From owner-svn-src-all@freebsd.org Fri Sep 8 21:02:16 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DF681E0A792; Fri, 8 Sep 2017 21:02:16 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B0C346AB76; Fri, 8 Sep 2017 21:02:16 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v88L2FEB028660; Fri, 8 Sep 2017 21:02:15 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v88L2FnM028658; Fri, 8 Sep 2017 21:02:15 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201709082102.v88L2FnM028658@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 8 Sep 2017 21:02:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r323332 - in stable/10/usr.sbin/pw: . tests X-SVN-Group: stable-10 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: in stable/10/usr.sbin/pw: . tests X-SVN-Commit-Revision: 323332 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Sep 2017 21:02:17 -0000 Author: emaste Date: Fri Sep 8 21:02:15 2017 New Revision: 323332 URL: https://svnweb.freebsd.org/changeset/base/323332 Log: MFC r322678: pw useradd: Validate the user name before creating the entry Previouly it was possible to create users with spaces in the name with: pw useradd -u 1234 -g 1234 -n 'test user' The "-g 1234" is relevant, without it the name was already rejected as expected: [fk@test ~]$ sudo pw useradd -u 1234 -n 'test user' pw: invalid character ` ' at position 4 in userid/group name Bug unintentionally found with a salt config without explicit name entry: test user: user.present: - uid: 1234 - gid: 1234 - fullname: Test user - shell: /usr/local/bin/bash - home: /home/test - groups: - wheel - salt "Luckily" salt modules rarely bother with input validation either ... PR: 221416 Submitted by: Fabian Keil Approved by: re (kib) Obtained from: ElectroBSD Modified: stable/10/usr.sbin/pw/pw_user.c stable/10/usr.sbin/pw/tests/pw_useradd_test.sh Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/pw/pw_user.c ============================================================================== --- stable/10/usr.sbin/pw/pw_user.c Fri Sep 8 20:41:49 2017 (r323331) +++ stable/10/usr.sbin/pw/pw_user.c Fri Sep 8 21:02:15 2017 (r323332) @@ -1204,7 +1204,7 @@ pw_user_add(int argc, char **argv, char *arg1) if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else - name = arg1; + name = pw_checkname(arg1, 0); } while ((ch = getopt(argc, argv, args)) != -1) { @@ -1216,7 +1216,7 @@ pw_user_add(int argc, char **argv, char *arg1) quiet = true; break; case 'n': - name = optarg; + name = pw_checkname(optarg, 0); break; case 'u': userid = optarg; Modified: stable/10/usr.sbin/pw/tests/pw_useradd_test.sh ============================================================================== --- stable/10/usr.sbin/pw/tests/pw_useradd_test.sh Fri Sep 8 20:41:49 2017 (r323331) +++ stable/10/usr.sbin/pw/tests/pw_useradd_test.sh Fri Sep 8 21:02:15 2017 (r323332) @@ -176,6 +176,43 @@ user_add_name_too_long_body() { ${PW} useradd name_very_vert_very_very_very_long } +atf_test_case user_add_name_with_spaces +user_add_name_with_spaces_body() { + populate_etc_skel + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd 'test user' + atf_check -s exit:1 -o empty grep "^test user:.*" $HOME/master.passwd + # Try again with -n which uses a slightly different code path. + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd -n 'test user' + atf_check -s exit:1 -o empty grep "^test user:.*" $HOME/master.passwd +} + +atf_test_case user_add_name_with_spaces_and_gid_specified +user_add_name_with_spaces_and_gid_specified_body() { + populate_etc_skel + gid=12345 + user_name="test user" + # pw useradd should fail because of the space in the user + # name, not because the group doesn't exist. + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd "${user_name}" -g ${gid} + atf_check -s exit:1 -o empty grep "^${user_name}:.*" $HOME/master.passwd + # Try again with -n which uses a slightly different code path. + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd -n "${user_name}" -g ${gid} + atf_check -s exit:1 -o empty grep "^${user_name}:.*" $HOME/master.passwd + # Make sure the user isn't added even if the group exists + atf_check -s exit:0 ${PW} groupadd blafasel -g ${gid} + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd "${user_name}" -g ${gid} + atf_check -s exit:1 -o empty grep "^${user_name}:.*" $HOME/master.passwd + # Try again with the -n option. + atf_check -s exit:65 -e match:"invalid character" \ + ${PW} useradd -n "${user_name}" -g ${gid} + atf_check -s exit:1 -o empty grep "^${user_name}:.*" $HOME/master.passwd +} + atf_test_case user_add_expiration user_add_expiration_body() { populate_etc_skel @@ -415,6 +452,8 @@ atf_init_test_cases() { atf_add_test_case user_add_password_expiration_date_month atf_add_test_case user_add_password_expiration_date_relative atf_add_test_case user_add_name_too_long + atf_add_test_case user_add_name_with_spaces + atf_add_test_case user_add_name_with_spaces_and_gid_specified atf_add_test_case user_add_expiration atf_add_test_case user_add_invalid_user_entry atf_add_test_case user_add_invalid_group_entry