ddns-scripts:bump version

2025-05-01 04:51:19 +08:00 · 2020-03-23 11:41:49 +08:00 · 2020-03-23 11:41:49 +08:00 · 7a2d256eae
commit 7a2d256eae
parent 63dd878f94
10 changed files with 330 additions and 123 deletions
--- a/net/ddns-scripts/Makefile
+++ b/net/ddns-scripts/Makefile
@ -12,7 +12,7 @@ PKG_NAME:=ddns-scripts
 PKG_VERSION:=2.7.8
 # Release == build
 # increase on changes of services files or tld_names.dat
-PKG_RELEASE:=1
+PKG_RELEASE:=17

 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=
@ -36,7 +36,7 @@ define Package/ddns-scripts
 endef
 # shown in LuCI package description
 define Package/ddns-scripts/description
-    Dynamic DNS Client scripts (with IPv6 support) - Info: http://wiki.openwrt.org/doc/howto/ddns.client
+    Dynamic DNS Client scripts (with IPv6 support) - Info: https://openwrt.org/docs/guide-user/services/ddns/client
 endef
 # shown in menuconfig <Help>
 define Package/ddns-scripts/config
@ -50,7 +50,7 @@ define Package/ddns-scripts/config
 		  - log file support
 		  - support to run once
 		Version: $(PKG_VERSION)-$(PKG_RELEASE)
-		Info   : http://wiki.openwrt.org/doc/howto/ddns.client
+		Info   : https://openwrt.org/docs/guide-user/services/ddns/client
 endef

 ###### *************************************************************************
@ -127,6 +127,21 @@ define Package/ddns-scripts_route53-v1/description
 	"option domain" to contain the hosted zone ID
 endef

+###### *************************************************************************
+define Package/ddns-scripts_cnkuai_cn
+    $(call Package/ddns-scripts/Default)
+    TITLE:=CnKuai API
+    DEPENDS:=ddns-scripts +curl +giflib-utils
+endef
+define Package/ddns-scripts_cnkuai_cn/description
+	Dynamic DNS Client scripts extension for CnKuai.Note: You
+	must also install giflib-utils.
+	It requires:
+	"option username" to be a valid CnKuai control panel id
+	"option password" to be the matching CnKuai control panel password
+	"option domain" to contain the domain
+endef
+
 ###### *************************************************************************
 define Build/Configure
 endef
@ -436,6 +451,47 @@ define Package/ddns-scripts_route53-v1/prerm
 	exit 0	# suppress errors
 endef

+###### *************************************************************************
+define Package/ddns-scripts_cnkuai_cn/preinst
+	#!/bin/sh
+	# if NOT run buildroot then stop service
+	[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1
+	exit 0	# suppress errors
+endef
+define Package/ddns-scripts_cnkuai_cn/install
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns.defaults $(1)/etc/uci-defaults/ddns_cnkuai_cn
+	$(INSTALL_DIR) $(1)/usr/lib/ddns
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/files/update_cnkuai_cn.sh $(1)/usr/lib/ddns
+endef
+define Package/ddns-scripts_cnkuai_cn/postinst
+	#!/bin/sh
+	# remove old services file entries
+	/bin/sed -i '/cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services		>/dev/null 2>&1
+	/bin/sed -i '/cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6	>/dev/null 2>&1
+	# and create new
+	printf "%s\\t%s\\n" '"cnkuai.cn"' '"update_cnkuai_cn.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services
+	printf "%s\\t%s\\n" '"cnkuai.cn"' '"update_cnkuai_cn.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6
+	# on real system restart service if enabled
+	[ -z "$${IPKG_INSTROOT}" ] && {
+		[ -x /etc/uci-defaults/ddns_cnkuai_cn ] && \
+			/etc/uci-defaults/ddns_cnkuai_cn && \
+				rm -f /etc/uci-defaults/cnkuai.cn >/dev/null 2>&1
+		/etc/init.d/ddns enabled \
+			&& /etc/init.d/ddns start >/dev/null 2>&1
+	}
+	exit 0	# suppress errors
+endef
+define Package/ddns-scripts_cnkuai_cn/prerm
+	#!/bin/sh
+	# if NOT run buildroot then stop service
+	[ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop				>/dev/null 2>&1
+	# remove services file entries
+	/bin/sed -i 'cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services		>/dev/null 2>&1
+	/bin/sed -i 'cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6	>/dev/null 2>&1
+	exit 0	# suppress errors
+endef
+
 ###### *************************************************************************
 $(eval $(call BuildPackage,ddns-scripts))
 $(eval $(call BuildPackage,ddns-scripts_cloudflare.com-v4))
@ -444,3 +500,4 @@ $(eval $(call BuildPackage,ddns-scripts_godaddy.com-v1))
 $(eval $(call BuildPackage,ddns-scripts_no-ip_com))
 $(eval $(call BuildPackage,ddns-scripts_nsupdate))
 $(eval $(call BuildPackage,ddns-scripts_route53-v1))
+$(eval $(call BuildPackage,ddns-scripts_cnkuai_cn))
--- a/net/ddns-scripts/files/ddns.config
+++ b/net/ddns-scripts/files/ddns.config
@ -1,5 +1,5 @@
 #
-# Please read http://wiki.openwrt.org/doc/uci/ddns
+# Please read https://openwrt.org/docs/guide-user/base-system/ddns
 #
 config ddns "global"
 	option ddns_dateformat "%F %R"
@ -19,14 +19,4 @@ config service "myddns_ipv4"
 	option ip_source	"network"
 	option ip_network	"wan"

-config service "myddns_ipv6"
-	option update_url	"http://[USERNAME]:[PASSWORD]@your.provider.net/nic/update?hostname=[DOMAIN]&myip=[IP]"
-	option lookup_host	"yourhost.example.com"
-	option domain		"yourhost.example.com"
-	option username		"your_username"
-	option password		"your_password"
-	option use_ipv6		"1"
-	option interface	"wan6"
-	option ip_source	"network"
-	option ip_network	"wan6"

--- a/net/ddns-scripts/files/dynamic_dns_functions.sh
+++ b/net/ddns-scripts/files/dynamic_dns_functions.sh
@ -21,7 +21,7 @@
 . /lib/functions/network.sh

 # GLOBAL VARIABLES #
-VERSION="2.7.8-1"
+VERSION="2.7.8-14"
 SECTION_ID=""		# hold config's section name
 VERBOSE=0		# default mode is log to console, but easily changed with parameter
 MYPROG=$(basename $0)	# my program call name
@ -63,6 +63,12 @@ IPV4_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
 # IPv6       ( ( 0-9a-f  1-4char ":") min 1x) ( ( 0-9a-f  1-4char   )optional) ( (":" 0-9a-f 1-4char  ) min 1x)
 IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)"

+# characters that are dangerous to pass to a shell command line
+SHELL_ESCAPE="[\"\'\`\$\!();><{}?|\[\]\*\\\\]"
+
+# dns character set
+DNS_CHARSET="[@a-zA-Z0-9._-]"
+
 # detect if called by ddns-lucihelper.sh script, disable retrys (empty variable == false)
 LUCI_HELPER=$(printf %s "$MYPROG" | grep -i "luci")

@ -78,14 +84,10 @@ WGET=$(which wget)
 WGET_SSL=$(which wget-ssl)

 CURL=$(which curl)
-
+# CURL_SSL not empty then SSL support available
+CURL_SSL=$($CURL -V 2>/dev/null | grep -F "https")
 # CURL_PROXY not empty then Proxy support available
-if [ -f /tmp/vCURL_PROXY ]; then
-	CURL_PROXY=$(cat /tmp/vCURL_PROXY);
-else
-	CURL_PROXY=$(find /lib /usr/lib -name libcurl.so* -exec strings {} 2>/dev/null \; | grep -im1 "all_proxy")
-	echo $CURL_PROXY>/tmp/vCURL_PROXY
-fi
+CURL_PROXY=$(find /lib /usr/lib -name libcurl.so* -exec strings {} 2>/dev/null \; | grep -im1 "all_proxy")

 UCLIENT_FETCH=$(which uclient-fetch)

@ -280,11 +282,11 @@ write_log() {
 	[ $__LEVEL -eq 7 ] && return	# no syslog for debug messages
 	__CMD=$(echo -e "$__CMD" | tr -d '\n' | tr '\t' '     ')        # remove \n \t chars
 	[ $__EXIT  -eq 1 ] && {
-		$__CMD		# force syslog before exit
+		eval '$__CMD'	# force syslog before exit
 		exit 1
 	}
 	[ $use_syslog -eq 0 ] && return
-	[ $((use_syslog + __LEVEL)) -le 7 ] && $__CMD
+	[ $((use_syslog + __LEVEL)) -le 7 ] && eval '$__CMD'

 	return
 }
@ -299,32 +301,12 @@ write_log() {
 urlencode() {
 	# $1	Name of Variable to store encoded string to
 	# $2	string to encode
-	local __STR __LEN __CHAR __OUT
-	local __ENC=""
-	local __POS=1
+	local __ENC

 	[ $# -ne 2 ] && write_log 12 "Error calling 'urlencode()' - wrong number of parameters"

-	__STR="$2"		# read string to encode
-	__LEN=${#__STR}		# get string length
-
-	while [ $__POS -le $__LEN ]; do
-		# read one chat of the string
-		__CHAR=$(expr substr "$__STR" $__POS 1)
-
-		case "$__CHAR" in
-		        [-_.~a-zA-Z0-9] )
-				# standard char
-				__OUT="${__CHAR}"
-				;;
-		        * )
-				# special char get %hex code
-		               __OUT=$(printf '%%%02x' "'$__CHAR" )
-				;;
-		esac
-		__ENC="${__ENC}${__OUT}"	# append to encoded string
-		__POS=$(( $__POS + 1 ))		# increment position
-	done
+	__ENC="$(awk -v str="$2" 'BEGIN{ORS="";for(i=32;i<=127;i++)lookup[sprintf("%c",i)]=i
+		for(k=1;k<=length(str);++k){enc=substr(str,k,1);if(enc!~"[-_.~a-zA-Z0-9]")enc=sprintf("%%%02x", lookup[enc]);print enc}}')"

 	eval "$1=\"$__ENC\""	# transfer back to variable
 	return 0
@ -337,16 +319,19 @@ urlencode() {
 # $2	Name of Variable to store script to
 # $3	Name of Variable to store service answer to
 get_service_data() {
+	local __FILE __SERVICE __DATA __ANSWER __URL __SCRIPT __PIPE
+
 	[ $# -ne 3 ] && write_log 12 "Error calling 'get_service_data()' - wrong number of parameters"

 	__FILE="/etc/ddns/services"				# IPv4
 	[ $use_ipv6 -ne 0 ] && __FILE="/etc/ddns/services_ipv6"	# IPv6

 	# workaround with variables; pipe create subshell with no give back of variable content
-	mkfifo pipe_$$
+	__PIPE="$ddns_rundir/pipe_$$"
+	mkfifo "$__PIPE"
+
 	# only grep without # or whitespace at linestart | remove "
-#	grep -v -E "(^#|^[[:space:]]*$)" $__FILE | sed -e s/\"//g > pipe_$$ &
-	sed '/^#/d; /^[ \t]*$/d; s/\"//g' $__FILE  > pipe_$$ &
+	sed '/^#/d; /^[ \t]*$/d; s/\"//g' "$__FILE" > "$__PIPE" &

 	while read __SERVICE __DATA __ANSWER; do
 		if [ "$__SERVICE" = "$service_name" ]; then
@ -357,11 +342,11 @@ get_service_data() {
 			eval "$1=\"$__URL\""
 			eval "$2=\"$__SCRIPT\""
 			eval "$3=\"$__ANSWER\""
-			rm pipe_$$
+			rm "$__PIPE"
 			return 0
 		fi
-	done < pipe_$$
-	rm pipe_$$
+	done < "$__PIPE"
+	rm "$__PIPE"

 	eval "$1=\"\""	# no service match clear variables
 	eval "$2=\"\""
@ -479,6 +464,27 @@ timeout() {
 	return $status
 }

+# sanitize a variable
+# $1	variable name
+# $2	allowed shell pattern
+# $3	disallowed shell pattern
+sanitize_variable() {
+	local __VAR=$1
+	eval __VALUE=\$$__VAR
+	local __ALLOWED=$2
+	local __REJECT=$3
+
+	# removing all allowed should give empty string
+	if [ -n "$__ALLOWED" ]; then
+		[ -z "${__VALUE//$__ALLOWED}" ] || write_log 12 "sanitize on $__VAR found characters outside allowed subset"
+	fi
+
+	# removing rejected pattern should give the same string as the input
+	if [ -n "$__REJECT" ]; then
+		[ "$__VALUE" = "${__VALUE//$__REJECT}" ] || write_log 12 "sanitize on $__VAR found rejected characters"
+	fi
+}
+
 # verify given host and port is connectable
 # $1	Host/IP to verify
 # $2	Port to verify
@ -530,17 +536,17 @@ verify_host_port() {
 		}
 		# extract IP address
 		if [ -n "$BIND_HOST" -o -n "$KNOT_HOST" ]; then	# use BIND host or Knot host if installed
-			__IPV4=$(cat $DATFILE | awk -F "address " '/has address/ {print $2; exit}' )
-			__IPV6=$(cat $DATFILE | awk -F "address " '/has IPv6/ {print $2; exit}' )
+			__IPV4="$(awk -F "address " '/has address/ {print $2; exit}' "$DATFILE")"
+			__IPV6="$(awk -F "address " '/has IPv6/ {print $2; exit}' "$DATFILE")"
 		elif [ -n "$DRILL" ]; then	# use drill if installed
-			__IPV4=$(cat $DATFILE | awk '/^'"$lookup_host"'/ {print $5}' | grep -m 1 -o "$IPV4_REGEX")
-			__IPV6=$(cat $DATFILE | awk '/^'"$lookup_host"'/ {print $5}' | grep -m 1 -o "$IPV6_REGEX")
+			__IPV4="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV4_REGEX")"
+			__IPV6="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV6_REGEX")"
 		elif [ -n "$HOSTIP" ]; then	# use hostip if installed
-			__IPV4=$(cat $DATFILE | grep -m 1 -o "$IPV4_REGEX")
-			__IPV6=$(cat $DATFILE | grep -m 1 -o "$IPV6_REGEX")
+			__IPV4="$(grep -m 1 -o "$IPV4_REGEX" "$DATFILE")"
+			__IPV6="$(grep -m 1 -o "$IPV6_REGEX" "$DATFILE")"
 		else	# use BusyBox nslookup
-			__IPV4=$(cat $DATFILE | sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV4_REGEX\).*$/\\1/p }")
-			__IPV6=$(cat $DATFILE | sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV6_REGEX\).*$/\\1/p }")
+			__IPV4="$(sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV4_REGEX\).*$/\\1/p }" "$DATFILE")"
+			__IPV6="$(sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV6_REGEX\).*$/\\1/p }" "$DATFILE")"
 		fi
 	}

@ -695,7 +701,7 @@ do_transfer() {

 	# lets prefer GNU Wget because it does all for us - IPv4/IPv6/HTTPS/PROXY/force IP version
 	if [ -n "$WGET_SSL" -a $USE_CURL -eq 0 ]; then 			# except global option use_curl is set to "1"
-		__PROG="$WGET_SSL -nv -t 1 -O $DATFILE -o $ERRFILE"	# non_verbose no_retry outfile errfile
+		__PROG="$WGET_SSL --hsts-file=/tmp/.wget-hsts -nv -t 1 -O $DATFILE -o $ERRFILE"	# non_verbose no_retry outfile errfile
 		# force network/ip to use for communication
 		if [ -n "$bind_network" ]; then
 			local __BINDIP
@ -731,8 +737,6 @@ do_transfer() {
 	# 2nd choice is cURL IPv4/IPv6/HTTPS
 	# libcurl might be compiled without Proxy or HTTPS Support
 	elif [ -n "$CURL" ]; then
-		# CURL_SSL not empty then SSL support available
-		CURL_SSL=$($(which curl) -V 2>/dev/null | grep "Protocols:" | grep -F "https")
 		__PROG="$CURL -RsS -o $DATFILE --stderr $ERRFILE"
 		# check HTTPS support
 		[ -z "$CURL_SSL" -a $use_https -eq 1 ] && \
@ -907,7 +911,7 @@ get_local_ip () {
 	write_log 7 "Detect local IP on '$ip_source'"

 	while : ; do
-		if [ -n "$ip_network" ]; then
+		if [ -n "$ip_network" -a "$ip_source" = "network" ]; then
 			# set correct program
 			network_flush_cache	# force re-read data from ubus
 			[ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" \
@ -915,7 +919,7 @@ get_local_ip () {
 			eval "$__RUNPROG __DATA $ip_network" || \
 				write_log 13 "Can not detect local IP using $__RUNPROG '$ip_network' - Error: '$?'"
 			[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on network '$ip_network'"
-		elif [ -n "$ip_interface" ]; then
+		elif [ -n "$ip_interface" -a "$ip_source" = "interface" ]; then
 			local __DATA4=""; local __DATA6=""
 			if [ -n "$(which ip)" ]; then		# ip program installed
 				write_log 7 "#> ip -o addr show dev $ip_interface scope global >$DATFILE 2>$ERRFILE"
@ -994,7 +998,7 @@ get_local_ip () {
 			fi
 			[ $use_ipv6 -eq 0 ] && __DATA="$__DATA4" || __DATA="$__DATA6"
 			[ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on interface '$ip_interface'"
-		elif [ -n "$ip_script" ]; then
+		elif [ -n "$ip_script" -a "$ip_source" = "script" ]; then
 			write_log 7 "#> $ip_script >$DATFILE 2>$ERRFILE"
 			eval $ip_script >$DATFILE 2>$ERRFILE
 			__ERR=$?
@ -1005,7 +1009,7 @@ get_local_ip () {
 				write_log 3 "$ip_script Error: '$__ERR'"
 				write_log 7 "$(cat $ERRFILE)"		# report error
 			fi
-		elif [ -n "$ip_url" ]; then
+		elif [ -n "$ip_url" -a "$ip_source" = "web" ]; then
 			do_transfer "$ip_url"
 			# use correct regular expression
 			[ $use_ipv6 -eq 0 ] \
--- a/net/ddns-scripts/files/dynamic_dns_updater.sh
+++ b/net/ddns-scripts/files/dynamic_dns_updater.sh
@ -247,6 +247,15 @@ esac
 # without lookup host and possibly other required options we can do nothing for you
 [ -z "$lookup_host" ] && write_log 14 "Service section not configured correctly! Missing 'lookup_host'"

+# verify validity of variables
+[ -n "$lookup_host" ] && sanitize_variable lookup_host "$DNS_CHARSET" ""
+[ -n "$dns_server" ] && sanitize_variable dns_server "$DNS_CHARSET" ""
+[ -n "$domain" ] && sanitize_variable domain "$DNS_CHARSET" ""
+
+# Filter shell escape characters, if these are required in the URL, they
+# can still be passed url encoded
+[ -n "$param_opt" ] && sanitize_variable param_opt "" "$SHELL_ESCAPE"
+
 [ -n "$update_url" ] && {
 	# only check if update_url is given, update_scripts have to check themselves
 	[ -z "$domain" ] && $(echo "$update_url" | grep "\[DOMAIN\]" >/dev/null 2>&1) && \
--- a/net/ddns-scripts/files/services
+++ b/net/ddns-scripts/files/services
@ -43,10 +43,10 @@

 "able.or.kr"		"http://able.or.kr/ddns/src/update.php?hostname=[DOMAIN]&myip=[IP]&ddnsuser=[USERNAME]&pwd=[PASSWORD]"

-"afraid.org-basicauth"	"http://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
-"afraid.org-keyauth"	"http://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]"
-"afraid.org-v2-basic"	"http://[USERNAME]:[PASSWORD]@sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]"
-"afraid.org-v2-token"	"http://sync.afraid.org/u/[PASSWORD]/?address=[IP]"
+"afraid.org-basicauth"	"https://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
+"afraid.org-keyauth"	"https://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]"
+"afraid.org-v2-basic"	"https://[USERNAME]:[PASSWORD]@sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]"
+"afraid.org-v2-token"	"https://sync.afraid.org/u/[PASSWORD]/?address=[IP]"

 "all-inkl.com"		"http://[USERNAME]:[PASSWORD]@dyndns.kasserver.com/?myip=[IP]"

@ -57,11 +57,11 @@
 "ddns.com.br"		"http://[DOMAIN]:[PASSWORD]@members.ddns.com.br/nic/update?hostname=[DOMAIN]&myip=[IP]"

 # "ddnss.de"		"http://[USERNAME]:[PASSWORD]@ip4.ddnss.de/upd.php?host=[DOMAIN]&ip=[IP]"	"good|nochg"
-"ddnss.de"		"http://ip4.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip=[IP]"	"good|nochg"
+"ddnss.de"		"http://ip4.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip=[IP]"	"Updated|No change"

 "ddo.jp"		"http://free.ddo.jp/dnsupdate.php?dn=[DOMAIN]&pw=[PASSWORD]&ip=[IP]"

-"desec.io"		"http://update.dedyn.io/?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv4=[IP]"	"good|nochg"
+"desec.io"		"http://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv4=[IP]"	"good|nochg"

 "dhis.org"		"http://[USERNAME]:[PASSWORD]@is.dhis.org/"

@ -95,8 +95,8 @@

 "dyndns.it"		"http://[USERNAME]:[PASSWORD]@update.dyndns.it/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

-"dyn.com"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
-"dyndns.org"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
+"dyn.com"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
+"dyndns.org"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

 "dyndnss.net"		"http://www.dyndnss.net/?user=[USERNAME]&pass=[PASSWORD]&domain=[DOMAIN]&updater=other"

@ -114,10 +114,12 @@

 "goip.de"		"http://www.goip.de/setip?username=[USERNAME]&password=[PASSWORD]&subdomain=[DOMAIN]&ip=[IP]"

-"google.com"		"http://[USERNAME]:[PASSWORD]@domains.google.com/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
+"google.com"		"https://[USERNAME]:[PASSWORD]@domains.google.com/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

 "he.net"		"http://[DOMAIN]:[PASSWORD]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

+"inwx.de"		"http://[USERNAME]:[PASSWORD]@dyndns.inwx.com/nic/update?myip=[IP]"	"good|nochg"
+
 "joker.com"		"http://svc.joker.com/nic/update?username=[USERNAME]&password=[PASSWORD]&myip=[IP]&hostname=[DOMAIN]"	"good|nochg"

 "loopia.se"		"http://[USERNAME]:[PASSWORD]@dns.loopia.se/XDynDNSServer/XDynDNS.php?system=custom&hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
--- a/net/ddns-scripts/files/services_ipv6
+++ b/net/ddns-scripts/files/services_ipv6
@ -38,10 +38,10 @@
 #.no-ip.com / noip.com	!!! Please install additional package "ddns-scripts_no-ip_com"
 #.route53-v1		!!! Please install additional package "ddns-scripts_route53-v1"

-"afraid.org-basicauth"	"http://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
-"afraid.org-keyauth"	"http://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]"
-"afraid.org-v2-basic"	"http://[USERNAME]:[PASSWORD]@v6.sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]"
-"afraid.org-v2-token"	"http://v6.sync.afraid.org/u/[PASSWORD]/?address=[IP]"
+"afraid.org-basicauth"	"https://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]"
+"afraid.org-keyauth"	"https://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]"
+"afraid.org-v2-basic"	"https://[USERNAME]:[PASSWORD]@v6.sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]"
+"afraid.org-v2-token"	"https://v6.sync.afraid.org/u/[PASSWORD]/?address=[IP]"

 "all-inkl.com"		"http://[USERNAME]:[PASSWORD]@dyndns.kasserver.com/?myip=[IP]"

@ -50,7 +50,7 @@
 # "ddnss.de"		"http://[USERNAME]:[PASSWORD]@ip6.ddnss.de/upd.php?host=[DOMAIN]&ip6=[IP]"	"good|nochg"
 "ddnss.de"		"http://ip6.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip6=[IP]"	"good|nochg"

-"desec.io"		"http://update.dedyn.io/?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv6=[IP]"	"good|nochg"
+"desec.io"		"http://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv6=[IP]"	"good|nochg"

 "dhis.org"		"http://[USERNAME]:[PASSWORD]@is.dhis.org/"

@ -62,8 +62,8 @@

 "duiadns.net"		"http://ip.duiadns.net/dynamic.duia?host=[DOMAIN]&password=[PASSWORD]&ip6=[IP]"

-"dyn.com"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
-"dyndns.org"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
+"dyn.com"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"
+"dyndns.org"		"http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

 "dynu.com"    		"http://api.dynu.com/nic/update?hostname=[DOMAIN]&myipv6=[IP]&username=[USERNAME]&password=[PASSWORD]"

@ -75,6 +75,8 @@

 "he.net"		"http://[DOMAIN]:[PASSWORD]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

+"inwx.de"		"http://[USERNAME]:[PASSWORD]@dyndns.inwx.com/nic/update?myipv6=[IP]"	"good|nochg"
+
 "loopia.se"		"http://[USERNAME]:[PASSWORD]@dns.loopia.se/XDynDNSServer/XDynDNS.php?system=custom&hostname=[DOMAIN]&myip=[IP]"	"good|nochg"

 "mydns.jp"		"http://www.mydns.jp/directip.html?MID=[USERNAME]&PWD=[PASSWORD]&IPV6ADDR=[IP]"
--- a/net/ddns-scripts/files/update_cloudflare_com_v4.sh
+++ b/net/ddns-scripts/files/update_cloudflare_com_v4.sh
@ -29,6 +29,7 @@
 # used variables
 local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED
 local __URLBASE="https://api.cloudflare.com/client/v4"
+local __TTL=120

 # split __HOST __DOMAIN from $domain
 # given data:
@ -127,7 +128,6 @@ fi
 __PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' "
 __PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' "
 __PRGBASE="$__PRGBASE --header 'Content-Type: application/json' "
-# __PRGBASE="$__PRGBASE --header 'Accept: application/json' "

 # read zone id for registered domain.TLD
 __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'"
@ -182,7 +182,7 @@ __PROXIED=$(grep -o '"proxied":[^",]*' $DATFILE | grep -o '[^:]*$')

 # use file to work around " needed for json
 cat > $DATFILE << EOF
-{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","proxied":$__PROXIED}
+{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED}
 EOF

 # let's complete transfer command
--- a/net/ddns-scripts/files/update_cnkuai_cn.sh
+++ b/net/ddns-scripts/files/update_cnkuai_cn.sh
@ -0,0 +1,86 @@
+# inside url we need domain, username and password
+[ -z "$domain" ]   && write_log 14 "Service section not configured correctly! Missing 'domain'"
+[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing 'username'"
+[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing 'password'"
+
+local urlCp='http://cp.cnkuai.cn/'
+local urlLogin='http://cp.cnkuai.cn/userlogin.asp'
+local urlCaptcha='http://cp.cnkuai.cn/inc/image.asp'
+local urlDnsA='http://cp.cnkuai.cn/dns_a.asp'
+local urlDnsAAAA='http://cp.cnkuai.cn/dns_ipv6.asp'
+local urlDnsSave='http://cp.cnkuai.cn/dns_save.asp'
+
+getPixel(){
+  local filename=$1
+  local x=$(($2*3))
+  local y=$(($3*3))
+  local width=48
+
+  hexdump -s "$((x+width*y))" -n 3 -e '3/1 "%02X"' "$filename"
+}
+
+captchaChar(){
+  local filename=$1
+  local xoffset=$2
+
+  if [ "$(getPixel "$filename" $((xoffset+2)) 5)" = '000000' ]; then
+    echo '1'
+  elif [ "$(getPixel "$filename" $((xoffset+5)) 7)" = '000000' ]; then
+    echo '2'
+  elif [ "$(getPixel "$filename" $((xoffset+4)) 3)" = '000000' ]; then
+    echo '4'
+  elif [ "$(getPixel "$filename" $((xoffset+6)) 4)" = '000000' ]; then
+    echo '7'
+  elif [ "$(getPixel "$filename" $((xoffset+5)) 8)" = '000000' ]; then
+    echo '8'
+  elif [ "$(getPixel "$filename" $((xoffset+6)) 8)" = '000000' ]; then
+    echo '9'
+  elif [ "$(getPixel "$filename" $((xoffset+5)) 6)" = '000000' ]; then
+    echo '3'
+  elif [ "$(getPixel "$filename" $((xoffset+0)) 4)" = '000000' ]; then
+    echo '5'
+  elif [ "$(getPixel "$filename" $((xoffset+1)) 5)" = '000000' ]; then
+    echo '6'
+  else
+    echo '0'
+  fi
+}
+
+captcha(){
+  local str
+  str=$(captchaChar "$1" 9)
+  str=$str$(captchaChar "$1" 18)
+  str=$str$(captchaChar "$1" 26)
+  str=$str$(captchaChar "$1" 35)
+  echo "$str"
+}
+
+#clean
+rm /tmp/cnkuai.*
+#login to cnkuai dns cp
+curl -c '/tmp/cnkuai.cookiejar' "$urlCaptcha" | gif2rgb > /tmp/cnkuai.rgb || return 1
+yzm=$(captcha "/tmp/cnkuai.rgb")
+curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' -H "Content-Type: application/x-www-form-urlencoded" -H "Referer: $urlCp" -d "userid=$URL_USER&password=$URL_PASS&yzm=$yzm&B1=%C8%B7%C8%CF%B5%C7%C2%BD&lx=0&userlx=3" -X POST "$urlLogin" > /dev/null || return 1
+
+if [ "$use_ipv6" -eq 0 ]; then
+  curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' "$urlDnsA" > /tmp/cnkuai.html || return 1
+else
+  curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' "$urlDnsAAAA" > /tmp/cnkuai.html || return 1
+fi
+local domainline
+domainline=$(awk "/<td>$domain<\/td>/{ print NR; exit }" /tmp/cnkuai.html)
+local domainid
+domainid=$(awk "NR==$((domainline+3))" /tmp/cnkuai.html | sed 's/^.*name=\x27domainid\x27 value="//g' | sed 's/".*$//g')
+local dnslistid
+dnslistid=$(awk "NR==$((domainline+3))" /tmp/cnkuai.html | sed 's/^.*name=\x27dnslistid\x27 value="//g' | sed 's/".*$//g')
+
+local data
+
+if [ "$use_ipv6" -eq 0 ]; then
+  data="T2=$__IP&T3=120&act=dns_a_edit&domainid=$domainid&dnslistid=$dnslistid&B1=%D0%DE%B8%C4"
+else
+  data="T2=$__IP&T3=120&act=dns_ipv6_edit&domainid=$domainid&dnslistid=$dnslistid&B1=%D0%DE%B8%C4"
+fi
+curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' -H "Content-Type: application/x-www-form-urlencoded" -H "Referer: $urlDnsA" -d "$data" -X POST "$urlDnsSave" > /dev/null || return 1
+
+return 0
--- a/net/ddns-scripts/files/update_route53_v1.sh
+++ b/net/ddns-scripts/files/update_route53_v1.sh
@ -1,46 +1,44 @@
 #!/bin/sh
-#.Distributed under the terms of the GNU General Public License (GPL) version 2.0
-#.based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh
-#.2017 Max Berger <max at berger dot name>
-[ -z "$CURL_SSL" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install"
-[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
-[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
-[ -z "$domain" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'"
+# Distributed under the terms of the GNU General Public License (GPL) version 2.0
+# based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh
+# 2017 Max Berger <max at berger dot name>

-set -euo pipefail
-IFS=$'\n\t'
+[ -z "${CURL_SSL}" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install"
+[ -z "{$username}" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'"
+[ -z "${password}" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'"
+[ -z "${domain}" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'"

 ENDPOINT="route53.amazonaws.com"
 RECORD_TTL=300
-RECORD_NAME="$lookup_host".
-[ $use_ipv6 -eq 0 ] && RECORD_TYPE="A"
-[ $use_ipv6 -eq 1 ] && RECORD_TYPE="AAAA"
-RECORD_VALUE="$LOCAL_IP"
-HOSTED_ZONE_ID="$domain"
+RECORD_NAME="${lookup_host}."
+[ ${use_ipv6} -eq 0 ] && RECORD_TYPE="A"
+[ ${use_ipv6} -eq 1 ] && RECORD_TYPE="AAAA"
+RECORD_VALUE="${LOCAL_IP}"
+HOSTED_ZONE_ID="${domain}"
 API_PATH="/2013-04-01/hostedzone/${HOSTED_ZONE_ID}/rrset/"

-AWS_ACCESS_KEY_ID="$username"
-AWS_SECRET_ACCESS_KEY="$password"
+AWS_ACCESS_KEY_ID="${username}"
+AWS_SECRET_ACCESS_KEY="${password}"
 AWS_REGION='us-east-1'
 AWS_SERVICE='route53'

 hash() {
-    msg=$1
-    echo -en "$msg" | openssl dgst -sha256 | sed 's/^.* //'
+    msg="$1"
+    echo -en "${msg}" | openssl dgst -sha256 | sed 's/^.* //'
 }

 sign_plain() {
    # Sign message using a plaintext key
-    key=$1
-    msg=$2
-    echo -en "$msg" | openssl dgst -hex -sha256 -hmac "$key" | sed 's/^.* //'
+    key="$1"
+    msg="$2"
+    echo -en "${msg}" | openssl dgst -hex -sha256 -hmac "${key}" | sed 's/^.* //'
 }

 sign() {
    # Sign message using a hex formatted key
-    key=$1
-    msg=$2
-    echo -en "$msg" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //'
+    key="$1"
+    msg="$2"
+    echo -en "${msg}" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //'
 }

 request_body="<?xml version=\"1.0\" encoding=\"UTF-8\"?> \
@ -64,34 +62,34 @@ request_body="<?xml version=\"1.0\" encoding=\"UTF-8\"?> \
 </ChangeBatch> \
 </ChangeResourceRecordSetsRequest>"

-fulldate=$(date --utc +%Y%m%dT%H%M%SZ)
-shortdate=$(date --utc +%Y%m%d)
+fulldate="$(date --utc +%Y%m%dT%H%M%SZ)"
+shortdate="$(date --utc +%Y%m%d)"
 signed_headers="host;x-amz-date"
-request_hash=$(hash "$request_body")
+request_hash="$(hash "${request_body}")"
 canonical_request="POST\n${API_PATH}\n\nhost:route53.amazonaws.com\nx-amz-date:${fulldate}\n\n${signed_headers}\n${request_hash}"

-date_key=$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}")
-region_key=$(sign "$date_key" $AWS_REGION)
-service_key=$(sign "$region_key" $AWS_SERVICE)
-signing_key=$(sign "$service_key" aws4_request)
+date_key="$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}")"
+region_key="$(sign "${date_key}" ${AWS_REGION})"
+service_key="$(sign "${region_key}" ${AWS_SERVICE})"
+signing_key="$(sign "${service_key}" aws4_request)"

 credential="${shortdate}/${AWS_REGION}/${AWS_SERVICE}/aws4_request"
-sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "$canonical_request")"
+sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "${canonical_request}")"

-signature=$(sign "$signing_key" "$sigmsg")
+signature="$(sign "${signing_key}" "${sigmsg}")"

 authorization="AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${credential}, SignedHeaders=${signed_headers}, Signature=${signature}"

-ANSWER=$(curl \
+ANSWER="$(flock /tmp/$(basename -s .sh "$0").lock curl \
    -X "POST" \
    -H "Host: route53.amazonaws.com" \
    -H "X-Amz-Date: ${fulldate}" \
    -H "Authorization: ${authorization}" \
    -H "Content-Type: text/xml" \
    -d "$request_body" \
-    "https://${ENDPOINT}${API_PATH}")
+    "https://${ENDPOINT}${API_PATH}")"
 write_log 7 "${ANSWER}"

-echo ${ANSWER} | grep Error >/dev/null && return 1
-echo ${ANSWER} | grep ChangeInfo >/dev/null && return 0
+echo "${ANSWER}" | grep -F "Error" >/dev/null && return 1
+echo "${ANSWER}" | grep -F "ChangeInfo" >/dev/null && return 0
 return 2
--- a/net/ddns-scripts/samples/slaac_sample.sh
+++ b/net/ddns-scripts/samples/slaac_sample.sh
@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# script to determine and return SLAAC ipv6 address using prefix from a locally configured interface and the MAC address of the device
+# (c) 2018 Keve Mueller <keve at keve dot hu>
+#
+# activated inside /etc/config/ddns by setting
+#
+# option ip_source      'script'
+# option ip_script      '/usr/lib/ddns/slaac_sample.sh br-lan AA:BB:CC:DD:EE:FF'
+#
+# the script is executed (not parsed) inside get_local_ip() function
+# of /usr/lib/ddns/dynamic_dns_functions.sh
+#
+# useful when this box is the only DDNS client in the network and other clients use SLAAC
+# so no need to install ddns client on every "internal" box
+#
+# NB: this will not catch the actual IPV6 used by the host when it is configured to use temporary addresses
+
+#NB: we need a valid MAC address that is fully expanded with leading zeroes on all positions
+format_eui_64() {
+    local macaddr="$1"
+    echo ${macaddr:0:1}$(echo ${macaddr:1:1}|tr 0123456789abcdefABCDEF 23016745ab89efcd89efcd)${macaddr:3:2}:${macaddr:6:2}ff:fe${macaddr:9:2}:${macaddr:12:2}${macaddr:15:2}
+}
+
+# expand :: in an ipv6 address specification to the appropriate series of 0:
+# result will have 8 ipv6 fragments separated by single colon
+# NB: input must be a valid IPv6 address, e.g. ::1
+# NB: numbers are not prepended with leading zeroes
+expand_ipv6_colons() {
+    local ipv6=$1
+# we need :: to be in the middle, so prepend a 0 if the input starts with : and append 0 if it ends with it
+    if [ "${ipv6:0:1}" = ":" ]; then ipv6=0${ipv6}; fi
+    if [ "${ipv6: -1:1}" = ":" ]; then ipv6=${ipv6}0; fi
+# retain only the real colons
+    local colons=${ipv6//::|[0123456789abcdefABCDEF]/}
+# count them
+    local num_colons=${#colons}
+    local filler=":0:0:0:0:0:0:"
+# replace the :: with the appropriate substring from filler
+    local ipv6_x=${ipv6/::/${filler:0:(7-$num_colons)*2-1}}
+    echo $ipv6_x
+}
+
+# obtain the first ipv6 address of the device passed in $1
+addr_net=$(ip -6 -o addr show dev $1 scope global up | cut -d" " -f 7 | head -1)
+#addr_net=$1
+addr=${addr_net%/*}
+# TODO: we assume /64 subnet
+# get the first 64 bits of the address
+prefix=$(expand_ipv6_colons $addr | cut -d: -f -4)
+# compute the SLAAC 64 bits from the MAC
+suffix=$(format_eui_64 "$2")
+
+echo -n $prefix:$suffix
+exit 0
+
+#echo "Should never come here" >&2
+#exit 2
+