diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-04-04 12:23:02 +0200 |
|---|---|---|
| committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2020-11-02 19:05:19 +0100 |
| commit | 33b851f0c30e47fe71a293e2c990ef26573efe86 (patch) | |
| tree | 1fff0b1f7316583e6b49894f078a901fec1be974 /network | |
| parent | 7569168bea3d7e11cd3afe6167fcf4a3ac65a1a6 (diff) | |
| download | systemd-33b851f0c30e47fe71a293e2c990ef26573efe86.tar.gz | |
user-util: rework how we validate user namesv239-42
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenver we allocate a new user
(i.e. in sysusers.d or homed), while "relaxed" mode is when we process
users registered elsewhere, (i.e. userdb, logind, …)
The requirements on user name validity vary wildly. SSSD thinks its fine
to embedd "@" for example, while the suggested NAME_REGEX field on
Debian does not even allow uppercase chars…
This effectively liberaralizes a lot what we expect from usernames.
The code that warns about questionnable user names is now optional and
only used at places such as unit file parsing, so that it doesn't show
up on every userdb query, but only when processing configuration files
that know better.
Fixes: #15149 #15090
(cherry picked from commit 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb)
Resolves: #1848373
Diffstat (limited to 'network')
0 files changed, 0 insertions, 0 deletions