On Mon, Jul 04, 2022 at 08:57:54AM -0400, Matt Barry wrote:
> On Mon, 2022-07-04 at 08:54 +0200, Marc Haber wrote:
> > On Sun, Jul 03, 2022 at 09:16:49PM -0400, Matt Barry wrote:
> > > 1st check: all-numeric, always rejected
> > > 2nd check: ieee 1003.1-2001, minimal requirements [0]
> > > 3rd check: user-configurable *NAME_REGEX
> > > 4th: (possible override --allow-badname)
> >
> > So the hardcoded
> > if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
> > is the IEEE 1003.1-2001 check? Does it make sense to have this
> > non-overridable?
>
> I think there should be *some* non-overrideable minimum standard, if
> only to keep unicode usernames out. (which I suggest just because I
> have no idea what could break. I'm not a zealot for 1003.1-2001, but
> its as good a line as any to draw.)
We've been having this for quite a while, didn't we? If so, we should
keep it.
>From my experience, Enterprise directory services either allow next to
nothing, because they still honor the limitation of a 1970ies mainframe
(four character user names, 7 bit ascii only, the first character being
the department letter, resulting in user names like ub1e or uncu) or
everything that AD alows including cyrillic, arabian and emojis.
But since we are exclusively worrying about local system accounts (phew,
we finally got rid of the vision to support arbitrary directory
services), 1003.1-2001 is just fine.
> > While the error message is clear, how about having this at least in a
> > variable like $ieee1003_regex?
>
> Sure, that's easy enough.
I like that very much, many people don't read comments too exactly. And
I am guilty as charged in that regard, your honor.
> > How deeply are we testing the username checks in the suite? I'd like
> > the
> > test suite to throw some corner cases on both sides of the red line
> > at
> > adduser and see whether it does what is intended.
>
> Fairly basic (valid_username.t). Tests a numeric username, tests a
> dotted name with and without the configuration to pass it, tests
> NAME_REGEX and SYS_NAME_REGEX. More edge cases could certainly be
> added here.
Thank you, that sounds good. Maybe we should add at least one entirely
absurd user name just for the laughs.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
