Fix a potential quota hole from cross-realm Hesiod entries.

author Evan Broder <broder@mit.edu>

Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)

committer Evan Broder <broder@mit.edu>

Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)
author Evan Broder <broder@mit.edu>
Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)
committer Evan Broder <broder@mit.edu>
Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)
diff --git a/code/validation.py b/code/validation.py

index 480d007..0285044 100644 (file)
--- a/code/validation.py
+++ b/code/validation.py
@@ -241,6 +241,8 @@ def testOwner(user, owner, machine=None):
          return machine.owner
      if owner is None:
          raise InvalidInput('owner', owner, "Owner must be specified")
+    if '@' in owner:
+        raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
      try:
          if user not in cache_acls.expandLocker(owner):
              raise InvalidInput('owner', owner, 'You do not have access to the '
author	Evan Broder <broder@mit.edu>
	Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)
committer	Evan Broder <broder@mit.edu>
	Tue, 7 Apr 2009 02:13:53 +0000 (22:13 -0400)