93639b1c76
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch
- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
* shadow-util-linux.patch
* shadow-login_defs-comments.patch
- Add shadow-4.8-selinux-include.patch
See https://github.com/shadow-maint/shadow/pull/200
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81
106 lines
2.9 KiB
Diff
106 lines
2.9 KiB
Diff
Index: etc/login.defs
|
|
===================================================================
|
|
--- etc/login.defs.orig
|
|
+++ etc/login.defs
|
|
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
|
|
# missing.
|
|
#
|
|
#FORCE_SHADOW yes
|
|
+
|
|
+#
|
|
+# User/group names must match the following regex expression.
|
|
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
|
|
+# but be aware that the result could depend on the locale settings.
|
|
+#
|
|
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
|
|
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
|
|
Index: lib/getdef.c
|
|
===================================================================
|
|
--- lib/getdef.c.orig
|
|
+++ lib/getdef.c
|
|
@@ -80,6 +80,7 @@ struct itemdef {
|
|
|
|
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
|
static struct itemdef def_table[] = {
|
|
+ {"CHARACTER_CLASS", NULL},
|
|
{"CHFN_RESTRICT", NULL},
|
|
{"CONSOLE_GROUPS", NULL},
|
|
{"CONSOLE", NULL},
|
|
Index: libmisc/chkname.c
|
|
===================================================================
|
|
--- libmisc/chkname.c.orig
|
|
+++ libmisc/chkname.c
|
|
@@ -43,8 +43,11 @@
|
|
#ident "$Id$"
|
|
|
|
#include <ctype.h>
|
|
+#include <regex.h>
|
|
#include "defines.h"
|
|
#include "chkname.h"
|
|
+#include "getdef.h"
|
|
+#include <stdio.h>
|
|
|
|
int allow_bad_names = false;
|
|
|
|
@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n
|
|
return true;
|
|
}
|
|
|
|
- /*
|
|
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
|
- */
|
|
+ const char *class;
|
|
+ regex_t reg;
|
|
+ int result;
|
|
+ char *buf;
|
|
+
|
|
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
|
|
+ This is the POSIX portable character class. The $ at the end is
|
|
+ needed for SAMBA. But user can also specify something else in
|
|
+ /etc/login.defs. */
|
|
+ class = getdef_str ("CHARACTER_CLASS");
|
|
+ if (!class)
|
|
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
|
|
+
|
|
+ if (asprintf (&buf, "^%s$", class) < 0)
|
|
+ return -1;
|
|
+
|
|
+ memset (®, 0, sizeof (regex_t));
|
|
+ result = regcomp (®, buf, 0);
|
|
+ free (buf);
|
|
+
|
|
+ if (result) {
|
|
+ size_t length = regerror (result, ®, NULL, 0);
|
|
+ char *buffer = malloc (length);
|
|
+ if (buffer == NULL)
|
|
+ fputs ("running out of memory!\n", stderr);
|
|
+
|
|
+ /* else
|
|
+ {
|
|
+ regerror (result, ®, buffer, length);
|
|
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
|
|
+ buffer);
|
|
+ } */
|
|
|
|
- if (('\0' == *name) ||
|
|
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
|
+ regfree(®);
|
|
return false;
|
|
}
|
|
|
|
- while ('\0' != *++name) {
|
|
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
|
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
|
- ('_' == *name) ||
|
|
- ('-' == *name) ||
|
|
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
|
- )) {
|
|
- return false;
|
|
- }
|
|
+ if (regexec (®, name, 0, NULL, 0) != 0) {
|
|
+ regfree(®);
|
|
+ return false;
|
|
}
|
|
|
|
return true;
|