EXEC SQL BEGIN DECLARE SECTION;
int ngid;
EXEC SQL END DECLARE SECTION;
- char *malloc();
unsigned char *p;
int idx;
if (*(p-1) == '-') return(MR_BAD_CHAR);
}
+ /* sanity check host vendor: must start with a letter, contain only
+ * letters, numerals, and hyphen, and end with an alphanumeric.
+ */
+ if (*argv[row+1] && (row == 0 || strcmp(argv[2], cl->args->mr_argv[2]))) {
+ char *p = argv[row+1];
+
+ if (!isalpha(*p)) return(MR_BAD_CHAR);
+ for (; *p; p++) {
+ if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+ (*p == '-' && p[1] == '.'))
+ return(MR_BAD_CHAR);
+ }
+ if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+ }
+
+ /* sanity check host type: must start with a letter, contain only
+ * letters, numerals, and hyphen, and end with an alphanumeric.
+ */
+ if (*argv[row+2] && (row == 0 || strcmp(argv[3], cl->args->mr_argv[3]))) {
+ char *p = argv[row+2];
+
+ if (!isalpha(*p)) return(MR_BAD_CHAR);
+ for (; *p; p++) {
+ if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+ (*p == '-' && p[1] == '.'))
+ return(MR_BAD_CHAR);
+ }
+ if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+ }
+
+ /* sanity check host vendor: must start with a letter, contain only
+ * letters, numerals, and hyphen, and end with an hyphen alphanumeric.
+ */
+ if (*argv[row+3] && (row == 0 || strcmp(argv[4], cl->args->mr_argv[4]))) {
+ char *p = argv[row+3];
+
+ if (!isalpha(*p)) return(MR_BAD_CHAR);
+ for (; *p; p++) {
+ if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+ (*p == '-' && p[1] == '.'))
+ return(MR_BAD_CHAR);
+ }
+ if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+ }
+
/* check for duplicate name */
name = argv[row];
EXEC SQL SELECT count(mach_id) INTO :cnt FROM hostalias
value = -1;
else
value = -2;
- } else
- value = ntohl(inet_addr(argv[9+row]));
+ } else {
+ value = ntohl(inet_addr(argv[9+row]));
+ if (value == -1) return(MR_ADDRESS);
+ }
if (value == 0) return(MR_ADDRESS);
if (value != -1) {
id = *(int *)argv[8+row];
value = htonl(value);
}
value = htonl(value);
- argv[9+row] = strsave(inet_ntoa(value));
+ strcpy(argv[9+row], inet_ntoa(value));
} else {
- argv[9+row] = strsave("unassigned");
+ strcpy(argv[9+row], "unassigned");
}
/* status checking */
value = atoi(argv[7+row]);
- if (row == 0 && !(value == 1 || value == 3))
+ if (row == 0 && !(value == 1 || value == 0))
return(MR_TYPE);
if (row == 1) {
id = *(int *)argv[0];
EXEC SQL SELECT status INTO :cnt FROM machine WHERE mach_id = :id;
if (ingres_errno) return(mr_errcode);
if (value != cnt) {
- EXEC SQL UPDATE machine SET statuschange = date('now');
+ EXEC SQL UPDATE machine SET statuschange = date('now')
+ WHERE mach_id = :id;
}
}
acomment, use, snet_id, ocomment INTO :s6, :i8, :s10, :s11, :i12,
:i13, :i7, :i9, :i14 FROM machine WHERE mach_id = :id;
if (ingres_errno) return(mr_errcode);
- /* subnet owner cannot change use or ocomment */
- if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14]))
+ /* subnet owner cannot change use, comment, or network */
+ if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14]) ||
+ (i9 != *(int *)argv[9]))
return(MR_PERM);
/* host owner cannot change contact, status, address, owner_type,
* owner_id, acomment, or subnet */
if (host_access_level == 2 &&
(strcmp(argv[6], strtrim(s6)) || (i8 != atoi(argv[8])) ||
- strcmp(argv[10], strtrim(s10)) || strcmp(argv[11], strtrim(s11)) ||
+ strcmp(argv[10], strtrim(s10)) ||strcmp(argv[11], strtrim(s11)) ||
(i12 != *(int *)argv[12]) || (i13 != *(int *)argv[13]) ||
- (i9 = *(int *)argv[9])))
+ (i9 != *(int *)argv[9])))
return(MR_PERM);
}
+ /*
+ * If this is an update_host query, we're done.
+ */
+ if (row == 1)
+ return(MR_SUCCESS);
+
+ /*
+ * For an add_host query, allocate and fill in a new machine id,
+ * and then insert the creator id.
+ */
if ((mr_errcode = prefetch_value(q,argv,cl)) != MR_SUCCESS)
return(mr_errcode);
- row = q->argc + q->vcnt + 1;
- sprintf(buf, "%d",cl->client_id);
- argv[row] = strsave(buf);
- argv[row+1] = NULL;
+ sprintf(argv[q->argc + q->vcnt + 1], "%d",cl->client_id);
return(MR_SUCCESS);
}