[PATCH] check user and group names for illegal chars in adduser and addgroup

Tito farmatito at tiscali.it
Sat Mar 1 14:21:24 PST 2008 

Hi,
this patch adds the new function xcheck_name()

void xcheck_name(const char *name)
{
	int i = 0;

	do {
		if (!isalnum(*name)
		 && !(*name == '_')
		 && !(*name == '.')
		 && !(*name == '@')
		 && !(*name == '-' && i)
		 && !(*name == '$' && !*(name + 1))
		)
			bb_error_msg_and_die("illegal character '%c'", *name);
		i++;
	} while (*++name);
}

 to libbb that is used by adduser and addroup to check 
for illegal characters in user and group names.
The rules enforced are:

the username should consist only of
letters, digits, underscores, periods, at signs and dashes,
and not start with a dash (as defined by IEEE Std 1003.1-2001).
For compatibility with Samba machine accounts $ is also supported
at the end of the username.

This feature is optional and off by default.
It can be turned on with the switch

Login/Password Management Utilities  --->  [*] Enable sanity check on user and group names in adduser and addgroup 

that is visible only if adduser or addgroup are selected.
This menuconfig solution seems suboptimal to me
but iwas not able to find a better way.
 
Bloat-o-meter says:

scripts/bloat-o-meter busybox_old busybox_unstripped
function                                             old     new   delta
xcheck_name                                            -      88     +88
.rodata                                           118977  119000     +23
adduser_main                                         625     634      +9
addgroup_main                                        364     372      +8
UNSPEC_print                                          70      72      +2
cut_main                                            1047    1046      -1
get_next_line                                        145     143      -2
display_speed                                         96      91      -5
arith                                               2071    2062      -9
mainSort                                            2592    2560     -32
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 4/5 up/down: 130/-49)            Total: 81 bytes


The patch applies to current svn, is tested a little
and seems to work for me.
Hints, critics and help by the list members are as always welcome. ;-)

Ciao,
Tito



-------------- next part --------------
A non-text attachment was scrubbed...
Name: xcheckname.patch
Type: text/x-diff
Size: 3801 bytes
Desc: not available
Url : http://busybox.net/lists/busybox/attachments/20080301/21fd15cd/attachment.bin

More information about the busybox mailing list