您的位置：首页 > 其它

GNUDip软件安装和使用

2008-01-08 17:08 375 查看

1.原理

2.环境准备

1.Perl
2.Bind8/Bind9(要有nsupdate指令)
3.Sendmail/Exim/qmail/Postfix(的sendmail指令)
4.MySQL/PostgreSQL(用作儲存帳號，本筆記不用，改用filesystem)

3.安装过程

3.1.安装GNUDip软件

解压后把gnudip目录拷贝到/usr/local下面。

3.2.数据库脚本

Mysql启动使用/etc/rc.d/init.d下的脚本。
安装GnuDip数据库脚本:
#mysql--user=root-fvp<gnudip.mysql

3.3.Gnudip配置

修改/usr/local/gnudip/etc/gnudip.conf，令GnuDIP可以成功更新DNS。
把生成的密钥文件.key和.private都拷贝到/usr/local/gnudip/etc下.
#BINDnsupdatecommand
nsupdate=/usr/bin/nsupdate-v
nsupdate=-k/usr/local/gnudip/etc/Kgnudip-key.+157+xxxxx.private(就是剛才產生的keyfile)

3.4.启动

在/etc/xinetd.conf下面加入代码
servicegnudip
{
flags=REUSE
socket_type=stream
protocol=tcp
wait=no
user=nobody
server=/usr/local/gnudip/sbin/gdipinet.pl//保证该文件的绝对路径
bind=0.0.0.0
}

4.WEB环境配置

4.1.配置Apache

Apache缺省配置文件：/etc/httpd/conf/httpd.conf

1．Apache改为由nobody用户启动
#Userapache
#Groupapache(可不设置)
Usernobody
2．添加GnuDip的页面设置

Alias/gnudip/html//usr/local/gnudip/html/

<Location/gnudip/html/>

OptionsIndexes

ReadmeName.README

HeaderName.HEADER

RemoveHandler.pl

RemoveType.pl

AddTypetext/plain.pl

</Location>

ScriptAlias/gnudip/cgi-bin//usr/local/gnudip/cgi-bin/

4.2.确认Gnudip配置文件属性

确认一下/usr/local/gnudip/etc目录下文件owner是nobody，并且文件只nobody可读。

4.3.添加WEB管理员

/usr/local/gnudip/sbin下运行
./gdipadmin.plusernamepassword

4.4.访问WEB工具

重启Apache后就可以访问了.yourserver/gnudip/cgi-bin/gnudip.cgi'target='_blank'>http://yourserver/gnudip/cgi-bin/gnudip.cgi自服务URL:

http://yourserver/gnudip/cgi-bin/gnudip.cgi?action=signup

如果页面报错，访问apache日志文件。

4.5.添加用户

cd/usr/local/gnudip/sbin目录里面
然后执行./gdipadmin.pltest123456为gnudipserver添加用户
gdipuseradd.pl–ppassworduserdomain

也可以在管理界面上添加。

5.TCP协议

ASCIIis(ofcourse)usedforrepresentingprintablecharacters.
TheclientmakesaTCPconnectiontotheappropriateportontheserverhost.Thisportisnormally3495,butaGnuDIPsitecouldchooseanotherport.
Assoonastheconnectionisestablishedtheserverwillsendarandomlygenerated10character"salt"string.Thisisusedinthefollowingalgorithmforhashingthepassword:

Digesttheuser'spasswordusingtheMD5digestmessagedigestalgorithm.Convertthedigestvalue(whichisabinaryvalue)toitshexadecimalcharacterstringrepresentation(characters0-9andlowercasea-f).

Appendaperiod(".")andthesaltvaluetocreatealongercharacterstring.

Digestthislongercharacterstringandconvertittoitshexadecimalcharacterrepresentation.

TheupdatemessagecharacterstringisthentransmitedtotheGnuDIPserver.Thismustbeinoneoftheseforms:

user_name:hashed_password:domain:0:address

ThisrequeststhattheIPaddressprovidedberegisteredasthe(only)addressforFQDNuser_name.domain.
Inthemostcommoncase,theclientwouldpasstheaddressitdetectsatitsendoftheconnection.
Bydefault,forcompatibilitywithearlierreleasesofGnuDIP,theGnuDIPserverwillallowtheIPadddresstobeomitted.IftheIPaddressisnotprovided,theserverwritesanoticetothelog,andtheIPaddresstheserverdetectsattheotherendoftheconnectionisregisteredinstead.Notethatthesetwoaddresseswillbethesameunlesstheclientisbehindsomesortofproxy.Howeverasiteoperatormaychoosetooverridethisbackwardscompatibility,inordertodiscouragetheuseofoldclients.
Inresponsetothismessage,theserverwillreturnoneof:

1

Thisindicatesaninvalidlogin.

0

Thisindicatesasuccessfulupdate.

user_name:hashed_password:domain:1

ThisrequeststhatanyIPaddresscurrentlyregisteredforFQDNuser_name.domainberemoved("offline"request).TheFQDNuser_name.domainwillnolongercorrespondtoanyIPaddress.
Inresponsetothismessage,theserverwillreturnoneof:

1

Thisindicatesaninvalidlogin.

2

Thisindicatesasuccessfuloffline.

user_name:hashed_password:domain:2

ThisrequeststhattheserverdeterminetheIPaddressitseesattheclientendoftheconnection,andregisterthatasthe(only)addressforFQDNuser_name.domain.ThisIPaddresswillalsobereturnedtotheclient.
Inresponsetothismessage,theserverwillreturnoneof:

1

Thisindicatesaninvalidlogin.

0:address

Thisindicatesasuccessfulupdateandprovidestheaddressthatwasregistered.

6.HTTP协议

TheHTTPversionoftheprotocolrequirestheclientissueanHTTPGETrequest,parsetheresponse,useMD5toobscurethepassword,issueasecondHTTPGETrequestandparsethatresponse.Wefirstgiveaconceptualoverview,thenaconcreteexample.
IfaGnuDIPsiteoperatorfollowsthedefaultinstallationprocedure,thepathpartoftheURL(thepartafterthehostname)fortheHTTPupdateserverCGIscriptwillbe/gnudip/cgi-bin/gdipupdt.cgi.
InthefirstHTTPGETrequest,noquerystring(thepartofanURLafterthe"?")isprovided.Itisinterpretedasa"requestforasalt".Theresponsecontainsthreepiecesofdata:

arandomlygenerated10character"salt"string

a"timesaltgenerated"value

a"signature"

ThesevaluesarepassedinHTMLmetatags,asinthisexample:
<metaname="salt"content="XLCDgXvzSo">
<metaname="time"content="1002164730">
<metaname="sign"content="8278f108c83d822048ce0375bede5c15">
Eachmetatagwillbeonitsownlineandleftjustifiedontheline.Thewhitespacegapsbefore"name="and"content="willeachconsistofasinglespace.Thetagswillbeintheordershown.TherewillbenootherHTMLmetatagsintheresponse.
Thesaltisusedinthefollowingalgorithmforhashingthepassword:

Digesttheuser'spasswordusingtheMD5digestmessagedigestalgorithm.Convertthedigestvalue(whichisabinaryvalue)toitshexadecimalcharacterstringrepresentation(characters0-9andlowercasea-f).

Appendaperiod(".")andthesaltvaluetocreatealongercharacterstring.

Digestthislongercharacterstringandconvertittoitshexadecimalcharacterrepresentation.

NowthesecondHTTPGETrequestisissued.Inthisrequestthequerystring(thepartofanURLafterthe"?")containsthefollowingparameters:

the"salt"fromthefirstresponse("salt=")

the"timesaltgenerated"valuefromthefirstresponse("time=")

the"signature"fromthefirstresponse("sign=")

theGnuDIPusername("user=")

theGnuDIPdomainname("domn=")

theMD5digestedpasswordcreatedabove("pass=")

theserver"requestcode"("reqc="):

"0"-registertheaddresspassedwiththisrequest

"1"-gooffline

"2"-registertheaddressyouseemeat,andpassitbacktome

theIPaddresstoberegistered,iftherequestcodeis"0"("addr=")

Arequestwitharequestcodeof"0"andanaddressof"0.0.0.0"willbetreatedasanofflinerequest.
Thisisanexampleofaquerystring:
salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4
Theresponsetothesecondrequestcontains:

thereturncode

"0"-successfulupdate

"1"-invalidlogin(orotherproblem)

"2"-successfuloffline

theIPaddressthattheserverregistered,forrequestcode"2"

ThesevaluesareagainpassedinHTMLmetatags,asinthisexample:
<metaname="retc"content="0">
<metaname="addr"content="24.81.172.128">
Eachmetatagwillbeonitsownlineandleftjustifiedontheline.Thewhitespacegapsbefore"name="and"content="willeachconsistofasinglespace.Thetagswillbeintheordershown.TherewillbenootherHTMLmetatagsintheresponse.
ThisprotocolallowstheGnuDIPserverto"timeout"theprompt.Iftheresponsedoesnotcomewithin60seconds(forexample),itwouldbedenied.Thesignatureisgeneratedusingakeyknownonlytotheserver.Thisallowstheservertoknowthatthe"salt"and"timegenerated"valuearevalid,withouthavingtomaintainstateinformationontheserverside.

6.1.交互例子

======>REQUESTSALT

GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:05:30GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="salt"content="XLCDgXvzSo">

<metaname="time"content="1002164730">

<metaname="sign"content="8278f108c83d822048ce0375bede5c15">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Saltgenerated

</center>

</body>

</html>

======>REQUESTUPDATEPROVIDINGADDRESS

GET/gnudip/cgi-bin/gdipupdt.cgi?salt=XLCDgXvzSo&time=1002164730&sign=8278f108c83d822048ce0375bede5c15&user=gnudip&pass=305dff8b78e694a02eafb0c19e48292f&domn=dyn.mpis.net&reqc=0&addr=192.168.0.4HTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:05:30GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="retc"content="0">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Successfulupdaterequest

</center>

</body>

</html>

======>REQUESTSALT

GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:05:55GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="salt"content="LNTVoHkDnW">

<metaname="time"content="1002164756">

<metaname="sign"content="ce0d8f34a8b4e1263208230fdce9b54d">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Saltgenerated

</center>

</body>

</html>

======>OFFLINEREQUEST

GET/gnudip/cgi-bin/gdipupdt.cgi?salt=LNTVoHkDnW&time=1002164756&sign=ce0d8f34a8b4e1263208230fdce9b54d&user=gnudip&pass=05d5e9b575fd1b6a36412af5e2f59973&domn=dyn.mpis.net&reqc=1HTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:05:56GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="retc"content="2">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Successfulofflinerequest

</center>

</body>

</html>

======>REQUESTSALT

GET/gnudip/cgi-bin/gdipupdt.cgiHTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:06:59GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="salt"content="FWhclL9QKf">

<metaname="time"content="1002164819">

<metaname="sign"content="db1bb954db78f1fbe9749e063f770636">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Saltgenerated

</center>

</body>

</html>

======>REQUESTUPDATEWITHADDRESSSEENBYSERVER

GET/gnudip/cgi-bin/gdipupdt.cgi?salt=FWhclL9QKf&time=1002164819&sign=db1bb954db78f1fbe9749e063f770636&user=gnudip&pass=ce2fe5f986d7e2f31060aeb35d4b9c2e&domn=dyn.mpis.net&reqc=2HTTP/1.0

User-Agent:GnuDIP/2.3.3

Pragma:no-cache

Host:www.2mbit.com:80

<======

HTTP/1.1200OK

Date:Thu,04Oct200103:07:00GMT

Server:Apache/1.3.20(Unix)(Red-Hat/Linux)

Connection:close

Content-Type:text/html

<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"

"http://www.w3.org/TR/html4/loose.dtd">

<html>

<head>

<title>

GnuDIPUpdateServer

</title>

<metaname="retc"content="0">

<metaname="addr"content="24.81.172.128">

</head>

<body>

<center>

<h2>

GnuDIPUpdateServer

</h2>

Successfulupdaterequest

</center>

</body>

</html>

7.命令集

添加普通用户
#gdipuseradd.pl-h
usage:gdipuseradd.pl{-h|[-ppassword][-memail]userdomain}
usage:AddGnuDIPuser"user"withindomain"domain"with
usage:password"password"and(optionally)E-mailaddress"email".
usage:-h:Printthisusagemessage.
usage:-p:Specifycleartextpassword.ThestoredpasswordwilltheMD5
usage:hashofthisvalue.Passwordisdisabledifnotspecified.
usage:-m:SpecifyE-mailaddress.
若用户已经存在，返回信息如下：
User"user.domain"alreadyexists
若用户不存在，返回信息如下：
Addeduser"user.domain"

修改普通用户
#gdipusermod.pl-h
usage:gdipusermod.pl{-h|
usage:[-memail][-ppassword][-xrawpassword]
usage:[-w{YES|NO}][-y{YES|NO}][-r]
usage:userdomain}
usage:ModifyGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.
usage:-m:SpecifyE-mailaddress.
usage:-p:Specifycleartextpassword.Thestoredpasswordwill
usage:theMD5hashofthisvalue.
usage:-x:Specifythehashedpassword.Thiswillbestoredas
usage:passwordhashvaluewithoutanychange.
usage:-w:Allow("YES")ordisallow("NO")wildcards.
usage:-y:Allow("YES")ordisallow("NO")MXrecords.
usage:-r:RemoveallDNSinformation.

普通用户删除
#gdipuserdel.pl-h
usage:gdipuserdel.pl{-h|userdomain}
usage:DeleteGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.

查询普通用户信息
#gdipuserget.pl-h
usage:gdipuserget.pl{-h|userdomain}
usage:DisplayGnuDIPuser"user"withindomain"domain".
usage:-h:Printthisusagemessage.
Hereisademonstrationoftheiruse:
#gdipuseradd.pl-ptestpass-mrob@demo.comrobdyn.yourhost.com
Addeduser"rob.dyn.yourhost.com"
Afterlogginginas"rob.dyn.yourhost.com"andsettingtheIPaddress:
#pingrob.dyn.yourhost.com
PINGrob.dyn.yourhost.com(127.0.0.1):56octetsdata
64octetsfrom127.0.0.1:icmp_seq=0ttl=255time=0.2ms
64octetsfrom127.0.0.1:icmp_seq=1ttl=255time=0.1ms

---rob.dyn.yourhost.compingstatistics---
2packetstransmitted,2packetsreceived,0%packetloss
round-tripmin/avg/max=0.1/0.1/0.2ms
#gdipuserget.plrobdyn.yourhost.com
Retrieveduser"rob.dyn.yourhost.com"
MXbackup=NO
wildcard=NO
password=179ad45c6ce2cb97cf1029e212046e81
forwardurl=
allowmx=NO
MXvalue=
autourlon=
level=USER
currentip=127.0.0.1
username=rob
allowwild=NO
updated=2002-05-2420:43:01
domain=dyn.yourhost.com
email=rob@demo.com
#gdipusermod.pl-mdummy@yourhost.comrobdyn.yourhost.com
Updateduser"rob.dyn.yourhost.com"
#gdipuserget.plrobdyn.yourhost.com
Retrieveduser"rob.dyn.yourhost.com"
MXbackup=NO
wildcard=NO
password=
forwardurl=
allowmx=NO
MXvalue=
autourlon=
level=USER
currentip=127.0.0.1
username=rob
allowwild=NO
updated=2002-05-2420:44:15
domain=dyn.yourhost.com
email=dummy@yourhost.com
#gdipuserdel.plrobdyn.yourhost.com
User"rob.dyn.yourhost.com"hasbeendeletedandremovedfromDNS
#pingrob.dyn.yourhost.com
ping:unknownhostrob.dyn.yourhost.com
The"parameter=value"linesprintedbygdipuserget.plgotostandardoutput.Alloftheothermessagesfromthesecommandsgotostandarderror.
Thereturncodesare:

0-Success

1-Usernotfoundoralreadyexists,asappropriate

2-Usererrororconfigurationerror-message(s)issued

8.客户端gdipc的使用

下载gnudip-2.3.5-gdipc-sa.exe

8.1.配置：

C:/gdipc/gdipc-c
其中，
Username:服务器分配的用户名
Domain:服务器指定的域名
Password:服务器设定的口令
可以选择TCP或HTTP模式。
配置写入文件:gdipc.conf.txt
[Note]:
用户的动态域名=[Username].[Domain]

8.2.运行

C:/gdipc/gdipc

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航