summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDerrell Lipman <derrell@samba.org>2006-10-18 18:55:50 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:21:25 -0500
commit313e6c6adf6f336a9a0404f80e6c345d2e519cb8 (patch)
tree52839ccdb252408c74c9b6e55712c27c404c2657
parente2383f7ecb5cb5de364a30bed57db32c0e0890c8 (diff)
downloadsamba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.tar.gz
samba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.tar.bz2
samba-313e6c6adf6f336a9a0404f80e6c345d2e519cb8.zip
r19397: Restrict databases which can be opened to a known set (currently only 'sam.ldb')
(This used to be commit 023c3b02b9990eed90904d3ba7e506dfe3d28345)
-rw-r--r--services/samba/ldb.esp35
1 files changed, 31 insertions, 4 deletions
diff --git a/services/samba/ldb.esp b/services/samba/ldb.esp
index 1cd98adc3a..2654efe988 100644
--- a/services/samba/ldb.esp
+++ b/services/samba/ldb.esp
@@ -17,6 +17,34 @@ jsonrpc_include("resources.esp");
/**
+ * Local function to determine if the requested database is one which we allow
+ * access to.
+ *
+ * @param dbRequested
+ * Name of the database which is being requested to be opened
+ *
+ * @return
+ * true if access is allowed; false otherwise.
+ */
+function accessAllowed(dbRequested)
+{
+ /* Databases allowed to connect to */
+ dbAllowed = new Array();
+ dbAllowed[dbAllowed.length] = "sam.ldb";
+
+ for (var i = 0; i < dbAllowed.length; i++)
+ {
+ if (dbRequested == dbAllowed[i])
+ {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+
+/**
* Connect to a database
*
* @param params[0]
@@ -52,11 +80,10 @@ function _connect(params, error)
return resourceId;
}
- /* Ensure there are no slashes in the database name */
- var components = split('/', params[0]);
- if (components.length > 1)
+ /* Ensure that the database name is one that is allowed to be opened */
+ if (! accessAllowed(params[0]))
{
- error.setError(1, "Invalid database name (contains '/')");
+ error.setError(-1, "Invalid or disallowed database name");
return error;
}