Initial commit

9 files changed, 265 insertions, 0 deletions

diff --git a/ddns/__init__.py b/ddns/__init__.py
new file mode 100644
index 0000000..b0de21e
--- /dev/null
+++ b/ddns/__init__.py
@@ -0,0 +1,16 @@
+from flask import Flask, request, Response
+import ddns.cfg_parser
+
+cfg_parser.cfg_file = '/home/marius/ddns/ddns.cfg'
+cfg_parser.read_config()
+
+app = Flask(__name__)
+
+def index():
+	return "index"
+
+app.add_url_rule('/', 'index', index)
+
+#from ddns.frontend.dyn_com import dyn_com
+import ddns.frontend.dyn_com
+app.add_url_rule('/nic/update', 'ddns.frontend.dyn_com.dyn_com', ddns.frontend.dyn_com.dyn_com)
diff --git a/ddns/auth.py b/ddns/auth.py
new file mode 100644
index 0000000..6624aad
--- /dev/null
+++ b/ddns/auth.py
@@ -0,0 +1,27 @@
+## These functions are modified versions of these: http://flask.pocoo.org/snippets/8/
+from flask import request, Response
+from functools import wraps
+import ddns.cfg_parser
+import hash
+
+auth_cfg = ddns.cfg_parser.cfg['users']
+
+def check_auth(username, password):
+	for user in auth_cfg:
+		if username == user['username'] and \
+				hash.hash(user['hash'], password) == user['password']:
+			return True
+	return False
+
+def authenticate(message='badauth'):
+	return Response(message, 401,
+			{'WWW-Authenticate': 'Basic realm="login required"'})
+
+def require_auth(f):
+	@wraps(f)
+	def decorated(*args, **kwargs):
+		auth = request.authorization
+		if not auth or not check_auth(auth.username, auth.password):
+			return authenticate()
+		return f(*args, **kwargs)
+	return decorated
diff --git a/ddns/backend/__init__.py b/ddns/backend/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ddns/backend/__init__.py
diff --git a/ddns/backend/dnsupdate.py b/ddns/backend/dnsupdate.py
new file mode 100644
index 0000000..cd1dee2
--- /dev/null
+++ b/ddns/backend/dnsupdate.py
@@ -0,0 +1,74 @@
+import dns.query
+import dns.tsig
+import dns.tsigkeyring
+import dns.update
+import dns.resolver
+import ddns.cfg_parser
+
+zone_cfg = None
+keyring = None
+
+def resolve(domain, rtype='A'):
+	return dns.resolver.query(domain, rtype)
+
+def check_ip(domain, ip, rtype='A'):
+	ans = resolve(domain.encode('ascii'), rtype)
+
+	if not ans:
+		return False
+
+	for rdata in ans:
+		if rdata == ip.strNormal(0):
+			return True
+	return False
+
+def get_zone(name):
+	for zone in zone_cfg:
+		if zone['name'] == name:
+			return zone
+	return None
+
+def gen_keyring(dnskeys):
+	global keyring
+
+	keys = {}
+	for key in dnskeys:
+		keys[key['name']] = key['key']
+
+	keyring = dns.tsigkeyring.from_text(keys)
+
+def get_hash_method(hash_name):
+	if hash_name == 'HMAC-MD5':
+		return dns.tsig.HMAC_MD5
+	if hash_name == 'HMAC-SHA1':
+		return dns.tsig.HMAC_SHA1
+	if hash_name == 'HMAC-SHA224':
+		return dns.tsig.HMAC_SHA224
+	if hash_name == 'HMAC-SHA256':
+		return dns.tsig.HMAC_SHA256
+	if hash_name == 'HMAC-SHA384':
+		return dns.tsig.HMAC_384
+	if hash_name == 'HMAC-SHA512':
+		return dns.tsig.HMAC_512
+	return dns.tsig.default_algorithm
+
+def update_dns(zone, hostname, ip, ttl=300):
+	zone = get_zone(zone)
+	dns_srv = zone['ns']
+
+	update = dns.update.Update(zone['name'], keyring=keyring, \
+			keyname=zone['key']['name'], \
+			keyalgorithm=get_hash_method(zone['key']['algorithm']))
+
+	if ip.version() == 6:
+		rtype = 'AAAA'
+	else:
+		rtype = 'A'
+
+#	if not check_ip(hostname+'.'+zone['name'], ip, rtype):
+	update.replace(hostname.encode('ascii'), ttl, rtype, ip.strNormal(0))
+	res = dns.query.tcp(update, dns_srv)
+
+zone_cfg = ddns.cfg_parser.cfg['zones']
+keyring = gen_keyring(ddns.cfg_parser.cfg['dnskeys'])
+
diff --git a/ddns/cfg_parser.py b/ddns/cfg_parser.py
new file mode 100644
index 0000000..e8134cd
--- /dev/null
+++ b/ddns/cfg_parser.py
@@ -0,0 +1,17 @@
+import yaml
+import io
+import os
+
+cfg_file = None
+cfg = None
+
+def read_config():
+	global cfg
+
+	if not cfg_file or not os.path.exists(cfg_file):
+		return None
+
+	with io.open(cfg_file, 'r') as fp:
+		_cfg = yaml.load(fp)
+
+	cfg = _cfg
diff --git a/ddns/frontend/__init__.py b/ddns/frontend/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ddns/frontend/__init__.py
diff --git a/ddns/frontend/dyn_com.py b/ddns/frontend/dyn_com.py
new file mode 100644
index 0000000..bbd61e5
--- /dev/null
+++ b/ddns/frontend/dyn_com.py
@@ -0,0 +1,47 @@
+from flask import request, Response
+import ddns.backend.dnsupdate
+from IPy import IP
+import ddns.auth
+import ddns.cfg_parser
+
+@ddns.auth.require_auth
+def dyn_com():
+	if request.method != 'GET':
+		return "badagent"
+
+	if not request.args.has_key('hostname'):
+		return "nohost"
+
+	if len(request.args.getlist('hostname')) > 1:
+		return "numhost"
+
+	if not request.args.has_key('myip'):
+		return "nohost"
+
+	hostname = request.args.get('hostname')
+	if not '.' in hostname:
+		return "notfqdn"
+
+	zone_name = hostname[hostname.find('.')+1:]
+	if zone_name[-1] != '.':
+		zone_name += '.'
+
+	hostname = hostname[0:hostname.find('.')]
+
+	try:
+		ip = IP(request.args.get('myip'))
+	except ValueError:
+		return "nohost"
+
+	for zone in ddns.cfg_parser.cfg['zones']:
+		if zone_name == zone['name']:
+			for domain in zone['domains']:
+				if domain['domain'] == hostname:
+					for user in domain['users']:
+						if request.authorization.username == user['username']:
+							ddns.backend.dnsupdate.update_dns(zone_name, hostname, ip)
+							# We should probably check something here...
+							return "good"
+					return auth.authenticate("!yours")
+			return "nohost"
+	return "nohost"
diff --git a/ddns/hash.py b/ddns/hash.py
new file mode 100644
index 0000000..7bb3b3b
--- /dev/null
+++ b/ddns/hash.py
@@ -0,0 +1,23 @@
+import hashlib
+
+algs = [None, 'sha1', 'sha256', 'sha512']
+
+def hash(algo, passwd):
+	if algo == None: # None
+		return passwd
+	if algo == 'sha1': # sha1
+		return sha1(passwd)
+	if algo == 'sha256': # sha256
+		return sha256(passwd)
+	if algo == 'sha512': # sha512
+		return sha512(passwd)
+	return passwd
+
+def sha1(passwd):
+	return hashlib.sha1(passwd).hexdigest()
+
+def sha256(passwd):
+	return hashlib.sha256(passwd).hexdigest()
+
+def sha512(passwd):
+	return hashlib.sha512(passwd).hexdigest()
diff --git a/ddns/main.py b/ddns/main.py
new file mode 100755
index 0000000..5ee6eaa
--- /dev/null
+++ b/ddns/main.py
@@ -0,0 +1,61 @@
+#!/usr/bin/env python
+
+from flask import Flask, request, Response
+import ddns
+import cfg_parser
+import auth
+from IPy import IP
+
+cfg_file="/srv/http/lden.org/ddns/ddns/ddns.cfg"
+cfg = cfg_parser.read_config(cfg_file)
+
+auth.auth_cfg = cfg['users']
+ddns.zone_cfg = cfg['zones']
+ddns.gen_keyring(cfg['dnskeys'])
+
+app = Flask(__name__)
+
+@app.route("/nic/update")
+@auth.require_auth
+def dyndns():
+	if request.method != 'GET':
+		return "badagent"
+
+	if not request.args.has_key('hostname'):
+		return "nohost"
+
+	if len(request.args.getlist('hostname')) > 1:
+		return "numhost"
+
+	if not request.args.has_key('myip'):
+		return "nohost"
+
+	hostname = request.args.get('hostname')
+	if not '.' in hostname:
+		return "notfqdn"
+
+	zone_name = hostname[hostname.find('.')+1:]
+	if zone_name[-1] != '.':
+		zone_name += '.'
+
+	hostname = hostname[0:hostname.find('.')]
+
+	try:
+		ip = IP(request.args.get('myip'))
+	except ValueError:
+		return "nohost"
+
+	for zone in cfg['zones']:
+		if zone_name == zone['name']:
+			for domain in zone['domains']:
+				if domain['domain'] == hostname:
+					for user in domain['users']:
+						if request.authorization.username == user['username']:
+							ddns.update_dns(zone_name, hostname, ip)
+							return "good"
+					return auth.authenticate("!yours")
+			return "nohost"
+	return "nohost"
+
+if __name__ == "__main__":
+	app.run(host="0.0.0.0", debug=True)