From 8ca3e3419cff0bb78f72e0e8254bda57c337391a Mon Sep 17 00:00:00 2001
From: tom <tom>
Date: Wed, 18 May 1994 16:20:25 +0000
Subject: [PATCH] mucked with host table authorization checks...

---
 server/qsetup.dc | 54 ++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 50 insertions(+), 4 deletions(-)

diff --git a/server/qsetup.dc b/server/qsetup.dc
index 450619fd..3e2c45e1 100644
--- a/server/qsetup.dc
+++ b/server/qsetup.dc
@@ -911,6 +911,51 @@ setup_ahst(q,argv,cl)
 	if (*(p-1) == '-') return(MR_BAD_CHAR);
     }
 
+    /* sanity check host vendor: must start with a letter, contain only
+     * letters, numerals, and hyphen, and end with an alphanumeric.
+     */
+    if (*argv[row+1] && (row == 0 || strcmp(argv[2], cl->args->mr_argv[2]))) {
+	char *p = argv[row+1];
+
+	if (!isalpha(*p)) return(MR_BAD_CHAR);
+	for (; *p; p++) {
+	    if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+		(*p == '-' && p[1] == '.'))
+	      return(MR_BAD_CHAR);
+	}
+	if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+    }
+
+    /* sanity check host type: must start with a letter, contain only
+     * letters, numerals, and hyphen, and end with an alphanumeric.
+     */
+    if (*argv[row+2] && (row == 0 || strcmp(argv[3], cl->args->mr_argv[3]))) {
+	char *p = argv[row+2];
+
+	if (!isalpha(*p)) return(MR_BAD_CHAR);
+	for (; *p; p++) {
+	    if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+		(*p == '-' && p[1] == '.'))
+	      return(MR_BAD_CHAR);
+	}
+	if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+    }
+
+    /* sanity check host vendor: must start with a letter, contain only
+     * letters, numerals, and hyphen, and end with an hyphen alphanumeric.
+     */
+    if (*argv[row+3] && (row == 0 || strcmp(argv[4], cl->args->mr_argv[4]))) {
+	char *p = argv[row+3];
+
+	if (!isalpha(*p)) return(MR_BAD_CHAR);
+	for (; *p; p++) {
+	    if ((!isalnum(*p) && *p != '-' && *p != '.') ||
+		(*p == '-' && p[1] == '.'))
+	      return(MR_BAD_CHAR);
+	}
+	if (!isalnum(*(p-1))) return(MR_BAD_CHAR);
+    }
+
     /* check for duplicate name */
     name = argv[row];
     EXEC SQL SELECT count(mach_id) INTO :cnt FROM hostalias
@@ -1002,16 +1047,17 @@ setup_ahst(q,argv,cl)
 	  acomment, use, snet_id, ocomment INTO :s6, :i8, :s10, :s11, :i12,
 	  :i13, :i7, :i9, :i14 FROM machine WHERE mach_id = :id;
 	if (ingres_errno) return(mr_errcode);
-	/* subnet owner cannot change use or ocomment */
-	if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14]))
+	/* subnet owner cannot change use, comment, or network */
+	if ((i7 != atoi(argv[7])) || (i14 != *(int *)argv[14]) ||
+            (i9 != *(int *)argv[9]))
 	  return(MR_PERM);
 	/* host owner cannot change contact, status, address, owner_type,
 	 * owner_id, acomment, or subnet */
 	if (host_access_level == 2 &&
 	    (strcmp(argv[6], strtrim(s6)) || (i8 != atoi(argv[8])) ||
-	     strcmp(argv[10], strtrim(s10)) || strcmp(argv[11], strtrim(s11)) ||
+	     strcmp(argv[10], strtrim(s10)) ||strcmp(argv[11], strtrim(s11)) ||
 	     (i12 != *(int *)argv[12]) || (i13 != *(int *)argv[13]) ||
-	     (i9 = *(int *)argv[9])))
+	     (i9 != *(int *)argv[9])))
 	  return(MR_PERM);
     }
 
-- 
2.45.1