diff options
| author | Martin Langhoff <martin@laptop.org> | 2010-10-08 15:58:33 -0400 |
|---|---|---|
| committer | Martin Langhoff <martin@laptop.org> | 2010-10-08 15:58:33 -0400 |
| commit | 2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb (patch) | |
| tree | 85ad3fb60fdb02d583712c92e52f13510b4b4555 | |
| parent | acb83aa413bf68fd504d8920ea26c9494f0c9ea8 (diff) | |
| download | idmgr-2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb.zip idmgr-2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb.tar.gz idmgr-2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb.tar.bz2 | |
Fix registration failure when user nickname contains ':' SL#2152
we were not filtering the content of the GECOS field. Turns out
useradd/usermod disallow ':' because it's the passwd field separator.
So clear it out, rather than failing. "Little Bobby Smiley :-)" isn't trying
to exploit XS.
(Escape handling is otherwise sane -- my "`touch /tmp/powned`" users
all registered safely.)
| -rwxr-xr-x | scripts/create_user | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/scripts/create_user b/scripts/create_user index 96cd522..bc4c7f6 100755 --- a/scripts/create_user +++ b/scripts/create_user @@ -57,6 +57,9 @@ echo "$username" | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' &> /dev/null || die "bad u if [ "$PASSWD_ONLY" == '0' ]; then echo "$pubkey" | grep -s -E '^[A-Za-z0-9+/=]+$' &> /dev/null || die "bad public key" fi +# cleanup gecos -- useradd/usermod only block ':' from +# gecos field +full_name=`echo "$full_name" | sed 's/://g'` homedir=/library/users/$username XO_USERS_GROUP=xousers |