From: Andrew Deason Date: Fri, 30 Jul 2010 20:32:53 +0000 (-0500) Subject: ptserver: Do not use cell for entry name len check X-Git-Tag: openafs-devel-1_5_76~52 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5e946d5b6672d4dea7dd1c3ee669245b3d2ced92;p=packages%2Fo%2Fopenafs.git ptserver: Do not use cell for entry name len check Do not use the local cell name when determining if a new entry name is too long. This check assumes that foreign cells will use our local cell name (assumed to be our local Kerberos realm) in a certain way, and prevents creating users that will make those names too long. This is undesirable for several reasons. One is that the local realm name may not be the same as the local cell name (and we may have many local realms). Another is that we cannot reliably predict how foreign cells will construct foreign pt entry names, so preventing entry creation based on that may prevent names that will never cause any problems. This check also assumes that our names will be used as foreign entries in other cells, which may not be the case. So, remove the check based on the local cell name, and remove the pr_realmNameLen variable while we are at it, since this is all it is used for. Thanks to Jeffrey Altman for discussion, and for bringing this up in the first place. Change-Id: Ief4bc94d9ead61a1589797b5dc663a6473c9ed72 Reviewed-on: http://gerrit.openafs.org/2488 Tested-by: Derrick Brashear Reviewed-by: Derrick Brashear --- diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index b0fe4f984..c5a5c0792 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -153,7 +153,6 @@ struct afsconf_dir *prdir; extern afs_int32 depthsg; #endif -int pr_realmNameLen; char *pr_realmName; int debuglevel = 0; @@ -454,7 +453,6 @@ main(int argc, char **argv) PT_EXIT(2); } pr_realmName = info.name; - pr_realmNameLen = strlen(pr_realmName); { afs_int32 kvno; /* see if there is a KeyFile here */ diff --git a/src/ptserver/ptutils.c b/src/ptserver/ptutils.c index be99ddbc1..dd185da09 100644 --- a/src/ptserver/ptutils.c +++ b/src/ptserver/ptutils.c @@ -176,31 +176,19 @@ pt_hook_write(void) #endif /* SUPERGROUPS */ /* CorrectUserName - Check to make sure a user name is OK. It must not include - * either a colon (or it would look like a group) or an atsign (or it would - * look like a foreign user). The length is checked as well to make sure - * that the user name, an atsign, and the local cell name will fit in - * PR_MAXNAMELEN. This is so this user can fit in another cells database as - * a foreign user with our cell name tacked on. This is a predicate, so it - * return one if name is OK and zero if name is bogus. */ + * either a colon (or it would look like a group) or a newline (which can + * confuse some ptdb code, depending on the format we're reading from). + * This is a predicate, so it return one if name is OK and zero if name is + * bogus. */ static int CorrectUserName(char *name) { - extern int pr_realmNameLen; - /* We accept foreign names, so we will deal with '@' later */ if (strchr(name, ':') || strchr(name, '\n')) return 0; - if (strchr(name, '@')) { - /* foreign user; we don't need to worry about pr_realmNameLen, since - * our local realm name will never be appended to this */ - if (strlen(name) >= PR_MAXNAMELEN) { - return 0; - } - } else { - if (strlen(name) >= PR_MAXNAMELEN - pr_realmNameLen - 1) - return 0; - } + if (strlen(name) >= PR_MAXNAMELEN) + return 0; return 1; } diff --git a/src/ptserver/ubik.c b/src/ptserver/ubik.c index befe08130..be28de43a 100644 --- a/src/ptserver/ubik.c +++ b/src/ptserver/ubik.c @@ -187,5 +187,4 @@ afsconf_GetNoAuthFlag(struct afsconf_dir *adir) char *prdir = "/dev/null"; struct prheader cheader; -int pr_realmNameLen; char *pr_realmName;