]>
Commit | Line | Data |
---|---|---|
1 | #!/usr/bin/python3 | |
2 | ############################################################################### | |
3 | # # | |
4 | # ddns - A dynamic DNS client for IPFire # | |
5 | # Copyright (C) 2012 IPFire development team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | import base64 | |
23 | import re | |
24 | import ssl | |
25 | import socket | |
26 | import urllib.request | |
27 | import urllib.parse | |
28 | import urllib.error | |
29 | ||
30 | from .__version__ import CLIENT_VERSION | |
31 | from .errors import * | |
32 | from .i18n import _ | |
33 | ||
34 | # Initialize the logger. | |
35 | import logging | |
36 | logger = logging.getLogger("ddns.system") | |
37 | logger.propagate = 1 | |
38 | ||
39 | class DDNSSystem(object): | |
40 | """ | |
41 | The DDNSSystem class adds a layer of abstraction | |
42 | between the ddns software and the system. | |
43 | """ | |
44 | ||
45 | # The default useragent. | |
46 | USER_AGENT = "IPFireDDNSUpdater/%s" % CLIENT_VERSION | |
47 | ||
48 | def __init__(self, core): | |
49 | # Connection to the core of the program. | |
50 | self.core = core | |
51 | ||
52 | # Address cache. | |
53 | self.__addresses = {} | |
54 | ||
55 | # Find out on which distribution we are running. | |
56 | self.distro = self._get_distro_identifier() | |
57 | logger.debug(_("Running on distribution: %s") % self.distro) | |
58 | ||
59 | @property | |
60 | def proxy(self): | |
61 | proxy = self.core.settings.get("proxy") | |
62 | ||
63 | # Strip http:// at the beginning. | |
64 | if proxy and proxy.startswith("http://"): | |
65 | proxy = proxy[7:] | |
66 | ||
67 | return proxy | |
68 | ||
69 | def get_local_ip_address(self, proto): | |
70 | ip_address = self._get_local_ip_address(proto) | |
71 | ||
72 | # Check if the IP address is usable and only return it then | |
73 | if self._is_usable_ip_address(proto, ip_address): | |
74 | return ip_address | |
75 | ||
76 | def _get_local_ip_address(self, proto): | |
77 | # Legacy code for IPFire 2. | |
78 | if self.distro == "ipfire-2" and proto == "ipv4": | |
79 | try: | |
80 | with open("/var/ipfire/red/local-ipaddress") as f: | |
81 | return f.readline() | |
82 | ||
83 | except IOError as e: | |
84 | # File not found | |
85 | if e.errno == 2: | |
86 | return | |
87 | ||
88 | raise | |
89 | ||
90 | # XXX TODO | |
91 | raise NotImplementedError | |
92 | ||
93 | def _guess_external_ip_address(self, url, timeout=10): | |
94 | """ | |
95 | Sends a request to an external web server | |
96 | to determine the current default IP address. | |
97 | """ | |
98 | try: | |
99 | response = self.send_request(url, timeout=timeout) | |
100 | ||
101 | # If the server could not be reached, we will return nothing. | |
102 | except DDNSNetworkError: | |
103 | return | |
104 | ||
105 | if not response.code == 200: | |
106 | return | |
107 | ||
108 | match = re.search(r"^Your IP address is: (.*)$", response.read()) | |
109 | if match is None: | |
110 | return | |
111 | ||
112 | return match.group(1) | |
113 | ||
114 | def guess_external_ip_address(self, family, **kwargs): | |
115 | if family == "ipv6": | |
116 | url = "https://checkip6.dns.lightningwirelabs.com" | |
117 | elif family == "ipv4": | |
118 | url = "https://checkip4.dns.lightningwirelabs.com" | |
119 | else: | |
120 | raise ValueError("unknown address family") | |
121 | ||
122 | return self._guess_external_ip_address(url, **kwargs) | |
123 | ||
124 | def send_request(self, url, method="GET", data=None, username=None, password=None, timeout=30): | |
125 | assert method in ("GET", "POST") | |
126 | ||
127 | # Add all arguments in the data dict to the URL and escape them properly. | |
128 | if method == "GET" and data: | |
129 | query_args = self._format_query_args(data) | |
130 | data = None | |
131 | ||
132 | if "?" in url: | |
133 | url = "%s&%s" % (url, query_args) | |
134 | else: | |
135 | url = "%s?%s" % (url, query_args) | |
136 | ||
137 | logger.debug("Sending request (%s): %s" % (method, url)) | |
138 | if data: | |
139 | logger.debug(" data: %s" % data) | |
140 | ||
141 | req = urllib.request.Request(url, data=data) | |
142 | ||
143 | if username and password: | |
144 | basic_auth_header = self._make_basic_auth_header(username, password) | |
145 | req.add_header("Authorization", "Basic %s" % basic_auth_header) | |
146 | ||
147 | # Set the user agent. | |
148 | req.add_header("User-Agent", self.USER_AGENT) | |
149 | ||
150 | # All requests should not be cached anywhere. | |
151 | req.add_header("Pragma", "no-cache") | |
152 | ||
153 | # Set the upstream proxy if needed. | |
154 | if self.proxy: | |
155 | logger.debug("Using proxy: %s" % self.proxy) | |
156 | ||
157 | # Configure the proxy for this request. | |
158 | req.set_proxy(self.proxy, "http") | |
159 | ||
160 | assert req.get_method() == method | |
161 | ||
162 | logger.debug(_("Request header:")) | |
163 | for k, v in req.headers.items(): | |
164 | logger.debug(" %s: %s" % (k, v)) | |
165 | ||
166 | try: | |
167 | resp = urllib.request.urlopen(req, timeout=timeout) | |
168 | ||
169 | # Log response header. | |
170 | logger.debug(_("Response header (Status Code %s):") % resp.code) | |
171 | for k, v in resp.info().items(): | |
172 | logger.debug(" %s: %s" % (k, v)) | |
173 | ||
174 | # Return the entire response object. | |
175 | return resp | |
176 | ||
177 | except urllib.error.HTTPError as e: | |
178 | # Log response header. | |
179 | logger.debug(_("Response header (Status Code %s):") % e.code) | |
180 | for k, v in e.hdrs.items(): | |
181 | logger.debug(" %s: %s" % (k, v)) | |
182 | ||
183 | # 400 - Bad request | |
184 | if e.code == 400: | |
185 | raise DDNSRequestError(e.reason) | |
186 | ||
187 | # 401 - Authorization Required | |
188 | # 403 - Forbidden | |
189 | elif e.code in (401, 403): | |
190 | raise DDNSAuthenticationError(e.reason) | |
191 | ||
192 | # 404 - Not found | |
193 | # Either the provider has changed the API, or | |
194 | # there is an error on the server | |
195 | elif e.code == 404: | |
196 | raise DDNSNotFound(e.reason) | |
197 | ||
198 | # 429 - Too Many Requests | |
199 | elif e.code == 429: | |
200 | raise DDNSTooManyRequests(e.reason) | |
201 | ||
202 | # 500 - Internal Server Error | |
203 | elif e.code == 500: | |
204 | raise DDNSInternalServerError(e.reason) | |
205 | ||
206 | # 503 - Service Unavailable | |
207 | elif e.code == 503: | |
208 | raise DDNSServiceUnavailableError(e.reason) | |
209 | ||
210 | # Raise all other unhandled exceptions. | |
211 | raise | |
212 | ||
213 | except urllib.error.URLError as e: | |
214 | if e.reason: | |
215 | # Handle SSL errors | |
216 | if isinstance(e.reason, ssl.SSLError): | |
217 | e = e.reason | |
218 | ||
219 | if e.reason == "CERTIFICATE_VERIFY_FAILED": | |
220 | raise DDNSCertificateError | |
221 | ||
222 | # Raise all other SSL errors | |
223 | raise DDNSSSLError(e.reason) | |
224 | ||
225 | # Name or service not known | |
226 | if e.reason.errno == -2: | |
227 | raise DDNSResolveError | |
228 | ||
229 | # Network Unreachable (e.g. no IPv6 access) | |
230 | if e.reason.errno == 101: | |
231 | raise DDNSNetworkUnreachableError | |
232 | ||
233 | # Connection Refused | |
234 | elif e.reason.errno == 111: | |
235 | raise DDNSConnectionRefusedError | |
236 | ||
237 | # No route to host | |
238 | elif e.reason.errno == 113: | |
239 | raise DDNSNoRouteToHostError(req.host) | |
240 | ||
241 | # Raise all other unhandled exceptions. | |
242 | raise | |
243 | ||
244 | except socket.timeout as e: | |
245 | logger.debug(_("Connection timeout")) | |
246 | ||
247 | raise DDNSConnectionTimeoutError | |
248 | ||
249 | def _format_query_args(self, data): | |
250 | args = [] | |
251 | ||
252 | for k, v in data.items(): | |
253 | arg = "%s=%s" % (k, urllib.parse.quote(v)) | |
254 | args.append(arg) | |
255 | ||
256 | return "&".join(args) | |
257 | ||
258 | def _make_basic_auth_header(self, username, password): | |
259 | authstring = "%s:%s" % (username, password) | |
260 | ||
261 | # Encode authorization data in base64. | |
262 | authstring = base64.encodebytes(authstring) | |
263 | ||
264 | # Remove any newline characters. | |
265 | authstring = authstring.replace("\n", "") | |
266 | ||
267 | return authstring | |
268 | ||
269 | def get_address(self, proto): | |
270 | """ | |
271 | Returns the current IP address for | |
272 | the given IP protocol. | |
273 | """ | |
274 | try: | |
275 | return self.__addresses[proto] | |
276 | ||
277 | # IP is currently unknown and needs to be retrieved. | |
278 | except KeyError: | |
279 | self.__addresses[proto] = address = \ | |
280 | self._get_address(proto) | |
281 | ||
282 | return address | |
283 | ||
284 | def _get_address(self, proto): | |
285 | assert proto in ("ipv6", "ipv4") | |
286 | ||
287 | # IPFire 2 does not support IPv6. | |
288 | if self.distro == "ipfire-2" and proto == "ipv6": | |
289 | return | |
290 | ||
291 | # Check if the external IP address should be guessed from | |
292 | # a remote server. | |
293 | guess_ip = self.core.settings.get("guess_external_ip", "true") | |
294 | guess_ip = guess_ip in ("true", "yes", "1") | |
295 | ||
296 | # Get the local IP address. | |
297 | local_ip_address = None | |
298 | ||
299 | if not guess_ip: | |
300 | try: | |
301 | local_ip_address = self.get_local_ip_address(proto) | |
302 | except NotImplementedError: | |
303 | logger.warning(_("Falling back to check the IP address with help of a public server")) | |
304 | ||
305 | # If no local IP address could be determined, we will fall back to the guess | |
306 | # it with help of an external server... | |
307 | if not local_ip_address: | |
308 | local_ip_address = self.guess_external_ip_address(proto) | |
309 | ||
310 | return local_ip_address | |
311 | ||
312 | def _is_usable_ip_address(self, proto, address): | |
313 | """ | |
314 | Returns True is the local IP address is usable | |
315 | for dynamic DNS (i.e. is not a RFC1918 address or similar). | |
316 | """ | |
317 | if proto == "ipv4": | |
318 | # This is not the most perfect solution to match | |
319 | # these addresses, but instead of pulling in an entire | |
320 | # library to handle the IP addresses better, we match | |
321 | # with regular expressions instead. | |
322 | matches = ( | |
323 | # RFC1918 address space | |
324 | r"^10\.\d+\.\d+\.\d+$", | |
325 | r"^192\.168\.\d+\.\d+$", | |
326 | r"^172\.(1[6-9]|2[0-9]|31)\.\d+\.\d+$", | |
327 | ||
328 | # Dual Stack Lite address space | |
329 | r"^100\.(6[4-9]|[7-9][0-9]|1[01][0-9]|12[0-7])\.\d+\.\d+$", | |
330 | ) | |
331 | ||
332 | for match in matches: | |
333 | m = re.match(match, address) | |
334 | if m is None: | |
335 | continue | |
336 | ||
337 | # Found a match. IP address is not usable. | |
338 | return False | |
339 | ||
340 | # In all other cases, return OK. | |
341 | return True | |
342 | ||
343 | def resolve(self, hostname, proto=None): | |
344 | addresses = [] | |
345 | ||
346 | if proto is None: | |
347 | family = 0 | |
348 | elif proto == "ipv6": | |
349 | family = socket.AF_INET6 | |
350 | elif proto == "ipv4": | |
351 | family = socket.AF_INET | |
352 | else: | |
353 | raise ValueError("Protocol not supported: %s" % proto) | |
354 | ||
355 | # Resolve the host address. | |
356 | try: | |
357 | response = socket.getaddrinfo(hostname, None, family) | |
358 | except socket.gaierror as e: | |
359 | # Name or service not known | |
360 | if e.errno == -2: | |
361 | return [] | |
362 | ||
363 | # Temporary failure in name resolution | |
364 | elif e.errno == -3: | |
365 | raise DDNSResolveError(hostname) | |
366 | ||
367 | # No record for requested family available (e.g. no AAAA) | |
368 | elif e.errno == -5: | |
369 | return [] | |
370 | ||
371 | raise | |
372 | ||
373 | # Handle responses. | |
374 | for family, socktype, proto, canonname, sockaddr in response: | |
375 | # IPv6 | |
376 | if family == socket.AF_INET6: | |
377 | address, port, flow_info, scope_id = sockaddr | |
378 | ||
379 | # Only use the global scope. | |
380 | if not scope_id == 0: | |
381 | continue | |
382 | ||
383 | # IPv4 | |
384 | elif family == socket.AF_INET: | |
385 | address, port = sockaddr | |
386 | ||
387 | # Ignore everything else... | |
388 | else: | |
389 | continue | |
390 | ||
391 | # Add to repsonse list if not already in there. | |
392 | if address not in addresses: | |
393 | addresses.append(address) | |
394 | ||
395 | return addresses | |
396 | ||
397 | def _get_distro_identifier(self): | |
398 | """ | |
399 | Returns a unique identifier for the distribution | |
400 | we are running on. | |
401 | """ | |
402 | os_release = self.__parse_os_release() | |
403 | if os_release: | |
404 | return os_release | |
405 | ||
406 | system_release = self.__parse_system_release() | |
407 | if system_release: | |
408 | return system_release | |
409 | ||
410 | # If nothing else could be found, we return | |
411 | # just "unknown". | |
412 | return "unknown" | |
413 | ||
414 | def __parse_os_release(self): | |
415 | """ | |
416 | Tries to parse /etc/os-release and | |
417 | returns a unique distribution identifier | |
418 | if the file exists. | |
419 | """ | |
420 | try: | |
421 | f = open("/etc/os-release", "r") | |
422 | except IOError as e: | |
423 | # File not found | |
424 | if e.errno == 2: | |
425 | return | |
426 | ||
427 | raise | |
428 | ||
429 | os_release = {} | |
430 | with f: | |
431 | for line in f.readlines(): | |
432 | m = re.match(r"^([A-Z\_]+)=(.*)$", line) | |
433 | if m is None: | |
434 | continue | |
435 | ||
436 | os_release[m.group(1)] = m.group(2) | |
437 | ||
438 | try: | |
439 | return "%(ID)s-%(VERSION_ID)s" % os_release | |
440 | except KeyError: | |
441 | return | |
442 | ||
443 | def __parse_system_release(self): | |
444 | """ | |
445 | Tries to parse /etc/system-release and | |
446 | returns a unique distribution identifier | |
447 | if the file exists. | |
448 | """ | |
449 | try: | |
450 | f = open("/etc/system-release", "r") | |
451 | except IOError as e: | |
452 | # File not found | |
453 | if e.errno == 2: | |
454 | return | |
455 | ||
456 | raise | |
457 | ||
458 | with f: | |
459 | # Read first line | |
460 | line = f.readline() | |
461 | ||
462 | # Check for IPFire systems | |
463 | m = re.match(r"^IPFire (\d).(\d+)", line) | |
464 | if m: | |
465 | return "ipfire-%s" % m.group(1) |