From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: DDNS: add new Provider key-sytems.net (domaindiscount24)
Date: Thu, 28 Nov 2019 15:17:37 +0000 [thread overview]
Message-ID: <AB945197-D6DF-4C4A-AE1E-7A1DB1F705E4@ipfire.org> (raw)
In-Reply-To: <97e435c3-36ba-0468-34a4-68081f4c4520@gmx.at>
[-- Attachment #1: Type: text/plain, Size: 10902 bytes --]
Hi,
> On 28 Nov 2019, at 14:58, Christof Weniger <ChristofWeniger(a)gmx.at> wrote:
>
> Hi,
>
> OK I removed the mx entry (I was not aware, that there can be a FQDN instead of an IP)
>
> I did some more tests and it seems the server always responds with HTTP 200
That is horrible :)
> In error cases (wrong Password, wrong url) I got the following responses:
> • wrong url:
> Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed
>
> • wrong password:
> Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed; invalid password
>
> • after too many tries:
> Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed; abuse prevention triggered; please wait 1763 seconds to resubmit
>
>
>
> the new patch:
> diff --git a/README b/README
> index c75c448..b6decb3 100644
> --- a/README
> +++ b/README
> @@ -72,6 +72,7 @@ SUPPORTED PROVIDERS:
> inwx.com|de|at|ch|es
> itsdns.de
> joker.com
> + key-systems.net
> loopia.se
> myonlineportal.net
> namecheap.com
> diff --git a/src/ddns/providers.py b/src/ddns/providers.py
> index 661fbcc..f70f49a 100644
> --- a/src/ddns/providers.py
> +++ b/src/ddns/providers.py
> @@ -1204,6 +1204,52 @@ class DDNSProviderJoker(DDNSProtocolDynDNS2, DDNSProvider):
> url =
> "https://svc.joker.com/nic/update"
>
>
>
> +class DDNSProviderKEYSYSTEMS(DDNSProvider):
> + handle = "key-systems.net"
> + name = "dynamicdns.key-systems.net"
> + website =
> "https://domaindiscount24.com/"
>
> + protocols = ("ipv4",)
> +
> + # There are only information provided by the domaindiscount24 how to
> + # perform an update with HTTP APIs
> + #
> https://www.domaindiscount24.com/faq/dynamic-dns
>
> + # examples:
> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=auto
>
> + #
> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=213.x.x.x&mx=213.x.x.x
>
> +
> + url =
> "https://dynamicdns.key-systems.net/update.php"
>
> + can_remove_records = False
> +
> + def update_protocol(self, proto):
> + address = self.get_address(proto)
> + data = {
> + "hostname" : self.hostname,
> + "password" : self.password,
> + "ip" : address,
> + }
> +
> + # Send update to the server.
> + response = self.send_request(self.url, data=data)
> +
> + # Get the full response message.
> + output = response.read()
> +
> + # Handle success messages.
> + if "code = 200" in output:
> + return
> +
> + # Handle error messages.
> + if "abuse prevention triggered" in output:
> + raise DDNSRequestError(_("Too many failed requests"))
We have DDNSAbuseError which should be raised here. There is no need for any extra messages here.
> + if "invalid password" in output:
> + raise DDNSAuthenticationError
This could be an elif as well.
> + elif "Authorization failed" in output:
> + raise DDNSRequestError(_("Invalid hostname specified"))
Also it is very great that they are telling an attacker what they have guessed correctly.
> + # If we got here, some other update error happened.
> + raise DDNSUpdateError
So this was an inline patch now. Good. It is very nice to be able to comment on individual sections and lines.
However, there should be more meta information (like who sent the patch and a commit message).
Did you ever use git send-email?
https://wiki.ipfire.org/devel/submit-patches
https://wiki.ipfire.org/devel/git/setup
Best,
-Michael
> +
> +
> +
> class DDNSProviderGoogle(DDNSProtocolDynDNS2, DDNSProvider):
> handle = "domains.google.com"
> name = "Google Domains"
>
> best
> Christof
>
> On 28/11/2019 14:35, Michael Tremer wrote:
>> Hi,
>>
>> Thanks for testing this. Looks like I was very wrong here.
>>
>>
>>> On 28 Nov 2019, at 13:03, Christof Weniger <ChristofWeniger(a)gmx.at>
>>> wrote:
>>>
>>> Hello Michael,
>>>
>>> after change to DynDNS class I got the following "DDNSUpdateError"
>>> Nov 28 13:42:17 minusrouter ddns[23192]: Dynamic DNS update for ovpn.XXXXX.YYY (dynamicdns.key-systems.net) failed:
>>> Nov 28 13:42:17 minusrouter ddns[23192]: DDNSUpdateError: The update could not be performed
>>> Nov 28 13:42:17 minusrouter ddns[23192]: Server response: [RESPONSE] code = 200 description = Command completed successfully queuetime = 0 runtime = 0.058 EOF
>>>
>>> The DynDNS2 code (generating the ERROR):
>>> class DDNSProviderKEYSYSTEMS(DDNSProtocolDynDNS2, DDNSProvider):
>>> handle = "dynamicdns.key-systems.net"
>>> name = "dynamicdns.key-systems.net"
>>> website =
>>>
>>> "https://domaindiscount24.com/"
>>>
>>>
>>> #protocols = ("ipv4",)
>>>
>>> # There are only information provided by the domaindiscount24 how to
>>> # perform an update with HTTP APIs
>>> #
>>>
>>> https://www.domaindiscount24.com/faq/dynamic-dns
>>>
>>>
>>> # examples:
>>>
>>> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=auto
>>>
>>>
>>> #
>>>
>>> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=213.x.x.x&mx=213.x.x.x
>>>
>>>
>>>
>>> url =
>>>
>>> "https://dynamicdns.key-systems.net/update.php"
>>>
>>>
>>>
>>> def prepare_request_data(self, proto):
>>> address = self.get_address(proto)
>>> data = {
>>> "hostname" : self.hostname,
>>> "password" : self.password,
>>> "ip" : address,
>>> "mx" : address,
>>>
>> I wouldn’t set the MX record here. First of all it should not contain an IP address and so it can be statically configured. I consider this being outside of the scope of ddns.
>>
>>
>>> }
>>>
>>> return data
>>>
>>>
>>> The server response to a simple wget request was:
>>> [RESPONSE]
>>> code = 200
>>> description = Command completed successfully
>>> queuetime = 0
>>> runtime = 0.053
>>> EOF
>>>
>>>
>>> The working code:
>>>
>>> class DDNSProviderKEYSYSTEMS(DDNSProvider):
>>> handle = "dynamicdns.key-systems.net"
>>> name = "dynamicdns.key-systems.net"
>>> website =
>>>
>>> "https://domaindiscount24.com/"
>>>
>>>
>>> protocols = ("ipv4",)
>>>
>>> # There are only information provided by the domaindiscount24 how to
>>> # perform an update with HTTP APIs
>>> #
>>>
>>> https://www.domaindiscount24.com/faq/dynamic-dns
>>>
>>>
>>> # examples:
>>>
>>> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=auto
>>>
>>>
>>> #
>>>
>>> https://dynamicdns.key-systems.net/update.php?hostname=hostname&password=password&ip=213.x.x.x&mx=213.x.x.x
>>>
>>>
>>>
>>> url =
>>>
>>> "https://dynamicdns.key-systems.net/update.php"
>>>
>>>
>>> can_remove_records = False
>>>
>>> #def prepare_request_data(self, proto):
>>> def update_protocol(self, proto):
>>> address = self.get_address(proto)
>>> data = {
>>> "hostname" : self.hostname,
>>> "password" : self.password,
>>> "ip" : address,
>>> "mx" : address,
>>>
>> See above.
>>
>>
>>> }
>>>
>>> # Send update to the server.
>>> response = self.send_request(self.url, data=data)
>>>
>>> # Handle success messages.
>>> if response.code == 200:
>>> return
>>>
>> This is just very vage.
>>
>>
>>> # If we got here, some other update error happened.
>>> raise DDNSUpdateError
>>>
>> There must be other responses - one might hope.
>>
>> Did you check sending an incorrect password and do you get 401 or 403 at least?
>>
>>
>>> #return data
>>>
>>>
>>>
>>>> Unfortunately this provider has no list of any possible responses - or maybe I have overlooked it. That can however be tested to check if those are still compatible with DynDNS.
>>>>
>>> I couldn't find any more pointers on the providers page either, and for that testing I would have to dig in too deep (into the code and the protocols) for me to handle at the moment. (maybe next week/month).
>>>
>> Yes, so great to not have any documentation…
>>
>> -Michael
>>
>>
>>>
>>> best
>>> Christof
>>>
>>> On 28/11/2019 12:20, Michael Tremer wrote:
>>>
>>>> Hello Christof,
>>>>
>>>>
>>>>
>>>>> On 28 Nov 2019, at 10:45, Christof Weniger <ChristofWeniger(a)gmx.at>
>>>>>
>>>>> wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> I hope this is the correct way to submit this patch.
>>>>>
>>>>>
>>>> Yes, you found the right place.
>>>>
>>>> It would have been better to post the patch inline (and not as an attachment), so that I could have commented on it.
>>>>
>>>>
>>>>
>>>>> https://www.domaindiscount24.com/
>>>>>
>>>>> has its own ddns service runnning,
>>>>> which (for me) gets rid of the necessity of having to use an extra
>>>>> service for that.
>>>>>
>>>>> I tested the following patch on my system at home, and attached it to
>>>>> this mail.
>>>>>
>>>>> I started my quest at the community forum:
>>>>>
>>>>>
>>>>> https://community.ipfire.org/t/adding-new-ddns-provider/428/2
>>>>>
>>>>>
>>>>>
>>>>> Christof
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <add_key_systems_ddns.patch>
>>>>>
>>>>>
>>>> I will make an exception here now and still give you my thoughts :)
>>>>
>>>> It looks like this is very close to the DynDNS protocol, so you can re-use that as some other providers do.
>>>>
>>>> Unfortunately this provider has no list of any possible responses - or maybe I have overlooked it. That can however be tested to check if those are still compatible with DynDNS.
>>>>
>>>> Finally, you are setting the IP addresses to “auto” which probably is not a good idea. I would prefer that it is explicitly being set. There is a function for it that finds out which one is the correct IP address.
>>>>
>>>> In the end I think this provider could look like “myonlineportal”:
>>>>
>>>> https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/providers.py;h=661fbcc57a5aecba0d958ec05c26296b3cef0d70;hb=HEAD#l1274
>>>>
>>>>
>>>>
>>>> Best,
>>>> -Michael
>>>>
>>>>
>
> <add_key_systems_ddns.patch>
next parent reply other threads:[~2019-11-28 15:17 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <97e435c3-36ba-0468-34a4-68081f4c4520@gmx.at>
2019-11-28 15:17 ` Michael Tremer [this message]
2020-01-07 16:35 ` [PATCH] add ddns Provider key-systems.net Christof Weniger
2020-01-07 20:47 ` Michael Tremer
2020-01-23 10:54 ` Stefan Schantl
[not found] <23d7d16f-1098-13d0-152a-651c4ff6d50a@gmx.at>
2019-11-28 13:35 ` DDNS: add new Provider key-sytems.net (domaindiscount24) Michael Tremer
2019-11-28 10:45 Christof Weniger
2019-11-28 11:20 ` Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AB945197-D6DF-4C4A-AE1E-7A1DB1F705E4@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox