[libfko] allow MS compatible usernames
authorMichael Rash <mbr@cipherdyne.org>
Mon, 10 Mar 2014 03:12:53 +0000 (23:12 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Mon, 10 Mar 2014 03:12:53 +0000 (23:12 -0400)
Allow usernames that are compatible with Microsoft guidelines as defined
here:

http://technet.microsoft.com/en-us/library/bb726984.aspx

This allows for greater compatibility between fwknop clients on Windows
(for example that may be deployed with Cygwin) and fwknopd on other
systems.  This change was suggested by Gerry Reno, and tracked by Github
issue #114.

lib/fko_user.c
perl/FKO/t/04_fuzzing.t
test/test-fwknop.pl

index 4783458..4db6a9e 100644 (file)
@@ -144,15 +144,42 @@ validate_username(const char *username)
     if(username == NULL || strnlen(username, MAX_SPA_USERNAME_SIZE) == 0)
         return(FKO_ERROR_INVALID_DATA_USER_MISSING);
 
-    /* Make sure it is just alpha-numeric chars, dashes, dots, and underscores
+    /* Exclude a few chars - this list is consistent with MS guidance since
+     * libfko runs on Windows:
+     *      http://technet.microsoft.com/en-us/library/bb726984.aspx
     */
-    if(isalnum(username[0]) == 0)
-        return(FKO_ERROR_INVALID_DATA_USER_FIRSTCHAR_VALIDFAIL);
-
-    for (i=1; i < (int)strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+    for (i=0; i < (int)strnlen(username, MAX_SPA_USERNAME_SIZE); i++)
+    {
         if((isalnum(username[i]) == 0)
-                && username[i] != '-' && username[i] != '_' && username[i] != '.')
-            return(FKO_ERROR_INVALID_DATA_USER_REMCHAR_VALIDFAIL);
+                && ((username[i] < 0x20 || username[i] > 0x7e)
+                /* Not allowed chars: " / \ [ ] : ; | = , + * ? < >
+                */
+                || (username[i] == 0x22
+                    || username[i] == 0x2f
+                    || username[i] == 0x5c
+                    || username[i] == 0x5b
+                    || username[i] == 0x5d
+                    || username[i] == 0x3a
+                    || username[i] == 0x3b
+                    || username[i] == 0x7c
+                    || username[i] == 0x3d
+                    || username[i] == 0x2c
+                    || username[i] == 0x2b
+                    || username[i] == 0x2a
+                    || username[i] == 0x3f
+                    || username[i] == 0x3c
+                    || username[i] == 0x3e)))
+        {
+            if(i == 0)
+            {
+                return(FKO_ERROR_INVALID_DATA_USER_FIRSTCHAR_VALIDFAIL);
+            }
+            else
+            {
+                return(FKO_ERROR_INVALID_DATA_USER_REMCHAR_VALIDFAIL);
+            }
+        }
+    }
 
     return FKO_SUCCESS;
 }
index 48da09a..acd397f 100644 (file)
@@ -40,16 +40,16 @@ my @fuzzing_client_timeouts = (
 
 my @fuzzing_usernames = (
     'A'x1000,
-    "-1",
-    -1,
-    '123%123',
-    '123$123',
-    '-user',
-    '_user',
-    '-User',
-    ',User',
-    'part1 part2',
-    'a:b',
+    ",1",
+    '123>123',
+    '123<123',
+    '123' . pack('a', "\x10"),
+    '*-user',
+    '?user',
+    'User+',
+    'U+er',
+    'part1|part2',
+    'a:b'
 );
 
 my @fuzzing_nat_access_msgs = (
index 5047f99..21a1724 100755 (executable)
@@ -2645,9 +2645,12 @@ sub valid_usernames() {
         'test_test',
         'someuser',
         'someUser',
-        'USER',
+        'part1 part2',
+        'U%ER',
         'USER001',
-        '00001'
+        -1,
+        '00001',
+        '00$01'
     );
     return \@users;
 }
@@ -2655,16 +2658,16 @@ sub valid_usernames() {
 sub fuzzing_usernames() {
     my @users = (
         'A'x1000,
-        "-1",
-        -1,
+        ",1",
 #        pack('a', ""),
-        '123%123',
-        '123$123',
-        '-user',
-        '_user',
-        '-User',
-        ',User',
-        'part1 part2',
+        '123>123',
+        '123<123',
+        '123' . pack('a', "\x10"),
+        '*-user',
+        '?user',
+        'User+',
+        'U+er',
+        'part1|part2',
         'a:b'
     );
     return \@users;