ddclient: T5708: Ensure password is always wrapped in quotes

Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing more resilient to edge cases (particularly when `password` isn't the last option right before the host parameter). ddclient config parser applies special treatment to the password field and would unwrap the quotes automatically. Also, switch from now deprecated `use=no` to `use=disabled`.
author: Indrajit Raychaudhuri <irc@indrajit.com> 2023-11-08 14:11:04 -0600
committer: Indrajit Raychaudhuri <irc@indrajit.com> 2023-11-30 21:42:23 -0600
commit: 535b4c1de059627072ee831437371c9cefd26eba (patch)
tree: e851daafcfd67f0dab8a05d4705b2839f3025b20
parent: 78a7f0182a3ae504f8a29502cc064f56769df75a (diff)
download: vyos-1x-535b4c1de059627072ee831437371c9cefd26eba.tar.gz
vyos-1x-535b4c1de059627072ee831437371c9cefd26eba.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2
index 879887a1f..356b8d0d0 100644
--- a/data/templates/dns-dynamic/ddclient.conf.j2
+++ b/data/templates/dns-dynamic/ddclient.conf.j2
@@ -13,9 +13,9 @@ web-skip{{ ipv }}='{{ web_options.skip }}', \
 if{{ ipv }}={{ address }}, \
 {%     endif %}
 {% endfor %}
-{# Other service options #}
+{# Other service options with special treatment for password #}
 {% for k,v in kwargs.items() if v is vyos_defined %}
-{{ k | replace('_', '-') }}={{ v }}{{ ',' if not loop.last }} \
+{{ k | replace('_', '-') }}={{ "'%s'" % (v) if k == 'password' else v }}{{ ',' if not loop.last }} \
 {% endfor %}
 {# Actual hostname for the service #}
 {{ host }}
@@ -29,7 +29,7 @@ cache={{ config_file | replace('.conf', '.cache') }}
 {# ddclient default (web=dyndns) doesn't support ssl and results in process lockup #}
 web=googledomains
 {# ddclient default (use=ip) results in confusing warning message in log #}
-use=no
+use=disabled
 
 {% if address is vyos_defined %}
 {%     for address, service_cfg in address.items() %}
diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py
index 6c2f584c9..c6940f01d 100755
--- a/smoketest/scripts/cli/test_service_dns_dynamic.py
+++ b/smoketest/scripts/cli/test_service_dns_dynamic.py
@@ -100,7 +100,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'daemon=300', ddclient_conf)
             self.assertIn(f'usev4=ifv4', ddclient_conf)
             self.assertIn(f'ifv4={interface}', ddclient_conf)
-            self.assertIn(f'password={password}', ddclient_conf)
+            self.assertIn(f'password=\'{password}\'', ddclient_conf)
 
             for opt in details.keys():
                 if opt == 'username':
@@ -146,7 +146,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
         self.assertIn(f'protocol={proto}', ddclient_conf)
         self.assertIn(f'server={server}', ddclient_conf)
         self.assertIn(f'login={username}', ddclient_conf)
-        self.assertIn(f'password={password}', ddclient_conf)
+        self.assertIn(f'password=\'{password}\'', ddclient_conf)
         self.assertIn(f'min-interval={wait_time}', ddclient_conf)
         self.assertIn(f'max-interval={expiry_time_good}', ddclient_conf)
 
@@ -185,7 +185,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
                 self.assertIn(f'usev6=ifv6', ddclient_conf)
                 self.assertIn(f'ifv4={interface}', ddclient_conf)
                 self.assertIn(f'ifv6={interface}', ddclient_conf)
-            self.assertIn(f'password={password}', ddclient_conf)
+            self.assertIn(f'password=\'{password}\'', ddclient_conf)
 
             for opt in details.keys():
                 if opt == 'username':
@@ -218,7 +218,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'protocol=nsupdate', ddclient_conf)
             self.assertIn(f'server={server}', ddclient_conf)
             self.assertIn(f'zone={zone}', ddclient_conf)
-            self.assertIn(f'password={key_file.name}', ddclient_conf)
+            self.assertIn(f'password=\'{key_file.name}\'', ddclient_conf)
             self.assertIn(f'ttl={ttl}', ddclient_conf)
 
     def test_05_dyndns_hostname(self):
@@ -242,7 +242,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase):
             self.assertIn(f'protocol={proto}', ddclient_conf)
             self.assertIn(f'server={server}', ddclient_conf)
             self.assertIn(f'login={username}', ddclient_conf)
-            self.assertIn(f'password={password}', ddclient_conf)
+            self.assertIn(f'password=\'{password}\'', ddclient_conf)
             self.assertIn(f'{name}', ddclient_conf)
 
     def test_06_dyndns_vrf(self):
author	Indrajit Raychaudhuri <irc@indrajit.com>	2023-11-08 14:11:04 -0600
committer	Indrajit Raychaudhuri <irc@indrajit.com>	2023-11-30 21:42:23 -0600
commit	535b4c1de059627072ee831437371c9cefd26eba (patch)
tree	e851daafcfd67f0dab8a05d4705b2839f3025b20
parent	78a7f0182a3ae504f8a29502cc064f56769df75a (diff)
download	vyos-1x-535b4c1de059627072ee831437371c9cefd26eba.tar.gz vyos-1x-535b4c1de059627072ee831437371c9cefd26eba.zip