jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ptserver: fix pt_util creation of groups

Browse Source 
In commit 53ac98931adf9f04c150d9bc084cae31f3913476 the adjustment of
owner id was moved from CreateEntry() into CreateGroupName().  This was
done for two reasons:

 1. to reuse the computation of "is administrator" within
    CreateGroupName() in order to permit the owner id to be set
    to the invalid values 0 and ANONYMOUSID.

 2. to allow the owner id to be altered in ChangeEntry().

Unfortunately, CreateEntry() needs to be able to alter the owner id
when creating users not only groups.

This change moves the computation of "is administrator" and the
owner id assignment to CreateEntry() and ChangeEntry().

Change-Id: I0d37f5a43ea5919d1bbc3ba6d82b2924ab38befc
This commit is contained in:
Jeffrey Altman 2016-03-09 22:34:55 -06:00 committed by Benjamin Kaduk
parent b702ab5da2
commit e3bb92c2a0
1 changed files with 19 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/ptserver/ptutils.c
View File

@ -193,11 +193,11 @@ CorrectUserName(char *name)
static afs_int32 static afs_int32
CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for group */ CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for group */
afs_int32 cid, /* caller id */ afs_int32 cid, /* caller id */
afs_int32 *oid, /* owner of group */ afs_int32 oid, /* owner of group */
afs_int32 admin, /* non-zero if admin */
char cname[PR_MAXNAMELEN]) /* correct name for group */ char cname[PR_MAXNAMELEN]) /* correct name for group */
{ {
afs_int32 code; afs_int32 code;
int admin;
char *prefix; /* ptr to group owner part */ char *prefix; /* ptr to group owner part */
char *suffix; /* ptr to group name part */ char *suffix; /* ptr to group name part */
char name[PR_MAXNAMELEN]; /* correct name for group */ char name[PR_MAXNAMELEN]; /* correct name for group */
@ -205,16 +205,12 @@ CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for g
if (strlen(aname) >= PR_MAXNAMELEN) if (strlen(aname) >= PR_MAXNAMELEN)
return PRBADNAM; return PRBADNAM;
admin = pr_noAuth || IsAMemberOf(ut, cid, SYSADMINID);
if (((*oid == 0) || (*oid == ANONYMOUSID)) && !admin)
*oid = cid;
/* Determine the correct prefix for the name. */ /* Determine the correct prefix for the name. */
if (*oid == SYSADMINID) if (oid == SYSADMINID)
prefix = "system"; prefix = "system";
else { else {
afs_int32 loc = FindByID(ut, *oid); afs_int32 loc = FindByID(ut, oid);
if (loc == 0) { if (loc == 0) {
/* let admin create groups owned by non-existent ids (probably /* let admin create groups owned by non-existent ids (probably
* setting a group to own itself). Check that they look like * setting a group to own itself). Check that they look like
@ -334,13 +330,19 @@ CreateEntry(struct ubik_trans *at, char aname[PR_MAXNAMELEN], afs_int32 *aid, af
/* get and init a new entry */ /* get and init a new entry */
afs_int32 code; afs_int32 code;
afs_int32 newEntry; afs_int32 newEntry;
afs_int32 admin;
struct prentry tentry, tent; struct prentry tentry, tent;
char *atsign; char *atsign;
memset(&tentry, 0, sizeof(tentry)); memset(&tentry, 0, sizeof(tentry));
admin = pr_noAuth || IsAMemberOf(at, creator, SYSADMINID);
if (oid == 0 || oid == ANONYMOUSID)
oid = creator;
if (flag & PRGRP) { if (flag & PRGRP) {
code = CorrectGroupName(at, aname, creator, &oid, tentry.name); code = CorrectGroupName(at, aname, creator, oid, admin, tentry.name);
if (code) if (code)
return code; return code;
if (strcmp(aname, tentry.name) != 0) if (strcmp(aname, tentry.name) != 0)
@ -1873,6 +1875,7 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs
struct prentry tentry, tent; struct prentry tentry, tent;
afs_int32 loc; afs_int32 loc;
afs_int32 oldowner; afs_int32 oldowner;
afs_int32 admin;
char holder[PR_MAXNAMELEN]; char holder[PR_MAXNAMELEN];
char temp[PR_MAXNAMELEN]; char temp[PR_MAXNAMELEN];
char oldname[PR_MAXNAMELEN]; char oldname[PR_MAXNAMELEN];
@ -1892,10 +1895,11 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs
&& !IsAMemberOf(at, cid, tentry.owner) && !pr_noAuth) && !IsAMemberOf(at, cid, tentry.owner) && !pr_noAuth)
return PRPERM; return PRPERM;
tentry.changeTime = time(0); tentry.changeTime = time(0);
admin = pr_noAuth || IsAMemberOf(at, cid, SYSADMINID);
/* we're actually trying to change the id */ /* we're actually trying to change the id */
if (newid && (newid != aid)) { if (newid && (newid != aid)) {
if (!IsAMemberOf(at, cid, SYSADMINID) && !pr_noAuth) if (!admin)
return PRPERM; return PRPERM;
pos = FindByID(at, newid); pos = FindByID(at, newid);
@ -2086,7 +2090,11 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs
/* don't let foreign cell groups change name */ /* don't let foreign cell groups change name */
if (atsign != NULL) if (atsign != NULL)
return PRPERM; return PRPERM;
code = CorrectGroupName(at, name, cid, &tentry.owner, tentry.name);
if (tentry.owner == 0 || tentry.owner == ANONYMOUSID)
tentry.owner = cid;
code = CorrectGroupName(at, name, cid, tentry.owner, admin, tentry.name);
if (code) if (code)
return code; return code;