[Pkg-shadow-devel] Bug#264879: two Debian patches for chkname.c

Alexander Gattin Alexander Gattin <arg@online.com.ua>, 264879@bugs.debian.org
Sat, 30 Apr 2005 01:11:07 +0300 

retitle 264879 [POST-SARGE] [ALEXANDER] useradd: colon allowed at start of user/groupname
thanks

Hi!

On Fri, Apr 29, 2005 at 08:01:23AM +0200, Christian Perrier wrote:
> Quoting Alexander Gattin (arg@online.com.ua):
> 
> > So, probably, I'll just commit them in correct order
> > (and with some changes for 256732nd) into
> > CVS/sid/debian/...
> > Does this sound OK for you?
> 
> Well, no. I'd rather upload -32 first, with minimum changes. We have
> to wait until tomorrow when shadow will reach the 10 days delay and
> enter sarge if the release managers have hinted it.
> 
> Then, I will built -32 from our sid branch in the CVS and I'll upload
> it to unstable. And I'll tag the files in the CVS.
> 
> The main feature of -32 will be the switch to dpatch.

Very well then. I moved 2 small patches out of
006_libmisc.dpatch into 4xx serie. I found changelog
entries corresponding to them and bug numbers fixed by
introducing these changes into Debian.

I will commit the 006_libmisc.dpatch split later.

Here's an excerpt from .dpatches desc:

406_good_name.dpatch:
## DP: Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
## DP: 
## DP: I can't come up with a good justification as to why characters other
## DP: than ':'s and '\0's should be disallowed in group and usernames (other
## DP: than '-' as the leading character).  Thus, the maintenance tools don't
## DP: anymore.  closes: #79682, #166798, #171179

407_32char_grnames_240456.dpatch:
## DP: Comments from Karl Ramm (shadow 1:4.0.3-23, 28 Mar 2004 19:46:34 -0500):
## DP: 
## DP: increase maximum group name size to 32 for no particularly good reason
## DP: closes: #240456

IMHO both are Debian-specific (neither is in upstream
of course).

Now the more interesting things. We already had a
discussion whether to use strict or relaxed name
checks, started from bug #264879.

406_good_name.dpatch is effectively the change made by
Karl Ramm to fix #79682, #166798 and #171179, and it
introduces relaxed checking (to allow use of `adduser
--force-badname`, among other reasons).

I agree with Karl on the matter, and this decision
makes the 406th patch clearly Debian-specific.

What #264879 is about is a small error in 406th itself,
which checks for '\0' and ':' everywhere except first
character. So you won't succeed with `useradd us:er`,
only with e.g. `userdd :user`.

I propose to fix just _the precise bug #264879_ by
making a small change to 406_good_name.dpatch and _do_
_not_ adopt good_name from RH or whatever, because
depending on the strictness level chosen we should
correspondingly reopen bugs #79682 (names starting with
digit), or #166798/171179 (uppercase letters). ;)

Also it seems reasonable to disable '\n' in names in
addition to ':' and '\0' (406_good_name.dpatch).

Any comments/suggestions?
-- 
WBR,
xrgtn