From d29b2a8defd58dfbc0015704d97432db33fcd201 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 9 Sep 2014 17:39:08 +0200
Subject: [PATCH] disallow all-numeric user and group names (#1139318)

---
 shadow-4.1.5.1-goodname.patch | 30 +++++++++++++++++++++++-------
 shadow-utils.spec             |  5 ++++-
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/shadow-4.1.5.1-goodname.patch b/shadow-4.1.5.1-goodname.patch
index 1fdd84f..06c0de6 100644
--- a/shadow-4.1.5.1-goodname.patch
+++ b/shadow-4.1.5.1-goodname.patch
@@ -1,9 +1,12 @@
 diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
 --- shadow-4.1.5.1/libmisc/chkname.c.goodname	2009-07-13 00:24:45.000000000 +0200
-+++ shadow-4.1.5.1/libmisc/chkname.c	2012-09-19 18:43:53.492160653 +0200
-@@ -49,20 +49,28 @@
++++ shadow-4.1.5.1/libmisc/chkname.c	2014-09-09 17:35:17.207303124 +0200
+@@ -47,27 +47,42 @@
+ #include "chkname.h"
+ 
  static bool is_valid_name (const char *name)
- {
+-{
++{      
  	/*
 -	 * User/group names must match [a-z_][a-z0-9_-]*[$]
 -	 */
@@ -14,7 +17,11 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
 +         *
 +         * as a non-POSIX, extension, allow "$" as the last char for
 +         * sake of Samba 3.x "add machine script"
++         *
++         * Also do not allow fully numeric names.
 +         */
++	int numeric;
++
 +	if ( ('\0' == *name) ||
 +             !((*name >= 'a' && *name <= 'z') ||
 +               (*name >= 'A' && *name <= 'Z') ||
@@ -24,6 +31,8 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
  		return false;
  	}
  
++	numeric = isdigit(*name);
++
  	while ('\0' != *++name) {
 -		if (!(( ('a' <= *name) && ('z' >= *name) ) ||
 -		      ( ('0' <= *name) && ('9' >= *name) ) ||
@@ -39,10 +48,17 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
 +                     )) {
  			return false;
  		}
++		numeric &= isdigit(*name);
  	}
+ 
+-	return true;
++	return !numeric;
+ }
+ 
+ bool is_valid_user_name (const char *name)
 diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
 --- shadow-4.1.5.1/man/groupadd.8.xml.goodname	2012-05-25 13:45:27.000000000 +0200
-+++ shadow-4.1.5.1/man/groupadd.8.xml	2012-09-19 18:43:53.492160653 +0200
++++ shadow-4.1.5.1/man/groupadd.8.xml	2014-09-09 17:28:46.330300342 +0200
 @@ -259,12 +259,6 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
@@ -58,7 +74,7 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
       <para>
 diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8
 --- shadow-4.1.5.1/man/man8/groupadd.8.goodname	2012-05-25 13:58:40.000000000 +0200
-+++ shadow-4.1.5.1/man/man8/groupadd.8	2012-09-19 18:44:42.175123079 +0200
++++ shadow-4.1.5.1/man/man8/groupadd.8	2014-09-09 17:28:46.330300342 +0200
 @@ -190,9 +190,7 @@ Shadow password suite configuration\&.
  .RE
  .SH "CAVEATS"
@@ -72,7 +88,7 @@ diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/gro
  .PP
 diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8
 --- shadow-4.1.5.1/man/man8/useradd.8.goodname	2012-05-25 13:59:28.000000000 +0200
-+++ shadow-4.1.5.1/man/man8/useradd.8	2012-09-19 18:46:09.249033949 +0200
++++ shadow-4.1.5.1/man/man8/useradd.8	2014-09-09 17:28:46.330300342 +0200
 @@ -224,7 +224,7 @@ is not enabled, no home directories are
  .PP
  \fB\-M\fR
@@ -93,7 +109,7 @@ diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/user
  .PP
 diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
 --- shadow-4.1.5.1/man/useradd.8.xml.goodname	2012-05-25 13:45:29.000000000 +0200
-+++ shadow-4.1.5.1/man/useradd.8.xml	2012-09-19 18:43:53.493160675 +0200
++++ shadow-4.1.5.1/man/useradd.8.xml	2014-09-09 17:28:46.330300342 +0200
 @@ -366,7 +366,7 @@
  	</term>
  	<listitem>
diff --git a/shadow-utils.spec b/shadow-utils.spec
index a546b6d..97923b7 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.1.5.1
-Release: 18%{?dist}
+Release: 19%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
@@ -236,6 +236,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Tue Sep  9 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-19
+- disallow all-numeric user and group names (#1139318)
+
 * Fri Aug 29 2014 Tomas Mraz <tmraz@redhat.com> - 2:4.1.5.1-18
 - label the newly created home dir correctly (#1077809)
 - mention that chage -d 0 forces password change (#1135010)