|
|
bd1529 |
From f06434cc51eedd72f7d4a640a1fa118f57a5e68e Mon Sep 17 00:00:00 2001
|
|
|
bd1529 |
From: Balint Reczey <balint.reczey@canonical.com>
|
|
|
bd1529 |
Date: Wed, 18 Mar 2020 18:29:02 +0100
|
|
|
bd1529 |
Subject: [PATCH] user-util: Allow names starting with a digit
|
|
|
bd1529 |
|
|
|
bd1529 |
In 1a29610f5fa1bcb2eeb37d2c6b79d8d1a6dbb865 the change inadvertedly
|
|
|
bd1529 |
disabled names with digit as the first character. This follow-up change
|
|
|
bd1529 |
allows a digit as the first character in compat mode.
|
|
|
bd1529 |
|
|
|
bd1529 |
Fixes: #15141
|
|
|
bd1529 |
(cherry picked from commit 93c23c9297e48e594785e0bb9c51504aae5fbe3e)
|
|
|
bd1529 |
|
|
|
bd1529 |
Related: #1848373
|
|
|
bd1529 |
---
|
|
|
bd1529 |
src/basic/user-util.c | 20 +++++++++++++++++---
|
|
|
bd1529 |
src/test/test-user-util.c | 4 ++--
|
|
|
bd1529 |
2 files changed, 19 insertions(+), 5 deletions(-)
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/basic/user-util.c b/src/basic/user-util.c
|
|
|
bd1529 |
index 359da08a83..7dd2bb2c84 100644
|
|
|
bd1529 |
--- a/src/basic/user-util.c
|
|
|
bd1529 |
+++ b/src/basic/user-util.c
|
|
|
bd1529 |
@@ -579,16 +579,18 @@ int take_etc_passwd_lock(const char *root) {
|
|
|
bd1529 |
bool valid_user_group_name_full(const char *u, bool strict) {
|
|
|
bd1529 |
const char *i;
|
|
|
bd1529 |
long sz;
|
|
|
bd1529 |
+ bool warned = false;
|
|
|
bd1529 |
|
|
|
bd1529 |
/* Checks if the specified name is a valid user/group name. Also see POSIX IEEE Std 1003.1-2008, 2016 Edition,
|
|
|
bd1529 |
* 3.437. We are a bit stricter here however. Specifically we deviate from POSIX rules:
|
|
|
bd1529 |
*
|
|
|
bd1529 |
* - We require that names fit into the appropriate utmp field
|
|
|
bd1529 |
* - We don't allow empty user names
|
|
|
bd1529 |
- * - No dots or digits in the first character
|
|
|
bd1529 |
+ * - No dots in the first character
|
|
|
bd1529 |
*
|
|
|
bd1529 |
* If strict==true, additionally:
|
|
|
bd1529 |
* - We don't allow any dots (this conflicts with chown syntax which permits dots as user/group name separator)
|
|
|
bd1529 |
+ * - We don't allow a digit as the first character
|
|
|
bd1529 |
*
|
|
|
bd1529 |
* Note that other systems are even more restrictive, and don't permit underscores or uppercase characters.
|
|
|
bd1529 |
*/
|
|
|
bd1529 |
@@ -598,17 +600,26 @@ bool valid_user_group_name_full(const char *u, bool strict) {
|
|
|
bd1529 |
|
|
|
bd1529 |
if (!(u[0] >= 'a' && u[0] <= 'z') &&
|
|
|
bd1529 |
!(u[0] >= 'A' && u[0] <= 'Z') &&
|
|
|
bd1529 |
+ !(u[0] >= '0' && u[0] <= '9' && !strict) &&
|
|
|
bd1529 |
u[0] != '_')
|
|
|
bd1529 |
return false;
|
|
|
bd1529 |
|
|
|
bd1529 |
- bool warned = false;
|
|
|
bd1529 |
+ bool only_digits_seen = u[0] >= '0' && u[0] <= '9';
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ if (only_digits_seen) {
|
|
|
bd1529 |
+ log_warning("User or group name \"%s\" starts with a digit, accepting for compatibility.", u);
|
|
|
bd1529 |
+ warned = true;
|
|
|
bd1529 |
+ }
|
|
|
bd1529 |
|
|
|
bd1529 |
for (i = u+1; *i; i++) {
|
|
|
bd1529 |
if (((*i >= 'a' && *i <= 'z') ||
|
|
|
bd1529 |
(*i >= 'A' && *i <= 'Z') ||
|
|
|
bd1529 |
(*i >= '0' && *i <= '9') ||
|
|
|
bd1529 |
- IN_SET(*i, '_', '-')))
|
|
|
bd1529 |
+ IN_SET(*i, '_', '-'))) {
|
|
|
bd1529 |
+ if (!(*i >= '0' && *i <= '9'))
|
|
|
bd1529 |
+ only_digits_seen = false;
|
|
|
bd1529 |
continue;
|
|
|
bd1529 |
+ }
|
|
|
bd1529 |
|
|
|
bd1529 |
if (*i == '.' && !strict) {
|
|
|
bd1529 |
if (!warned) {
|
|
|
bd1529 |
@@ -622,6 +633,9 @@ bool valid_user_group_name_full(const char *u, bool strict) {
|
|
|
bd1529 |
return false;
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
+ if (only_digits_seen)
|
|
|
bd1529 |
+ return false;
|
|
|
bd1529 |
+
|
|
|
bd1529 |
sz = sysconf(_SC_LOGIN_NAME_MAX);
|
|
|
bd1529 |
assert_se(sz > 0);
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c
|
|
|
bd1529 |
index 3a4211655d..56079f1486 100644
|
|
|
bd1529 |
--- a/src/test/test-user-util.c
|
|
|
bd1529 |
+++ b/src/test/test-user-util.c
|
|
|
bd1529 |
@@ -164,7 +164,7 @@ static void test_valid_user_group_name_compat(void) {
|
|
|
bd1529 |
assert_se(valid_user_group_name_compat("eff."));
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_se(valid_user_group_name_compat("some5"));
|
|
|
bd1529 |
- assert_se(!valid_user_group_name_compat("5some"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_compat("5some"));
|
|
|
bd1529 |
assert_se(valid_user_group_name_compat("INNER5NUMBER"));
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
@@ -234,7 +234,7 @@ static void test_valid_user_group_name_or_id_compat(void) {
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id_compat("kk-k"));
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id_compat("some5"));
|
|
|
bd1529 |
- assert_se(!valid_user_group_name_or_id_compat("5some"));
|
|
|
bd1529 |
+ assert_se(valid_user_group_name_or_id_compat("5some"));
|
|
|
bd1529 |
assert_se(valid_user_group_name_or_id_compat("INNER5NUMBER"));
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|