summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@omgwallhack.org>2011-04-24 13:28:25 -0700
committerJoe Rayhawk <jrayhawk@omgwallhack.org>2011-04-24 13:28:25 -0700
commit4d19e0af572486ff0cd38b365dfc7411a8207837 (patch)
treea95b2febbba5a76dedd3ffc421b8f49d36193fa1
parentffab3ec34b9fd949a9877d0a19182b58911424da (diff)
downloadpiny-code-4d19e0af572486ff0cd38b365dfc7411a8207837.tar.gz
piny-code-4d19e0af572486ff0cd38b365dfc7411a8207837.zip
Adding new <32 character limit to usernames
-rw-r--r--docs/architecture/data.mdwn4
-rw-r--r--docs/issues/repo_name_limit.mdwn2
-rw-r--r--libpiny/lib/Piny/User.pm4
-rwxr-xr-xpinyadmin/sbin/newuser8
-rw-r--r--pinyweb/suid/piny-suid.c2
5 files changed, 10 insertions, 10 deletions
diff --git a/docs/architecture/data.mdwn b/docs/architecture/data.mdwn
index c86ec15..cc824ab 100644
--- a/docs/architecture/data.mdwn
+++ b/docs/architecture/data.mdwn
@@ -4,11 +4,11 @@ Dynamic data lookup should opportunisticly cache any associated cheap data. For
[[!table format=dsv delimiter=# data="""
datum #stored location #constraint
-username #usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/
+username #usually $ENV{SUDO_USER} # !~ /^git-|^iki-/ and =~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/
uid #/etc/passwd # None
email #/etc/passwd GECOS #Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 );
repoaccess #/etc/group git-$reponame entry # None
-reponame #/srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]+$/
+reponame #/srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]*$/
repodescription #/srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/
repoowner #stat /srv/git/$reponame.git/objects uid; might be better as first non-ikiwiki user in /etc/group git-$reponame entry # None
repoglobalwritable #stat /srv/git/$reponame.git/objects o+w bit # None
diff --git a/docs/issues/repo_name_limit.mdwn b/docs/issues/repo_name_limit.mdwn
index 68a77f5..6059178 100644
--- a/docs/issues/repo_name_limit.mdwn
+++ b/docs/issues/repo_name_limit.mdwn
@@ -4,6 +4,6 @@
* Opened by: jrayhawk
### Discussion
-Problem: Repository names are restricted to 24 characters by the groupname limit in libc6 plus our use of the iki- prefix.
+Problem: Repository names are restricted to 28 characters by the groupname limit in libc6 plus our use of the iki- prefix.
Possible solution: optional use of truncated md5 (the first character needing to be a letter) hash of reponame as groupnames, restriction of usernames to 31 characters to keep namespaces isolated, check in newrepo for hash collision before actions are taken
diff --git a/libpiny/lib/Piny/User.pm b/libpiny/lib/Piny/User.pm
index f742f87..90742e7 100644
--- a/libpiny/lib/Piny/User.pm
+++ b/libpiny/lib/Piny/User.pm
@@ -18,8 +18,8 @@ use Piny::Group;
subtype 'Username'
=> as 'Str'
- => where { $_ =~ /^(?!(git|iki)-)[a-zA-Z][a-zA-Z0-9_.-]*$/ }
- => message { if ( /^((?:git|iki)-|[^a-zA-Z])/ ) { "Usernames are not allowed to begin with $1" } elsif ( /([^a-zA-Z0-9_.-])/ ) { "Usernames are not allowed to contain $1" } else { "Invalid username" } }
+ => where { $_ =~ /^(?!(git|iki)-)[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ }
+ => message { if ( /^((?:git|iki)-|[^a-zA-Z])/ ) { "Usernames are not allowed to begin with $1" } elsif ( /([^a-zA-Z0-9_.-])/ ) { "Usernames are not allowed to contain $1" } elsif ( /[a-zA-Z0-9_.-]{32,}/ ) { "Usernames are not allowed to be more than 31 bytes" } else { "Invalid username" } }
;
# Attributes
diff --git a/pinyadmin/sbin/newuser b/pinyadmin/sbin/newuser
index 7b864b7..a6bcf4d 100755
--- a/pinyadmin/sbin/newuser
+++ b/pinyadmin/sbin/newuser
@@ -80,8 +80,8 @@ if ( scalar @ARGV == 3 and $ARGV[0] eq "--batch" ) {
next;
};
- if ( $username !~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ ) {
- print "Usernames must consist only of letters, digits, underscores, periods, and dashes, and not start with a dash. Usernames are case sensitive.\n";
+ if ( $username !~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ ) {
+ print "Usernames must be less than 32 bytes long, consist only of letters, digits, underscores, periods, and dashes, and must start with a letter. Usernames are case sensitive.\n";
next
};
@@ -119,8 +119,8 @@ if ( scalar @ARGV == 3 and $ARGV[0] eq "--batch" ) {
# pathways to get to this point, but only a single path from here on down.
if ( not defined $email or $email eq "" ) { print "Email address is undefined!\n"; exit 3; };
if ( not defined $username or $username eq "" ) { print "Username is undefined!\n"; exit 3; };
-if ( $username =~ /^(git|iki)-/ ) { print "Username must not begin with git- or iki-!\n"; exit 3; };
-if ( $username !~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ ) { print "Usernames must consist only of letters, digits, underscores, periods, and dashes, and not start with a dash. Usernames are case sensitive.\n" };
+if ( $username =~ /^(git|iki)-/ ) { print "Username must not begin with git- or iki-!\n"; exit 3; };
+if ( $username !~ /^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$/ ) { print "Usernames must be less than 32 bytes long, consist only of letters, digits, underscores, periods, and dashes, and must start with a letter. Usernames are case sensitive.\n" };
if ( not defined $password or $password eq "" ) { print "Password is undefined!\n"; exit 3; };
# Here on down is the actual creation code.
diff --git a/pinyweb/suid/piny-suid.c b/pinyweb/suid/piny-suid.c
index 0fbaddb..40c497f 100644
--- a/pinyweb/suid/piny-suid.c
+++ b/pinyweb/suid/piny-suid.c
@@ -22,7 +22,7 @@ int main( int argc, char *argv[] ) {
regex_t user_reg;
// Please note that these regular expressions should duplicate the language for usernames described in Piny::User.
- if ( ( err = regcomp( &user_reg, "^[a-zA-Z][a-zA-Z0-9_.-]*$", REG_EXTENDED | REG_NOSUB ) ) != 0 ) {
+ if ( ( err = regcomp( &user_reg, "^[a-zA-Z][a-zA-Z0-9_.-]{0,30}$", REG_EXTENDED | REG_NOSUB ) ) != 0 ) {
size_t sz = regerror( err, &user_reg, NULL, 0 );
char buf[sz];
regerror( err, &user_reg, buf, sz );