commit | 33b851f0c30e47fe71a293e2c990ef26573efe86 | [log] [download] |
---|---|---|
author | Lennart Poettering <lennart@poettering.net> | Sat Apr 04 12:23:02 2020 +0200 |
committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | Mon Nov 02 19:05:19 2020 +0100 |
tree | 1fff0b1f7316583e6b49894f078a901fec1be974 | |
parent | 7569168bea3d7e11cd3afe6167fcf4a3ac65a1a6 [diff] |
user-util: rework how we validate user names This reworks the user validation infrastructure. There are now two modes. In regular mode we are strict and test against a strict set of valid chars. And in "relaxed" mode we just filter out some really obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but "relaxed" is blacklisting what is really not OK. The idea is that we use strict mode whenver we allocate a new user (i.e. in sysusers.d or homed), while "relaxed" mode is when we process users registered elsewhere, (i.e. userdb, logind, …) The requirements on user name validity vary wildly. SSSD thinks its fine to embedd "@" for example, while the suggested NAME_REGEX field on Debian does not even allow uppercase chars… This effectively liberaralizes a lot what we expect from usernames. The code that warns about questionnable user names is now optional and only used at places such as unit file parsing, so that it doesn't show up on every userdb query, but only when processing configuration files that know better. Fixes: #15149 #15090 (cherry picked from commit 7a8867abfab10e5bbca10590ec2aa40c5b27d8fb) Resolves: #1848373
General information about systemd can be found in the systemd Wiki.
Information about build requirements are provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the HACKING file for information how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list or join our IRC channel.
Stable branches with backported patches are available in the stable repo.