From ca516c71dc0917ed28e9489657a1c3f4d7d3de77 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luis=20Guzm=C3=A1n?= <ark@switnet.org>
Date: Sat, 11 Oct 2025 02:50:20 -0600
Subject: [PATCH] mate-user-admin: pull adduser regex from adduser.conf file

---
 ...-add-cracklib-runtime-as-dependency.patch} |  0
 ...r-NAME_REGEX-for-username-validation.patch | 76 +++++++++++++++++++
 helpers/make-mate-user-admin                  | 10 ++-
 3 files changed, 82 insertions(+), 4 deletions(-)
 rename helpers/DATA/mate-user-admin/{add-cracklib-runtime-as-dependency.patch => patch_changes/000-add-cracklib-runtime-as-dependency.patch} (100%)
 create mode 100644 helpers/DATA/mate-user-admin/patch_changes/001-Use-adduser-NAME_REGEX-for-username-validation.patch

diff --git a/helpers/DATA/mate-user-admin/add-cracklib-runtime-as-dependency.patch b/helpers/DATA/mate-user-admin/patch_changes/000-add-cracklib-runtime-as-dependency.patch
similarity index 100%
rename from helpers/DATA/mate-user-admin/add-cracklib-runtime-as-dependency.patch
rename to helpers/DATA/mate-user-admin/patch_changes/000-add-cracklib-runtime-as-dependency.patch
diff --git a/helpers/DATA/mate-user-admin/patch_changes/001-Use-adduser-NAME_REGEX-for-username-validation.patch b/helpers/DATA/mate-user-admin/patch_changes/001-Use-adduser-NAME_REGEX-for-username-validation.patch
new file mode 100644
index 0000000..e19611f
--- /dev/null
+++ b/helpers/DATA/mate-user-admin/patch_changes/001-Use-adduser-NAME_REGEX-for-username-validation.patch
@@ -0,0 +1,76 @@
+diff --git a/src/user-admin.c b/src/user-admin.c
+index c51a2022..a4fb6941 100644
+--- a/src/user-admin.c
++++ b/src/user-admin.c
+@@ -23,8 +23,10 @@
+ #include <pwd.h>
+ #include <libintl.h>
+ #include <locale.h>
++#include <glib.h>
+ #include <glib/gi18n.h>
+ #include <grp.h>
++#include <string.h>
+ #include <sys/types.h>
+ #include <libgroupservice/gas-group.h>
+ #include <libgroupservice/gas-group-manager.h>
+@@ -285,6 +287,51 @@ static gboolean UserNameValidCheck (const gchar *UserName, gchar **Message)
+     valid = TRUE;
+     if (!in_use && !empty && !home_use)
+     {
++        /* Follow adduser(8) policy:
++         * Read NAME_REGEX from /etc/adduser.conf, compile an anchored regex,
++         * and require the username to fully match it. If unavailable or
++         * invalid, fall back to current Debian/Ubuntu default: ^[a-z][-a-z0-9_]*$
++         * (lowercase first char; then lowercase, digits, '-' and '_').
++         */
++        {
++            gchar *contents = NULL, *rx_s = NULL;
++            gsize len = 0;
++            const gchar *fallback = "^[a-z][-a-z0-9_]*$";
++            if (g_file_get_contents("/etc/adduser.conf", &contents, &len, NULL)) {
++                gchar **lines = g_strsplit(contents, "\n", -1);
++                for (gchar **p = lines; p && *p; ++p) {
++                    gchar *line = g_strstrip(*p);
++                    if (!line || !*line || line[0] == '#')
++                        continue;
++                    if (g_str_has_prefix(line, "NAME_REGEX")) {
++                        /* Accept forms like: NAME_REGEX="...pattern..." */
++                        gchar *q1 = strchr(line, '"');
++                        if (q1) {
++                            gchar *q2 = strrchr(q1 + 1, '"');
++                            if (q2 && q2 > q1 + 1)
++                                rx_s = g_strndup(q1 + 1, (gsize)(q2 - (q1 + 1)));
++                        }
++                        break;
++                    }
++                }
++                g_strfreev(lines);
++                g_free(contents);
++            }
++
++            GError *rx_err = NULL;
++            GRegex *rx = g_regex_new(rx_s ? rx_s : fallback, G_REGEX_ANCHORED, 0, &rx_err);
++            g_free(rx_s);
++            if (rx) {
++                if (!g_regex_match(rx, UserName, 0, NULL)) {
++                    valid = FALSE;
++                }
++                g_regex_unref(rx);
++            } else {
++                /* If regex cannot compile, be conservative */
++                if (rx_err) g_error_free(rx_err);
++                valid = FALSE;
++            }
++        }
+         for (c = UserName; *c; c++)
+         {
+             if (! ((*c >= 'a' && *c <= 'z') ||
+@@ -313,7 +360,7 @@ static gboolean UserNameValidCheck (const gchar *UserName, gchar **Message)
+         }
+         else
+         {
+-            *Message = g_strdup (_("The username should only consist of upper and lower case \nletters from a-z,digits and the following characters: . - _"));
++            *Message = g_strdup (_("The username first character must be lower case, use only \nlowercase letters (a–z), digits and the following characters: -_"));
+         }
+     }
+ 
diff --git a/helpers/make-mate-user-admin b/helpers/make-mate-user-admin
index b6785ce..b86424f 100644
--- a/helpers/make-mate-user-admin
+++ b/helpers/make-mate-user-admin
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-#    Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
+#    Copyright (C) 2025 Luis Guzmán <ark@switnet.org>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 #
 
-VERSION=2
+VERSION=3
 EXTERNAL='deb-src http://archive.ubuntu.com/ubuntu noble universe'
 
 . ./config
@@ -26,9 +26,11 @@ EXTERNAL='deb-src http://archive.ubuntu.com/ubuntu noble universe'
 export FULLVERSION="$(sed 's|build3||' <<< $FULLVERSION)"
 
 # Add cracklib-runtime dependency to debian/control
-patch --no-backup-if-mismatch -p1 < $DATA/add-cracklib-runtime-as-dependency.patch
+apply_patch_changes
+
+changelog "Added cracklib-runtime dependency.
+Added custom implementation to use adduser regex for user creation"
 
-changelog "Imported into Trisquel Aramo | Added cracklib-runtime dependency."
 head -n1 debian/changelog | grep -q build && echo "error: update upstream version" && exit
 
 package