Little Bobby Tables

lib/, man/, src/: Do not allow bad names Closes: <#1149> Link: <https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/> Link: <https://xkcd.com/327/> Link: <https://www.youtube.com/watch?v=hNoS2BU6bbQ> Link: <https://lwn.net/Articles/1001215/> Link: <https://dwheeler.com/essays/fixing-unix-linux-filenames.html> Link: <#121> Link: <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=42874> Link: <https://lists.debian.org/debian-devel/2024/11/msg00250.html> Link: <https://lists.debian.org/debian-devel/2024/12/msg00012.html> Link: <https://lwn.net/Articles/1000485/> Cc: Iker Pedrosa <[email protected]> Cc: Serge Hallyn <[email protected]> Cc: Sam James <[email protected]> Cc: Michael Vetter <[email protected]> Cc: Chris Hofstaedtler <[email protected]> Cc: Balint Reczey <[email protected]> Cc: Marc Haber <[email protected]> Signed-off-by: Alejandro Colomar <[email protected]>
shadow-maint · Dec 26, 2024 · c892957 · c892957
1 parent fe5172f
commit c892957
Show file tree

Hide file tree

Showing 9 changed files with 9 additions and 116 deletions.
diff --git a/lib/chkname.c b/lib/chkname.c
@@ -14,7 +14,7 @@
  *   false - bad name
  * errors:
  *   EINVAL	Invalid name
- *   EILSEQ	Invalid name character sequence (acceptable with --badname)
+ *   EILSEQ	Invalid name character sequence
  *   EOVERFLOW	Name longer than maximum size
  */
 
@@ -41,9 +41,6 @@
 #include "string/strcmp/strprefix.h"
 
 
-int allow_bad_names = false;
-
-
 size_t
 login_name_max_size(void)
 {
@@ -64,19 +61,13 @@ is_valid_name(const char *name)
 	if (streq(name, "")
 	 || streq(name, ".")
 	 || streq(name, "..")
-	 || strpbrk(name, ",: /")
 	 || strprefix(name, "-")
-	 || strchriscntrl(name)
 	 || strisdigit(name))
 	{
 		errno = EINVAL;
 		return false;
 	}
 
-	if (allow_bad_names) {
-		return true;
-	}
-
 	/*
          * User/group names must match BRE regex:
          *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?

diff --git a/man/newusers.8.xml b/man/newusers.8.xml
@@ -253,18 +253,6 @@
     <para>
       The options which apply to the <command>newusers</command> command are:
     </para>
-    <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
     <variablelist remap='IP' condition="no_pam">
       <varlistentry>
 	<term><option>-c</option>, <option>--crypt-method</option></term>

diff --git a/man/pwck.8.xml b/man/pwck.8.xml
@@ -159,16 +159,6 @@
       The options which apply to the <command>pwck</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term><option>-h</option>, <option>--help</option></term>
 	<listitem>

diff --git a/man/useradd.8.xml b/man/useradd.8.xml
@@ -103,16 +103,6 @@
     <para>The options which apply to the <command>useradd</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-b</option>, <option>--base-dir</option>&nbsp;<replaceable>BASE_DIR</replaceable>

diff --git a/man/usermod.8.xml b/man/usermod.8.xml
@@ -84,16 +84,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term>
-	  <option>-b</option>, <option>--badname</option>
-	</term>
-	<listitem>
-	  <para>
-	    Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-c</option>, <option>--comment</option>&nbsp;<replaceable>COMMENT</replaceable>

diff --git a/src/newusers.c b/src/newusers.c
@@ -112,7 +112,6 @@ static void check_perms (void);
 static void open_files (void);
 static void close_files (void);
 
-extern int allow_bad_names;
 
 /*
  * usage - display usage message and exit
@@ -125,7 +124,6 @@ static void usage (int status)
 	                  "\n"
 	                  "Options:\n"),
 	                Prog);
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 #ifndef USE_PAM
 	(void) fprintf (usageout,
 	                _("  -c, --crypt-method METHOD     the crypt method (one of %s)\n"),
@@ -386,17 +384,8 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
 {
 	struct passwd pwent;
 
-	/* Check if this is a valid user name */
 	if (!is_valid_user_name(name)) {
-		if (errno == EILSEQ) {
-			fprintf(stderr,
-			        _("%s: invalid user name '%s': use --badname to ignore\n"),
-			        Prog, name);
-		} else {
-			fprintf(stderr,
-			        _("%s: invalid user name '%s'\n"),
-			        Prog, name);
-		}
+		fprintf(stderr, _("%s: invalid user name '%s'\n"), Prog, name);
 		return -1;
 	}
 
@@ -629,7 +618,6 @@ static void process_flags (int argc, char **argv)
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif 				/* !USE_PAM */
 	static struct option long_options[] = {
-		{"badname",      no_argument,       NULL, 'b'},
 #ifndef USE_PAM
 		{"crypt-method", required_argument, NULL, 'c'},
 #endif				/* !USE_PAM */
@@ -656,9 +644,6 @@ static void process_flags (int argc, char **argv)
 #endif
 	                         long_options, NULL)) != -1) {
 		switch (c) {
-		case 'b':
-			allow_bad_names = true;
-			break;
 #ifndef USE_PAM
 		case 'c':
 			crypt_method = optarg;

diff --git a/src/pwck.c b/src/pwck.c
@@ -76,7 +76,6 @@ static void close_files (bool changed);
 static void check_pw_file (int *errors, bool *changed);
 static void check_spw_file (int *errors, bool *changed);
 
-extern int allow_bad_names;
 
 /*
  * fail_exit - do some cleanup and exit with the given error code
@@ -133,7 +132,6 @@ usage (int status)
 		                  "Options:\n"),
 		                Prog);
 	}
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
 	(void) fputs (_("  -q, --quiet                   report errors only\n"), usageout);
 	(void) fputs (_("  -r, --read-only               display errors and warnings\n"
@@ -158,7 +156,6 @@ static void process_flags (int argc, char **argv)
 {
 	int c;
 	static struct option long_options[] = {
-		{"badname",   no_argument,       NULL, 'b'},
 		{"help",      no_argument,       NULL, 'h'},
 		{"quiet",     no_argument,       NULL, 'q'},
 		{"read-only", no_argument,       NULL, 'r'},
@@ -173,9 +170,6 @@ static void process_flags (int argc, char **argv)
 	while ((c = getopt_long (argc, argv, "behqrR:s",
 	                         long_options, NULL)) != -1) {
 		switch (c) {
-		case 'b':
-			allow_bad_names = true;
-			break;
 		case 'h':
 			usage (E_SUCCESS);
 			/*@notreached@*/break;
@@ -470,18 +464,8 @@ static void check_pw_file (int *errors, bool *changed)
 			}
 		}
 
-		/*
-		 * Check for invalid usernames.  --marekm
-		 */
-
 		if (!is_valid_user_name(pwd->pw_name)) {
-			if (errno == EILSEQ) {
-				printf(_("invalid user name '%s': use --badname to ignore\n"),
-				       pwd->pw_name);
-			} else {
-				printf(_("invalid user name '%s'\n"),
-				       pwd->pw_name);
-			}
+			printf(_("invalid user name '%s'\n"), pwd->pw_name);
 			*errors += 1;
 		}
 

diff --git a/src/useradd.c b/src/useradd.c
@@ -150,7 +150,6 @@ static char **user_groups;	/* NULL-terminated list */
 static long sys_ngroups;
 static bool do_grp_update = false;	/* group files need to be updated */
 
-extern int allow_bad_names;
 
 static bool
     bflg = false,		/* new default root of home directory */
@@ -893,7 +892,6 @@ static void usage (int status)
 	                  "\n"
 	                  "Options:\n"),
 	                Prog, Prog, Prog);
-	(void) fputs (_("      --badname                 do not check for bad names\n"), usageout);
 	(void) fputs (_("  -b, --base-dir BASE_DIR       base directory for the home directory of the\n"
 	                "                                new account\n"), usageout);
 #ifdef WITH_BTRFS
@@ -1180,7 +1178,6 @@ static void process_flags (int argc, char **argv)
 #ifdef WITH_BTRFS
 			{"btrfs-subvolume-home", no_argument, NULL, 200},
 #endif
-			{"badname",        no_argument,       NULL, 201},
 			{"comment",        required_argument, NULL, 'c'},
 			{"home-dir",       required_argument, NULL, 'd'},
 			{"defaults",       no_argument,       NULL, 'D'},
@@ -1237,9 +1234,6 @@ static void process_flags (int argc, char **argv)
 			case 200:
 				subvolflg = true;
 				break;
-			case 201:
-				allow_bad_names = true;
-				break;
 			case 'c':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1534,15 +1528,9 @@ static void process_flags (int argc, char **argv)
 
 		user_name = argv[optind];
 		if (!is_valid_user_name(user_name)) {
-			if (errno == EILSEQ) {
-				fprintf(stderr,
-				        _("%s: invalid user name '%s': use --badname to ignore\n"),
-				        Prog, user_name);
-			} else {
-				fprintf(stderr,
-				        _("%s: invalid user name '%s'\n"),
-				        Prog, user_name);
-			}
+			fprintf(stderr,
+			        _("%s: invalid user name '%s'\n"),
+			        Prog, user_name);
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
 			              "adding user",

diff --git a/src/usermod.c b/src/usermod.c
@@ -207,7 +207,6 @@ static void update_faillog (void);
 static void move_mailbox (void);
 #endif
 
-extern int allow_bad_names;
 
 /*
  * get_groups - convert a list of group names to an array of group IDs
@@ -383,7 +382,6 @@ usage (int status)
 	(void) fputs (_("  -a, --append                  append the user to the supplemental GROUPS\n"
 	                "                                mentioned by the -G option without removing\n"
 	                "                                the user from other groups\n"), usageout);
-	(void) fputs (_("  -b, --badname                 allow bad names\n"), usageout);
 	(void) fputs (_("  -c, --comment COMMENT         new value of the GECOS field\n"), usageout);
 	(void) fputs (_("  -d, --home HOME_DIR           new home directory for the user account\n"), usageout);
 	(void) fputs (_("  -e, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE\n"), usageout);
@@ -996,8 +994,6 @@ process_flags(int argc, char **argv)
 		int c;
 		static struct option long_options[] = {
 			{"append",       no_argument,       NULL, 'a'},
-			{"badname",      no_argument,       NULL, 'b'},
-			{"badnames",     no_argument,       NULL, 'b'},
 			{"comment",      required_argument, NULL, 'c'},
 			{"home",         required_argument, NULL, 'd'},
 			{"expiredate",   required_argument, NULL, 'e'},
@@ -1041,9 +1037,6 @@ process_flags(int argc, char **argv)
 			case 'a':
 				aflg = true;
 				break;
-			case 'b':
-				allow_bad_names = true;
-				break;
 			case 'c':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -1118,15 +1111,9 @@ process_flags(int argc, char **argv)
 				/*@notreached@*/break;
 			case 'l':
 				if (!is_valid_user_name(optarg)) {
-					if (errno == EILSEQ) {
-						fprintf(stderr,
-						        _("%s: invalid user name '%s': use --badname to ignore\n"),
-						        Prog, optarg);
-					} else {
-						fprintf(stderr,
-						        _("%s: invalid user name '%s'\n"),
-						        Prog, optarg);
-					}
+					fprintf(stderr,
+						_("%s: invalid user name '%s'\n"),
+						Prog, optarg);
 					exit (E_BAD_ARG);
 				}
 				lflg = true;