Files
shadow/debian/patches/506_relaxed_usernames
T
2008-09-14 14:10:48 +00:00

107 lines
4.0 KiB
Plaintext
Executable File

Goal: Relaxed usernames/groupnames checking patch.
Status wrt upstream: Debian specific. Not to be used upstream
The documentation of the username length restriction
was added upstream
Details:
Allows any non-empty user/grounames that don't contain ':' and '\n'
characters and don't start with '-'. This patch is more restrictive
than original Karl's version. closes: #264879
Also closes: #377844
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
I can't come up with a good justification as to why characters other
than ':'s and '\0's should be disallowed in group and usernames (other
than '-' as the leading character). Thus, the maintenance tools don't
anymore. closes: #79682, #166798, #171179
Index: shadow-4.1.0/libmisc/chkname.c
===================================================================
--- shadow-4.1.0.orig/libmisc/chkname.c
+++ shadow-4.1.0/libmisc/chkname.c
@@ -17,6 +17,7 @@
#endif
static int good_name (const char *name)
{
+#if 0
/*
* User/group names must match [a-z_][a-z0-9_-]*[$]
*/
@@ -30,6 +31,20 @@
(*name == '$' && *(name + 1) == '\0')))
return 0;
}
+#endif
+ /*
+ * POSIX indicate that usernames are composed of characters from the
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
+ * should not be used as the first character of a portable user name.
+ *
+ * Allow more relaxed user/group names in Debian -- ^[^-:\s][^:\s]*$
+ */
+ if (!*name || isspace(*name))
+ return 0;
+ do
+ if (*name == ':' || isspace(*name))
+ return 0;
+ while (*++name);
return 1;
}
Index: shadow-4.1.0/man/useradd.8.xml
===================================================================
--- shadow-4.1.0.orig/man/useradd.8.xml
+++ shadow-4.1.0/man/useradd.8.xml
@@ -195,6 +195,7 @@
default is to not create the directory and to not copy any
files.
</para>
+ <para>This option may not function correctly if the username has a / in it.</para>
</listitem>
</varlistentry>
<varlistentry>
@@ -372,9 +373,15 @@
</para>
<para>
- Usernames must begin with a lower case letter or an underscore, and
- only lower case letters, underscores, dashes, and dollar signs may
- follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ It is usually recommended to only use usernames that begin with
+ a lower case letter or an underscore, and are only followed by lower
+ case letters, digits, underscores, dashes, and optionally terminated by
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
</para>
</refsect1>
Index: shadow-4.1.1/man/groupadd.8.xml
===================================================================
--- shadow-4.1.1.orig/man/groupadd.8.xml 2008-08-15 09:07:37.033120372 -0300
+++ shadow-4.1.1/man/groupadd.8.xml 2008-08-15 09:10:24.961112507 -0300
@@ -170,9 +170,15 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
- Groupnames must begin with a lower case letter or an underscore,
- and only lower case letters, underscores, dashes, and dollar signs
- may follow. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ It is usually recommended to only use usernames that begin with
+ a lower case letter or an underscore, and are only followed by lower
+ case letters, digits, underscores, dashes, and optionally terminated by
+ a dollar sign. In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
+ On Debian, the only constraints are that usernames must neither start
+ with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
+ end of line: '\n', tabulation: '\t', etc.).
</para>
<para>
Groupnames may only be up to 16 characters long.