if libcurl has no proxy support and proxy should be used then force ERROR
write_log 13 "cURL: libcurl compiled without Proxy support"
fi
# set headers
if [ "$username" = "Bearer" ]; then
write_log 7 "Found Username 'Bearer' using Password as Bearer Authorization Token"
__PRGBASE="$__PRGBASE --header 'Authorization: Bearer $password' "
else
__PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
__PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
fi
__PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
# read zone id for registered domain.TLD
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
cloudflare_transfer || return 1
if [ -n "$zone_id" ]; then
# validate user defined zone id
__ZONEID=$(jsonfilter -i $DATFILE -e "@.result[@.id='$zone_id'].id")
[ -z "$__ZONEID" ] && {
write_log 4 "Invalid user defined zone_id for domain.tld: '$__DOMAIN'"
return 127
}
else
# extract zone id
__ZONEID=$(jsonfilter -i $DATFILE -e "@.result.*.id" | head -1)
[ -z "$__ZONEID" ] && {
write_log 4 "Could not detect 'zone id' for domain.tld: '$__DOMAIN'"
return 127
}
fi
# read record id for A or AAAA record of host.domain.TLD
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records?name=$__HOST&type=$__TYPE'"
cloudflare_transfer || return 1
if [ -n "$dns_record_id" ]; then
# validate user defined record id
__RECID=$(jsonfilter -i $DATFILE -e "@.result[@.id='$dns_record_id'].id")
[ -z "$__RECID" ] && {
write_log 4 "Invalid user defined dns_record_id for host.domain.tld: '$__HOST'"
return 127
}
else
# extract record id
__RECID=$(jsonfilter -i $DATFILE -e "@.result.*.id" | head -1)
[ -z "$__RECID" ] && {
write_log 4 "Could not detect 'record id' for host.domain.tld: '$__HOST'"
return 127
}
fi
# Check if we are being called for GET_REGISTERED_IP mode
# This is set by get_registered_ip() in dynamic_dns_functions.sh
if [ -n "$GET_REGISTERED_IP" ]; then
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
cloudflare_transfer || return 1
__DATA=$(jsonfilter -i "$DATFILE" -e "@.result.content" 2>/dev/null)
if [ -n "$__DATA" ]; then
write_log 7 "Registered IP '$__DATA' detected via Cloudflare API"
REGISTERED_IP="$__DATA"
return 0
else
write_log 4 "Could not extract IP from Cloudflare API response"
return 127
fi
fi
# If dns_record_id is specified, grab the stored IP for that specific record
# So that the IP checking behavior below works even for domains with multiple IPs
if [ -n "$dns_record_id" ]; then
__RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
cloudflare_transfer || return 1
fi
# extract current stored IP
__DATA=$(grep -o '"content":\s*"[^"]*' $DATFILE | grep -o '[^"]*$' | head -1)
# check data
[ $use_ipv6 -eq 0 ] \
&& __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV4_REGEX") \
|| __DATA=$(printf "%s" "$__DATA" | grep -m 1 -o "$IPV6_REGEX")
# we got data so verify
[ -n "$__DATA" ] && {
# expand IPv6 for compare
if [ $use_ipv6 -eq 1 ]; then
expand_ipv6 $__IP __IPV6
expand_ipv6 $__DATA __DATA
[ "$__DATA" = "$__IPV6" ] && { # IPv6 no update needed
write_log 7 "IPv6 at CloudFlare.com already up to date"
return 0
}
else
[ "$__DATA" = "$__IP" ] && { # IPv4 no update needed
write_log 7 "IPv4 at CloudFlare.com already up to date"
return 0
}
fi
}
# update is needed
# let's build data to send
# use file to work around " needed for json
cat > $DATFILE << EOF
{"content":"$__IP"}
EOF
# let's complete transfer command
__RUNPROG="$__PRGBASE --request PATCH --data @$DATFILE '$__URLBASE/zones/$__ZONEID/dns_records/$__RECID'"
cloudflare_transfer || return 1
return 0
|
