shadow/chkname-regex.patch
Michael Vetter 3317029e04 Accepting request 912915 from home:jubalh:branches:Base:System
- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes
  * Fix path prefix path handling
  * Manpage updates
  * Treat an empty passwd field as invalid(Haelwenn Monnier)
  * newxidmap: allow running under alternative gid
  * usermod: check that shell is executable
  * Add yescript support
  * useradd memleak fixes
  * useradd: use built-in settings by default
  * getdefs: add foreign
  * buffer overflow fixes
  * Adding run-parts style for pre and post useradd/del
- Refresh:
  * shadow-login_defs-unused-by-pam.patch
  * userdel-script.patch
  * useradd-script.patch
  * chkname-regex.patch
  * useradd-default.patch: bbf4b79 stopped shipping default file.
    change group in code now.
  * shadow-login_defs-suse.patch
  * useradd-userkeleton.patch
- Remove because upstreamed:

OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106
2021-08-18 14:25:29 +00:00

108 lines
3.0 KiB
Diff

Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes
#
#FORCE_SHADOW yes
+# User/group names must match the following regex expression.
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
+# but be aware that the result could depend on the locale settings.
+#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
#
# Allow newuidmap and newgidmap when running under an alternative
# primary group.
Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -91,6 +91,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
Index: libmisc/chkname.c
===================================================================
--- libmisc/chkname.c.orig
+++ libmisc/chkname.c
@@ -43,8 +43,11 @@
#ident "$Id$"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
int allow_bad_names = false;
@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n
return true;
}
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result) {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ regfree(&reg);
return false;
}
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
+ if (regexec (&reg, name, 0, NULL, 0) != 0) {
+ regfree(&reg);
+ return false;
}
return true;