Call for inncheck testing
Florian Schlichting
fschlich at CIS.FU-Berlin.DE
Sat Jul 9 00:41:56 UTC 2011
On Thu, Jul 07, 2011 at 02:06:31PM +0200, Gunther Nitzsche wrote:
> /usr/local/news/etc/readers.conf:150: not a valid list of hostnames or
> netblocks: '192.109.14.*,193.254.23[89].*, ...
> /usr/local/news/etc/readers.conf:156: not a valid list of hostnames or
> netblocks: '194.8.19[2-9].*,194.8.2[01][0-9].* ...
that was useful to remind me that I need to work on the wildmat pattern,
and also on IPv6 more generally:
--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -164,15 +164,19 @@ get_config_word
## Build regular expressions used for checking configuration values.
my $dot = '\.';
+my $wildmat = '\[\]\*\?-'; # anybody needing ^ ! @ ??
my $ip = '(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})';
my $ipv4 = "$ip$dot$ip$dot$ip$dot$ip";
my $ipv4_cidr = "$ip(?:$dot$ip){0,3}\\/[1-3]?\\d";
-my $ipv4_wildmat = '[\d\[\]\*]+(?:\.[\d\[\]\*]+){0,3}';
-my $ipv6 = '[\da-fA-F:.]+'; # e.g. ::ffff:192.168.0.10
-my $ipv6_cidr = '[\da-f:.]+(?:\\/1?\d?\d)?'; # matches $ipv6 as well
+my $ipv4_wildmat = "[\\d$wildmat]+(?:$dot\[\\d$wildmat\]+){0,3}";
+my $ip6 = '\da-fA-F:';
+my $ipv6 = "[$ip6]+(?:$ipv4)?"; # e.g. ::ffff:192.168.0.10
+my $ipv6_cidr = "[$ip6]+\\/1?\\d?\\d";
+my $ipv6_wildmat = "[$ip6$wildmat]+";
my $hostname = '[\w-]+|[\w.-]+\.[a-zA-Z]{2,}'; # hostname, FQDN
+my $hostname_wildmat = '(?:[-\w\[\]\*\?]+\.)?'."(?:$hostname)"; # Assumption: wildmat chars only in leftmost subdomain part
my $hostnameRE = "(?:$hostname|$ipv4|$ipv6)";
-my $hostblockRE = '(?:(?:[-\w\[\]\*\?]+\.)?'."(?:$hostname)|$ipv4_wildmat|$ipv4_cidr|$ipv6_cidr)"; # Assumption: wildmat chars only in leftmost subdomain part
+my $hostblockRE = "(?:$hostname_wildmat|$ipv4_cidr|$ipv4_wildmat|$ipv6|$ipv6_cidr|$ipv6_wildmat)";
my %type_regex = (
'boolean' => '^(?:true|false)$', # innfeed.conf doesn't allow other
'floating-point number' => '^\d+\.\d+$', # no exponents
Julien, if you feel anybody might possibly use ^, ! or @ in an IP
address wildmat, by all means just add it to $wildmat. You're absolutely
right saying we should avoid false positives - when I think about those
expressions I always try to narrow them in order to be useful, but it's
probably way too complicated and only causes harm when it's too
restrictive.
BTW, in the other perl scripts I eliminated perl4-style subroutine calls
with &function; for some reason I forgot to do that to inncheck:
--- a/scripts/inncheck.in
+++ b/scripts/inncheck.in
@@ -369,7 +369,7 @@ control_ctl
my ($msg, $from, $ng, $act);
input: while ( <$IN> ) {
- next input if &spacious($file, ++$line);
+ next input if spacious($file, ++$line);
if (/^\/localencoding\//) {
unless ( ($msg, $act) =
@@ -423,7 +423,7 @@ expire_ctl
$groupbaseexpiry = $INN::Config::groupbaseexpiry;
$groupbaseexpiry =~ tr/A-Z/a-z/;
input: while ( <$IN> ) {
- next input if &spacious($file, ++$line);
+ next input if spacious($file, ++$line);
if ( ($v) = m@/remember/:(.+)@ ) {
eprint "$file:$line: more than one /remember/ line.\n"
@@ -653,7 +653,7 @@ moderators
my ($k, $v);
input: while ( <$IN> ) {
- next input if &spacious($file, ++$line);
+ next input if spacious($file, ++$line);
unless ( ($k, $v) = /^([^:]+):(.+)$/ ) {
eprint "$file:$line: malformed line.\n";
@@ -871,7 +871,7 @@ nntpsend_ctl
my ($site, $fqdn, $flags, $f, $v);
input: while ( <$IN> ) {
- next input if &spacious($file, ++$line);
+ next input if spacious($file, ++$line);
## Ignore the size info for now.
unless ( ($site, $fqdn, $flags) =
@@ -906,7 +906,7 @@ passwd_nntp
my ($name, $pass);
input: while ( <$IN> ) {
- next input if &spacious($file, ++$line);
+ next input if spacious($file, ++$line);
unless ( ($name, $pass) = /[\w\-\.]+:([^:]*):([^:]*)(:authinfo)?$/ ) {
eprint "$file:$line: malformed line.\n";
@@ -1143,35 +1143,35 @@ check_all_perms
my ($newsbin) = $paths{'newsbin'};
foreach ( @directories ) {
- &checkperm($paths{$_}, [0755, 0775]);
+ checkperm($paths{$_}, [0755, 0775]);
}
- &checkperm($paths{'innddir'}, [0750, 0775]);
- &checkperm($paths{'innbind'}, [04500, 04550], 'root', $INN::Config::runasgroup);
+ checkperm($paths{'innddir'}, [0750, 0775]);
+ checkperm($paths{'innbind'}, [04500, 04550], 'root', $INN::Config::runasgroup);
foreach ( keys %prog_modes ) {
- &checkperm($paths{$_}, $prog_modes{$_});
+ checkperm($paths{$_}, $prog_modes{$_});
}
foreach ( keys %paths ) {
- &checkperm($paths{$_}, $modes{$_})
+ checkperm($paths{$_}, $modes{$_})
if defined $modes{$_};
}
- &checkperm($paths{'history'}, [0600, $INN::Config::filemode]);
+ checkperm($paths{'history'}, [0600, $INN::Config::filemode]);
# Commented out for now since it depends on the history type.
- #&checkperm($paths{'history'} . ".dir", [0600, $INN::Config::filemode]);
- #&checkperm($paths{'history'} . ".index", [0600, $INN::Config::filemode]);
- #&checkperm($paths{'history'} . ".hash", [0600, $INN::Config::filemode]);
+ #checkperm($paths{'history'} . ".dir", [0600, $INN::Config::filemode]);
+ #checkperm($paths{'history'} . ".index", [0600, $INN::Config::filemode]);
+ #checkperm($paths{'history'} . ".hash", [0600, $INN::Config::filemode]);
foreach ( @newsbin_private ) {
- &checkperm("$newsbin/$_", [0500, 0550]);
+ checkperm("$newsbin/$_", [0500, 0550]);
}
foreach ( @newsbin_public ) {
- &checkperm("$newsbin/$_", [0500, 0555]);
+ checkperm("$newsbin/$_", [0500, 0555]);
}
foreach ( @rnews_programs ) {
- &checkperm("$rnewsprogs/$_", [0500, 0555]);
+ checkperm("$rnewsprogs/$_", [0500, 0555]);
}
## Also make sure that @rnews_programs are the *only* programs in there;
## anything else is probably someone trying to spoof rnews into being bad.
- &intersect($rnewsprogs, @rnews_programs);
+ intersect($rnewsprogs, @rnews_programs);
return;
}
@@ -1230,7 +1230,7 @@ arg: foreach ( @ARGV ) {
push(@todo, $_);
}
-&Usage("Can't use `--fix' without `--perm'")
+Usage("Can't use `--fix' without `--perm'")
if $fix && $perms < 1;
$pfx = $fix ? '# ' : '';
@@ -1249,13 +1249,13 @@ action: foreach my $workfile ( @todo ) {
eprint "$pfx$workfile:0: can't open $!\n";
next action;
}
- &checkperm($file, $modes{$workfile})
+ checkperm($file, $modes{$workfile})
if $perms == -1 && defined $modes{$workfile};
$line = 0;
$checklist{$workfile}();
close($IN);
}
-&check_all_perms()
+check_all_perms()
if $perms == 1;
exit($exitval);
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5557 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20110709/f2dafbc1/attachment.bin>
More information about the inn-workers
mailing list