From owner-freebsd-bugs Wed Nov 22 7:25:46 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from spammie.svbug.com (mg134-015.ricochet.net [204.179.134.15]) by hub.freebsd.org (Postfix) with ESMTP id 1AE7237B4C5 for ; Wed, 22 Nov 2000 07:25:33 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id HAA00667; Wed, 22 Nov 2000 07:24:42 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200011221524.HAA00667@spammie.svbug.com> Date: Wed, 22 Nov 2000 07:24:41 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames To: Gerhard.Sittig@gmx.net Cc: bugs@FreeBSD.ORG In-Reply-To: <20001114220122.N27042@speedy.gsinet> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org With regards to this bug report I would like to state an opinion. IMO, this patch should be reject for inclusion in FreeBSD and should be place on a 'freely available shelf'. IMO, FreeBSD is NOT here to support M$, or their attempts to obfuscate UNIX. IMO, given that, FreeBSD should not abandon those that need an exit strategy from M$ systems. IMO, placing this patch within the reach of responsible system adminstrators will provide a reasonable balance. This has been my opinion. On 14 Nov, Gerhard Sittig wrote: > >>Number: 22860 >>Category: bin >>Synopsis: [PATCH] adduser & friends with '$' in usernames >>Confidential: no >>Severity: non-critical >>Priority: low >>Responsible: freebsd-bugs >>State: open >>Quarter: >>Keywords: >>Date-Required: >>Class: change-request >>Submitter-Id: current-users >>Arrival-Date: Tue Nov 14 22:00:01 PST 2000 >>Closed-Date: >>Last-Modified: >>Originator: Gerhard Sittig >>Release: FreeBSD 4.1-STABLE i386 >>Organization: > in private >>Environment: > > adduser(8), rmuser(8), pw(8) administrative commands > and usernames with non-alphanumeric characters in them > >>Description: > > When dealing with NTdom functionality (in heterogenous networks > with NT machines in your LAN) the need arises to put dollar signs > into usernames. > > Although they can be handled well when brought into the user > database manually, the "admin's frontend" tools mentioned above > deny to accept these names, since they don't fit a given pattern > the names are checked against. > >>How-To-Repeat: > > Just try to add or manipulate an account named "machine$" with > the given tools. They will be claimed "invalid". > > # adduser (opens an interactive session, > specify "machine$" as the username) > # rmuser machine\$ > # pw useradd machine\$ -g machines -h - > >>Fix: > > The following patch extends the adduser(8) and rmuser(8) scripts > to accept dollar signs at the username's end. It is drawn from > the command sequence > > cd /usr/src/usr.sbin/adduser > cvs diff > > Index: adduser.perl > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v > retrieving revision 1.44 > diff -u -r1.44 adduser.perl > --- adduser.perl 1999/08/28 01:15:11 1.44 > +++ adduser.perl 2000/11/13 08:51:00 > @@ -304,7 +304,7 @@ > local($name); > > while(1) { > - $name = &confirm_list("Enter username", 1, "a-z0-9_-", ""); > + $name = &confirm_list("Enter username", 1, "a-z0-9_-\$", ""); > if (length($name) > 16) { > warn "Username is longer than 16 chars\a\n"; > next; > @@ -317,9 +317,9 @@ > sub new_users_name_valid { > local($name) = @_; > > - if ($name !~ /^[a-z0-9_][a-z0-9_\-]*$/ || $name eq "a-z0-9_-") { > + if ($name !~ /^[a-z0-9_][a-z0-9_\-]*\$?$/ || $name eq "a-z0-9_-\$") { > warn "Wrong username. " . > - "Please use only lowercase characters or digits\a\n"; > + "Please use only lowercase characters or digits and maybe a dollar sign at the end\a\n"; > return 0; > } elsif ($username{$name}) { > warn "Username ``$name'' already exists!\a\n"; return 0; > Index: rmuser.perl > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/adduser/rmuser.perl,v > retrieving revision 1.8.2.1 > diff -u -r1.8.2.1 rmuser.perl > --- rmuser.perl 2000/03/20 13:00:36 1.8.2.1 > +++ rmuser.perl 2000/11/13 08:50:01 > @@ -107,8 +107,8 @@ > if ($#ARGV == 0) { > # Username was given as a parameter > $login_name = pop(@ARGV); > - die "Sorry, login name must contain alphanumeric characters only.\n" > - if ($login_name !~ /^[a-zA-Z0-9_]\w*$/); > + die "Sorry, login name must contain alphanumeric characters only and may end with a dollar sign.\n" > + if ($login_name !~ /^[a-zA-Z0-9_]\w*\$?$/); > } else { > if ($affirm) { > print STDERR "${whoami}: Error: -y option given without username!\n"; > @@ -276,8 +276,8 @@ > print "Enter login name for user to remove: "; > $login_name = <>; > chop $login_name; > - if (!($login_name =~ /^[a-z0-9_][a-z0-9_\-]*$/)) { > - print STDERR "Sorry, login name must contain alphanumeric characters only.\n"; > + if (!($login_name =~ /^[a-z0-9_][a-z0-9_\-]*\$?$/)) { > + print STDERR "Sorry, login name must contain alphanumeric characters only and may end with a dollar sign.\n"; > } elsif (length($login_name) > 16 || length($login_name) == 0) { > print STDERR "Sorry, login name must be 16 characters or less.\n"; > } else { > > The following patch extends the pw(8) command to accept dollar > signs at the username's end. It is drawn from the command > sequence > > cd /usr/src/usr.sbin/pw > cvs diff > > and has the "side effect" of making the pw_checkname() routine > easier to maintain when user names, group names, login classes > and gecos fields should differ in their handling in future. > > Index: pw.h > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pw/pw.h,v > retrieving revision 1.10.2.1 > diff -u -r1.10.2.1 pw.h > --- pw.h 2000/06/28 19:19:04 1.10.2.1 > +++ pw.h 2000/11/13 08:36:09 > @@ -62,6 +62,15 @@ > W_NUM > }; > > +enum _gecos > +{ /* pw_checkname() classes (plausi test) */ > + GEC_PWNAME, /* user name field */ > + GEC_GROUP, /* user group field */ > + GEC_CLASS, /* default login class */ > + GEC_COMMENT, /* gecos comment field */ > + GEC_MAXDIM /* allowed patterns table dimensioning */ > +}; > + > struct carg > { > int ch; > @@ -105,7 +114,7 @@ > > int pw_user(struct userconf * cnf, int mode, struct cargs * _args); > int pw_group(struct userconf * cnf, int mode, struct cargs * _args); > -char *pw_checkname(u_char *name, int gecos); > +char *pw_checkname(u_char *name, enum _gecos gecos); > > int addpwent(struct passwd * pwd); > int delpwent(struct passwd * pwd); > Index: pw_group.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pw/pw_group.c,v > retrieving revision 1.12.2.1 > diff -u -r1.12.2.1 pw_group.c > --- pw_group.c 2000/06/28 19:19:04 1.12.2.1 > +++ pw_group.c 2000/11/13 08:36:58 > @@ -135,7 +135,7 @@ > grp->gr_gid = (gid_t) atoi(a_gid->val); > > if ((arg = getarg(args, 'l')) != NULL) > - grp->gr_name = pw_checkname((u_char *)arg->val, 0); > + grp->gr_name = pw_checkname((u_char *)arg->val, GEC_GROUP); > } else { > if (a_name == NULL) /* Required */ > errx(EX_DATAERR, "group name required"); > @@ -145,7 +145,7 @@ > extendarray(&members, &grmembers, 200); > members[0] = NULL; > grp = &fakegroup; > - grp->gr_name = pw_checkname((u_char *)a_name->val, 0); > + grp->gr_name = pw_checkname((u_char *)a_name->val, GEC_GROUP); > grp->gr_passwd = "*"; > grp->gr_gid = gr_gidpolicy(cnf, args); > grp->gr_mem = members; > Index: pw_user.c > =================================================================== > RCS file: /home/ncvs/src/usr.sbin/pw/pw_user.c,v > retrieving revision 1.34.2.7 > diff -u -r1.34.2.7 pw_user.c > --- pw_user.c 2000/09/20 11:19:55 1.34.2.7 > +++ pw_user.c 2000/11/13 09:16:54 > @@ -231,7 +231,7 @@ > } > } > if ((arg = getarg(args, 'L')) != NULL) > - cnf->default_class = pw_checkname((u_char *)arg->val, 0); > + cnf->default_class = pw_checkname((u_char *)arg->val, GEC_CLASS); > > if ((arg = getarg(args, 'G')) != NULL && arg->val) { > int i = 0; > @@ -293,7 +293,7 @@ > } > > if ((a_name = getarg(args, 'n')) != NULL) > - pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0)); > + pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, GEC_PWNAME)); > a_uid = getarg(args, 'u'); > > if (a_uid == NULL) { > @@ -455,7 +455,7 @@ > if ((arg = getarg(args, 'l')) != NULL) { > if (strcmp(pwd->pw_name, "root") == 0) > errx(EX_DATAERR, "can't rename `root' account"); > - pwd->pw_name = pw_checkname((u_char *)arg->val, 0); > + pwd->pw_name = pw_checkname((u_char *)arg->val, GEC_PWNAME); > edited = 1; > } > > @@ -595,7 +595,7 @@ > * Shared add/edit code > */ > if ((arg = getarg(args, 'c')) != NULL) { > - char *gecos = pw_checkname((u_char *)arg->val, 1); > + char *gecos = pw_checkname((u_char *)arg->val, GEC_COMMENT); > if (strcmp(pwd->pw_gecos, gecos) != 0) { > pwd->pw_gecos = gecos; > edited = 1; > @@ -1208,22 +1208,29 @@ > } > > char * > -pw_checkname(u_char *name, int gecos) > +pw_checkname(u_char *name, enum _gecos gecos) > { > int l = 0; > - char const *notch = gecos ? ":!@" : " ,\t:+&#%$^()!@~*?<>=|\\/\""; > + static const char *notchtab[GEC_MAXDIM] = { > + " ,\t:+&#%^()!@~*?<>=|\\/\"" , /* GEC_PWNAME */ > + " ,\t:+&#%$^()!@~*?<>=|\\/\"", /* GEC_GROUP */ > + " ,\t:+&#%$^()!@~*?<>=|\\/\"", /* GEC_CLASS */ > + ":!@" , /* GEC_COMMENT */ > + }; > + char const *notch = notchtab[gecos]; > > while (name[l]) { > if (strchr(notch, name[l]) != NULL || name[l] < ' ' || name[l] == 127 || > - (!gecos && l==0 && name[l] == '-') || /* leading '-' */ > - (!gecos && name[l] & 0x80)) /* 8-bit */ > + (gecos != GEC_COMMENT && l==0 && name[l] == '-') || /* leading '-' */ > + (gecos != GEC_COMMENT && name[l] == '$' && name[l+1]) || /* not a trailing '$' */ > + (gecos != GEC_COMMENT && name[l] & 0x80)) /* 8-bit */ > errx(EX_DATAERR, (name[l] >= ' ' && name[l] < 127) > ? "invalid character `%c' in field" > : "invalid character 0x%02x in field", > name[l]); > ++l; > } > - if (!gecos && l > LOGNAMESIZE) > + if (gecos != GEC_COMMENT && l > LOGNAMESIZE) > errx(EX_DATAERR, "name too long `%s'", name); > return (char *)name; > } > > Feel free to change the wording of printouts and to rearrange the > last check (LOGNAMESIZE length for anything that's not a gecos > field -- does it actually apply only to user names and group > names or maybe login classes, too? I'm not sure of this. As > well as I never tried dollar signs in anything that's not a user > name). > > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message