cn
/
dyndnsd
mirror of https://github.com/cmur2/dyndnsd.git
1
0
Fork 0
Code Releases Activity

Allow dyndnsd to use address from X-Real-IP

This commit is contained in:
cn 2016-11-30 21:59:12 +01:00
parent a9083e916e
commit f76c5933d7
4 changed files with 58 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -6,11 +6,11 @@ A small, lightweight and extensible DynDNS server written with Ruby and Rack.
## Description ## Description
dyndnsd.rb is aimed to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server. dyndnsd.rb aims to implement a small [DynDNS-compliant](http://dyn.com/support/developers/api/) server in Ruby supporting IPv4 and IPv6 addresses. It has an integrated user and hostname database in it's configuration file that is used for authentication and authorization. Besides talking the DynDNS protocol it is able to invoke an so-called *updater*, a small Ruby module that takes care of supplying the current host => ip mapping to a DNS server.
The is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration. There is currently one updater shipped with dyndnsd.rb `command_with_bind_zone` that writes out a zone file in BIND syntax onto the current system and invokes a user-supplied command afterwards that is assumed to trigger the DNS server (not necessarily BIND since it's zone files are read by other DNS servers too) to reload it's zone configuration.
Because of the mechanisms used dyndnsd.rb is known to work only on *nix systems. Because of the mechanisms used dyndnsd.rb is known to work only on \*nix systems.
## General Usage ## General Usage
@ -112,6 +112,14 @@ where:
* HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update * HOSTNAMES is a required list of comma separated FQDNs (they all have to end with your config.yaml domain) the user wants to update
* MYIP is optional and the HTTP client's address will be used if missing * MYIP is optional and the HTTP client's address will be used if missing
### IP address determination
The following rules apply:
* use any IP address provided via the myip parameter when present, or
* use any IP address provided via the X-Real-IP header e.g. when used behind HTTP reverse proxy such as nginx, or
* use any IP address used by the connecting HTTP client
### SSL, multiple listen ports ### SSL, multiple listen ports
Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443. Use a webserver as a proxy to handle SSL and/or multiple listen addresses and ports. DynDNS.com provides HTTP on port 80 and 8245 and HTTPS on port 443.

65
lib/dyndnsd.rb
View File

@ -44,11 +44,11 @@ module Dyndnsd
@db['hosts'] ||= {} @db['hosts'] ||= {}
(@db.save; update) if @db.changed? (@db.save; update) if @db.changed?
end end
def update def update
@updater.update(@db) @updater.update(@db)
end end
def is_fqdn_valid?(hostname) def is_fqdn_valid?(hostname)
return false if hostname.length < @domain.length + 2 return false if hostname.length < @domain.length + 2
return false if not hostname.end_with?(@domain) return false if not hostname.end_with?(@domain)
@ -56,45 +56,52 @@ module Dyndnsd
return false if not name.match(/^[a-zA-Z0-9_-]+\.$/) return false if not name.match(/^[a-zA-Z0-9_-]+\.$/)
true true
end end
def call(env) def call(env)
return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET" return @responder.response_for_error(:method_forbidden) if env["REQUEST_METHOD"] != "GET"
return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update" return @responder.response_for_error(:not_found) if env["PATH_INFO"] != "/nic/update"
params = Rack::Utils.parse_query(env["QUERY_STRING"]) params = Rack::Utils.parse_query(env["QUERY_STRING"])
return @responder.response_for_error(:hostname_missing) if not params["hostname"] return @responder.response_for_error(:hostname_missing) if not params["hostname"]
hostnames = params["hostname"].split(',') hostnames = params["hostname"].split(',')
# Check if hostname match rules # Check if hostname match rules
hostnames.each do |hostname| hostnames.each do |hostname|
return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname) return @responder.response_for_error(:hostname_malformed) if not is_fqdn_valid?(hostname)
end end
user = env["REMOTE_USER"] user = env["REMOTE_USER"]
hostnames.each do |hostname| hostnames.each do |hostname|
return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname return @responder.response_for_error(:host_forbidden) if not @users[user]['hosts'].include? hostname
end end
# no myip? # fallback value, always present
if not params["myip"] myip = env["REMOTE_ADDR"]
params["myip"] = env["REMOTE_ADDR"]
# check whether X-Real-IP header has valid IPAddr
if env.has_key?("HTTP_X_REAL_IP")
begin
IPAddr.new(env["HTTP_X_REAL_IP"])
myip = env["HTTP_X_REAL_IP"]
rescue ArgumentError
end
end end
# malformed myip? # check whether myip parameter has valid IPAddr
begin if params.has_key?("myip")
IPAddr.new(params["myip"]) begin
rescue ArgumentError IPAddr.new(params["myip"])
params["myip"] = env["REMOTE_ADDR"] myip = params["myip"]
rescue ArgumentError
end
end end
myip = params["myip"]
Metriks.meter('requests.valid').mark Metriks.meter('requests.valid').mark
Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}" Dyndnsd.logger.info "Request to update #{hostnames} to #{myip} for user #{user}"
changes = [] changes = []
hostnames.each do |hostname| hostnames.each do |hostname|
if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip) if (not @db['hosts'].include? hostname) or (@db['hosts'][hostname] != myip)
@ -106,7 +113,7 @@ module Dyndnsd
Metriks.meter('requests.nochg').mark Metriks.meter('requests.nochg').mark
end end
end end
if @db.changed? if @db.changed?
@db['serial'] += 1 @db['serial'] += 1
Dyndnsd.logger.info "Committing update ##{@db['serial']}" Dyndnsd.logger.info "Committing update ##{@db['serial']}"
@ -114,7 +121,7 @@ module Dyndnsd
update update
Metriks.meter('updates.committed').mark Metriks.meter('updates.committed').mark
end end
@responder.response_for_changes(changes, myip) @responder.response_for_changes(changes, myip)
end end
@ -130,23 +137,23 @@ module Dyndnsd
puts "Config file not found!" puts "Config file not found!"
exit 1 exit 1
end end
puts "DynDNSd version #{Dyndnsd::VERSION}" puts "DynDNSd version #{Dyndnsd::VERSION}"
puts "Using config file #{config_file}" puts "Using config file #{config_file}"
config = YAML::load(File.open(config_file, 'r') { |f| f.read }) config = YAML::load(File.open(config_file, 'r') { |f| f.read })
if config['logfile'] if config['logfile']
Dyndnsd.logger = Logger.new(config['logfile']) Dyndnsd.logger = Logger.new(config['logfile'])
else else
Dyndnsd.logger = Logger.new(STDOUT) Dyndnsd.logger = Logger.new(STDOUT)
end end
Dyndnsd.logger.progname = "dyndnsd" Dyndnsd.logger.progname = "dyndnsd"
Dyndnsd.logger.formatter = LogFormatter.new Dyndnsd.logger.formatter = LogFormatter.new
Dyndnsd.logger.info "Starting..." Dyndnsd.logger.info "Starting..."
# drop privs (first change group than user) # drop privs (first change group than user)
Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group'] Process::Sys.setgid(Etc.getgrnam(config['group']).gid) if config['group']
Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user'] Process::Sys.setuid(Etc.getpwnam(config['user']).uid) if config['user']
@ -174,7 +181,7 @@ module Dyndnsd
db = Database.new(config['db']) db = Database.new(config['db'])
updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone' updater = Updater::CommandWithBindZone.new(config['domain'], config['updater']['params']) if config['updater']['name'] == 'command_with_bind_zone'
responder = Responder::DynDNSStyle.new responder = Responder::DynDNSStyle.new
# configure rack # configure rack
app = Daemon.new(config, db, updater, responder) app = Daemon.new(config, db, updater, responder)
app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass| app = Rack::Auth::Basic.new(app, "DynDNS") do |user,pass|

7
spec/daemon_spec.rb
View File

@ -166,4 +166,11 @@ describe Dyndnsd::Daemon do
last_response.should be_ok last_response.should be_ok
last_response.body.should == 'good 127.0.0.1' last_response.body.should == 'good 127.0.0.1'
end end
it 'uses clients remote IP address from X-Real-IP header if behind proxy' do
authorize 'test', 'secret'
get '/nic/update?hostname=foo.example.org', '', 'HTTP_X_REAL_IP' => '10.0.0.1'
last_response.should be_ok
last_response.body.should == 'good 10.0.0.1'
end
end end

4
spec/spec_helper.rb
View File

@ -6,3 +6,7 @@ require 'rack/test'
require 'dyndnsd' require 'dyndnsd'
require 'support/dummy_database' require 'support/dummy_database'
require 'support/dummy_updater' require 'support/dummy_updater'
RSpec.configure do |config|
config.expect_with(:rspec) { |c| c.syntax = :should }
end