shadow: use relaxed usernames
The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from Fedora [1] to relax the usernames restrictions to allow the upper case group names, and the relaxation is POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. [1] https://src.fedoraproject.org/rpms/shadow-utils/blob/rawhide/f/shadow-4.8-goodname.patch Signed-off-by: Alexander Kanavin <alex@linutronix.de>
This commit is contained in:
parent
9e1c0ffef4
commit
cfc981df2a
@ -32,26 +32,44 @@ static bool is_valid_name (const char *name)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
* User/group names must match gnu e-regex:
|
||||||
*/
|
* [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
|
||||||
|
*
|
||||||
|
* as a non-POSIX, extension, allow "$" as the last char for
|
||||||
|
* sake of Samba 3.x "add machine script"
|
||||||
|
*
|
||||||
|
* Also do not allow fully numeric names or just "." or "..".
|
||||||
|
*/
|
||||||
|
int numeric;
|
||||||
|
|
||||||
if (('\0' == *name) ||
|
if ('\0' == *name ||
|
||||||
!((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
|
||||||
|
'\0' == name[1])) ||
|
||||||
|
!((*name >= 'a' && *name <= 'z') ||
|
||||||
|
(*name >= 'A' && *name <= 'Z') ||
|
||||||
|
(*name >= '0' && *name <= '9') ||
|
||||||
|
*name == '_' ||
|
||||||
|
*name == '.')) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
numeric = isdigit(*name);
|
||||||
|
|
||||||
while ('\0' != *++name) {
|
while ('\0' != *++name) {
|
||||||
if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
if (!((*name >= 'a' && *name <= 'z') ||
|
||||||
( ('0' <= *name) && ('9' >= *name) ) ||
|
(*name >= 'A' && *name <= 'Z') ||
|
||||||
('_' == *name) ||
|
(*name >= '0' && *name <= '9') ||
|
||||||
('-' == *name) ||
|
*name == '_' ||
|
||||||
( ('$' == *name) && ('\0' == *(name + 1)) )
|
*name == '.' ||
|
||||||
|
*name == '-' ||
|
||||||
|
(*name == '$' && name[1] == '\0')
|
||||||
)) {
|
)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
numeric &= isdigit(*name);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return !numeric;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool is_valid_user_name (const char *name)
|
bool is_valid_user_name (const char *name)
|
||||||
|
@ -64,10 +64,12 @@
|
|||||||
files as needed.
|
files as needed.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Groupnames must start with a lower case letter or an underscore,
|
Groupnames may contain only lower and upper case letters, digits,
|
||||||
followed by lower case letters, digits, underscores, or dashes.
|
underscores, or dashes. They can end with a dollar sign.
|
||||||
They can end with a dollar sign.
|
|
||||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
Dashes are not allowed at the beginning of the groupname.
|
||||||
|
Fully numeric groupnames and groupnames . or .. are
|
||||||
|
also disallowed.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||||
|
@ -692,10 +692,14 @@
|
|||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Usernames must start with a lower case letter or an underscore,
|
Usernames may contain only lower and upper case letters, digits,
|
||||||
followed by lower case letters, digits, underscores, or dashes.
|
underscores, or dashes. They can end with a dollar sign.
|
||||||
They can end with a dollar sign.
|
|
||||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
Dashes are not allowed at the beginning of the username.
|
||||||
|
Fully numeric usernames and usernames . or .. are
|
||||||
|
also disallowed. It is not recommended to use usernames beginning
|
||||||
|
with . character as their home directories will be hidden in
|
||||||
|
the <command>ls</command> output.
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Usernames may only be up to 32 characters long.
|
Usernames may only be up to 32 characters long.
|
||||||
|
Loading…
Reference in New Issue
Block a user