diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-06 17:38:31 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-07-06 19:12:51 -0700 |
commit | df4a29dcf842f75d9c62a81f171fc8413198de76 (patch) | |
tree | 3d88c13d246c2d61f90e86441e09a3d5d242d773 | |
parent | d903728c5a57cdd87617fbfd84ef9cdf7ed96fba (diff) | |
download | vyatta-cfg-quagga-df4a29dcf842f75d9c62a81f171fc8413198de76.tar.gz vyatta-cfg-quagga-df4a29dcf842f75d9c62a81f171fc8413198de76.zip |
Change user name validation
Do username validation in perl script. This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.
-rw-r--r-- | scripts/system/vyatta_check_username.pl | 17 | ||||
-rw-r--r-- | templates/system/login/user/node.def | 3 |
2 files changed, 16 insertions, 4 deletions
diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl index 254b3417..778f8976 100644 --- a/scripts/system/vyatta_check_username.pl +++ b/scripts/system/vyatta_check_username.pl @@ -44,9 +44,24 @@ sub finduser { } foreach my $user (@ARGV) { - my $uid = getpwnam($user); + # enforce recommendation from useradd man page + # Debian, the only constraints are that usernames must neither start + # with a dash (-) nor contain a colon (:) or a whitespace (space: , end + # of line: \n, tabulation: \t, etc.). Note that using a slash (/) may + # break the default algorithm for the definition of the users home + # directory. + die "$user : illegal characters in user name\n" + unless ($user =~ /^\w[^ \t\n\r\v\f:\/]*$/); + + # It is usually recommended to only use usernames that begin with a + # lower case letter or an underscore + # followed by lower case letters, digits, underscores, or dashes. + # They can end with a dollar sign. In regular expression terms: + warn "$user : username should only contain lowercase digits and underscore\n" + unless ($user =~ /^[a-z_][a-z0-9_-]*\$?$/); # User does not exist in system, its okay + my $uid = getpwnam($user); next unless defined($uid); # System accounts should not be listed in vyatta configuration diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def index 751767d6..7e56ca0f 100644 --- a/templates/system/login/user/node.def +++ b/templates/system/login/user/node.def @@ -2,9 +2,6 @@ tag: type: txt help: Set user account information -syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$" - ; "invalid user name $VAR(@)" - syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)" commit:expression: $VAR(authentication/encrypted-password) != "" |