X-Git-Url: http://andersk.mit.edu/gitweb/moira.git/blobdiff_plain/1195dd6a338f745b96a33ea195ee84bd257cf2b5..200e522b7171a4cb1ffdcdf9545655ef1ac96c07:/server/qsetup.dc?ds=sidebyside diff --git a/server/qsetup.dc b/server/qsetup.dc index d23e8d44..39e0f43f 100644 --- a/server/qsetup.dc +++ b/server/qsetup.dc @@ -314,7 +314,6 @@ int setup_alis(q, argv, cl) EXEC SQL BEGIN DECLARE SECTION; int ngid; EXEC SQL END DECLARE SECTION; - char *malloc(); unsigned char *p; int idx; @@ -912,6 +911,51 @@ setup_ahst(q,argv,cl) if (*(p-1) == '-') return(MR_BAD_CHAR); } + /* sanity check host vendor: must start with a letter, contain only + * letters, numerals, and hyphen, and end with an alphanumeric. + */ + if (*argv[row+1] && (row == 0 || strcmp(argv[2], cl->args->mr_argv[2]))) { + char *p = argv[row+1]; + + if (!isalpha(*p)) return(MR_BAD_CHAR); + for (; *p; p++) { + if ((!isalnum(*p) && *p != '-' && *p != '.') || + (*p == '-' && p[1] == '.')) + return(MR_BAD_CHAR); + } + if (!isalnum(*(p-1))) return(MR_BAD_CHAR); + } + + /* sanity check host type: must start with a letter, contain only + * letters, numerals, and hyphen, and end with an alphanumeric. + */ + if (*argv[row+2] && (row == 0 || strcmp(argv[3], cl->args->mr_argv[3]))) { + char *p = argv[row+2]; + + if (!isalnum(*p)) return(MR_BAD_CHAR); + for (; *p; p++) { + if ((!isalnum(*p) && *p != '-' && *p != '.') || + (*p == '-' && p[1] == '.')) + return(MR_BAD_CHAR); + } + if (!isalnum(*(p-1))) return(MR_BAD_CHAR); + } + + /* sanity check host vendor: must start with a letter, contain only + * letters, numerals, and hyphen, and end with an hyphen alphanumeric. + */ + if (*argv[row+3] && (row == 0 || strcmp(argv[4], cl->args->mr_argv[4]))) { + char *p = argv[row+3]; + + if (!isalpha(*p)) return(MR_BAD_CHAR); + for (; *p; p++) { + if ((!isalnum(*p) && *p != '-' && *p != '.') || + (*p == '-' && p[1] == '.')) + return(MR_BAD_CHAR); + } + if (!isalnum(*(p-1))) return(MR_BAD_CHAR); + } + /* check for duplicate name */ name = argv[row]; EXEC SQL SELECT count(mach_id) INTO :cnt FROM hostalias @@ -969,9 +1013,9 @@ setup_ahst(q,argv,cl) value = htonl(value); } value = htonl(value); - argv[9+row] = strsave(inet_ntoa(value)); + strcpy(argv[9+row], inet_ntoa(value)); } else { - argv[9+row] = strsave("unassigned"); + strcpy(argv[9+row], "unassigned"); } /* status checking */ @@ -1003,26 +1047,34 @@ setup_ahst(q,argv,cl) acomment, use, snet_id, ocomment INTO :s6, :i8, :s10, :s11, :i12, :i13, :i7, :i9, :i14 FROM machine WHERE mach_id = :id; if (ingres_errno) return(mr_errcode); - /* subnet owner cannot change use or ocomment */ - if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14])) + /* subnet owner cannot change use, comment, or network */ + if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14]) || + (i9 != *(int *)argv[9])) return(MR_PERM); /* host owner cannot change contact, status, address, owner_type, * owner_id, acomment, or subnet */ if (host_access_level == 2 && (strcmp(argv[6], strtrim(s6)) || (i8 != atoi(argv[8])) || - strcmp(argv[10], strtrim(s10)) || strcmp(argv[11], strtrim(s11)) || + strcmp(argv[10], strtrim(s10)) ||strcmp(argv[11], strtrim(s11)) || (i12 != *(int *)argv[12]) || (i13 != *(int *)argv[13]) || - (i9 = *(int *)argv[9]))) + (i9 != *(int *)argv[9]))) return(MR_PERM); } + /* + * If this is an update_host query, we're done. + */ + if (row == 1) + return(MR_SUCCESS); + + /* + * For an add_host query, allocate and fill in a new machine id, + * and then insert the creator id. + */ if ((mr_errcode = prefetch_value(q,argv,cl)) != MR_SUCCESS) return(mr_errcode); - row = q->argc + q->vcnt + 1; - sprintf(buf, "%d",cl->client_id); - argv[row] = strsave(buf); - argv[row+1] = NULL; + sprintf(argv[q->argc + q->vcnt + 1], "%d",cl->client_id); return(MR_SUCCESS); }