source: branches/3.2/mindi-busybox/libbb/die_if_bad_username.c @ 3232

Last change on this file since 3232 was 3232, checked in by bruno, 5 years ago
  • Update mindi-busybox to 1.21.1
  • Property svn:eol-style set to native
File size: 1.7 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * Check user and group names for illegal characters
4 *
5 * Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it>
6 *
7 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
8 */
9
10#include "libbb.h"
11
12/* To avoid problems, the username should consist only of
13 * letters, digits, underscores, periods, at signs and dashes,
14 * and not start with a dash (as defined by IEEE Std 1003.1-2001).
15 * For compatibility with Samba machine accounts $ is also supported
16 * at the end of the username.
17 */
18
19void FAST_FUNC die_if_bad_username(const char *name)
20{
21    const char *start = name;
22
23    /* 1st char being dash or dot isn't valid:
24     * for example, name like ".." can make adduser
25     * chown "/home/.." recursively - NOT GOOD.
26     * Name of just a single "$" is also rejected.
27     */
28    goto skip;
29
30    do {
31        unsigned char ch;
32
33        /* These chars are valid unless they are at the 1st pos: */
34        if (*name == '-'
35         || *name == '.'
36        /* $ is allowed if it's the last char: */
37         || (*name == '$' && !name[1])
38        ) {
39            continue;
40        }
41 skip:
42        ch = *name;
43        if (ch == '_'
44        /* || ch == '@' -- we disallow this too. Think about "user@host" */
45        /* open-coded isalnum: */
46         || (ch >= '0' && ch <= '9')
47         || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z')
48        ) {
49            continue;
50        }
51        bb_error_msg_and_die("illegal character with code %u at position %u",
52                (unsigned)ch, (unsigned)(name - start));
53    } while (*++name);
54
55    /* The minimum size of the login name is one char or two if
56     * last char is the '$'. Violations of this are caught above.
57     * The maximum size of the login name is LOGIN_NAME_MAX
58     * including the terminating null byte.
59     */
60    if (name - start >= LOGIN_NAME_MAX)
61        bb_error_msg_and_die("name is too long");
62}
Note: See TracBrowser for help on using the repository browser.