summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2014-12-19 13:46:51 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2014-12-19 13:46:51 (GMT)
commit9896bd62c08a160b75a2dc6c969b4b14eea3d3fa (patch) (unidiff)
treef6845d8754b3b692903eb5dc6cf58d65944ec1c6
parente11146fd1b10a8cf565ddf0c73b555ccfed21b59 (diff)
downloaddnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.gz
dnstools-9896bd62c08a160b75a2dc6c969b4b14eea3d3fa.tar.bz2
vhostcname: add checks for domain name validity
* vhostcname/vhostcname: New option --allow-wildcard-domains. (valid_domain_name): new sub (get_cnames): Skip domain names that don't pass the validity check.
Diffstat (more/less context) (ignore whitespace changes)
-rwxr-xr-xvhostcname/vhostcname38
1 files changed, 37 insertions, 1 deletions
diff --git a/vhostcname/vhostcname b/vhostcname/vhostcname
index 917cd73..359101c 100755
--- a/vhostcname/vhostcname
+++ b/vhostcname/vhostcname
@@ -37,6 +37,7 @@ my $confdir; # Apache configuration directory.
37my $confpat = "*"; # A globbing pattern for Apache configuration files. 37my $confpat = "*"; # A globbing pattern for Apache configuration files.
38my $dry_run; # Dry-run mode. 38my $dry_run; # Dry-run mode.
39my $debug; # Debug level. 39my $debug; # Debug level.
40my $allow_wildcard_domains;
40 41
41my $help; # Display help summary. 42my $help; # Display help summary.
42my $man; # Ditto in manpage format. 43my $man; # Ditto in manpage format.
@@ -76,6 +77,22 @@ sub read_config_file($) {
76 close($fd); 77 close($fd);
77} 78}
78 79
80# Domain names may be formed from the set of alphanumeric ASCII characters
81# (a-z, A-Z, 0-9). In addition the hyphen is permitted if it is surrounded
82# by characters, digits or hyphens, although it is not to start or end a
83# label.
84sub valid_domain_name {
85 my $name = shift;
86 $name =~ s/^\*\.// if ($allow_wildcard_domains);
87 foreach my $label (split(/\./, $name)) {
88 $label =~ s/-+/-/g;
89 $label =~ s/[a-zA-Z0-9]-[a-zA-Z0-9]//g;
90 return 0 if $label =~ /^-/ or $label =~ /-$/;
91 return 0 if $label =~ /[^a-zA-Z0-9]/;
92 }
93 return 1;
94}
95
79sub get_cnames($) { 96sub get_cnames($) {
80 my $dir = shift; 97 my $dir = shift;
81 my %ret; 98 my %ret;
@@ -88,6 +105,7 @@ sub get_cnames($) {
88 err("can't open file $file: $!"); 105 err("can't open file $file: $!");
89 next; 106 next;
90 }; 107 };
108 my $line = 0;
91 while (<$fd>) { 109 while (<$fd>) {
92 s/#.*//; 110 s/#.*//;
93 s/^\s+//; 111 s/^\s+//;
@@ -95,8 +113,19 @@ sub get_cnames($) {
95 next if (/^$/); 113 next if (/^$/);
96 if (/^Server(Name|Alias)\s+(.*)/) { 114 if (/^Server(Name|Alias)\s+(.*)/) {
97 foreach my $name (split /\s+/, $2) { 115 foreach my $name (split /\s+/, $2) {
116 unless (valid_domain_name($name)) {
117 print STDERR "$script: $file:$line: $name: invalid domain name\n";
118 next;
119 }
98 foreach my $z (@zone) { 120 foreach my $z (@zone) {
99 $ret{$name} = $z if ($name =~ /.*\.$z/); 121 if ($name =~ /.*\.$z$/) {
122 if ($name =~ /^\*\.(.+)/ and $1 eq $z) {
123 print STDERR "$script: $file:$line: $name: first-level wildcard\n";
124 next;
125 }
126 $ret{$name} = $z;
127 last;
128 }
100 } 129 }
101 } 130 }
102 } 131 }
@@ -285,6 +314,7 @@ GetOptions("help" => \$man,
285 "zone|z=s@" => \@zone, 314 "zone|z=s@" => \@zone,
286 "ttl=i" => \$ttl, 315 "ttl=i" => \$ttl,
287 "server=s" => \$nameserver, 316 "server=s" => \$nameserver,
317 "allow-wildcard-domains" => \$allow_wildcard_domains
288 ) or exit(3); 318 ) or exit(3);
289 319
290pod2usage(-message => "$script: update DNS from Apache virtual host configuration", 320pod2usage(-message => "$script: update DNS from Apache virtual host configuration",
@@ -426,6 +456,12 @@ Ignored
426 456
427=over 4 457=over 4
428 458
459=item B<--allow-wildcard-domains>
460
461Allow the use of wildcard (B<*>). When this option is in effect, a wildcard
462will be allowed if it is the very first label in a domain name and it is
463separated from the base zone (see the B<--zone> option) by one or more labels.
464
429=item B<--apache-config-directory=>I<DIR> 465=item B<--apache-config-directory=>I<DIR>
430 466
431Sets the Apache configuration directory. I<DIR> should be either a directory 467Sets the Apache configuration directory. I<DIR> should be either a directory

Return to:

Send suggestions and report system problems to the System administrator.