From 313e6c6adf6f336a9a0404f80e6c345d2e519cb8 Mon Sep 17 00:00:00 2001
From: Derrell Lipman <derrell@samba.org>
Date: Wed, 18 Oct 2006 18:55:50 +0000
Subject: r19397: Restrict databases which can be opened to a known set
 (currently only 'sam.ldb') (This used to be commit
 023c3b02b9990eed90904d3ba7e506dfe3d28345)

---
 services/samba/ldb.esp | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'services')

diff --git a/services/samba/ldb.esp b/services/samba/ldb.esp
index 1cd98adc3a..2654efe988 100644
--- a/services/samba/ldb.esp
+++ b/services/samba/ldb.esp
@@ -16,6 +16,34 @@
 jsonrpc_include("resources.esp");
 
 
+/**
+ * Local function to determine if the requested database is one which we allow
+ * access to.
+ *
+ * @param dbRequested
+ *   Name of the database which is being requested to be opened
+ *
+ * @return
+ *   true if access is allowed; false otherwise.
+ */
+function accessAllowed(dbRequested)
+{
+    /* Databases allowed to connect to */
+    dbAllowed = new Array();
+    dbAllowed[dbAllowed.length] = "sam.ldb";
+
+    for (var i = 0; i < dbAllowed.length; i++)
+    {
+        if (dbRequested == dbAllowed[i])
+        {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+
 /**
  * Connect to a database
  *
@@ -52,11 +80,10 @@ function _connect(params, error)
         return resourceId;
     }
 
-    /* Ensure there are no slashes in the database name */
-    var components = split('/', params[0]);
-    if (components.length > 1)
+    /* Ensure that the database name is one that is allowed to be opened */
+    if (! accessAllowed(params[0]))
     {
-        error.setError(1, "Invalid database name (contains '/')");
+        error.setError(-1, "Invalid or disallowed database name");
         return error;
     }
 
-- 
cgit