return status;
}
+enum nss_status
+check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
+{
+ enum nss_status status = NSS_STATUS_SUCCESS;
+ int old_errno = errno;
+ char *end;
+ unsigned long uid;
+
+ errno = 0;
+ uid = strtoul(pwd->pw_name, &end, 10);
+ if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
+ status = check_nonlocal_uid(user, uid, errnop);
+ errno = old_errno;
+ if (status != NSS_STATUS_SUCCESS)
+ return status;
+
+ return check_nonlocal_uid(user, pwd->pw_uid, errnop);
+}
+
enum nss_status
check_nonlocal_user(const char *user, int *errnop)
{
do
status = DL_CALL_FCT(pwent_fct.l, (pwd, buffer, buflen, errnop));
while (status == NSS_STATUS_SUCCESS &&
- check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, &nonlocal_errno) != NSS_STATUS_SUCCESS);
+ check_nonlocal_passwd(pwd->pw_name, pwd, &nonlocal_errno) != NSS_STATUS_SUCCESS);
}
if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
return status;
if (status != NSS_STATUS_SUCCESS)
return status;
- status = check_nonlocal_uid(name, pwd->pw_uid, errnop);
+ if (strcmp(name, pwd->pw_name) != 0) {
+ syslog(LOG_ERR, "nss_nonlocal: discarding user %s from lookup for user %s\n", pwd->pw_name, name);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ status = check_nonlocal_passwd(name, pwd, errnop);
if (status != NSS_STATUS_SUCCESS)
return status;
if (status != NSS_STATUS_SUCCESS)
return status;
- status = check_nonlocal_uid(pwd->pw_name, pwd->pw_uid, errnop);
+ if (uid != pwd->pw_uid) {
+ syslog(LOG_ERR, "nss_nonlocal: discarding uid %d from lookup for uid %d\n", pwd->pw_uid, uid);
+ return NSS_STATUS_NOTFOUND;
+ }
+
+ status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop);
if (status != NSS_STATUS_SUCCESS)
return status;