search

leamas / ddupdate

Update DNS Data for Dynamic IP Addresses
MIT License
40 stars 28 forks source link

ddupdate-config doesn't handle complicated passwords #49

Closed mgrandi closed 2 years ago

mgrandi commented 3 years ago

a password with characters that need to be bash escaped don't work

mgrandi@solstitialis:~$ ddupdate-config
WARNING - Cannot open config file '/etc/ddupdate.conf' for read
The following configuration file(s)s already exists:
        /home/mgrandi/.netrc
OK to overwrite (Yes/No) [No]: yes
 1     changeip.com           Updates on http://changeip.com/
 2     cloudflare.com         Updates on https://cloudflare.com
 3     dnsdynamic.org         Updates on http://dnsdynamic.org/
 4     dnsexit.com            Updates on https://www.dnsexit.com
 5     dnspark.com            Updates on https://dnspark.com/
 6     domains.google.com     Updates on https://domains.google.com
 7     dry-run                Debug dummy update plugin
 8     dtdns.com              Updates on https://www.dtdns.com
 9     duckdns.org            Updates on http://duckdns.org
10     duiadns.net            Updates on https://www.duiadns.net
11     dy.fi                  Updates on https://www.dy.fi/
12     dynu.com               Updates on https://www.dynu.com/en-US/DynamicDNS
13     dynv6.com              Updates on http://dynv6.com
14     freedns.afraid.org     Updates on https://freedns.afraid.org
15     freedns.io             Updates on https://freedns.io
16     hurricane_electric     Updates on https://he.com
17     myonlineportal.net     Updates on http://myonlineportal.net/
18     no-ip.com              Updates on http://no-ip.com/
19     now-dns.com            Updates on http://now-dns.com
20     nsupdate               Update address via nsupdate
21     system-ns.com          Updates on https://system-ns.com
Select service to use: 12
[dynu.com] username :<USER>
[dynu.com] password :<PASS>
[dynu.com] hostname: <HOSTNAME>
Probing for addresses, can take some time...
1  Use address as seen from Internet [IP HERE]
2  Use address as seen on local network [10.0.0.215]
3  Use address as decided by service
Select address to register (1, 2, 3) [1]: 1
/tmp/tmplpessltr: 8: Syntax error: "fi" unexpected (expecting "then")
Patched .netrc: /home/mgrandi/.netrc
Patched config: /home/mgrandi/.config/ddupdate.conf
Starting service and displaying logs
-- Logs begin at Sun 2021-01-10 00:05:40 UTC, end at Tue 2021-04-13 02:18:47 UTC. --
Apr 13 02:18:46 solstitialis systemd[1770]: Starting Update DNS  data for this host...
Apr 13 02:18:46 solstitialis ddupdate[273958]: WARNING - Cannot open config file '/etc/ddupdate.conf' for read
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Loglevel: INFO
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Using hostname: host.nowhere.net
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Using ip address plugin: default-if
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Using service plugin: dry-run
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Service options:
Apr 13 02:18:46 solstitialis ddupdate[273958]: INFO - Address options:
Apr 13 02:18:47 solstitialis ddupdate[273958]: INFO - Using ip address: ['10.0.0.215', None]
Apr 13 02:18:47 solstitialis ddupdate[273958]: INFO - Update OK
Apr 13 02:18:47 solstitialis ddupdate[273958]: dry-run: Using
Apr 13 02:18:47 solstitialis ddupdate[273958]:     v4 address: 10.0.0.215
Apr 13 02:18:47 solstitialis ddupdate[273958]:     v6 address: None
Apr 13 02:18:47 solstitialis ddupdate[273958]:     hostname: host.nowhere.net
Apr 13 02:18:47 solstitialis systemd[1770]: ddupdate.service: Succeeded.
Apr 13 02:18:47 solstitialis systemd[1770]: Finished Update DNS  data for this host.
Use "journalctl --user -u ddupdate.service" to display logs.
Shall I run service regularly (Yes/No) [No]:
leamas commented 3 years ago

Agreed, this is a bug. At a minimum. it should be added to the documentation as "Known Bugs" or so. Actually fixing is possible if/when resolving #23. It might be possible to add add some escaping or storing using base64 or so.

leamas commented 2 years ago

This is actually a known limitation in the python netrc module, see the docs

leamas commented 2 years ago

I have added notes to ddupdate.8 and ddupdate-config.8 about this.

Real fixes must be postponed until #23 is resolved. With a backend which handles more general stuff we should be able to handle iit in the script as well.

leamas commented 2 years ago

After #23 being merged it's now possible to set the password for a service using ddupdate --set-password <host> <username> <pw>. This should be a usable work-around although there is certainly still work to do with ddupdate-config

leamas commented 2 years ago

@mgrandi: what exactly does "complicated" mean in this context?

mgrandi commented 2 years ago

/ _ " ( ! { Are the characters in the password I used but it could really be any symbol that needs to be escaped in bash

leamas commented 2 years ago

In the context of current devel, this seems to be a backend-specific issue for netrc. Using the new keyring backend everything seems to work.

I will try to make a fix for the netrc backend which stores the password base64-encoded, stay tuned

This might break if some user out there has created a password which could be base64-decoded without errors, but this is a risk I guess we could take. If it becomes an issue the fix would to just re-enter the password, either using ddupdate -p or by running ddupdate-configagain which is what I guess most users just would try anyway.

There is no bash involved, all scripts are pure python, so this is only about the netrc backend.

mgrandi commented 2 years ago

yeah, originally, i think it had some bash script to patch .netrc (/tmp/tmplpessltr: 8: Syntax error: "fi" unexpected (expecting "then") hence why i brought it up, but sounds good