[Pkg-shadow-commits] r3533 - in debian/trunk/debian: . patches

Mon Oct 31 22:54:39 UTC 2011

Author: nekral-guest
Date: 2011-10-31 22:54:38 +0000 (Mon, 31 Oct 2011)
New Revision: 3533

Modified:
   debian/trunk/debian/changelog
   debian/trunk/debian/patches/506_relaxed_usernames
Log:
    - debian/patches/506_relaxed_usernames: Really check if the user/group
      name starts with a dash. Also forbid names starting with '+' or '~'.
      Document the naming policy in useradd.8 / groupadd.8.


Modified: debian/trunk/debian/changelog
===================================================================

--- debian/trunk/debian/changelog	2011-10-22 08:59:08 UTC (rev 3532)
+++ debian/trunk/debian/changelog	2011-10-31 22:54:38 UTC (rev 3533)
@@ -42,6 +42,9 @@
       + debian/patches/523_su_arguments_are_concatenated
       + debian/patches/542_useradd-O_option
       + debian/patches/401_cppw_src.dpatch
+    - debian/patches/506_relaxed_usernames: Really check if the user/group
+      name starts with a dash. Also forbid names starting with '+' or '~'.
+      Document the naming policy in useradd.8 / groupadd.8.
     - debian/patches/008_su_get_PAM_username: Removed, feature supported
       upstream.
     - debian/patches/300_CVE-2011-0721: Removed, applied upstream.
@@ -79,7 +82,7 @@
   * Use "linux-any" instead of a negated list of architectures in
     Build-Depends. Closes: #634465
 
- -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Wed, 19 Oct 2011 00:37:07 +0200
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Mon, 31 Oct 2011 23:54:06 +0100
 
 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
 

Modified: debian/trunk/debian/patches/506_relaxed_usernames
===================================================================
--- debian/trunk/debian/patches/506_relaxed_usernames	2011-10-22 08:59:08 UTC (rev 3532)
+++ debian/trunk/debian/patches/506_relaxed_usernames	2011-10-31 22:54:38 UTC (rev 3533)
@@ -4,8 +4,8 @@
 
 Details:
  Allows any non-empty user/grounames that don't contain ':' and '\n'
- characters and don't start with '-'. This patch is more restrictive
- than original Karl's version. closes: #264879
+ characters and don't start with '-', '+', or '~'. This patch is more
+ restrictive than original Karl's version. closes: #264879
  Also closes: #377844
  
  Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
@@ -25,30 +25,36 @@
  	/*
  	 * User/group names must match [a-z_][a-z0-9_-]*[$]
  	 */
-@@ -66,6 +67,20 @@
+@@ -66,6 +67,26 @@
  			return false;
  		}
  	}
 +#endif
 +	/*
-+     * POSIX indicate that usernames are composed of characters from the
-+     * portable filename character set [A-Za-z0-9._-], and that the hyphen
-+     * should not be used as the first character of a portable user name.
-+     *
-+	 * Allow more relaxed user/group names in Debian -- ^[^-:\s][^:\s]*$
++	 * POSIX indicate that usernames are composed of characters from the
++	 * portable filename character set [A-Za-z0-9._-], and that the hyphen
++	 * should not be used as the first character of a portable user name.
++	 *
++	 * Allow more relaxed user/group names in Debian -- ^[^-+:~\s][^:\s]*$
 +	 */
-+	if (!*name || isspace(*name))
-+		return 0;
-+	do
-+		if (*name == ':' || isspace(*name))
-+			return 0;
-+	while (*++name);
++	if (   ('\0' == *name)
++	    || ('-'  == *name)
++	    || ('~'  == *name)
++	    || ('+'  == *name)) {
++		return false;
++	}
++	do {
++		if (*name == ':' || isspace(*name)) {
++			return false;
++		}
++		name++;
++	} while ('\0' != *name);
  
  	return true;
  }
 --- a/man/useradd.8.xml
 +++ b/man/useradd.8.xml
-@@ -618,12 +618,19 @@
+@@ -618,12 +618,20 @@
      </para>
  
      <para>
@@ -60,7 +66,8 @@
      </para>
      <para>
 +      On Debian, the only constraints are that usernames must neither start
-+      with a dash ('-') nor contain a colon (':') or a whitespace (space: ' ',
++      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++      colon (':') or a whitespace (space: ' ',
 +      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
 +      ('/') may break the default algorithm for the definition of the
 +      user's home directory.
@@ -71,7 +78,7 @@
    </refsect1>
 --- a/man/groupadd.8.xml
 +++ b/man/groupadd.8.xml
-@@ -224,12 +224,17 @@
+@@ -224,12 +224,18 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
       <para>
@@ -83,7 +90,8 @@
       </para>
       <para>
 +       On Debian, the only constraints are that groupnames must neither start
-+       with a dash ('-') nor contain a colon (':') or a whitespace (space:' ',
++       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
++       colon (':') or a whitespace (space:' ',
 +       end of line: '\n', tabulation: '\t', etc.).
 +     </para>
 +     <para>


