1*4882a593SmuzhiyunFrom ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 2*4882a593SmuzhiyunFrom: Shan Hai <shan.hai@windriver.com> 3*4882a593SmuzhiyunDate: Tue, 13 Sep 2016 13:45:46 +0800 4*4882a593SmuzhiyunSubject: [PATCH] shadow: use relaxed usernames 5*4882a593Smuzhiyun 6*4882a593SmuzhiyunThe groupadd from shadow does not allow upper case group names, the 7*4882a593Smuzhiyunsame is true for the upstream shadow. But distributions like 8*4882a593SmuzhiyunDebian/Ubuntu/CentOS has their own way to cope with this problem, 9*4882a593Smuzhiyunthis patch is picked up from CentOS release 7.0 to relax the usernames 10*4882a593Smuzhiyunrestrictions to allow the upper case group names, and the relaxation is 11*4882a593SmuzhiyunPOSIX compliant because POSIX indicate that usernames are composed of 12*4882a593Smuzhiyuncharacters from the portable filename character set [A-Za-z0-9._-]. 13*4882a593Smuzhiyun 14*4882a593SmuzhiyunUpstream-Status: Pending 15*4882a593Smuzhiyun 16*4882a593SmuzhiyunSigned-off-by: Shan Hai <shan.hai@windriver.com> 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun--- 19*4882a593Smuzhiyun libmisc/chkname.c | 30 ++++++++++++++++++------------ 20*4882a593Smuzhiyun man/groupadd.8.xml | 6 ------ 21*4882a593Smuzhiyun man/useradd.8.xml | 8 +------- 22*4882a593Smuzhiyun 3 files changed, 19 insertions(+), 25 deletions(-) 23*4882a593Smuzhiyun 24*4882a593Smuzhiyundiff --git a/libmisc/chkname.c b/libmisc/chkname.c 25*4882a593Smuzhiyunindex 90f185c..65762b4 100644 26*4882a593Smuzhiyun--- a/libmisc/chkname.c 27*4882a593Smuzhiyun+++ b/libmisc/chkname.c 28*4882a593Smuzhiyun@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) 29*4882a593Smuzhiyun } 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun /* 32*4882a593Smuzhiyun- * User/group names must match [a-z_][a-z0-9_-]*[$] 33*4882a593Smuzhiyun- */ 34*4882a593Smuzhiyun- 35*4882a593Smuzhiyun- if (('\0' == *name) || 36*4882a593Smuzhiyun- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { 37*4882a593Smuzhiyun+ * User/group names must match gnu e-regex: 38*4882a593Smuzhiyun+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? 39*4882a593Smuzhiyun+ * 40*4882a593Smuzhiyun+ * as a non-POSIX, extension, allow "$" as the last char for 41*4882a593Smuzhiyun+ * sake of Samba 3.x "add machine script" 42*4882a593Smuzhiyun+ */ 43*4882a593Smuzhiyun+ if ( ('\0' == *name) || 44*4882a593Smuzhiyun+ !((*name >= 'a' && *name <= 'z') || 45*4882a593Smuzhiyun+ (*name >= 'A' && *name <= 'Z') || 46*4882a593Smuzhiyun+ (*name >= '0' && *name <= '9') || 47*4882a593Smuzhiyun+ (*name == '_') || (*name == '.') 48*4882a593Smuzhiyun+ )) { 49*4882a593Smuzhiyun return false; 50*4882a593Smuzhiyun } 51*4882a593Smuzhiyun 52*4882a593Smuzhiyun while ('\0' != *++name) { 53*4882a593Smuzhiyun- if (!(( ('a' <= *name) && ('z' >= *name) ) || 54*4882a593Smuzhiyun- ( ('0' <= *name) && ('9' >= *name) ) || 55*4882a593Smuzhiyun- ('_' == *name) || 56*4882a593Smuzhiyun- ('-' == *name) || 57*4882a593Smuzhiyun- ('.' == *name) || 58*4882a593Smuzhiyun- ( ('$' == *name) && ('\0' == *(name + 1)) ) 59*4882a593Smuzhiyun- )) { 60*4882a593Smuzhiyun+ if (!( (*name >= 'a' && *name <= 'z') || 61*4882a593Smuzhiyun+ (*name >= 'A' && *name <= 'Z') || 62*4882a593Smuzhiyun+ (*name >= '0' && *name <= '9') || 63*4882a593Smuzhiyun+ (*name == '_') || (*name == '.') || (*name == '-') || 64*4882a593Smuzhiyun+ (*name == '$' && *(name + 1) == '\0') 65*4882a593Smuzhiyun+ )) { 66*4882a593Smuzhiyun return false; 67*4882a593Smuzhiyun } 68*4882a593Smuzhiyun } 69*4882a593Smuzhiyundiff --git a/man/groupadd.8.xml b/man/groupadd.8.xml 70*4882a593Smuzhiyunindex 1e58f09..d804b61 100644 71*4882a593Smuzhiyun--- a/man/groupadd.8.xml 72*4882a593Smuzhiyun+++ b/man/groupadd.8.xml 73*4882a593Smuzhiyun@@ -272,12 +272,6 @@ 74*4882a593Smuzhiyun 75*4882a593Smuzhiyun <refsect1 id='caveats'> 76*4882a593Smuzhiyun <title>CAVEATS</title> 77*4882a593Smuzhiyun- <para> 78*4882a593Smuzhiyun- Groupnames must start with a lower case letter or an underscore, 79*4882a593Smuzhiyun- followed by lower case letters, digits, underscores, or dashes. 80*4882a593Smuzhiyun- They can end with a dollar sign. 81*4882a593Smuzhiyun- In regular expression terms: [a-z_][a-z0-9_-]*[$]? 82*4882a593Smuzhiyun- </para> 83*4882a593Smuzhiyun <para> 84*4882a593Smuzhiyun Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. 85*4882a593Smuzhiyun </para> 86*4882a593Smuzhiyundiff --git a/man/useradd.8.xml b/man/useradd.8.xml 87*4882a593Smuzhiyunindex a16d730..c0bd777 100644 88*4882a593Smuzhiyun--- a/man/useradd.8.xml 89*4882a593Smuzhiyun+++ b/man/useradd.8.xml 90*4882a593Smuzhiyun@@ -366,7 +366,7 @@ 91*4882a593Smuzhiyun </term> 92*4882a593Smuzhiyun <listitem> 93*4882a593Smuzhiyun <para> 94*4882a593Smuzhiyun- Do no create the user's home directory, even if the system 95*4882a593Smuzhiyun+ Do not create the user's home directory, even if the system 96*4882a593Smuzhiyun wide setting from <filename>/etc/login.defs</filename> 97*4882a593Smuzhiyun (<option>CREATE_HOME</option>) is set to 98*4882a593Smuzhiyun <replaceable>yes</replaceable>. 99*4882a593Smuzhiyun@@ -660,12 +660,6 @@ 100*4882a593Smuzhiyun the user account creation request. 101*4882a593Smuzhiyun </para> 102*4882a593Smuzhiyun 103*4882a593Smuzhiyun- <para> 104*4882a593Smuzhiyun- Usernames must start with a lower case letter or an underscore, 105*4882a593Smuzhiyun- followed by lower case letters, digits, underscores, or dashes. 106*4882a593Smuzhiyun- They can end with a dollar sign. 107*4882a593Smuzhiyun- In regular expression terms: [a-z_][a-z0-9_-]*[$]? 108*4882a593Smuzhiyun- </para> 109*4882a593Smuzhiyun <para> 110*4882a593Smuzhiyun Usernames may only be up to 32 characters long. 111*4882a593Smuzhiyun </para> 112