diff --git a/net/ddns-scripts/Makefile b/net/ddns-scripts/Makefile index 89e7e964..fe634882 100755 --- a/net/ddns-scripts/Makefile +++ b/net/ddns-scripts/Makefile @@ -12,7 +12,7 @@ PKG_NAME:=ddns-scripts PKG_VERSION:=2.7.8 # Release == build # increase on changes of services files or tld_names.dat -PKG_RELEASE:=1 +PKG_RELEASE:=17 PKG_LICENSE:=GPL-2.0 PKG_MAINTAINER:= @@ -36,7 +36,7 @@ define Package/ddns-scripts endef # shown in LuCI package description define Package/ddns-scripts/description - Dynamic DNS Client scripts (with IPv6 support) - Info: http://wiki.openwrt.org/doc/howto/ddns.client + Dynamic DNS Client scripts (with IPv6 support) - Info: https://openwrt.org/docs/guide-user/services/ddns/client endef # shown in menuconfig define Package/ddns-scripts/config @@ -50,7 +50,7 @@ define Package/ddns-scripts/config - log file support - support to run once Version: $(PKG_VERSION)-$(PKG_RELEASE) - Info : http://wiki.openwrt.org/doc/howto/ddns.client + Info : https://openwrt.org/docs/guide-user/services/ddns/client endef ###### ************************************************************************* @@ -127,6 +127,21 @@ define Package/ddns-scripts_route53-v1/description "option domain" to contain the hosted zone ID endef +###### ************************************************************************* +define Package/ddns-scripts_cnkuai_cn + $(call Package/ddns-scripts/Default) + TITLE:=CnKuai API + DEPENDS:=ddns-scripts +curl +giflib-utils +endef +define Package/ddns-scripts_cnkuai_cn/description + Dynamic DNS Client scripts extension for CnKuai.Note: You + must also install giflib-utils. + It requires: + "option username" to be a valid CnKuai control panel id + "option password" to be the matching CnKuai control panel password + "option domain" to contain the domain +endef + ###### ************************************************************************* define Build/Configure endef @@ -436,6 +451,47 @@ define Package/ddns-scripts_route53-v1/prerm exit 0 # suppress errors endef +###### ************************************************************************* +define Package/ddns-scripts_cnkuai_cn/preinst + #!/bin/sh + # if NOT run buildroot then stop service + [ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1 + exit 0 # suppress errors +endef +define Package/ddns-scripts_cnkuai_cn/install + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/ddns.defaults $(1)/etc/uci-defaults/ddns_cnkuai_cn + $(INSTALL_DIR) $(1)/usr/lib/ddns + $(INSTALL_BIN) $(PKG_BUILD_DIR)/files/update_cnkuai_cn.sh $(1)/usr/lib/ddns +endef +define Package/ddns-scripts_cnkuai_cn/postinst + #!/bin/sh + # remove old services file entries + /bin/sed -i '/cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 + /bin/sed -i '/cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 + # and create new + printf "%s\\t%s\\n" '"cnkuai.cn"' '"update_cnkuai_cn.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services + printf "%s\\t%s\\n" '"cnkuai.cn"' '"update_cnkuai_cn.sh"' >> $${IPKG_INSTROOT}/etc/ddns/services_ipv6 + # on real system restart service if enabled + [ -z "$${IPKG_INSTROOT}" ] && { + [ -x /etc/uci-defaults/ddns_cnkuai_cn ] && \ + /etc/uci-defaults/ddns_cnkuai_cn && \ + rm -f /etc/uci-defaults/cnkuai.cn >/dev/null 2>&1 + /etc/init.d/ddns enabled \ + && /etc/init.d/ddns start >/dev/null 2>&1 + } + exit 0 # suppress errors +endef +define Package/ddns-scripts_cnkuai_cn/prerm + #!/bin/sh + # if NOT run buildroot then stop service + [ -z "$${IPKG_INSTROOT}" ] && /etc/init.d/ddns stop >/dev/null 2>&1 + # remove services file entries + /bin/sed -i 'cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services >/dev/null 2>&1 + /bin/sed -i 'cnkuai.cn/d' $${IPKG_INSTROOT}/etc/ddns/services_ipv6 >/dev/null 2>&1 + exit 0 # suppress errors +endef + ###### ************************************************************************* $(eval $(call BuildPackage,ddns-scripts)) $(eval $(call BuildPackage,ddns-scripts_cloudflare.com-v4)) @@ -444,3 +500,4 @@ $(eval $(call BuildPackage,ddns-scripts_godaddy.com-v1)) $(eval $(call BuildPackage,ddns-scripts_no-ip_com)) $(eval $(call BuildPackage,ddns-scripts_nsupdate)) $(eval $(call BuildPackage,ddns-scripts_route53-v1)) +$(eval $(call BuildPackage,ddns-scripts_cnkuai_cn)) diff --git a/net/ddns-scripts/files/ddns.config b/net/ddns-scripts/files/ddns.config index 6d6b8109..087fb5ea 100644 --- a/net/ddns-scripts/files/ddns.config +++ b/net/ddns-scripts/files/ddns.config @@ -1,5 +1,5 @@ # -# Please read http://wiki.openwrt.org/doc/uci/ddns +# Please read https://openwrt.org/docs/guide-user/base-system/ddns # config ddns "global" option ddns_dateformat "%F %R" @@ -19,14 +19,4 @@ config service "myddns_ipv4" option ip_source "network" option ip_network "wan" -config service "myddns_ipv6" - option update_url "http://[USERNAME]:[PASSWORD]@your.provider.net/nic/update?hostname=[DOMAIN]&myip=[IP]" - option lookup_host "yourhost.example.com" - option domain "yourhost.example.com" - option username "your_username" - option password "your_password" - option use_ipv6 "1" - option interface "wan6" - option ip_source "network" - option ip_network "wan6" diff --git a/net/ddns-scripts/files/dynamic_dns_functions.sh b/net/ddns-scripts/files/dynamic_dns_functions.sh index 7dbdb20e..cbeb09bc 100755 --- a/net/ddns-scripts/files/dynamic_dns_functions.sh +++ b/net/ddns-scripts/files/dynamic_dns_functions.sh @@ -21,7 +21,7 @@ . /lib/functions/network.sh # GLOBAL VARIABLES # -VERSION="2.7.8-1" +VERSION="2.7.8-14" SECTION_ID="" # hold config's section name VERBOSE=0 # default mode is log to console, but easily changed with parameter MYPROG=$(basename $0) # my program call name @@ -63,6 +63,12 @@ IPV4_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" # IPv6 ( ( 0-9a-f 1-4char ":") min 1x) ( ( 0-9a-f 1-4char )optional) ( (":" 0-9a-f 1-4char ) min 1x) IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)" +# characters that are dangerous to pass to a shell command line +SHELL_ESCAPE="[\"\'\`\$\!();><{}?|\[\]\*\\\\]" + +# dns character set +DNS_CHARSET="[@a-zA-Z0-9._-]" + # detect if called by ddns-lucihelper.sh script, disable retrys (empty variable == false) LUCI_HELPER=$(printf %s "$MYPROG" | grep -i "luci") @@ -78,14 +84,10 @@ WGET=$(which wget) WGET_SSL=$(which wget-ssl) CURL=$(which curl) - +# CURL_SSL not empty then SSL support available +CURL_SSL=$($CURL -V 2>/dev/null | grep -F "https") # CURL_PROXY not empty then Proxy support available -if [ -f /tmp/vCURL_PROXY ]; then - CURL_PROXY=$(cat /tmp/vCURL_PROXY); -else - CURL_PROXY=$(find /lib /usr/lib -name libcurl.so* -exec strings {} 2>/dev/null \; | grep -im1 "all_proxy") - echo $CURL_PROXY>/tmp/vCURL_PROXY -fi +CURL_PROXY=$(find /lib /usr/lib -name libcurl.so* -exec strings {} 2>/dev/null \; | grep -im1 "all_proxy") UCLIENT_FETCH=$(which uclient-fetch) @@ -280,11 +282,11 @@ write_log() { [ $__LEVEL -eq 7 ] && return # no syslog for debug messages __CMD=$(echo -e "$__CMD" | tr -d '\n' | tr '\t' ' ') # remove \n \t chars [ $__EXIT -eq 1 ] && { - $__CMD # force syslog before exit + eval '$__CMD' # force syslog before exit exit 1 } [ $use_syslog -eq 0 ] && return - [ $((use_syslog + __LEVEL)) -le 7 ] && $__CMD + [ $((use_syslog + __LEVEL)) -le 7 ] && eval '$__CMD' return } @@ -299,32 +301,12 @@ write_log() { urlencode() { # $1 Name of Variable to store encoded string to # $2 string to encode - local __STR __LEN __CHAR __OUT - local __ENC="" - local __POS=1 + local __ENC [ $# -ne 2 ] && write_log 12 "Error calling 'urlencode()' - wrong number of parameters" - __STR="$2" # read string to encode - __LEN=${#__STR} # get string length - - while [ $__POS -le $__LEN ]; do - # read one chat of the string - __CHAR=$(expr substr "$__STR" $__POS 1) - - case "$__CHAR" in - [-_.~a-zA-Z0-9] ) - # standard char - __OUT="${__CHAR}" - ;; - * ) - # special char get %hex code - __OUT=$(printf '%%%02x' "'$__CHAR" ) - ;; - esac - __ENC="${__ENC}${__OUT}" # append to encoded string - __POS=$(( $__POS + 1 )) # increment position - done + __ENC="$(awk -v str="$2" 'BEGIN{ORS="";for(i=32;i<=127;i++)lookup[sprintf("%c",i)]=i + for(k=1;k<=length(str);++k){enc=substr(str,k,1);if(enc!~"[-_.~a-zA-Z0-9]")enc=sprintf("%%%02x", lookup[enc]);print enc}}')" eval "$1=\"$__ENC\"" # transfer back to variable return 0 @@ -337,16 +319,19 @@ urlencode() { # $2 Name of Variable to store script to # $3 Name of Variable to store service answer to get_service_data() { + local __FILE __SERVICE __DATA __ANSWER __URL __SCRIPT __PIPE + [ $# -ne 3 ] && write_log 12 "Error calling 'get_service_data()' - wrong number of parameters" __FILE="/etc/ddns/services" # IPv4 [ $use_ipv6 -ne 0 ] && __FILE="/etc/ddns/services_ipv6" # IPv6 # workaround with variables; pipe create subshell with no give back of variable content - mkfifo pipe_$$ + __PIPE="$ddns_rundir/pipe_$$" + mkfifo "$__PIPE" + # only grep without # or whitespace at linestart | remove " -# grep -v -E "(^#|^[[:space:]]*$)" $__FILE | sed -e s/\"//g > pipe_$$ & - sed '/^#/d; /^[ \t]*$/d; s/\"//g' $__FILE > pipe_$$ & + sed '/^#/d; /^[ \t]*$/d; s/\"//g' "$__FILE" > "$__PIPE" & while read __SERVICE __DATA __ANSWER; do if [ "$__SERVICE" = "$service_name" ]; then @@ -357,11 +342,11 @@ get_service_data() { eval "$1=\"$__URL\"" eval "$2=\"$__SCRIPT\"" eval "$3=\"$__ANSWER\"" - rm pipe_$$ + rm "$__PIPE" return 0 fi - done < pipe_$$ - rm pipe_$$ + done < "$__PIPE" + rm "$__PIPE" eval "$1=\"\"" # no service match clear variables eval "$2=\"\"" @@ -479,6 +464,27 @@ timeout() { return $status } +# sanitize a variable +# $1 variable name +# $2 allowed shell pattern +# $3 disallowed shell pattern +sanitize_variable() { + local __VAR=$1 + eval __VALUE=\$$__VAR + local __ALLOWED=$2 + local __REJECT=$3 + + # removing all allowed should give empty string + if [ -n "$__ALLOWED" ]; then + [ -z "${__VALUE//$__ALLOWED}" ] || write_log 12 "sanitize on $__VAR found characters outside allowed subset" + fi + + # removing rejected pattern should give the same string as the input + if [ -n "$__REJECT" ]; then + [ "$__VALUE" = "${__VALUE//$__REJECT}" ] || write_log 12 "sanitize on $__VAR found rejected characters" + fi +} + # verify given host and port is connectable # $1 Host/IP to verify # $2 Port to verify @@ -530,17 +536,17 @@ verify_host_port() { } # extract IP address if [ -n "$BIND_HOST" -o -n "$KNOT_HOST" ]; then # use BIND host or Knot host if installed - __IPV4=$(cat $DATFILE | awk -F "address " '/has address/ {print $2; exit}' ) - __IPV6=$(cat $DATFILE | awk -F "address " '/has IPv6/ {print $2; exit}' ) + __IPV4="$(awk -F "address " '/has address/ {print $2; exit}' "$DATFILE")" + __IPV6="$(awk -F "address " '/has IPv6/ {print $2; exit}' "$DATFILE")" elif [ -n "$DRILL" ]; then # use drill if installed - __IPV4=$(cat $DATFILE | awk '/^'"$lookup_host"'/ {print $5}' | grep -m 1 -o "$IPV4_REGEX") - __IPV6=$(cat $DATFILE | awk '/^'"$lookup_host"'/ {print $5}' | grep -m 1 -o "$IPV6_REGEX") + __IPV4="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV4_REGEX")" + __IPV6="$(awk '/^'"$__HOST"'/ {print $5}' "$DATFILE" | grep -m 1 -o "$IPV6_REGEX")" elif [ -n "$HOSTIP" ]; then # use hostip if installed - __IPV4=$(cat $DATFILE | grep -m 1 -o "$IPV4_REGEX") - __IPV6=$(cat $DATFILE | grep -m 1 -o "$IPV6_REGEX") + __IPV4="$(grep -m 1 -o "$IPV4_REGEX" "$DATFILE")" + __IPV6="$(grep -m 1 -o "$IPV6_REGEX" "$DATFILE")" else # use BusyBox nslookup - __IPV4=$(cat $DATFILE | sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV4_REGEX\).*$/\\1/p }") - __IPV6=$(cat $DATFILE | sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV6_REGEX\).*$/\\1/p }") + __IPV4="$(sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV4_REGEX\).*$/\\1/p }" "$DATFILE")" + __IPV6="$(sed -ne "/^Name:/,\$ { s/^Address[0-9 ]\{0,\}: \($IPV6_REGEX\).*$/\\1/p }" "$DATFILE")" fi } @@ -695,7 +701,7 @@ do_transfer() { # lets prefer GNU Wget because it does all for us - IPv4/IPv6/HTTPS/PROXY/force IP version if [ -n "$WGET_SSL" -a $USE_CURL -eq 0 ]; then # except global option use_curl is set to "1" - __PROG="$WGET_SSL -nv -t 1 -O $DATFILE -o $ERRFILE" # non_verbose no_retry outfile errfile + __PROG="$WGET_SSL --hsts-file=/tmp/.wget-hsts -nv -t 1 -O $DATFILE -o $ERRFILE" # non_verbose no_retry outfile errfile # force network/ip to use for communication if [ -n "$bind_network" ]; then local __BINDIP @@ -731,8 +737,6 @@ do_transfer() { # 2nd choice is cURL IPv4/IPv6/HTTPS # libcurl might be compiled without Proxy or HTTPS Support elif [ -n "$CURL" ]; then - # CURL_SSL not empty then SSL support available - CURL_SSL=$($(which curl) -V 2>/dev/null | grep "Protocols:" | grep -F "https") __PROG="$CURL -RsS -o $DATFILE --stderr $ERRFILE" # check HTTPS support [ -z "$CURL_SSL" -a $use_https -eq 1 ] && \ @@ -907,7 +911,7 @@ get_local_ip () { write_log 7 "Detect local IP on '$ip_source'" while : ; do - if [ -n "$ip_network" ]; then + if [ -n "$ip_network" -a "$ip_source" = "network" ]; then # set correct program network_flush_cache # force re-read data from ubus [ $use_ipv6 -eq 0 ] && __RUNPROG="network_get_ipaddr" \ @@ -915,7 +919,7 @@ get_local_ip () { eval "$__RUNPROG __DATA $ip_network" || \ write_log 13 "Can not detect local IP using $__RUNPROG '$ip_network' - Error: '$?'" [ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on network '$ip_network'" - elif [ -n "$ip_interface" ]; then + elif [ -n "$ip_interface" -a "$ip_source" = "interface" ]; then local __DATA4=""; local __DATA6="" if [ -n "$(which ip)" ]; then # ip program installed write_log 7 "#> ip -o addr show dev $ip_interface scope global >$DATFILE 2>$ERRFILE" @@ -994,7 +998,7 @@ get_local_ip () { fi [ $use_ipv6 -eq 0 ] && __DATA="$__DATA4" || __DATA="$__DATA6" [ -n "$__DATA" ] && write_log 7 "Local IP '$__DATA' detected on interface '$ip_interface'" - elif [ -n "$ip_script" ]; then + elif [ -n "$ip_script" -a "$ip_source" = "script" ]; then write_log 7 "#> $ip_script >$DATFILE 2>$ERRFILE" eval $ip_script >$DATFILE 2>$ERRFILE __ERR=$? @@ -1005,7 +1009,7 @@ get_local_ip () { write_log 3 "$ip_script Error: '$__ERR'" write_log 7 "$(cat $ERRFILE)" # report error fi - elif [ -n "$ip_url" ]; then + elif [ -n "$ip_url" -a "$ip_source" = "web" ]; then do_transfer "$ip_url" # use correct regular expression [ $use_ipv6 -eq 0 ] \ diff --git a/net/ddns-scripts/files/dynamic_dns_updater.sh b/net/ddns-scripts/files/dynamic_dns_updater.sh index b84e8292..2076c0d9 100755 --- a/net/ddns-scripts/files/dynamic_dns_updater.sh +++ b/net/ddns-scripts/files/dynamic_dns_updater.sh @@ -247,6 +247,15 @@ esac # without lookup host and possibly other required options we can do nothing for you [ -z "$lookup_host" ] && write_log 14 "Service section not configured correctly! Missing 'lookup_host'" +# verify validity of variables +[ -n "$lookup_host" ] && sanitize_variable lookup_host "$DNS_CHARSET" "" +[ -n "$dns_server" ] && sanitize_variable dns_server "$DNS_CHARSET" "" +[ -n "$domain" ] && sanitize_variable domain "$DNS_CHARSET" "" + +# Filter shell escape characters, if these are required in the URL, they +# can still be passed url encoded +[ -n "$param_opt" ] && sanitize_variable param_opt "" "$SHELL_ESCAPE" + [ -n "$update_url" ] && { # only check if update_url is given, update_scripts have to check themselves [ -z "$domain" ] && $(echo "$update_url" | grep "\[DOMAIN\]" >/dev/null 2>&1) && \ diff --git a/net/ddns-scripts/files/services b/net/ddns-scripts/files/services index 472bb7c2..8f2610c3 100644 --- a/net/ddns-scripts/files/services +++ b/net/ddns-scripts/files/services @@ -43,10 +43,10 @@ "able.or.kr" "http://able.or.kr/ddns/src/update.php?hostname=[DOMAIN]&myip=[IP]&ddnsuser=[USERNAME]&pwd=[PASSWORD]" -"afraid.org-basicauth" "http://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]" -"afraid.org-keyauth" "http://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]" -"afraid.org-v2-basic" "http://[USERNAME]:[PASSWORD]@sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]" -"afraid.org-v2-token" "http://sync.afraid.org/u/[PASSWORD]/?address=[IP]" +"afraid.org-basicauth" "https://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]" +"afraid.org-keyauth" "https://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]" +"afraid.org-v2-basic" "https://[USERNAME]:[PASSWORD]@sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]" +"afraid.org-v2-token" "https://sync.afraid.org/u/[PASSWORD]/?address=[IP]" "all-inkl.com" "http://[USERNAME]:[PASSWORD]@dyndns.kasserver.com/?myip=[IP]" @@ -57,11 +57,11 @@ "ddns.com.br" "http://[DOMAIN]:[PASSWORD]@members.ddns.com.br/nic/update?hostname=[DOMAIN]&myip=[IP]" # "ddnss.de" "http://[USERNAME]:[PASSWORD]@ip4.ddnss.de/upd.php?host=[DOMAIN]&ip=[IP]" "good|nochg" -"ddnss.de" "http://ip4.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip=[IP]" "good|nochg" +"ddnss.de" "http://ip4.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip=[IP]" "Updated|No change" "ddo.jp" "http://free.ddo.jp/dnsupdate.php?dn=[DOMAIN]&pw=[PASSWORD]&ip=[IP]" -"desec.io" "http://update.dedyn.io/?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv4=[IP]" "good|nochg" +"desec.io" "http://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv4=[IP]" "good|nochg" "dhis.org" "http://[USERNAME]:[PASSWORD]@is.dhis.org/" @@ -95,8 +95,8 @@ "dyndns.it" "http://[USERNAME]:[PASSWORD]@update.dyndns.it/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]" "good|nochg" -"dyn.com" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" -"dyndns.org" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"dyn.com" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"dyndns.org" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" "dyndnss.net" "http://www.dyndnss.net/?user=[USERNAME]&pass=[PASSWORD]&domain=[DOMAIN]&updater=other" @@ -114,10 +114,12 @@ "goip.de" "http://www.goip.de/setip?username=[USERNAME]&password=[PASSWORD]&subdomain=[DOMAIN]&ip=[IP]" -"google.com" "http://[USERNAME]:[PASSWORD]@domains.google.com/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"google.com" "https://[USERNAME]:[PASSWORD]@domains.google.com/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" "he.net" "http://[DOMAIN]:[PASSWORD]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"inwx.de" "http://[USERNAME]:[PASSWORD]@dyndns.inwx.com/nic/update?myip=[IP]" "good|nochg" + "joker.com" "http://svc.joker.com/nic/update?username=[USERNAME]&password=[PASSWORD]&myip=[IP]&hostname=[DOMAIN]" "good|nochg" "loopia.se" "http://[USERNAME]:[PASSWORD]@dns.loopia.se/XDynDNSServer/XDynDNS.php?system=custom&hostname=[DOMAIN]&myip=[IP]" "good|nochg" diff --git a/net/ddns-scripts/files/services_ipv6 b/net/ddns-scripts/files/services_ipv6 index 8a2028ba..6a23aa90 100644 --- a/net/ddns-scripts/files/services_ipv6 +++ b/net/ddns-scripts/files/services_ipv6 @@ -38,10 +38,10 @@ #.no-ip.com / noip.com !!! Please install additional package "ddns-scripts_no-ip_com" #.route53-v1 !!! Please install additional package "ddns-scripts_route53-v1" -"afraid.org-basicauth" "http://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]" -"afraid.org-keyauth" "http://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]" -"afraid.org-v2-basic" "http://[USERNAME]:[PASSWORD]@v6.sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]" -"afraid.org-v2-token" "http://v6.sync.afraid.org/u/[PASSWORD]/?address=[IP]" +"afraid.org-basicauth" "https://[USERNAME]:[PASSWORD]@freedns.afraid.org/nic/update?hostname=[DOMAIN]&myip=[IP]" +"afraid.org-keyauth" "https://freedns.afraid.org/dynamic/update.php?[PASSWORD]&address=[IP]" +"afraid.org-v2-basic" "https://[USERNAME]:[PASSWORD]@v6.sync.afraid.org/u/?h=[DOMAIN]&ip=[IP]" +"afraid.org-v2-token" "https://v6.sync.afraid.org/u/[PASSWORD]/?address=[IP]" "all-inkl.com" "http://[USERNAME]:[PASSWORD]@dyndns.kasserver.com/?myip=[IP]" @@ -50,7 +50,7 @@ # "ddnss.de" "http://[USERNAME]:[PASSWORD]@ip6.ddnss.de/upd.php?host=[DOMAIN]&ip6=[IP]" "good|nochg" "ddnss.de" "http://ip6.ddnss.de/upd.php?user=[USERNAME]&pwd=[PASSWORD]&host=[DOMAIN]&ip6=[IP]" "good|nochg" -"desec.io" "http://update.dedyn.io/?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv6=[IP]" "good|nochg" +"desec.io" "http://update.dedyn.io/update?username=[USERNAME]&password=[PASSWORD]&hostname=[DOMAIN]&myipv6=[IP]" "good|nochg" "dhis.org" "http://[USERNAME]:[PASSWORD]@is.dhis.org/" @@ -62,8 +62,8 @@ "duiadns.net" "http://ip.duiadns.net/dynamic.duia?host=[DOMAIN]&password=[PASSWORD]&ip6=[IP]" -"dyn.com" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" -"dyndns.org" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"dyn.com" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"dyndns.org" "http://[USERNAME]:[PASSWORD]@members.dyndns.org/v3/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" "dynu.com" "http://api.dynu.com/nic/update?hostname=[DOMAIN]&myipv6=[IP]&username=[USERNAME]&password=[PASSWORD]" @@ -75,6 +75,8 @@ "he.net" "http://[DOMAIN]:[PASSWORD]@dyn.dns.he.net/nic/update?hostname=[DOMAIN]&myip=[IP]" "good|nochg" +"inwx.de" "http://[USERNAME]:[PASSWORD]@dyndns.inwx.com/nic/update?myipv6=[IP]" "good|nochg" + "loopia.se" "http://[USERNAME]:[PASSWORD]@dns.loopia.se/XDynDNSServer/XDynDNS.php?system=custom&hostname=[DOMAIN]&myip=[IP]" "good|nochg" "mydns.jp" "http://www.mydns.jp/directip.html?MID=[USERNAME]&PWD=[PASSWORD]&IPV6ADDR=[IP]" diff --git a/net/ddns-scripts/files/update_cloudflare_com_v4.sh b/net/ddns-scripts/files/update_cloudflare_com_v4.sh index f78bce0b..dbf6f592 100755 --- a/net/ddns-scripts/files/update_cloudflare_com_v4.sh +++ b/net/ddns-scripts/files/update_cloudflare_com_v4.sh @@ -29,6 +29,7 @@ # used variables local __HOST __DOMAIN __TYPE __URLBASE __PRGBASE __RUNPROG __DATA __IPV6 __ZONEID __RECID __PROXIED local __URLBASE="https://api.cloudflare.com/client/v4" +local __TTL=120 # split __HOST __DOMAIN from $domain # given data: @@ -127,7 +128,6 @@ fi __PRGBASE="$__PRGBASE --header 'X-Auth-Email: $username' " __PRGBASE="$__PRGBASE --header 'X-Auth-Key: $password' " __PRGBASE="$__PRGBASE --header 'Content-Type: application/json' " -# __PRGBASE="$__PRGBASE --header 'Accept: application/json' " # read zone id for registered domain.TLD __RUNPROG="$__PRGBASE --request GET '$__URLBASE/zones?name=$__DOMAIN'" @@ -182,7 +182,7 @@ __PROXIED=$(grep -o '"proxied":[^",]*' $DATFILE | grep -o '[^:]*$') # use file to work around " needed for json cat > $DATFILE << EOF -{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","proxied":$__PROXIED} +{"id":"$__ZONEID","type":"$__TYPE","name":"$__HOST","content":"$__IP","ttl":$__TTL,"proxied":$__PROXIED} EOF # let's complete transfer command diff --git a/net/ddns-scripts/files/update_cnkuai_cn.sh b/net/ddns-scripts/files/update_cnkuai_cn.sh new file mode 100755 index 00000000..a2b78630 --- /dev/null +++ b/net/ddns-scripts/files/update_cnkuai_cn.sh @@ -0,0 +1,86 @@ +# inside url we need domain, username and password +[ -z "$domain" ] && write_log 14 "Service section not configured correctly! Missing 'domain'" +[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing 'username'" +[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing 'password'" + +local urlCp='http://cp.cnkuai.cn/' +local urlLogin='http://cp.cnkuai.cn/userlogin.asp' +local urlCaptcha='http://cp.cnkuai.cn/inc/image.asp' +local urlDnsA='http://cp.cnkuai.cn/dns_a.asp' +local urlDnsAAAA='http://cp.cnkuai.cn/dns_ipv6.asp' +local urlDnsSave='http://cp.cnkuai.cn/dns_save.asp' + +getPixel(){ + local filename=$1 + local x=$(($2*3)) + local y=$(($3*3)) + local width=48 + + hexdump -s "$((x+width*y))" -n 3 -e '3/1 "%02X"' "$filename" +} + +captchaChar(){ + local filename=$1 + local xoffset=$2 + + if [ "$(getPixel "$filename" $((xoffset+2)) 5)" = '000000' ]; then + echo '1' + elif [ "$(getPixel "$filename" $((xoffset+5)) 7)" = '000000' ]; then + echo '2' + elif [ "$(getPixel "$filename" $((xoffset+4)) 3)" = '000000' ]; then + echo '4' + elif [ "$(getPixel "$filename" $((xoffset+6)) 4)" = '000000' ]; then + echo '7' + elif [ "$(getPixel "$filename" $((xoffset+5)) 8)" = '000000' ]; then + echo '8' + elif [ "$(getPixel "$filename" $((xoffset+6)) 8)" = '000000' ]; then + echo '9' + elif [ "$(getPixel "$filename" $((xoffset+5)) 6)" = '000000' ]; then + echo '3' + elif [ "$(getPixel "$filename" $((xoffset+0)) 4)" = '000000' ]; then + echo '5' + elif [ "$(getPixel "$filename" $((xoffset+1)) 5)" = '000000' ]; then + echo '6' + else + echo '0' + fi +} + +captcha(){ + local str + str=$(captchaChar "$1" 9) + str=$str$(captchaChar "$1" 18) + str=$str$(captchaChar "$1" 26) + str=$str$(captchaChar "$1" 35) + echo "$str" +} + +#clean +rm /tmp/cnkuai.* +#login to cnkuai dns cp +curl -c '/tmp/cnkuai.cookiejar' "$urlCaptcha" | gif2rgb > /tmp/cnkuai.rgb || return 1 +yzm=$(captcha "/tmp/cnkuai.rgb") +curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' -H "Content-Type: application/x-www-form-urlencoded" -H "Referer: $urlCp" -d "userid=$URL_USER&password=$URL_PASS&yzm=$yzm&B1=%C8%B7%C8%CF%B5%C7%C2%BD&lx=0&userlx=3" -X POST "$urlLogin" > /dev/null || return 1 + +if [ "$use_ipv6" -eq 0 ]; then + curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' "$urlDnsA" > /tmp/cnkuai.html || return 1 +else + curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' "$urlDnsAAAA" > /tmp/cnkuai.html || return 1 +fi +local domainline +domainline=$(awk "/$domain<\/td>/{ print NR; exit }" /tmp/cnkuai.html) +local domainid +domainid=$(awk "NR==$((domainline+3))" /tmp/cnkuai.html | sed 's/^.*name=\x27domainid\x27 value="//g' | sed 's/".*$//g') +local dnslistid +dnslistid=$(awk "NR==$((domainline+3))" /tmp/cnkuai.html | sed 's/^.*name=\x27dnslistid\x27 value="//g' | sed 's/".*$//g') + +local data + +if [ "$use_ipv6" -eq 0 ]; then + data="T2=$__IP&T3=120&act=dns_a_edit&domainid=$domainid&dnslistid=$dnslistid&B1=%D0%DE%B8%C4" +else + data="T2=$__IP&T3=120&act=dns_ipv6_edit&domainid=$domainid&dnslistid=$dnslistid&B1=%D0%DE%B8%C4" +fi +curl -b '/tmp/cnkuai.cookiejar' -c '/tmp/cnkuai.cookiejar' -H "Content-Type: application/x-www-form-urlencoded" -H "Referer: $urlDnsA" -d "$data" -X POST "$urlDnsSave" > /dev/null || return 1 + +return 0 diff --git a/net/ddns-scripts/files/update_route53_v1.sh b/net/ddns-scripts/files/update_route53_v1.sh index 6b9b029e..6d752ba9 100644 --- a/net/ddns-scripts/files/update_route53_v1.sh +++ b/net/ddns-scripts/files/update_route53_v1.sh @@ -1,46 +1,44 @@ #!/bin/sh -#.Distributed under the terms of the GNU General Public License (GPL) version 2.0 -#.based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh -#.2017 Max Berger -[ -z "$CURL_SSL" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install" -[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'" -[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'" -[ -z "$domain" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'" +# Distributed under the terms of the GNU General Public License (GPL) version 2.0 +# based on Yuval Adam's route53.sh found at https://github.com/yuvadm/route53-ddns/blob/master/route53.sh +# 2017 Max Berger -set -euo pipefail -IFS=$'\n\t' +[ -z "${CURL_SSL}" ] && write_log 14 "Amazon AWS Route53 communication require cURL with SSL support. Please install" +[ -z "{$username}" ] && write_log 14 "Service section not configured correctly! Missing key as 'username'" +[ -z "${password}" ] && write_log 14 "Service section not configured correctly! Missing secret as 'password'" +[ -z "${domain}" ] && write_log 14 "Service section not configured correctly! Missing zone id as 'domain'" ENDPOINT="route53.amazonaws.com" RECORD_TTL=300 -RECORD_NAME="$lookup_host". -[ $use_ipv6 -eq 0 ] && RECORD_TYPE="A" -[ $use_ipv6 -eq 1 ] && RECORD_TYPE="AAAA" -RECORD_VALUE="$LOCAL_IP" -HOSTED_ZONE_ID="$domain" +RECORD_NAME="${lookup_host}." +[ ${use_ipv6} -eq 0 ] && RECORD_TYPE="A" +[ ${use_ipv6} -eq 1 ] && RECORD_TYPE="AAAA" +RECORD_VALUE="${LOCAL_IP}" +HOSTED_ZONE_ID="${domain}" API_PATH="/2013-04-01/hostedzone/${HOSTED_ZONE_ID}/rrset/" -AWS_ACCESS_KEY_ID="$username" -AWS_SECRET_ACCESS_KEY="$password" +AWS_ACCESS_KEY_ID="${username}" +AWS_SECRET_ACCESS_KEY="${password}" AWS_REGION='us-east-1' AWS_SERVICE='route53' hash() { - msg=$1 - echo -en "$msg" | openssl dgst -sha256 | sed 's/^.* //' + msg="$1" + echo -en "${msg}" | openssl dgst -sha256 | sed 's/^.* //' } sign_plain() { # Sign message using a plaintext key - key=$1 - msg=$2 - echo -en "$msg" | openssl dgst -hex -sha256 -hmac "$key" | sed 's/^.* //' + key="$1" + msg="$2" + echo -en "${msg}" | openssl dgst -hex -sha256 -hmac "${key}" | sed 's/^.* //' } sign() { # Sign message using a hex formatted key - key=$1 - msg=$2 - echo -en "$msg" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //' + key="$1" + msg="$2" + echo -en "${msg}" | openssl dgst -hex -sha256 -mac HMAC -macopt "hexkey:${key}" | sed 's/^.* //' } request_body=" \ @@ -64,34 +62,34 @@ request_body=" \ \ " -fulldate=$(date --utc +%Y%m%dT%H%M%SZ) -shortdate=$(date --utc +%Y%m%d) +fulldate="$(date --utc +%Y%m%dT%H%M%SZ)" +shortdate="$(date --utc +%Y%m%d)" signed_headers="host;x-amz-date" -request_hash=$(hash "$request_body") +request_hash="$(hash "${request_body}")" canonical_request="POST\n${API_PATH}\n\nhost:route53.amazonaws.com\nx-amz-date:${fulldate}\n\n${signed_headers}\n${request_hash}" -date_key=$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}") -region_key=$(sign "$date_key" $AWS_REGION) -service_key=$(sign "$region_key" $AWS_SERVICE) -signing_key=$(sign "$service_key" aws4_request) +date_key="$(sign_plain "AWS4${AWS_SECRET_ACCESS_KEY}" "${shortdate}")" +region_key="$(sign "${date_key}" ${AWS_REGION})" +service_key="$(sign "${region_key}" ${AWS_SERVICE})" +signing_key="$(sign "${service_key}" aws4_request)" credential="${shortdate}/${AWS_REGION}/${AWS_SERVICE}/aws4_request" -sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "$canonical_request")" +sigmsg="AWS4-HMAC-SHA256\n${fulldate}\n${credential}\n$(hash "${canonical_request}")" -signature=$(sign "$signing_key" "$sigmsg") +signature="$(sign "${signing_key}" "${sigmsg}")" authorization="AWS4-HMAC-SHA256 Credential=${AWS_ACCESS_KEY_ID}/${credential}, SignedHeaders=${signed_headers}, Signature=${signature}" -ANSWER=$(curl \ +ANSWER="$(flock /tmp/$(basename -s .sh "$0").lock curl \ -X "POST" \ -H "Host: route53.amazonaws.com" \ -H "X-Amz-Date: ${fulldate}" \ -H "Authorization: ${authorization}" \ -H "Content-Type: text/xml" \ -d "$request_body" \ - "https://${ENDPOINT}${API_PATH}") + "https://${ENDPOINT}${API_PATH}")" write_log 7 "${ANSWER}" -echo ${ANSWER} | grep Error >/dev/null && return 1 -echo ${ANSWER} | grep ChangeInfo >/dev/null && return 0 +echo "${ANSWER}" | grep -F "Error" >/dev/null && return 1 +echo "${ANSWER}" | grep -F "ChangeInfo" >/dev/null && return 0 return 2 diff --git a/net/ddns-scripts/samples/slaac_sample.sh b/net/ddns-scripts/samples/slaac_sample.sh new file mode 100755 index 00000000..ea8f24d8 --- /dev/null +++ b/net/ddns-scripts/samples/slaac_sample.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# +# script to determine and return SLAAC ipv6 address using prefix from a locally configured interface and the MAC address of the device +# (c) 2018 Keve Mueller +# +# activated inside /etc/config/ddns by setting +# +# option ip_source 'script' +# option ip_script '/usr/lib/ddns/slaac_sample.sh br-lan AA:BB:CC:DD:EE:FF' +# +# the script is executed (not parsed) inside get_local_ip() function +# of /usr/lib/ddns/dynamic_dns_functions.sh +# +# useful when this box is the only DDNS client in the network and other clients use SLAAC +# so no need to install ddns client on every "internal" box +# +# NB: this will not catch the actual IPV6 used by the host when it is configured to use temporary addresses + +#NB: we need a valid MAC address that is fully expanded with leading zeroes on all positions +format_eui_64() { + local macaddr="$1" + echo ${macaddr:0:1}$(echo ${macaddr:1:1}|tr 0123456789abcdefABCDEF 23016745ab89efcd89efcd)${macaddr:3:2}:${macaddr:6:2}ff:fe${macaddr:9:2}:${macaddr:12:2}${macaddr:15:2} +} + +# expand :: in an ipv6 address specification to the appropriate series of 0: +# result will have 8 ipv6 fragments separated by single colon +# NB: input must be a valid IPv6 address, e.g. ::1 +# NB: numbers are not prepended with leading zeroes +expand_ipv6_colons() { + local ipv6=$1 +# we need :: to be in the middle, so prepend a 0 if the input starts with : and append 0 if it ends with it + if [ "${ipv6:0:1}" = ":" ]; then ipv6=0${ipv6}; fi + if [ "${ipv6: -1:1}" = ":" ]; then ipv6=${ipv6}0; fi +# retain only the real colons + local colons=${ipv6//::|[0123456789abcdefABCDEF]/} +# count them + local num_colons=${#colons} + local filler=":0:0:0:0:0:0:" +# replace the :: with the appropriate substring from filler + local ipv6_x=${ipv6/::/${filler:0:(7-$num_colons)*2-1}} + echo $ipv6_x +} + +# obtain the first ipv6 address of the device passed in $1 +addr_net=$(ip -6 -o addr show dev $1 scope global up | cut -d" " -f 7 | head -1) +#addr_net=$1 +addr=${addr_net%/*} +# TODO: we assume /64 subnet +# get the first 64 bits of the address +prefix=$(expand_ipv6_colons $addr | cut -d: -f -4) +# compute the SLAAC 64 bits from the MAC +suffix=$(format_eui_64 "$2") + +echo -n $prefix:$suffix +exit 0 + +#echo "Should never come here" >&2 +#exit 2 +