1 /* Copyright (c) 2014, Ralf Jung <post@ralfj.de>
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright notice,
10 * this list of conditions and the following disclaimer in the documentation
11 * and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
16 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
17 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
18 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
19 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
20 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
22 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include <boost/regex.hpp>
30 #include <boost/program_options.hpp>
31 #include <boost/property_tree/ptree.hpp>
32 #include <boost/property_tree/ini_parser.hpp>
33 #include <boost/iostreams/device/file_descriptor.hpp>
34 #include <boost/iostreams/stream.hpp>
36 namespace pt = boost::property_tree;
37 namespace po = boost::program_options;
40 using boost::optional;
42 static void write(int fd, const char *str)
44 size_t len = strlen(str);
45 ssize_t written = write(fd, str, len);
46 if (written < 0 || (size_t)written != len) {
47 std::cerr << "Error writing pipe." << std::endl;
52 int main(int argc, const char ** argv)
55 static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|");
56 static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|");
57 static const regex regex_password("[a-zA-Z0-9.:;,_-]+");
58 static const regex regex_domain("[a-zA-Z0-9.]+");
60 // Declare the supported options.
61 po::options_description desc("Allowed options");
63 ("help", "produce help message")
64 ("domain", po::value<string>()->required(), "the domain to update")
65 ("password", po::value<string>()->required(), "the password for the domain")
66 ("ipv4", po::value<string>(), "the new IPv4 address (empty to delete the A record)")
67 ("ipv6", po::value<string>(), "the new IPv6 address (empty to delete the AAAA record)")
72 po::store(po::parse_command_line(argc, argv, desc), vm);
74 if (vm.count("help")) {
75 std::cout << "dyn-nsupdate -- a safe setuid wrapper for nsupdate" << std::endl << std::endl;
76 std::cout << desc << "\n";
79 string domain = vm["domain"].as<string>();
80 string password = vm["password"].as<string>();
81 bool haveIPv4 = vm.count("ipv4");
82 string ipv4 = haveIPv4 ? vm["ipv4"].as<string>() : "";
83 bool haveIPv6 = vm.count("ipv6");
84 string ipv6 = haveIPv6 ? vm["ipv6"].as<string>() : "";
87 if (!regex_match(ipv4, regex_ipv4)) {
88 throw std::runtime_error("Invalid IPv4 address" + ipv4);
90 if (!regex_match(ipv6, regex_ipv6)) {
91 throw std::runtime_error("Invalid IPv6 address: " + ipv6);
93 if (!regex_match(domain, regex_domain)) {
94 throw std::runtime_error("Invalid Domain: " + domain);
96 if (!regex_match(password, regex_password)) {
97 throw std::runtime_error("Invalid Password: " + password);
100 /* read configuration */
102 pt::ini_parser::read_ini(CONFIG_FILE, config);
103 std::string nsupdate = config.get<std::string>("nsupdate");
104 unsigned server_port = config.get<unsigned>("port", 53);
105 std::string key = config.get<std::string>("key","");
107 /* Given the domain, check whether the password matches */
108 optional<std::string> correct_password = config.get_optional<std::string>(pt::ptree::path_type(domain+"/password", '/'));
109 if (!correct_password || *correct_password != password) {
110 std::cerr << "Password incorrect." << std::endl;
114 /* preapre the pipe */
116 if (pipe(pipe_ends) < 0) {
117 std::cerr << "Error opening pipe." << std::endl;
121 /* Launch nsupdate */
122 pid_t child_pid = fork();
124 std::cerr << "Error while forking." << std::endl;
127 if (child_pid == 0) {
128 /* We're in the child */
129 /* Close write end, use read end as stdin */
131 if (dup2(pipe_ends[0], fileno(stdin)) < 0) {
132 std::cerr << "There was an error redirecting stdin." << std::endl;
136 if (key.size() > 0) {
137 execl(nsupdate.c_str(), nsupdate.c_str(), "-y", key.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL);
139 execl(nsupdate.c_str(), nsupdate.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL);
141 /* There was an error */
142 std::cerr << "There was an error executing nsupdate." << std::endl;
146 /* Send it the command */
148 write(pipe_ends[1], "update delete ");
149 write(pipe_ends[1], domain.c_str());
150 write(pipe_ends[1], ". A\n");
153 write(pipe_ends[1], "update add ");
154 write(pipe_ends[1], domain.c_str());
155 write(pipe_ends[1], ". 60 A ");
156 write(pipe_ends[1], ipv4.c_str());
157 write(pipe_ends[1], "\n");
162 write(pipe_ends[1], "update delete ");
163 write(pipe_ends[1], domain.c_str());
164 write(pipe_ends[1], ". AAAA\n");
167 write(pipe_ends[1], "update add ");
168 write(pipe_ends[1], domain.c_str());
169 write(pipe_ends[1], ". 60 AAAA ");
170 write(pipe_ends[1], ipv6.c_str());
171 write(pipe_ends[1], "\n");
175 write(pipe_ends[1], "send\n");
177 /* Close both ends */
181 /* Wait for child to be gone */
183 waitpid(child_pid, &child_status, 0);
184 if (child_status != 0) {
185 std::cerr << "There was an error in the child." << std::endl;
189 catch(std::exception &e) {
190 std::cout << e.what() << "\n";
projects / dyn-nsupdate.git / blob