From fpscha@mecon.gov.ar  Tue Jan 28 06:31:03 2003
Return-Path: <fpscha@mecon.gov.ar>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D7DC037B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 06:31:03 -0800 (PST)
Received: from relay2.mecon.ar (relay2.mecon.ar [168.101.16.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 42BEA43F75
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 06:31:02 -0800 (PST)
	(envelope-from fpscha@mecon.gov.ar)
Received: from racing.mecon.ar (racing.mecon.ar [168.101.133.15])
	by relay2.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEV0XC000449
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 11:31:00 -0300 (ART)
	(envelope-from fpscha@mecon.gov.ar)
Received: from racing.mecon.ar (meyosp.mecon.gov.ar [10.11.0.149])
	by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEUtQh098458
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 11:30:55 -0300 (ART)
	(envelope-from fpscha@mecon.gov.ar)
Received: from bal740r0.mecon.gov.ar (bal740r0.mecon.ar [10.11.1.11])
	by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h0SEUrGS098451
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 11:30:54 -0300 (ART)
	(envelope-from fpscha@mecon.gov.ar)
Received: from bal740r0.mecon.gov.ar (localhost [127.0.0.1])
	by bal740r0.mecon.gov.ar (8.12.6/8.12.6) with ESMTP id h0SEUr52001130
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 28 Jan 2003 11:30:53 -0300 (ART)
	(envelope-from fpscha@bal740r0.mecon.gov.ar)
Received: (from fpscha@localhost)
	by bal740r0.mecon.gov.ar (8.12.6/8.12.6/Submit) id h0SEUrUF001129;
	Tue, 28 Jan 2003 11:30:53 -0300 (ART)
	(envelope-from fpscha)
Message-Id: <200301281430.h0SEUrUF001129@bal740r0.mecon.gov.ar>
Date: Tue, 28 Jan 2003 11:30:53 -0300 (ART)
From: Fernando Schapachnik <fernando@mecon.gov.ar>
Reply-To: Fernando Schapachnik <fernando@mecon.gov.ar>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATH] passwd(5) incorrectly states allowed username and group syntax
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47594
>Category:       docs
>Synopsis:       [patch] passwd(5) incorrectly states allowed username and group syntax
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    wblock
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 28 06:40:08 PST 2003
>Closed-Date:    Thu May 29 02:27:10 UTC 2014
>Last-Modified:  Thu May 29 02:30:00 UTC 2014
>Originator:     Fernando Schapachnik
>Release:        FreeBSD 4.7-RELEASE-p3 i386
>Organization:
>Environment:
System: FreeBSD bal740r0.mecon.gov.ar 4.7-RELEASE-p3 FreeBSD 4.7-RELEASE-p3 #2: Mon Jan 6 15:33:54 ART 2003 root@bal740r0.mecon.gov.ar:/usr/obj/usr/src/sys/BAL740R0 i386

Also -CURRENT.


	
>Description:

passwd(5) incorrectly states the allowed syntax.

	
>How-To-Repeat:
	
>Fix:

The attached patch (in two flavours, for 4.7-R, and -CURRENT) explicitly lists
disallowed chars in the username and group fields.

I suggest that a reminder is put in pw/pw_user.c, so that the code in pw_checkname
is kept in sync with the man page.

Please somebody check the spelling and grammar, as I'm not a native speaker.

The patch also accounts for the changes made in 1.53 in response to
bin/28773 and bin/46890.


Patch for 4.7-R:

--- passwd.5.ori	Tue Jan 28 10:30:25 2003
+++ passwd.5	Tue Jan 28 11:10:35 2003
@@ -90,8 +90,21 @@
 entries, and that one by random selection.
 .Pp
 The login name must never begin with a hyphen
-.Pq Ql \&- ;
-also, it is strongly
+.Pq Ql \&-
+and should not contain 8-bit characters, neither tab nor spaces, colons
+.Pq Ql \&: ,
+quotes
+.Pq Ql \&" ,
+mathematical and comparison operators
+.Pq Ql \&+*-%^<>=# ,
+parenthesis
+.Pq Ql \&() ,
+and various punctuation and other symbols
+.Pq Ql \&,&$!@~?|\/ .
+As a special case to help Samba users, the dollar symbol
+.Pq Ql \&$
+is allowed as the last character.
+Also, it is strongly
 suggested that neither upper-case characters nor dots
 .Pq Ql \&.
 be part
@@ -116,6 +129,7 @@
 this field indicates the user's primary group.
 Secondary group memberships are selected in
 .Pa /etc/group .
+Rules for valid group syntax are the same as for usernames.
 .Pp
 The
 .Ar class


Patch for -CURRENT:

--- /tmp/passwd.5	Tue Jan 28 11:19:35 2003
+++ passwd.5	Tue Jan 28 11:27:14 2003
@@ -114,7 +114,12 @@
 that manipulate these files will often return only one of the multiple
 entries, and that one by random selection.
 .Pp
-The login name must never begin with a hyphen (``-''); also, it is strongly
+The login name must never begin with a hyphen (``-'')
+and should not contain 8-bit characters, neither tab nor spaces,
+quotes (``"''), mathematical and comparison operators (``+*-%^<>=#''),
+parenthesis (``()'') and various punctuation and other symbols
+(``,&$!@~?|\/'').  As a special case to help Samba users, the dollar
+symbol (``$'') is allowed as the last character.  Also, it is strongly
 suggested that neither upper-case characters or dots (``.'') be part
 of the name, as this tends to confuse mailers.  No field may contain a
 colon (``:'') as this has been used historically to separate the fields
@@ -133,7 +138,8 @@
 The group field is the group that the user will be placed in upon login.
 Since this system supports multiple groups (see
 .Xr groups 1 )
-this field currently has little special meaning.
+this field currently has little special meaning.  Rules for valid group
+syntax are the same as for usernames.
 .Pp
 The
 .Ar class


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Thu Jan 17 13:16:50 UTC 2008 
Responsible-Changed-Why:  
I'll look into this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47594 
Responsible-Changed-From-To: remko->freebsd-doc 
Responsible-Changed-By: remko 
Responsible-Changed-When: Thu Sep 27 07:37:52 UTC 2012 
Responsible-Changed-Why:  
reassign to the pool, i have held this locked too long 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47594 

From: venture37 <venture37@geeklan.co.uk>
To: bug-followup@FreeBSD.org, fernando@mecon.gov.ar
Cc:  
Subject: Re: docs/47594: [patch] passwd(5) incorrectly states allowed username
 and group syntax
Date: Mon, 26 May 2014 07:19:31 +0100

 This is a multi-part message in MIME format.
 --------------070708080302060506070403
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Attached is a diff which applies to -HEAD (r266021)
 Checked contents of badchars in pw_checkname(), usr.sbin/pw/pw_user.c to 
 see if the list is still correct.
 
 --------------070708080302060506070403
 Content-Type: text/plain; charset=UTF-8;
  name="passwd.txt"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="passwd.txt"
 
 Index: share/man/man5/passwd.5
 ===================================================================
 --- share/man/man5/passwd.5	(revision 266021)
 +++ share/man/man5/passwd.5	(working copy)
 @@ -126,8 +126,21 @@
  entries, and that one by random selection.
  .Pp
  The login name must never begin with a hyphen
 -.Pq Ql - ;
 -also, it is strongly
 +.Pq Ql \&-
 +and should not contain 8-bit characters, neither tab nor spaces, colons
 +.Pq Ql \&: ,
 +quotes
 +.Pq Ql \&" ,
 +mathematical and comparison operators
 +.Pq Ql \&+*-%^<>=# ,
 +parenthesis
 +.Pq Ql \&() ,
 +and various punctuation and other symbols
 +.Pq Ql \&,&$!@~?|\[rs]/ .
 +As a special case to help Samba users, the dollar symbol
 +.Pq Ql \&$
 +is allowed as the last character.
 +Also, it is strongly
  suggested that neither upper-case characters or dots
  .Pq Ql \&.
  be part
 
 --------------070708080302060506070403--
Responsible-Changed-From-To: freebsd-doc->wblock 
Responsible-Changed-By: wblock 
Responsible-Changed-When: Mon May 26 16:02:00 UTC 2014 
Responsible-Changed-Why:  
Take. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47594 
State-Changed-From-To: open->closed 
State-Changed-By: wblock 
State-Changed-When: Thu May 29 02:26:40 UTC 2014 
State-Changed-Why:  
Modified version of patch committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47594 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: docs/47594: commit references a PR
Date: Thu, 29 May 2014 02:26:16 +0000 (UTC)

 Author: wblock (doc committer)
 Date: Thu May 29 02:26:12 2014
 New Revision: 266828
 URL: http://svnweb.freebsd.org/changeset/base/266828
 
 Log:
   Correct the description of characters allowed.  Based on pw_checkname in
   usr.sbin/pw/pw_user.c.  Modified version of patch submitted by
   venture37.
   
   PR:		docs/47594
   Submitted by:	Fernando Schapachnik <fernando@mecon.gov.ar>, venture37 <venture37@geeklan.co.uk>
   Reviewed by:	allanjude, bcr, brueffer (on phabricator)
   MFC after:	1 week
 
 Modified:
   head/share/man/man5/passwd.5
 
 Modified: head/share/man/man5/passwd.5
 ==============================================================================
 --- head/share/man/man5/passwd.5	Thu May 29 01:42:22 2014	(r266827)
 +++ head/share/man/man5/passwd.5	Thu May 29 02:26:12 2014	(r266828)
 @@ -125,19 +125,29 @@ Routines
  that manipulate these files will often return only one of the multiple
  entries, and that one by random selection.
  .Pp
 -The login name must never begin with a hyphen
 -.Pq Ql - ;
 -also, it is strongly
 -suggested that neither upper-case characters or dots
 -.Pq Ql \&.
 -be part
 -of the name, as this tends to confuse mailers.
 +The login name must not begin with a hyphen
 +.Pq Ql \&- ,
 +and cannot contain 8-bit characters, tabs or spaces, or any of these
 +symbols:
 +.Ql \&,:+&#%^\&(\&)!@~*?<>=|\e\\&/" .
 +The dollar symbol
 +.Pq Ql \&$
 +is allowed only as the last character for use with Samba.
  No field may contain a
  colon
  .Pq Ql \&:
  as this has been used historically to separate the fields
  in the user database.
  .Pp
 +Case is significant.
 +Login names
 +.Ql Lrrr
 +and
 +.Ql lrrr
 +represent different users.
 +Be aware of this when interoperating with systems that do not have
 +case-sensitive login names.
 +.Pp
  In the
  .Nm master.passwd
  file,
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
