[Commits] idmgr branch master updated.

Martin Langhoff martin at laptop.org
Fri Oct 8 16:03:58 EDT 2010


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "/home/olpc-code/git/projects/idmgr".

The branch, master has been updated
       via  2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb (commit)
      from  acb83aa413bf68fd504d8920ea26c9494f0c9ea8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

 scripts/create_user |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

- Log -----------------------------------------------------------------
commit 2384a1b0b578c3fc9eeaa5e8b7d9c1617ca9f0eb
Author: Martin Langhoff <martin at laptop.org>
Date:   Fri Oct 8 15:58:33 2010 -0400

    Fix registration failure when user nickname contains ':' SL#2152
    
    we were not filtering the content of the GECOS field. Turns out
    useradd/usermod disallow ':' because it's the passwd field separator.
    
    So clear it out, rather than failing.  "Little Bobby Smiley :-)" isn't trying
    to exploit XS.
    
    (Escape handling is otherwise sane -- my "`touch /tmp/powned`" users
    all registered safely.)

diff --git a/scripts/create_user b/scripts/create_user
index 96cd522..bc4c7f6 100755
--- a/scripts/create_user
+++ b/scripts/create_user
@@ -57,6 +57,9 @@ echo "$username" | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' &> /dev/null || die "bad u
 if [ "$PASSWD_ONLY" == '0' ]; then
 	echo "$pubkey" | grep -s -E '^[A-Za-z0-9+/=]+$' &> /dev/null || die "bad public key"
 fi
+# cleanup gecos -- useradd/usermod only block ':' from
+# gecos field
+full_name=`echo "$full_name" | sed 's/://g'`
 
 homedir=/library/users/$username
 XO_USERS_GROUP=xousers
-----------------------------------------------------------------------


--
/home/olpc-code/git/projects/idmgr


More information about the Commits mailing list