do not let the user choose a reserved username
using the same logic as d-i
This commit is contained in:
parent
0004174bd5
commit
67ebf6ad35
|
@ -0,0 +1,107 @@
|
|||
# Static users from base-passwd/passwd.master (3.5.11).
|
||||
root
|
||||
daemon
|
||||
bin
|
||||
sys
|
||||
sync
|
||||
games
|
||||
man
|
||||
lp
|
||||
mail
|
||||
news
|
||||
uucp
|
||||
proxy
|
||||
www-data
|
||||
backup
|
||||
list
|
||||
irc
|
||||
gnats
|
||||
nobody
|
||||
|
||||
# Other static groups from base-passwd/group.master (3.5.11).
|
||||
adm
|
||||
tty
|
||||
disk
|
||||
kmem
|
||||
dialout
|
||||
fax
|
||||
voice
|
||||
cdrom
|
||||
floppy
|
||||
tape
|
||||
sudo
|
||||
audio
|
||||
dip
|
||||
operator
|
||||
src
|
||||
shadow
|
||||
utmp
|
||||
video
|
||||
sasl
|
||||
plugdev
|
||||
staff
|
||||
users
|
||||
nogroup
|
||||
|
||||
# Reserved usernames listed in base-passwd/README (3.5.11).
|
||||
netplan
|
||||
ftn
|
||||
mysql
|
||||
tac-plus
|
||||
alias
|
||||
qmail
|
||||
qmaild
|
||||
qmails
|
||||
qmailr
|
||||
qmailq
|
||||
qmaill
|
||||
qmailp
|
||||
asterisk
|
||||
vpopmail
|
||||
vchkpw
|
||||
|
||||
# Ubuntu creates the admin group and adds the first user to it in order to
|
||||
# grant them sudo privileges.
|
||||
admin
|
||||
|
||||
# Other miscellaneous system users/groups created by common packages. While
|
||||
# it's useful to add things here that people might run into, it's not
|
||||
# absolutely critical; the worst that will happen is that the installation
|
||||
# will fail at some later point.
|
||||
Debian-exim
|
||||
bind
|
||||
crontab
|
||||
cupsys
|
||||
dcc
|
||||
dhcp
|
||||
dictd
|
||||
dovecot
|
||||
fetchmail
|
||||
firebird
|
||||
ftp
|
||||
fuse
|
||||
gdm
|
||||
haldaemon
|
||||
hplilp
|
||||
identd
|
||||
jwhois
|
||||
klog
|
||||
lpadmin
|
||||
maas
|
||||
messagebus
|
||||
mythtv
|
||||
netdev
|
||||
powerdev
|
||||
radvd
|
||||
saned
|
||||
sbuild
|
||||
scanner
|
||||
slocate
|
||||
ssh
|
||||
sshd
|
||||
ssl-cert
|
||||
sslwrap
|
||||
statd
|
||||
syslog
|
||||
telnetd
|
||||
tftpd
|
|
@ -57,9 +57,11 @@ parts:
|
|||
echo "get passwd/user-default-groups" | \
|
||||
debconf-communicate user-setup | \
|
||||
cut -d ' ' -f 2- > users-and-groups
|
||||
cp /usr/lib/user-setup/reserved-usernames .
|
||||
stage-packages: [libc6]
|
||||
stage:
|
||||
- users-and-groups
|
||||
- reserved-usernames
|
||||
kbdnames:
|
||||
plugin: dump
|
||||
build-packages:
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
|
||||
from urwid import (
|
||||
|
@ -116,6 +117,10 @@ _ssh_import_data = {
|
|||
|
||||
class IdentityForm(Form):
|
||||
|
||||
def __init__(self, reserved_usernames):
|
||||
self.reserved_usernames = reserved_usernames
|
||||
super().__init__()
|
||||
|
||||
realname = RealnameField(_("Your name:"))
|
||||
hostname = UsernameField(
|
||||
_("Your server's name:"),
|
||||
|
@ -151,15 +156,21 @@ class IdentityForm(Form):
|
|||
return _("Hostname must match NAME_REGEX, i.e. [a-z_][a-z0-9_-]*")
|
||||
|
||||
def validate_username(self):
|
||||
if len(self.username.value) < 1:
|
||||
username = self.username.value
|
||||
if len(username) < 1:
|
||||
return _("Username missing")
|
||||
|
||||
if len(self.username.value) > USERNAME_MAXLEN:
|
||||
if len(username) > USERNAME_MAXLEN:
|
||||
return _("Username too long, must be < ") + str(USERNAME_MAXLEN)
|
||||
|
||||
if not re.match(r'[a-z_][a-z0-9_-]*', self.username.value):
|
||||
if not re.match(r'[a-z_][a-z0-9_-]*', username):
|
||||
return _("Username must match NAME_REGEX, i.e. [a-z_][a-z0-9_-]*")
|
||||
|
||||
if username in self.reserved_usernames:
|
||||
return _(
|
||||
'The username "{username}" is reserved for use by the system.'
|
||||
).format(username=username)
|
||||
|
||||
def validate_password(self):
|
||||
if len(self.password.value) < 1:
|
||||
return _("Password must be set")
|
||||
|
@ -293,7 +304,21 @@ class IdentityView(BaseView):
|
|||
self.opts = opts
|
||||
self.items = []
|
||||
|
||||
self.form = IdentityForm()
|
||||
reserved_usernames_path = (
|
||||
os.path.join(os.environ.get("SNAP", "."), "reserved-usernames"))
|
||||
reserved_usernames = set()
|
||||
if os.path.exists(reserved_usernames_path):
|
||||
with open(reserved_usernames_path) as fp:
|
||||
for line in fp:
|
||||
line = line.strip()
|
||||
if line.startswith('#') or not line:
|
||||
continue
|
||||
reserved_usernames.add(line)
|
||||
else:
|
||||
reserved_usernames.add('root')
|
||||
|
||||
self.form = IdentityForm(reserved_usernames)
|
||||
|
||||
connect_signal(self.form, 'submit', self.done)
|
||||
connect_signal(self.form.confirm_password.widget, 'change',
|
||||
self._check_password)
|
||||
|
|
Loading…
Reference in New Issue