sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-20 09:16:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix tests and windows username validation

Browse Source
This commit is contained in:
Viktor Liu
2025-07-03 01:58:15 +02:00
parent 76f9e11b29
commit 6e15882c11
5 changed files with 75 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
client/ssh/server/userswitching_windows.go
View File

@@ -21,16 +21,23 @@ func validateUsername(username string) error {
return fmt.Errorf("username cannot be empty")
}
// Handle domain\username format - extract just the username part for validation
usernameToValidate := username
if idx := strings.LastIndex(username, `\`); idx != -1 {
usernameToValidate = username[idx+1:]
}
// Windows SAM Account Name limits: 20 characters for users, 16 for computers
// We use 20 as the general limit
if len(username) > 20 {
// We use 20 as the general limit (applies to username part only)
if len(usernameToValidate) > 20 {
return fmt.Errorf("username too long (max 20 characters for Windows)")
}
// Check for Windows SAM Account Name invalid characters
// Prohibited: " / \ [ ] : ; | = , + * ? < >
// Note: backslash is allowed in full username (domain\user) but not in the user part
invalidChars := []rune{'"', '/', '\\', '[', ']', ':', ';', '|', '=', ',', '+', '*', '?', '<', '>'}
for _, char := range username {
for _, char := range usernameToValidate {
for _, invalid := range invalidChars {
if char == invalid {
return fmt.Errorf("username contains invalid character '%c'", char)
@@ -43,18 +50,18 @@ func validateUsername(username string) error {
}
// Period cannot be the final character
if strings.HasSuffix(username, ".") {
if strings.HasSuffix(usernameToValidate, ".") {
return fmt.Errorf("username cannot end with a period")
}
// Check for reserved patterns
if username == "." || username == ".." {
if usernameToValidate == "." || usernameToValidate == ".." {
return fmt.Errorf("username cannot be '.' or '..'")
}
// Warn about @ character (causes login issues)
if strings.Contains(username, "@") {
log.Warnf("username '%s' contains '@' character which may cause login issues", username)
// Warn about @ character (causes login issues) - check in username part only
if strings.Contains(usernameToValidate, "@") {
log.Warnf("username '%s' contains '@' character which may cause login issues", usernameToValidate)
}
return nil