Attachment #11649 for bug #22860

View | Details | Raw Unified | Return to bug 22860
Collapse All | Expand All




        W_NUM
};

enum _gecos
{			/* pw_checkname() classes (plausi test) */
	GEC_PWNAME,	/* user name field */
	GEC_GROUP,	/* user group field */
	GEC_CLASS,	/* default login class */
	GEC_COMMENT,	/* gecos comment field */
	GEC_MAXDIM	/* allowed patterns table dimensioning */
};

struct carg
{
	int		  ch;


int pw_user(struct userconf * cnf, int mode, struct cargs * _args);
int pw_group(struct userconf * cnf, int mode, struct cargs * _args);
char    *pw_checkname(u_char *name, enum _gecos gecos);

int addpwent(struct passwd * pwd);
int delpwent(struct passwd * pwd);

Lines 135-141 Link Here

(-)pw_group.c (-2 / +2 lines)
135	grp->gr_gid = (gid_t) atoi(a_gid->val);	135	grp->gr_gid = (gid_t) atoi(a_gid->val);
136		136
137	if ((arg = getarg(args, 'l')) != NULL)	137	if ((arg = getarg(args, 'l')) != NULL)
138	grp->gr_name = pw_checkname((u_char *)arg->val, 0);	138	grp->gr_name = pw_checkname((u_char *)arg->val, GEC_GROUP);
139	} else {	139	} else {
140	if (a_name == NULL) /* Required */	140	if (a_name == NULL) /* Required */
141	errx(EX_DATAERR, "group name required");	141	errx(EX_DATAERR, "group name required");
Lines 145-151 Link Here
145	extendarray(&members, &grmembers, 200);	145	extendarray(&members, &grmembers, 200);
146	members[0] = NULL;	146	members[0] = NULL;
147	grp = &fakegroup;	147	grp = &fakegroup;
148	grp->gr_name = pw_checkname((u_char *)a_name->val, 0);	148	grp->gr_name = pw_checkname((u_char *)a_name->val, GEC_GROUP);
149	grp->gr_passwd = "*";	149	grp->gr_passwd = "*";
150	grp->gr_gid = gr_gidpolicy(cnf, args);	150	grp->gr_gid = gr_gidpolicy(cnf, args);
151	grp->gr_mem = members;	151	grp->gr_mem = members;




		}
	}
	if ((arg = getarg(args, 'L')) != NULL)
		cnf->default_class = pw_checkname((u_char *)arg->val, GEC_CLASS);

	if ((arg = getarg(args, 'G')) != NULL && arg->val) {
		int i = 0;

	}

	if ((a_name = getarg(args, 'n')) != NULL)
		pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, GEC_PWNAME));
	a_uid = getarg(args, 'u');

	if (a_uid == NULL) {

		if ((arg = getarg(args, 'l')) != NULL) {
			if (strcmp(pwd->pw_name, "root") == 0)
				errx(EX_DATAERR, "can't rename `root' account");
			pwd->pw_name = pw_checkname((u_char *)arg->val, GEC_PWNAME);
			edited = 1;
		}


	 * Shared add/edit code
	 */
	if ((arg = getarg(args, 'c')) != NULL) {
		char	*gecos = pw_checkname((u_char *)arg->val, GEC_COMMENT);
		if (strcmp(pwd->pw_gecos, gecos) != 0) {
			pwd->pw_gecos = gecos;
			edited = 1;

}

char    *
pw_checkname(u_char *name, enum _gecos gecos)
{
	int             l = 0;
	static const char *notchtab[GEC_MAXDIM] = {
		" ,\t:+&#%^()!@~*?<>=|\\/\"" , /* GEC_PWNAME */
		" ,\t:+&#%$^()!@~*?<>=|\\/\"", /* GEC_GROUP */
		" ,\t:+&#%$^()!@~*?<>=|\\/\"", /* GEC_CLASS */
		":!@"                        , /* GEC_COMMENT */
	};
	char const     *notch = notchtab[gecos];

	while (name[l]) {
		if (strchr(notch, name[l]) != NULL || name[l] < ' ' || name[l] == 127 ||
			(gecos != GEC_COMMENT && l==0 && name[l] == '-') ||	/* leading '-' */
			(gecos != GEC_COMMENT && name[l] == '$' && name[l+1]) ||	/* not a trailing '$' */
			(gecos != GEC_COMMENT && name[l] & 0x80))	/* 8-bit */
			errx(EX_DATAERR, (name[l] >= ' ' && name[l] < 127)
					    ? "invalid character `%c' in field"
					    : "invalid character 0x%02x in field",
					    name[l]);
		++l;
	}
	if (gecos != GEC_COMMENT && l > LOGNAMESIZE)
		errx(EX_DATAERR, "name too long `%s'", name);
	return (char *)name;
}

Return to bug 22860

Lines 62-67 Link Here

(-)pw.h (-1 / +10 lines)
62	W_NUM	62	W_NUM
63	};	63	};
64		64
		65	enum _gecos
		66	{ /* pw_checkname() classes (plausi test) */
		67	GEC_PWNAME, /* user name field */
		68	GEC_GROUP, /* user group field */
		69	GEC_CLASS, /* default login class */
		70	GEC_COMMENT, /* gecos comment field */
		71	GEC_MAXDIM /* allowed patterns table dimensioning */
		72	};
		73
65	struct carg	74	struct carg
66	{	75	{
67	int ch;	76	int ch;
Lines 105-111 Link Here
105		114
106	int pw_user(struct userconf * cnf, int mode, struct cargs * _args);	115	int pw_user(struct userconf * cnf, int mode, struct cargs * _args);
107	int pw_group(struct userconf * cnf, int mode, struct cargs * _args);	116	int pw_group(struct userconf * cnf, int mode, struct cargs * _args);
108	char pw_checkname(u_char name, int gecos);	117	char pw_checkname(u_char name, enum _gecos gecos);
109		118
110	int addpwent(struct passwd * pwd);	119	int addpwent(struct passwd * pwd);
111	int delpwent(struct passwd * pwd);	120	int delpwent(struct passwd * pwd);

Lines 231-237 Link Here

(-)pw_user.c (-9 / +16 lines)
231	}	231	}
232	}	232	}
233	if ((arg = getarg(args, 'L')) != NULL)	233	if ((arg = getarg(args, 'L')) != NULL)
234	cnf->default_class = pw_checkname((u_char *)arg->val, 0);	234	cnf->default_class = pw_checkname((u_char *)arg->val, GEC_CLASS);
235		235
236	if ((arg = getarg(args, 'G')) != NULL && arg->val) {	236	if ((arg = getarg(args, 'G')) != NULL && arg->val) {
237	int i = 0;	237	int i = 0;
Lines 293-299 Link Here
293	}	293	}
294		294
295	if ((a_name = getarg(args, 'n')) != NULL)	295	if ((a_name = getarg(args, 'n')) != NULL)
296	pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, 0));	296	pwd = GETPWNAM(pw_checkname((u_char *)a_name->val, GEC_PWNAME));
297	a_uid = getarg(args, 'u');	297	a_uid = getarg(args, 'u');
298		298
299	if (a_uid == NULL) {	299	if (a_uid == NULL) {
Lines 455-461 Link Here
455	if ((arg = getarg(args, 'l')) != NULL) {	455	if ((arg = getarg(args, 'l')) != NULL) {
456	if (strcmp(pwd->pw_name, "root") == 0)	456	if (strcmp(pwd->pw_name, "root") == 0)
457	errx(EX_DATAERR, "can't rename `root' account");	457	errx(EX_DATAERR, "can't rename `root' account");
458	pwd->pw_name = pw_checkname((u_char *)arg->val, 0);	458	pwd->pw_name = pw_checkname((u_char *)arg->val, GEC_PWNAME);
459	edited = 1;	459	edited = 1;
460	}	460	}
461		461
Lines 595-601 Link Here
595	* Shared add/edit code	595	* Shared add/edit code
596	*/	596	*/
597	if ((arg = getarg(args, 'c')) != NULL) {	597	if ((arg = getarg(args, 'c')) != NULL) {
598	char gecos = pw_checkname((u_char )arg->val, 1);	598	char gecos = pw_checkname((u_char )arg->val, GEC_COMMENT);
599	if (strcmp(pwd->pw_gecos, gecos) != 0) {	599	if (strcmp(pwd->pw_gecos, gecos) != 0) {
600	pwd->pw_gecos = gecos;	600	pwd->pw_gecos = gecos;
601	edited = 1;	601	edited = 1;
Lines 1208-1229 Link Here
1208	}	1208	}
1209		1209
1210	char *	1210	char *
1211	pw_checkname(u_char *name, int gecos)	1211	pw_checkname(u_char *name, enum _gecos gecos)
1212	{	1212	{
1213	int l = 0;	1213	int l = 0;
1214	char const notch = gecos ? ":!@" : " ,\t:+&#%$^()!@~?<>=\|\\/\"";	1214	static const char *notchtab[GEC_MAXDIM] = {
		1215	" ,\t:+&#%^()!@~?<>=\|\\/\"" , / GEC_PWNAME */
		1216	" ,\t:+&#%$^()!@~?<>=\|\\/\"", / GEC_GROUP */
		1217	" ,\t:+&#%$^()!@~?<>=\|\\/\"", / GEC_CLASS */
		1218	":!@" , /* GEC_COMMENT */
		1219	};
		1220	char const *notch = notchtab[gecos];
1215		1221
1216	while (name[l]) {	1222	while (name[l]) {
1217	if (strchr(notch, name[l]) != NULL \|\| name[l] < ' ' \|\| name[l] == 127 \|\|	1223	if (strchr(notch, name[l]) != NULL \|\| name[l] < ' ' \|\| name[l] == 127 \|\|
1218	(!gecos && l==0 && name[l] == '-') \|\| /* leading '-' */	1224	(gecos != GEC_COMMENT && l==0 && name[l] == '-') \|\| /* leading '-' */
1219	(!gecos && name[l] & 0x80)) /* 8-bit */	1225	(gecos != GEC_COMMENT && name[l] == '$' && name[l+1]) \|\| /* not a trailing '$' */
		1226	(gecos != GEC_COMMENT && name[l] & 0x80)) /* 8-bit */
1220	errx(EX_DATAERR, (name[l] >= ' ' && name[l] < 127)	1227	errx(EX_DATAERR, (name[l] >= ' ' && name[l] < 127)
1221	? "invalid character `%c' in field"	1228	? "invalid character `%c' in field"
1222	: "invalid character 0x%02x in field",	1229	: "invalid character 0x%02x in field",
1223	name[l]);	1230	name[l]);
1224	++l;	1231	++l;
1225	}	1232	}
1226	if (!gecos && l > LOGNAMESIZE)	1233	if (gecos != GEC_COMMENT && l > LOGNAMESIZE)
1227	errx(EX_DATAERR, "name too long `%s'", name);	1234	errx(EX_DATAERR, "name too long `%s'", name);
1228	return (char *)name;	1235	return (char *)name;
1229	}	1236	}