From fb75de8dcb1073e9b3e07a4ee733ba55a3280121 Mon Sep 17 00:00:00 2001 From: Frederik Lindenaar <frederik@lindenaar.nl> Date: Mon, 5 Aug 2019 21:56:44 +0200 Subject: [PATCH] Implemented authentication for list operator (closes #7) --- dyndns.cfg.dist | 2 ++ dyndns.pl | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/dyndns.cfg.dist b/dyndns.cfg.dist index 62030fc..5fbb9c6 100644 --- a/dyndns.cfg.dist +++ b/dyndns.cfg.dist @@ -26,6 +26,8 @@ # hours, weeks or seconds. format: [0-9]+[mhws]? # Authentication Settings +#domain_list_key = off # List operation, 'off' to disable, '' to always + # allow and other values to enable with secret #auth_mode = remote # either 'static', 'remote' or 'both' #static_signer = # required for AuthMode 'static' or 'both' #static_key = # required for AuthMode 'static' or 'both' diff --git a/dyndns.pl b/dyndns.pl index 6668555..0dd3b25 100755 --- a/dyndns.pl +++ b/dyndns.pl @@ -41,6 +41,8 @@ my @DNSDomain = ( '?', '!', 0 ); # DNS Domain to support, match hostname with: my $ExpandCNAMEs = 1; # CNAME levels to expand (0 to disable) my $AllowDebugKey = 'off'; # Debuging, 'off' to disable, '' for always on # and other values to enable with debug= param. +my $DomainListKey = 'off'; # List operation, 'off' to disable, '' to always + # allow and other values to enable with secret my $AuthMode = 'remote'; # either 'static', 'remote' or 'both' my $StaticSigner = ''; # required for AuthMode 'static' or 'both' my $StaticKey = ''; # required for AuthMode 'static' or 'both' @@ -133,7 +135,6 @@ my $CE = 'Configuration Error'; my $PE = 'Required parameter missing'; sub fail($$;$) { my ($errormsg, $debugmsg, $exitcode) = @_; - print $debug . "\n"; print $cgi->header(-status=>$exitcode || 503, -type=>'text/plain'), "ERROR - $errormsg" . ($debug ? ": $debugmsg\n" : "\n"); exit 0; @@ -323,6 +324,10 @@ sub handle_list($$$$) { my ($mode, $host, $dnsdomain, $debug) = @_; my $title = "DynDNS Updater - $dnsdomain"; + fail("Operation not allowed", ($DomainListKey eq 'off') ? "List is disabled" + : "No/incorrect authentication information provided", 403) + if ($DomainListKey eq 'off') || (($DomainListKey cmp '') && ($DomainListKey cmp $cgi->param('secret'))); + print $cgi->header(-status=>200), $cgi->start_html(-title => $title), $cgi->h1($title); @@ -354,7 +359,7 @@ if ($ConfigFile cmp 'ignore') { $CFGFile =~ s/(\.pl)?$/.cfg/; if (open (CONFIG, $CFGFile)) { my %CONFIG = ( - allow_debug_key => \$AllowDebugKey, + allow_debug_key => \$AllowDebugKey, domain_list_key => \$DomainListKey, dns_server => \$DNSServer, dns_domain => \@DNSDomain, expand_cnames => \$ExpandCNAMEs, auth_mode => \$AuthMode, static_signer => \$StaticSigner, static_key => \$StaticKey, -- libgit2 0.22.2