diff --git a/lib/Makefile.am b/lib/Makefile.am index dc67df9e8..acda648bf 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -89,6 +89,8 @@ libshadow_la_SOURCES = \ console.c \ copydir.c \ csrand.c \ + ctype/ispfchar.c \ + ctype/ispfchar.h \ defines.h \ encrypt.c \ env.c \ diff --git a/lib/chkname.c b/lib/chkname.c index bee2e6bd7..182623e5f 100644 --- a/lib/chkname.c +++ b/lib/chkname.c @@ -13,7 +13,8 @@ * true - OK * false - bad name * errors: - * EINVAL Invalid name characters or sequences + * EINVAL Invalid name + * EILSEQ Invalid name character sequence * EOVERFLOW Name longer than maximum size */ @@ -31,7 +32,11 @@ #include "defines.h" #include "chkname.h" +#include "ctype/ispfchar.h" +#include "string/ctype/strchrisascii/strchriscntrl.h" +#include "string/ctype/strisascii/strisdigit.h" #include "string/strcmp/streq.h" +#include "string/strcmp/strprefix.h" #ifndef LOGIN_NAME_MAX @@ -39,9 +44,6 @@ #endif -int allow_bad_names = false; - - size_t login_name_max_size(void) { @@ -58,8 +60,14 @@ login_name_max_size(void) static bool is_valid_name(const char *name) { - if (allow_bad_names) { - return true; + if (streq(name, "") + || streq(name, ".") + || streq(name, "..") + || strprefix(name, "-") + || strisdigit(name)) + { + errno = EINVAL; + return false; } /* @@ -68,45 +76,21 @@ is_valid_name(const char *name) * * as a non-POSIX, extension, allow "$" as the last char for * sake of Samba 3.x "add machine script" - * - * Also do not allow fully numeric names or just "." or "..". */ - int numeric; - - if ('\0' == *name || - ('.' == *name && (('.' == name[1] && '\0' == name[2]) || - '\0' == name[1])) || - !((*name >= 'a' && *name <= 'z') || - (*name >= 'A' && *name <= 'Z') || - (*name >= '0' && *name <= '9') || - *name == '_' || - *name == '.')) - { - errno = EINVAL; + + if (!ispfchar(*name)) { + errno = EILSEQ; return false; } - numeric = isdigit(*name); - while (!streq(++name, "")) { - if (!((*name >= 'a' && *name <= 'z') || - (*name >= 'A' && *name <= 'Z') || - (*name >= '0' && *name <= '9') || - *name == '_' || - *name == '.' || - *name == '-' || - (*name == '$' && name[1] == '\0') - )) - { - errno = EINVAL; + if (streq(name, "$")) // Samba + return true; + + if (!ispfchar(*name)) { + errno = EILSEQ; return false; } - numeric &= isdigit(*name); - } - - if (numeric) { - errno = EINVAL; - return false; } return true; diff --git a/lib/ctype/ispfchar.c b/lib/ctype/ispfchar.c new file mode 100644 index 000000000..bb6868131 --- /dev/null +++ b/lib/ctype/ispfchar.c @@ -0,0 +1,12 @@ +// SPDX-FileCopyrightText: 2024, Alejandro Colomar +// SPDX-License-Identifier: BSD-3-Clause + + +#include + +#include "ctype/ispfchar.h" + +#include + + +extern inline bool ispfchar(unsigned char c); diff --git a/lib/ctype/ispfchar.h b/lib/ctype/ispfchar.h new file mode 100644 index 000000000..8cc9888bf --- /dev/null +++ b/lib/ctype/ispfchar.h @@ -0,0 +1,26 @@ +// SPDX-FileCopyrightText: 2024, Alejandro Colomar +// SPDX-License-Identifier: BSD-3-Clause + + +#ifndef SHADOW_INCLUDE_LIB_CTYPE_ISPFCHAR_H_ +#define SHADOW_INCLUDE_LIB_CTYPE_ISPFCHAR_H_ + + +#include + +#include +#include + + +inline bool ispfchar(unsigned char c); + + +// Return true if 'c' is a character from the Portable Filename Character Set. +inline bool +ispfchar(unsigned char c) +{ + return isalnum(c) || c == '.' || c == '_' || c == '-'; +} + + +#endif // include guard diff --git a/man/newusers.8.xml b/man/newusers.8.xml index 6812c7509..72da7253d 100644 --- a/man/newusers.8.xml +++ b/man/newusers.8.xml @@ -253,18 +253,6 @@ The options which apply to the newusers command are: - - - -   - - - - Allow names that do not conform to standards. - - - - , diff --git a/man/pwck.8.xml b/man/pwck.8.xml index 4eb820d66..3403de22f 100644 --- a/man/pwck.8.xml +++ b/man/pwck.8.xml @@ -159,16 +159,6 @@ The options which apply to the pwck command are: - - -   - - - - Allow names that do not conform to standards. - - - , diff --git a/man/useradd.8.xml b/man/useradd.8.xml index c4b1001af..44bb6e4d9 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml @@ -103,16 +103,6 @@ The options which apply to the useradd command are: - - -   - - - - Allow names that do not conform to standards. - - - ,  BASE_DIR diff --git a/man/usermod.8.xml b/man/usermod.8.xml index 349248b6b..12829061c 100644 --- a/man/usermod.8.xml +++ b/man/usermod.8.xml @@ -84,16 +84,6 @@ - - - , - - - - Allow names that do not conform to standards. - - - ,  COMMENT diff --git a/src/chfn.c b/src/chfn.c index 4c96fba28..9c490a6f6 100644 --- a/src/chfn.c +++ b/src/chfn.c @@ -11,10 +11,12 @@ #ident "$Id$" +#include #include #include #include #include +#include #include #include @@ -646,7 +648,7 @@ int main (int argc, char **argv) */ if (optind < argc) { if (!is_valid_user_name (argv[optind])) { - fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog); + fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno)); fail_exit (E_NOPERM); } user = argv[optind]; diff --git a/src/chsh.c b/src/chsh.c index 15bfae323..34cb470a0 100644 --- a/src/chsh.c +++ b/src/chsh.c @@ -11,10 +11,12 @@ #ident "$Id$" +#include #include #include #include #include +#include #include #include "chkname.h" @@ -503,7 +505,7 @@ int main (int argc, char **argv) */ if (optind < argc) { if (!is_valid_user_name (argv[optind])) { - fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog); + fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno)); fail_exit (1); } user = argv[optind]; diff --git a/src/groupadd.c b/src/groupadd.c index ab30960e3..c36d2e293 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -12,6 +12,7 @@ #ident "$Id$" #include +#include #include #include #include @@ -247,9 +248,7 @@ static void check_new_name(void) { if (!is_valid_group_name(group_name)) { - fprintf(stderr, _("%s: '%s' is not a valid group name\n"), - Prog, group_name); - + fprintf(stderr, _("%s: group: %s\n"), Prog, strerror(errno)); exit(E_BAD_ARG); } diff --git a/src/groupmod.c b/src/groupmod.c index 5164c4c3f..8b3bd1256 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -12,6 +12,7 @@ #ident "$Id$" #include +#include #include #include #include @@ -381,9 +382,7 @@ check_new_name(void) } if (!is_valid_group_name(group_newname)) { - fprintf(stderr, - _("%s: invalid group name '%s'\n"), - Prog, group_newname); + fprintf(stderr, _("%s: group: %s\n"), Prog, strerror(errno)); exit(E_BAD_ARG); } diff --git a/src/grpck.c b/src/grpck.c index d3f2baee6..3c051688d 100644 --- a/src/grpck.c +++ b/src/grpck.c @@ -10,11 +10,13 @@ #include +#include #include +#include #include #include #include -#include +#include #include "chkname.h" #include "commonio.h" @@ -562,7 +564,7 @@ static void check_grp_file (bool *errors, bool *changed) */ if (!is_valid_group_name (grp->gr_name)) { *errors = true; - printf (_("invalid group name '%s'\n"), grp->gr_name); + printf(_("group: %s\n"), strerror(errno)); } /* diff --git a/src/newgrp.c b/src/newgrp.c index 6e05277f6..bdbb8a6f8 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include "agetpass.h" @@ -487,9 +488,8 @@ int main (int argc, char **argv) */ if ((argc > 0) && (argv[0][0] != '-')) { if (!is_valid_group_name (argv[0])) { - fprintf ( - stderr, _("%s: provided group is not a valid group name\n"), - Prog); + fprintf(stderr, _("%s: group: %s\n"), + Prog, strerror(errno)); goto failure; } group = argv[0]; @@ -524,9 +524,8 @@ int main (int argc, char **argv) goto failure; } else if (argv[0] != NULL) { if (!is_valid_group_name (argv[0])) { - fprintf ( - stderr, _("%s: provided group is not a valid group name\n"), - Prog); + fprintf(stderr, _("%s: group: %s\n"), + Prog, strerror(errno)); goto failure; } group = argv[0]; diff --git a/src/newusers.c b/src/newusers.c index e3685efe9..e7358275d 100644 --- a/src/newusers.c +++ b/src/newusers.c @@ -114,7 +114,6 @@ static void check_perms (void); static void open_files (void); static void close_files (void); -extern int allow_bad_names; /* * usage - display usage message and exit @@ -127,7 +126,6 @@ static void usage (int status) "\n" "Options:\n"), Prog); - (void) fputs (_(" -b, --badname allow bad names\n"), usageout); #ifndef USE_PAM (void) fprintf (usageout, _(" -c, --crypt-method METHOD the crypt method (one of %s)\n"), @@ -293,9 +291,7 @@ static int add_group (const char *name, const char *gid, gid_t *ngid, uid_t uid) /* Check if this is a valid group name */ if (!is_valid_group_name (grent.gr_name)) { - fprintf (stderr, - _("%s: invalid group name '%s'\n"), - Prog, grent.gr_name); + fprintf(stderr, _("%s: group: %s\n"), Prog, strerror(errno)); free (grent.gr_name); return -1; } @@ -388,17 +384,8 @@ static int add_user (const char *name, uid_t uid, gid_t gid) { struct passwd pwent; - /* Check if this is a valid user name */ if (!is_valid_user_name(name)) { - if (errno == EINVAL) { - fprintf(stderr, - _("%s: invalid user name '%s': use --badname to ignore\n"), - Prog, name); - } else { - fprintf(stderr, - _("%s: invalid user name '%s'\n"), - Prog, name); - } + fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno)); return -1; } @@ -631,7 +618,6 @@ static void process_flags (int argc, char **argv) #endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #endif /* !USE_PAM */ static struct option long_options[] = { - {"badname", no_argument, NULL, 'b'}, #ifndef USE_PAM {"crypt-method", required_argument, NULL, 'c'}, #endif /* !USE_PAM */ @@ -658,9 +644,6 @@ static void process_flags (int argc, char **argv) #endif long_options, NULL)) != -1) { switch (c) { - case 'b': - allow_bad_names = true; - break; #ifndef USE_PAM case 'c': crypt_method = optarg; diff --git a/src/passwd.c b/src/passwd.c index cc79960a5..4dae512a4 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -17,6 +17,7 @@ #include #include #include +#include #include #include @@ -913,7 +914,7 @@ main(int argc, char **argv) myname = xstrdup (pw->pw_name); if (optind < argc) { if (!is_valid_user_name (argv[optind])) { - fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog); + fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno)); fail_exit (E_NOPERM); } name = argv[optind]; diff --git a/src/pwck.c b/src/pwck.c index b485a5a87..376e18edd 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -12,11 +12,13 @@ #ident "$Id$" +#include #include #include #include #include #include +#include #include "chkname.h" #include "commonio.h" @@ -76,7 +78,6 @@ static void close_files (bool changed); static void check_pw_file (bool *errors, bool *changed); static void check_spw_file (bool *errors, bool *changed); -extern int allow_bad_names; /* * fail_exit - do some cleanup and exit with the given error code @@ -133,7 +134,6 @@ usage (int status) "Options:\n"), Prog); } - (void) fputs (_(" -b, --badname allow bad names\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -q, --quiet report errors only\n"), usageout); (void) fputs (_(" -r, --read-only display errors and warnings\n" @@ -158,7 +158,6 @@ static void process_flags (int argc, char **argv) { int c; static struct option long_options[] = { - {"badname", no_argument, NULL, 'b'}, {"help", no_argument, NULL, 'h'}, {"quiet", no_argument, NULL, 'q'}, {"read-only", no_argument, NULL, 'r'}, @@ -173,9 +172,6 @@ static void process_flags (int argc, char **argv) while ((c = getopt_long (argc, argv, "behqrR:s", long_options, NULL)) != -1) { switch (c) { - case 'b': - allow_bad_names = true; - break; case 'h': usage (E_SUCCESS); /*@notreached@*/break; @@ -470,18 +466,8 @@ static void check_pw_file (bool *errors, bool *changed) } } - /* - * Check for invalid usernames. --marekm - */ - if (!is_valid_user_name(pwd->pw_name)) { - if (errno == EINVAL) { - printf(_("invalid user name '%s': use --badname to ignore\n"), - pwd->pw_name); - } else { - printf(_("invalid user name '%s'\n"), - pwd->pw_name); - } + printf(_("user: %s\n"), strerror(errno)); *errors = true; } diff --git a/src/useradd.c b/src/useradd.c index 70a48cb8d..d0dead4ac 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -150,7 +150,6 @@ static char **user_groups; /* NULL-terminated list */ static long sys_ngroups; static bool do_grp_update = false; /* group files need to be updated */ -extern int allow_bad_names; static bool bflg = false, /* new default root of home directory */ @@ -893,7 +892,6 @@ static void usage (int status) "\n" "Options:\n"), Prog, Prog, Prog); - (void) fputs (_(" --badname do not check for bad names\n"), usageout); (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n" " new account\n"), usageout); #ifdef WITH_BTRFS @@ -1180,7 +1178,6 @@ static void process_flags (int argc, char **argv) #ifdef WITH_BTRFS {"btrfs-subvolume-home", no_argument, NULL, 200}, #endif - {"badname", no_argument, NULL, 201}, {"comment", required_argument, NULL, 'c'}, {"home-dir", required_argument, NULL, 'd'}, {"defaults", no_argument, NULL, 'D'}, @@ -1237,9 +1234,6 @@ static void process_flags (int argc, char **argv) case 200: subvolflg = true; break; - case 201: - allow_bad_names = true; - break; case 'c': if (!VALID (optarg)) { fprintf (stderr, @@ -1534,15 +1528,7 @@ static void process_flags (int argc, char **argv) user_name = argv[optind]; if (!is_valid_user_name(user_name)) { - if (errno == EINVAL) { - fprintf(stderr, - _("%s: invalid user name '%s': use --badname to ignore\n"), - Prog, user_name); - } else { - fprintf(stderr, - _("%s: invalid user name '%s'\n"), - Prog, user_name); - } + fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, "adding user", @@ -2259,9 +2245,9 @@ static void create_home (void) */ for (cp = strtok(bhome, "/"); cp != NULL; cp = strtok(NULL, "/")) { /* Avoid turning a relative path into an absolute path. */ - if (bhome[0] == '/' || strlen(path) != 0) { + if (bhome[0] == '/' || !streq(path, "")) strcat(path, "/"); - } + strcat(path, cp); if (access(path, F_OK) == 0) { continue; diff --git a/src/usermod.c b/src/usermod.c index 7ea1a7244..53ce73ad4 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -27,6 +27,7 @@ #endif /* USE_PAM */ #endif /* ACCT_TOOLS_SETUID */ #include +#include #include #include #include @@ -207,7 +208,6 @@ static void update_faillog (void); static void move_mailbox (void); #endif -extern int allow_bad_names; /* * get_groups - convert a list of group names to an array of group IDs @@ -383,7 +383,6 @@ usage (int status) (void) fputs (_(" -a, --append append the user to the supplemental GROUPS\n" " mentioned by the -G option without removing\n" " the user from other groups\n"), usageout); - (void) fputs (_(" -b, --badname allow bad names\n"), usageout); (void) fputs (_(" -c, --comment COMMENT new value of the GECOS field\n"), usageout); (void) fputs (_(" -d, --home HOME_DIR new home directory for the user account\n"), usageout); (void) fputs (_(" -e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE\n"), usageout); @@ -996,8 +995,6 @@ process_flags(int argc, char **argv) int c; static struct option long_options[] = { {"append", no_argument, NULL, 'a'}, - {"badname", no_argument, NULL, 'b'}, - {"badnames", no_argument, NULL, 'b'}, {"comment", required_argument, NULL, 'c'}, {"home", required_argument, NULL, 'd'}, {"expiredate", required_argument, NULL, 'e'}, @@ -1041,9 +1038,6 @@ process_flags(int argc, char **argv) case 'a': aflg = true; break; - case 'b': - allow_bad_names = true; - break; case 'c': if (!VALID (optarg)) { fprintf (stderr, @@ -1118,15 +1112,8 @@ process_flags(int argc, char **argv) /*@notreached@*/break; case 'l': if (!is_valid_user_name(optarg)) { - if (errno == EINVAL) { - fprintf(stderr, - _("%s: invalid user name '%s': use --badname to ignore\n"), - Prog, optarg); - } else { - fprintf(stderr, - _("%s: invalid user name '%s'\n"), - Prog, optarg); - } + fprintf(stderr, _("%s: user: %s\n"), + Prog, strerror(errno)); exit (E_BAD_ARG); } lflg = true;