busybox/libbb/die_if_bad_username.c

/* vi: set sw=4 ts=4: */
/*
 * Check user and group names for illegal characters
 *
 * Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it>
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */

#include "libbb.h"

/* To avoid problems, the username should consist only of
 * letters, digits, underscores, periods, at signs and dashes,
 * and not start with a dash (as defined by IEEE Std 1003.1-2001).
 * For compatibility with Samba machine accounts $ is also supported
 * at the end of the username.
 */

void FAST_FUNC die_if_bad_username(const char *name)
{
	const char *start = name;

	/* 1st char being dash or dot isn't valid:
	 * for example, name like ".." can make adduser
	 * chown "/home/.." recursively - NOT GOOD.
	 * Name of just a single "$" is also rejected.
	 */
	goto skip;

	do {
		unsigned char ch;

		/* These chars are valid unless they are at the 1st pos: */
		if (*name == '-'
		 || *name == '.'
		/* $ is allowed if it's the last char: */
		 || (*name == '$' && !name[1])
		) {
			continue;
		}
 skip:
		ch = *name;
		if (ch == '_'
		/* || ch == '@' -- we disallow this too. Think about "user@host" */
		/* open-coded isalnum: */
		 || (ch >= '0' && ch <= '9')
		 || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z')
		) {
			continue;
		}
		bb_error_msg_and_die("illegal character with code %u at position %u",
				(unsigned)ch, (unsigned)(name - start));
	} while (*++name);

	/* The minimum size of the login name is one char or two if
	 * last char is the '$'. Violations of this are caught above.
	 * The maximum size of the login name is LOGIN_NAME_MAX
	 * including the terminating null byte.
	 */
	if (name - start >= LOGIN_NAME_MAX)
		bb_error_msg_and_die("name is too long");
}
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`/* vi: set sw=4 ts=4: */`
			`/*`
libbb: fix typo in comment 2009-03-31 18:44:18 +05:30			`* Check user and group names for illegal characters`
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`*`
			`* Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it>`
			`*`
*: make GNU licensing statement forms more regular This change retains "or later" state! No licensing _changes_ here, only form is adjusted (article, space between "GPL" and "v2" and so on). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2010-08-16 23:44:46 +05:30			`* Licensed under GPLv2 or later, see file LICENSE in this source tree.`
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`*/`

			`#include "libbb.h"`

			`/* To avoid problems, the username should consist only of`
			`* letters, digits, underscores, periods, at signs and dashes,`
			`* and not start with a dash (as defined by IEEE Std 1003.1-2001).`
			`* For compatibility with Samba machine accounts $ is also supported`
			`* at the end of the username.`
			`*/`

*: introduce and use FAST_FUNC: regparm on i386, otherwise no-on text data bss dec hex filename 808035 611 6868 815514 c719a busybox_old 804472 611 6868 811951 c63af busybox_unstripped 2008-06-27 08:22:20 +05:30			`void FAST_FUNC die_if_bad_username(const char *name)`
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`{`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`const char *start = name;`

			`/* 1st char being dash or dot isn't valid:`
			`* for example, name like ".." can make adduser`
			`* chown "/home/.." recursively - NOT GOOD.`
			`* Name of just a single "$" is also rejected.`
adduser: copy /etc/skel to mew homes. +100 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2010-02-07 02:20:59 +05:30			`*/`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`goto skip;`
adduser: copy /etc/skel to mew homes. +100 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2010-02-07 02:20:59 +05:30
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`do {`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`unsigned char ch;`

			`/* These chars are valid unless they are at the 1st pos: */`
			`if (*name == '-'`
			`\|\| *name == '.'`
			`/* $ is allowed if it's the last char: */`
			`\|\| (*name == '$' && !name[1])`
			`) {`
die_if_bad_username: shrink: 88 -> 77 bytes 2008-03-20 04:55:00 +05:30			`continue;`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`}`
die_if_bad_username: shrink: 88 -> 77 bytes 2008-03-20 04:55:00 +05:30			`skip:`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`ch = *name;`
			`if (ch == '_'`
			`/* \|\| ch == '@' -- we disallow this too. Think about "user@host" */`
			`/* open-coded isalnum: */`
			`\|\| (ch >= '0' && ch <= '9')`
			`\|\| ((ch\|0x20) >= 'a' && (ch\|0x20) <= 'z')`
die_if_bad_username: shrink: 88 -> 77 bytes 2008-03-20 04:55:00 +05:30			`) {`
			`continue;`
			`}`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30			`bb_error_msg_and_die("illegal character with code %u at position %u",`
			`(unsigned)ch, (unsigned)(name - start));`
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`} while (*++name);`
die_if_bad_username: tighten up a bit function old new delta die_if_bad_username 77 97 +20 Based on patches from Tito. The changes are: better comments we disallow '@' now - in practice such usernames will be unusable use of the portable filename character set plus '$' don't use isalnum as it allows non-ASCII letters in legacy 8-bit locales (pointed out by Rich Felker) enforce maximum length of LOGIN_NAME_MAX (including NUL) don't allow '$', '.', and '-' as first char don't print the illegal char in error message as if it is a wide char it will be unreadable print the position of the illegal character Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-08-09 07:35:13 +05:30
			`/* The minimum size of the login name is one char or two if`
			`* last char is the '$'. Violations of this are caught above.`
			`* The maximum size of the login name is LOGIN_NAME_MAX`
			`* including the terminating null byte.`
			`*/`
			`if (name - start >= LOGIN_NAME_MAX)`
			`bb_error_msg_and_die("name is too long");`
...and actually adding new file now... 2008-03-20 04:45:55 +05:30			`}`