Disallow creating users with ANONYMOUSID

It can result only in sadness.

Document this restriction alongside UID 0 as a reserved number.

Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92
Reviewed-on: http://gerrit.openafs.org/10950
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>

diff --git a/doc/man-pages/pod1/pts_createuser.pod.in b/doc/man-pages/pod1/pts_createuser.pod.in
index 05fcd68..4bcd182 100644 (file)
--- a/doc/man-pages/pod1/pts_createuser.pod.in
+++ b/doc/man-pages/pod1/pts_createuser.pod.in
@@ -52,8 +52,9 @@ creator and the group system:administrators as its owner.
 
 =head1 CAUTIONS
 
-The Protection Server reserves AFS UID 0 (zero) and returns an error if
-the B<-id> argument has that value.
+The Protection Server reserves several AFS UIDs, including 0 (zero) and
+32766 (anonymous) for internal use, and returns an error if
+the B<-id> argument has a reserved value.
 
 =head1 OPTIONS
 

diff --git a/src/ptserver/ptprocs.c b/src/ptserver/ptprocs.c
index abc8bc0..7d1d6dd 100644 (file)
--- a/src/ptserver/ptprocs.c
+++ b/src/ptserver/ptprocs.c
@@ -161,6 +161,8 @@ CreateOK(struct ubik_trans *ut, afs_int32 cid, afs_int32 oid, afs_int32 flag,
                return 0;
        }
     } else {                   /* creating a user */
+       if (oid == ANONYMOUSID)
+           return 0;
        if (!admin && !pr_noAuth)
            return 0;
     }