From 342d229b4082004d30fa7018c04bba66da48a91b Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Mon, 12 Sep 2005 23:52:25 +0000
Subject: r10190: Do some very basic input checking when provisioning. (This
 used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)

---
 source4/pidl/pidl.1.xml              |  1 -
 source4/script/build_idl.sh          |  2 +-
 source4/scripting/libjs/provision.js | 26 ++++++++++++++++++++++++++
 source4/setup/provision              |  5 +++++
 source4/setup/provision.zone         |  2 +-
 swat/install/provision.esp           |  2 ++
 6 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/source4/pidl/pidl.1.xml b/source4/pidl/pidl.1.xml
index 4ddc267968..2ac40efe00 100644
--- a/source4/pidl/pidl.1.xml
+++ b/source4/pidl/pidl.1.xml
@@ -30,7 +30,6 @@
 		<arg choice="opt">--server</arg>
 		<arg choice="opt">--dcom-proxy</arg>
 		<arg choice="opt">--com-header</arg>
-		<arg choice="opt">--odl</arg>
 		<arg choice="opt">--warn-compat</arg>
 		<arg choice="opt">--quiet</arg>
 		<arg choice="opt">--verbose</arg>
diff --git a/source4/script/build_idl.sh b/source4/script/build_idl.sh
index 668d5df975..39157a5909 100755
--- a/source4/script/build_idl.sh
+++ b/source4/script/build_idl.sh
@@ -6,7 +6,7 @@ PIDL_EXTRA_ARGS="$*"
 
 [ -d librpc/gen_ndr ] || mkdir -p librpc/gen_ndr || exit 1
 
-PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --odl --ejs $PIDL_EXTRA_ARGS"
+PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --ejs $PIDL_EXTRA_ARGS"
 
 if [ x$FULLBUILD = xFULL ]; then
       echo Rebuilding all idl files in librpc/idl
diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef99dc43c5..33bfafac13 100644
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -233,7 +233,9 @@ function provision(subobj, message, blank, paths)
 	subobj.REALM       = strlower(subobj.REALM);
 	subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
 	subobj.DOMAIN      = strupper(subobj.DOMAIN);
+	assert(valid_netbios_name(subobj.DOMAIN));
 	subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
+	assert(valid_netbios_name(subobj.NETBIOSNAME));
 	var rdns = split(",", subobj.BASEDN);
 	subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
@@ -431,5 +433,29 @@ member: %s
 	return enable_account(ldb, user_dn);
 }
 
+// Check whether a name is valid as a NetBIOS name. 
+// FIXME: There are probably more constraints here
+function valid_netbios_name(name)
+{
+	if (strlen(name) > 13) return false;
+	if (strstr(name, ".")) return false;
+	return true;
+}
+
+function provision_validate(subobj, message)
+{
+	if (!valid_netbios_name(subobj.DOMAIN)) {
+		message("Invalid NetBIOS name for domain\n");
+		return false;
+	}
+
+	if (!valid_netbios_name(subobj.NETBIOSNAME)) {
+		message("Invalid NetBIOS name for host\n");
+		return false;
+	}
+
+	return true;
+}
+
 
 return 0;
diff --git a/source4/setup/provision b/source4/setup/provision
index fd949ce9d9..44b7ee7a4f 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -108,6 +108,11 @@ for (r in options) {
 
 var blank = (options["blank"] != undefined);
 
+if (!provision_validate(subobj, message)) {
+	return -1;
+}
+
+
 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
 provision(subobj, message, blank, provision_default_paths(subobj));
diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
index 0f5764dc11..40cb78fd55 100644
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -1,4 +1,4 @@
-; generate by provision.pl
+; generated by provision.pl
 $ORIGIN ${DNSDOMAIN}.
 $TTL 1W
 @               IN SOA  @   hostmaster (
diff --git a/swat/install/provision.esp b/swat/install/provision.esp
index de823ddcde..5f91451cbc 100644
--- a/swat/install/provision.esp
+++ b/swat/install/provision.esp
@@ -58,6 +58,8 @@ if (form['submit'] == "Provision") {
 	} else if (subobj.ADMINPASS == "") {
 		write("<h3>You must choose an administrator password.  Please try again.</h3>");
 		f.display();
+	} else if (!provision_validate(subobj, writefln)) {
+		f.display();
 	} else {
 		provision(subobj, writefln, false, provision_default_paths(subobj));
 	}
-- 
cgit