On Mon, 2022-07-04 at 08:54 +0200, Marc Haber wrote:
> Hi Matt,
>
> thanks for checking this.
>
> On Sun, Jul 03, 2022 at 09:16:49PM -0400, Matt Barry wrote:
> > 1st check: all-numeric, always rejected
> > 2nd check: ieee 1003.1-2001, minimal requirements [0]
> > 3rd check: user-configurable *NAME_REGEX
> > 4th: (possible override --allow-badname)
>
> So the hardcoded
> if ($name !~ /^[_.A-Za-z0-9][-\@_.A-Za-z0-9]*\$?$/) {
> is the IEEE 1003.1-2001 check? Does it make sense to have this
> non-overridable?I think there should be *some* non-overrideable minimum standard, if only to keep unicode usernames out. (which I suggest just because I have no idea what could break. I'm not a zealot for 1003.1-2001, but its as good a line as any to draw.) > > While the error message is clear, how about having this at least in a > variable like $ieee1003_regex? Sure, that's easy enough. > > > > The docs desribe --force-badname as "weak checks applied"; this > > could > > be clarified, but I don't think its urgent. > > We have this in #774046, I planned to do some work o this myself. > > > As I write this, the most confusing part is that there are three > > separate checks for all-numeric names; I have a patch to simplify > > this. > > Thank you. > > How deeply are we testing the username checks in the suite? I'd like > the > test suite to throw some corner cases on both sides of the red line > at > adduser and see whether it does what is intended. Fairly basic (valid_username.t). Tests a numeric username, tests a dotted name with and without the configuration to pass it, tests NAME_REGEX and SYS_NAME_REGEX. More edge cases could certainly be added here. Cheers, Matt
signature.asc
Description: This is a digitally signed message part
