X-Git-Url: https://git.ralfj.de/dyn-nsupdate.git/blobdiff_plain/11b054f64b837660290e297c390aa09b0b57e8d6..31d2a45747b17f5690789d7ee7dbffb8cf0fbcf6:/nsupd-wrapper/dyn-nsupdate.cpp?ds=inline diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp index b1bcfd2..2acf3c0 100644 --- a/nsupd-wrapper/dyn-nsupdate.cpp +++ b/nsupd-wrapper/dyn-nsupdate.cpp @@ -52,8 +52,15 @@ static void write(int fd, const char *str) int main(int argc, const char ** argv) { try { - static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|"); - static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|"); + // These regular expressions are not supposed to be fully precise: nsupdate will check the addresses, too. + // However, they have to make sure that there can be no injection attacks. +#define GROUP "[0-9]{1,3}" + static const regex regex_ipv4(GROUP "(\\." GROUP "){3}|"); +#undef GROUP +#define GROUP "[a-fA-F0-9]{1,4}" + static const regex regex_ipv6("(" GROUP "(::?" GROUP "){0,6})?::?" GROUP "|"); +#undef GROUP + static const regex regex_password("[a-zA-Z0-9.:;,_-]+"); static const regex regex_domain("[a-zA-Z0-9.]+"); @@ -102,6 +109,14 @@ int main(int argc, const char ** argv) pt::ini_parser::read_ini(CONFIG_FILE, config); std::string nsupdate = config.get("nsupdate"); unsigned server_port = config.get("port", 53); + std::string keyfile = config.get("keyfile", ""); + std::string key = config.get("key", ""); + + /* check for some invalid configurations */ + if (keyfile.size() > 0 && key.size() > 0) { + std::cerr << "You can only have either a keyfile or a key set. Please fix your configuration." << std::endl; + exit(1); + } /* Given the domain, check whether the password matches */ optional correct_password = config.get_optional(pt::ptree::path_type(domain+"/password", '/')); @@ -132,7 +147,15 @@ int main(int argc, const char ** argv) exit(1); } /* exec nsupdate */ - execl(nsupdate.c_str(), nsupdate.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + if (keyfile.size() > 0) { + execl(nsupdate.c_str(), nsupdate.c_str(), "-k", keyfile.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + } + else if (key.size() > 0) { + execl(nsupdate.c_str(), nsupdate.c_str(), "-y", key.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + } + else { + execl(nsupdate.c_str(), nsupdate.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + } /* There was an error */ std::cerr << "There was an error executing nsupdate." << std::endl; exit(1);