diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-19 15:46:51 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-12-19 15:46:51 +0200 |
commit | 9896bd62c08a160b75a2dc6c969b4b14eea3d3fa (patch) | |
tree | f6845d8754b3b692903eb5dc6cf58d65944ec1c6 | |
parent | e11146fd1b10a8cf565ddf0c73b555ccfed21b59 (diff) | |
download | dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.gz dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.bz2 |
vhostcname: add checks for domain name validity
* vhostcname/vhostcname: New option --allow-wildcard-domains.
(valid_domain_name): new sub
(get_cnames): Skip domain names that don't pass the validity
check.
-rwxr-xr-x | vhostcname/vhostcname | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname index 917cd73..359101c 100755 --- a/vhostcname/vhostcname +++ b/vhostcname/vhostcname @@ -34,12 +34,13 @@ my @tsig_args; # Arguments to sing_tsig (path to the DNSSEC key file, or # the key name and hash. my $ttl = 3600; # Default TTL. my $confdir; # Apache configuration directory. my $confpat = "*"; # A globbing pattern for Apache configuration files. my $dry_run; # Dry-run mode. my $debug; # Debug level. +my $allow_wildcard_domains; my $help; # Display help summary. my $man; # Ditto in manpage format. my $status = 0; # Default exit status. @@ -73,33 +74,61 @@ sub read_config_file($) { next if ($_ eq ""); unshift(@ARGV, "--$_"); } close($fd); } +# Domain names may be formed from the set of alphanumeric ASCII characters +# (a-z, A-Z, 0-9). In addition the hyphen is permitted if it is surrounded +# by characters, digits or hyphens, although it is not to start or end a +# label. +sub valid_domain_name { + my $name = shift; + $name =~ s/^\*\.// if ($allow_wildcard_domains); + foreach my $label (split(/\./, $name)) { + $label =~ s/-+/-/g; + $label =~ s/[a-zA-Z0-9]-[a-zA-Z0-9]//g; + return 0 if $label =~ /^-/ or $label =~ /-$/; + return 0 if $label =~ /[^a-zA-Z0-9]/; + } + return 1; +} + sub get_cnames($) { my $dir = shift; my %ret; foreach my $file (glob "$dir/$confpat") { next unless (-f $file); print STDERR "$script: reading cnames from $file\n" if ($debug > 2); open(my $fd, "<", $file) or do { err("can't open file $file: $!"); next; }; + my $line = 0; while (<$fd>) { s/#.*//; s/^\s+//; s/\s+$//; next if (/^$/); if (/^Server(Name|Alias)\s+(.*)/) { foreach my $name (split /\s+/, $2) { + unless (valid_domain_name($name)) { + print STDERR "$script: $file:$line: $name: invalid domain name\n"; + next; + } foreach my $z (@zone) { - $ret{$name} = $z if ($name =~ /.*\.$z/); + if ($name =~ /.*\.$z$/) { + if ($name =~ /^\*\.(.+)/ and $1 eq $z) { + print STDERR "$script: $file:$line: $name: first-level wildcard\n"; + next; + } + $ret{$name} = $z; + last; + } } } } } close($fd) } @@ -282,12 +311,13 @@ GetOptions("help" => \$man, } }, "cname-file=s" => \$cnamelist, "zone|z=s@" => \@zone, "ttl=i" => \$ttl, "server=s" => \$nameserver, + "allow-wildcard-domains" => \$allow_wildcard_domains ) or exit(3); pod2usage(-message => "$script: update DNS from Apache virtual host configuration", -exitstatus => 0) if $help; pod2usage(-exitstatus => 0, -verbose => 2) if $man; @@ -423,12 +453,18 @@ Ignored =back =head1 OPTIONS =over 4 +=item B<--allow-wildcard-domains> + +Allow the use of wildcard (B<*>). When this option is in effect, a wildcard +will be allowed if it is the very first label in a domain name and it is +separated from the base zone (see the B<--zone> option) by one or more labels. + =item B<--apache-config-directory=>I<DIR> Sets the Apache configuration directory. I<DIR> should be either a directory where virtual configuration file are located or a directory which hosts the B<sites-available> and B<sites-enabled> directories. In the latter case, B<vhostcname> will look for files matching B<apache-config-pattern> in |