git.michaelhowe.org Git - packages/o/openafs.git/commit

author	Andrew Deason <adeason@sinenomine.net>
	Sat, 3 Nov 2018 05:58:58 +0000 (00:58 -0500)
committer	Stephan Wiesand <stephan.wiesand@desy.de>
	Thu, 25 Jul 2019 14:11:06 +0000 (10:11 -0400)
commit	d47904684afb8402b692c9f7a4bb5f32cc3da5d7
tree	1e713baca0c45996a3cb7f459e92df7c99bd743a	tree \| snapshot
parent	a33468b8d596fa45224b447bde90e3606a2fd5b9	commit \| diff

ptserver: Fix AccessOK -restricted for SYSADMINID

According to the documentation, as well as other code paths that check
for -restricted, the -restricted option does not affect members of
system:administrators. Currently, though, AccessOK only bypasses the
-restricted check if the caller is SYSADMINID itself (i.e. localauth).

Fix AccessOK to only do the -restricted checks if the caller is not in
system:administrators, to match the documentation as well as other
ptserver operations.

Reviewed-on: https://gerrit.openafs.org/13373
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 3a8fa4ecd65d5d743fdc573c9f0f261aee2063b6)

Change-Id: I786830efab229a50a521daf3efc624e949475030
Reviewed-on: https://gerrit.openafs.org/13687
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>