Subject: useradd: warn about unusual login names
To: None <tech-userlevel@netbsd.org>
From: Hubert Feyrer <hubert.feyrer@informatik.fh-regensburg.de>
List: tech-userlevel
Date: 11/23/2001 04:35:27
Next round! This does
* implement warnings close to Solaris 8:
- print a warning if the login name is non-standard (see documentation
for what's considered "standard")
- print a warning on all-uppercase login names
- print a warning if the first char of the login name is not a letter
* update documentation to describe what a "standard" login is
* use shquote(3), with it's own implementation for <1.6
* follow the idea to give the administrator the rope he asks for
Suggestions for improvement welcome, else I'll look into committing this
soonish. Thanks!
- Hubert
Index: user.c
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/user/user.c,v
retrieving revision 1.20.4.8
diff -u -r1.20.4.8 user.c
--- user.c 2001/02/26 18:01:17 1.20.4.8
+++ user.c 2001/11/23 03:11:21
@@ -45,6 +45,7 @@
#include <ctype.h>
#include <dirent.h>
#include <err.h>
+#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <paths.h>
@@ -213,6 +214,219 @@
return ret;
}
+#define NetBSD_1_6 106000100
+#if defined(__NetBSD_Version__) && (__NetBSD_Version__ < NetBSD_1_6)
+/* from src/lib/libc/gen/shquote.c, needed for the useradd pkg which
+ * also needs to run on < 1.6
+ */
+
+size_t
+shquote(const char *arg, char *buf, size_t bufsize);
+
+
+/* <<NetBSD: shquote.c,v 1.4 2001/03/12 03:20:10 simonb Exp>> */
+
+/*
+ * Copyright (c) 2001 Christopher G. Demetriou
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed for the
+ * NetBSD Project. See http://www.netbsd.org/ for
+ * information about NetBSD.
+ * 4. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * <<Id: LICENSE,v 1.2 2000/06/14 15:57:33 cgd Exp>>
+ */
+
+/*
+ * Define SHQUOTE_USE_MULTIBYTE if you want shquote() to handle multibyte
+ * characters using mbrtowc().
+ *
+ * Please DO NOT rip this #ifdef out of the code. It's also here to help
+ * portability.
+ */
+#undef SHQUOTE_USE_MULTIBYTE
+
+#ifdef SHQUOTE_USE_MULTIBYTE
+#include <limits.h>
+#include <wchar.h>
+#endif
+
+/*
+ * shquote():
+ *
+ * Requotes arguments so that they'll be interpreted properly by the
+ * shell (/bin/sh).
+ *
+ * Wraps single quotes around the string, and replaces single quotes
+ * in the string with the sequence:
+ * '\''
+ *
+ * Returns the number of characters required to hold the resulting quoted
+ * argument.
+ *
+ * The buffer supplied is filled in and NUL-terminated. If 'bufsize'
+ * indicates that the buffer is too short to hold the output string, the
+ * first (bufsize - 1) bytes of quoted argument are filled in and the
+ * buffer is NUL-terminated.
+ *
+ * Changes could be made to optimize the length of strings output by this
+ * function:
+ *
+ * * if there are no metacharacters or whitespace in the input,
+ * the output could be the input string.
+ */
+
+#ifdef SHQUOTE_USE_MULTIBYTE
+
+#define XLATE_OUTCH(x) wcrtomb(outch, (x), &mbso)
+#define XLATE_INCH() \
+ do { \
+ n = mbrtowc(&c, arg, MB_CUR_MAX, &mbsi); \
+ } while (/*LINTED const cond*/0)
+
+#else
+
+#define XLATE_OUTCH(x) (outch[0] = (x), 1)
+#define XLATE_INCH() \
+ do { \
+ n = ((c = *arg) != '\0') ? 1 : 0; \
+ } while (/*LINTED const cond*/0)
+
+#endif
+
+#define PUT(x) \
+ do { \
+ outchlen = XLATE_OUTCH(x); \
+ if (outchlen == (size_t)-1) \
+ goto bad; \
+ rv += outchlen; \
+ if (bufsize != 0) { \
+ if (bufsize < outchlen || \
+ (bufsize == outchlen && \
+ outch[outchlen - 1] != '\0')) { \
+ *buf = '\0'; \
+ bufsize = 0; \
+ } else { \
+ memcpy(buf, outch, outchlen); \
+ buf += outchlen; \
+ bufsize -= outchlen; \
+ } \
+ } \
+ } while (/*LINTED const cond*/0)
+
+size_t
+shquote(const char *arg, char *buf, size_t bufsize)
+{
+#ifdef SHQUOTE_USE_MULTIBYTE
+ char outch[MB_LEN_MAX];
+ mbstate_t mbsi, mbso;
+ wchar_t c, lastc;
+ size_t outchlen;
+#else
+ char outch[1];
+ char c, lastc;
+ size_t outchlen;
+#endif
+ size_t rv;
+ int n;
+
+ rv = 0;
+ lastc = 0;
+#ifdef SHQUOTE_USE_MULTIBYTE
+ memset(&mbsi, 0, sizeof mbsi);
+ memset(&mbso, 0, sizeof mbso);
+#endif
+
+ if (*arg != '\'')
+ PUT('\'');
+ for (;;) {
+ XLATE_INCH();
+ if (n == (size_t)-1)
+ goto bad;
+ if (n <= 0)
+ break;
+ arg += n;
+ lastc = c;
+
+ if (c == '\'') {
+ if (rv != 0)
+ PUT('\'');
+ PUT('\\');
+ PUT('\'');
+ for (;;) {
+ XLATE_INCH();
+ if (n <= 0 || c != '\'')
+ break;
+ PUT('\\');
+ PUT('\'');
+ arg += n;
+ }
+ if (n > 0)
+ PUT('\'');
+ } else
+ PUT(c);
+ }
+ if (lastc != '\'')
+ PUT('\'');
+
+ /* Put multibyte or NUL terminator, but don't count the NUL. */
+ PUT('\0');
+ rv--;
+
+ return rv;
+
+bad:
+ /* A multibyte character encoding or decoding error occurred. */
+ return (size_t)-1;
+}
+#endif /* < NetBSD 1.6 */
+
+
+/* quote shell metachars in a string */
+/* caller should free(3) returned string */
+static char *
+quote(const char *str)
+{
+ char *buf;
+ size_t rc;
+ size_t bufsize;
+
+ bufsize = 4*strlen(str) + 1;
+ buf = malloc(bufsize);
+ if (buf == NULL)
+ errx(EXIT_FAILURE, "Cannot allocate memory in quote()");
+
+ rc = shquote(str, buf, bufsize);
+ if (rc == (size_t)-1) {
+ errx(EXIT_FAILURE, "shquote() returned -1");
+ }
+
+ return buf;
+}
+
/* remove a users home directory, returning 1 for success (ie, no problems encountered) */
static int
removehomedir(const char *user, int uid, const char *dir)
@@ -243,7 +457,7 @@
(void) seteuid(uid);
/* we add the "|| true" to keep asystem() quiet if there is a non-zero exit status. */
- (void) asystem("%s -rf %s > /dev/null 2>&1 || true", RM, dir);
+ (void) asystem("%s -rf %s > /dev/null 2>&1 || true", RM, quote(dir));
(void) seteuid(0);
if (rmdir(dir) < 0) {
warnx("Unable to remove all files in `%s'\n", dir);
@@ -386,10 +600,11 @@
warnx("No \"dot\" initialisation files found");
} else {
(void) asystem("cd %s; %s -rw -pe %s . %s",
- skeldir, PAX, (verbose) ? "-v" : "", dir);
+ quote(skeldir), PAX, (verbose) ? "-v" : "",
+ quote(dir));
}
- (void) asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, dir);
- (void) asystem("%s -R u+w %s", CHMOD, dir);
+ (void) asystem("%s -R -h %d:%d %s", CHOWN, uid, gid, quote(dir));
+ (void) asystem("%s -R u+w %s", CHMOD, quote(dir));
return n;
}
@@ -407,6 +622,7 @@
if (getgrnam(group) != NULL) {
warnx("group `%s' already exists", group);
+ errno=0;
return 0;
}
if ((from = fopen(_PATH_GROUP, "r")) == NULL) {
@@ -612,18 +828,51 @@
return 1;
}
-/* return 1 if `login' is a valid login name */
+/* return 1 if `login' is a valid login name, print warning
+ * and return 0 else */
static int
-valid_login(char *login)
+validate_login(char *login)
{
char *cp;
+ int valid;
+ int allupper = 1;
+ int letterfirst = 0;
+ int strangechar = 0;
for (cp = login ; *cp ; cp++) {
+ /* Check for strange character */
if (!isalnum(*cp) && *cp != '.' && *cp != '_' && *cp != '-') {
- return 0;
+ strangechar = 1;
}
+
+ /* Check for all upper case chars */
+ if (isalpha(*cp) && islower(*cp)) {
+ allupper = 0;
+ }
}
- return 1;
+
+
+ /* Check if first character is a letter */
+ if (!isalpha(login[0]))
+ letterfirst = 0;
+
+ /* Print warnings if needed, and determine return code */
+ valid = 1;
+
+ if (!letterfirst) {
+ valid = 0;
+ warnx("Warning: login name should begin with an alphabetic character");
+ }
+ if (allupper) {
+ valid = 0;
+ warnx("Warning: login name should have at least one lower case character");
+ }
+ if (strangechar) {
+ valid = 0;
+ warnx("Warning: login name consist of alphanumeric, '.', '_' and '-'");
+ }
+
+ return valid;
}
/* return 1 if `group' is a valid group name */
@@ -854,9 +1103,8 @@
int cc;
int i;
- if (!valid_login(login)) {
- errx(EXIT_FAILURE, "`%s' is not a valid login name", login);
- }
+ validate_login(login);
+
if ((masterfd = open(_PATH_MASTERPASSWD, O_RDONLY)) < 0) {
err(EXIT_FAILURE, "can't open `%s'", _PATH_MASTERPASSWD);
}
@@ -971,7 +1219,7 @@
(void) pw_abort();
errx(EXIT_FAILURE, "home directory `%s' already exists", home);
} else {
- if (asystem("%s -p %s", MKDIR, home) != 0) {
+ if (asystem("%s -p %s", MKDIR, quote(home)) != 0) {
(void) close(ptmpfd);
(void) pw_abort();
err(EXIT_FAILURE, "can't mkdir `%s'", home);
@@ -1013,9 +1261,8 @@
int masterfd;
int ptmpfd;
- if (!valid_login(newlogin)) {
- errx(EXIT_FAILURE, "`%s' is not a valid login name", login);
- }
+ validate_login(newlogin);
+
if ((pwp = getpwnam(login)) == NULL) {
errx(EXIT_FAILURE, "No such user `%s'", login);
}
@@ -1144,7 +1391,7 @@
}
if (up != NULL) {
if ((up->u_flags & F_MKDIR) &&
- asystem("%s %s %s", MV, homedir, pwp->pw_dir) != 0) {
+ asystem("%s %s %s", MV, quote(homedir), quote(pwp->pw_dir)) != 0) {
(void) close(ptmpfd);
(void) pw_abort();
err(EXIT_FAILURE, "can't move `%s' to `%s'",
Index: useradd.8
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/user/useradd.8,v
retrieving revision 1.5.4.1
diff -u -r1.5.4.1 useradd.8
--- useradd.8 2000/10/20 20:00:33 1.5.4.1
+++ useradd.8 2001/11/23 03:11:21
@@ -244,6 +244,13 @@
.Ed
.It Fl v
enables verbose mode - explain the commands as they are executed.
+.It Ar user
+The login name of the user to add. Login names are recommended to
+contain only alphanumeric characters, ".", "_" and "-", a warning is
+printed else. Using other characters is supported by
+.Nm "" ,
+but may lead to unexpected behaviour in
+random applications.
.El
.Pp
The
Index: userdel.8
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/user/userdel.8,v
retrieving revision 1.5.4.1
diff -u -r1.5.4.1 userdel.8
--- userdel.8 2000/10/20 20:00:33 1.5.4.1
+++ userdel.8 2001/11/23 03:11:21
@@ -97,6 +97,13 @@
and any files and other entries in them.
.It Fl v
perform any actions in a verbose manner.
+.It Ar user
+The login name of the user to add. Login names are recommended to
+contain only alphanumeric characters, ".", "_" and "-", a warning is
+printed else. Using other characters is supported by
+.Nm "" ,
+but may lead to unexpected behaviour in
+random applications.
.El
.Pp
The
Index: usermod.8
===================================================================
RCS file: /cvsroot/basesrc/usr.sbin/user/usermod.8,v
retrieving revision 1.4.4.3
diff -u -r1.4.4.3 usermod.8
--- usermod.8 2001/02/26 15:16:09 1.4.4.3
+++ usermod.8 2001/11/23 03:11:21
@@ -176,6 +176,13 @@
.Ed
.It Fl v
enables verbose mode - explain the commands as they are executed.
+.It Ar user
+The login name of the user to add. Login names are recommended to
+contain only alphanumeric characters, ".", "_" and "-", a warning is
+printed else. Using other characters is supported by
+.Nm "" ,
+but may lead to unexpected behaviour in
+random applications.
.El
.Pp
The
--
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics -> http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup -> http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html
Of course with your #1 IPv6 ready operating system -> http://www.NetBSD.org/