diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2011-02-25 09:07:41 -0800 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2011-02-25 09:07:41 -0800 |
commit | 6c9f83f6bcf081973f25c7564cc61ba07ae2cfd2 (patch) | |
tree | 5d7f2c464c0bb85e3ca6b9e290a449d5948568ba | |
parent | b541f5ffa7bf1c6951e01ae4814e0cd38adc42d5 (diff) | |
download | vyatta-cfg-system-6c9f83f6bcf081973f25c7564cc61ba07ae2cfd2.tar.gz vyatta-cfg-system-6c9f83f6bcf081973f25c7564cc61ba07ae2cfd2.zip |
Validate domain and host name
Bug 6243
More complete validation of host name and domain name
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | scripts/system/vyatta_check_domainname.pl | 72 | ||||
-rw-r--r-- | templates/system/domain-name/node.def | 2 | ||||
-rw-r--r-- | templates/system/host-name/node.def | 3 |
4 files changed, 77 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am index 2015a96f..914611fb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -24,6 +24,7 @@ sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync sbin_SCRIPTS += scripts/system/vyatta_check_username.pl +sbin_SCRIPTS += scripts/system/vyatta_check_domainname.pl sbin_SCRIPTS += scripts/system/vyatta_interface_rescan sbin_SCRIPTS += scripts/system/vyatta_update_login.pl sbin_SCRIPTS += scripts/system/vyatta_update_logrotate.pl diff --git a/scripts/system/vyatta_check_domainname.pl b/scripts/system/vyatta_check_domainname.pl new file mode 100644 index 00000000..cb5501fd --- /dev/null +++ b/scripts/system/vyatta_check_domainname.pl @@ -0,0 +1,72 @@ +#!/usr/bin/perl + +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc. +# All Rights Reserved. +# +# **** End License **** + +use strict; +use warnings; + +# Source: http://en.wikipedia.org/wiki/Domain_Name_System +# Rules for forming domain names appear in RFC 1035, RFC 1123, and RFC 2181. +# A domain name consists of one or more parts, technically called labels, +# that are conventionally concatenated, and delimited by dots, +# such as example.com. +# +# * The right-most label conveys the top-level domain; for example, +# the domain name www.example.com belongs to the top-level domain com. +# * The hierarchy of domains descends from right to left; each label to +# the left specifies a subdivision, or subdomain of the domain to the +# right. For example: the label example specifies a subdomain of the +# com domain, and www is a sub domain of example.com. This tree of +# subdivisions may have up to 127 levels. +# +# * Each label may contain up to 63 characters. The full domain name may +# not exceed a total length of 253 characters in its external +# dotted-label specification.[10] In the internal binary +# representation of the DNS the maximum length requires 255 octets of +# storage.[3] In practice, some domain registries may have shorter +# limits.[citation needed] +# +# * DNS names may technically consist of any character representable in +# an octet. However, the allowed formulation of domain names in the +# DNS root zone, and most other sub domains, uses a preferred format +# and character set. The characters allowed in a label are a subset +# of the ASCII character set, and includes the characters a through +# z, A through Z, digits 0 through 9, and the hyphen. This rule is +# known as the LDH rule (letters, digits, hyphen). Domain names are +# interpreted in case-independent manner. Labels may not start or end +# with a hyphen.[11] + +foreach my $fqdn (@ARGV) { + die "$fqdn: full domain length exceeds 253 characters\n" + if length($fqdn) > 253; + + my @label = split /\./, $fqdn; + die "$fqdn: domain name greater than 127 levels\n" + if ($#label > 127); + + foreach my $label (@label) { + die "$label: invalid character in domain name\n" + unless $label =~ /^[-0-9a-zA-H]+$/; + + die "$label: label must not start or end with hyphen\n" + if $label =~ /(^-)|(-$)/; + + die "$label: domain name element greater than 63 characters\n" + if (length($label) > 63); + } +} + diff --git a/templates/system/domain-name/node.def b/templates/system/domain-name/node.def index e5d5af7e..87f9e0fa 100644 --- a/templates/system/domain-name/node.def +++ b/templates/system/domain-name/node.def @@ -3,7 +3,7 @@ type: txt help: System domain name # Allow letter-number-hyphen in label (but can not start or end with hyphen) -syntax:expression: pattern $VAR(@) "^[a-zA-Z0-9](([-a-zA-Z0-9]*[a-zA-Z0-9])?\.)*[a-zA-Z]+$" ; "invalid domain name $VAR(@)" +syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_domainname.pl $VAR(../host-name).$VAR(@)" # also add localhost line into /etc/hosts (see host-name template)? update: sudo /opt/vyatta/sbin/vyatta_update_resolv.pl diff --git a/templates/system/host-name/node.def b/templates/system/host-name/node.def index df266fad..8c733b9f 100644 --- a/templates/system/host-name/node.def +++ b/templates/system/host-name/node.def @@ -4,6 +4,9 @@ help: System host name (default: vyatta) default: "vyatta" syntax:expression: pattern $VAR(@) "^[[:alnum:]][-.[:alnum:]]*[[:alnum:]]$" ; "invalid host name $VAR(@)" + +syntax:expression: pattern $VAR(@) "^.{1,63}$" ; "invalid host-name length" + update: sudo sh -c " \ hostname '$VAR(@)' echo '$VAR(@)' > /etc/hostname |