1/* vi: set sw=4 ts=4: */ 2/* 3 * Check user and group names for illegal characters 4 * 5 * Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it> 6 * 7 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 8 */ 9 10#include "libbb.h" 11 12/* To avoid problems, the username should consist only of 13 * letters, digits, underscores, periods, at signs and dashes, 14 * and not start with a dash (as defined by IEEE Std 1003.1-2001). 15 * For compatibility with Samba machine accounts $ is also supported 16 * at the end of the username. 17 */ 18 19void FAST_FUNC die_if_bad_username(const char *name) 20{ 21 const char *start = name; 22 23 /* 1st char being dash or dot isn't valid: 24 * for example, name like ".." can make adduser 25 * chown "/home/.." recursively - NOT GOOD. 26 * Name of just a single "$" is also rejected. 27 */ 28 goto skip; 29 30 do { 31 unsigned char ch; 32 33 /* These chars are valid unless they are at the 1st pos: */ 34 if (*name == '-' 35 || *name == '.' 36 /* $ is allowed if it's the last char: */ 37 || (*name == '$' && !name[1]) 38 ) { 39 continue; 40 } 41 skip: 42 ch = *name; 43 if (ch == '_' 44 /* || ch == '@' -- we disallow this too. Think about "user@host" */ 45 /* open-coded isalnum: */ 46 || (ch >= '0' && ch <= '9') 47 || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z') 48 ) { 49 continue; 50 } 51 bb_error_msg_and_die("illegal character with code %u at position %u", 52 (unsigned)ch, (unsigned)(name - start)); 53 } while (*++name); 54 55 /* The minimum size of the login name is one char or two if 56 * last char is the '$'. Violations of this are caught above. 57 * The maximum size of the login name is LOGIN_NAME_MAX 58 * including the terminating null byte. 59 */ 60 if (name - start >= LOGIN_NAME_MAX) 61 bb_error_msg_and_die("name is too long"); 62} 63