X-Git-Url: https://git.ralfj.de/dyn-nsupdate.git/blobdiff_plain/d61aa3e46d25f8800d3a3db887e756f9b3a744dc..1bc0fb0ae1d0b4ed9ceb7aeafe3215db2c9167e9:/nsupd-wrapper/dyn-nsupdate.cpp?ds=inline diff --git a/nsupd-wrapper/dyn-nsupdate.cpp b/nsupd-wrapper/dyn-nsupdate.cpp index 27db031..2acf3c0 100644 --- a/nsupd-wrapper/dyn-nsupdate.cpp +++ b/nsupd-wrapper/dyn-nsupdate.cpp @@ -52,8 +52,15 @@ static void write(int fd, const char *str) int main(int argc, const char ** argv) { try { - static const regex regex_ipv4("\\d{1,3}(\\.\\d{1,3}){3}|"); - static const regex regex_ipv6("[a-fA-F0-9]{1,4}(:[a-fA-F0-9]{1,4}){7}|"); + // These regular expressions are not supposed to be fully precise: nsupdate will check the addresses, too. + // However, they have to make sure that there can be no injection attacks. +#define GROUP "[0-9]{1,3}" + static const regex regex_ipv4(GROUP "(\\." GROUP "){3}|"); +#undef GROUP +#define GROUP "[a-fA-F0-9]{1,4}" + static const regex regex_ipv6("(" GROUP "(::?" GROUP "){0,6})?::?" GROUP "|"); +#undef GROUP + static const regex regex_password("[a-zA-Z0-9.:;,_-]+"); static const regex regex_domain("[a-zA-Z0-9.]+"); @@ -102,7 +109,14 @@ int main(int argc, const char ** argv) pt::ini_parser::read_ini(CONFIG_FILE, config); std::string nsupdate = config.get("nsupdate"); unsigned server_port = config.get("port", 53); - std::string key = config.get("key",""); + std::string keyfile = config.get("keyfile", ""); + std::string key = config.get("key", ""); + + /* check for some invalid configurations */ + if (keyfile.size() > 0 && key.size() > 0) { + std::cerr << "You can only have either a keyfile or a key set. Please fix your configuration." << std::endl; + exit(1); + } /* Given the domain, check whether the password matches */ optional correct_password = config.get_optional(pt::ptree::path_type(domain+"/password", '/')); @@ -133,9 +147,13 @@ int main(int argc, const char ** argv) exit(1); } /* exec nsupdate */ - if (key.size() > 0) { + if (keyfile.size() > 0) { + execl(nsupdate.c_str(), nsupdate.c_str(), "-k", keyfile.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); + } + else if (key.size() > 0) { execl(nsupdate.c_str(), nsupdate.c_str(), "-y", key.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); - } else { + } + else { execl(nsupdate.c_str(), nsupdate.c_str(), "-p", std::to_string(server_port).c_str(), "-l", (char *)NULL); } /* There was an error */