[PATCH RESEND] check user and group names for illegal chars in adduser and addgroup
Denys Vlasenko
vda.linux at googlemail.com
Wed Mar 19 16:23:40 PDT 2008
On Tuesday 18 March 2008 08:33, Tito wrote:
> Hi,
> Denis maybe this patch slipped through, so i'm resending it
> to know your opinion about it.
>
> Ciao,
> TIto
>
> Hi,
> this patch adds the new function xcheck_name()
>
> void xcheck_name(const char *name)
> {
> int i = 0;
>
> do {
> if (!isalnum(*name)
> && !(*name == '_')
> && !(*name == '.')
> && !(*name == '@')
> && !(*name == '-' && i)
> && !(*name == '$' && !*(name + 1))
> )
> bb_error_msg_and_die("illegal character '%c'", *name);
> i++;
> } while (*++name);
> }
>
> to libbb that is used by adduser and addroup to check
> for illegal characters in user and group names.
> The rules enforced are:
>
> the username should consist only of
> letters, digits, underscores, periods, at signs and dashes,
> and not start with a dash (as defined by IEEE Std 1003.1-2001).
> For compatibility with Samba machine accounts $ is also supported
> at the end of the username.
>
> This feature is optional and off by default.
> It can be turned on with the switch
>
> Login/Password Management Utilities ---> [*] Enable sanity check on user and group names in adduser and addgroup
>
> that is visible only if adduser or addgroup are selected.
> This menuconfig solution seems suboptimal to me
> but iwas not able to find a better way.
Applied, thanks.
More information about the busybox
mailing list