die_if_bad_username.c 1.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465
  1. /* vi: set sw=4 ts=4: */
  2. /*
  3. * Check user and group names for illegal characters
  4. *
  5. * Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it>
  6. *
  7. * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  8. */
  9. #include "libbb.h"
  10. #ifndef LOGIN_NAME_MAX
  11. #define LOGIN_NAME_MAX 256
  12. #endif
  13. /* To avoid problems, the username should consist only of
  14. * letters, digits, underscores, periods, at signs and dashes,
  15. * and not start with a dash (as defined by IEEE Std 1003.1-2001).
  16. * For compatibility with Samba machine accounts $ is also supported
  17. * at the end of the username.
  18. */
  19. void FAST_FUNC die_if_bad_username(const char *name)
  20. {
  21. const char *start = name;
  22. /* 1st char being dash or dot isn't valid:
  23. * for example, name like ".." can make adduser
  24. * chown "/home/.." recursively - NOT GOOD.
  25. * Name of just a single "$" is also rejected.
  26. */
  27. goto skip;
  28. do {
  29. unsigned char ch;
  30. /* These chars are valid unless they are at the 1st pos: */
  31. if (*name == '-'
  32. || *name == '.'
  33. /* $ is allowed if it's the last char: */
  34. || (*name == '$' && !name[1])
  35. ) {
  36. continue;
  37. }
  38. skip:
  39. ch = *name;
  40. if (ch == '_'
  41. /* || ch == '@' -- we disallow this too. Think about "user@host" */
  42. /* open-coded isalnum: */
  43. || (ch >= '0' && ch <= '9')
  44. || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z')
  45. ) {
  46. continue;
  47. }
  48. bb_error_msg_and_die("illegal character with code %u at position %u",
  49. (unsigned)ch, (unsigned)(name - start));
  50. } while (*++name);
  51. /* The minimum size of the login name is one char or two if
  52. * last char is the '$'. Violations of this are caught above.
  53. * The maximum size of the login name is LOGIN_NAME_MAX
  54. * including the terminating null byte.
  55. */
  56. if (name - start >= LOGIN_NAME_MAX)
  57. bb_simple_error_msg_and_die("name is too long");
  58. }