From: Derrick Brashear <shadow@your-file-system.com>
Date: Wed, 1 May 2013 20:07:09 +0000 (-0400)
Subject: pt: let pt_util create the groups it wants
X-Git-Tag: upstream/1.8.0_pre1^2~1191
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=53ac98931adf9f04c150d9bc084cae31f3913476;p=packages%2Fo%2Fopenafs.git

pt: let pt_util create the groups it wants

if you are rebuilding from pt_util, data sanitization should
not randomly chown and/or rename your groups. likewise,
an admin should have the ability to do this.

Change-Id: Id76cd16acc4af712b9be6d0c7110e8db10ce3fff
Reviewed-on: http://gerrit.openafs.org/9841
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/ptserver/ptutils.c b/src/ptserver/ptutils.c
index b87769415..18c7e6e83 100644
--- a/src/ptserver/ptutils.c
+++ b/src/ptserver/ptutils.c
@@ -193,7 +193,7 @@ CorrectUserName(char *name)
 static afs_int32
 CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN],	/* name for group */
 		 afs_int32 cid,		/* caller id */
-		 afs_int32 oid,		/* owner of group */
+		 afs_int32 *oid,		/* owner of group */
 		 char cname[PR_MAXNAMELEN])	/* correct name for group */
 {
     afs_int32 code;
@@ -207,14 +207,14 @@ CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN],	/* name for g
 	return PRBADNAM;
     admin = pr_noAuth || IsAMemberOf(ut, cid, SYSADMINID);
 
-    if (oid == 0)
-	oid = cid;
+    if (((*oid == 0) || (*oid == ANONYMOUSID)) && !admin)
+	*oid = cid;
 
     /* Determine the correct prefix for the name. */
-    if (oid == SYSADMINID)
+    if (*oid == SYSADMINID)
 	prefix = "system";
     else {
-	afs_int32 loc = FindByID(ut, oid);
+	afs_int32 loc = FindByID(ut, *oid);
 	if (loc == 0) {
 	    /* let admin create groups owned by non-existent ids (probably
 	     * setting a group to own itself).  Check that they look like
@@ -243,6 +243,13 @@ CorrectGroupName(struct ubik_trans *ut, char aname[PR_MAXNAMELEN],	/* name for g
 
     strcpy(name, aname);	/* in case aname & cname are same */
     suffix = strchr(name, ':');
+    /* let e.g. pt_util create groups with "wrong" names (like
+     * an orphan whose parent ID was reused).  Check that they look like
+     * groups (with a colon) or otherwise are good user names. */
+    if (pr_noAuth) {
+	strcpy(cname, aname);
+	goto done;
+    }
     if (suffix == 0) {
 	/* sysadmin can make groups w/o ':', but they must still look like
 	 * legal user names. */
@@ -332,11 +339,8 @@ CreateEntry(struct ubik_trans *at, char aname[PR_MAXNAMELEN], afs_int32 *aid, af
 
     memset(&tentry, 0, sizeof(tentry));
 
-    if ((oid == 0) || (oid == ANONYMOUSID))
-	oid = creator;
-
     if (flag & PRGRP) {
-	code = CorrectGroupName(at, aname, creator, oid, tentry.name);
+	code = CorrectGroupName(at, aname, creator, &oid, tentry.name);
 	if (code)
 	    return code;
 	if (strcmp(aname, tentry.name) != 0)
@@ -2081,7 +2085,7 @@ ChangeEntry(struct ubik_trans *at, afs_int32 aid, afs_int32 cid, char *name, afs
 	    /* don't let foreign cell groups change name */
 	    if (atsign != NULL)
 		return PRPERM;
-	    code = CorrectGroupName(at, name, cid, tentry.owner, tentry.name);
+	    code = CorrectGroupName(at, name, cid, &tentry.owner, tentry.name);
 	    if (code)
 		return code;