user-util: rework how we validate user names

This reworks the user validation infrastructure. There are now two
modes. In regular mode we are strict and test against a strict set of
valid chars. And in "relaxed" mode we just filter out some really
obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
"relaxed" is blacklisting what is really not OK.

The idea is that we use strict mode whenver we allocate a new user
(i.e. in sysusers.d or homed), while "relaxed" mode is when we process
users registered elsewhere, (i.e. userdb, logind, …)

The requirements on user name validity vary wildly. SSSD thinks its fine
to embedd "@" for example, while the suggested NAME_REGEX field on
Debian does not even allow uppercase chars…

This effectively liberaralizes a lot what we expect from usernames.

The code that warns about questionnable user names is now optional and
only used at places such as unit file parsing, so that it doesn't show
up on every userdb query, but only when processing configuration files
that know better.

Fixes: #15149 #15090
(cherry picked from commit 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb)

Resolves: #1848373
14 files changed
tree: 1fff0b1f7316583e6b49894f078a901fec1be974
  1. .dir-locals.el
  2. .editorconfig
  3. .gitattributes
  4. .github/
  5. .gitignore
  6. .lgtm.yml
  7. .lgtm/cpp-queries/
  8. .mailmap
  9. .mkosi/
  10. .travis.yml
  11. .vimrc
  12. .ycm_extra_conf.py
  13. LICENSE.GPL2
  14. LICENSE.LGPL2.1
  15. Makefile
  16. NEWS
  17. README
  18. README.md
  19. TODO
  20. catalog/
  21. ci/
  22. coccinelle/
  23. configure
  24. doc/
  25. factory/etc/
  26. hwdb/
  27. man/
  28. meson.build
  29. meson_options.txt
  30. mkosi.build
  31. modprobe.d/
  32. network/
  33. po/
  34. presets/
  35. rules/
  36. shell-completion/
  37. src/
  38. sysctl.d/
  39. sysusers.d/
  40. test/
  41. tmpfiles.d/
  42. tools/
  43. travis-ci/
  44. units/
  45. xorg/
  46. zanata.xml
README.md

systemd - System and Service Manager

Build Status
Coverity Scan Status
CII Best Practices
Build Status

Details

General information about systemd can be found in the systemd Wiki.

Information about build requirements are provided in the README file.

Consult our NEWS file for information about what's new in the most recent systemd versions.

Please see the HACKING file for information how to hack on systemd and test your modifications.

Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.

When preparing patches for systemd, please follow our Coding Style Guidelines.

If you are looking for support, please contact our mailing list or join our IRC channel.

Stable branches with backported patches are available in the stable repo.