Hi,
On 28 Nov 2019, at 14:58, Christof Weniger ChristofWeniger@gmx.at wrote:
Hi,
OK I removed the mx entry (I was not aware, that there can be a FQDN instead of an IP)
I did some more tests and it seems the server always responds with HTTP 200
That is horrible :)
In error cases (wrong Password, wrong url) I got the following responses: • wrong url: Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed
• wrong password: Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed; invalid password
• after too many tries: Error: Permanent error in command 'UpdateDynamicDNS': Authorization failed; abuse prevention triggered; please wait 1763 seconds to resubmit
the new patch: diff --git a/README b/README index c75c448..b6decb3 100644 --- a/README +++ b/README @@ -72,6 +72,7 @@ SUPPORTED PROVIDERS: inwx.com|de|at|ch|es itsdns.de joker.com
- key-systems.net loopia.se myonlineportal.net namecheap.com
diff --git a/src/ddns/providers.py b/src/ddns/providers.py index 661fbcc..f70f49a 100644 --- a/src/ddns/providers.py +++ b/src/ddns/providers.py @@ -1204,6 +1204,52 @@ class DDNSProviderJoker(DDNSProtocolDynDNS2, DDNSProvider): url = "https://svc.joker.com/nic/update"
+class DDNSProviderKEYSYSTEMS(DDNSProvider):
- handle = "key-systems.net"
- name = "dynamicdns.key-systems.net"
- website =
"https://domaindiscount24.com/"
- protocols = ("ipv4",)
- # There are only information provided by the domaindiscount24 how to
- # perform an update with HTTP APIs
- #
https://www.domaindiscount24.com/faq/dynamic-dns
- # examples:
https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
- #
https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
- url =
"https://dynamicdns.key-systems.net/update.php"
- can_remove_records = False
- def update_protocol(self, proto):
address = self.get_address(proto)data = {"hostname" : self.hostname,"password" : self.password,"ip" : address,}# Send update to the server.response = self.send_request(self.url, data=data)# Get the full response message.output = response.read()# Handle success messages.if "code = 200" in output:return# Handle error messages.if "abuse prevention triggered" in output:raise DDNSRequestError(_("Too many failed requests"))
We have DDNSAbuseError which should be raised here. There is no need for any extra messages here.
if "invalid password" in output:raise DDNSAuthenticationError
This could be an elif as well.
elif "Authorization failed" in output:raise DDNSRequestError(_("Invalid hostname specified"))
Also it is very great that they are telling an attacker what they have guessed correctly.
# If we got here, some other update error happened.raise DDNSUpdateError
So this was an inline patch now. Good. It is very nice to be able to comment on individual sections and lines.
However, there should be more meta information (like who sent the patch and a commit message).
Did you ever use git send-email?
https://wiki.ipfire.org/devel/submit-patches https://wiki.ipfire.org/devel/git/setup
Best, -Michael
class DDNSProviderGoogle(DDNSProtocolDynDNS2, DDNSProvider): handle = "domains.google.com" name = "Google Domains"
best Christof
On 28/11/2019 14:35, Michael Tremer wrote:
Hi,
Thanks for testing this. Looks like I was very wrong here.
On 28 Nov 2019, at 13:03, Christof Weniger ChristofWeniger@gmx.at wrote:
Hello Michael,
after change to DynDNS class I got the following "DDNSUpdateError" Nov 28 13:42:17 minusrouter ddns[23192]: Dynamic DNS update for ovpn.XXXXX.YYY (dynamicdns.key-systems.net) failed: Nov 28 13:42:17 minusrouter ddns[23192]: DDNSUpdateError: The update could not be performed Nov 28 13:42:17 minusrouter ddns[23192]: Server response: [RESPONSE] code = 200 description = Command completed successfully queuetime = 0 runtime = 0.058 EOF
The DynDNS2 code (generating the ERROR): class DDNSProviderKEYSYSTEMS(DDNSProtocolDynDNS2, DDNSProvider): handle = "dynamicdns.key-systems.net" name = "dynamicdns.key-systems.net" website =
"https://domaindiscount24.com/"
#protocols = ("ipv4",) # There are only information provided by the domaindiscount24 how to # perform an update with HTTP APIs #https://www.domaindiscount24.com/faq/dynamic-dns
# examples:https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
#https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
url ="https://dynamicdns.key-systems.net/update.php"
def prepare_request_data(self, proto): address = self.get_address(proto) data = { "hostname" : self.hostname, "password" : self.password, "ip" : address, "mx" : address,I wouldn’t set the MX record here. First of all it should not contain an IP address and so it can be statically configured. I consider this being outside of the scope of ddns.
} return dataThe server response to a simple wget request was: [RESPONSE] code = 200 description = Command completed successfully queuetime = 0 runtime = 0.053 EOF
The working code:
class DDNSProviderKEYSYSTEMS(DDNSProvider): handle = "dynamicdns.key-systems.net" name = "dynamicdns.key-systems.net" website =
"https://domaindiscount24.com/"
protocols = ("ipv4",) # There are only information provided by the domaindiscount24 how to # perform an update with HTTP APIs #https://www.domaindiscount24.com/faq/dynamic-dns
# examples:https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
#https://dynamicdns.key-systems.net/update.php?hostname=hostname&password...
url ="https://dynamicdns.key-systems.net/update.php"
can_remove_records = False #def prepare_request_data(self, proto): def update_protocol(self, proto): address = self.get_address(proto) data = { "hostname" : self.hostname, "password" : self.password, "ip" : address, "mx" : address,See above.
} # Send update to the server. response = self.send_request(self.url, data=data) # Handle success messages. if response.code == 200: returnThis is just very vage.
# If we got here, some other update error happened. raise DDNSUpdateErrorThere must be other responses - one might hope.
Did you check sending an incorrect password and do you get 401 or 403 at least?
#return dataUnfortunately this provider has no list of any possible responses - or maybe I have overlooked it. That can however be tested to check if those are still compatible with DynDNS.
I couldn't find any more pointers on the providers page either, and for that testing I would have to dig in too deep (into the code and the protocols) for me to handle at the moment. (maybe next week/month).
Yes, so great to not have any documentation…
-Michael
best Christof
On 28/11/2019 12:20, Michael Tremer wrote:
Hello Christof,
On 28 Nov 2019, at 10:45, Christof Weniger ChristofWeniger@gmx.at
wrote:
Hi,
I hope this is the correct way to submit this patch.
Yes, you found the right place.
It would have been better to post the patch inline (and not as an attachment), so that I could have commented on it.
https://www.domaindiscount24.com/
has its own ddns service runnning, which (for me) gets rid of the necessity of having to use an extra service for that.
I tested the following patch on my system at home, and attached it to this mail.
I started my quest at the community forum:
https://community.ipfire.org/t/adding-new-ddns-provider/428/2
Christof
<add_key_systems_ddns.patch>
I will make an exception here now and still give you my thoughts :)
It looks like this is very close to the DynDNS protocol, so you can re-use that as some other providers do.
Unfortunately this provider has no list of any possible responses - or maybe I have overlooked it. That can however be tested to check if those are still compatible with DynDNS.
Finally, you are setting the IP addresses to “auto” which probably is not a good idea. I would prefer that it is explicitly being set. There is a function for it that finds out which one is the correct IP address.
In the end I think this provider could look like “myonlineportal”:
https://git.ipfire.org/?p=ddns.git;a=blob;f=src/ddns/providers.py;h=661fbcc5...
Best, -Michael
<add_key_systems_ddns.patch>