Fabio/ddclient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'ddclient:master' into develop

Browse source
This commit is contained in:
Awalon 2023-08-09 04:17:43 +02:00 committed by GitHub
commit 13eb3de604
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 344 additions and 772 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
.github/workflows/ci.yml vendored
View file

@ -9,7 +9,7 @@ jobs:
matrix:
image:
- ubuntu:latest
- ubuntu:16.04
- ubuntu:20.04
- debian:testing
- debian:stable
- debian:oldstable
@ -24,10 +24,9 @@ jobs:
automake \
ca-certificates \
git \
curl \
libhttp-daemon-perl \
libhttp-daemon-ssl-perl \
libio-socket-inet6-perl \
libio-socket-ip-perl \
libplack-perl \
libtest-mockmodule-perl \
libtest-tcp-perl \
@ -48,28 +47,6 @@ jobs:
- name: distribution tarball is complete
run: ./.github/workflows/scripts/dist-tarball-check
#test-centos6:
# runs-on: ubuntu-latest
# container: centos:6
# steps:
# - uses: actions/checkout@v1
# - name: install dependencies
# run: |
# yum install -y \
# automake \
# perl-IO-Socket-INET6 \
# perl-core \
# perl-libwww-perl \
# ;
# - name: autogen
# run: ./autogen
# - name: configure
# run: ./configure
# - name: check
# run: make VERBOSE=1 AM_COLOR_TESTS=always check
# - name: distcheck
# run: make VERBOSE=1 AM_COLOR_TESTS=always distcheck
#test-centos8:
# runs-on: ubuntu-latest
# container: centos:8
@ -105,6 +82,7 @@ jobs:
automake \
findutils \
make \
curl \
perl \
perl-HTTP-Daemon \
perl-HTTP-Daemon-SSL \

33
ChangeLog.md
View file

@ -3,29 +3,42 @@
This document describes notable changes. For details, see the [source code
repository history](https://github.com/ddclient/ddclient/commits/master).
## 2023-XX-XX v3.11.0
## 2023-XX-XX v3.11.0_1
### Breaking changes
* ddclient now requires curl.
* ddclient no longer ships any example files for init systems that use `/etc/init.d`.
This was done because those files where effectively unmaintained, untested by the developers and only updated by downstream distros.
If you where relying on those files, please copy them into your packaging.
* The defunct `dnsexit` protocol is removed (replaced by `dnsexit2`).
### New features
* Added support for domaindiscount24.com
* Added support for domeneshop.no
* Added support for Enom
* Added support for Mythic Beasts Dynamic DNS
* Added support for njal.la
* Added support for Porkbun
* Added support for IPv6 to the EasyDNS and DuckDNS provider
* Introduced `usev4` and `usev6` for separate IPv4/IPv6 configuration. These will replace the legacy `use` eventually.
* Added support for moving secrets out of the configuration through environment variables
* Extended postscript mechanism
* sample-get-ip-from-fritzbox: Added environment variable to override hostname
* Warn about hosts where no IP could be determined - and skip the (bogus) update.
### Provider updates:
* Added regfish
* Added domeneshop.no
* Added Mythic Beasts
* Added Porkbun
* Added Enom
* Added DigitalOcean
* Added Infomaniak
* Added DNSExit API v2
* Removed old DNSExit API
* Extended EasyDNS to support IPv6
* Extended duckdns to support IPv6
### Bug fixes
* DynDNS2 now uses the newer ipv4/ipv6 syntax's
* Fixed various issues with caching
* Fixed issues with Hetzner zones
* The OVH provider now ignores extra data returned
* Allow to define usev4 and usev6 options per hostname
* Merge multiple configs for the same hostname instead of use the last
## 2022-10-20 v3.10.0

1
Makefile.am
View file

@ -63,7 +63,6 @@ AM_PL_LOG_FLAGS = -Mstrict -w \
-MDevel::Autoflush
handwritten_tests = \
t/get_ip_from_if.pl \
t/geturl_ssl.pl \
t/is-and-extract-ipv4.pl \
t/is-and-extract-ipv6.pl \
t/is-and-extract-ipv6-global.pl \

103
README.md
View file

@ -1,70 +1,68 @@
# Unmaintained
ddclient is unmaintained and no further changes will be done nor will issues or pull requests of any kind be accepted.
As alternatives consider <https://github.com/troglobit/inadyn> or <https://github.com/lopsided98/dnsupdate>.
There will be no support for migrating of ddclient and your current provider might not be supported by those alternatives.
See https://github.com/ddclient/ddclient/issues/528 and https://github.com/ddclient/ddclient/issues/380 for more details.
---
# DDCLIENT
`ddclient` is a Perl client used to update dynamic DNS entries for accounts
on many dynamic DNS services.
on many dynamic DNS services. It uses `curl` for internet access.
This is a friendly fork/continuation of https://github.com/ddclient/ddclient
## Alternatives
You might also want to consider using one of the following, if they support
your dynamic DNS provider(s): <https://github.com/troglobit/inadyn> or
<https://github.com/lopsided98/dnsupdate>.
## Supported services
Dynamic DNS services currently supported include:
DynDNS.com - See http://www.dyndns.com for details on obtaining a free account.
Zoneedit - See http://www.zoneedit.com for details.
EasyDNS - See http://www.easydns.com for details.
NameCheap - See http://www.namecheap.com for details
DslReports - See http://www.dslreports.com for details
Sitelutions - See http://www.sitelutions.com for details
Loopia - See http://www.loopia.se for details
Noip - See http://www.noip.com/ for details
Freedns - See http://freedns.afraid.org/ for details
ChangeIP - See http://www.changeip.com/ for details
nsupdate - See nsupdate(1) and ddns-confgen(8) for details
CloudFlare - See https://www.cloudflare.com/ for details
GoDaddy - See https://www.godaddy.com/ for details
Google - See http://www.google.com/domains for details
Duckdns - See https://duckdns.org/ for details
Freemyip - See https://freemyip.com for details
woima.fi - See https://woima.fi/ for details
Yandex - See https://domain.yandex.com/ for details
DNS Made Easy - See https://dnsmadeeasy.com/ for details
DonDominio - See https://www.dondominio.com for details
NearlyFreeSpeech.net - See https://www.nearlyfreespeech.net/services/dns for details
OVH - See https://www.ovh.com for details
Porkbun - See https://porkbun.com/
ClouDNS - See https://www.cloudns.net
dinahosting - See https://dinahosting.com
Gandi - See https://gandi.net
dnsexit - See https://dnsexit.com/ for details
1984.is - See https://www.1984.is/product/freedns/ for details
Njal.la - See https://njal.la/docs/ddns/
regfish.de - See https://www.regfish.de/domains/dyndns/ for details
domenehsop - See https://api.domeneshop.no/docs/#tag/ddns/paths/~1dyndns~1update/get
Mythic Beasts - See https://www.mythic-beasts.com/support/api/dnsv2/dynamic-dns for details
Enom - See https://www.enom.com for details
Infomaniak - See https://faq.infomaniak.com/2376 for details
* [1984.is](https://www.1984.is/product/freedns)
* [ChangeIP](https://www.changeip.com)
* [CloudFlare](https://www.cloudflare.com)
* [ClouDNS](https://www.cloudns.net)
* [dinahosting](https://dinahosting.com)
* [DonDominio](https://www.dondominio.com)
* [DNS Made Easy](https://dnsmadeeasy.com)
* [DNSExit](https://dnsexit.com/dns/dns-api)
* [domenehsop](https://api.domeneshop.no/docs/#tag/ddns/paths/~1dyndns~1update/get)
* [DslReports](https://www.dslreports.com)
* [Duck DNS](https://duckdns.org)
* [DynDNS.com](https://account.dyn.com)
* [EasyDNS](https://www.easydns.com )
* [Enom](https://www.enom.com)
* [Freedns](https://freedns.afraid.org)
* [Freemyip](https://freemyip.com)
* [Gandi](https://gandi.net)
* [GoDaddy](https://www.godaddy.com)
* [Google](https://domains.google)
* [Infomaniak](https://faq.infomaniak.com/2376)
* [Loopia](https://www.loopia.se)
* [Mythic Beasts](https://www.mythic-beasts.com/support/api/dnsv2/dynamic-dns)
* [NameCheap](https://www.namecheap.com)
* [NearlyFreeSpeech.net](https://www.nearlyfreespeech.net/services/dns)
* [Njalla](https://njal.la/docs/ddns)
* [Noip](https://www.noip.com)
* nsupdate - see nsupdate(1) and ddns-confgen(8)
* [OVH](https://www.ovhcloud.com)
* [Porkbun](https://porkbun.com)
* [regfish.de](https://www.regfish.de/domains/dyndns)
* [Sitelutions](https://www.sitelutions.com)
* [woima.fi](https://woima.fi)
* [Yandex](https://dns.yandex.com)
* [Zoneedit](https://www.zoneedit.com)
`ddclient` now supports many cable and DSL broadband routers.
`ddclient` supports finding your IP address from many cable and DSL
broadband routers.
Comments, suggestions and requests: use the issues on https://github.com/ddclient/ddclient/issues/new
Comments, suggestions and requests: please file an issue at
https://github.com/ddclient/ddclient/issues/new
The code was originally written by Paul Burry and is now hosted and maintained
through github.com. Please check out http://ddclient.net
The code was originally written by Paul Burry and is now hosted and
maintained through github.com. Please check out https://ddclient.net
## REQUIREMENTS
* An account from a supported dynamic DNS service provider
* Perl v5.10.1 or later
* `IO::Socket::SSL` perl library for ssl-support
* `JSON::PP` perl library for JSON support
* Linux, macOS, or any other Unix-ish system
* An implementation of `make` (such as [GNU
@ -85,8 +83,7 @@ See https://github.com/ddclient/ddclient/releases
<img src="https://repology.org/badge/vertical-allrepos/ddclient.svg" alt="Packaging status" align="right">
</a>
The easiest way to install ddclient is to install a package offered by your
operating system. See the image to the right for a list of distributions with a
ddclient package.
operating system. See the image to the right for a list of distributions with a ddclient package.
### Manual Installation

3
configure.ac
View file

@ -28,6 +28,7 @@ AC_PATH_PROG([FIND], [find])
AS_IF([test -z "${FIND}"], [AC_MSG_ERROR(['find' utility not found])])
AC_PATH_PROG([CURL], [curl])
AS_IF([test -z "${CURL}"], [AC_MSG_ERROR([curl not found])])
AX_WITH_PROG([PERL], perl)
AX_PROG_PERL_VERSION([5.10.1], [],
@ -43,7 +44,6 @@ m4_foreach_w([_m], [
File::Path
File::Temp
Getopt::Long
IO::Socket::IP
Socket
Sys::Hostname
version=0.77
@ -71,7 +71,6 @@ m4_foreach_w([_m], [
HTTP::Message::PSGI
HTTP::Request
HTTP::Response
IO::Socket::SSL
Scalar::Util
Test::MockModule
Test::TCP

7
ddclient.conf.in
View file

@ -327,6 +327,13 @@ ssl=yes # use ssl-support. Works with
#password=mypassword, \
#subdomain-1.domain.com,subdomain-2.domain.com
##
## dnsexit2 (API method www.dnsexit.com)
##
#protocol=dnsexit2
#password=MyAPIKey
#subdomain-1.domain.com,subdomain-2.domain.com
##
## domeneshop (www.domeneshop.no)
##

636
ddclient.in
View file

@ -3,19 +3,12 @@
#
# DDCLIENT - a Perl client for updating DynDNS information
#
# Author: Paul Burry (paul+ddclient@burry.ca)
# ddclient developers: see https://github.com/orgs/ddclient/people
#
# website: https://ddclient.net
#
# Support for multiple IP numbers added by
# Astaro AG, Ingo Schwarze <ischwarze-OOs/4mkCeqbQT0dZR+AlfA@public.gmane.org> September 16, 2008
#
# Support for multiple domain support for Namecheap by Robert Ian Hawdon 2010-09-03: https://robertianhawdon.me.uk/
#
# Initial Cloudflare support by Ian Pye, updated by Robert Ian Hawdon 2012-07-16
# Further updates by Peter Roberts to support the new API 2013-09-26, 2014-06-22: http://blog.peter-r.co.uk/
# Original Author: Paul Burry (paul+ddclient@burry.ca)
# Current maintainers:
# Reuben Thomas <rrt@sc3d.org>
# Lenard Heß <lenard@rrhess.de>
#
# website: https://github.com/ddclient/ddclient
#
######################################################################
package ddclient;
@ -26,8 +19,6 @@ use File::Basename;
use File::Path qw(make_path);
use File::Temp;
use Getopt::Long;
use IO::Socket::IP;
use Socket qw(AF_INET AF_INET6 PF_INET PF_INET6);
use Sys::Hostname;
use version 0.77; our $VERSION = version->declare('@PACKAGE_VERSION@');
@ -464,7 +455,6 @@ my %variables = (
'retry' => setv(T_BOOL, 0, 0, 0, undef),
'force' => setv(T_BOOL, 0, 0, 0, undef),
'ssl' => setv(T_BOOL, 0, 0, 0, undef),
'curl' => setv(T_BOOL, 0, 0, 0, undef),
'syslog' => setv(T_BOOL, 0, 0, 0, undef),
'facility' => setv(T_STRING,0, 0, 'daemon', undef),
'priority' => setv(T_STRING,0, 0, 'notice', undef),
@ -543,11 +533,12 @@ my %variables = (
'server' => setv(T_FQDNP, 1, 0, 'dynamicdns.key-systems.net', undef),
'login' => setv(T_LOGIN, 0, 0, 0, 'unused', undef),
},
'dnsexit-common-defaults' => {
'dnsexit2-common-defaults' => {
'ssl' => setv(T_BOOL, 0, 0, 1, undef),
'server' => setv(T_FQDNP, 1, 0, 'update.dnsexit.com', undef),
'script' => setv(T_STRING, 0, 1, '/RemoteUpdate.sv', undef),
'min-error-interval' => setv(T_DELAY, 0, 0, interval('8m'), 0),
'server' => setv(T_FQDNP, 1, 0, 'api.dnsexit.com', undef),
'path' => setv(T_STRING, 0, 1, '/dns/', undef),
'record-type' => setv(T_STRING, 1, 0, 'A', undef),
'ttl' => setv(T_NUMBER, 1, 0, 5, 0),
},
'regfishde-common-defaults' => {
'server' => setv(T_FQDNP, 1, 0, 'dyndns.regfish.de', undef),
@ -951,14 +942,18 @@ my %services = (
$variables{'service-common-defaults'},
),
},
'dnsexit' => {
'dnsexit2' => {
'updateable' => undef,
'update' => \&nic_dnsexit_update,
'examples' => \&nic_dnsexit_examples,
'variables' => merge(
$variables{'dnsexit-common-defaults'},
$variables{'service-common-defaults'},
),
'update' => \&nic_dnsexit2_update,
'examples' => \&nic_dnsexit2_examples,
'variables' => {
%{$variables{'service-common-defaults'}},
%{$variables{'dnsexit2-common-defaults'}},
# nic_updateable() assumes that every service uses a username/login but that is
# not true for the DNSExit API. Silence warnings by redefining the username variable
# as non-required with value unused.
'login' => setv(T_STRING, 0, 0, 'unused', undef),
},
},
'regfishde' => {
'updateable' => undef,
@ -1080,7 +1075,6 @@ my @opt = (
["ssl_ca_file", "=s", "-ssl_ca_file <file> : look at <file> for certificates of trusted certificate authorities (default: auto-detect)"],
["fw-ssl-validate", "!", "-{no}fw-ssl-validate : Validate SSL certificate when retrieving IP address from firewall"],
["web-ssl-validate", "!","-{no}web-ssl-validate : Validate SSL certificate when retrieving IP address from web"],
["curl", "!", "-{no}curl : use curl for network connections"],
["retry", "!", "-{no}retry : retry failed updates"],
["force", "!", "-{no}force : force an update even if the update may be unnecessary"],
["timeout", "=i", "-timeout <max> : when fetching a URL, wait at most <max> seconds for a response"],
@ -1335,6 +1329,12 @@ sub update_nics {
# But we will set 'wantip' to the IPv4 so old functions continue to work until we update them all
$config{$h}{'wantip'} = $ipv4 if (!$ip && $ipv4);
if (!$ip && !$ipv4 && !$ipv6)
{
warning("Could not determine an IP for %s", $h);
next;
}
next if !nic_updateable($h, $updateable);
push @hosts, $h;
@ -1344,6 +1344,18 @@ sub update_nics {
if (@hosts) {
$0 = sprintf("%s - updating %s", $program, join(',', @hosts));
&$update(@hosts);
# Backwards compatibility:
# If we only have 'use', we set 'wantipv4' or 'wantipv6' depending on the IP type of
# 'wantip'. Newer provider implementations such as cloudflare only check 'wantipv*'
# and set 'status-ipv*' accordingly, ignoring 'wantip' and 'status'.
# For these we then load back the 'status' from 'status-ipv*' to ensure correct
# caching and updating behaviour.
foreach my $h (@hosts) {
$config{$h}{'status'} //= $config{$h}{'status-ipv4'};
$config{$h}{'status'} //= $config{$h}{'status-ipv6'};
}
runpostscript(join ' ', keys %ipsv4, keys %ipsv6);
}
}
@ -1595,7 +1607,7 @@ sub _read_config {
$content .= "$_\n" unless /^#/;
## parsing passwords is special
if (/^([^#]*\s)?([^#]*?password\S*?)\s*=\s*('.*'|[^']\S*)(.*)/) {
if (/^([^#]*\s)?([^#]*?password)\s*=\s*('.*'|[^']\S*)(.*)/) {
my ($head, $key, $value, $tail) = ($1 // '', $2, $3, $4);
$value = $1 if $value =~ /^'(.*)'$/;
$passwords{$key} = $value;
@ -1626,6 +1638,25 @@ sub _read_config {
## verify that keywords are valid...and check the value
foreach my $k (keys %locals) {
# Handle '_env' keyword suffix
if ($k =~ /(.*)_env$/)
{
debug("Loading value for $1 from environment variable $locals{$k}.");
if (exists($ENV{$locals{$k}}))
{
# Set the value to the value of the environment variable
$locals{$1} = $ENV{$locals{$k}};
# Remove the '_env' suffix from the key
$k = $1;
}
else
{
warning("Environment variable '$locals{$k}' not set for keyword '$k' (ignored)");
delete $locals{$k};
next;
}
}
$locals{$k} = $passwords{$k} if defined $passwords{$k};
if (!exists $variables{'merged'}{$k}) {
warning("unrecognized keyword '%s' (ignored)", $k);
@ -1816,7 +1847,7 @@ sub init_config {
$proto = opt('protocol') if !defined($proto);
load_sha1_support($proto) if (grep (/^$proto$/, ("freedns", "nfsn")));
load_json_support($proto) if (grep (/^$proto$/, ("1984", "cloudflare", "digitalocean", "gandi", "godaddy", "hetzner", "yandex", "nfsn", "njalla", "porkbun")));
load_json_support($proto) if (grep (/^$proto$/, ("1984", "cloudflare", "digitalocean", "gandi", "godaddy", "hetzner", "yandex", "nfsn", "njalla", "porkbun", "dnsexit2")));
if (!exists($services{$proto})) {
warning("skipping host: %s: unrecognized protocol '%s'", $h, $proto);
@ -2431,22 +2462,6 @@ sub encode_base64 ($;$) {
$res =~ s/.{$padding}$/'=' x $padding/e if $padding;
$res;
}
######################################################################
## load_ssl_support
######################################################################
sub load_ssl_support {
my $ssl_loaded = eval { require IO::Socket::SSL };
unless ($ssl_loaded) {
fatal("%s", <<"EOM");
Error loading the Perl module IO::Socket::SSL needed for SSL connect.
On Debian, the package libio-socket-ssl-perl must be installed.
On Red Hat, the package perl-IO-Socket-SSL must be installed.
On Alpine, the package perl-io-socket-ssl must be installed.
EOM
}
import IO::Socket::SSL;
{ no warnings; $IO::Socket::SSL::DEBUG = 0; }
}
######################################################################
## load_sha1_support
@ -2481,180 +2496,6 @@ EOM
import JSON::PP (qw/decode_json encode_json/);
}
######################################################################
## geturl
######################################################################
sub geturl {
return opt('curl') ? fetch_via_curl(@_) : fetch_via_socket_io(@_);
}
sub fetch_via_socket_io {
my %params = @_;
my $proxy = $params{proxy};
my $url = $params{url};
my $login = $params{login};
my $password = $params{password};
my $ipversion = $params{ipversion} // '';
my $headers = $params{headers} // '';
my $method = $params{method} // 'GET';
my $data = $params{data} // '';
my ($peer, $server, $port, $default_port, $use_ssl);
my ($sd, $request, $reply);
## canonify proxy and url
my $force_ssl;
$force_ssl = 1 if ($url =~ /^https:/);
$proxy =~ s%^https?://%%i if defined($proxy);
$url =~ s%^https?://%%i;
$server = $url;
$server =~ s%[?/].*%%;
$url =~ s%^[^?/]*/?%%;
if ($force_ssl || ($globals{'ssl'} && !($params{ignore_ssl_option} // 0))) {
$use_ssl = 1;
$default_port = '443';
} else {
$use_ssl = 0;
$default_port = '80';
}
debug("proxy = %s", $proxy // '<undefined>');
debug("protocol = %s", $use_ssl ? "https" : "http");
debug("server = %s", $server);
(my $_url = $url) =~ s%\?.*%?<redacted>%; #redact ALL parameters passed on URL, including possible passwords
debug("url = %s", $_url);
debug("ip ver = %s", $ipversion);
## determine peer and port to use.
$peer = $proxy // $server;
$peer =~ s%[?/].*%%;
if ($peer =~ /^\[([^]]+)\](?::(\d+))?$/ || $peer =~ /^([^:]+)(?::(\d+))?/) {
$peer = $1;
$port = $2 // $default_port;
} else {
failed("unable to extract host and port from %s", $peer);
return undef;
}
$request = "$method ";
if (!$use_ssl) {
$request .= "http://$server" if defined($proxy);
} else {
$request .= "https://$server" if defined($proxy);
}
$request .= "/$url HTTP/1.1\n";
$request .= "Host: $server\n";
if (defined($login) || defined($password)) {
my $auth = encode_base64(($login // '') . ':' . ($password // ''), '');
$request .= "Authorization: Basic $auth\n";
}
$request .= "User-Agent: ${program}/${version}\n";
if ($data) {
$request .= "Content-Type: application/x-www-form-urlencoded\n" if $headers !~ /^Content-Type:/mi;
$request .= "Content-Length: " . length($data) . "\n";
}
$request .= "Connection: close\n";
$headers .= "\n" if $headers ne '' && substr($headers, -1) ne "\n";
$request .= $headers;
$request .= "\n";
# RFC 7230 says that all lines before the body must end with <cr><lf>.
(my $rq = $request) =~ s/(?<!\r)\n/\r\n/g;
$request .= $data;
$rq .= $data;
my %socket_args = (
PeerAddr => $peer,
PeerPort => $port,
Proto => 'tcp',
Timeout => opt('timeout'),
);
my $socket_class = 'IO::Socket::IP';
if ($use_ssl) {
# IO::Socket::SSL will load IPv6 support if available on the system.
load_ssl_support;
$socket_class = 'IO::Socket::SSL';
$socket_args{SSL_ca_file} = opt('ssl_ca_file') if defined(opt('ssl_ca_file'));
$socket_args{SSL_ca_path} = opt('ssl_ca_dir') if defined(opt('ssl_ca_dir'));
$socket_args{SSL_verify_mode} = ($params{ssl_validate} // 1)
? IO::Socket::SSL->SSL_VERIFY_PEER
: IO::Socket::SSL->SSL_VERIFY_NONE;
}
if (defined($params{_testonly_socket_class})) {
$socket_args{original_socket_class} = $socket_class;
$socket_class = $params{_testonly_socket_class};
}
if ($ipversion eq '4') {
$socket_args{Domain} = PF_INET;
$socket_args{Family} = AF_INET;
} elsif ($ipversion eq '6') {
$socket_args{Domain} = PF_INET6;
$socket_args{Family} = AF_INET6;
} elsif ($ipversion ne '') {
fatal("geturl passed unsupported 'ipversion' value %s", $ipversion);
}
my $ipv = $ipversion eq '' ? '' : sprintf(" (IPv%s)", $ipversion);
my $peer_port_ipv = sprintf("%s:%s%s", $peer, $port, $ipv);
my $to = sprintf("%s%s%s", $server, defined($proxy) ? " via proxy $peer:$port" : "", $ipv);
verbose("CONNECT:", "%s", $to);
$0 = sprintf("%s - connecting to %s", $program, $peer_port_ipv);
if (opt('exec')) {
$sd = $socket_class->new(%socket_args);
defined($sd) or warning("cannot connect to %s socket: %s%s", $peer_port_ipv, $@,
$use_ssl ? ' ' . IO::Socket::SSL::errstr() : '');
} else {
debug("skipped network connection");
verbose("SENDING:", "%s", $request);
}
if (defined $sd) {
## send the request to the http server
verbose("CONNECTED: ", $use_ssl ? 'using SSL' : 'using HTTP');
verbose("SENDING:", "%s", $request);
$0 = sprintf("%s - sending to %s", $program, $peer_port_ipv);
my $result = syswrite $sd, $rq;
if ($result != length($rq)) {
warning("cannot send to %s (%s).", $peer_port_ipv, $!);
} else {
$0 = sprintf("%s - reading from %s", $program, $peer_port_ipv);
eval {
local $SIG{'ALRM'} = sub { die "timeout"; };
alarm(opt('timeout')) if opt('timeout') > 0;
while ($_ = <$sd>) {
$0 = sprintf("%s - read from %s", $program, $peer_port_ipv);
verbose("RECEIVE:", "%s", $_ // "<undefined>");
$reply .= $_ // '';
}
if (opt('timeout') > 0) {
alarm(0);
}
};
close($sd);
if ($@ and $@ =~ /timeout/) {
warning("TIMEOUT: %s after %s seconds", $to, opt('timeout'));
$reply = '';
}
$reply //= '';
}
}
$0 = sprintf("%s - closed %s", $program, $peer_port_ipv);
## during testing simulate reading the URL
if (opt('test')) {
my $filename = "$server/$url";
$filename =~ s|/|%2F|g;
if (opt('exec')) {
$reply = save_file("$savedir/$filename", $reply, 'unique');
} else {
$reply = load_file("$savedir/$filename");
}
}
$reply =~ s/\r//g if defined $reply;
return $reply;
}
######################################################################
## curl_cmd() function to execute system curl command
######################################################################
@ -2680,7 +2521,7 @@ sub curl_cmd {
67 => "The user name, password, or similar was not accepted and curl failed to log in.",
77 => "Problem with reading the SSL CA cert (path? access rights?).",
78 => "The resource referenced in the URL does not exist.",
127 => "You requested network access with curl but $system_curl was not found",
127 => "$system_curl was not found",
);
debug("CURL: %s", $system_curl);
@ -2724,10 +2565,7 @@ sub escape_curl_param {
return $str;
}
######################################################################
## fetch_via_curl() is used for geturl() when global curl option set
######################################################################
sub fetch_via_curl {
sub geturl {
my %params = @_;
my $proxy = $params{proxy};
my $url = $params{url};
@ -2770,89 +2608,35 @@ sub fetch_via_curl {
debug("skipped network connection");
verbose("SENDING:", "%s", "${server}/${url}");
} else {
my $curl_loaded = eval { require WWW::Curl::Easy };
if ($curl_loaded) {
# System has the WWW::Curl::Easy module so use that
import WWW::Curl::Easy;
my $curl = WWW::Curl::Easy->new;
push(@curlopt, "silent");
push(@curlopt, "include"); ## Include HTTP response for compatibility
push(@curlopt, "insecure") if ($use_ssl && !($params{ssl_validate} // 1));
push(@curlopt, "cacert=\"".escape_curl_param(opt('ssl_ca_file')).'"') if defined(opt('ssl_ca_file'));
push(@curlopt, "capath=\"".escape_curl_param(opt('ssl_ca_dir')).'"') if defined(opt('ssl_ca_dir'));
push(@curlopt, "ipv4") if ($ipversion == 4);
push(@curlopt, "ipv6") if ($ipversion == 6);
push(@curlopt, "user-agent=\"".escape_curl_param("${program}/${version}").'"');
push(@curlopt, "connect-timeout=$timeout");
push(@curlopt, "max-time=$timeout");
push(@curlopt, "request=$method");
push(@curlopt, "user=\"".escape_curl_param("${login}:${password}").'"') if (defined($login) && defined($password));
push(@curlopt, "proxy=\"".escape_curl_param("${protocol}://${proxy}").'"') if defined($proxy);
push(@curlopt, "url=\"".escape_curl_param("${protocol}://${server}/${url}").'"');
$curl->setopt(WWW::Curl::Easy->CURLOPT_HEADER, 1); ## Include HTTP response for compatibility
$curl->setopt(WWW::Curl::Easy->CURLOPT_SSL_VERIFYPEER, ($params{ssl_validate} // 1) ? 1 : 0 );
$curl->setopt(WWW::Curl::Easy->CURLOPT_SSL_VERIFYHOST, ($params{ssl_validate} // 1) ? 1 : 0 );
$curl->setopt(WWW::Curl::Easy->CURLOPT_CAINFO, opt('ssl_ca_file')) if defined(opt('ssl_ca_file'));
$curl->setopt(WWW::Curl::Easy->CURLOPT_CAPATH, opt('ssl_ca_dir')) if defined(opt('ssl_ca_dir'));
$curl->setopt(WWW::Curl::Easy->CURLOPT_IPRESOLVE,
($ipversion == 4) ? WWW::Curl::Easy->CURL_IPRESOLVE_V4 :
($ipversion == 6) ? WWW::Curl::Easy->CURL_IPRESOLVE_V6 :
WWW::Curl::Easy->CURL_IPRESOLVE_WHATEVER);
$curl->setopt(WWW::Curl::Easy->CURLOPT_USERAGENT, "${program}/${version}");
$curl->setopt(WWW::Curl::Easy->CURLOPT_CONNECTTIMEOUT, $timeout);
$curl->setopt(WWW::Curl::Easy->CURLOPT_TIMEOUT, $timeout);
# Each header line is added individually
@header_lines = split('\n', $headers);
$_ = "header=\"".escape_curl_param($_).'"' foreach (@header_lines);
push(@curlopt, @header_lines);
$curl->setopt(WWW::Curl::Easy->CURLOPT_POST, 1) if ($method eq 'POST');
$curl->setopt(WWW::Curl::Easy->CURLOPT_PUT, 1) if ($method eq 'PUT');
$curl->setopt(WWW::Curl::Easy->CURLOPT_CUSTOMREQUEST, $method) if ($method ne 'GET'); ## for PATCH
# Add in the data if any was provided (for POST/PATCH)
push(@curlopt, "data=\"".escape_curl_param(${data}).'"') if ($data);
$curl->setopt(WWW::Curl::Easy->CURLOPT_USERPWD, "${login}:${password}") if (defined($login) && defined($password));
$curl->setopt(WWW::Curl::Easy->CURLOPT_PROXY, "${protocol}://${proxy}") if defined($proxy);
$curl->setopt(WWW::Curl::Easy->CURLOPT_URL, "${protocol}://${server}/${url}");
# don't include ${url} as that might expose login credentials
$0 = sprintf("%s - Curl system cmd sending to %s", $program, "${protocol}://${server}");
verbose("SENDING:", "Curl system cmd to %s", "${protocol}://${server}");
verbose("SENDING:", "%s", $_) foreach (@curlopt);
# Add header lines if any was provided
if ($headers) {
@header_lines = split('\n', $headers);
$curl->setopt(WWW::Curl::Easy->CURLOPT_HTTPHEADER, \@header_lines);
}
# Add in the data if any was provided (for POST/PATCH)
if (my $datalen = length($data)) {
$curl->setopt(WWW::Curl::Easy->CURLOPT_POSTFIELDS, ${data});
$curl->setopt(WWW::Curl::Easy->CURLOPT_POSTFIELDSIZE, $datalen);
}
$curl->setopt(WWW::Curl::Easy->CURLOPT_WRITEDATA,\$reply);
# don't include ${url} as that might expose login credentials
$0 = sprintf("%s - WWW::Curl::Easy sending to %s", $program, "${protocol}://${server}");
verbose("SENDING:", "WWW::Curl::Easy to %s", "${protocol}://${server}");
verbose("SENDING:", "%s", $headers) if ($headers);
verbose("SENDING:", "%s", $data) if ($data);
my $rc = $curl->perform;
if ($rc != 0) {
warning("CURL error (%d) %s", $rc, $curl->strerror($rc));
debug($curl->errbuf);
}
} else {
# System does not have the WWW::Curl::Easy module so attempt with system Curl command
push(@curlopt, "silent");
push(@curlopt, "include"); ## Include HTTP response for compatibility
push(@curlopt, "insecure") if ($use_ssl && !($params{ssl_validate} // 1));
push(@curlopt, "cacert=\"".escape_curl_param(opt('ssl_ca_file')).'"') if defined(opt('ssl_ca_file'));
push(@curlopt, "capath=\"".escape_curl_param(opt('ssl_ca_dir')).'"') if defined(opt('ssl_ca_dir'));
push(@curlopt, "ipv4") if ($ipversion == 4);
push(@curlopt, "ipv6") if ($ipversion == 6);
push(@curlopt, "user-agent=\"".escape_curl_param("${program}/${version}").'"');
push(@curlopt, "connect-timeout=$timeout");
push(@curlopt, "max-time=$timeout");
push(@curlopt, "request=$method");
push(@curlopt, "user=\"".escape_curl_param("${login}:${password}").'"') if (defined($login) && defined($password));
push(@curlopt, "proxy=\"".escape_curl_param("${protocol}://${proxy}").'"') if defined($proxy);
push(@curlopt, "url=\"".escape_curl_param("${protocol}://${server}/${url}").'"');
# Each header line is added individually
@header_lines = split('\n', $headers);
$_ = "header=\"".escape_curl_param($_).'"' foreach (@header_lines);
push(@curlopt, @header_lines);
# Add in the data if any was provided (for POST/PATCH)
push(@curlopt, "data=\"".escape_curl_param(${data}).'"') if ($data);
# don't include ${url} as that might expose login credentials
$0 = sprintf("%s - Curl system cmd sending to %s", $program, "${protocol}://${server}");
verbose("SENDING:", "Curl system cmd to %s", "${protocol}://${server}");
verbose("SENDING:", "%s", $_) foreach (@curlopt);
$reply = curl_cmd(@curlopt);
}
$reply = curl_cmd(@curlopt);
verbose("RECEIVE:", "%s", $reply // "<undefined>");
if (!$reply) {
# don't include ${url} as that might expose login credentials
@ -3919,6 +3703,25 @@ sub header_ok {
}
return $ok;
}
######################################################################
## DDNS providers
# A DDNS provider consists of an example function, the update
# function, and an optional updateable function.
#
# The example function simply returns a string for the help message,
# explaining how to configure the provider
#
# The update function performs the actual record update.
# It receives an array of hosts as its argument.
#
# The updateable function allows a provider implementation to force
# an update even if ddclient has itself determined no update is
# necessary. The function shall return 1 if an update should be
# performed, else 0.
######################################################################
######################################################################
## nic_dyndns1_examples
######################################################################
@ -4242,113 +4045,169 @@ sub nic_dyndns2_update {
}
######################################################################
## nic_dnsexit_examples
## nic_dnsexit2_examples
######################################################################
sub nic_dnsexit_examples {
sub nic_dnsexit2_examples {
return <<"EoEXAMPLE";
o 'dnsexit'
o 'dnsexit2'
The 'dnsexit' protocol is the protocol used by the dynamic hostname services
of the 'DnsExit' dns services. This is currently used by the free
The 'dnsexit2' protocol is the new API protocol used by the dynamic hostname services
of the 'DNSExit' dns services. This is currently used by the free
dynamic DNS service offered by www.dnsexit.com.
Configuration variables applicable to the 'dnsexit' protocol are:
ssl=no ## turn off ssl
protocol=dnsexit ##
server=update.dnsexit.com ## defaults to update.dnsexit.com
use=web ## defaults to web
web=update.dnsexit.com ## defaults to update.dnsexit.com
script=/RemoteUpdate.sv ## defaults to /RemoteUpdate.sv
login=service-userid ## userid registered with the service
password=service-password ## password registered with the service
fully.qualified.host ## the host registered with the service.
Configuration variables applicable to the 'dnsexit2' protocol are:
protocol=dnsexit2 ##
password=YourAPIKey ## API Key of your account.
server=api.dnsexit.com ## defaults to api.dnsexit.com.
path=/dns/ ## defaults to /dns/.
record-type=A ## defaults to A record.
ttl=5 ## defaults to 5 minutes.
fully.qualified.host ## the host registered with the service.
Example ${program}.conf file entries:
## single host update
protocol=dnsexit \\
login=service-userid \\
password=service-password \\
protocol=dnsexit2
password=YourAPIKey
fully.qualified.host
EoEXAMPLE
}
######################################################################
## nic_dnsexit_update
## nic_dnsexit2_update
##
## written by Gonzalo Pérez de Olaguer Córdoba <salo@gpoc.es>
##
## based on https://www.dnsexit.com/Direct.sv?cmd=ipClients
## fetches this URL to update:
## https://update.dnsexit.com/RemoteUpdate.sv?login=yourlogin&password=yourpassword&
## host=yourhost.yourdomain.com&myip=xxx.xx.xx.xxx
## by @jortkoopmans
## based on https://dnsexit.com/dns/dns-api/
##
######################################################################
sub nic_dnsexit_update {
debug("\nnic_dnsexit_update -------------------");
sub nic_dnsexit2_update {
debug("\nnic_dnsexit2_update -------------------");
my %status = (
'0' => [ 'good', 'Success' ],
'1' => [ 'nochg', 'IP is the same as the IP on the system' ],
'2' => [ 'badauth', 'Invalid password' ],
'3' => [ 'badauth', 'User not found' ],
'4' => [ 'nochg', 'IP not changed. To save our system resources, please don\'t post updates unless the IP got changed.' ],
'10' => [ 'error', 'Hostname is not specified' ],
'11' => [ 'nohost', 'fail to find the domain' ],
'13' => [ 'error', 'parameter validation error' ],
);
## update each configured host
## Update each configured host
foreach my $h (@_) {
# All the known status
my %status = (
'0' => [ 'good', 'Success! Actions got executed successfully.' ],
'1' => [ 'warning', 'Some execution problems. May not indicate actions failures. Some action may got executed fine and some may have problems.' ],
'2' => [ 'badauth', 'API Key Authentication Error. The API Key is missing or wrong.' ],
'3' => [ 'error', 'Missing Required Definitions. Your JSON file may missing some required definitions.' ],
'4' => [ 'error', 'JSON Data Syntax Error. Your JSON file has syntax error.' ],
'5' => [ 'error', 'JSON Defined Record Type not Supported. Your JSON may try to update some record type not supported by our system.' ],
'6' => [ 'error', 'System Error. Our system problem. May not be your problem. Contact our support if you got such error.' ],
'7' => [ 'error', 'Error getting post data. Our server has problem to receive your JSON posting.' ],
);
my $ip = delete $config{$h}{'wantip'};
info("setting IP address to %s for %s", $ip, $h);
verbose("UPDATE:","updating %s", $h);
info("Going to update IP address to %s for %s.", $ip, $h);
# Set the URL of the API endpoint
my $url = "https://$config{$h}{'server'}$config{$h}{'path'}";
# Set the URL that we're going to update
my $url;
$url = "https://$config{$h}{'server'}$config{$h}{'script'}";
$url .= "?login=$config{$h}{'login'}";
$url .= "&password=$config{$h}{'password'}";
$url .= "&host=$h";
$url .= "&myip=";
$url .= $ip if $ip;
# Set JSON payload
my $data = encode_json({
apikey => $config{$h}{'password'},
domain => $h,
update => {
type => $config{$h}{'record-type'},
name => $h,
content => $ip,
ttl => $config{$h}{'ttl'}},
});
# Try to get URL
# Set additional headers
my $header = "Content-Type: application/json\n";
$header .= "Accept: application/json";
# Make the call
my $reply = geturl(
proxy => opt('proxy'),
url => $url
proxy => opt('proxy'),
url => $url,
headers => $header,
method => 'POST',
data => $data,
);
# No response, declare as failed
# No reply, declare as failed
if (!defined($reply) || !$reply) {
failed("updating %s: Could not connect to %s.", $h, $config{$h}{'server'});
failed("updating %s: Could not connect to %s%s.", $h, $config{$h}{'server'}, $config{$h}{'path'});
$config{$h}{'status'} = 'failed';
last;
};
# Reply found
debug("%s", $reply);
# $ok is mandatory?
my $ok = header_ok($h, $reply);
# Extract the HTTP response code
(my $http_status) = ($reply =~ m%^s*HTTP/.*\s+(\d+)%i);
debug("HTTP response code: %s", $http_status);
# If not 200, bail
if ( $http_status != "200"){
failed("Failed to update Host\n%s to IP:%s", $h, $ip);
failed("HTTP response code\n%s", $http_status);
failed("Full reply\n%s", $reply) unless opt('verbose');
$config{$h}{'status'} = 'failed';
last;
}
last if !header_ok($h, $reply);
# Response found
if ($reply =~ /(\d+)=(.+)/) {
my ($statuscode, $statusmsg) = ($1, $2);
if (exists $status{$statuscode}) {
my ($status, $message) = @{ $status{$statuscode} };
if ($status =~ m'^(good|nochg)$') {
# Strip HTTP response headers
(my $strip_status) = ($reply =~ s/^[\s\S]*?(?=\{"code":)//);
debug("strip_status");
debug("%s", $strip_status);
if ($strip_status) {
debug("HTTP headers are stripped.");
}
else {
warning("Unexpected: no HTTP headers stripped!");
}
# Decode the remaining reply, it should be JSON.
my $response = decode_json($reply);
# It should at least have a 'code' and 'message'.
if (defined($response->{'code'}) and defined($response->{'message'})) {
if (exists $status{$response->{'code'}}) {
# Add the server response data to the applicable array
push( @{ $status {$response->{'code'} } }, $response->{'message'});
if (defined($response->{'details'})) {
push ( @{ $status {$response->{'code'} } }, $response->{'details'}[0]);
} else {
# Keep it symmetrical for simplicity
push ( @{ $status {$response->{'code'} } }, "no details received");
}
# Set data from array
my ($status, $message, $srv_message, $srv_details) = @{ $status {$response->{'code'} } };
info("Status: %s -- Message: %s", $status, $message);
info("Server Message: %s -- Server Details: %s", $srv_message, $srv_details);
$config{$h}{'status'} = $status;
# Handle statuses
if ($status eq 'good') {
$config{$h}{'ip'} = $ip;
$config{$h}{'mtime'} = $now;
}
$config{$h}{'status'} = $status;
if ($status eq 'good') {
success("updating %s: good: IP address set to %s", $h, $ip);
$config{$h}{'status'} = 'good';
success("%s", $message);
success("Updated %s successfully to IP address %s at time %s", $h, $ip, prettytime($config{$h}{'mtime'}));
} elsif ($status eq 'warning') {
warning("%s", $message);
warning("Server response: %s", $srv_message);
} elsif ($status =~ m'^(badauth|error)$') {
failed("%s", $message);
failed("Server response: %s", $srv_message);
$config{$h}{'status'} = 'failed';
} else {
warning("updating %s: %s: %s", $h, $status, $message);
failed("This should not be possible");
$config{$h}{'status'} = 'failed';
}
} else {
failed("Status code %s is unknown!", $response->{'code'});
$config{$h}{'status'} = 'failed';
failed("updating %s: failed: unrecognized status code (%s)", $h, $statuscode);
}
} else {
failed("Did not receive expected \"code\" and \"message\" keys in server response.");
failed("Response:");
failed("%s", $response);
$config{$h}{'status'} = 'failed';
warning("SENT: %s", $url) unless opt('verbose');
warning("REPLIED: %s", $reply);
failed("updating %s: unrecognized reply.", $h);
}
}
}
@ -4895,7 +4754,8 @@ sub nic_easydns_update {
my ($status) = $line =~ /^(\S*)\b.*/;
my $h = shift @hosts;
$config{$h}{'status'} = $status;
$config{$h}{'status-ipv4'} = $status if $ipv4;
$config{$h}{'status-ipv6'} = $status if $ipv6;
if ($status eq 'NOERROR') {
$config{$h}{'ipv4'} = $ipv4;
$config{$h}{'ipv6'} = $ipv6;
@ -7235,12 +7095,12 @@ sub nic_porkbun_update {
);
# No response, declare as failed
if (!defined($reply) || !$reply) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv4'} = "bad";
failed("updating %s: Could not connect to porkbun.com.", $host);
next;
}
if (!header_ok($host, $reply)) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv4'} = "bad";
failed("updating %s: failed (%s)", $host, $reply);
next;
}
@ -7249,12 +7109,12 @@ sub nic_porkbun_update {
$reply =~ qr/{(?:[^{}]*|(?R))*}/mp;
my $response = eval { decode_json(${^MATCH}) };
if (!defined($response)) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv4'} = "bad";
failed("%s -- Unexpected service response.", $host);
next;
}
if ($response->{status} ne 'SUCCESS') {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv4'} = "bad";
failed("%s -- Unexpected status. (status = %s)", $host, $response->{status});
next;
}
@ -7266,7 +7126,7 @@ sub nic_porkbun_update {
}
my $current_content = $records->[0]->{'content'};
if ($current_content eq $ipv4) {
$config{$host}{'status'} = "good";
$config{$host}{'status-ipv4'} = "good";
success("updating %s: skipped: IPv4 address was already set to %s.", $host, $ipv4);
next;
}
@ -7298,11 +7158,11 @@ sub nic_porkbun_update {
failed("updating %s: failed (%s)", $host, $reply);
next;
}
$config{$host}{'status'} = "good";
$config{$host}{'status-ipv4'} = "good";
success("updating %s: good: IPv4 address set to %s", $host, $ipv4);
next;
} else {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv4'} = "bad";
failed("updating %s: No applicable existing records.", $host);
next;
}
@ -7328,12 +7188,12 @@ sub nic_porkbun_update {
);
# No response, declare as failed
if (!defined($reply) || !$reply) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv6'} = "bad";
failed("updating %s: Could not connect to porkbun.com.", $host);
next;
}
if (!header_ok($host, $reply)) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv6'} = "bad";
failed("updating %s: failed (%s)", $host, $reply);
next;
}
@ -7342,12 +7202,12 @@ sub nic_porkbun_update {
$reply =~ qr/{(?:[^{}]*|(?R))*}/mp;
my $response = eval { decode_json(${^MATCH}) };
if (!defined($response)) {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv6'} = "bad";
failed("%s -- Unexpected service response.", $host);
next;
}
if ($response->{status} ne 'SUCCESS') {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv6'} = "bad";
failed("%s -- Unexpected status. (status = %s)", $host, $response->{status});
next;
}
@ -7359,7 +7219,7 @@ sub nic_porkbun_update {
}
my $current_content = $records->[0]->{'content'};
if ($current_content eq $ipv6) {
$config{$host}{'status'} = "good";
$config{$host}{'status-ipv6'} = "good";
success("updating %s: skipped: IPv6 address was already set to %s.", $host, $ipv6);
next;
}
@ -7391,11 +7251,11 @@ sub nic_porkbun_update {
failed("updating %s: failed (%s)", $host, $reply);
next;
}
$config{$host}{'status'} = "good";
$config{$host}{'status-ipv6'} = "good";
success("updating %s: good: IPv6 address set to %s", $host, $ipv4);
next;
} else {
$config{$host}{'status'} = "bad";
$config{$host}{'status-ipv6'} = "bad";
failed("updating %s: No applicable existing records.", $host);
next;
}

42
t/geturl_connectivity.pl.in
View file

@ -12,7 +12,6 @@ my $ipv6_supported = eval {
);
defined($ipv6_socket);
};
my $has_curl = qx{ @CURL@ --version 2>/dev/null; } && $? == 0;
my $http_daemon_supports_ipv6 = eval {
require HTTP::Daemon;
@ -55,54 +54,37 @@ my %httpd = (
);
my @test_cases = (
# Fetch via IO::Socket::IP
{ipv6_opt => 0, server_ipv => '4', client_ipv => ''},
{ipv6_opt => 0, server_ipv => '4', client_ipv => '4'},
# IPv* client to a non-SSL IPv6 server is not expected to work unless opt('ipv6') is true
{ipv6_opt => 0, server_ipv => '6', client_ipv => '6'},
# Fetch via IO::Socket::IP
{ipv6_opt => 1, server_ipv => '4', client_ipv => ''},
{ipv6_opt => 1, server_ipv => '4', client_ipv => '4'},
{ipv6_opt => 1, server_ipv => '6', client_ipv => ''},
{ipv6_opt => 1, server_ipv => '6', client_ipv => '6'},
# Fetch without ssl
{ server_ipv => '4', client_ipv => '' },
{ server_ipv => '4', client_ipv => '4' },
{ server_ipv => '6', client_ipv => '' },
{ server_ipv => '6', client_ipv => '6' },
# Fetch via IO::Socket::SSL
{ssl => 1, server_ipv => '4', client_ipv => ''},
{ssl => 1, server_ipv => '4', client_ipv => '4'},
{ssl => 1, server_ipv => '6', client_ipv => ''},
{ssl => 1, server_ipv => '6', client_ipv => '6'},
# Fetch with curl
{ curl => 1, server_ipv => '4', client_ipv => '' },
{ curl => 1, server_ipv => '4', client_ipv => '4' },
{ curl => 1, server_ipv => '6', client_ipv => '' },
{ curl => 1, server_ipv => '6', client_ipv => '6' },
# Fetch with curl and ssl
{ curl => 1, ssl => 1, server_ipv => '4', client_ipv => '' },
{ curl => 1, ssl => 1, server_ipv => '4', client_ipv => '4' },
{ curl => 1, ssl => 1, server_ipv => '6', client_ipv => '' },
{ curl => 1, ssl => 1, server_ipv => '6', client_ipv => '6' },
# Fetch with ssl
{ ssl => 1, server_ipv => '4', client_ipv => '' },
{ ssl => 1, server_ipv => '4', client_ipv => '4' },
{ ssl => 1, server_ipv => '6', client_ipv => '' },
{ ssl => 1, server_ipv => '6', client_ipv => '6' },
);
for my $tc (@test_cases) {
$tc->{ipv6_opt} //= 0;
$tc->{ssl} //= 0;
$tc->{curl} //= 0;
SKIP: {
skip("IPv6 not supported on this system", 1)
if $tc->{server_ipv} eq '6' && !$ipv6_supported;
skip("HTTP::Daemon too old for IPv6 support", 1)
if $tc->{server_ipv} eq '6' && !$http_daemon_supports_ipv6;
skip("HTTP::Daemon::SSL not available", 1) if $tc->{ssl} && !$has_http_daemon_ssl;
skip("Curl not available on this system", 1) if $tc->{curl} && !$has_curl;
my $uri = $httpd{$tc->{server_ipv}}{$tc->{ssl} ? 'https' : 'http'}->endpoint();
my $name = sprintf("IPv%s client to %s%s%s",
$tc->{client_ipv} || '*', $uri, $tc->{ipv6_opt} ? ' (-ipv6)' : '',
$tc->{curl} ? ' (curl)' : '');
my $name = sprintf("IPv%s client to %s%s",
$tc->{client_ipv} || '*', $uri, $tc->{ipv6_opt} ? ' (-ipv6)' : '');
$ddclient::globals{'ipv6'} = $tc->{ipv6_opt};
$ddclient::globals{'curl'} = $tc->{curl};
my $got = ddclient::geturl(url => $uri, ipversion => $tc->{client_ipv});
isnt($got // '', '', $name);
}

263
t/geturl_ssl.pl
View file

@ -1,263 +0,0 @@
use Test::More;
use Data::Dumper;
eval {
require HTTP::Request;
require HTTP::Response;
require IO::Socket::IP;
require IO::Socket::SSL;
require ddclient::Test::Fake::HTTPD;
} or plan(skip_all => $@);
SKIP: { eval { require Test::Warnings; } or skip($@, 1); }
eval { require 'ddclient'; } or BAIL_OUT($@);
$Data::Dumper::Sortkeys = 1;
my $httpd = ddclient::Test::Fake::HTTPD->new();
$httpd->run(sub {
my $req = shift;
# Echo back the full request.
my $resp = [ 200, [ 'Content-Type' => 'application/octet-stream' ], [ $req->as_string() ] ];
if ($req->method() ne 'GET') {
# TODO: Add support for CONNECT to test https via proxy.
$resp->[0] = 501; # 501 == Not Implemented
}
return $resp;
});
my $args;
{
package InterceptSocket;
require base;
base->import(qw(IO::Socket::IP));
sub new {
my ($class, %args) = @_;
$args = \%args;
return $class->SUPER::new(%args, PeerAddr => $httpd->host(), PeerPort => $httpd->port());
}
}
# Keys:
# * name: Display name.
# * params: Parameters to pass to geturl.
# * opt_ssl: Value to return from opt('ssl'). Defaults to 0.
# * opt_ssl_ca_dir: Value to return from opt('ssl_ca_dir'). Defaults to undef.
# * opt_ssl_ca_file: Value to return from opt('ssl_ca_file'). Defaults to undef.
# * want_args: Args that should be passed to the socket constructor minus Proto,
# Timeout, and original_socket_class.
# * want_req_method: The HTTP method geturl is expected to use. Defaults to 'GET'.
# * want_req_uri: URI that geturl is expected to request.
# * todo: If defined, mark this test as expected to fail.
my @test_cases = (
{
name => 'https',
params => {
url => 'https://hostname',
},
want_args => {
PeerAddr => 'hostname',
PeerPort => '443',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'http with ssl=true',
params => {
url => 'http://hostname',
},
opt_ssl => 1,
want_args => {
PeerAddr => 'hostname',
PeerPort => '443',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'https with port',
params => {
url => 'https://hostname:123',
},
want_args => {
PeerAddr => 'hostname',
PeerPort => '123',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'http with port and ssl=true',
params => {
url => 'https://hostname:123',
},
opt_ssl => 1,
want_args => {
PeerAddr => 'hostname',
PeerPort => '123',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'https proxy, http URL',
params => {
proxy => 'https://proxy',
url => 'http://hostname',
},
want_args => {
PeerAddr => 'proxy',
PeerPort => '443',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => 'http://hostname/',
todo => "broken",
},
{
name => 'http proxy, https URL',
params => {
proxy => 'http://proxy',
url => 'https://hostname',
},
want_args => {
PeerAddr => 'proxy',
PeerPort => '80',
SSL_startHandshake => 0,
},
want_req_method => 'CONNECT',
want_req_uri => 'hostname:443',
todo => "not yet supported; silently fails",
},
{
name => 'https proxy, https URL',
params => {
proxy => 'https://proxy',
url => 'https://hostname',
},
want_args => {
PeerAddr => 'proxy',
PeerPort => '443',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_method => 'CONNECT',
want_req_uri => 'hostname:443',
todo => "not yet supported; silently fails",
},
{
name => 'http proxy, http URL, ssl=true',
params => {
proxy => 'http://proxy',
url => 'http://hostname',
},
opt_ssl => 1,
want_args => {
PeerAddr => 'proxy',
PeerPort => '443',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_method => 'CONNECT',
want_req_uri => 'hostname:443',
todo => "not yet supported; silently fails",
},
{
name => 'https proxy with port, http URL with port',
params => {
proxy => 'https://proxy:123',
url => 'http://hostname:456',
},
want_args => {
PeerAddr => 'proxy',
PeerPort => '123',
},
want_req_uri => 'http://hostname:456/',
todo => "broken",
},
{
name => 'http proxy with port, https URL with port',
params => {
proxy => 'http://proxy:123',
url => 'https://hostname:456',
},
want_args => {
PeerAddr => 'proxy',
PeerPort => '123',
SSL_startHandshake => 0,
},
want_req_method => 'CONNECT',
want_req_uri => 'hostname:456',
todo => "not yet supported; silently fails",
},
{
name => 'CA dir',
params => {
url => 'https://hostname',
},
opt_ssl_ca_dir => '/ca/dir',
want_args => {
PeerAddr => 'hostname',
PeerPort => '443',
SSL_ca_path => '/ca/dir',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'CA file',
params => {
url => 'https://hostname',
},
opt_ssl_ca_file => '/ca/file',
want_args => {
PeerAddr => 'hostname',
PeerPort => '443',
SSL_ca_file => '/ca/file',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
{
name => 'CA dir and file',
params => {
url => 'https://hostname',
},
opt_ssl_ca_dir => '/ca/dir',
opt_ssl_ca_file => '/ca/file',
want_args => {
PeerAddr => 'hostname',
PeerPort => '443',
SSL_ca_file => '/ca/file',
SSL_ca_path => '/ca/dir',
SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER,
},
want_req_uri => '/',
},
);
for my $tc (@test_cases) {
$args = undef;
$ddclient::globals{'ssl'} = $tc->{opt_ssl} // 0;
$ddclient::globals{'ssl_ca_dir'} = $tc->{opt_ssl_ca_dir};
$ddclient::globals{'ssl_ca_file'} = $tc->{opt_ssl_ca_file};
my $resp_str = ddclient::geturl(_testonly_socket_class => 'InterceptSocket', %{$tc->{params}});
TODO: {
local $TODO = $tc->{todo};
subtest $tc->{name} => sub {
my %want_args = (
Proto => 'tcp',
Timeout => ddclient::opt('timeout'),
original_socket_class => 'IO::Socket::SSL',
%{$tc->{want_args}},
);
is(Dumper($args), Dumper(\%want_args), "socket constructor args");
ok(defined($resp_str), "response is defined") or return;
ok(my $resp = HTTP::Response->parse($resp_str), "parse response") or return;
ok(my $req_str = $resp->decoded_content(), "decode request from response") or return;
ok(my $req = HTTP::Request->parse($req_str), "parse request") or return;
is($req->method(), $tc->{want_req_method} // 'GET', "request method");
is($req->uri(), $tc->{want_req_uri}, "request URI");
};
}
}
done_testing();