Advertisement
Guest User

dns-krbnsupdate.sh

a guest
Mar 1st, 2012
34
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2.  
  3. ## CONFIGURATION ##
  4. # Kerberos realm
  5. realm="DOMAIN.LAN"
  6. # Kerberos principal
  7. principal="dhcpduser@$realm"
  8. # Kerberos keytab
  9. keytab="/etc/dhcp/dhcpd.keytab"
  10. # Kerberos credentials cache
  11. krb5cc="/run/dhcp-server/dhcpd.krb5cc"
  12. # Use MIT kerberos args instead of heimdal.
  13. #KRB5MIT="YES"
  14.  
  15. # Domain appended to hostname
  16. domain="domain.lan"
  17. # Space separated list of DNS servers for sending updates to
  18. NSRVS="ns1.domain.lan ns2.domain.lan"
  19. # Default DNS resource records TTL
  20. RRTTL="3600"
  21. # Do not use TXT RRs (rfc4701)
  22. NOTXTRRS="YES"
  23.  
  24. # Additional nsupdate flags (-g already applied), e.g. "-d" for debug
  25. #NSUPDFLAGS="-d"
  26. # Run in the foreground (for manual run only!!!), it's better to use "-d" as script's first argument
  27. #DEBUG="YES"
  28.  
  29. ######################################################
  30.  
  31. ## VARIABLES ##
  32. [ "$1" = "-d" ] && DEBUG="YES" && shift
  33. action=$1
  34. ip=$2
  35. DHCID=$3
  36. name=${4%%.*}
  37. [ -n "$5" ] && RRTTL="$5"
  38.  
  39. _usage() {
  40. echo "Usage:"
  41. echo `basename $0` [-d] add ip-address dhcid|mac-address hostname [dns-ttl]"
  42. echo `basename $0` [-d] delete ip-address dhcid|mac-address"
  43. }
  44.  
  45. _kerberos() {
  46. export KRB5_KTNAME="$keytab"
  47. export KRB5CCNAME="$krb5cc"
  48.  
  49. if [ "$KRB5MIT" = "YES" ]; then
  50.     KLISTARG="-s"
  51. else
  52.     KLISTARG="-t"
  53. fi
  54.  
  55. klist $KLISTARG || kinit -k -t "$keytab" -c "$krb5cc" "$principal" || { echo "DDNS: kinit failed"; exit 1; }
  56. }
  57.  
  58. _main() {
  59. umask 77
  60.  
  61. if [ -z "$ip" ] || [ -z "$DHCID" ]; then
  62.     _usage
  63.     exit 1
  64. fi
  65.  
  66.  
  67. ## NSUPDATE ##
  68. case "$action" in
  69.     add)
  70.         RRPTR="$name.$domain"
  71.     if [ "$NOTXTRRS" != "YES" ]; then
  72.         NOTXTRRS=""
  73.         RRAOLD=`host $RRPTR | awk '/has address/ {print $4}'`
  74.         if [ -n "$RRAOLD" ]; then
  75.         RRTXTOLD=`host -t txt "$RRPTR" | sed -n '/descriptive text/s/^.*[[:space:]]descriptive text[[:space:]]*"\(.*\)"$/\1/p'`
  76.         [ -z "$RRTXTOLD" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: has A record but no DHCID, not mine" && exit 1
  77.  
  78.         RRTXT=`echo "$DHCID$RRPTR" | sha256sum`
  79.         RRTXT="000101${RRTXT%% *}"
  80.         [ "$RRTXT" != "$RRTXTOLD" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: has A record but DHCID is wrong" && exit 1
  81.         else
  82.         RRTXT=`echo "$DHCID$RRPTR" | sha256sum`
  83.         RRTXT="000101${RRTXT%% *}"
  84.         fi
  85.     else
  86.         NOTXTRRS=";"
  87.     fi
  88.    
  89.     RRPTRNAME=`echo $ip | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}'`
  90.  
  91.     _kerberos
  92.  
  93.     for NSRV in $NSRVS; do
  94.         nsupdate -g $NSUPDFLAGS << UPDATE
  95. server $NSRV
  96. realm $realm
  97. update delete $RRPTR. $RRTTL A
  98. ${NOTXTRRS}update delete $RRPTR. $RRTTL TXT
  99. ${NOTXTRRS}update add $RRPTR. $RRTTL TXT $RRTXT
  100. update add $RRPTR. $RRTTL A $ip
  101. send
  102. update delete $RRPTRNAME. $RRTTL PTR
  103. update add $RRPTRNAME. $RRTTL PTR $name.$domain.
  104. send
  105. UPDATE
  106.         result=$?
  107.         [ "$result" -eq "0" ] && echo "DDNS: adding records for $ip ($RRPTR) succeeded" && exit 0
  108.     done
  109.  
  110.     [ "$result" != "0" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: nsupdate status $result" && exit "$result"
  111.     ;;
  112.     delete)
  113.     RRPTR=`host $ip | awk '/domain name pointer/ { sub(/\.$/, "", $5); print $5}'`
  114.     if [ "$NOTXTRRS" != "YES" ]; then
  115.         NOTXTRRS=""
  116.         if [ -n "$RRPTR" ]; then
  117.         RRTXTOLD=`host -t txt "$RRPTR" | sed -n '/descriptive text/s/^.*[[:space:]]descriptive text[[:space:]]*"\(.*\)"$/\1/p'`
  118.         [ -z "$RRTXTOLD" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: has A record but no DHCID, not mine" && exit 1
  119.  
  120.         RRTXT=`echo "$DHCID$RRPTR" | sha256sum`
  121.         RRTXT="000101${RRTXT%% *}"
  122.         [ "$RRTXT" != "$RRTXTOLD" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: has A record but DHCID is wrong" && exit 1
  123.         else
  124.         echo "DDNS: removing records for $ip FAILED: has no PTR, can not determine A record" && exit 1
  125.         fi
  126.     else
  127.         NOTXTRRS=";"
  128.     fi
  129.    
  130.     RRPTRNAME=`echo $ip | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}'`
  131.  
  132.     _kerberos
  133.  
  134.     for NSRV in $NSRVS; do
  135.         nsupdate -g $NSUPDFLAGS << UPDATE
  136. server $NSRV
  137. realm $realm
  138. update delete $RRPTR. $RRTTL A
  139. ${NOTXTRRS}update delete $RRPTR. $RRTTL TXT
  140. send
  141. update delete $RRPTRNAME. $RRTTL PTR
  142. send
  143. UPDATE
  144.         result=$?
  145.         [ "$result" -eq "0" ] && echo "DDNS: removing records for $ip ($RRPTR) succeeded" && exit 0
  146.     done
  147.  
  148.     [ "$result" != "0" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: nsupdate status $result" && exit "$result"
  149.     ;;
  150.     *)
  151.     _usage && exit 1
  152.     ;;
  153. esac
  154. }
  155.  
  156. if [ "$DEBUG" = "YES" ]; then
  157.     _main
  158. else
  159.     :
  160.     _main | logger -s -t dhcpd &
  161. fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement