[Bug 221416] pw useradd accepts invalid user names

2017-08-18 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221416

Ed Maste  changed:

   What|Removed |Added

   Assignee|freebsd-bugs@FreeBSD.org|ema...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 221416] pw useradd accepts invalid user names

2017-08-18 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221416

Ed Maste  changed:

   What|Removed |Added

 Status|New |Open
 CC||ema...@freebsd.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 221416] pw useradd accepts invalid user names

2017-08-11 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221416

Bug ID: 221416
   Summary: pw useradd accepts invalid user names
   Product: Base System
   Version: CURRENT
  Hardware: Any
OS: Any
Status: New
  Keywords: patch, regression
  Severity: Affects Some People
  Priority: ---
 Component: bin
  Assignee: freebsd-bugs@FreeBSD.org
  Reporter: f...@fabiankeil.de
 Flags: mfc-stable10?, mfc-stable11?

Created attachment 185282
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=185282=edit
pw useradd: Validate the user name before creating the entry

When the -g option is used, pw useradd doesn't validate the user name.

A command like:
pw useradd -u 1234 -g 1234 -n 'test user'
creates an invalid user.

The "-g 1234" is relevant, without it the name is rejected as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
- uid: 1234
- gid: 1234
- fullname: Test user
- shell: /usr/local/bin/bash
- home: /home/test
- groups:
  - wheel
  - salt

"Luckily" salt modules rarely bother with input validation either ...

This regression was introduced when pw was refactored in 2015.

The attached patch fixes the issue and adds regression tests.

Obtained from: ElectroBSD

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"