> Why doesn't login_yubikey just use getpwnam() to check if the > user exists like the other login_* mechs?
Why make it simple if there are exciting pattern matching options like regexp or multiple if-statements ;-) Index: login_yubikey.c =================================================================== RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v retrieving revision 1.4 diff -u -r1.4 login_yubikey.c --- login_yubikey.c 1 Feb 2012 16:07:28 -0000 1.4 +++ login_yubikey.c 4 Apr 2012 15:00:10 -0000 @@ -54,7 +54,6 @@ static const char *path = "/var/db/yubikey"; -static int clean_string(const char *); static int yubikey_login(const char *, const char *); int @@ -102,8 +101,8 @@ /* passed by sshd(8) for non-existing users */ if (!strcmp(username, "NOUSER")) exit(EXIT_FAILURE); - if (!clean_string(username)) { - syslog(LOG_ERR, "clean_string username"); + if (getpwnam(username) == NULL) { + syslog(LOG_ERR, "invalid user %s", username); exit(EXIT_FAILURE); } @@ -160,17 +159,6 @@ } closelog(); return (EXIT_SUCCESS); -} - -static int -clean_string(const char *s) -{ - while (*s) { - if (!isalnum(*s) && *s != '-' && *s != '_') - return (0); - ++s; - } - return (1); } static int