|
|
bd1529 |
From 1e4ec1b29d15684a305bbc9ab54c6c8321504e7b Mon Sep 17 00:00:00 2001
|
|
|
bd1529 |
From: David Tardon <dtardon@redhat.com>
|
|
|
bd1529 |
Date: Tue, 27 Oct 2020 10:31:05 +0100
|
|
|
bd1529 |
Subject: [PATCH] shared/user-util: add compat forms of user name checking
|
|
|
bd1529 |
functions
|
|
|
bd1529 |
|
|
|
bd1529 |
New functions are called valid_user_group_name_compat() and
|
|
|
bd1529 |
valid_user_group_name_or_id_compat() and accept dots in the user
|
|
|
bd1529 |
or group name. No functional change except the tests.
|
|
|
bd1529 |
|
|
|
bd1529 |
(cherry picked from commit 1a29610f5fa1bcb2eeb37d2c6b79d8d1a6dbb865)
|
|
|
bd1529 |
|
|
|
bd1529 |
This completes previous partial cherry-pick of the same commit (commit
|
|
|
bd1529 |
76176de0889c3e8b9b3a176da24e4f8dbbd380a3).
|
|
|
bd1529 |
|
|
|
bd1529 |
Related: #1848373
|
|
|
bd1529 |
---
|
|
|
bd1529 |
src/basic/user-util.c | 32 +++++++-------
|
|
|
bd1529 |
src/basic/user-util.h | 16 ++++++-
|
|
|
bd1529 |
src/test/test-user-util.c | 91 +++++++++++++++++++++++++++++++++++++--
|
|
|
bd1529 |
3 files changed, 117 insertions(+), 22 deletions(-)
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/basic/user-util.c b/src/basic/user-util.c
|
|
|
bd1529 |
index 40f4e45db6..03cbbc2503 100644
|
|
|
bd1529 |
--- a/src/basic/user-util.c
|
|
|
bd1529 |
+++ b/src/basic/user-util.c
|
|
|
bd1529 |
@@ -576,7 +576,7 @@ int take_etc_passwd_lock(const char *root) {
|
|
|
bd1529 |
return fd;
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
-bool valid_user_group_name(const char *u) {
|
|
|
bd1529 |
+bool valid_user_group_name_full(const char *u, bool strict) {
|
|
|
bd1529 |
const char *i;
|
|
|
bd1529 |
long sz;
|
|
|
bd1529 |
|
|
|
bd1529 |
@@ -585,12 +585,12 @@ bool valid_user_group_name(const char *u) {
|
|
|
bd1529 |
*
|
|
|
bd1529 |
* - We require that names fit into the appropriate utmp field
|
|
|
bd1529 |
* - We don't allow empty user names
|
|
|
bd1529 |
+ * - No dots or digits in the first character
|
|
|
bd1529 |
*
|
|
|
bd1529 |
- * Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
|
|
|
bd1529 |
+ * If strict==true, additionally:
|
|
|
bd1529 |
+ * - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
|
|
|
bd1529 |
*
|
|
|
bd1529 |
- * jsynacek: We now allow dots in user names. The checks are not exhaustive as user names like "..." are allowed
|
|
|
bd1529 |
- * and valid according to POSIX, but can't be created using useradd. However, ".user" can be created. Let's not
|
|
|
bd1529 |
- * complicate the code by adding additional checks for weird corner cases like these, as they don't really matter here.
|
|
|
bd1529 |
+ * Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
|
|
|
bd1529 |
*/
|
|
|
bd1529 |
|
|
|
bd1529 |
if (isempty(u))
|
|
|
bd1529 |
@@ -598,16 +598,16 @@ bool valid_user_group_name(const char *u) {
|
|
|
bd1529 |
|
|
|
bd1529 |
if (!(u[0] >= 'a' && u[0] <= 'z') &&
|
|
|
bd1529 |
!(u[0] >= 'A' && u[0] <= 'Z') &&
|
|
|
bd1529 |
- u[0] != '_' && u[0] != '.')
|
|
|
bd1529 |
+ u[0] != '_')
|
|
|
bd1529 |
return false;
|
|
|
bd1529 |
|
|
|
bd1529 |
- for (i = u+1; *i; i++) {
|
|
|
bd1529 |
- if (!(*i >= 'a' && *i <= 'z') &&
|
|
|
bd1529 |
- !(*i >= 'A' && *i <= 'Z') &&
|
|
|
bd1529 |
- !(*i >= '0' && *i <= '9') &&
|
|
|
bd1529 |
- !IN_SET(*i, '_', '-', '.'))
|
|
|
bd1529 |
+ for (i = u+1; *i; i++)
|
|
|
bd1529 |
+ if (!((*i >= 'a' && *i <= 'z') ||
|
|
|
bd1529 |
+ (*i >= 'A' && *i <= 'Z') ||
|
|
|
bd1529 |
+ (*i >= '0' && *i <= '9') ||
|
|
|
bd1529 |
+ IN_SET(*i, '_', '-') ||
|
|
|
bd1529 |
+ (!strict && *i == '.')))
|
|
|
bd1529 |
return false;
|
|
|
bd1529 |
- }
|
|
|
bd1529 |
|
|
|
bd1529 |
sz = sysconf(_SC_LOGIN_NAME_MAX);
|
|
|
bd1529 |
assert_se(sz > 0);
|
|
|
bd1529 |
@@ -621,15 +621,15 @@ bool valid_user_group_name(const char *u) {
|
|
|
bd1529 |
return true;
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
-bool valid_user_group_name_or_id(const char *u) {
|
|
|
bd1529 |
+bool valid_user_group_name_or_id_full(const char *u, bool strict) {
|
|
|
bd1529 |
|
|
|
bd1529 |
- /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the right
|
|
|
bd1529 |
- * range, and not the invalid user ids. */
|
|
|
bd1529 |
+ /* Similar as above, but is also fine with numeric UID/GID specifications, as long as they are in the
|
|
|
bd1529 |
+ * right range, and not the invalid user ids. */
|
|
|
bd1529 |
|
|
|
bd1529 |
if (isempty(u))
|
|
|
bd1529 |
return false;
|
|
|
bd1529 |
|
|
|
bd1529 |
- if (valid_user_group_name(u))
|
|
|
bd1529 |
+ if (valid_user_group_name_full(u, strict))
|
|
|
bd1529 |
return true;
|
|
|
bd1529 |
|
|
|
bd1529 |
return parse_uid(u, NULL) >= 0;
|
|
|
bd1529 |
diff --git a/src/basic/user-util.h b/src/basic/user-util.h
|
|
|
bd1529 |
index b74f168859..5ad0b2a2f9 100644
|
|
|
bd1529 |
--- a/src/basic/user-util.h
|
|
|
bd1529 |
+++ b/src/basic/user-util.h
|
|
|
bd1529 |
@@ -78,8 +78,20 @@ static inline bool userns_supported(void) {
|
|
|
bd1529 |
return access("/proc/self/uid_map", F_OK) >= 0;
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
-bool valid_user_group_name(const char *u);
|
|
|
bd1529 |
-bool valid_user_group_name_or_id(const char *u);
|
|
|
bd1529 |
+bool valid_user_group_name_full(const char *u, bool strict);
|
|
|
bd1529 |
+bool valid_user_group_name_or_id_full(const char *u, bool strict);
|
|
|
bd1529 |
+static inline bool valid_user_group_name(const char *u) {
|
|
|
bd1529 |
+ return valid_user_group_name_full(u, true);
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
+static inline bool valid_user_group_name_or_id(const char *u) {
|
|
|
bd1529 |
+ return valid_user_group_name_or_id_full(u, true);
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
+static inline bool valid_user_group_name_compat(const char *u) {
|
|
|
bd1529 |
+ return valid_user_group_name_full(u, false);
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
+static inline bool valid_user_group_name_or_id_compat(const char *u) {
|
|
|
bd1529 |
+ return valid_user_group_name_or_id_full(u, false);
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
bool valid_gecos(const char *d);
|
|
|
bd1529 |
bool valid_home(const char *p);
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c
|
|
|
bd1529 |
index 04e86f5ac3..3a4211655d 100644
|
|
|
bd1529 |
--- a/src/test/test-user-util.c
|
|
|
bd1529 |
+++ b/src/test/test-user-util.c
|
|
|
bd1529 |
@@ -131,6 +131,43 @@ static void test_uid_ptr(void) {
|
|
|
bd1529 |
assert_se(PTR_TO_UID(UID_TO_PTR(1000)) == 1000);
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
+static void test_valid_user_group_name_compat(void) {
|
|
|
bd1529 |
+ log_info("/* %s */", __func__);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(NULL));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(""));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("65535"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("-1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("-kkk"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".eff"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("foo\nbar"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("0123456789012345678901234567890123456789"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".65535"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".-1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".-kkk"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat(".rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat(".aaa:bbb"));
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("root"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("lennart"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("LENNART"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("_kkk"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("kkk-"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("kk-k"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("eff.eff"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("eff."));
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("some5"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_compat("5some"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("INNER5NUMBER"));
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
+
|
|
|
bd1529 |
static void test_valid_user_group_name(void) {
|
|
|
bd1529 |
log_info("/* %s */", __func__);
|
|
|
bd1529 |
|
|
|
bd1529 |
@@ -141,9 +178,18 @@ static void test_valid_user_group_name(void) {
|
|
|
bd1529 |
assert_se(!valid_user_group_name("-1"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name("-kkk"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name("rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".eff"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name("foo\nbar"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name("0123456789012345678901234567890123456789"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("aaa:bbb"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".65535"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".-1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".-kkk"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name(".rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id(".aaa:bbb"));
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_se(valid_user_group_name("root"));
|
|
|
bd1529 |
assert_se(valid_user_group_name("lennart"));
|
|
|
bd1529 |
@@ -151,14 +197,47 @@ static void test_valid_user_group_name(void) {
|
|
|
bd1529 |
assert_se(valid_user_group_name("_kkk"));
|
|
|
bd1529 |
assert_se(valid_user_group_name("kkk-"));
|
|
|
bd1529 |
assert_se(valid_user_group_name("kk-k"));
|
|
|
bd1529 |
- assert_se(valid_user_group_name(".moo"));
|
|
|
bd1529 |
- assert_se(valid_user_group_name("eff.eff"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name("eff.eff"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name("eff."));
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_se(valid_user_group_name("some5"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name("5some"));
|
|
|
bd1529 |
assert_se(valid_user_group_name("INNER5NUMBER"));
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
+static void test_valid_user_group_name_or_id_compat(void) {
|
|
|
bd1529 |
+ log_info("/* %s */", __func__);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat(NULL));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat(""));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("0"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("1"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("65534"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("65535"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("65536"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("-1"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("-kkk"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat(".eff"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("eff.eff"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("eff."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("foo\nbar"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("0123456789012345678901234567890123456789"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("aaa:bbb"));
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("root"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("lennart"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("LENNART"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("_kkk"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("kkk-"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("kk-k"));
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("some5"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id_compat("5some"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("INNER5NUMBER"));
|
|
|
bd1529 |
+}
|
|
|
bd1529 |
+
|
|
|
bd1529 |
static void test_valid_user_group_name_or_id(void) {
|
|
|
bd1529 |
log_info("/* %s */", __func__);
|
|
|
bd1529 |
|
|
|
bd1529 |
@@ -172,6 +251,10 @@ static void test_valid_user_group_name_or_id(void) {
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("-1"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("-kkk"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("rööt"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id("."));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id(".eff"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id("eff.eff"));
|
|
|
bd1529 |
+ assert_se(!valid_user_group_name_or_id("eff."));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("foo\nbar"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("0123456789012345678901234567890123456789"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("aaa:bbb"));
|
|
|
bd1529 |
@@ -182,8 +265,6 @@ static void test_valid_user_group_name_or_id(void) {
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id("_kkk"));
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id("kkk-"));
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id("kk-k"));
|
|
|
bd1529 |
- assert_se(valid_user_group_name_or_id(".moo"));
|
|
|
bd1529 |
- assert_se(valid_user_group_name_or_id("eff.eff"));
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id("some5"));
|
|
|
bd1529 |
assert_se(!valid_user_group_name_or_id("5some"));
|
|
|
bd1529 |
@@ -286,7 +367,9 @@ int main(int argc, char*argv[]) {
|
|
|
bd1529 |
test_parse_uid();
|
|
|
bd1529 |
test_uid_ptr();
|
|
|
bd1529 |
|
|
|
bd1529 |
+ test_valid_user_group_name_compat();
|
|
|
bd1529 |
test_valid_user_group_name();
|
|
|
bd1529 |
+ test_valid_user_group_name_or_id_compat();
|
|
|
bd1529 |
test_valid_user_group_name_or_id();
|
|
|
bd1529 |
test_valid_gecos();
|
|
|
bd1529 |
test_valid_home();
|