Cloudflare DDNS invalid template VyOS 1.5

zneaks · November 8, 2023, 12:40pm

Hi,

Currently running 1.5-rolling-202311070942

Setting up DDNS for Cloudflare.

After applying the wanted config, the password has a comma appended to it, so when a request is sent to cloudflare, it returns invalid format for Authorization header. I noticed the same happens when using the Cloudflare global API key.

If I remove the extra comma from ddclient.conf, the next run works flawlessly

root@xx-vyos-01:~# cat /run/ddclient/ddclient.conf
### Autogenerated by dns_dynamic.py ###
daemon=60
syslog=yes
ssl=yes
pid=/run/ddclient/ddclient.pid
cache=/run/ddclient/ddclient.cache
web=googledomains
use=no


# Web service dynamic DNS configuration for Cloudflare: [cloudflare, xx.host.com]
usev4=ifv4, \
ifv4=eth1, \
usev6=ifv6, \
ifv6=eth1, \
protocol=cloudflare, \
zone=xx.com, \
login=token, \
password=aaaaaaaaaaaAAAAAAAAAAAAAAAAAAA, \
min-interval=60 \
xx.host.com

Nov 08 23:38:19 ddclient[8883]: WARNING:  'if-skip' is deprecated and does nothing for IPv4
Nov 08 23:38:19 ddclient[8886]: WARNING:  'if-skip' is deprecated and does nothing for IPv6
Nov 08 23:38:19 ddclient[8889]: INFO:     forcing updating xx.host.com because no cached entry exists.
Nov 08 23:38:19 ddclient[8890]: INFO:     getting Cloudflare Zone ID for xx.host.com
Nov 08 23:38:19 ddclient[8891]: SENDING:  Curl system cmd to https://api.cloudflare.com
Nov 08 23:38:19 ddclient[8892]: SENDING:  silent
Nov 08 23:38:19 ddclient[8893]: SENDING:  include
Nov 08 23:38:19 ddclient[8894]: SENDING:  user-agent="ddclient/3.11.1"
Nov 08 23:38:19 ddclient[8895]: SENDING:  connect-timeout=120
Nov 08 23:38:19 ddclient[8896]: SENDING:  max-time=120
Nov 08 23:38:19 ddclient[8897]: SENDING:  request=GET
Nov 08 23:38:19 ddclient[8898]: SENDING:  url="https://api.cloudflare.com/client/v4/zones/?name=host.com"
Nov 08 23:38:19 ddclient[8899]: SENDING:  header="Content-Type: application/json"
Nov 08 23:38:19 ddclient[8900]: SENDING:  header="Authorization: Bearer aaaaaaaaaaaAAAAAAAAAAAAAAAAAAA,"
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  HTTP/2 400
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  date: Wed, 08 Nov 2023 12:38:19 GMT
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  content-type: application/json
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  cf-ray: 822ddf5309091f5b-MEL
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  cf-cache-status: DYNAMIC
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  expires: Sun, 25 Jan 1981 05:00:00 GMT
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  set-cookie: __cflb=0H28vgHxwvgAQtjUGUFqYFDiSDreGJnV1C5BgwRENi1; SameSite=Lax; path=/; expires=Wed, 08-Nov-23 15:08:20 GMT; HttpOnly
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  strict-transport-security: max-age=31536000
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  pragma: no-cache
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  x-content-type-options: nosniff
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  x-frame-options: SAMEORIGIN
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  set-cookie: __cfruid=45a7ef757fd1c710fd63d8ca32dc20ff12f82d9b-1699447099; path=/; domain=.api.cloudflare.com; HttpOnly; Secure; SameSite=None
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  server: cloudflare
Nov 08 23:38:19 ddclient[8904]: RECEIVE:
Nov 08 23:38:19 ddclient[8904]: RECEIVE:  {"success":false,"errors":[{"code":6003,"message":"Invalid request headers","error_chain":[{"code":6111,"message":"Invalid format for Authorization header"}]}],"messages":[],"result":null}
Nov 08 23:38:19 ddclient[8905]: FAILED:   updating xx.host.com: Could not connect to api.cloudflare.com/client/v4.

tomcat667 · November 8, 2023, 12:48pm

cloudflare was broke for few days, I´m not sure if all running fine the last few hours

check the status of the api is all ok

zneaks · November 8, 2023, 12:57pm

It’s not Cloudflare, look at the extra comma after the Bearer token

Apachez · November 8, 2023, 2:57pm

The \ you have in your post for that Cloudflare block do that character exist in the generated file aswell or did you add that?

Im thinking if the whole function should output stuff as:

key=value
key=value

Rather than:

key=value, key=value, …

github.com

vyos/vyos-1x/blob/b083e1bbf230d4e407bd9adb508197517d15bfb1/data/templates/dns-dynamic/ddclient.conf.j2#L66C68-L66C68


      
          login=config.username, password=config.password, ttl=config.ttl,

Edit: In your case, does it work if you manually alter the file so it becomes one key=value per row without the “,” and "" chars?

Like so:

# Web service dynamic DNS configuration for Cloudflare: [cloudflare, xx.host.com]
usev4=ifv4
ifv4=eth1
usev6=ifv6
ifv6=eth1
protocol=cloudflare
zone=xx.com
login=token
password=aaaaaaaaaaaAAAAAAAAAAAAAAAAAAA
min-interval=60
xx.host.com

indrajitr · November 8, 2023, 4:05pm

@zneaks you are right about the extra comma. Thanks for the use case!

ddclient config parsing gets quite fragile at times, PR coming up with a workaround.

zneaks · November 8, 2023, 10:14pm

What I posted was the generated file, only differences were me nulling identifiable values out.

It worked once I removed the comma from

password=aaaaaaaaaaaAAAAAAAAAAAAAAAAAAA, \

to

password=aaaaaaaaaaaAAAAAAAAAAAAAAAAAAA \

Once I made the above change it worked perfectly

indrajitr · November 8, 2023, 10:46pm

Fix: ddclient: T5708: Ensure password is always wrapped in quotes by indrajitr · Pull Request #2461 · vyos/vyos-1x · GitHub

zneaks · November 11, 2023, 4:00am

That worked perfectly, thanks @indrajitr