1/* vi: set sw=4 ts=4: */ 2/* 3 * Check user and group names for illegal characters 4 * 5 * Copyright (C) 2008 Tito Ragusa <farmatito@tiscali.it> 6 * 7 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 8 */ 9#include "libbb.h" 10 11/* To avoid problems, the username should consist only of 12 * letters, digits, underscores, periods, at signs and dashes, 13 * and not start with a dash (as defined by IEEE Std 1003.1-2001). 14 * For compatibility with Samba machine accounts $ is also supported 15 * at the end of the username. 16 */ 17 18void FAST_FUNC die_if_bad_username(const char *name) 19{ 20 const char *start = name; 21 22 /* 1st char being dash or dot isn't valid: 23 * for example, name like ".." can make adduser 24 * chown "/home/.." recursively - NOT GOOD. 25 * Name of just a single "$" is also rejected. 26 */ 27 goto skip; 28 29 do { 30 unsigned char ch; 31 32 /* These chars are valid unless they are at the 1st pos: */ 33 if (*name == '-' 34 || *name == '.' 35 /* $ is allowed if it's the last char: */ 36 || (*name == '$' && !name[1]) 37 ) { 38 continue; 39 } 40 skip: 41 ch = *name; 42 if (ch == '_' 43 /* || ch == '@' -- we disallow this too. Think about "user@host" */ 44 /* open-coded isalnum: */ 45 || (ch >= '0' && ch <= '9') 46 || ((ch|0x20) >= 'a' && (ch|0x20) <= 'z') 47 ) { 48 continue; 49 } 50 bb_error_msg_and_die("illegal character with code %u at position %u", 51 (unsigned)ch, (unsigned)(name - start)); 52 } while (*++name); 53 54 /* The minimum size of the login name is one char or two if 55 * last char is the '$'. Violations of this are caught above. 56 * The maximum size of the login name is LOGIN_NAME_MAX 57 * including the terminating null byte. 58 */ 59 if (name - start >= LOGIN_NAME_MAX) 60 bb_error_msg_and_die("name is too long"); 61} 62