ndb/cs, ndb/dns: ignore special commands from users different from the one we run the service owner

this prevents users like "none" from toggling special options in ndb/dns
and ndb/cs.

1 files changed, 8 insertions, 1 deletions

diff --git a/sys/src/cmd/ndb/dns.c b/sys/src/cmd/ndb/dns.c
index 8fc4f5167..32bae4040 100644
--- a/sys/src/cmd/ndb/dns.c
+++ b/sys/src/cmd/ndb/dns.c
@@ -77,6 +77,7 @@ char	*zonerefreshprogram;
 
 char	*logfile = "dns";	/* or "dns.test" */
 char	*dbfile;
+char	*dnsuser;
 char	mntpt[Maxpath];
 
 int	addforwtarg(char *);
@@ -198,6 +199,7 @@ main(int argc, char *argv[])
 	opendatabase();
 	now = time(nil);		/* open time files before we fork */
 	nowns = nsec();
+	dnsuser = estrdup(getuser());
 
 	snprint(servefile, sizeof servefile, "#s/dns%s", ext);
 	dir = dirstat(servefile);
@@ -717,10 +719,14 @@ rwrite(Job *job, Mfile *mf, Request *req)
 	if(cnt > 0 && job->request.data[cnt-1] == '\n')
 		job->request.data[cnt-1] = 0;
 
+	if(strcmp(mf->user, "none") == 0 || strcmp(mf->user, dnsuser) != 0)
+		goto query;	/* skip special commands if not owner */
+
 	/*
 	 *  special commands
 	 */
-//	dnslog("rwrite got: %s", job->request.data);
+	if(debug)
+		dnslog("rwrite got: %s", job->request.data);
 	send = 1;
 	if(strcmp(job->request.data, "debug")==0)
 		debug ^= 1;
@@ -744,6 +750,7 @@ rwrite(Job *job, Mfile *mf, Request *req)
 	if (send)
 		goto send;
 
+query:
 	/*
 	 *  kill previous reply
 	 */