diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-04-04 12:23:02 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-04-08 17:11:20 +0200 |
| commit | 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb (patch) | |
| tree | b36865fc95cfecd9d68ed65faa74c5c409006302 /src/nss-systemd | |
| parent | 2aea5883f1d016ec7304acdb59516c30cae92452 (diff) | |
| download | systemd-7a8867abfab10e5bbca10590ec2aa40c5b27d8fb.tar.gz | |
user-util: rework how we validate user names
This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.
The idea is that we use strict mode whenver we allocate a new user
(i.e. in sysusers.d or homed), while "relaxed" mode is when we process
users registered elsewhere, (i.e. userdb, logind, …)
The requirements on user name validity vary wildly. SSSD thinks its fine
to embedd "@" for example, while the suggested NAME_REGEX field on
Debian does not even allow uppercase chars…
This effectively liberaralizes a lot what we expect from usernames.
The code that warns about questionnable user names is now optional and
only used at places such as unit file parsing, so that it doesn't show
up on every userdb query, but only when processing configuration files
that know better.
Fixes: #15149 #15090
Diffstat (limited to 'src/nss-systemd')
| -rw-r--r-- | src/nss-systemd/nss-systemd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c index 581b7959bd..c1e780edcb 100644 --- a/src/nss-systemd/nss-systemd.c +++ b/src/nss-systemd/nss-systemd.c @@ -96,7 +96,7 @@ enum nss_status _nss_systemd_getpwnam_r( /* If the username is not valid, then we don't know it. Ideally libc would filter these for us * anyway. We don't generate EINVAL here, because it isn't really out business to complain about * invalid user names. */ - if (!valid_user_group_name(name)) + if (!valid_user_group_name(name, VALID_USER_RELAX)) return NSS_STATUS_NOTFOUND; /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ @@ -193,7 +193,7 @@ enum nss_status _nss_systemd_getgrnam_r( assert(gr); assert(errnop); - if (!valid_user_group_name(name)) + if (!valid_user_group_name(name, VALID_USER_RELAX)) return NSS_STATUS_NOTFOUND; /* Synthesize records for root and nobody, in case they are missing from /etc/group */ @@ -536,7 +536,7 @@ enum nss_status _nss_systemd_initgroups_dyn( assert(groupsp); assert(errnop); - if (!valid_user_group_name(user_name)) + if (!valid_user_group_name(user_name, VALID_USER_RELAX)) return NSS_STATUS_NOTFOUND; /* Don't allow extending these two special users, the same as we won't resolve them via getpwnam() */ |