diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/etc/inc/dyndns.class | 7 | ||||
-rw-r--r-- | src/etc/inc/r53.class | 53 | ||||
-rw-r--r-- | src/usr/local/www/services_dyndns_edit.php | 2 |
3 files changed, 43 insertions, 19 deletions
diff --git a/src/etc/inc/dyndns.class b/src/etc/inc/dyndns.class index 0dfdbac..c88feca 100644 --- a/src/etc/inc/dyndns.class +++ b/src/etc/inc/dyndns.class @@ -96,7 +96,7 @@ * HE.net IPv6 - Last Tested: 7 July 2013 * HE.net Tunnel - Last Tested: 28 June 2011 * SelfHost - Last Tested: 26 December 2011 - * Amazon Route 53 - Last Tested: 30 August 2016 + * Amazon Route 53 - Last Tested: 04 February 2017 * DNS-O-Matic - Last Tested: 9 September 2010 * CloudFlare - Last Tested: 05 September 2016 * CloudFlare IPv6 - Last Tested: 17 July 2016 @@ -650,9 +650,10 @@ case 'route53': require_once("r53.class"); $r53 = new Route53($this->_dnsUser, $this->_dnsPass); - $apiurl = $r53->getApiUrl($this->_dnsZoneID); + list($r53_regionId, $r53_zoneId) = split('/', $this->_dnsZoneID); + $apiurl = $r53->getApiUrl($r53_zoneId); $xmlreq = $r53->getRequestBody($this->_dnsHost, $this->_dnsIP, $this->_dnsTTL); - $httphead = $r53->getHttpPostHeaders(strlen($xmlreq)); + $httphead = $r53->getHttpPostHeaders($r53_zoneId, $r53_regionId, hash("sha256",$xmlreq)); curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead); if($this->_dnsVerboseLog){ log_error(sprintf("Sending reuquest to: %s", $apiurl)); diff --git a/src/etc/inc/r53.class b/src/etc/inc/r53.class index cc50d4a..4ec4cd9 100644 --- a/src/etc/inc/r53.class +++ b/src/etc/inc/r53.class @@ -83,7 +83,7 @@ class Route53 * @return string XML document */ public function getRequestBody($fqdn, $ip, $ttl){ - $xmlreq .= "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"; + $xmlreq = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"; $xmlreq .= "<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\">"; $xmlreq .= "<ChangeBatch><Changes><Change>"; $xmlreq .= "<Action>UPSERT</Action>"; @@ -102,7 +102,7 @@ class Route53 /** * Return API URL * - * @param string $zoneid Amazone Zone ID + * @param string $zoneid Amazon Zone ID * @return string URL */ public function getApiUrl($zoneid){ @@ -112,21 +112,44 @@ class Route53 /** * Return HTTP post headers * - * @param int $bodylen length of the POST bost body + * @param string zoneId Amazon Zone + * @param string regionId Amazon Region Code (e.g. us-east-1) + * @param string requestBodySHA256 SHA256 hash of the request body * @return Array headers */ - public function getHttpPostHeaders($bodylen){ - $reqdate = gmdate('D, d M Y H:i:s e'); - $httphead[] = array(); - $httphead[] = sprintf("Date: %s", $reqdate); - $httphead[] = "Content-Type: text/plain"; - $httphead[] = sprintf("Content-Length: %d", $bodylen); - /* to avoid having user to know their AWS Region, for now use V3 */ - $httphead[] = sprintf( - "X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=%s,Algorithm=HMACSHA256,SignedHeaders=date,Signature=%s", - $this->__accessKey, - base64_encode(hash_hmac("sha256", $reqdate, $this->__secretKey, true)) - ); + public function getHttpPostHeaders($zoneId, $regionId, $requestBodySHA256){ + + $canonical_uri = sprintf("/2013-04-01/hostedzone/%s/rrset", $zoneId); + $amz_date = sprintf("%sT%sZ", gmdate('Ymd'), gmdate('His')); + $date_stamp = gmdate('Ymd'); + + $canonical_headers = sprintf("content-type:%s\nhost:%s\nx-amz-date:%s\n", + "text/xml", "route53.amazonaws.com", $amz_date); + + $signed_headers = "content-type;host;x-amz-date"; + + $canonical_request = sprintf("%s\n%s\n\n%s\n%s\n%s", + "POST", $canonical_uri, $canonical_headers, $signed_headers, $requestBodySHA256); + $algorithm = "AWS4-HMAC-SHA256"; + $credential_scope = sprintf("%s/%s/%s/%s", $date_stamp, $regionId, "route53", "aws4_request"); + $string_to_sign = sprintf("%s\n%s\n%s\n%s", + $algorithm, $amz_date, $credential_scope, hash("sha256", $canonical_request)); + + $kSecret = sprintf("AWS4%s", $this->__secretKey); + $kDate = hash_hmac("sha256", $date_stamp, $kSecret, true); + $kRegion = hash_hmac("sha256", $regionId, $kDate, true); + $kService = hash_hmac("sha256", "route53", $kRegion, true); + $signing_key = hash_hmac("sha256","aws4_request", $kService, true); + + $signature = bin2hex(hash_hmac("sha256", $string_to_sign, $signing_key, true)); + + $authorization_header = sprintf("%s Credential=%s/%s, SignedHeaders=%s, Signature=%s", + $algorithm, $this->__accessKey, $credential_scope, $signed_headers, $signature); + + $httphead[] = "Content-Type: text/xml"; + $httphead[] = sprintf("X-Amz-Date: %s", $amz_date); + $httphead[] = sprintf("Authorization: %s", $authorization_header); return $httphead; } } + diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index eeaacb1..292590f 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -376,7 +376,7 @@ $section->addInput(new Form_Input( 'Zone ID', 'text', $pconfig['zoneid'] -))->setHelp('Enter Zone ID that was received when creating the domain in Route 53.' . '<br />' . +))->setHelp('Route53: Enter AWS Region and Zone ID in the form REGION/ZONEID (example: "us-east-1/A1B2C3D4E5F6Z").' . '<br />' . 'DNSimple: Enter the Record ID of record to update.'); $section->addInput(new Form_Input( |