svn commit: samba r19397 - in branches/SAMBA_4_0/services/samba: .
derrell at samba.org
derrell at samba.org
Wed Oct 18 18:55:50 GMT 2006
Author: derrell
Date: 2006-10-18 18:55:50 +0000 (Wed, 18 Oct 2006)
New Revision: 19397
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19397
Log:
Restrict databases which can be opened to a known set (currently only 'sam.ldb')
Modified:
branches/SAMBA_4_0/services/samba/ldb.esp
Changeset:
Modified: branches/SAMBA_4_0/services/samba/ldb.esp
===================================================================
--- branches/SAMBA_4_0/services/samba/ldb.esp 2006-10-18 16:47:35 UTC (rev 19396)
+++ branches/SAMBA_4_0/services/samba/ldb.esp 2006-10-18 18:55:50 UTC (rev 19397)
@@ -17,6 +17,34 @@
/**
+ * Local function to determine if the requested database is one which we allow
+ * access to.
+ *
+ * @param dbRequested
+ * Name of the database which is being requested to be opened
+ *
+ * @return
+ * true if access is allowed; false otherwise.
+ */
+function accessAllowed(dbRequested)
+{
+ /* Databases allowed to connect to */
+ dbAllowed = new Array();
+ dbAllowed[dbAllowed.length] = "sam.ldb";
+
+ for (var i = 0; i < dbAllowed.length; i++)
+ {
+ if (dbRequested == dbAllowed[i])
+ {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+
+/**
* Connect to a database
*
* @param params[0]
@@ -52,11 +80,10 @@
return resourceId;
}
- /* Ensure there are no slashes in the database name */
- var components = split('/', params[0]);
- if (components.length > 1)
+ /* Ensure that the database name is one that is allowed to be opened */
+ if (! accessAllowed(params[0]))
{
- error.setError(1, "Invalid database name (contains '/')");
+ error.setError(-1, "Invalid or disallowed database name");
return error;
}
More information about the samba-cvs
mailing list