> daemon_create_user_authorized_cb() lacks a "--" in the argument builder, so accounts with a leading dash will be taken as an argument:
looking at adduser's source code, I see this comment:
(gtx("%s: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).
So I guess we don't want to fix that. It works perfectly adding users with '-' and '_' in the name.
> Additionally, nothing validates the contents of user_name and real_name ("useradd" should, but best to do _some_ sanity checking).
the user accounts panel in gnome-control-center does check the user_name, and also accountsservice itself uses the regexp to check the validity of the user_name
> I see no way for the daemon to shut down during a package upgrade (and the associated postinst to perform that).
> daemon_ create_ user_authorized _cb() lacks a "--" in the argument builder, so accounts with a leading dash will be taken as an argument:
looking at adduser's source code, I see this comment:
(gtx("%s: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).
So I guess we don't want to fix that. It works perfectly adding users with '-' and '_' in the name.
> Additionally, nothing validates the contents of user_name and real_name ("useradd" should, but best to do _some_ sanity checking).
the user accounts panel in gnome-control- center does check the user_name, and also accountsservice itself uses the regexp to check the validity of the user_name
> I see no way for the daemon to shut down during a package upgrade (and the associated postinst to perform that).
ok, added this to the attached package branch