Index: etc/login.defs =================================================================== --- etc/login.defs.orig +++ etc/login.defs @@ -299,3 +299,11 @@ USERGROUPS_ENAB yes # missing. # #FORCE_SHADOW yes + +# +# User/group names must match the following regex expression. +# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?, +# but be aware that the result could depend on the locale settings. +# +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c @@ -80,6 +80,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { + {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, {"CONSOLE", NULL}, Index: libmisc/chkname.c =================================================================== --- libmisc/chkname.c.orig +++ libmisc/chkname.c @@ -43,8 +43,11 @@ #ident "$Id$" #include +#include #include "defines.h" #include "chkname.h" +#include "getdef.h" +#include int allow_bad_names = false; @@ -54,24 +57,46 @@ static bool is_valid_name (const char *n return true; } - /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ + const char *class; + regex_t reg; + int result; + char *buf; + + /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?. + This is the POSIX portable character class. The $ at the end is + needed for SAMBA. But user can also specify something else in + /etc/login.defs. */ + class = getdef_str ("CHARACTER_CLASS"); + if (!class) + class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?"; + + if (asprintf (&buf, "^%s$", class) < 0) + return -1; + + memset (®, 0, sizeof (regex_t)); + result = regcomp (®, buf, 0); + free (buf); + + if (result) { + size_t length = regerror (result, ®, NULL, 0); + char *buffer = malloc (length); + if (buffer == NULL) + fputs ("running out of memory!\n", stderr); + + /* else + { + regerror (result, ®, buffer, length); + fprintf (stderr, _("Can't compile regular expression: %s\n"), + buffer); + } */ - if (('\0' == *name) || - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + regfree(®); return false; } - while ('\0' != *++name) { - if (!(( ('a' <= *name) && ('z' >= *name) ) || - ( ('0' <= *name) && ('9' >= *name) ) || - ('_' == *name) || - ('-' == *name) || - ( ('$' == *name) && ('\0' == *(name + 1)) ) - )) { - return false; - } + if (regexec (®, name, 0, NULL, 0) != 0) { + regfree(®); + return false; } return true;