Mercurial > noffle

comparison src/group.c @ 249:0340b9c17edc noffle

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[svn] *** empty log message ***
author mirkol
date Tue, 14 May 2002 15:25:45 +0100
parents 6eb6c912a0e4
children 93d5d8b098da
comparison
equal deleted inserted replaced
248:cd022deb8390 249:0340b9c17edc
5 the groups we know of. One database record is cached in the global struct 5 the groups we know of. One database record is cached in the global struct
6 grp. Group information is transfered between the grp and the database by 6 grp. Group information is transfered between the grp and the database by
7 loadGrp() and saveGrp(). This is done transparently. Access to the groups 7 loadGrp() and saveGrp(). This is done transparently. Access to the groups
8 database is done by group name, by the functions defined in group.h. 8 database is done by group name, by the functions defined in group.h.
9 9
10 $Id: group.c 374 2002-03-15 10:49:56Z bears $ 10 $Id: group.c 381 2002-05-14 14:25:45Z mirkol $
11 */ 11 */
12 12
13 #if HAVE_CONFIG_H 13 #if HAVE_CONFIG_H
14 #include <config.h> 14 #include <config.h>
15 #endif 15 #endif
414 414
415 Bool 415 Bool
416 Grp_isValidGroupName( const char *name) 416 Grp_isValidGroupName( const char *name)
417 { 417 {
418 const char *pname, *ppat; 418 const char *pname, *ppat;
419 const char *illegalchars = "\t\n\r,"; /* Are there any other illegal characters? */ 419 const char *illegalchars = "\t\n\r,/:\\"; /* Are there any other dangerous characters? */
420 420
421 /* Find directory prefixes to prevent exploits. */ 421 /* Find directory prefixes to prevent exploits. */
422 switch ( name[0] ) 422 switch ( name[0] )
423 { 423 {
424 case '.': /* prevent noffle -C ../fetchlist */ 424 case '.': /* prevent noffle -C ../fetchlist */
425 case '/': /* prevent noffle -C /etc/noffle.conf */ 425 case '+':
426 case ':': 426 case '-': /* reserved for internal use of implementations
427 case '\\': 427 * rf. draft-ietf-usefor-article-06.txt, ch 5.5.1 */
428 return FALSE; /* group name invalid */ 428 return FALSE; /* group name invalid */
429 break;
430 default:
431 break;
429 } 432 }
430 433
431 /* Find illegal characters. */ 434 /* Find illegal characters. */
432 if ( strpbrk( name, illegalchars ) ) 435 if ( strpbrk( name, illegalchars ) )
433 return FALSE; 436 return FALSE;
440 && ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) ) 443 && ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) )
441 return FALSE; 444 return FALSE;
442 else 445 else
443 pname += 3; 446 pname += 3;
444 } 447 }
448
449 /* Find "ctl", "ctl.*", "*.ctl" or "*.ctl.*" */
450 pname = name;
451 while ( ( ppat = strstr( pname, "ctl" ) ) != NULL )
452 {
453 if ( ( ppat == name || *(ppat - 1) == '.' )
454 && ( *(ppat+4) == '\0' || *(ppat+4) == '.' ) )
455 return FALSE;
456 else
457 pname += 3;
458 }
459 /* Find some special groups and hierarchies. */
460 if ( !( strcmp( name, "poster" ) && strcmp( name, "junk" )
461 && strcmp( name, "control" ) && strcmp( name, "to" )
462 && strncmp( name, "control.", 8 ) && strncmp( name, "to.", 3 )
463 && strncmp( name, "example.", 8 ) ) )
464 return FALSE;
465
445 466
446 /* Group name is hopefully valid. */ 467 /* Group name is hopefully valid. */
447 return TRUE; 468 return TRUE;
448 } 469 }