|
1. Perl
2. Bind8/Bind9 (要有nsupdate 指令)
3. Sendmail/Exim/qmail/Postfix (的 sendmail 指令)
4. MySQL/PostgreSQL (用作儲存帳號�,本筆記不用,改用file system)
解壓后把gnudip目錄拷貝到/usr/local下面���。
Mysql啟動使用/etc/rc.d/init.d下的腳本�����。
安裝GnuDip數(shù)據(jù)庫腳本:
# mysql --user=root -fvp < gnudip.mysql
修改 /usr/local/gnudip/etc/gnudip.conf����,令GnuDIP可以成功更新DNS�。
把生成的密鑰文件.key和.private都拷貝到/usr/local/gnudip/etc下.
# BIND nsupdate command
nsupdate = /usr/bin/nsupdate -v
nsupdate = -k /usr/local/gnudip/etc/Kgnudip-key.+157+xxxxx.private (就是剛才產(chǎn)生的key file)
在/etc/xinetd.conf 下面加入代碼
service gnudip
{
flags = REUSE
socket_type = stream
protocol = tcp
wait = no
user = nobody
server = /usr/local/gnudip/sbin/gdipinet.pl // 保證該文件的絕對路徑
bind = 0.0.0.0
}
Apache缺省配置文件:/etc/httpd/conf/httpd.conf
1. Apache改為由nobody用戶啟動
#User apache
#Group apache (可不設(shè)置)
User nobody
2. 添加GnuDip的頁面設(shè)置
Alias /gnudip/html/ /usr/local/gnudip/html/
<Location /gnudip/html/>
Options Indexes
ReadmeName .README
HeaderName .HEADER
RemoveHandler .pl
RemoveType .pl
AddType text/plain .pl
</Location>
ScriptAlias /gnudip/cgi-bin/ /usr/local/gnudip/cgi-bin/
確認一下/usr/local/gnudip/etc目錄下文件owner是nobody�,并且文件只nobody可讀。
/usr/local/gnudip/sbin 下運行
./ gdipadmin.pl username password
重啟Apache后就可以訪問了.
http://yourserver/gnudip/cgi-bin/gnudip.cgi
自服務(wù)URL:
http://yourserver/gnudip/cgi-bin/gnudip.cgi?action=signup
如果頁面報錯�����,訪問apache日志文件�����。
cd /usr/local/gnudip/sbin 目錄里面
然后執(zhí)行 ./gdipadmin.pl test 123456 為 gnudip server 添加用戶
gdipuseradd.pl –p password user domain
也可以在管理界面上添加。
ASCII is (of course) used for representing printable characters.
The client makes a TCP connection to the appropriate port on the server host. This port is normally 3495, but a GnuDIP site could choose another port.
As soon as the connection is established the server will send a randomly generated 10 character "salt" string. This is used in the following algorithm for hashing the password:
- Digest the user's password using the MD5 digest message digest algorithm. Convert the digest value (which is a binary value) to its hexadecimal character string representation (characters 0-9 and lower case a-f).
- Append a period (".") and the salt value to create a longer character string.
- Digest this longer character string and convert it to its hexadecimal character representation.
The update message character string is then transmited to the GnuDIP server. This must be in one of these forms:
- user_name:hashed_password:domain:0:address
This requests that the IP address provided be registered as the (only) address for FQDN user_name.domain.
In the most common case, the client would pass the address it detects at its end of the connection.
By default, for compatibility with earlier releases of GnuDIP, the GnuDIP server will allow the IP adddress to be omitted. If the IP address is not provided, the server writes a notice to the log, and the IP address the server detects at the other end of the connection is registered instead. Note that these two addresses will be the same unless the client is behind some sort of proxy. However a site operator may choose to override this backwards compatibility, in order to discourage the use of old clients.
In response to this message, the server will return one of:
This indicates an invalid login.
This indicates a successful update.
- user_name:hashed_password:domain:1
This requests that any IP address currently registered for FQDN user_name.domain be removed ("offline" request). The FQDN user_name.domain will no longer correspond to any IP address.
In response to this message, the server will return one of:
This indicates an invalid login.
This indicates a successful offline.
- user_name:hashed_password:domain:2
This requests that the server determine the IP address it sees at the client end of the connection, and register that as the (only) address for FQDN user_name.domain. This IP address will also be returned to the client.
In response to this message, the server will return one of:
This indicates an invalid login.
This indicates a successful update and provides the address that was registered.
The HTTP version of the protocol requires the client issue an HTTP GET request, parse the response, use MD5 to obscure the password, issue a second HTTP GET request and parse that response. We first give a conceptual overview, then a concrete example.
If a GnuDIP site operator follows the default installation procedure, the path part of the URL (the part after the host name) for the HTTP update server CGI script will be /gnudip/cgi-bin/gdipupdt.cgi.
In the first HTTP GET request, no query string (the part of an URL after the "?") is provided. It is interpreted as a "request for a salt". The response contains three pieces of data:
- a randomly generated 10 character "salt" string
- a "time salt generated" value
- a "signature"
These values are passed in HTML meta tags, as in this example:
<meta name="salt" content="XLCDgXvzSo">
<meta name="time" content="1002164730">
<meta name="sign" content="8278f108c83d822048ce0375bede5c15">
Each meta tag will be on its own line and left justified on the line. The white space gaps before "name=" and "content=" will each consist of a single space. The tags will be in the order shown. There will be no other HTML meta tags in the response.
The salt is used in the following algorithm for hashing the password:
- Digest the user's password using the MD5 digest message digest algorithm. Convert the digest value (which is a binary value) to its hexadecimal character string representation (characters 0-9 and lower case a-f).
- Append a period (".") and the salt value to create a longer character string.
- Digest this longer character string and convert it to its hexadecimal character representation.
Now the second HTTP GET request is issued. In this request the query string (the part of an URL after the "?") contains the following parameters:
- the "salt" from the first response ("salt=")
- the "time salt generated" value from the first response ("time=")
- the "signature" from the first response ("sign=")
- the GnuDIP user name ("user=")
- the GnuDIP domain name ("domn=")
- the MD5 digested password created above ("pass=")
- the server "request code" ("reqc="):
- "0" - register the address passed with this request
- "1" - go offline
- "2" - register the address you see me at, and pass it back to me
- the IP address to be registered, if the request code is "0" ("addr=")
A request with a request code of "0" and an address of "0.0.0.0" will be treated as an offline request.
This is an example of a query string:
salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4
The response to the second request contains:
- the return code
- "0" - successful update
- "1" - invalid login (or other problem)
- "2" - successful offline
- the IP address that the server registered, for request code "2"
These values are again passed in HTML meta tags, as in this example:
<meta name="retc" content="0">
<meta name="addr" content="24.81.172.128">
Each meta tag will be on its own line and left justified on the line. The white space gaps before "name=" and "content=" will each consist of a single space. The tags will be in the order shown. There will be no other HTML meta tags in the response.
This protocol allows the GnuDIP server to "time out" the prompt. If the response does not come within 60 seconds (for example), it would be denied. The signature is generated using a key known only to the server. This allows the server to know that the "salt" and "time generated" value are valid, without having to maintain state information on the server side.
======> REQUEST SALT
GET /gnudip/cgi-bin/gdipupdt.cgi HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:05:30 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="salt" content="XLCDgXvzSo">
<meta name="time" content="1002164730">
<meta name="sign" content="8278f108c83d822048ce0375bede5c15">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Salt generated
</center>
</body>
</html>
======> REQUEST UPDATE PROVIDING ADDRESS
GET /gnudip/cgi-bin/gdipupdt.cgi?salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4 HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:05:30 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="retc" content="0">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Successful update request
</center>
</body>
</html>
======> REQUEST SALT
GET /gnudip/cgi-bin/gdipupdt.cgi HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:05:55 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="salt" content="LNTVoHkDnW">
<meta name="time" content="1002164756">
<meta name="sign" content="ce0d8f34a8b4e1263208230fdce9b54d">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Salt generated
</center>
</body>
</html>
======> OFFLINE REQUEST
GET /gnudip/cgi-bin/gdipupdt.cgi?salt=LNTVoHkDnW&time=1002164756&sign=ce0d8f34a8b4e1263208230fdce9b54d&user=gnudip&pass=05d5e9b575fd1b6a36412af5e2f59973&domn=dyn.mpis.net&reqc=1 HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:05:56 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="retc" content="2">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Successful offline request
</center>
</body>
</html>
======> REQUEST SALT
GET /gnudip/cgi-bin/gdipupdt.cgi HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:06:59 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="salt" content="FWhclL9QKf">
<meta name="time" content="1002164819">
<meta name="sign" content="db1bb954db78f1fbe9749e063f770636">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Salt generated
</center>
</body>
</html>
======> REQUEST UPDATE WITH ADDRESS SEEN BY SERVER
GET /gnudip/cgi-bin/gdipupdt.cgi?salt=FWhclL9QKf&time=1002164819&sign=db1bb954db78f1fbe9749e063f770636&user=gnudip&pass=ce2fe5f986d7e2f31060aeb35d4b9c2e&domn=dyn.mpis.net&reqc=2 HTTP/1.0
User-Agent: GnuDIP/2.3.3
Pragma: no-cache
Host: www.2mbit.com:80
<======
HTTP/1.1 200 OK
Date: Thu, 04 Oct 2001 03:07:00 GMT
Server: Apache/1.3.20 (Unix) (Red-Hat/Linux)
Connection: close
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www./TR/html4/loose.dtd">
<html>
<head>
<title>
GnuDIP Update Server
</title>
<meta name="retc" content="0">
<meta name="addr" content="24.81.172.128">
</head>
<body>
<center>
<h2>
GnuDIP Update Server
</h2>
Successful update request
</center>
</body>
</html>
添加普通用戶
# gdipuseradd.pl -h
usage: gdipuseradd.pl { -h | [-p password] [-m email] user domain }
usage: Add GnuDIP user "user" within domain "domain" with
usage: password "password" and (optionally) E-mail address "email".
usage: -h: Print this usage message.
usage: -p: Specify clear text password. The stored password will the MD5
usage: hash of this value. Password is disabled if not specified.
usage: -m: Specify E-mail address.
若用戶已經(jīng)存在�,返回信息如下:
User "user.domain" already exists
若用戶不存在�����,返回信息如下:
Added user "user.domain"
修改普通用戶
# gdipusermod.pl -h
usage: gdipusermod.pl { -h |
usage: [-m email] [-p password] [-x rawpassword]
usage: [-w {YES|NO}] [-y {YES|NO}] [-r]
usage: user domain }
usage: Modify GnuDIP user "user" within domain "domain".
usage: -h: Print this usage message.
usage: -m: Specify E-mail address.
usage: -p: Specify clear text password. The stored password will
usage: the MD5 hash of this value.
usage: -x: Specify the hashed password. This will be stored as
usage: password hash value without any change.
usage: -w: Allow ("YES") or disallow ("NO") wild cards.
usage: -y: Allow ("YES") or disallow ("NO") MX records.
usage: -r: Remove all DNS information.
普通用戶刪除
# gdipuserdel.pl -h
usage: gdipuserdel.pl { -h | user domain }
usage: Delete GnuDIP user "user" within domain "domain".
usage: -h: Print this usage message.
查詢普通用戶信息
# gdipuserget.pl -h
usage: gdipuserget.pl { -h | user domain }
usage: Display GnuDIP user "user" within domain "domain".
usage: -h: Print this usage message.
Here is a demonstration of their use:
# gdipuseradd.pl -p testpass -m rob@demo.com rob dyn.yourhost.com
Added user "rob.dyn.yourhost.com"
After logging in as "rob.dyn.yourhost.com" and setting the IP address:
# ping rob.dyn.yourhost.com
PING rob.dyn.yourhost.com (127.0.0.1): 56 octets data
64 octets from 127.0.0.1: icmp_seq=0 ttl=255 time=0.2 ms
64 octets from 127.0.0.1: icmp_seq=1 ttl=255 time=0.1 ms
--- rob.dyn.yourhost.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.2 ms
# gdipuserget.pl rob dyn.yourhost.com
Retrieved user "rob.dyn.yourhost.com"
MXbackup = NO
wildcard = NO
password = 179ad45c6ce2cb97cf1029e212046e81
forwardurl =
allowmx = NO
MXvalue =
autourlon =
level = USER
currentip = 127.0.0.1
username = rob
allowwild = NO
updated = 2002-05-24 20:43:01
domain = dyn.yourhost.com
email = rob@demo.com
# gdipusermod.pl -m dummy@yourhost.com rob dyn.yourhost.com
Updated user "rob.dyn.yourhost.com"
# gdipuserget.pl rob dyn.yourhost.com
Retrieved user "rob.dyn.yourhost.com"
MXbackup = NO
wildcard = NO
password =
forwardurl =
allowmx = NO
MXvalue =
autourlon =
level = USER
currentip = 127.0.0.1
username = rob
allowwild = NO
updated = 2002-05-24 20:44:15
domain = dyn.yourhost.com
email = dummy@yourhost.com
# gdipuserdel.pl rob dyn.yourhost.com
User "rob.dyn.yourhost.com" has been deleted and removed from DNS
# ping rob.dyn.yourhost.com
ping: unknown host rob.dyn.yourhost.com
The "parameter = value" lines printed by gdipuserget.pl go to standard output. All of the other messages from these commands go to standard error.
The return codes are:
- 0 - Success
- 1 - User not found or already exists, as appropriate
- 2 - User error or configuration error - message(s) issued
下載gnudip-2.3.5-gdipc-sa.exe
C:/gdipc/gdipc -c
其中��,
Username: 服務(wù)器分配的用戶名
Domain: 服務(wù)器指定的域名
Password: 服務(wù)器設(shè)定的口令
可以選擇TCP或HTTP模式���。
配置寫入文件:gdipc.conf.txt
[Note]:
用戶的動態(tài)域名= [Username].[Domain]
C:/gdipc/gdipc
|
