Fix bug #1959 input validation on delete of jobs.

[bacula/bacula] / bacula / src / dird / ua_acl.c

diff --git a/bacula/src/dird/ua_acl.c b/bacula/src/dird/ua_acl.c
index 7d5b686d5c9f4c3e165d236156cef8ce72b9f8e4..c510df6062da27dca551863ce38f26b9c21d778c 100644 (file)
--- a/bacula/src/dird/ua_acl.c
+++ b/bacula/src/dird/ua_acl.c
@@ -1,38 +1,38 @@
-/*
- *
- *   Bacula Director -- User Agent Access Control List (ACL) handling
- *
- *     Kern Sibbald, January MMIV
- *
- *   Version  $Id$
- */
 /*
    Bacula® - The Network Backup Solution
 
-   Copyright (C) 2004-2006 Free Software Foundation Europe e.V.
+   Copyright (C) 2004-2008 Free Software Foundation Europe e.V.
 
    The main author of Bacula is Kern Sibbald, with contributions from
    many others, a complete list can be found in the file AUTHORS.
    This program is Free Software; you can redistribute it and/or
-   modify it under the terms of version two of the GNU General Public
-   License as published by the Free Software Foundation plus additions
-   that are listed in the file LICENSE.
+   modify it under the terms of version three of the GNU Affero General Public
+   License as published by the Free Software Foundation and included
+   in the file LICENSE.
 
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    General Public License for more details.
 
-   You should have received a copy of the GNU General Public License
+   You should have received a copy of the GNU Affero General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    02110-1301, USA.
 
-   Bacula® is a registered trademark of John Walker.
+   Bacula® is a registered trademark of Kern Sibbald.
    The licensor of Bacula is the Free Software Foundation Europe
    (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
    Switzerland, email:ftf@fsfeurope.org.
 */
+/*
+ *
+ *   Bacula Director -- User Agent Access Control List (ACL) handling
+ *
+ *     Kern Sibbald, January MMIV
+ *
+ *   Version  $Id$
+ */
 
 #include "bacula.h"
 #include "dird.h"
@@ -40,18 +40,23 @@
 /*
  * Check if access is permitted to item in acl
  */
-bool acl_access_ok(UAContext *ua, int acl, char *item)
+bool acl_access_ok(UAContext *ua, int acl, const char *item)
 {
    return acl_access_ok(ua, acl, item, strlen(item));
 }
 
 
 /* This version expects the length of the item which we must check. */
-bool acl_access_ok(UAContext *ua, int acl, char *item, int len)
+bool acl_access_ok(UAContext *ua, int acl, const char *item, int len)
 {
+   /* The resource name contains nasty characters */
+   if (acl != Where_ACL && !is_name_valid(item, NULL)) {
+      Dmsg1(1400, "Access denied for item=%s\n", item);
+      return false;
+   }
 
    /* If no console resource => default console and all is permitted */
-   if (!ua->cons) {
+   if (!ua || !ua->cons) {
       Dmsg0(1400, "Root cons access OK.\n");
       return true;                    /* No cons resource -> root console OK for everything */
    }