Remove user heuristics

We don't want this code running except on Red Hat systems, where we can
maintain it in a downstream patch if need be.

The heuristic has been wrong before (e.g. as in #57) and is not useful
on upstream systems where 1000 is the presumed minimum uid for human
users.

3 files changed, 0 insertions, 43 deletions

diff --git a/meson.build b/meson.build
index 3f4526a..aa87d0d 100644
--- a/meson.build
+++ b/meson.build
@@ -187,7 +187,6 @@ extra_admin_groups = ','.join(get_option('extra_admin_groups'))
 config_h.set_quoted('ADMIN_GROUP', admin_group)
 config_h.set_quoted('EXTRA_ADMIN_GROUPS', extra_admin_groups)
 
-config_h.set('ENABLE_USER_HEURISTICS', get_option('user_heuristics'))
 config_h.set('MINIMUM_UID', get_option('minimum_uid'))
 
 # GDM
diff --git a/meson_options.txt b/meson_options.txt
index 7d088de..93f384a 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -2,7 +2,6 @@ option('systemdsystemunitdir', type: 'string', value: '', description: 'custom d
 option('gdmconffile', type: 'string', value: '/etc/gdm/custom.conf', description: 'GDM configuration file')
 
 option('admin_group', type: 'string', value: '', description: 'Set group for administrative accounts')
-option('user_heuristics', type: 'boolean', value: true, description: 'Enable heuristics for guessing system vs. human users in the range 500-minimum-uid')
 option('extra_admin_groups', type: 'array', value: [], description: 'Comma-separated list of extra groups that administrator users are part of')
 option('minimum_uid', type: 'integer', value: 1000, description: 'Set minimum uid for human users')
 
diff --git a/src/user-classify.c b/src/user-classify.c
index 9db1c9a..91f29b4 100644
--- a/src/user-classify.c
+++ b/src/user-classify.c
@@ -76,39 +76,6 @@ user_classify_is_blacklisted (const char *username)
         return FALSE;
 }
 
-#ifdef ENABLE_USER_HEURISTICS
-static gboolean
-user_classify_is_excluded_by_heuristics (const gchar *username,
-                                         const gchar *password_hash)
-{
-        gboolean ret = FALSE;
-
-        if (password_hash != NULL) {
-                /* skip over the account-is-locked '!' prefix if present */
-                if (password_hash[0] == '!')
-                    password_hash++;
-
-                if (password_hash[0] != '\0') {
-                        /* modern hashes start with "$n$" */
-                        if (password_hash[0] == '$') {
-                                if (strlen (password_hash) < 4)
-                                    ret = TRUE;
-
-                        /* DES crypt is base64 encoded [./A-Za-z0-9]*
-                         */
-                        } else if (!g_ascii_isalnum (password_hash[0]) &&
-                                   password_hash[0] != '.' &&
-                                   password_hash[0] != '/') {
-                                ret = TRUE;
-                        }
-                }
-
-        }
-
-        return ret;
-}
-#endif /* ENABLE_USER_HEURISTICS */
-
 static gboolean
 is_invalid_shell (const char *shell)
 {
@@ -156,13 +123,5 @@ user_classify_is_human (uid_t        uid,
         if (shell != NULL && is_invalid_shell (shell))
                 return FALSE;
 
-#ifdef ENABLE_USER_HEURISTICS
-        /* only do heuristics on the range 500-1000 to catch one off migration problems in Fedora */
-        if (uid >= 500 && uid < MINIMUM_UID) {
-                if (!user_classify_is_excluded_by_heuristics (username, password_hash))
-                        return TRUE;
-        }
-#endif
-
         return uid >= MINIMUM_UID;
 }