From fb75de8dcb1073e9b3e07a4ee733ba55a3280121 Mon Sep 17 00:00:00 2001
From: Frederik Lindenaar <frederik@lindenaar.nl>
Date: Mon, 5 Aug 2019 21:56:44 +0200
Subject: [PATCH] Implemented authentication for list operator (closes #7)

---
 dyndns.cfg.dist |  2 ++
 dyndns.pl       |  9 +++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/dyndns.cfg.dist b/dyndns.cfg.dist
index 62030fc..5fbb9c6 100644
--- a/dyndns.cfg.dist
+++ b/dyndns.cfg.dist
@@ -26,6 +26,8 @@
 				# hours, weeks or seconds. format: [0-9]+[mhws]?
 
 # Authentication Settings
+#domain_list_key = off		# List operation, 'off' to disable, '' to always
+				# allow and other values to enable with secret
 #auth_mode = remote	        # either 'static', 'remote' or 'both'
 #static_signer =	        # required for AuthMode 'static' or 'both'
 #static_key =    		# required for AuthMode 'static' or 'both'
diff --git a/dyndns.pl b/dyndns.pl
index 6668555..0dd3b25 100755
--- a/dyndns.pl
+++ b/dyndns.pl
@@ -41,6 +41,8 @@ my @DNSDomain = ( '?', '!', 0 ); # DNS Domain to support, match hostname with:
 my $ExpandCNAMEs = 1;		# CNAME levels to expand (0 to disable)
 my $AllowDebugKey = 'off';	# Debuging, 'off' to disable, '' for always on
 				# and other values to enable with debug= param.
+my $DomainListKey = 'off';	# List operation, 'off' to disable, '' to always
+				# allow and other values to enable with secret
 my $AuthMode = 'remote';	# either 'static', 'remote' or 'both'
 my $StaticSigner = '';		# required for AuthMode 'static' or 'both'
 my $StaticKey = '';		# required for AuthMode 'static' or 'both'
@@ -133,7 +135,6 @@ my $CE = 'Configuration Error';
 my $PE = 'Required parameter missing';
 sub fail($$;$) {
   my ($errormsg, $debugmsg, $exitcode) = @_;
-  print $debug . "\n";
   print $cgi->header(-status=>$exitcode || 503, -type=>'text/plain'),
         "ERROR - $errormsg" . ($debug ? ": $debugmsg\n" : "\n");
   exit 0;
@@ -323,6 +324,10 @@ sub handle_list($$$$) {
   my ($mode, $host, $dnsdomain, $debug) = @_;
   my $title = "DynDNS Updater - $dnsdomain";
 
+  fail("Operation not allowed", ($DomainListKey eq 'off') ? "List is disabled"
+        : "No/incorrect authentication information provided", 403)
+    if ($DomainListKey eq 'off') || (($DomainListKey cmp '') && ($DomainListKey cmp $cgi->param('secret')));
+
   print $cgi->header(-status=>200),
 	$cgi->start_html(-title => $title),
 	$cgi->h1($title);
@@ -354,7 +359,7 @@ if ($ConfigFile cmp 'ignore') {
     $CFGFile =~ s/(\.pl)?$/.cfg/;
     if (open (CONFIG, $CFGFile)) {
         my %CONFIG = (
-            allow_debug_key => \$AllowDebugKey,
+            allow_debug_key => \$AllowDebugKey, domain_list_key => \$DomainListKey,
             dns_server      => \$DNSServer,     dns_domain      => \@DNSDomain,
             expand_cnames   => \$ExpandCNAMEs,  auth_mode       => \$AuthMode,
             static_signer   => \$StaticSigner,  static_key      => \$StaticKey,
--
libgit2 0.22.2