add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names
This commit is contained in:
jdolecek
parent
60fef07963
commit
8e401e6c31
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: security.conf,v 1.13 2004/09/28 15:03:58 erh Exp $
|
||||
# $NetBSD: security.conf,v 1.14 2005/02/05 15:26:37 jdolecek Exp $
|
||||
#
|
||||
# /etc/defaults/security.conf --
|
||||
# default configuration of /etc/security.conf
|
||||
|
|
@ -38,5 +38,6 @@ check_mtree_follow_symlinks=NO
|
|||
check_passwd_nowarn_shells="/sbin/nologin /usr/libexec/uucp/uucico"
|
||||
check_passwd_nowarn_users=""
|
||||
check_passwd_permit_star=NO
|
||||
check_passwd_permit_nonalpha=NO
|
||||
max_loginlen=8
|
||||
max_grouplen=8
|
||||
|
|
|
|||
12
etc/security
12
etc/security
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh -
|
||||
#
|
||||
# $NetBSD: security,v 1.93 2004/11/21 19:00:12 kim Exp $
|
||||
# $NetBSD: security,v 1.94 2005/02/05 15:26:37 jdolecek Exp $
|
||||
# from: @(#)security 8.1 (Berkeley) 6/9/93
|
||||
#
|
||||
|
||||
|
|
@ -183,10 +183,15 @@ if checkyesno check_passwd; then
|
|||
# XXX: the sense of permit_star is reversed; the code works as
|
||||
# implemented, but usage needs to be negated.
|
||||
checkyesno check_passwd_permit_star && permit_star=0 || permit_star=1
|
||||
checkyesno check_passwd_permit_nonalpha \
|
||||
&& permit_nonalpha=1 || permit_nonalpha=0
|
||||
|
||||
awk -v "len=$max_loginlen" \
|
||||
-v "nowarn_shells_list=$check_passwd_nowarn_shells" \
|
||||
-v "nowarn_users_list=$check_passwd_nowarn_users" \
|
||||
-v "permit_star=$permit_star" '
|
||||
-v "permit_star=$permit_star" \
|
||||
-v "permit_nonalpha=$permit_nonalpha" \
|
||||
'
|
||||
BEGIN {
|
||||
while ( getline < "/etc/shells" > 0 ) {
|
||||
if ($0 ~ /^\#/ || $0 ~ /^$/ )
|
||||
|
|
@ -216,7 +221,8 @@ if checkyesno check_passwd; then
|
|||
NR;
|
||||
next;
|
||||
}
|
||||
if ($1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])*$/)
|
||||
if (!permit_nonalpha &&
|
||||
$1 !~ /^[A-Za-z0-9]([-A-Za-z0-9]*[A-Za-z0-9])*$/)
|
||||
printf "Login %s has non-alphanumeric characters.\n",
|
||||
$1;
|
||||
if (length($1) > len)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
.\" $NetBSD: security.conf.5,v 1.27 2004/09/28 15:19:02 wiz Exp $
|
||||
.\" $NetBSD: security.conf.5,v 1.28 2005/02/05 15:26:38 jdolecek Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1996 Matthew R. Green
|
||||
.\" All rights reserved.
|
||||
|
|
@ -26,7 +26,7 @@
|
|||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd September 28, 2004
|
||||
.Dd Febrary 5, 2005
|
||||
.Dt SECURITY.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
|
@ -190,6 +190,11 @@ This is of particular value when those shells are not in
|
|||
If
|
||||
.Sy check_passwd
|
||||
is enabled, suppress warnings for these users.
|
||||
.It Sy check_passwd_permit_nonalpha
|
||||
If
|
||||
.Sy check_passwd
|
||||
is enabled, do not warn about login names, which use non-alphanumeric
|
||||
characters.
|
||||
.It Sy check_passwd_permit_star
|
||||
If
|
||||
.Sy check_passwd
|
||||
|
|
|
|||
Loading…
Reference in New Issue