summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-12-19 13:46:51 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-12-19 13:46:51 (GMT)
commit9896bd62c08a160b75a2dc6c969b4b14eea3d3fa (patch) (side-by-side diff)
treef6845d8754b3b692903eb5dc6cf58d65944ec1c6
parente11146fd1b10a8cf565ddf0c73b555ccfed21b59 (diff)
downloaddnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.gz
dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.bz2
vhostcname: add checks for domain name validity
* vhostcname/vhostcname: New option --allow-wildcard-domains. (valid_domain_name): new sub (get_cnames): Skip domain names that don't pass the validity check.
Diffstat (more/less context) (show whitespace changes)
-rwxr-xr-xvhostcname/vhostcname38
1 files changed, 37 insertions, 1 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname
index 917cd73..359101c 100755
--- a/vhostcname/vhostcname
+++ b/vhostcname/vhostcname
@@ -37,6 +37,7 @@ my $confdir; # Apache configuration directory.
my $confpat = "*"; # A globbing pattern for Apache configuration files.
my $dry_run; # Dry-run mode.
my $debug; # Debug level.
+my $allow_wildcard_domains;
my $help; # Display help summary.
my $man; # Ditto in manpage format.
@@ -76,6 +77,22 @@ sub read_config_file($) {
close($fd);
}
+# Domain names may be formed from the set of alphanumeric ASCII characters
+# (a-z, A-Z, 0-9). In addition the hyphen is permitted if it is surrounded
+# by characters, digits or hyphens, although it is not to start or end a
+# label.
+sub valid_domain_name {
+ my $name = shift;
+ $name =~ s/^\*\.// if ($allow_wildcard_domains);
+ foreach my $label (split(/\./, $name)) {
+ $label =~ s/-+/-/g;
+ $label =~ s/[a-zA-Z0-9]-[a-zA-Z0-9]//g;
+ return 0 if $label =~ /^-/ or $label =~ /-$/;
+ return 0 if $label =~ /[^a-zA-Z0-9]/;
+ }
+ return 1;
+}
+
sub get_cnames($) {
my $dir = shift;
my %ret;
@@ -88,6 +105,7 @@ sub get_cnames($) {
err("can't open file $file: $!");
next;
};
+ my $line = 0;
while (<$fd>) {
s/#.*//;
s/^\s+//;
@@ -95,8 +113,19 @@ sub get_cnames($) {
next if (/^$/);
if (/^Server(Name|Alias)\s+(.*)/) {
foreach my $name (split /\s+/, $2) {
+ unless (valid_domain_name($name)) {
+ print STDERR "$script: $file:$line: $name: invalid domain name\n";
+ next;
+ }
foreach my $z (@zone) {
- $ret{$name} = $z if ($name =~ /.*\.$z/);
+ if ($name =~ /.*\.$z$/) {
+ if ($name =~ /^\*\.(.+)/ and $1 eq $z) {
+ print STDERR "$script: $file:$line: $name: first-level wildcard\n";
+ next;
+ }
+ $ret{$name} = $z;
+ last;
+ }
}
}
}
@@ -285,6 +314,7 @@ GetOptions("help" => \$man,
"zone|z=s@" => \@zone,
"ttl=i" => \$ttl,
"server=s" => \$nameserver,
+ "allow-wildcard-domains" => \$allow_wildcard_domains
) or exit(3);
pod2usage(-message => "$script: update DNS from Apache virtual host configuration",
@@ -426,6 +456,12 @@ Ignored
=over 4
+=item B<--allow-wildcard-domains>
+
+Allow the use of wildcard (B<*>). When this option is in effect, a wildcard
+will be allowed if it is the very first label in a domain name and it is
+separated from the base zone (see the B<--zone> option) by one or more labels.
+
=item B<--apache-config-directory=>I<DIR>
Sets the Apache configuration directory. I<DIR> should be either a directory

Return to:

Send suggestions and report system problems to the System administrator.