Roland,

The responses I gave were based on the passwd(4) man page as a reference.
Is this inappropriate or is the man page wrong?

Roland Mainz wrote:
> Niall Power wrote:
>   
>> Roland Mainz wrote:
>>     
>>> Niall Power wrote:
>>>       
>>>> While I essentially agree with Roland, the GUI shouldn't be doing any of 
>>>> the login name validation to begin with. The orchestrator should be doing 
>>>> the necessary validation and informing the GUI of whether the login name 
>>>> is valid or not, much like PAM currently does for password management.
>>>>
>>>> In this case, looking at passwd(4) manpage, it states:
>>>> "The login  (login)  and  role  (role)  fields
>>>> accept  a  string of no more than eight bytes
>>>> consisting of  characters....."
>>>> So counting in bytes looks appropriate to me.
>>>>         
>>> I strongly disagree.
>>>       
>> What specifically are you disagreeing with?
>>     
>
> I disagree that the limit should be counted in bytes... and technically
> the limit (if you want to count in bytes) should be 32bytes as set by
> the extended accounting project (which was AFAIK added in Solaris 8).
>  
>   
>>>  Other Unix versions and Linux evolved to a point
>>> where they accept multibyte characters as input and when you need
>>> interoperabilty with Windows (where you can use (a subset, e.g. not
>>> special charcters like '\' etc.) Unicode characters for login names)
>>> then you're ending up either with complex account name mapping,
>>> automatic transliteration (which is insecure) or just support non-ASCII
>>> login names (and right now I'm really in the mood to fight up to a point
>>> of making an ARC case... grrr... :-) ).
>>>       
>> I'm not disagreeing with anything you say in principal, but I don't see
>> how it's
>> relevant to this code review.
>>     
>
> Well, the code tries to add an artifical limit and then (IMO) even does
> the measurement wrong... ;-(
>   
It doesn't seem very artificial to the person who reported this bug :-/

To the best of my knowledge, the installer adds the user account using 
the useradd
command. According to the useradd man page:

useradd requires that usernames be in the format described
in passwd(4). A warning message is displayed if these res-
trictions are not met. See passwd(4) for the requirements
for usernames.

According to the passwd(4) man page:

The login (login) and role (role) fields
accept a string of no more than eight bytes
consisting of characters from the set of
alphabetic characters, numeric characters,

>> We're bound by the limitations of what
>> OpenSolaris supports
>> now
>>     
>
> Erm... the current OpenSolaris codebase has no (big) problems with
> multibyte login names... however this patch would create a _new_ problem
> ...
>   
# useradd -d /export/home/reallylongname reallylongname
UX: useradd: reallylongname name too long.

# useradd -d /export/home/reallylongname ???
UX: useradd: ERROR: ??? is not a valid login name. Choose another.


Thanks,
Niall.
>> and it's not within our scope to fix those limitations. This goes
>> way beyond the scope of the installer.
>>     
>
> If the installer prevents people from using multibyte login names how
> should the remaining problems be found&&fixed ?
>
> ----
>
> Bye,
> Roland
>
>   


Reply via email to