HardenedBSD/usr.sbin/pw
Ed Maste 8d2dbd281f pw useradd: Validate the user name before creating the entry
Previouly it was possible to create users with spaces in the name with:
pw useradd -u 1234 -g 1234 -n 'test user'

The "-g 1234" is relevant, without it the name was already rejected
as expected:

[fk@test ~]$ sudo pw useradd -u 1234 -n 'test user'
pw: invalid character ` ' at position 4 in userid/group name

Bug unintentionally found with a salt config without explicit name entry:

test user:
  user.present:
    - uid: 1234
    - gid: 1234
    - fullname: Test user
    - shell: /usr/local/bin/bash
    - home: /home/test
    - groups:
      - wheel
      - salt

"Luckily" salt modules rarely bother with input validation either ...

PR:		221416
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
MFC after:	1 week
2017-08-19 00:32:26 +00:00
..
tests pw useradd: Validate the user name before creating the entry 2017-08-19 00:32:26 +00:00
bitmap.c
bitmap.h
cpdir.c
grupd.c
Makefile
Makefile.depend
psdate.c
psdate.h
pw_conf.c
pw_group.c
pw_log.c
pw_nis.c
pw_user.c pw useradd: Validate the user name before creating the entry 2017-08-19 00:32:26 +00:00
pw_utils.c
pw_vpw.c
pw.8
pw.c
pw.conf.5
pw.h
pwupd.c
pwupd.h
README
rm_r.c
strtounum.c

pw is a command-line driven passwd/group editor utility that provides
an easy and safe means of modifying of any/all fields in the system
password files, and has an add, modify and delete mode for user and
group records. Command line options have been fashioned to be similar
to those used by the Sun/shadow commands: useradd, usermod, userdel,
groupadd, groupmod, groupdel, but combines all operations within the
single command `pw'.

User add mode also provides a means of easily setting system useradd
defaults (see pw.conf.5), so that adding a user is as easy as issuing
the command "pw useradd <loginid>". Creation of a unique primary
group for each user and automatic membership in secondary groups
is fully supported.

This program may be FreeBSD specific, but should be trivial to port to
other bsd4.4 variants.

Author and maintainer: David L. Nugent, <davidn@blaze.net.au>

$FreeBSD$