r19397: Restrict databases which can be opened to a known set (currently only 'sam...

(This used to be commit 023c3b02b9990eed90904d3ba7e506dfe3d28345)

diff --git a/services/samba/ldb.esp b/services/samba/ldb.esp
index 1cd98adc3a9527a8f5a4d8c2c18acfa9a73f384e..2654efe9884e2e589940f1cf06a95022904e3eb6 100644 (file)
--- a/services/samba/ldb.esp
+++ b/services/samba/ldb.esp
@@ -16,6 +16,34 @@
 jsonrpc_include("resources.esp");
 
 
+/**
+ * Local function to determine if the requested database is one which we allow
+ * access to.
+ *
+ * @param dbRequested
+ *   Name of the database which is being requested to be opened
+ *
+ * @return
+ *   true if access is allowed; false otherwise.
+ */
+function accessAllowed(dbRequested)
+{
+    /* Databases allowed to connect to */
+    dbAllowed = new Array();
+    dbAllowed[dbAllowed.length] = "sam.ldb";
+
+    for (var i = 0; i < dbAllowed.length; i++)
+    {
+        if (dbRequested == dbAllowed[i])
+        {
+            return true;
+        }
+    }
+
+    return false;
+}
+
+
 /**
  * Connect to a database
  *
@@ -52,11 +80,10 @@ function _connect(params, error)
         return resourceId;
     }
 
-    /* Ensure there are no slashes in the database name */
-    var components = split('/', params[0]);
-    if (components.length > 1)
+    /* Ensure that the database name is one that is allowed to be opened */
+    if (! accessAllowed(params[0]))
     {
-        error.setError(1, "Invalid database name (contains '/')");
+        error.setError(-1, "Invalid or disallowed database name");
         return error;
     }