Bug#774046: marked as done ([adduser] weak username check provided by --force-badname does not match useradd capability)

Wed, 13 Jul 2022 12:07:05 -0700 

Your message dated Wed, 13 Jul 2022 19:03:47 +0000
with message-id <[email protected]>
and subject line Bug#774046: fixed in adduser 3.122
has caused the Debian Bug report #774046,
regarding [adduser] weak username check provided by --force-badname does not 
match useradd capability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
774046: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774046
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: adduser
Version: 3.113+nmu3
Severity: normal
Tags: patch

--- Please enter the report below this line. ---
In the man page for this command is written:
>   --force-badname 
>          By default, user and group names are checked against the
>          configurable regular expression NAME_REGEX specified in       
>          the configuration file. This option forces adduser and
>          addgroup to apply only a weak check for validity of the
>          name.
Also:
> root@Kirk:/home# adduser --help
> adduser [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
> [--firstuid ID] [--lastuid ID] [--gecos GECOS] [--ingroup GROUP | --gid ID]
> [--disabled-password] [--disabled-login] USER
>    Add a normal user
> 
> adduser --system [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID]
> [--gecos GECOS] [--group | --ingroup GROUP | --gid ID] [--disabled-password]
> [--disabled-login] USER
>    Add a system user
> 
> adduser --group [--gid ID] GROUP
> addgroup [--gid ID] GROUP
>    Add a user group
> 
> addgroup --system [--gid ID] GROUP
>    Add a system group
> 
> adduser USER GROUP
>    Add an existing user to an existing group
> 
> general options:
>   --quiet | -q      don't give process information to stdout
>   --force-badname   allow usernames which do not match the
>                     NAME_REGEX configuration variable
>   --help | -h       usage message
>   --version | -v    version number and copyright
>   --conf | -c FILE  use FILE as configuration file
> 

It is not obvious what that weak check *IS* however the --help
reiterates that --force-badname should bypass the NAME_REGEX
configuration variable - which I found (commented out) lurking at the
bottom of /etc/adduser.conf:
> root@Kirk:/home# tail -4 /etc/adduser.conf
>
> 
> # check user and group names also against this regular expression.
> #NAME_REGEX="^[a-z][-a-z0-9_]*\$"
I have found that what is accepted does not include accented characters
when encoded in Utf-8.  Perusing the Perl code for this command reveals
this:
> # checkname: perform some sanity checks
> # parameters:
> #   none
> # return values:
> #   none (exits on error)
> sub checkname {
>     my ($name) = @_;
>     if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
>       printf STDERR
> (gtx("%s: To avoid problems, the username should consist only of
> letters, digits, underscores, periods, at signs and dashes, and not start with
> a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
> machine accounts \$ is also supported at the end of the username\n"), $0);
>         exit RET_INVALID_CHARS_IN_NAME;;
>     }
>     if ($name !~ qr/$config{"name_regex"}/) {
>       if ($allow_badname) {
>       print (gtx("Allowing use of questionable username.\n")) if ($verbose);
>       }
>       else {
>         printf STDERR
> (gtx("%s: Please enter a username matching the regular expression configured
> via the NAME_REGEX configuration variable.  Use the `--force-badname'
> option to relax this check or reconfigure NAME_REGEX.\n"), $0);
>         exit RET_INVALID_CHARS_IN_NAME;
>       }
>     }
> }
so this suggests that the pertinent expression is:
[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$

However this seems unduly strong for a *weak* check when compared to the
documentation for the useradd ELF-executable, in particular in the
CAVEATS section is:
> It is usually recommended to only use usernames that begin with a lower case
> letter or an underscore, followed by lower case letters, digits, underscores,
> or dashes. They can end with a dollar sign. In regular expression terms:
> [a-z_][a-z0-9_-]*[$]?
> 
> On Debian, the only constraints are that usernames must neither start with a
> dash('-') nor plus ('+') nor tilde ('~') nor contain a colon (':'), a comma
> (',') or a whitespace (space: ' ', end of line: '\n', tab: '\t', etc.) Note
> that using a slash ('/') may break the default algorithm for the definition
> of the user's home directory.
> 
> Usernames may only be up to 32 characters long.

Sadly, I am not a Perlmunger, but it strikes me that if anyone can
express the above and plug it into that first "if" in the Perl
sub-routine then, on principle of least surprise, what adduser will
accept if *forcible* *told* *to* will actually match what useradd will
handle.

I originally had a much stronger worded post about how adduser seems to
be broken because "adduser --force-badname cáfé" would not work as
described and how by commenting out that 8-line "if" in the Perl
sub-routine I *was* able to create such a user with accented characters.
I now realise that adduser is a Debian wrapper around useradd and it
enforces (or is supposed to) Debian policies - however it still seems
that the documentation could be clearer than it is.

The reason for my raising this is that I am working on a project that
runs on a range of OSs - some of which make no claim to meet
POSIX.1-2008 {that outfit based in Redmond, Washington for instance}
however THAT system permits users to have usernames containing accented
characters - not entirely unreasonable in my opinion, as not everyone in
the world does have a name that can be written with just the ASCII
character set.  This translates into them having home directories that
also contain those characters and we are finding that our project is
breaking for them because it uses files on paths involving their home
directory to save data specific to them.  Not having direct access to a
development environment in THAT Operating System I felt I should be able
to simulate the experiences affected users were having by creating test
accounts with the same name on my favourite OS: Debian GNU/Linux only to
find that I couldn't or at least not without reaching into the internals
and yanking a few things around.

Whilst I recognise that non-ASCII user names being generally accepted
through out a GNU/Linux OS is going to be a wish-list item for the
foreseeable future, adjusting the behaviour of adduser to work to the
limits of the underlying infrastructure "when told to" does not seem so
unreasonable IMHO.

Stephen
--- System information. ---
Architecture: i386
Kernel:       Linux 3.14-0.bpo.2-rt-686-pae

Debian Release: 7.7
[deliberately removed]

--- Package information. ---
Depends             (Version) | Installed
=============================-+-==============
perl-base          (>= 5.6.0) | 5.14.2-21+deb7u2
passwd          (>= 1:4.0.12) | 1:4.1.5.1-1
debconf                       | 1.5.49
 OR debconf-2.0               |


Package's Recommends field is empty.

Suggests                    (Version) | Installed
=====================================-+-===========
liblocale-gettext-perl                | 1.05-7+b1
perl-modules                          | 5.14.2-21+deb7u2

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
Source: adduser
Source-Version: 3.122
Done: Marc Haber <[email protected]>

We believe that the bug you reported is fixed in the latest version of
adduser, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Marc Haber <[email protected]> (supplier of updated adduser 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Jul 2022 20:30:00 +0200
Source: adduser
Architecture: source
Version: 3.122
Distribution: unstable
Urgency: low
Maintainer: Debian Adduser Developers <[email protected]>
Changed-By: Marc Haber <[email protected]>
Closes: 202943 239825 398793 432562 520037 521883 588872 643559 664869 675804 
679746 685532 701110 723572 774046 849265 874560 891748 896916 908997 920739 
923059 925511 926262 969217 977678 979385 983405 992163 1001863 1006897 1006941 
1006975 1007785 1008081 1008091 1014395 1014448
Changes:
 adduser (3.122) unstable; urgency=low
 .
   [ Marc Haber ]
   * improve package description.
   * Standards-Version: 4.6.1 (no changes necessary)
   * clean out EXTRA_GROUPS to only contain users.
     Thanks to Daniel Keast. (Closes: #849265)
   * add SECURITY section to manual pages.
   * add test for backups of home directory.
   * improve and update lintian overrides.
   * Formatting changes to manual pages.
     Thanks to Markus Hiereth. (Closes: #874560)
   * fix some typos in manual pages.
   * set VERBOSE and DEBUG envvars in deluser as well. (Closes: #1006897)
   * add documentation about adduser being a policy layer. (Closes: #1007785)
   * try to clarify system account terminology (policy vs system).
     (Closes: #1006975)
   * Document that only adduser --system is idempotent. (Closes: #723572)
   * error out for two-argument addgroup.
     Thanks to Mike Dornberger. (Closes: #664869)
   * make --add_extra_groups into --add-extra-groups. (Closes: #1014395)
   * --force-badname is now --allow-badname. (Closes: #1014448)
   * update turkish debconf translation.
     Thanks to Atila KOÇ. (Closes: #908997)
   * Update Russian debconf translation.
     Thanks to Lev Lamberov. (Closes: #920739)
   * Update Danish debconf translation (Closes: #923059)
   * Update Italian debconf translation.
     Thanks to Luca Monducci. (Closes: #969217)
   * Update German man page translation.
     Thanks to Helge Kreutzmann. (Closes: #977678)
   * Update European Portuguese translation of man page.
     Thanks to Américo Monteiro. (Closes: #925511)
   * disable translated manpages, none left for the time being.
   * deprecate planned directory service support.
   * Add docs about adduser.local being the place to interact with DS,
   * Some improvements to autopkgtests.
 .
   [ Matt Barry ]
   * System account home dir defaults to /nonexistent. (Closes: #679746)
   * do not accept all-numeric user names. (Closes: #891748)
   * prompts need y/n/empty(default).
   * Implement SYS_DIR_MODE. (Closes: #1008081, #202943, #398793)
   * Implement SYS_NAME_REGEX. (Closes: #521883, #432562)
   * Deprecate SETGID_HOME.
     Add NEWS/TODO items. (Closes: #643559, #979385, #1008091, #643559)
   * Fix ignored files for --remove-all-files.
     (Closes: #1001863, #588872, #926262, #992163)
   * Redefines the default NO_DEL_PATHS to avoid unnecessary
     scanning.
   * Change deluser_files test to use gzip.
   * Fix deletion of sockets/pipes. (Closes: #685532)
   * Simplify checkname sub.  (Closes: #1006941)
   * Adds support for lock files. (Closes: #983405)
   * Username validity testing framework.
   * Add --allow-all-names to bypass --force-badname.
     (Closes: #520037, #774046)
   * use warnf instead of printf in some places. (Closes: #675804)
   * Support tar --auto-compress for backups. (Closes: #896916)
   * Many improvements to autopkgtests. (Closes: 239825)
 .
   [ Jason Franklin ]
   * Allow for cloned-UID users in group member lists.
     Thanks to Daniel Heimann. (Closes: #701110)
Checksums-Sha1:
 5cbcec9f80e5c73198307edb7040c5c12bb35d3f 1683 adduser_3.122.dsc
 ccf7c4e3efec29257e3b484bb53c2a55d69e0455 230224 adduser_3.122.tar.xz
 27c0ec7f2d7048ddfd7f89dc33012bef7a8e5866 5697 adduser_3.122_source.buildinfo
Checksums-Sha256:
 584ed616d8ac705daffc96564ef45fb34f2eb9663f7348013adea0e4539a869c 1683 
adduser_3.122.dsc
 5f093054c0f0c90c313d704f7af6d338f334df793942fafd43e5a8e6c63236c4 230224 
adduser_3.122.tar.xz
 7f92d3de2b5ea8da31088424a2043831dedc8aab8f60158e37455cb3a350d63e 5697 
adduser_3.122_source.buildinfo
Files:
 0c7d4c5bcd648b829bcaa58101fecbb7 1683 admin important adduser_3.122.dsc
 1da1b75966877f902c4b6d0d5f105609 230224 admin important adduser_3.122.tar.xz
 ab9602ba5d83a6de88ab29bb2e76d961 5697 admin important 
adduser_3.122_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE6QL5UJ/L0pcuNEbjj3cgEwEyBEIFAmLPEWMACgkQj3cgEwEy
BELCfhAAujNsWZNpvvi2vpDICGMPprz7MooXq5B4fe6fR6nR5Pizh+0E9Skh7NVl
Z5qJvIzcNcva+/TYkml0wO77H1fPefQ+sgxCHmtUTBwK9LZPdh0b6MrWK7hWnhk0
QI/mRMKoNUrMSpVz6suvetUrHvVymWBv/hsQHTt5uSOAB/Wqwbfdt0VFYgQ2i+Yd
Vtr1+U4yjPZ+j9kAFg7HYnVc2Jh8J07ipRrSRnC07AB3wvwcunUiv2fOzJi4S51S
9n/LllsXNS4629siVKDspKOtaak3dpXRPLHFgB+hPlZRhdCCKWoto9TrY1e3XY8N
zZRSYVULaH9OkuIFx6yoUuChhDmteyZ+C0TJlv+qaigf34/qaqF15pu4ee5ZlmuT
SYHI2vcYQ0yXJ92U2U56hYvlzFZufyopWUQkALKwGEzq13LMlMtTJhKypl2PnwzF
jL/n0r0P92kSUd0BAFuzsdp3PPkQoTG9hSTf5BQAXN9JR1dYkIjc95si8KKZ+FD+
Gda+o46EUo3tLgAYGxStxoPsgNb8n2mePrFB5cXERL84uimeVNMg4Hnmt8+cqnYw
jbdDxODIBNsgoCYEqqTe2NOyBQv5gPb0PXYekiHNFRH70sTJDPIjQkrnrYQX73xZ
W5ap2XFEMpqGrFa8VyUwRl15/MAg5Ds0bRi7GzlGPKIKKK8PFFI=
=6vgg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to