From 91a84d3f26706dca91ff915354667bf4f667fcc5 Mon Sep 17 00:00:00 2001
From: Evan Broder <broder@mit.edu>
Date: Mon, 6 Apr 2009 22:13:53 -0400
Subject: [PATCH] Fix a potential quota hole from cross-realm Hesiod entries.

svn path=/trunk/packages/invirt-web/; revision=2293
---
 code/validation.py |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/code/validation.py b/code/validation.py
index 480d007..0285044 100644
--- a/code/validation.py
+++ b/code/validation.py
@@ -241,6 +241,8 @@ def testOwner(user, owner, machine=None):
         return machine.owner
     if owner is None:
         raise InvalidInput('owner', owner, "Owner must be specified")
+    if '@' in owner:
+        raise InvalidInput('owner', owner, "No cross-realm Hesiod lockers allowed")
     try:
         if user not in cache_acls.expandLocker(owner):
             raise InvalidInput('owner', owner, 'You do not have access to the '
-- 
1.7.9.5