summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-07-06 17:38:31 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-07-06 19:12:51 -0700
commitdf4a29dcf842f75d9c62a81f171fc8413198de76 (patch)
tree3d88c13d246c2d61f90e86441e09a3d5d242d773
parentd903728c5a57cdd87617fbfd84ef9cdf7ed96fba (diff)
downloadvyatta-cfg-quagga-df4a29dcf842f75d9c62a81f171fc8413198de76.tar.gz
vyatta-cfg-quagga-df4a29dcf842f75d9c62a81f171fc8413198de76.zip
Change user name validation
Do username validation in perl script. This allows for checking for what is allowed, versus what is recommended. For compatiablity we allow things like upper case user names which but this is not recommended so these names produce a warning.
-rw-r--r--scripts/system/vyatta_check_username.pl17
-rw-r--r--templates/system/login/user/node.def3
2 files changed, 16 insertions, 4 deletions
diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl
index 254b3417..778f8976 100644
--- a/scripts/system/vyatta_check_username.pl
+++ b/scripts/system/vyatta_check_username.pl
@@ -44,9 +44,24 @@ sub finduser {
}
foreach my $user (@ARGV) {
- my $uid = getpwnam($user);
+ # enforce recommendation from useradd man page
+ # Debian, the only constraints are that usernames must neither start
+ # with a dash (-) nor contain a colon (:) or a whitespace (space: , end
+ # of line: \n, tabulation: \t, etc.). Note that using a slash (/) may
+ # break the default algorithm for the definition of the users home
+ # directory.
+ die "$user : illegal characters in user name\n"
+ unless ($user =~ /^\w[^ \t\n\r\v\f:\/]*$/);
+
+ # It is usually recommended to only use usernames that begin with a
+ # lower case letter or an underscore
+ # followed by lower case letters, digits, underscores, or dashes.
+ # They can end with a dollar sign. In regular expression terms:
+ warn "$user : username should only contain lowercase digits and underscore\n"
+ unless ($user =~ /^[a-z_][a-z0-9_-]*\$?$/);
# User does not exist in system, its okay
+ my $uid = getpwnam($user);
next unless defined($uid);
# System accounts should not be listed in vyatta configuration
diff --git a/templates/system/login/user/node.def b/templates/system/login/user/node.def
index 751767d6..7e56ca0f 100644
--- a/templates/system/login/user/node.def
+++ b/templates/system/login/user/node.def
@@ -2,9 +2,6 @@ tag:
type: txt
help: Set user account information
-syntax:expression: pattern $VAR(@) "^[a-zA-Z_][a-zA-Z0-9_-]*\\$?$"
- ; "invalid user name $VAR(@)"
-
syntax:expression: exec "/opt/vyatta/sbin/vyatta_check_username.pl $VAR(@)"
commit:expression: $VAR(authentication/encrypted-password) != ""