svn commit: r322678 - in head/usr.sbin/pw: . tests
Ngie Cooper (yaneurabeya)
yaneurabeya at gmail.com
Sat Aug 19 01:09:16 UTC 2017
> On Aug 18, 2017, at 17:32, Ed Maste <emaste at freebsd.org> wrote:
>
> Author: emaste
> Date: Sat Aug 19 00:32:26 2017
> New Revision: 322678
> URL: https://svnweb.freebsd.org/changeset/base/322678
>
> Log:
> pw useradd: Validate the user name before creating the entry
>
> Previouly it was possible to create users with spaces in the name with:
> pw useradd -u 1234 -g 1234 -n 'test user'
>
> The "-g 1234" is relevant, without it the name was already rejected
> as expected:
>
> [fk at test ~]$ sudo pw useradd -u 1234 -n 'test user'
> pw: invalid character ` ' at position 4 in userid/group name
>
> Bug unintentionally found with a salt config without explicit name entry:
>
> test user:
> user.present:
> - uid: 1234
> - gid: 1234
> - fullname: Test user
> - shell: /usr/local/bin/bash
> - home: /home/test
> - groups:
> - wheel
> - salt
>
> "Luckily" salt modules rarely bother with input validation either ...
>
> PR: 221416
> Submitted by: Fabian Keil
> Obtained from: ElectroBSD
> MFC after: 1 week
>
> Modified:
> head/usr.sbin/pw/pw_user.c
> head/usr.sbin/pw/tests/pw_useradd_test.sh
Usernames with passwords are permitted in some cases, e.g., AD.
Thanks,
-Ngie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20170818/1dbc6244/attachment.sig>
More information about the svn-src-all
mailing list