From da12da791e53c8f1ff7f67eda1b58d53a3a2e1cc Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Wed, 26 Mar 2014 07:35:29 -0400 Subject: [PATCH] Disallow creating users with ANONYMOUSID It can result only in sadness. Document this restriction alongside UID 0 as a reserved number. Change-Id: Ibea2d98bc15a730bc85e84477791ca45a40f2d92 Reviewed-on: http://gerrit.openafs.org/10950 Tested-by: BuildBot Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Benjamin Kaduk --- doc/man-pages/pod1/pts_createuser.pod.in | 5 +++-- src/ptserver/ptprocs.c | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/doc/man-pages/pod1/pts_createuser.pod.in b/doc/man-pages/pod1/pts_createuser.pod.in index 05fcd6885..4bcd1827f 100644 --- a/doc/man-pages/pod1/pts_createuser.pod.in +++ b/doc/man-pages/pod1/pts_createuser.pod.in @@ -52,8 +52,9 @@ creator and the group system:administrators as its owner. =head1 CAUTIONS -The Protection Server reserves AFS UID 0 (zero) and returns an error if -the B<-id> argument has that value. +The Protection Server reserves several AFS UIDs, including 0 (zero) and +32766 (anonymous) for internal use, and returns an error if +the B<-id> argument has a reserved value. =head1 OPTIONS diff --git a/src/ptserver/ptprocs.c b/src/ptserver/ptprocs.c index abc8bc0e5..7d1d6ddb9 100644 --- a/src/ptserver/ptprocs.c +++ b/src/ptserver/ptprocs.c @@ -161,6 +161,8 @@ CreateOK(struct ubik_trans *ut, afs_int32 cid, afs_int32 oid, afs_int32 flag, return 0; } } else { /* creating a user */ + if (oid == ANONYMOUSID) + return 0; if (!admin && !pr_noAuth) return 0; } -- 2.39.5