Date: Wed, 16 Jan 2002 16:40:03 -0800 (PST) From: Yar Tikhiy <yar@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Message-ID: <200201170040.g0H0e3c71093@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/22860; it has been noted by GNATS.
From: Yar Tikhiy <yar@freebsd.org>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: bug-followup@freebsd.org
Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames
Date: Thu, 17 Jan 2002 03:34:58 +0300
On Wed, Jan 16, 2002 at 05:08:23PM +0200, Sheldon Hearn wrote:
>
> On Fri, 04 Jan 2002 15:10:01 PST, Yar Tikhiy wrote:
>
> > As an alternative to the "allow anything the admin wants" solution,
> > I would propose to make the regular expression usernames are checked
> > against configurable and saved in /etc/adduser.conf.
>
> I like this idea.
Ok, I've implemented that instead of the -force option.
Would you mind trying the attached adduser.perl patch (it's against
-current) and telling about your impression?
--
Yar
Index: adduser.perl
===================================================================
RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v
retrieving revision 1.53
diff -u -r1.53 adduser.perl
--- adduser.perl 4 Jan 2002 21:28:32 -0000 1.53
+++ adduser.perl 17 Jan 2002 00:29:43 -0000
@@ -30,7 +30,8 @@
# read variables
sub variables {
$verbose = 1; # verbose = [0-2]
- $force = 0; # relax username validity check if true
+ $usernameregexp = "^[a-z0-9_][a-z0-9_-]*\$"; # configurable
+ $defaultusernameregexp = $usernameregexp; # remains constant
$defaultusepassword = "yes"; # use password authentication for new users
$defaultenableaccount = "yes"; # enable the account by default
$defaultemptypassword = "no"; # don't create an empty password
@@ -315,7 +316,7 @@
local($name);
while(1) {
- $name = &confirm_list("Enter username", 1, "a-z0-9_-", "");
+ $name = &confirm_list("Enter username", 1, $usernameregexp, "");
if (length($name) > 16) {
warn "Username is longer than 16 chars\a\n";
next;
@@ -328,29 +329,20 @@
sub new_users_name_valid {
local($name) = @_;
- if ($force) {
- if ($name eq "a-z0-9_-") {
- warn "Please enter a username.\a\n";
- return 0;
- }
- if ($name =~ /[:\n]/) {
- warn "Illegal username, which would break your passwd file.\a\n";
- return 0;
+ if ($name eq $usernameregexp) {
+ warn "Please enter a username\a\n";
+ return 0;
+ } elsif ($name !~ /$usernameregexp/) {
+ if ($usernameregexp eq $defaultusernameregexp) {
+ warn "Illegal username.\n" .
+ "Please use only lowercase Roman, decimal, underscore, " .
+ "or hyphen characters.\n" .
+ "Additionally, a username should not start with a hyphen.\a\n";
+ } else {
+ warn "Username doesn't match the regexp /$usernameregexp/\a\n";
}
- if ($name !~ /^[a-z0-9_][a-z0-9_\-]*$/) {
- warn "Caution: Username contains illegal characters.\n" .
- "Adding this user may cause utilities " .
- "or applications to malfunction,\n" .
- "or even impose a security risk on your system.\a\n";
- }
- } elsif ($name !~ /^[a-z0-9_][a-z0-9_\-]*$/ || $name eq "a-z0-9_-") {
- warn "Illegal username.\n" .
- "Please use only lowercase Roman, decimal, underscore, " .
- "or hyphen characters.\n" .
- "Additionally, a username should not start with a hyphen.\a\n";
return 0;
- }
- if ($username{$name}) {
+ } elsif ($username{$name}) {
warn "Username ``$name'' already exists!\a\n"; return 0;
}
return 1;
@@ -878,7 +870,6 @@
[-class login_class]
[-config_create]
[-dotdir dotdir]
- [-f|-force]
[-group login_group]
[-h|-help]
[-home home]
@@ -952,7 +943,6 @@
if (/^--?(v|verbose)$/) { $verbose = 1 }
elsif (/^--?(s|silent|q|quiet)$/) { $verbose = 0 }
elsif (/^--?(debug)$/) { $verbose = 2 }
- elsif (/^--?(f|force)$/) { $force = 1 }
elsif (/^--?(h|help|\?)$/) { &usage }
elsif (/^--?(home)$/) { $home = $argv[0]; shift @argv }
elsif (/^--?(shell)$/) { $defaultshell = $argv[0]; shift @argv }
@@ -1223,6 +1213,21 @@
return 0;
}
+# allow configuring usernameregexp
+sub usernameregexp_default {
+ local($r) = $usernameregexp;
+
+ while ($verbose) {
+ $r = &confirm_list("Usernames must match regular expression:", 1,
+ $r, "");
+ eval "'foo' =~ /$r/";
+ last unless $@;
+ warn "Invalid regular expression\a\n";
+ }
+ $changes++ if $r ne $usernameregexp;
+ return $r;
+}
+
# test if $dotdir exist
# return "no" if $dotdir not exist or dotfiles should not copied
sub dotdir_default {
@@ -1438,6 +1443,10 @@
# verbose = [0-2]
verbose = $verbose
+# regular expression usernames are checked against (see perlre(1))
+# usernameregexp = 'regexp'
+usernameregexp = '$usernameregexp'
+
# use password-based authentication for new users
# defaultusepassword = "yes" | "no"
defaultusepassword = "$defaultusepassword"
@@ -1522,6 +1531,7 @@
# interactive
# some questions
+$usernameregexp = &usernameregexp_default; # regexp to check usernames against
&shells_add; # maybe add some new shells
$defaultshell = &shell_default; # enter default shell
$home = &home_partition($home); # find HOME partition
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201170040.g0H0e3c71093>