r10190: Do some very basic input checking when provisioning.

(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)

5 files changed, 33 insertions, 3 deletions

diff --git a/source4/pidl/pidl.1.xml b/source4/pidl/pidl.1.xml
index 4ddc267968..2ac40efe00 100644
--- a/source4/pidl/pidl.1.xml
+++ b/source4/pidl/pidl.1.xml
@@ -30,7 +30,6 @@
 		<arg choice="opt">--server</arg>
 		<arg choice="opt">--dcom-proxy</arg>
 		<arg choice="opt">--com-header</arg>
-		<arg choice="opt">--odl</arg>
 		<arg choice="opt">--warn-compat</arg>
 		<arg choice="opt">--quiet</arg>
 		<arg choice="opt">--verbose</arg>
diff --git a/source4/script/build_idl.sh b/source4/script/build_idl.sh
index 668d5df975..39157a5909 100755
--- a/source4/script/build_idl.sh
+++ b/source4/script/build_idl.sh
@@ -6,7 +6,7 @@ PIDL_EXTRA_ARGS="$*"
 
 [ -d librpc/gen_ndr ] || mkdir -p librpc/gen_ndr || exit 1
 
-PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --odl --ejs $PIDL_EXTRA_ARGS"
+PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --ejs $PIDL_EXTRA_ARGS"
 
 if [ x$FULLBUILD = xFULL ]; then
       echo Rebuilding all idl files in librpc/idl
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef99dc43c5..33bfafac13 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -233,7 +233,9 @@ function provision(subobj, message, blank, paths)
 	subobj.REALM       = strlower(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
+	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+	assert(valid_netbios_name(subobj.NETBIOSNAME));
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
@@ -431,5 +433,29 @@ member: %s
 	return enable_account(ldb, user_dn);
 }
 
+// Check whether a name is valid as a NetBIOS name. 
+// FIXME: There are probably more constraints here
+function valid_netbios_name(name)
+{
+	if (strlen(name) > 13) return false;
+	if (strstr(name, ".")) return false;
+	return true;
+}
+
+function provision_validate(subobj, message)
+{
+	if (!valid_netbios_name(subobj.DOMAIN)) {
+		message("Invalid NetBIOS name for domain\n");
+		return false;
+	}
+
+	if (!valid_netbios_name(subobj.NETBIOSNAME)) {
+		message("Invalid NetBIOS name for host\n");
+		return false;
+	}
+
+	return true;
+}
+
 
 return 0;
diff --git a/source4/setup/provision b/source4/setup/provision
index fd949ce9d9..44b7ee7a4f 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -108,6 +108,11 @@ for (r in options) {
 
 var blank = (options["blank"] != undefined);
 
+if (!provision_validate(subobj, message)) {
+	return -1;
+}
+
+
 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
 provision(subobj, message, blank, provision_default_paths(subobj));
diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
index 0f5764dc11..40cb78fd55 100644
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -1,4 +1,4 @@
-; generate by provision.pl
+; generated by provision.pl
 $ORIGIN ${DNSDOMAIN}.
 $TTL 1W
 @               IN SOA  @   hostmaster (