summaryrefslogtreecommitdiff
path: root/loginutils
diff options
context:
space:
mode:
authorDenis Vlasenko2008-03-19 23:15:26 +0000
committerDenis Vlasenko2008-03-19 23:15:26 +0000
commita7d6c8bab919e1a537f8b7db7b8676484e60f550 (patch)
treefd5d442775f7551b76d22563816d30b4fc6a6029 /loginutils
parentcf7cf622046b0e1a2817e1da4aa8bc6f513b0153 (diff)
downloadbusybox-a7d6c8bab919e1a537f8b7db7b8676484e60f550.zip
busybox-a7d6c8bab919e1a537f8b7db7b8676484e60f550.tar.gz
adduser/addgroup: check username for invalid chars
(by Tito <farmatito AT tiscali.it>). +129 bytes when enabled.
Diffstat (limited to 'loginutils')
-rw-r--r--loginutils/Config.in12
-rw-r--r--loginutils/addgroup.c3
-rw-r--r--loginutils/adduser.c1
3 files changed, 16 insertions, 0 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in
index 81d05ef..c57d997 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -82,6 +82,18 @@ config FEATURE_DEL_USER_FROM_GROUP
If called with two non-option arguments, deluser
or delgroup will remove an user from a specified group.
+config FEATURE_CHECK_NAMES
+ bool "Enable sanity check on user/group names in adduser and addgroup"
+ default n
+ depends on ADDUSER || ADDGROUP
+ help
+ Enable sanity check on user and group names in adduser and addgroup.
+ To avoid problems, the user or group name should consist only of
+ letters, digits, underscores, periods, at signs and dashes,
+ and not start with a dash (as defined by IEEE Std 1003.1-2001).
+ For compatibility with Samba machine accounts "$" is also supported
+ at the end of the user or group name.
+
config ADDUSER
bool "adduser"
default n
diff --git a/loginutils/addgroup.c b/loginutils/addgroup.c
index b25f817..367c6b9 100644
--- a/loginutils/addgroup.c
+++ b/loginutils/addgroup.c
@@ -173,8 +173,11 @@ int addgroup_main(int argc ATTRIBUTE_UNUSED, char **argv)
#endif
} else
#endif /* ENABLE_FEATURE_ADDUSER_TO_GROUP */
+ {
+ die_if_bad_username(argv[0]);
new_group(argv[0], gid);
+ }
/* Reached only on success */
return EXIT_SUCCESS;
}
diff --git a/loginutils/adduser.c b/loginutils/adduser.c
index d409eab..cd68015 100644
--- a/loginutils/adduser.c
+++ b/loginutils/adduser.c
@@ -111,6 +111,7 @@ int adduser_main(int argc ATTRIBUTE_UNUSED, char **argv)
/* fill in the passwd struct */
pw.pw_name = argv[0];
+ die_if_bad_username(pw.pw_name);
if (!pw.pw_dir) {
/* create string for $HOME if not specified already */
pw.pw_dir = xasprintf("/home/%s", argv[0]);