SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/bin/sh | |
| 2 | ||
| 3 | - | #exit 0 |
| 3 | + | |
| 4 | # Kerberos realm | |
| 5 | realm="DOMAIN.LAN" | |
| 6 | # Kerberos principal | |
| 7 | principal="dhcpduser@$realm" | |
| 8 | # Kerberos keytab | |
| 9 | keytab="/etc/dhcp/dhcpd.keytab" | |
| 10 | # Kerberos credentials cache | |
| 11 | krb5cc="/run/dhcp-server/dhcpd.krb5cc" | |
| 12 | # Use MIT kerberos args instead of heimdal. | |
| 13 | #KRB5MIT="YES" | |
| 14 | ||
| 15 | # Domain appended to hostname | |
| 16 | domain="domain.lan" | |
| 17 | # Space separated list of DNS servers for sending updates to | |
| 18 | NSRVS="ns1.domain.lan ns2.domain.lan" | |
| 19 | # Default DNS resource records TTL | |
| 20 | RRTTL="3600" | |
| 21 | # Do not use TXT RRs (rfc4701) | |
| 22 | NOTXTRRS="YES" | |
| 23 | ||
| 24 | - | #NOTXTRRS="YES" |
| 24 | + | |
| 25 | #NSUPDFLAGS="-d" | |
| 26 | # Run in the foreground (for manual run only!!!), it's better to use "-d" as script's first argument | |
| 27 | #DEBUG="YES" | |
| 28 | ||
| 29 | ###################################################### | |
| 30 | ||
| 31 | ## VARIABLES ## | |
| 32 | [ "$1" = "-d" ] && DEBUG="YES" && shift | |
| 33 | action=$1 | |
| 34 | ip=$2 | |
| 35 | DHCID=$3 | |
| 36 | name=${4%%.*}
| |
| 37 | [ -n "$5" ] && RRTTL="$5" | |
| 38 | ||
| 39 | - | echo " `basename $0` add ip-address dhcid|mac-address hostname [dns-ttl]" |
| 39 | + | |
| 40 | - | echo " `basename $0` delete ip-address dhcid|mac-address" |
| 40 | + | |
| 41 | echo " `basename $0` [-d] add ip-address dhcid|mac-address hostname [dns-ttl]" | |
| 42 | echo " `basename $0` [-d] delete ip-address dhcid|mac-address" | |
| 43 | } | |
| 44 | ||
| 45 | _kerberos() {
| |
| 46 | export KRB5_KTNAME="$keytab" | |
| 47 | export KRB5CCNAME="$krb5cc" | |
| 48 | - | klist -s || kinit $principal -k -t $keytab |
| 48 | + | |
| 49 | if [ "$KRB5MIT" = "YES" ]; then | |
| 50 | - | klist -t || kinit -t $keytab $principal |
| 50 | + | KLISTARG="-s" |
| 51 | else | |
| 52 | KLISTARG="-t" | |
| 53 | fi | |
| 54 | ||
| 55 | klist $KLISTARG || kinit -k -t "$keytab" -c "$krb5cc" "$principal" || { echo "DDNS: kinit failed"; exit 1; }
| |
| 56 | } | |
| 57 | ||
| 58 | _main() {
| |
| 59 | umask 77 | |
| 60 | ||
| 61 | if [ -z "$ip" ] || [ -z "$DHCID" ]; then | |
| 62 | _usage | |
| 63 | exit 1 | |
| 64 | fi | |
| 65 | ||
| 66 | ||
| 67 | - | RRAOLD=`host $name.$domain | awk '/has address/ {print $4}'`
|
| 67 | + | |
| 68 | case "$action" in | |
| 69 | - | RRTXTOLD=`host -t txt "$name.$domain" | sed -n '/descriptive text/s/^.*[[:space:]]descriptive text[[:space:]]*"\(.*\)"$/\1/p'` |
| 69 | + | |
| 70 | - | [ -z "$RRTXTOLD" ] && echo "Forward map from $name.$domain to $ip FAILED: Has an address record but no DHCID, not mine." && exit 0 |
| 70 | + | RRPTR="$name.$domain" |
| 71 | if [ "$NOTXTRRS" != "YES" ]; then | |
| 72 | - | RRTXT=`echo "$DHCID$name.$domain" | sha256sum` |
| 72 | + | |
| 73 | RRAOLD=`host $RRPTR | awk '/has address/ {print $4}'`
| |
| 74 | - | [ "$RRTXT" != "$RRTXTOLD" ] && echo "Forward map from $name.$domain to $ip FAILED: Has an address record but DHCID is wrong, not mine." && exit 0 |
| 74 | + | |
| 75 | RRTXTOLD=`host -t txt "$RRPTR" | sed -n '/descriptive text/s/^.*[[:space:]]descriptive text[[:space:]]*"\(.*\)"$/\1/p'` | |
| 76 | - | RRTXT=`echo "$DHCID$name.$domain" | sha256sum` |
| 76 | + | [ -z "$RRTXTOLD" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: has A record but no DHCID, not mine" && exit 1 |
| 77 | ||
| 78 | RRTXT=`echo "$DHCID$RRPTR" | sha256sum` | |
| 79 | RRTXT="000101${RRTXT%% *}"
| |
| 80 | [ "$RRTXT" != "$RRTXTOLD" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: has A record but DHCID is wrong" && exit 1 | |
| 81 | else | |
| 82 | RRTXT=`echo "$DHCID$RRPTR" | sha256sum` | |
| 83 | RRTXT="000101${RRTXT%% *}"
| |
| 84 | fi | |
| 85 | else | |
| 86 | NOTXTRRS=";" | |
| 87 | fi | |
| 88 | ||
| 89 | RRPTRNAME=`echo $ip | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}'`
| |
| 90 | ||
| 91 | - | update delete $name.$domain. $RRTTL A |
| 91 | + | |
| 92 | - | ${NOTXTRRS}update delete $name.$domain. $RRTTL TXT
|
| 92 | + | |
| 93 | - | ${NOTXTRRS}update add $name.$domain. $RRTTL TXT $RRTXT
|
| 93 | + | |
| 94 | - | update add $name.$domain. $RRTTL A $ip |
| 94 | + | |
| 95 | server $NSRV | |
| 96 | realm $realm | |
| 97 | update delete $RRPTR. $RRTTL A | |
| 98 | ${NOTXTRRS}update delete $RRPTR. $RRTTL TXT
| |
| 99 | ${NOTXTRRS}update add $RRPTR. $RRTTL TXT $RRTXT
| |
| 100 | update add $RRPTR. $RRTTL A $ip | |
| 101 | - | [ "$result" -eq "0" ] && break |
| 101 | + | |
| 102 | update delete $RRPTRNAME. $RRTTL PTR | |
| 103 | update add $RRPTRNAME. $RRTTL PTR $name.$domain. | |
| 104 | send | |
| 105 | UPDATE | |
| 106 | result=$? | |
| 107 | [ "$result" -eq "0" ] && echo "DDNS: adding records for $ip ($RRPTR) succeeded" && exit 0 | |
| 108 | done | |
| 109 | ||
| 110 | - | [ -z "$RRTXTOLD" ] && echo "Forward map from $RRPTR to $ip removing FAILED: Has an address record but no DHCID, not mine." && exit 0 |
| 110 | + | [ "$result" != "0" ] && echo "DDNS: adding records for $ip ($RRPTR) FAILED: nsupdate status $result" && exit "$result" |
| 111 | ;; | |
| 112 | delete) | |
| 113 | RRPTR=`host $ip | awk '/domain name pointer/ { sub(/\.$/, "", $5); print $5}'`
| |
| 114 | - | [ "$RRTXT" != "$RRTXTOLD" ] && echo "Forward map from $RRPTR to $ip removing FAILED: Has an address record but DHCID is wrong." && exit 0 |
| 114 | + | |
| 115 | NOTXTRRS="" | |
| 116 | - | echo "$ip has no PTR, can not determine address record." && exit 0 |
| 116 | + | |
| 117 | RRTXTOLD=`host -t txt "$RRPTR" | sed -n '/descriptive text/s/^.*[[:space:]]descriptive text[[:space:]]*"\(.*\)"$/\1/p'` | |
| 118 | [ -z "$RRTXTOLD" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: has A record but no DHCID, not mine" && exit 1 | |
| 119 | ||
| 120 | RRTXT=`echo "$DHCID$RRPTR" | sha256sum` | |
| 121 | RRTXT="000101${RRTXT%% *}"
| |
| 122 | [ "$RRTXT" != "$RRTXTOLD" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: has A record but DHCID is wrong" && exit 1 | |
| 123 | else | |
| 124 | echo "DDNS: removing records for $ip FAILED: has no PTR, can not determine A record" && exit 1 | |
| 125 | fi | |
| 126 | else | |
| 127 | NOTXTRRS=";" | |
| 128 | fi | |
| 129 | ||
| 130 | RRPTRNAME=`echo $ip | awk -F '.' '{print $4"."$3"."$2"."$1".in-addr.arpa"}'`
| |
| 131 | ||
| 132 | _kerberos | |
| 133 | ||
| 134 | for NSRV in $NSRVS; do | |
| 135 | nsupdate -g $NSUPDFLAGS << UPDATE | |
| 136 | server $NSRV | |
| 137 | - | [ "$result" -eq "0" ] && break |
| 137 | + | |
| 138 | update delete $RRPTR. $RRTTL A | |
| 139 | ${NOTXTRRS}update delete $RRPTR. $RRTTL TXT
| |
| 140 | send | |
| 141 | update delete $RRPTRNAME. $RRTTL PTR | |
| 142 | send | |
| 143 | UPDATE | |
| 144 | result=$? | |
| 145 | - | [ "$result" != "0" ] && echo "GSS-TSIG DNS update failed: $result" |
| 145 | + | [ "$result" -eq "0" ] && echo "DDNS: removing records for $ip ($RRPTR) succeeded" && exit 0 |
| 146 | - | exit $result |
| 146 | + | |
| 147 | ||
| 148 | [ "$result" != "0" ] && echo "DDNS: removing records for $ip ($RRPTR) FAILED: nsupdate status $result" && exit "$result" | |
| 149 | - | _main |
| 149 | + | |
| 150 | *) | |
| 151 | _usage && exit 1 | |
| 152 | ;; | |
| 153 | esac | |
| 154 | } | |
| 155 | ||
| 156 | if [ "$DEBUG" = "YES" ]; then | |
| 157 | _main | |
| 158 | else | |
| 159 | : | |
| 160 | _main | logger -s -t dhcpd & | |
| 161 | fi |
