From 9c8a54444bf7680249d5edf36d600a79cb932f28 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20R=C4=99korajski?= Date: Thu, 27 Dec 2012 12:52:50 +0100 Subject: [PATCH] - relax user and group names check --- shadow-goodname.patch | 118 ++++++++++++++++++++++++++++++++++++++++++ shadow.spec | 4 +- 2 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 shadow-goodname.patch diff --git a/shadow-goodname.patch b/shadow-goodname.patch new file mode 100644 index 0000000..1fdd84f --- /dev/null +++ b/shadow-goodname.patch @@ -0,0 +1,118 @@ +diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c +--- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200 ++++ shadow-4.1.5.1/libmisc/chkname.c 2012-09-19 18:43:53.492160653 +0200 +@@ -49,20 +49,28 @@ + static bool is_valid_name (const char *name) + { + /* +- * User/group names must match [a-z_][a-z0-9_-]*[$] +- */ +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { ++ * User/group names must match gnu e-regex: ++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? ++ * ++ * as a non-POSIX, extension, allow "$" as the last char for ++ * sake of Samba 3.x "add machine script" ++ */ ++ if ( ('\0' == *name) || ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') ++ )) { + return false; + } + + while ('\0' != *++name) { +- if (!(( ('a' <= *name) && ('z' >= *name) ) || +- ( ('0' <= *name) && ('9' >= *name) ) || +- ('_' == *name) || +- ('-' == *name) || +- ( ('$' == *name) && ('\0' == *(name + 1)) ) +- )) { ++ if (!( (*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') || (*name == '-') || ++ (*name == '$' && *(name + 1) == '\0') ++ )) { + return false; + } + } +diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml +--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200 ++++ shadow-4.1.5.1/man/groupadd.8.xml 2012-09-19 18:43:53.492160653 +0200 +@@ -259,12 +259,6 @@ + + CAVEATS + +- Groupnames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- +- + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + + +diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8 +--- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/groupadd.8 2012-09-19 18:44:42.175123079 +0200 +@@ -190,9 +190,7 @@ Shadow password suite configuration\&. + .RE + .SH "CAVEATS" + .PP +-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP +-Groupnames may only be up to 16 characters long\&. ++Groupnames may only be up to 32 characters long\&. + .PP + You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. + .PP +diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8 +--- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200 ++++ shadow-4.1.5.1/man/man8/useradd.8 2012-09-19 18:46:09.249033949 +0200 +@@ -224,7 +224,7 @@ is not enabled, no home directories are + .PP + \fB\-M\fR + .RS 4 +-Do no create the user\*(Aqs home directory, even if the system wide setting from ++Do not create the user\*(Aqs home directory, even if the system wide setting from + /etc/login\&.defs + (\fBCREATE_HOME\fR) is set to + \fIyes\fR\&. +@@ -430,8 +430,6 @@ Similarly, if the username already exist + \fBuseradd\fR + will deny the user account creation request\&. + .PP +-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP + Usernames may only be up to 32 characters long\&. + .SH "CONFIGURATION" + .PP +diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml +--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200 ++++ shadow-4.1.5.1/man/useradd.8.xml 2012-09-19 18:43:53.493160675 +0200 +@@ -366,7 +366,7 @@ + + + +- Do no create the user's home directory, even if the system ++ Do not create the user's home directory, even if the system + wide setting from /etc/login.defs + () is set to + yes. +@@ -654,12 +654,6 @@ + + + +- Usernames must start with a lower case letter or an underscore, +- followed by lower case letters, digits, underscores, or dashes. +- They can end with a dollar sign. +- In regular expression terms: [a-z_][a-z0-9_-]*[$]? +- +- + Usernames may only be up to 32 characters long. + + diff --git a/shadow.spec b/shadow.spec index d61a970..059d1f7 100644 --- a/shadow.spec +++ b/shadow.spec @@ -39,10 +39,11 @@ Source21: useradd.pamd Source22: userdel.pamd Source23: usermod.pamd Patch0: %{name}-pld.patch +Patch1: %{name}-goodname.patch URL: http://pkg-shadow.alioth.debian.org/ BuildRequires: acl-devel BuildRequires: attr-devel -BuildRequires: audit-devel +BuildRequires: audit-libs-devel BuildRequires: autoconf BuildRequires: automake >= 1.0 BuildRequires: gettext-devel >= 0.12.1 @@ -125,6 +126,7 @@ utilitários e senhas shadow em geral. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure \ -- 2.44.0