diff options
| author |   Ed Maste <emaste@FreeBSD.org> | 2017-08-19 00:32:26 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2017-08-19 00:32:26 +0000 |
| commit | aedba1a35eab0e795ce8bc54ad0be75390cb512b (patch) | |
| tree | 148d5c2f0fc0e88423bd475ce4415515dd8b4a11 /pw/pw_user.c | |
| parent | adfec1630313d82cd79f0d7a2ecefc14629fd610 (diff) | |
| download | pw-darwin-aedba1a35eab0e795ce8bc54ad0be75390cb512b.tar.gz pw-darwin-aedba1a35eab0e795ce8bc54ad0be75390cb512b.tar.zst pw-darwin-aedba1a35eab0e795ce8bc54ad0be75390cb512b.zip | |
pw useradd: Validate the user name before creating the entry
Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'
The "-g 1234" is relevant, without it the name was already rejected
as expected:
[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name
Bug unintentionally found with a salt config without explicit name entry:
test user:
user.present:
- uid: 1234
- gid: 1234
- fullname: Test user
- shell: /usr/local/bin/bash
- home: /home/test
- groups:
- wheel
- salt
"Luckily" salt modules rarely bother with input validation either ...
PR: 221416
Submitted by: Fabian Keil
Obtained from: ElectroBSD
MFC after: 1 week
Diffstat (limited to 'pw/pw_user.c')
| -rw-r--r-- | pw/pw_user.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pw/pw_user.c b/pw/pw_user.c index a71be12..92d5c6c 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -1202,7 +1202,7 @@ pw_user_add(int argc, char **argv, char *arg1) if (arg1[strspn(arg1, "0123456789")] == '\0') id = pw_checkid(arg1, UID_MAX); else - name = arg1; + name = pw_checkname(arg1, 0); } while ((ch = getopt(argc, argv, args)) != -1) { @@ -1214,7 +1214,7 @@ pw_user_add(int argc, char **argv, char *arg1) quiet = true; break; case 'n': - name = optarg; + name = pw_checkname(optarg, 0); break; case 'u': userid = optarg; |