shadow-maint · alejandro-colomar · Dec 2, 2024 · Dec 10, 2024 · Dec 23, 2024 · Dec 23, 2024
diff --git a/lib/Makefile.am b/lib/Makefile.am
@@ -89,6 +89,8 @@ libshadow_la_SOURCES = \
 	console.c \
 	copydir.c \
 	csrand.c \
+	ctype/ispfchar.c \
+	ctype/ispfchar.h \
 	defines.h \
 	encrypt.c \
 	env.c \

diff --git a/lib/chkname.c b/lib/chkname.c
@@ -13,7 +13,8 @@
  *   true  - OK
  *   false - bad name
  * errors:
- *   EINVAL	Invalid name characters or sequences
+ *   EINVAL	Invalid name
+ *   EILSEQ	Invalid name character sequence
  *   EOVERFLOW	Name longer than maximum size
  */
 
@@ -33,10 +34,11 @@
 
 #include "defines.h"
 #include "chkname.h"
+#include "ctype/ispfchar.h"
+#include "string/ctype/strchrisascii/strchriscntrl.h"
+#include "string/ctype/strisascii/strisdigit.h"
 #include "string/strcmp/streq.h"
-
-
-int allow_bad_names = false;
+#include "string/strcmp/strprefix.h"
 
 
 size_t
@@ -56,8 +58,14 @@ login_name_max_size(void)
 static bool
 is_valid_name(const char *name)
 {
-	if (allow_bad_names) {
-		return true;
+	if (streq(name, "")
+	 || streq(name, ".")
+	 || streq(name, "..")
+	 || strprefix(name, "-")
+	 || strisdigit(name))
+	{
+		errno = EINVAL;
+		return false;
 	}
 
 	/*
@@ -66,45 +74,21 @@ is_valid_name(const char *name)
          *
          * as a non-POSIX, extension, allow "$" as the last char for
          * sake of Samba 3.x "add machine script"
-         *
-         * Also do not allow fully numeric names or just "." or "..".
          */
-	int numeric;
-
-	if ('\0' == *name ||
-	    ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
-			      '\0' == name[1])) ||
-	    !((*name >= 'a' && *name <= 'z') ||
-	      (*name >= 'A' && *name <= 'Z') ||
-	      (*name >= '0' && *name <= '9') ||
-	      *name == '_' ||
-	      *name == '.'))
-	{
-		errno = EINVAL;
+
+	if (!ispfchar(*name)) {
+		errno = EILSEQ;
 		return false;
 	}
 
-	numeric = isdigit(*name);
-
 	while (!streq(++name, "")) {
-		if (!((*name >= 'a' && *name <= 'z') ||
-		      (*name >= 'A' && *name <= 'Z') ||
-		      (*name >= '0' && *name <= '9') ||
-		      *name == '_' ||
-		      *name == '.' ||
-		      *name == '-' ||
-		      (*name == '$' && name[1] == '\0')
-		     ))
-		{
-			errno = EINVAL;
+		if (streq(name, "$"))  // Samba
+			return true;
+
+		if (!ispfchar(*name)) {
+			errno = EILSEQ;
 			return false;
 		}
-		numeric &= isdigit(*name);
-	}
-
-	if (numeric) {
-		errno = EINVAL;
-		return false;
 	}
 
 	return true;

diff --git a/lib/ctype/ispfchar.c b/lib/ctype/ispfchar.c
@@ -0,0 +1,12 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <[email protected]>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include "ctype/ispfchar.h"
+
+#include <stdbool.h>
+
+
+extern inline bool ispfchar(unsigned char c);
diff --git a/lib/ctype/ispfchar.h b/lib/ctype/ispfchar.h
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2024, Alejandro Colomar <[email protected]>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_CTYPE_ISPFCHAR_H_
+#define SHADOW_INCLUDE_LIB_CTYPE_ISPFCHAR_H_
+
+
+#include <config.h>
+
+#include <ctype.h>
+#include <stdbool.h>
+
+
+inline bool ispfchar(unsigned char c);
+
+
+// Return true if 'c' is a character from the Portable Filename Character Set.
+inline bool
+ispfchar(unsigned char c)
+{
+	return isalnum(c) || c == '.' || c == '_' || c == '-';
+}
+
+
+#endif  // include guard
diff --git a/man/newusers.8.xml b/man/newusers.8.xml
@@ -253,18 +253,6 @@
     <para>
       The options which apply to the <command>newusers</command> command are:
     </para>
-    <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
     <variablelist remap='IP' condition="no_pam">
       <varlistentry>
 	<term><option>-c</option>, <option>--crypt-method</option></term>

diff --git a/man/pwck.8.xml b/man/pwck.8.xml
@@ -159,16 +159,6 @@
       The options which apply to the <command>pwck</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term><option>-h</option>, <option>--help</option></term>
 	<listitem>

diff --git a/man/useradd.8.xml b/man/useradd.8.xml
@@ -103,16 +103,6 @@
     <para>The options which apply to the <command>useradd</command> command are:
     </para>
     <variablelist remap='IP'>
-      <varlistentry>
-	<term>
-	  <option>--badname</option>&nbsp;
-	</term>
-	<listitem>
-	  <para>
-        Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-b</option>, <option>--base-dir</option>&nbsp;<replaceable>BASE_DIR</replaceable>

diff --git a/man/usermod.8.xml b/man/usermod.8.xml
@@ -84,16 +84,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
-      <varlistentry>
-	<term>
-	  <option>-b</option>, <option>--badname</option>
-	</term>
-	<listitem>
-	  <para>
-	    Allow names that do not conform to standards.
-	  </para>
-	</listitem>
-      </varlistentry>
       <varlistentry>
 	<term>
 	  <option>-c</option>, <option>--comment</option>&nbsp;<replaceable>COMMENT</replaceable>

diff --git a/src/chfn.c b/src/chfn.c
@@ -11,10 +11,12 @@
 
 #ident "$Id$"
 
+#include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdio.h>
+#include <string.h>
 #include <sys/types.h>
 #include <getopt.h>
 
@@ -646,7 +648,7 @@ int main (int argc, char **argv)
 	 */
 	if (optind < argc) {
 		if (!is_valid_user_name (argv[optind])) {
-			fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
+			fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno));
 			fail_exit (E_NOPERM);
 		}
 		user = argv[optind];

diff --git a/src/chsh.c b/src/chsh.c
@@ -11,10 +11,12 @@
 
 #ident "$Id$"
 
+#include <errno.h>
 #include <fcntl.h>
 #include <getopt.h>
 #include <pwd.h>
 #include <stdio.h>
+#include <string.h>
 #include <sys/types.h>
 
 #include "chkname.h"
@@ -503,7 +505,7 @@ int main (int argc, char **argv)
 	 */
 	if (optind < argc) {
 		if (!is_valid_user_name (argv[optind])) {
-			fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
+			fprintf(stderr, _("%s: user: %s\n"), Prog, strerror(errno));
 			fail_exit (1);
 		}
 		user = argv[optind];

diff --git a/src/groupadd.c b/src/groupadd.c
@@ -12,6 +12,7 @@
 #ident "$Id$"
 
 #include <ctype.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
@@ -247,9 +248,7 @@ static void
 check_new_name(void)
 {
 	if (!is_valid_group_name(group_name)) {
-		fprintf(stderr, _("%s: '%s' is not a valid group name\n"),
-			Prog, group_name);
-
+		fprintf(stderr, _("%s: group: %s\n"), Prog, strerror(errno));
 		exit(E_BAD_ARG);
 	}
 

diff --git a/src/groupmod.c b/src/groupmod.c
@@ -12,6 +12,7 @@
 #ident "$Id$"
 
 #include <ctype.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <getopt.h>
 #include <grp.h>
@@ -381,9 +382,7 @@ check_new_name(void)
 	}
 
 	if (!is_valid_group_name(group_newname)) {
-		fprintf(stderr,
-			_("%s: invalid group name '%s'\n"),
-			Prog, group_newname);
+		fprintf(stderr, _("%s: group: %s\n"), Prog, strerror(errno));
 		exit(E_BAD_ARG);
 	}
 

diff --git a/src/grpck.c b/src/grpck.c
@@ -10,11 +10,13 @@
 
 #include <config.h>
 
+#include <errno.h>
 #include <fcntl.h>
+#include <getopt.h>
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
-#include <getopt.h>
+#include <string.h>
 
 #include "chkname.h"
 #include "commonio.h"
@@ -562,7 +564,7 @@ static void check_grp_file (int *errors, bool *changed)
 		 */
 		if (!is_valid_group_name (grp->gr_name)) {
 			*errors += 1;
-			printf (_("invalid group name '%s'\n"), grp->gr_name);
+			printf(_("group: %s\n"), strerror(errno));
 		}
 
 		/*

diff --git a/src/newgrp.c b/src/newgrp.c
@@ -15,6 +15,7 @@
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
+#include <string.h>
 #include <assert.h>
 
 #include "agetpass.h"
@@ -486,9 +487,8 @@ int main (int argc, char **argv)
 		 */
 		if ((argc > 0) && (argv[0][0] != '-')) {
 			if (!is_valid_group_name (argv[0])) {
-				fprintf (
-					stderr, _("%s: provided group is not a valid group name\n"),
-					Prog);
+				fprintf(stderr, _("%s: group: %s\n"),
+					Prog, strerror(errno));
 				goto failure;
 			}
 			group = argv[0];
@@ -523,9 +523,8 @@ int main (int argc, char **argv)
 			goto failure;
 		} else if (argv[0] != NULL) {
 			if (!is_valid_group_name (argv[0])) {
-				fprintf (
-					stderr, _("%s: provided group is not a valid group name\n"),
-					Prog);
+				fprintf(stderr, _("%s: group: %s\n"),
+					Prog, strerror(errno));
 				goto failure;
 			}
 			group = argv[0];