[libfko] allow MS compatible usernames

Allow usernames that are compatible with Microsoft guidelines as defined here: http://technet.microsoft.com/en-us/library/bb726984.aspx This allows for greater compatibility between fwknop clients on Windows (for example that may be deployed with Cygwin) and fwknopd on other systems. This change was suggested by Gerry Reno, and tracked by Github issue #114.
2014-03-09 23:12:53 -04:00 · 2014-03-09 23:12:53 -04:00 · b5eb857533
commit b5eb857533
parent 0bae1a5a1b
3 changed files with 58 additions and 28 deletions
--- a/lib/fko_user.c
+++ b/lib/fko_user.c
@ -144,15 +144,42 @@ validate_username(const char *username)
    if(username == NULL || strnlen(username, MAX_SPA_USERNAME_SIZE) == 0)
        return(FKO_ERROR_INVALID_DATA_USER_MISSING);

-    /* Make sure it is just alpha-numeric chars, dashes, dots, and underscores
+    /* Exclude a few chars - this list is consistent with MS guidance since
+     * libfko runs on Windows:
+     *      http://technet.microsoft.com/en-us/library/bb726984.aspx
    */
-    if(isalnum(username[0]) == 0)
-        return(FKO_ERROR_INVALID_DATA_USER_FIRSTCHAR_VALIDFAIL);
-
-    for (i=1; i < (int)strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+    for (i=0; i < (int)strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+    {
        if((isalnum(username[i]) == 0)
-                && username[i] != '-' && username[i] != '_' && username[i] != '.')
-            return(FKO_ERROR_INVALID_DATA_USER_REMCHAR_VALIDFAIL);
+                && ((username[i] < 0x20 || username[i] > 0x7e)
+                /* Not allowed chars: " / \ [ ] : ; | = , + * ? < >
+                */
+                || (username[i] == 0x22
+                    || username[i] == 0x2f
+                    || username[i] == 0x5c
+                    || username[i] == 0x5b
+                    || username[i] == 0x5d
+                    || username[i] == 0x3a
+                    || username[i] == 0x3b
+                    || username[i] == 0x7c
+                    || username[i] == 0x3d
+                    || username[i] == 0x2c
+                    || username[i] == 0x2b
+                    || username[i] == 0x2a
+                    || username[i] == 0x3f
+                    || username[i] == 0x3c
+                    || username[i] == 0x3e)))
+        {
+            if(i == 0)
+            {
+                return(FKO_ERROR_INVALID_DATA_USER_FIRSTCHAR_VALIDFAIL);
+            }
+            else
+            {
+                return(FKO_ERROR_INVALID_DATA_USER_REMCHAR_VALIDFAIL);
+            }
+        }
+    }

    return FKO_SUCCESS;
 }
--- a/perl/FKO/t/04_fuzzing.t
+++ b/perl/FKO/t/04_fuzzing.t
@ -40,16 +40,16 @@ my @fuzzing_client_timeouts = (

 my @fuzzing_usernames = (
    'A'x1000,
-    "-1",
-    -1,
-    '123%123',
-    '123$123',
-    '-user',
-    '_user',
-    '-User',
-    ',User',
-    'part1 part2',
-    'a:b',
+    ",1",
+    '123>123',
+    '123<123',
+    '123' . pack('a', "\x10"),
+    '*-user',
+    '?user',
+    'User+',
+    'U+er',
+    'part1|part2',
+    'a:b'
 );

 my @fuzzing_nat_access_msgs = (
--- a/test/test-fwknop.pl
+++ b/test/test-fwknop.pl
@ -2645,9 +2645,12 @@ sub valid_usernames() {
        'test_test',
        'someuser',
        'someUser',
-        'USER',
+        'part1 part2',
+        'U%ER',
        'USER001',
-        '00001'
+        -1,
+        '00001',
+        '00$01'
    );
    return \@users;
 }
@ -2655,16 +2658,16 @@ sub valid_usernames() {
 sub fuzzing_usernames() {
    my @users = (
        'A'x1000,
-        "-1",
-        -1,
+        ",1",
 #        pack('a', ""),
-        '123%123',
-        '123$123',
-        '-user',
-        '_user',
-        '-User',
-        ',User',
-        'part1 part2',
+        '123>123',
+        '123<123',
+        '123' . pack('a', "\x10"),
+        '*-user',
+        '?user',
+        'User+',
+        'U+er',
+        'part1|part2',
        'a:b'
    );
    return \@users;