Strcpy concatenates new username to old username length

[Jnchi]

strcpy(it->pw_name,name); //this may be an issue if previous login name was shorter then new one

Source: libnss_pool.c

[Jnchi]

define USER_NAME_MAX_LENGTH 32

Source: shadow-maint/shadow#20

[Jnchi]

const char *name

strcpy(it->pw_name,name)

Test Case:

pw_name 1001, length 4
name jnchi, length 5

/etc/pool-passwd

1001:!:1001:1001:::/bin/bash

Current Behaviour:

getent passwd jnchi; cat /etc/pool-passwd
jnchix:x:1001:1001:::/bin/bash

See also:

• https://linux.die.net/man/3/strcpy

• http://man7.org/linux/man-pages/man3/fgetpwent.3.html

• https://www.tutorialspoint.com/c_standard_library/c_function_strlen.htm

[Jnchi]

For now, I'll just add in a check to ensure that pw_passwd is not shorter than name.

Also, added this script, to dynamically generate long pool usernames.

#!/bin/bash
# generate_pool.sh
set -euo pipefail
IFS=$'\n\t'

create_name() {
  echo "pool_$((RANDOM%10000000000000000000000000000000-99999999999999999999999999999999))"
}

# For more info see `man passwd`
create_passwd_entry() {
  local name=$1
  local uid=$2

  # Default `users` group in Debian
  echo "${name}:!:${uid}:100:::/bin/bash"
}

show_usage() {
  echo 'Usage: generate_pool.sh ${pool_size} ${uid_start}'
  echo "           pool_size - number of users in pool"
  echo "           uid_start - first free uid (check /etc/passwd)"
}

main() {
  if [ "$#" -ne 2 ]; then
    show_usage
    exit 1
  fi

  local pool_size="$1"
  local uid_start="$(expr $2 - 1)"

  for i in $(seq ${pool_size}); do
    create_passwd_entry $(create_name) $(expr $uid_start + $i)
  done
}

main $@

sudo ./generate_pool.sh 1 1001 > /etc/pool-passwd && getent passwd jnchi; cat /etc/pool-passwd; cat
/tmp/debug
jnchi:x:1001:100:::/bin/bash
Read line: pool_8814407033341088000
new pool_8814407033341088000
new jnchi
snprintf, when strlen(buffer)=0 and buflen=1024
Adding to pool-passwd: jnchi:x:1001:100:::/bin/bash
checking buffer