From df4a29dcf842f75d9c62a81f171fc8413198de76 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 6 Jul 2010 17:38:31 -0700 Subject: Change user name validation Do username validation in perl script. This allows for checking for what is allowed, versus what is recommended. For compatiablity we allow things like upper case user names which but this is not recommended so these names produce a warning. --- scripts/system/vyatta_check_username.pl | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'scripts/system') diff --git a/scripts/system/vyatta_check_username.pl b/scripts/system/vyatta_check_username.pl index 254b3417..778f8976 100644 --- a/scripts/system/vyatta_check_username.pl +++ b/scripts/system/vyatta_check_username.pl @@ -44,9 +44,24 @@ sub finduser { } foreach my $user (@ARGV) { - my $uid = getpwnam($user); + # enforce recommendation from useradd man page + # Debian, the only constraints are that usernames must neither start + # with a dash (-) nor contain a colon (:) or a whitespace (space: , end + # of line: \n, tabulation: \t, etc.). Note that using a slash (/) may + # break the default algorithm for the definition of the users home + # directory. + die "$user : illegal characters in user name\n" + unless ($user =~ /^\w[^ \t\n\r\v\f:\/]*$/); + + # It is usually recommended to only use usernames that begin with a + # lower case letter or an underscore + # followed by lower case letters, digits, underscores, or dashes. + # They can end with a dollar sign. In regular expression terms: + warn "$user : username should only contain lowercase digits and underscore\n" + unless ($user =~ /^[a-z_][a-z0-9_-]*\$?$/); # User does not exist in system, its okay + my $uid = getpwnam($user); next unless defined($uid); # System accounts should not be listed in vyatta configuration -- cgit v1.2.3