rest: validate mac in client/update

Check if the requested new MAC exists in another client and refuse
update request if that's the case.

1 files changed, 22 insertions, 1 deletions

diff --git a/src/rest.c b/src/rest.c
index b50c423..7ffebbf 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -1905,8 +1905,8 @@ static int og_cmd_post_client_update(json_t *element,
 				     struct og_msg_params *params,
 				     char *buffer_reply)
 {
+	const char *key, *msglog, *client_ip;
 	struct og_computer computer = {};
-	const char *key, *msglog;
 	struct og_dbi *dbi;
 	dbi_result result;
 	json_t *value;
@@ -1990,6 +1990,27 @@ static int og_cmd_post_client_update(json_t *element,
 	dbi_result_free(result);
 
 	result = dbi_conn_queryf(dbi->conn,
+			 "SELECT ip FROM ordenadores WHERE ip<>'%s' AND mac='%s'",
+			 computer.ip, computer.mac);
+	if (!result) {
+		dbi_conn_error(dbi->conn, &msglog);
+		syslog(LOG_ERR, "failed to query database (%s:%d) %s\n",
+		       __func__, __LINE__, msglog);
+		og_dbi_close(dbi);
+		return -1;
+	}
+	if (dbi_result_next_row(result)) {
+		client_ip = dbi_result_get_string(result, "ip");
+		syslog(LOG_ERR, "client with MAC %s already exist in %s\n",
+		       computer.mac, client_ip);
+		dbi_result_free(result);
+		og_dbi_close(dbi);
+		return -1;
+	}
+
+	dbi_result_free(result);
+
+	result = dbi_conn_queryf(dbi->conn,
 				 "UPDATE ordenadores"
 				 " SET numserie='%s',"
 				 "  netdriver='%s',"