aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2014-12-19 15:46:51 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2014-12-19 15:46:51 +0200
commit9896bd62c08a160b75a2dc6c969b4b14eea3d3fa (patch)
treef6845d8754b3b692903eb5dc6cf58d65944ec1c6
parente11146fd1b10a8cf565ddf0c73b555ccfed21b59 (diff)
downloaddnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.gz
dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.bz2
vhostcname: add checks for domain name validity
* vhostcname/vhostcname: New option --allow-wildcard-domains. (valid_domain_name): new sub (get_cnames): Skip domain names that don't pass the validity check.
-rwxr-xr-xvhostcname/vhostcname38
1 files changed, 37 insertions, 1 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname
index 917cd73..359101c 100755
--- a/vhostcname/vhostcname
+++ b/vhostcname/vhostcname
@@ -34,12 +34,13 @@ my @tsig_args; # Arguments to sing_tsig (path to the DNSSEC key file, or
# the key name and hash.
my $ttl = 3600; # Default TTL.
my $confdir; # Apache configuration directory.
my $confpat = "*"; # A globbing pattern for Apache configuration files.
my $dry_run; # Dry-run mode.
my $debug; # Debug level.
+my $allow_wildcard_domains;
my $help; # Display help summary.
my $man; # Ditto in manpage format.
my $status = 0; # Default exit status.
@@ -73,33 +74,61 @@ sub read_config_file($) {
next if ($_ eq "");
unshift(@ARGV, "--$_");
}
close($fd);
}
+# Domain names may be formed from the set of alphanumeric ASCII characters
+# (a-z, A-Z, 0-9). In addition the hyphen is permitted if it is surrounded
+# by characters, digits or hyphens, although it is not to start or end a
+# label.
+sub valid_domain_name {
+ my $name = shift;
+ $name =~ s/^\*\.// if ($allow_wildcard_domains);
+ foreach my $label (split(/\./, $name)) {
+ $label =~ s/-+/-/g;
+ $label =~ s/[a-zA-Z0-9]-[a-zA-Z0-9]//g;
+ return 0 if $label =~ /^-/ or $label =~ /-$/;
+ return 0 if $label =~ /[^a-zA-Z0-9]/;
+ }
+ return 1;
+}
+
sub get_cnames($) {
my $dir = shift;
my %ret;
foreach my $file (glob "$dir/$confpat") {
next unless (-f $file);
print STDERR "$script: reading cnames from $file\n" if ($debug > 2);
open(my $fd, "<", $file) or do {
err("can't open file $file: $!");
next;
};
+ my $line = 0;
while (<$fd>) {
s/#.*//;
s/^\s+//;
s/\s+$//;
next if (/^$/);
if (/^Server(Name|Alias)\s+(.*)/) {
foreach my $name (split /\s+/, $2) {
+ unless (valid_domain_name($name)) {
+ print STDERR "$script: $file:$line: $name: invalid domain name\n";
+ next;
+ }
foreach my $z (@zone) {
- $ret{$name} = $z if ($name =~ /.*\.$z/);
+ if ($name =~ /.*\.$z$/) {
+ if ($name =~ /^\*\.(.+)/ and $1 eq $z) {
+ print STDERR "$script: $file:$line: $name: first-level wildcard\n";
+ next;
+ }
+ $ret{$name} = $z;
+ last;
+ }
}
}
}
}
close($fd)
}
@@ -282,12 +311,13 @@ GetOptions("help" => \$man,
}
},
"cname-file=s" => \$cnamelist,
"zone|z=s@" => \@zone,
"ttl=i" => \$ttl,
"server=s" => \$nameserver,
+ "allow-wildcard-domains" => \$allow_wildcard_domains
) or exit(3);
pod2usage(-message => "$script: update DNS from Apache virtual host configuration",
-exitstatus => 0) if $help;
pod2usage(-exitstatus => 0, -verbose => 2) if $man;
@@ -423,12 +453,18 @@ Ignored
=back
=head1 OPTIONS
=over 4
+=item B<--allow-wildcard-domains>
+
+Allow the use of wildcard (B<*>). When this option is in effect, a wildcard
+will be allowed if it is the very first label in a domain name and it is
+separated from the base zone (see the B<--zone> option) by one or more labels.
+
=item B<--apache-config-directory=>I<DIR>
Sets the Apache configuration directory. I<DIR> should be either a directory
where virtual configuration file are located or a directory which hosts the
B<sites-available> and B<sites-enabled> directories. In the latter case,
B<vhostcname> will look for files matching B<apache-config-pattern> in

Return to:

Send suggestions and report system problems to the System administrator.