> Why doesn't login_yubikey just use getpwnam() to check if the
> user exists like the other login_* mechs?
Why make it simple if there are exciting pattern matching options like
regexp or multiple if-statements ;-)
Index: login_yubikey.c
===================================================================
RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
retrieving revision 1.4
diff -u -r1.4 login_yubikey.c
--- login_yubikey.c 1 Feb 2012 16:07:28 -0000 1.4
+++ login_yubikey.c 4 Apr 2012 15:00:10 -0000
@@ -54,7 +54,6 @@
static const char *path = "/var/db/yubikey";
-static int clean_string(const char *);
static int yubikey_login(const char *, const char *);
int
@@ -102,8 +101,8 @@
/* passed by sshd(8) for non-existing users */
if (!strcmp(username, "NOUSER"))
exit(EXIT_FAILURE);
- if (!clean_string(username)) {
- syslog(LOG_ERR, "clean_string username");
+ if (getpwnam(username) == NULL) {
+ syslog(LOG_ERR, "invalid user %s", username);
exit(EXIT_FAILURE);
}
@@ -160,17 +159,6 @@
}
closelog();
return (EXIT_SUCCESS);
-}
-
-static int
-clean_string(const char *s)
-{
- while (*s) {
- if (!isalnum(*s) && *s != '-' && *s != '_')
- return (0);
- ++s;
- }
- return (1);
}
static int
