From be021c88fffa18d0f3b26442782364411b42c7d4 Mon Sep 17 00:00:00 2001
From: Alejandro Colomar <alx@kernel.org>
Date: Mon, 9 Dec 2024 12:50:51 +0100
Subject: [PATCH] Little Bobby Tables

lib/, man/, src/: Do not allow bad names

Closes: <https://github.com/shadow-maint/shadow/issues/1149>
Link: <https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/>
Link: <https://xkcd.com/327/>
Link: <https://www.youtube.com/watch?v=hNoS2BU6bbQ>
Link: <https://lwn.net/Articles/1001215/>
Link: <https://dwheeler.com/essays/fixing-unix-linux-filenames.html>
Link: <https://github.com/shadow-maint/shadow/issues/121>
Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=42874>
Link: <https://lists.debian.org/debian-devel/2024/11/msg00250.html>
Link: <https://lists.debian.org/debian-devel/2024/12/msg00012.html>
Link: <https://lwn.net/Articles/1000485/>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: Sam James <sam@gentoo.org>
Cc: Michael Vetter <jubalh@iodoru.org>
Cc: Chris Hofstaedtler <zeha@debian.org>
Cc: Balint Reczey <rbalint@debian.org>
Cc: Marc Haber <mh+githubvisible@zugschlus.de>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 lib/chkname.c      |  7 -------
 man/newusers.8.xml | 12 ------------
 man/pwck.8.xml     | 10 ----------
 man/useradd.8.xml  | 10 ----------
 man/usermod.8.xml  | 10 ----------
 src/newusers.c     | 17 +----------------
 src/pwck.c         | 18 +-----------------
 src/useradd.c      | 18 +++---------------
 src/usermod.c      | 19 +++----------------
 9 files changed, 8 insertions(+), 113 deletions(-)

diff --git a/lib/chkname.c b/lib/chkname.c
index 8bde7a2d9..fd664cff4 100644
--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -35,9 +35,6 @@
 #include "chkname.h"
 
 
-int allow_bad_names = false;
-
-
 size_t
 login_name_max_size(void)
 {
@@ -55,10 +52,6 @@ login_name_max_size(void)
 static bool
 is_valid_name(const char *name)
 {
-	if (allow_bad_names) {
-		return true;
-	}
-
 	/*
          * User/group names must match BRE regex:
          *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
diff --git a/man/newusers.8.xml b/man/newusers.8.xml
index 6812c7509..72da7253d 100644
--- a/man/newusers.8.xml
+++ b/man/newusers.8.xml
@@ -253,18 +253,6 @@
     <para>
       The options which apply to the <command>newusers</command> command are:
     </para>
-    <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
     <variablelist remap='IP' condition="no_pam">
       <varlistentry>
 	<term><option>-c</option>, <option>--crypt-method</option></term>
diff --git a/man/pwck.8.xml b/man/pwck.8.xml
index 4eb820d66..3403de22f 100644
--- a/man/pwck.8.xml
+++ b/man/pwck.8.xml
@@ -159,16 +159,6 @@
       The options which apply to the <command>pwck</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term><option>-h</option>, <option>--help</option></term>
 	<listitem>
diff --git a/man/useradd.8.xml b/man/useradd.8.xml
index 001e7d14c..15af8de7b 100644
--- a/man/useradd.8.xml
+++ b/man/useradd.8.xml
@@ -103,16 +103,6 @@
     <para>The options which apply to the <command>useradd</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-b</option>, <option>--base-dir</option>&nbsp;<replaceable>BASE_DIR</replaceable>
diff --git a/man/usermod.8.xml b/man/usermod.8.xml
index 349248b6b..12829061c 100644
--- a/man/usermod.8.xml
+++ b/man/usermod.8.xml
@@ -84,16 +84,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term>
-	  <option>-b</option>, <option>--badname</option>
-	</term>
-	<listitem>
-	  <para>
-	    Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-c</option>, <option>--comment</option>&nbsp;<replaceable>COMMENT</replaceable>
diff --git a/src/newusers.c b/src/newusers.c
index 32d224d20..84e5092fc 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -112,7 +112,6 @@ static void check_perms (void);
 static void open_files (void);
 static void close_files (void);
 
-extern int allow_bad_names;
 
 /*
  * usage - display usage message and exit
@@ -125,7 +124,6 @@ static void usage (int status)
 	                  "\n"
 	                  "Options:\n"),
 	                Prog);
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 #ifndef USE_PAM
 	(void) fprintf (usageout,
 	                _("  -c, --crypt-method METHOD     the crypt method (one of %s)\n"),
@@ -386,17 +384,8 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
 {
 	struct passwd pwent;
 
-	/* Check if this is a valid user name */
 	if (!is_valid_user_name(name)) {
-		if (errno == EINVAL) {
-			fprintf(stderr,
-			        _("%s: invalid user name '%s': use --badname to ignore\n"),
-			        Prog, name);
-		} else {
-			fprintf(stderr,
-			        _("%s: invalid user name '%s'\n"),
-			        Prog, name);
-		}
+		fprintf(stderr, _("%s: invalid user name '%s'\n"), Prog, name);
 		return -1;
 	}
 
@@ -629,7 +618,6 @@ static void process_flags (int argc, char **argv)
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif 				/* !USE_PAM */
 	static struct option long_options[] = {
-		{"badname",      no_argument,       NULL, 'b'},
 #ifndef USE_PAM
 		{"crypt-method", required_argument, NULL, 'c'},
 #endif				/* !USE_PAM */
@@ -656,9 +644,6 @@ static void process_flags (int argc, char **argv)
 #endif
 	                         long_options, NULL)) != -1) {
 		switch (c) {
-		case 'b':
-			allow_bad_names = true;
-			break;
 #ifndef USE_PAM
 		case 'c':
 			crypt_method = optarg;
diff --git a/src/pwck.c b/src/pwck.c
index 271a2c21b..80cbc3c6d 100644
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -76,7 +76,6 @@ static void close_files (bool changed);
 static void check_pw_file (int *errors, bool *changed);
 static void check_spw_file (int *errors, bool *changed);
 
-extern int allow_bad_names;
 
 /*
  * fail_exit - do some cleanup and exit with the given error code
@@ -133,7 +132,6 @@ usage (int status)
 		                  "Options:\n"),
 		                Prog);
 	}
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -q, --quiet                   report errors only\n"), usageout);
 	(void) fputs (_("  -r, --read-only               display errors and warnings\n"
@@ -158,7 +156,6 @@ static void process_flags (int argc, char **argv)
 {
 	int c;
 	static struct option long_options[] = {
-		{"badname",   no_argument,       NULL, 'b'},
 		{"help",      no_argument,       NULL, 'h'},
 		{"quiet",     no_argument,       NULL, 'q'},
 		{"read-only", no_argument,       NULL, 'r'},
@@ -173,9 +170,6 @@ static void process_flags (int argc, char **argv)
 	while ((c = getopt_long (argc, argv, "behqrR:s",
 	                         long_options, NULL)) != -1) {
 		switch (c) {
-		case 'b':
-			allow_bad_names = true;
-			break;
 		case 'h':
 			usage (E_SUCCESS);
 			/*@notreached@*/break;
@@ -470,18 +464,8 @@ static void check_pw_file (int *errors, bool *changed)
 			}
 		}
 
-		/*
-		 * Check for invalid usernames.  --marekm
-		 */
-
 		if (!is_valid_user_name(pwd->pw_name)) {
-			if (errno == EINVAL) {
-				printf(_("invalid user name '%s': use --badname to ignore\n"),
-				       pwd->pw_name);
-			} else {
-				printf(_("invalid user name '%s'\n"),
-				       pwd->pw_name);
-			}
+			printf(_("invalid user name '%s'\n"), pwd->pw_name);
 			*errors += 1;
 		}
 
diff --git a/src/useradd.c b/src/useradd.c
index 891fd1420..0c8a5e98d 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -150,7 +150,6 @@ static char **user_groups;	/* NULL-terminated list */
 static long sys_ngroups;
 static bool do_grp_update = false;	/* group files need to be updated */
 
-extern int allow_bad_names;
 
 static bool
     bflg = false,		/* new default root of home directory */
@@ -893,7 +892,6 @@ static void usage (int status)
 	                  "\n"
 	                  "Options:\n"),
 	                Prog, Prog, Prog);
-	(void) fputs (_("      --badname                 do not check for bad names\n"), usageout);
 	(void) fputs (_("  -b, --base-dir BASE_DIR       base directory for the home directory of the\n"
 	                "                                new account\n"), usageout);
 #ifdef WITH_BTRFS
@@ -1180,7 +1178,6 @@ static void process_flags (int argc, char **argv)
 #ifdef WITH_BTRFS
 			{"btrfs-subvolume-home", no_argument, NULL, 200},
 #endif
-			{"badname",        no_argument,       NULL, 201},
 			{"comment",        required_argument, NULL, 'c'},
 			{"home-dir",       required_argument, NULL, 'd'},
 			{"defaults",       no_argument,       NULL, 'D'},
@@ -1237,9 +1234,6 @@ static void process_flags (int argc, char **argv)
 			case 200:
 				subvolflg = true;
 				break;
-			case 201:
-				allow_bad_names = true;
-				break;
 			case 'c':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1534,15 +1528,9 @@ static void process_flags (int argc, char **argv)
 
 		user_name = argv[optind];
 		if (!is_valid_user_name(user_name)) {
-			if (errno == EINVAL) {
-				fprintf(stderr,
-				        _("%s: invalid user name '%s': use --badname to ignore\n"),
-				        Prog, user_name);
-			} else {
-				fprintf(stderr,
-				        _("%s: invalid user name '%s'\n"),
-				        Prog, user_name);
-			}
+			fprintf(stderr,
+			        _("%s: invalid user name '%s'\n"),
+			        Prog, user_name);
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
 			              "adding user",
diff --git a/src/usermod.c b/src/usermod.c
index f33aec31e..9dd98b19b 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -207,7 +207,6 @@ static void update_faillog (void);
 static void move_mailbox (void);
 #endif
 
-extern int allow_bad_names;
 
 /*
  * get_groups - convert a list of group names to an array of group IDs
@@ -383,7 +382,6 @@ usage (int status)
 	(void) fputs (_("  -a, --append                  append the user to the supplemental GROUPS\n"
 	                "                                mentioned by the -G option without removing\n"
 	                "                                the user from other groups\n"), usageout);
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 	(void) fputs (_("  -c, --comment COMMENT         new value of the GECOS field\n"), usageout);
 	(void) fputs (_("  -d, --home HOME_DIR           new home directory for the user account\n"), usageout);
 	(void) fputs (_("  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE\n"), usageout);
@@ -996,8 +994,6 @@ process_flags(int argc, char **argv)
 		int c;
 		static struct option long_options[] = {
 			{"append",       no_argument,       NULL, 'a'},
-			{"badname",      no_argument,       NULL, 'b'},
-			{"badnames",     no_argument,       NULL, 'b'},
 			{"comment",      required_argument, NULL, 'c'},
 			{"home",         required_argument, NULL, 'd'},
 			{"expiredate",   required_argument, NULL, 'e'},
@@ -1041,9 +1037,6 @@ process_flags(int argc, char **argv)
 			case 'a':
 				aflg = true;
 				break;
-			case 'b':
-				allow_bad_names = true;
-				break;
 			case 'c':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1118,15 +1111,9 @@ process_flags(int argc, char **argv)
 				/*@notreached@*/break;
 			case 'l':
 				if (!is_valid_user_name(optarg)) {
-					if (errno == EINVAL) {
-						fprintf(stderr,
-						        _("%s: invalid user name '%s': use --badname to ignore\n"),
-						        Prog, optarg);
-					} else {
-						fprintf(stderr,
-						        _("%s: invalid user name '%s'\n"),
-						        Prog, optarg);
-					}
+					fprintf(stderr,
+						_("%s: invalid user name '%s'\n"),
+						Prog, optarg);
 					exit (E_BAD_ARG);
 				}
 				lflg = true;