summaryrefslogtreecommitdiffstats
path: root/debian/patches/506_relaxed_usernames
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:01 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 12:50:01 +0000
commitdf4dbd3378e13e9f43c727c36339f078fe3093fe (patch)
tree9edf4a31373538bd239af5be10e00f5a449d3d0e /debian/patches/506_relaxed_usernames
parentAdding upstream version 1:4.8.1. (diff)
downloadshadow-debian.tar.xz
shadow-debian.zip
Adding debian version 1:4.8.1-1.debian/1%4.8.1-1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/506_relaxed_usernames')
-rw-r--r--debian/patches/506_relaxed_usernames100
1 files changed, 100 insertions, 0 deletions
diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames
new file mode 100644
index 0000000..8eb1792
--- /dev/null
+++ b/debian/patches/506_relaxed_usernames
@@ -0,0 +1,100 @@
+Goal: Relaxed usernames/groupnames checking patch.
+
+Status wrt upstream: Debian specific. Not to be used upstream
+
+Details:
+ Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
+ characters and don't start with '-', '+', or '~'. This patch is more
+ restrictive than original Karl's version. closes: #264879
+ Also closes: #377844
+
+ Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
+
+ I can't come up with a good justification as to why characters other
+ than ':'s and '\0's should be disallowed in group and usernames (other
+ than '-' as the leading character). Thus, the maintenance tools don't
+ anymore. closes: #79682, #166798, #171179
+
+--- a/libmisc/chkname.c
++++ b/libmisc/chkname.c
+@@ -54,6 +54,7 @@
+ return true;
+ }
+
++#if 0
+ /*
+ * User/group names must match [a-z_][a-z0-9_-]*[$]
+ */
+@@ -73,6 +74,26 @@
+ return false;
+ }
+ }
++#endif
++ /*
++ * POSIX indicate that usernames are composed of characters from the
++ * portable filename character set [A-Za-z0-9._-], and that the hyphen
++ * should not be used as the first character of a portable user name.
++ *
++ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
++ */
++ if ( ('\0' == *name)
++ || ('-' == *name)
++ || ('~' == *name)
++ || ('+' == *name)) {
++ return false;
++ }
++ do {
++ if ((':' == *name) || (',' == *name) || isspace(*name)) {
++ return false;
++ }
++ name++;
++ } while ('\0' != *name);
+
+ return true;
+ }
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -662,12 +662,20 @@
+ </para>
+
+ <para>
+- Usernames must start with a lower case letter or an underscore,
++ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
+ followed by lower case letters, digits, underscores, or dashes.
+ They can end with a dollar sign.
+ In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
++ On Debian, the only constraints are that usernames must neither start
++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++ colon (':'), a comma (','), or a whitespace (space: ' ',
++ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
++ ('/') may break the default algorithm for the definition of the
++ user's home directory.
++ </para>
++ <para>
+ Usernames may only be up to 32 characters long.
+ </para>
+ </refsect1>
+--- a/man/groupadd.8.xml
++++ b/man/groupadd.8.xml
+@@ -273,12 +273,18 @@
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+- Groupnames must start with a lower case letter or an underscore,
++ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
+ followed by lower case letters, digits, underscores, or dashes.
+ They can end with a dollar sign.
+ In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+ </para>
+ <para>
++ On Debian, the only constraints are that groupnames must neither start
++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++ colon (':'), a comma (','), or a whitespace (space:' ',
++ end of line: '\n', tabulation: '\t', etc.).
++ </para>
++ <para>
+ Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+ </para>
+ <para>