Change user name validation

Do username validation in perl script.  This allows for checking
for what is allowed, versus what is recommended. For compatiablity
we allow things like upper case user names which but this is not
recommended so these names produce a warning.

1 files changed, 16 insertions, 1 deletions

diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl
index 254b3417..778f8976 100644
--- a/scripts/system/vyatta_check_username.pl
+++ b/scripts/system/vyatta_check_username.pl
@@ -44,9 +44,24 @@ sub finduser {
 }
 
 foreach my $user (@ARGV) {
-    my $uid = getpwnam($user);
+    # enforce recommendation from useradd man page
+    # Debian, the only constraints are that usernames must neither start
+    #  with a dash (-) nor contain a colon (:) or a whitespace (space:  , end
+    #  of line: \n, tabulation: \t, etc.). Note that using a slash (/) may
+    #  break the default algorithm for the definition of the users home
+    #  directory.
+    die "$user : illegal characters in user name\n"
+	unless ($user =~ /^\w[^ \t\n\r\v\f:\/]*$/);
+
+    # It is usually recommended to only  use usernames that begin with a 
+    # lower case letter or an underscore
+    # followed by lower case letters, digits, underscores, or dashes.
+    # They can end with a dollar sign. In regular expression terms:
+    warn "$user : username should only contain lowercase digits and underscore\n"
+	unless ($user =~ /^[a-z_][a-z0-9_-]*\$?$/);
 
     # User does not exist in system, its okay
+    my $uid = getpwnam($user);
     next unless defined($uid);
 
     # System accounts should not be listed in vyatta configuration