pw useradd: Validate the user name before creating the entry

Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
    - uid: 1234
    - gid: 1234
    - fullname: Test user
    - shell: /usr/local/bin/bash
    - home: /home/test
    - groups:
      - wheel
      - salt

"Luckily" salt modules rarely bother with input validation either ...

PR:		221416
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week

diff --git a/pw/pw_user.c b/pw/pw_user.c
index a71be12def408c57dea6dc2af3084725f8d15fc6..92d5c6c5dbb5c8b94ea213452e1a6f7852cf8ff9 100644 (file)
--- a/pw/pw_user.c
+++ b/pw/pw_user.c
@@ -1202,7 +1202,7 @@ pw_user_add(int argc, char **argv, char *arg1)
                if (arg1[strspn(arg1, "0123456789")] == '\0')
                        id = pw_checkid(arg1, UID_MAX);
                else
-                       name = arg1;
+                       name = pw_checkname(arg1, 0);
        }
 
        while ((ch = getopt(argc, argv, args)) != -1) {
@@ -1214,7 +1214,7 @@ pw_user_add(int argc, char **argv, char *arg1)
                        quiet = true;
                        break;
                case 'n':
-                       name = optarg;
+                       name = pw_checkname(optarg, 0);
                        break;
                case 'u':
                        userid = optarg;