diff options
author | Derrell Lipman <derrell@samba.org> | 2006-10-18 18:55:50 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:21:25 -0500 |
commit | 313e6c6adf6f336a9a0404f80e6c345d2e519cb8 (patch) | |
tree | 52839ccdb252408c74c9b6e55712c27c404c2657 | |
parent | e2383f7ecb5cb5de364a30bed57db32c0e0890c8 (diff) | |
download | samba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.tar.gz samba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.tar.bz2 samba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.zip |
r19397: Restrict databases which can be opened to a known set (currently only 'sam.ldb')
(This used to be commit 023c3b02b9990eed90904d3ba7e506dfe3d28345)
-rw-r--r-- | services/samba/ldb.esp | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/services/samba/ldb.esp b/services/samba/ldb.esp index 1cd98adc3a..2654efe988 100644 --- a/services/samba/ldb.esp +++ b/services/samba/ldb.esp @@ -17,6 +17,34 @@ jsonrpc_include("resources.esp"); /** + * Local function to determine if the requested database is one which we allow + * access to. + * + * @param dbRequested + * Name of the database which is being requested to be opened + * + * @return + * true if access is allowed; false otherwise. + */ +function accessAllowed(dbRequested) +{ + /* Databases allowed to connect to */ + dbAllowed = new Array(); + dbAllowed[dbAllowed.length] = "sam.ldb"; + + for (var i = 0; i < dbAllowed.length; i++) + { + if (dbRequested == dbAllowed[i]) + { + return true; + } + } + + return false; +} + + +/** * Connect to a database * * @param params[0] @@ -52,11 +80,10 @@ function _connect(params, error) return resourceId; } - /* Ensure there are no slashes in the database name */ - var components = split('/', params[0]); - if (components.length > 1) + /* Ensure that the database name is one that is allowed to be opened */ + if (! accessAllowed(params[0])) { - error.setError(1, "Invalid database name (contains '/')"); + error.setError(-1, "Invalid or disallowed database name"); return error; } |