diff options
Diffstat (limited to '')
-rw-r--r-- | debian/patches/Relax-usernames-groupnames-checking.patch | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/debian/patches/Relax-usernames-groupnames-checking.patch b/debian/patches/Relax-usernames-groupnames-checking.patch deleted file mode 100644 index bb3c027..0000000 --- a/debian/patches/Relax-usernames-groupnames-checking.patch +++ /dev/null @@ -1,124 +0,0 @@ -From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> -Date: Sat, 22 Jun 2024 17:39:41 +0200 -Subject: Relax usernames/groupnames checking - -Allows any non-empty user/grounames that don't contain ':', ',' or '\n' -characters and don't start with '-', '+', or '~'. This patch is more -restrictive than original Karl's version. closes: #264879 -Also closes: #377844 - -Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): - -I can't come up with a good justification as to why characters other -than ':'s and '\0's should be disallowed in group and usernames (other -than '-' as the leading character). Thus, the maintenance tools don't -anymore. closes: #79682, #166798, #171179 - -Status wrt upstream: Debian specific. Not to be used upstream - -Gbp-Topic: debian ---- - lib/chkname.c | 47 +++++++++++++++-------------------------------- - man/groupadd.8.xml | 6 ++++++ - man/useradd.8.xml | 7 ++++++- - 3 files changed, 27 insertions(+), 33 deletions(-) - -diff --git a/lib/chkname.c b/lib/chkname.c -index 995562f..d9678c6 100644 ---- a/lib/chkname.c -+++ b/lib/chkname.c -@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name) - } - - /* -- * User/group names must match BRE regex: -- * [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\? -- * -- * as a non-POSIX, extension, allow "$" as the last char for -- * sake of Samba 3.x "add machine script" -- * -- * Also do not allow fully numeric names or just "." or "..". -- */ -- int numeric; -- -- if ('\0' == *name || -- ('.' == *name && (('.' == name[1] && '\0' == name[2]) || -- '\0' == name[1])) || -- !((*name >= 'a' && *name <= 'z') || -- (*name >= 'A' && *name <= 'Z') || -- (*name >= '0' && *name <= '9') || -- *name == '_' || -- *name == '.')) { -+ * POSIX indicate that usernames are composed of characters from the -+ * portable filename character set [A-Za-z0-9._-], and that the hyphen -+ * should not be used as the first character of a portable user name. -+ * -+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ -+ */ -+ if ( ('\0' == *name) -+ || ('-' == *name) -+ || ('~' == *name) -+ || ('+' == *name)) { - return false; - } - -- numeric = isdigit(*name); -- -- while ('\0' != *++name) { -- if (!((*name >= 'a' && *name <= 'z') || -- (*name >= 'A' && *name <= 'Z') || -- (*name >= '0' && *name <= '9') || -- *name == '_' || -- *name == '.' || -- *name == '-' || -- (*name == '$' && name[1] == '\0') -- )) { -+ do { -+ if ((':' == *name) || (',' == *name) || isspace(*name)) { - return false; - } -- numeric &= isdigit(*name); -- } -+ name++; -+ } while ('\0' != *name); - -- return !numeric; -+ return true; - } - - -diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml -index 61a548f..d472bd0 100644 ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -71,6 +71,12 @@ - Fully numeric groupnames and groupnames . or .. are - also disallowed. - </para> -+ <para> -+ On Debian, the only constraints are that groupnames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space:' ', -+ end of line: '\n', tabulation: '\t', etc.). -+ </para> - <para> - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - </para> -diff --git a/man/useradd.8.xml b/man/useradd.8.xml -index 17987a6..4fc95d1 100644 ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -733,7 +733,12 @@ - the <command>ls</command> output. - </para> - <para> -- Usernames may only be up to 256 characters long. -+ On Debian, the only constraints are that usernames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space: ' ', -+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash -+ ('/') may break the default algorithm for the definition of the -+ user's home directory. - </para> - </refsect1> - |