> On Aug 18, 2017, at 17:32, Ed Maste <ema...@freebsd.org> wrote: > > Author: emaste > Date: Sat Aug 19 00:32:26 2017 > New Revision: 322678 > URL: https://svnweb.freebsd.org/changeset/base/322678 > > Log: > pw useradd: Validate the user name before creating the entry > > Previouly it was possible to create users with spaces in the name with: > pw useradd -u 1234 -g 1234 -n 'test user' > > The "-g 1234" is relevant, without it the name was already rejected > as expected: > > [fk@test ~]$ sudo pw useradd -u 1234 -n 'test user' > pw: invalid character ` ' at position 4 in userid/group name > > Bug unintentionally found with a salt config without explicit name entry: > > test user: > user.present: > - uid: 1234 > - gid: 1234 > - fullname: Test user > - shell: /usr/local/bin/bash > - home: /home/test > - groups: > - wheel > - salt > > "Luckily" salt modules rarely bother with input validation either ... > > PR: 221416 > Submitted by: Fabian Keil > Obtained from: ElectroBSD > MFC after: 1 week > > Modified: > head/usr.sbin/pw/pw_user.c > head/usr.sbin/pw/tests/pw_useradd_test.sh
Usernames with passwords are permitted in some cases, e.g., AD. Thanks, -Ngie
signature.asc
Description: Message signed with OpenPGP using GPGMail
