From: Максим <herobrine135111@gmail.com>
To: Oliver Kiddle <opk@zsh.org>
Cc: zsh-workers@zsh.org
Subject: Re: $watch, log and Cyrillic usernames
Date: Sat, 7 Oct 2023 19:49:00 +0300 [thread overview]
Message-ID: <CAHJ=x4bJMREcasAK_CdR7qd9uKH8NgT-_qxXimEb3EADNZzOkw@mail.gmail.com> (raw)
In-Reply-To: <51326-1696644317.959346@Oqom.p2Z_.86FS>
[-- Attachment #1: Type: text/plain, Size: 4633 bytes --]
Found out that there is no need in bypassing "adduser", as this command
works just fine:
% adduser --allow-all-names --home /root --shell /usr/bin/zsh Плохой
So it is actually possible to create user with unicode username in a
correct way (at least on Linux).
Now about the patch:
% watch=(all); log
root has logged on /proc/10045/fd/2 from .
Студент has logged on pts/29 from 127.0.0.1.
% watch=(notme); log # Broken
root has logged on /proc/10045/fd/2 from .
Студент has logged on pts/29 from 127.0.0.1.
% watch=(Студент); log
Студент has logged on pts/29 from 127.0.0.1.
Also tested "too long" username:
% echo ${#USERNAME}
33
% watch=(all); log
root has logged on /proc/10045/fd/2 from .
oooooooooooooooooooooooooooooooo has logged on pts/29 from 127.0.0.1.
% watch=(notme); log
root has logged on /proc/10045/fd/2 from .
% watch=(${(l:33::o:):-}); log
% watch=(${(l:32::o:):-}); log
oooooooooooooooooooooooooooooooo has logged on pts/29 from .
And no, Cygwin usernames are case-sensitive.
Sent via Gmail
сб, 7 окт. 2023 г., 05:05 Oliver Kiddle <opk@zsh.org>:
> Максим wrote:
> > Hello again. I found another bug with cyrillic usernames in zsh (again on
> > Cygwin, but can be reproduced on Linux)
>
> Reproducing does involve bypassing utilities like useradd which complain
> about invalid usernames. But I can imagine such rules will increasingly
> be relaxed and there's no reason for zsh to make assumptions.
>
> > % watch=(Студент); log # ("Студент" record is missing)
>
> The value from $watch is metafied and that's what patcompile() and
> pattry() need so the fix below uses metafy() on the username from
> utmp.
>
> However, in looking closer at the code I observed the existing use of
> sizeof(u->ut_name) which is 32 on my system. So I tried creating 32 and
> 33 character usernames (which, incidentally, useradd was happy with) and
> as I suspected u->ut_name is not null-terminated for these. So the patch
> uses strnlen() with the sizeof() for n to get the length to pass
> to metafy(). We have no existing uses of strnlen() but I don't foresee
> portability issues given that it is attributed to the 2008 POSIX
> standard and is supported in Solaris 10 which is from a few years prior
> to that. If needed, it'd be easy to provide an alternative
> implementation.
>
> To match the 33 character username, it does need to be truncated in
> $watch. last -w does manage to print the full username, would be good
> to know how. For the hostname, our code was using strlen() rather than
> sizeof(). I can't see why this would be needed. I would have tried
> putting UTF-8 in my hosts file to test that that but I'm only getting IP
> addresses in utmp. I guess we could do reverse lookups but it hardly
> seems worth it for the amount of use watch/log likely get these days.
>
> The example also uses an uppercase letter. Usernames on Unix are
> case-sensitive but it wouldn't surprise me if they aren't on Cygwin.
> If so, should we add #ifdefs for that?
>
> Oliver
>
> diff --git a/Src/Modules/watch.c b/Src/Modules/watch.c
> index 0de8cbf9a..2ad962fb6 100644
> --- a/Src/Modules/watch.c
> +++ b/Src/Modules/watch.c
> @@ -423,20 +423,22 @@ watchlog2(int inout, WATCH_STRUCT_UTMP *u, char
> *fmt, int prnt, int fini)
> /* See if the watch entry matches */
>
> static int
> -watchlog_match(char *teststr, char *actual, int len)
> +watchlog_match(char *teststr, char *actual, size_t buflen)
> {
> int ret = 0;
> Patprog pprog;
> char *str = dupstring(teststr);
> + int len = strnlen(actual, buflen);
> + char *user = metafy(actual, len, META_USEHEAP);
>
> tokenize(str);
>
> if ((pprog = patcompile(str, PAT_STATIC, 0))) {
> queue_signals();
> - if (pattry(pprog, actual))
> + if (pattry(pprog, user))
> ret = 1;
> unqueue_signals();
> - } else if (!strncmp(actual, teststr, len))
> + } else if (!strcmp(user, teststr))
> ret = 1;
> return ret;
> }
> @@ -488,7 +490,7 @@ watchlog(int inout, WATCH_STRUCT_UTMP *u, char **w,
> char *fmt)
> for (vv = ++v; *vv && *vv != '%'; vv++);
> sav = *vv;
> *vv = '\0';
> - if (!watchlog_match(v, u->ut_host, strlen(v)))
> + if (!watchlog_match(v, u->ut_host, sizeof(u->ut_host)))
> bad = 1;
> *vv = sav;
> v = vv;
>
[-- Attachment #2: Type: text/html, Size: 6666 bytes --]
next prev parent reply other threads:[~2023-10-07 16:49 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-05 21:29 Максим
2023-10-05 21:42 ` Bart Schaefer
2023-10-07 2:05 ` Oliver Kiddle
2023-10-07 16:49 ` Максим [this message]
2023-10-08 0:24 ` Oliver Kiddle
2023-10-08 6:20 ` Максим
2023-10-08 21:47 ` metafy() (was Re: $watch, log and Cyrillic usernames) Oliver Kiddle
2023-10-09 2:01 ` Bart Schaefer
2023-10-10 21:46 ` Oliver Kiddle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHJ=x4bJMREcasAK_CdR7qd9uKH8NgT-_qxXimEb3EADNZzOkw@mail.gmail.com' \
--to=herobrine135111@gmail.com \
--cc=opk@zsh.org \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).