add validation for usernames and groupnames

2020-10-19 12:14:00 +02:00 · 2020-10-19 12:14:00 +02:00 · d09f861ab0
commit d09f861ab0
parent 7ec3bc3f0c
3 changed files with 23 additions and 14 deletions
--- a/src/group/mod.rs
+++ b/src/group/mod.rs
@ -30,11 +30,7 @@ impl Display for Groupname {
 impl TryFrom<String> for Groupname {
    type Error = UserLibError;
    fn try_from(source: String) -> std::result::Result<Self, Self::Error> {
-        lazy_static! {
-            static ref USERVALIDATION: Regex =
-                Regex::new("^[a-z_]([a-z0-9_\\-]{0,31}|[a-z0-9_\\-]{0,30}\\$)$").unwrap();
-        }
-        if USERVALIDATION.is_match(&source) {
+        if is_groupname_valid(&source) {
            Ok(Self { groupname: source })
        } else if source == "Debian-exim" {
            warn!("username {} is not a valid username. This might cause problems. (It is default in Debian and Ubuntu)", source);
@ -48,6 +44,11 @@ impl TryFrom<String> for Groupname {
    }
 }

+pub(crate) fn is_groupname_valid(name: &str) -> bool {
+    // for now just use the username validation.
+    crate::user::passwd_fields::is_username_valid(name)
+}
+
 /// A record(line) in the user database `/etc/shadow` found in most linux systems.
 #[derive(Debug, PartialEq, Eq)]
 pub struct Group {
--- a/src/user/passwd_fields.rs
+++ b/src/user/passwd_fields.rs
@ -35,11 +35,7 @@ impl Display for Username {
 impl TryFrom<String> for Username {
    type Error = UserLibError;
    fn try_from(source: String) -> std::result::Result<Self, Self::Error> {
-        lazy_static! {
-            static ref USERVALIDATION: Regex =
-                Regex::new("^[a-z_]([a-z0-9_\\-]{0,31}|[a-z0-9_\\-]{0,30}\\$)$").unwrap();
-        }
-        if USERVALIDATION.is_match(&source) {
+        if is_username_valid(&source) {
            Ok(Self { username: source })
        } else if source == "Debian-exim" {
            warn!("username {} is not a valid username. This might cause problems. (It is default in Debian and Ubuntu)", source);
@ -53,6 +49,14 @@ impl TryFrom<String> for Username {
    }
 }

+pub(crate) fn is_username_valid(name: &str) -> bool {
+    lazy_static! {
+        static ref USERVALIDATION: Regex =
+            Regex::new("^[a-z_]([a-z0-9_\\-]{0,31}|[a-z0-9_\\-]{0,30}\\$)$").unwrap();
+    }
+    USERVALIDATION.is_match(name)
+}
+
 #[derive(Debug, PartialEq, Eq)]
 pub enum Password {
    Encrypted(crate::EncryptedPassword),
--- a/src/userlib.rs
+++ b/src/userlib.rs
@ -124,12 +124,14 @@ use crate::api::UserDBValidation;
 impl UserDBValidation for UserDBLocal {
    fn is_uid_valid_and_free(&self, uid: u32) -> bool {
        warn!("No valid check, only free check");
-        self.users.iter().all(|(_, u)| u.get_uid() != uid)
+        let free = self.users.iter().all(|(_, u)| u.get_uid() != uid);
+        free
    }

    fn is_username_valid_and_free(&self, name: &str) -> bool {
-        warn!("No valid check, only free check");
-        self.get_user_by_name(name).is_none()
+        let valid = crate::user::passwd_fields::is_username_valid(name);
+        let free = self.get_user_by_name(name).is_none();
+        valid && free
    }

    fn is_gid_valid_and_free(&self, gid: u32) -> bool {
@ -139,7 +141,9 @@ impl UserDBValidation for UserDBLocal {

    fn is_groupname_valid_and_free(&self, name: &str) -> bool {
        warn!("No valid check, only free check");
-        self.groups.iter().all(|x| x.get_groupname() != name)
+        let valid = crate::group::is_groupname_valid(name);
+        let free = self.groups.iter().all(|x| x.get_groupname() != name);
+        valid && free
    }
 }