- static const regex regex_ip("\\d{1,3}.\\d{1,3}.\\d{1,3}.\\d{1,3}");
- static const regex regex_user("[a-zA-Z]+");
-
-
- if (argc != 5) {
- std::cerr << "Usage: " << argv[0] << " <username> <password> <domain> <IP address>" << std::endl;
- return 1;
- }
-
- /* Obtain and validate inpit */
- std::string user = argv[1];
- std::string password = argv[2];
- std::string domain = argv[3];
- std::string ip = argv[4];
-
- if (!regex_match(ip, regex_ip)) {
- std::cerr << "Invalid IP address " << ip << "." << std::endl;
- exit(1);
- }
- if (!regex_match(user, regex_user)) {
- std::cerr << "Invalid username " << user << "." << std::endl;
- exit(1);
- }
-
- /* read configuration */
- property_tree::ptree config;
- property_tree::ini_parser::read_ini(CONFIG_FILE, config);
- std::string nsupdate = config.get<std::string>("nsupdate");
- std::string keyfile = config.get<std::string>("key");
-
- /* Check username, password, domain */
- optional<std::string> correct_password = config.get_optional<std::string>(user+".password");
- if (!correct_password || *correct_password != password) {
- std::cerr << "Username or password incorrect." << std::endl;
- exit(1);
- }
- if (config.get<std::string>(user+".domain") != domain) {
- std::cerr << "Domain incorrect." << std::endl;
- exit(1);
- }
-
- /* preapre the pipe */
- int pipe_ends[] = {0,0};
- pipe(pipe_ends);
+ try {
+ static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|");
+ static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|");
+ static const regex regex_password("[a-zA-Z0-9.:;,_-]+");
+ static const regex regex_domain("[a-zA-Z0-9.]+");
+
+ // Declare the supported options.
+ po::options_description desc("Allowed options");
+ desc.add_options()
+ ("help", "produce help message")
+ ("domain", po::value<string>()->required(), "the domain to update")
+ ("password", po::value<string>()->required(), "the password for the domain")
+ ("ipv4", po::value<string>(), "the new IPv4 address (empty to delete the A record)")
+ ("ipv6", po::value<string>(), "the new IPv6 address (empty to delete the AAAA record)")
+ ;
+
+ // parse arguments
+ po::variables_map vm;
+ po::store(po::parse_command_line(argc, argv, desc), vm);
+ po::notify(vm);
+ if (vm.count("help")) {
+ std::cout << "dyn-nsupdate -- a safe setuid wrapper for nsupdate" << std::endl << std::endl;
+ std::cout << desc << "\n";
+ return 1;
+ }
+ string domain = vm["domain"].as<string>();
+ string password = vm["password"].as<string>();
+ bool haveIPv4 = vm.count("ipv4");
+ string ipv4 = haveIPv4 ? vm["ipv4"].as<string>() : "";
+ bool haveIPv6 = vm.count("ipv6");
+ string ipv6 = haveIPv6 ? vm["ipv6"].as<string>() : "";
+
+ /* Validate input */
+ if (!regex_match(ipv4, regex_ipv4)) {
+ throw std::runtime_error("Invalid IPv4 address" + ipv4);
+ }
+ if (!regex_match(ipv6, regex_ipv6)) {
+ throw std::runtime_error("Invalid IPv6 address: " + ipv6);
+ }
+ if (!regex_match(domain, regex_domain)) {
+ throw std::runtime_error("Invalid Domain: " + domain);
+ }
+ if (!regex_match(password, regex_password)) {
+ throw std::runtime_error("Invalid Password: " + password);
+ }
+
+ /* read configuration */
+ pt::ptree config;
+ pt::ini_parser::read_ini(CONFIG_FILE, config);
+ std::string nsupdate = config.get<std::string>("nsupdate");
+ unsigned server_port = config.get<unsigned>("port", 53);
+
+ /* Given the domain, check whether the password matches */
+ optional<std::string> correct_password = config.get_optional<std::string>(pt::ptree::path_type(domain+"/password", '/'));
+ if (!correct_password || *correct_password != password) {
+ std::cerr << "Password incorrect." << std::endl;
+ exit(1);
+ }
+
+ /* preapre the pipe */
+ int pipe_ends[2];
+ if (pipe(pipe_ends) < 0) {
+ std::cerr << "Error opening pipe." << std::endl;
+ exit(1);
+ }