Bug 1005287

Summary: GECOS field accepting wrong format
Product: Red Hat Enterprise Linux 6 Reporter: Varun Mylaraiah <mvarun>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED NOTABUG QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5CC: jhrozek, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-09 10:10:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Varun Mylaraiah 2013-09-06 15:16:47 UTC 
Description of problem:
GECOS field excepting wrong format

Version-Release number of selected component (if applicable):
ipa-server-3.0.0-34.el6.x86_64 and ipa-server-3.3.1-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:

[root@server65 ~]# ipa user-add gecosuser
First name: gecosuser
Last name: gecosuser
----------------------
Added user "gecosuser"
----------------------
  User login: gecosuser
  First name: gecosuser
  Last name: gecosuser
  Full name: gecosuser gecosuser
  Display name: gecosuser gecosuser
  Initials: gg
  Home directory: /home/gecosuser
  GECOS field: gecosuser gecosuser    <----------------------------
  Login shell: /bin/sh
  Kerberos principal: gecosuser
  Email address: gecosuser
  UID: 1804400085
  GID: 1804400085
  Password: False
  Kerberos keys available: False

[root@server65 ~]# ipa user-mod gecosuser --gecos="wrong format,Redhat"
-------------------------
Modified user "gecosuser"
-------------------------
  User login: gecosuser
  First name: gecosuser
  Last name: gecosuser
  Home directory: /home/gecosuser
  GECOS field: wrong format,Redhat     <---------------------------
  Login shell: /bin/sh
  Email address: gecosuser
  UID: 1804400085
  GID: 1804400085
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

Expected results:
It should show error message

Additional info:
http://en.wikipedia.org/wiki/Gecos_field
Comment 2 Martin Kosek 2013-09-09 06:48:52 UTC 
We have no validator in place on GECOS field, i.e. you can set it to anything you want. But speaking of "wrong format,Redhat", is it really wrong? Wiki says it can be a comma-delimited list. E.g.:

# ipa user-add --first=Foo --last=Bar fbar1 --gecos "Foo Bar, Red Hat"
------------------
Added user "fbar1"
------------------
  User login: fbar1
  First name: Foo
  Last name: Bar
  Full name: Foo Bar
  Display name: Foo Bar
  Initials: FB
  Home directory: /home/fbar1
  GECOS: Foo Bar, Red Hat
  Login shell: /bin/sh
  Kerberos principal: fbar1.BOS.REDHAT.COM
  Email address: fbar1.bos.redhat.com
  UID: 470000063
  GID: 470000063
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
# getent passwd fbar1
fbar1:*:470000063:470000063:Foo Bar, Red Hat:/home/fbar1:/bin/sh

... looks OK to me.

What seems more troubling to me, is this case:
# ipa user-add --first=Foo --last=Bar fbar2 --gecos "Foo Bar:Red Hat"
------------------
Added user "fbar2"
------------------
  User login: fbar2
  First name: Foo
  Last name: Bar
  Full name: Foo Bar
  Display name: Foo Bar
  Initials: FB
  Home directory: /home/fbar2
  GECOS: Foo Bar:Red Hat
  Login shell: /bin/sh
  Kerberos principal: fbar2.BOS.REDHAT.COM
  Email address: fbar2.bos.redhat.com
  UID: 470000064
  GID: 470000064
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
# getent passwd fbar2
fbar2:*:470000064:470000064:Foo Bar:Red Hat:/home/fbar2:/bin/sh

Wouldn't it break some programs reading passwd? Jakub, what do you think about this?
Comment 3 Jakub Hrozek 2013-09-09 08:51:16 UTC 
(In reply to Martin Kosek from comment #2)
> We have no validator in place on GECOS field, i.e. you can set it to
> anything you want. But speaking of "wrong format,Redhat", is it really
> wrong? Wiki says it can be a comma-delimited list. E.g.:
> 

Right, but I've never seen GECOS used as a CSV list. Typically only the real name is present in GECOS.

<snip>

> # getent passwd fbar2
> fbar2:*:470000064:470000064:Foo Bar:Red Hat:/home/fbar2:/bin/sh
> 
> Wouldn't it break some programs reading passwd? Jakub, what do you think
> about this?

I would expect *programs* to use an API like getpwnam() to retrieve this information. Shell scripts might break here, yes.

But then I'd say it's the fault of the admin. I would expect you can set the colon in the homedir or shell as well.
Comment 4 Martin Kosek 2013-09-09 10:10:35 UTC 
Ok. Seeing this discussion, I think we can treat "gecos" field validation in the same way as general user "cn" attribute validation - i.e. no validation at all, let admin set it to chosen value.

Closing as NOTABUG. Please reopen if this is a wrong approach.