From d0c303885f8ba6a9060af67c1df7142d43ae1399 Mon Sep 17 00:00:00 2001
From: Daniel Markstedt <daniel@mindani.net>
Date: Sat, 9 May 2026 10:53:14 +0200
Subject: [PATCH] CVE-2026-44058: uams: remove 'admin auth user' option

Reported-by: @00redbeer
Signed-off-by: Daniel Markstedt <daniel@mindani.net>
---
 doc/manpages/man5/afp.conf.5.md | 8 --------
 libatalk/util/netatalk_conf.c   | 6 ------
 2 files changed, 14 deletions(-)

diff --git a/doc/manpages/man5/afp.conf.5.md b/doc/manpages/man5/afp.conf.5.md
index d2dc546c..ddc9b356 100644
--- a/doc/manpages/man5/afp.conf.5.md
+++ b/doc/manpages/man5/afp.conf.5.md
@@ -202,14 +202,6 @@ ad domain = *domain* **(G)**
 Directory environments that otherwise would require the user to enter
 the full user@domain string.
 
-admin auth user = *user* **(G)**
-
-> Specifying e.g. "**admin auth user = root**" whenever a normal user login
-fails, afpd will try to authenticate as the specified **admin auth user**.
-If this succeeds, a normal session is created for the original
-connecting user. Said differently: if you know the password of
-**admin auth user**, you can authenticate as any other user.
-
 admin group = *group* **(G)**
 
 > Allows users of a certain group to be seen as the superuser when they
diff --git a/libatalk/util/netatalk_conf.c b/libatalk/util/netatalk_conf.c
index 84e30a07..d9c92e42 100644
--- a/libatalk/util/netatalk_conf.c
+++ b/libatalk/util/netatalk_conf.c
@@ -2621,8 +2621,6 @@ int afp_config_parse(AFPObj *AFPObj, char *processname)
                               NULL, NULL);
     options->servername     = getoption_strdup(config, INISEC_GLOBAL, "server name",
                               NULL, NULL);
-    options->adminauthuser  = getoption_strdup(config, INISEC_GLOBAL,
-                              "admin auth user", NULL, NULL);
     options->ignored_attr   = getoption_strdup(config, INISEC_GLOBAL,
                               "ignored attributes", NULL, NULL);
     options->cnid_mysql_host = getoption_strdup(config, INISEC_GLOBAL,
@@ -3047,10 +3045,6 @@ void afp_config_free(AFPObj *obj)
         CONFIG_ARG_FREE(obj->options.servername)
     }
 
-    if (obj->options.adminauthuser) {
-        CONFIG_ARG_FREE(obj->options.adminauthuser)
-    }
-
     if (obj->options.hostname) {
         CONFIG_ARG_FREE(obj->options.hostname)
     }