From ef9bf2650cfbf63290e92ca8c654dc0f6880df00 Mon Sep 17 00:00:00 2001
From: Adriaan de Groot <groot@kde.org>
Date: Mon, 9 May 2022 14:49:15 +0200
Subject: [PATCH] [users] Allow a configurable list of forbidden names

- forbidden login names
- forbidden host names
---
 src/modules/users/Config.cpp | 30 ++++++++++++++++++++++++------
 src/modules/users/Config.h   |  7 +++++--
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/src/modules/users/Config.cpp b/src/modules/users/Config.cpp
index f4e6680a9..a9287205f 100644
--- a/src/modules/users/Config.cpp
+++ b/src/modules/users/Config.cpp
@@ -201,10 +201,9 @@ Config::setLoginName( const QString& login )
 }
 
 const QStringList&
-Config::forbiddenLoginNames()
+Config::forbiddenLoginNames() const
 {
-    static QStringList forbidden { "root" };
-    return forbidden;
+    return m_forbiddenLoginNames;
 }
 
 QString
@@ -268,10 +267,9 @@ Config::setHostName( const QString& host )
 }
 
 const QStringList&
-Config::forbiddenHostNames()
+Config::forbiddenHostNames() const
 {
-    static QStringList forbidden { "localhost" };
-    return forbidden;
+    return m_forbiddenHostNames;
 }
 
 QString
@@ -881,6 +879,18 @@ copyLegacy( const QVariantMap& source, const QString& sourceKey, QVariantMap& ta
     }
 }
 
+/** @brief Tidy up a list of names
+ *
+ * Remove duplicates, apply lowercase, sort.
+ */
+static void
+tidy( QStringList& l )
+{
+    std::for_each( l.begin(), l.end(), []( QString& s ) { s = s.toLower(); } );
+    l.sort();
+    l.removeDuplicates();
+}
+
 void
 Config::setConfigurationMap( const QVariantMap& configurationMap )
 {
@@ -899,6 +909,10 @@ Config::setConfigurationMap( const QVariantMap& configurationMap )
         }
         // Now it might be explicitly set to empty, which is ok
         setUserShell( shell );
+
+        m_forbiddenLoginNames = CalamaresUtils::getStringList( userSettings, "forbidden_names" );
+        m_forbiddenLoginNames << QStringLiteral( "root" ) << QStringLiteral( "nobody" );
+        tidy( m_forbiddenLoginNames );
     }
 
     setAutoLoginGroup( either< QString, const QString& >(
@@ -920,6 +934,10 @@ Config::setConfigurationMap( const QVariantMap& configurationMap )
         m_writeEtcHosts = CalamaresUtils::getBool( hostnameSettings, "writeHostsFile", true );
         m_hostnameTemplate
             = CalamaresUtils::getString( hostnameSettings, "template", QStringLiteral( "${first}-${product}" ) );
+
+        m_forbiddenHostNames = CalamaresUtils::getStringList( hostnameSettings, "forbidden_names" );
+        m_forbiddenHostNames << QStringLiteral( "localhost" );
+        tidy( m_forbiddenHostNames );
     }
 
     setConfigurationDefaultGroups( configurationMap, m_defaultGroups );
diff --git a/src/modules/users/Config.h b/src/modules/users/Config.h
index c395dc1d4..599fcd6bd 100644
--- a/src/modules/users/Config.h
+++ b/src/modules/users/Config.h
@@ -252,8 +252,8 @@ public:
 
     bool isReady() const;
 
-    static const QStringList& forbiddenLoginNames();
-    static const QStringList& forbiddenHostNames();
+    const QStringList& forbiddenLoginNames() const;
+    const QStringList& forbiddenHostNames() const;
 
 public Q_SLOTS:
     /** @brief Sets the user's shell if possible
@@ -347,6 +347,9 @@ private:
     bool m_writeEtcHosts = false;
     QString m_hostnameTemplate;
 
+    QStringList m_forbiddenHostNames;
+    QStringList m_forbiddenLoginNames;
+
     PasswordCheckList m_passwordChecks;
 };