From e3bb92c2a0883ae2922ac6019eed543201dbc2ec Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 9 Mar 2016 22:34:55 -0600 Subject: [PATCH] ptserver: fix pt_util creation of groups In commit 53ac98931adf9f04c150d9bc084cae31f3913476 the adjustment of owner id was moved from CreateEntry() into CreateGroupName(). This was done for two reasons: 1. to reuse the computation of "is administrator" within CreateGroupName() in order to permit the owner id to be set to the invalid values 0 and ANONYMOUSID. 2. to allow the owner id to be altered in ChangeEntry(). Unfortunately, CreateEntry() needs to be able to alter the owner id when creating users not only groups. This change moves the computation of "is administrator" and the owner id assignment to CreateEntry() and ChangeEntry(). Change-Id: I0d37f5a43ea5919d1bbc3ba6d82b2924ab38befc --- src/ptserver/ptutils.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/src/ptserver/ptutils.c b/src/ptserver/ptutils.c index 7d0ca1e8ee..32b34c746a 100644 --- a/src/ptserver/ptutils.c +++ b/src/ptserver/ptutils.c @@ -193,11 +193,11 @@ CorrectUserName(char *name) static afs_int32 CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for group */ afs_int32 cid, /* caller id */ - afs_int32 *oid, /* owner of group */ + afs_int32 oid, /* owner of group */ + afs_int32 admin, /* non-zero if admin */ char cname[PR_MAXNAMELEN]) /* correct name for group */ { afs_int32 code; - int admin; char *prefix; /* ptr to group owner part */ char *suffix; /* ptr to group name part */ char name[PR_MAXNAMELEN]; /* correct name for group */ @@ -205,16 +205,12 @@ CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for g if (strlen(aname) >= PR_MAXNAMELEN) return PRBADNAM; - admin = pr_noAuth || IsAMemberOf(ut, cid, SYSADMINID); - - if (((*oid == 0) || (*oid == ANONYMOUSID)) && !admin) - *oid = cid; /* Determine the correct prefix for the name. */ - if (*oid == SYSADMINID) + if (oid == SYSADMINID) prefix = "system"; else { - afs_int32 loc = FindByID(ut, *oid); + afs_int32 loc = FindByID(ut, oid); if (loc == 0) { /* let admin create groups owned by non-existent ids (probably * setting a group to own itself). Check that they look like @@ -334,13 +330,19 @@ CreateEntry(struct ubik_trans *at, char aname[PR_MAXNAMELEN], afs_int32 *aid, af /* get and init a new entry */ afs_int32 code; afs_int32 newEntry; + afs_int32 admin; struct prentry tentry, tent; char *atsign; memset(&tentry, 0, sizeof(tentry)); + admin = pr_noAuth || IsAMemberOf(at, creator, SYSADMINID); + + if (oid == 0 || oid == ANONYMOUSID) + oid = creator; + if (flag & PRGRP) { - code = CorrectGroupName(at, aname, creator, &oid, tentry.name); + code = CorrectGroupName(at, aname, creator, oid, admin, tentry.name); if (code) return code; if (strcmp(aname, tentry.name) != 0) @@ -1873,6 +1875,7 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs struct prentry tentry, tent; afs_int32 loc; afs_int32 oldowner; + afs_int32 admin; char holder[PR_MAXNAMELEN]; char temp[PR_MAXNAMELEN]; char oldname[PR_MAXNAMELEN]; @@ -1892,10 +1895,11 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs && !IsAMemberOf(at, cid, tentry.owner) && !pr_noAuth) return PRPERM; tentry.changeTime = time(0); + admin = pr_noAuth || IsAMemberOf(at, cid, SYSADMINID); /* we're actually trying to change the id */ if (newid && (newid != aid)) { - if (!IsAMemberOf(at, cid, SYSADMINID) && !pr_noAuth) + if (!admin) return PRPERM; pos = FindByID(at, newid); @@ -2086,7 +2090,11 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs /* don't let foreign cell groups change name */ if (atsign != NULL) return PRPERM; - code = CorrectGroupName(at, name, cid, &tentry.owner, tentry.name); + + if (tentry.owner == 0 || tentry.owner == ANONYMOUSID) + tentry.owner = cid; + + code = CorrectGroupName(at, name, cid, tentry.owner, admin, tentry.name); if (code) return code;