From c39a59c0be8057e0b3f37999f753e49601ba81d4 Mon Sep 17 00:00:00 2001
From: Anthony Romano <anthony.romano@coreos.com>
Date: Mon, 9 Jan 2017 15:27:09 -0800
Subject: [PATCH] auth: reject empty user name when checking op permissions

Passing AuthInfo{} to permission checking was causing an infinite loop
because it would always return an old revision error.

Fixes #7124
---
 auth/store.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/auth/store.go b/auth/store.go
index 20a1c6834..d6f820dd2 100644
--- a/auth/store.go
+++ b/auth/store.go
@@ -706,6 +706,11 @@ func (as *authStore) isOpPermitted(userName string, revision uint64, key, rangeE
 		return nil
 	}
 
+	// only gets rev == 0 when passed AuthInfo{}; no user given
+	if revision == 0 {
+		return ErrUserEmpty
+	}
+
 	if revision < as.revision {
 		return ErrAuthOldRevision
 	}