r10190: Do some very basic input checking when provisioning.

(This used to be commit 87f25fe49caa78422582337c5208a331ef5b8c15)

diff --git a/source4/pidl/pidl.1.xml b/source4/pidl/pidl.1.xml
index 4ddc267968e9877bc6e148c0b33421226457bd85..2ac40efe001a734234cb7682bbe83ee4657e03db 100644 (file)
--- a/source4/pidl/pidl.1.xml
+++ b/source4/pidl/pidl.1.xml
@@ -30,7 +30,6 @@
                <arg choice="opt">--server</arg>
                <arg choice="opt">--dcom-proxy</arg>
                <arg choice="opt">--com-header</arg>
                <arg choice="opt">--server</arg>
                <arg choice="opt">--dcom-proxy</arg>
                <arg choice="opt">--com-header</arg>

-               <arg choice="opt">--odl</arg>

                <arg choice="opt">--warn-compat</arg>
                <arg choice="opt">--quiet</arg>
                <arg choice="opt">--verbose</arg>
                <arg choice="opt">--warn-compat</arg>
                <arg choice="opt">--quiet</arg>
                <arg choice="opt">--verbose</arg>

diff --git a/source4/script/build_idl.sh b/source4/script/build_idl.sh
index 668d5df975851342db98d5a5619c87dd7ce1b424..39157a5909e84bc921391212adb6c035fcca87c7 100755 (executable)
--- a/source4/script/build_idl.sh
+++ b/source4/script/build_idl.sh
@@ -6,7 +6,7 @@ PIDL_EXTRA_ARGS="$*"
 
 [ -d librpc/gen_ndr ] || mkdir -p librpc/gen_ndr || exit 1
 
 
 [ -d librpc/gen_ndr ] || mkdir -p librpc/gen_ndr || exit 1
 

-PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --odl --ejs $PIDL_EXTRA_ARGS"
+PIDL="$PERL ./pidl/pidl --outputdir librpc/gen_ndr --ndr-header --header --ndr-parser --server --client --dcom-proxy --com-header --swig --ejs $PIDL_EXTRA_ARGS"

 
 if [ x$FULLBUILD = xFULL ]; then
       echo Rebuilding all idl files in librpc/idl
 
 if [ x$FULLBUILD = xFULL ]; then
       echo Rebuilding all idl files in librpc/idl

diff --git a/source4/scripting/libjs/provision.js b/source4/scripting/libjs/provision.js
index ef99dc43c553e17787c14a1a6aa3cf234e9900a6..33bfafac135e72a49768b7a7b7ac97d27758d645 100644 (file)
--- a/source4/scripting/libjs/provision.js
+++ b/source4/scripting/libjs/provision.js
@@ -233,7 +233,9 @@ function provision(subobj, message, blank, paths)
        subobj.REALM       = strlower(subobj.REALM);
        subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
        subobj.DOMAIN      = strupper(subobj.DOMAIN);
        subobj.REALM       = strlower(subobj.REALM);
        subobj.HOSTNAME    = strlower(subobj.HOSTNAME);
        subobj.DOMAIN      = strupper(subobj.DOMAIN);

+       assert(valid_netbios_name(subobj.DOMAIN));

        subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);
        subobj.NETBIOSNAME = strupper(subobj.HOSTNAME);

+       assert(valid_netbios_name(subobj.NETBIOSNAME));

        var rdns = split(",", subobj.BASEDN);
        subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 
        var rdns = split(",", subobj.BASEDN);
        subobj.RDN_DC = substr(rdns[0], strlen("DC="));
 


@@ -431,5 +433,29 @@ member: %s
        return enable_account(ldb, user_dn);
 }
 
        return enable_account(ldb, user_dn);
 }
 

+// Check whether a name is valid as a NetBIOS name. 
+// FIXME: There are probably more constraints here
+function valid_netbios_name(name)
+{
+       if (strlen(name) > 13) return false;
+       if (strstr(name, ".")) return false;
+       return true;
+}
+
+function provision_validate(subobj, message)
+{
+       if (!valid_netbios_name(subobj.DOMAIN)) {
+               message("Invalid NetBIOS name for domain\n");
+               return false;
+       }
+
+       if (!valid_netbios_name(subobj.NETBIOSNAME)) {
+               message("Invalid NetBIOS name for host\n");
+               return false;
+       }
+
+       return true;
+}
+

 
 return 0;
 
 return 0;

diff --git a/source4/setup/provision b/source4/setup/provision
index fd949ce9d99d68ca191b8b4a29dd6bb195b439a9..44b7ee7a4f19614fb38c5d06218ce87b73a5748d 100755 (executable)
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -108,6 +108,11 @@ for (r in options) {
 
 var blank = (options["blank"] != undefined);
 
 
 var blank = (options["blank"] != undefined);
 

+if (!provision_validate(subobj, message)) {
+       return -1;
+}
+
+

 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
 provision(subobj, message, blank, provision_default_paths(subobj));
 message("Provisioning for %s in realm %s\n", subobj.DOMAIN, subobj.REALM);
 message("Using administrator password: %s\n", subobj.ADMINPASS);
 provision(subobj, message, blank, provision_default_paths(subobj));

diff --git a/source4/setup/provision.zone b/source4/setup/provision.zone
index 0f5764dc11ee2eaaa71cd9f7fb2108e0152f0757..40cb78fd552f18467e7e34b3db1f0cd7eef7ccae 100644 (file)
--- a/source4/setup/provision.zone
+++ b/source4/setup/provision.zone
@@ -1,4 +1,4 @@
-; generate by provision.pl
+; generated by provision.pl

 $ORIGIN ${DNSDOMAIN}.
 $TTL 1W
 @               IN SOA  @   hostmaster (
 $ORIGIN ${DNSDOMAIN}.
 $TTL 1W
 @               IN SOA  @   hostmaster (

diff --git a/swat/install/provision.esp b/swat/install/provision.esp
index de823ddcde14f6dab4a8e6c3130eb7fd3735f292..5f91451cbc3651555c10a9ad87c3f043cdfcc06d 100644 (file)
--- a/swat/install/provision.esp
+++ b/swat/install/provision.esp
@@ -58,6 +58,8 @@ if (form['submit'] == "Provision") {
        } else if (subobj.ADMINPASS == "") {
                write("<h3>You must choose an administrator password.  Please try again.</h3>");
                f.display();
        } else if (subobj.ADMINPASS == "") {
                write("<h3>You must choose an administrator password.  Please try again.</h3>");
                f.display();

+       } else if (!provision_validate(subobj, writefln)) {
+               f.display();

        } else {
                provision(subobj, writefln, false, provision_default_paths(subobj));
        }
        } else {
                provision(subobj, writefln, false, provision_default_paths(subobj));
        }