[ On Friday, September 24, 1999 at 10:28:29 (-0500), Eric Schnoebelen wrote: ]
> Subject: Re: bin/8428: uucpd truncates login names at 8 characters 
>
> 	user[] shouldbe truncated to MAXLOGNAME to keep
> setlogin() happy, and I've incorporated that into a new patch
> below.  I've also forced user[] to be null terminated after
> leaving readline(), in case someone attempts a buffer overflow
> by sending more than 64 characters (sizeof user).

Argh!  I'd forgotten that the BSD kernel also needs to know this info
(and worse that some applications treat the result of getlogin() as
authoritative!).

I'd like to propose the following patch too as a result.  It really
annoys me that various parts of the system pay attention to different
substrings in the user name, especially where authorisation and
accounting information is concerned.

Of course ultimately a more easily extensible utmp file format needs to
be defined, along with consolidation of the definition of the user-name
maximum length to a common location (such as perhaps <sys/syslimits.h>)
where it can be used to define things like UT_NAMESIZE, L_cuserid, etc.
I don't think it's necessary for the getpw family of functions to
implement any limits though, especially since the data structure they
use defines none, and especially if they are enhanced to be SysVr4
compatible with a fgetpwent() function (and better yet a setpwname()
function ala utmpxname() too!).

Index: src/include/utmp.h
===================================================================
RCS file: /cvs/NetBSD/src/include/utmp.h,v
retrieving revision 1.1.1.1
diff -c -c -r1.1.1.1 src/include/utmp.h
*** src/include/utmp.h	1998/02/20 00:30:43	1.1.1.1
--- src/include/utmp.h	1999/09/24 17:02:04
***************
*** 47,53 ****
  #define	_PATH_WTMP	"/var/log/wtmp"
  #define	_PATH_LASTLOG	"/var/log/lastlog"
  
! #define	UT_NAMESIZE	8
  #define	UT_LINESIZE	8
  #define	UT_HOSTSIZE	16
  
--- 47,53 ----
  #define	_PATH_WTMP	"/var/log/wtmp"
  #define	_PATH_LASTLOG	"/var/log/lastlog"
  
! #define	UT_NAMESIZE	8	/* must be == MAXLOGNAME (see <sys/param.h>) */
  #define	UT_LINESIZE	8
  #define	UT_HOSTSIZE	16
  
Index: src/sys/sys/param.h
===================================================================
RCS file: /cvs/NetBSD/src/sys/sys/param.h,v
retrieving revision 1.1.1.4
diff -c -c -r1.1.1.4 src/sys/sys/param.h
*** src/sys/sys/param.h	1998/11/16 21:35:32	1.1.1.4
--- src/sys/sys/param.h	1999/09/24 17:02:47
***************
*** 88,100 ****
   * Redefined constants are from POSIX 1003.1 limits file.
   *
   * MAXCOMLEN should be >= sizeof(ac_comm) (see <acct.h>)
!  * MAXLOGNAME should be >= UT_NAMESIZE (see <utmp.h>)
   */
  #include <sys/syslimits.h>
  
  #define	MAXCOMLEN	16		/* max command name remembered */
  #define	MAXINTERP	64		/* max interpreter file name length */
! #define	MAXLOGNAME	16		/* max login name length */
  #define	NCARGS		ARG_MAX		/* max bytes for an exec function */
  #define	NGROUPS		NGROUPS_MAX	/* max number groups */
  #define	NOFILE		OPEN_MAX	/* max open files per process */
--- 88,100 ----
   * Redefined constants are from POSIX 1003.1 limits file.
   *
   * MAXCOMLEN should be >= sizeof(ac_comm) (see <acct.h>)
!  * MAXLOGNAME must be == UT_NAMESIZE (see <utmp.h>)
   */
  #include <sys/syslimits.h>
  
  #define	MAXCOMLEN	16		/* max command name remembered */
  #define	MAXINTERP	64		/* max interpreter file name length */
! #define	MAXLOGNAME	8		/* max login name length */
  #define	NCARGS		ARG_MAX		/* max bytes for an exec function */
  #define	NGROUPS		NGROUPS_MAX	/* max number groups */
  #define	NOFILE		OPEN_MAX	/* max open files per process */

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>