CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN], /* name for group */
afs_int32 cid, /* caller id */
afs_int32 oid, /* owner of group */
+ afs_int32 admin, /* non-zero if admin */
char cname[PR_MAXNAMELEN]) /* correct name for group */
{
afs_int32 code;
- int admin;
char *prefix; /* ptr to group owner part */
char *suffix; /* ptr to group name part */
char name[PR_MAXNAMELEN]; /* correct name for group */
if (strlen(aname) >= PR_MAXNAMELEN)
return PRBADNAM;
- admin = pr_noAuth || IsAMemberOf(ut, cid, SYSADMINID);
-
- if (oid == 0)
- oid = cid;
/* Determine the correct prefix for the name. */
if (oid == SYSADMINID)
strcpy(name, aname); /* in case aname & cname are same */
suffix = strchr(name, ':');
+ /* let e.g. pt_util create groups with "wrong" names (like
+ * an orphan whose parent ID was reused). Check that they look like
+ * groups (with a colon) or otherwise are good user names. */
+ if (pr_noAuth) {
+ strcpy(cname, aname);
+ goto done;
+ }
if (suffix == 0) {
/* sysadmin can make groups w/o ':', but they must still look like
* legal user names. */
return 1;
if (cid == SYSADMINID)
return 1; /* special case fileserver */
- if (restricted && ((mem == PRP_ADD_MEM) || (mem == PRP_REMOVE_MEM)) && (any == 0))
- return 0;
+ if (restricted && !IsAMemberOf(ut, cid, SYSADMINID)) {
+ if (mem == PRP_ADD_MEM || mem == PRP_REMOVE_MEM) {
+ /* operation is for adding/removing members from a group */
+ return 0;
+ }
+ if (mem == 0 && any == 0) {
+ /* operation is for modifying an entry (or some administrative
+ * global operations) */
+ return 0;
+ }
+ }
if (tentry) {
flags = tentry->flags;
oid = tentry->owner;
/* get and init a new entry */
afs_int32 code;
afs_int32 newEntry;
+ afs_int32 admin;
struct prentry tentry, tent;
char *atsign;
memset(&tentry, 0, sizeof(tentry));
- if ((oid == 0) || (oid == ANONYMOUSID))
+ admin = pr_noAuth || IsAMemberOf(at, creator, SYSADMINID);
+
+ if (oid == 0 || oid == ANONYMOUSID) {
+ if (!admin && creator == 0)
+ return PRBADARG;
oid = creator;
+ }
if (flag & PRGRP) {
- code = CorrectGroupName(at, aname, creator, oid, tentry.name);
+ code = CorrectGroupName(at, aname, creator, oid, admin, tentry.name);
if (code)
return code;
if (strcmp(aname, tentry.name) != 0)
/* To create the user <name>@<cell> the group AUTHUSER_GROUP@<cell>
* must exist.
*/
- asprintf(&cellGroup, "%s%s", AUTHUSER_GROUP, atsign);
+ if (asprintf(&cellGroup, "%s%s", AUTHUSER_GROUP, atsign) < 0)
+ return PRNOMEM;
pos = FindByName(at, cellGroup, ¢ry);
free(cellGroup);
if (!pos)
/* write updated entry for group */
code = pr_Write(at, 0, pos, ¢ry, sizeof(centry));
+ if (code)
+ return PRDBFAIL;
/* Now add the new user entry to the database */
- tentry.creator = creator;
+ if (creator == 0)
+ tentry.creator = tentry.id;
+ else
+ tentry.creator = creator;
*aid = tentry.id;
code = pr_WriteEntry(at, 0, newEntry, &tentry);
if (code)
tentry.ngroups = tentry.nusers = 20;
}
- tentry.creator = creator;
+ if (creator == 0)
+ tentry.creator = tentry.id;
+ else
+ tentry.creator = creator;
*aid = tentry.id;
code = pr_WriteEntry(at, 0, newEntry, &tentry);
if (code)
} /* for all coentry slots */
hloc = nptr;
nptr = centry.next;
- memcpy((char *)¢ry, (char *)&hentry, sizeof(centry));
+ memcpy(&hentry, ¢ry, sizeof(centry));
} /* while there are coentries */
return PRNOENT;
}
afs_int32
AddToPRList(prlist *alist, int *sizeP, afs_int32 id)
{
- char *tmp;
+ afs_int32 *tmp;
int count;
if (alist->prlist_len >= *sizeP) {
count = alist->prlist_len + 100;
if (alist->prlist_val) {
- tmp =
- (char *)realloc(alist->prlist_val, count * sizeof(afs_int32));
+ tmp = realloc(alist->prlist_val, count * sizeof(afs_int32));
} else {
- tmp = (char *)malloc(count * sizeof(afs_int32));
+ tmp = malloc(count * sizeof(afs_int32));
}
if (!tmp)
return (PRNOMEM);
- alist->prlist_val = (afs_int32 *) tmp;
+ alist->prlist_val = tmp;
*sizeP = count;
}
alist->prlist_val[alist->prlist_len++] = id;
didsomething ? "TRUE" : "FALSE");
if (predictflagged && didsomething != predictfound)
fprintf(stderr, "**** for gid=%d, didsomething=%d predictfound=%d\n",
- didsomething, predictfound);
+ gid, didsomething, predictfound);
#endif
if (didsomething)
sg_found = add_map(sg_found, -gid);
struct prentry tentry, tent;
afs_int32 loc;
afs_int32 oldowner;
+ afs_int32 admin;
char holder[PR_MAXNAMELEN];
char temp[PR_MAXNAMELEN];
char oldname[PR_MAXNAMELEN];
&& !IsAMemberOf(at, cid, tentry.owner) && !pr_noAuth)
return PRPERM;
tentry.changeTime = time(0);
+ admin = pr_noAuth || IsAMemberOf(at, cid, SYSADMINID);
/* we're actually trying to change the id */
if (newid && (newid != aid)) {
- if (!IsAMemberOf(at, cid, SYSADMINID) && !pr_noAuth)
+ if (!admin)
return PRPERM;
pos = FindByID(at, newid);
/* don't let foreign cell groups change name */
if (atsign != NULL)
return PRPERM;
- code = CorrectGroupName(at, name, cid, tentry.owner, tentry.name);
+
+ if (tentry.owner == 0 || tentry.owner == ANONYMOUSID)
+ tentry.owner = cid;
+
+ code = CorrectGroupName(at, name, cid, tentry.owner, admin, tentry.name);
if (code)
return code;
git://git.openafs.org / openafs.git / blobdiff