From 9efa76910458b6d58882768641ab598b7c0c9699 Mon Sep 17 00:00:00 2001 From: Indrajit Raychaudhuri Date: Wed, 8 Nov 2023 14:11:04 -0600 Subject: ddclient: T5708: Ensure password is always wrapped in quotes Migration to 3.11.1 follow-up: This should make `ddclient.conf` parsing more resilient to edge cases (particularly when `password` isn't the last option right before the host parameter). ddclient config parser applies special treatment to the password field and would unwrap the quotes automatically. Also, switch from now deprecated `use=no` to `use=disabled`. --- data/templates/dns-dynamic/ddclient.conf.j2 | 6 +++--- smoketest/scripts/cli/test_service_dns_dynamic.py | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/data/templates/dns-dynamic/ddclient.conf.j2 b/data/templates/dns-dynamic/ddclient.conf.j2 index 879887a1f..356b8d0d0 100644 --- a/data/templates/dns-dynamic/ddclient.conf.j2 +++ b/data/templates/dns-dynamic/ddclient.conf.j2 @@ -13,9 +13,9 @@ web-skip{{ ipv }}='{{ web_options.skip }}', \ if{{ ipv }}={{ address }}, \ {% endif %} {% endfor %} -{# Other service options #} +{# Other service options with special treatment for password #} {% for k,v in kwargs.items() if v is vyos_defined %} -{{ k | replace('_', '-') }}={{ v }}{{ ',' if not loop.last }} \ +{{ k | replace('_', '-') }}={{ "'%s'" % (v) if k == 'password' else v }}{{ ',' if not loop.last }} \ {% endfor %} {# Actual hostname for the service #} {{ host }} @@ -29,7 +29,7 @@ cache={{ config_file | replace('.conf', '.cache') }} {# ddclient default (web=dyndns) doesn't support ssl and results in process lockup #} web=googledomains {# ddclient default (use=ip) results in confusing warning message in log #} -use=no +use=disabled {% if address is vyos_defined %} {% for address, service_cfg in address.items() %} diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py index 9624f823f..69ea5c1b3 100755 --- a/smoketest/scripts/cli/test_service_dns_dynamic.py +++ b/smoketest/scripts/cli/test_service_dns_dynamic.py @@ -100,7 +100,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertIn(f'daemon=300', ddclient_conf) self.assertIn(f'usev4=ifv4', ddclient_conf) self.assertIn(f'ifv4={interface}', ddclient_conf) - self.assertIn(f'password={password}', ddclient_conf) + self.assertIn(f'password=\'{password}\'', ddclient_conf) for opt in details.keys(): if opt == 'username': @@ -146,7 +146,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertIn(f'protocol={proto}', ddclient_conf) self.assertIn(f'server={server}', ddclient_conf) self.assertIn(f'login={username}', ddclient_conf) - self.assertIn(f'password={password}', ddclient_conf) + self.assertIn(f'password=\'{password}\'', ddclient_conf) self.assertIn(f'min-interval={wait_time}', ddclient_conf) self.assertIn(f'max-interval={expiry_time_good}', ddclient_conf) @@ -185,7 +185,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertIn(f'usev6=ifv6', ddclient_conf) self.assertIn(f'ifv4={interface}', ddclient_conf) self.assertIn(f'ifv6={interface}', ddclient_conf) - self.assertIn(f'password={password}', ddclient_conf) + self.assertIn(f'password=\'{password}\'', ddclient_conf) for opt in details.keys(): if opt == 'username': @@ -218,7 +218,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertIn(f'protocol=nsupdate', ddclient_conf) self.assertIn(f'server={server}', ddclient_conf) self.assertIn(f'zone={zone}', ddclient_conf) - self.assertIn(f'password={key_file.name}', ddclient_conf) + self.assertIn(f'password=\'{key_file.name}\'', ddclient_conf) self.assertIn(f'ttl={ttl}', ddclient_conf) def test_05_dyndns_hostname(self): @@ -242,7 +242,7 @@ class TestServiceDDNS(VyOSUnitTestSHIM.TestCase): self.assertIn(f'protocol={proto}', ddclient_conf) self.assertIn(f'server={server}', ddclient_conf) self.assertIn(f'login={username}', ddclient_conf) - self.assertIn(f'password={password}', ddclient_conf) + self.assertIn(f'password=\'{password}\'', ddclient_conf) self.assertIn(f'{name}', ddclient_conf) def test_06_dyndns_vrf(self): -- cgit v1.2.3