From cdc339659f867f302a60f18f07284c04bc034a21 Mon Sep 17 00:00:00 2001
From: Alejandro Sirgo Rica <asirgo@soleta.eu>
Date: Mon, 10 Jun 2024 10:24:43 +0200
Subject: rest: validate mac in client/update

Check if the requested new MAC exists in another client and refuse
update request if that's the case.
---
 src/rest.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/rest.c b/src/rest.c
index b50c423..7ffebbf 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -1905,8 +1905,8 @@ static int og_cmd_post_client_update(json_t *element,
 				     struct og_msg_params *params,
 				     char *buffer_reply)
 {
+	const char *key, *msglog, *client_ip;
 	struct og_computer computer = {};
-	const char *key, *msglog;
 	struct og_dbi *dbi;
 	dbi_result result;
 	json_t *value;
@@ -1989,6 +1989,27 @@ static int og_cmd_post_client_update(json_t *element,
 
 	dbi_result_free(result);
 
+	result = dbi_conn_queryf(dbi->conn,
+			 "SELECT ip FROM ordenadores WHERE ip<>'%s' AND mac='%s'",
+			 computer.ip, computer.mac);
+	if (!result) {
+		dbi_conn_error(dbi->conn, &msglog);
+		syslog(LOG_ERR, "failed to query database (%s:%d) %s\n",
+		       __func__, __LINE__, msglog);
+		og_dbi_close(dbi);
+		return -1;
+	}
+	if (dbi_result_next_row(result)) {
+		client_ip = dbi_result_get_string(result, "ip");
+		syslog(LOG_ERR, "client with MAC %s already exist in %s\n",
+		       computer.mac, client_ip);
+		dbi_result_free(result);
+		og_dbi_close(dbi);
+		return -1;
+	}
+
+	dbi_result_free(result);
+
 	result = dbi_conn_queryf(dbi->conn,
 				 "UPDATE ordenadores"
 				 " SET numserie='%s',"
-- 
cgit v1.2.3-18-g5258