Check that a nonlocal lookup by id returns the right id.

[nss_nonlocal.git] / nonlocal-passwd.c

diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index ffd5375fe6e0125dda81369a880e4c5110090ddd..00763ed19d88c6730533fec4f7258abeb683e59e 100644 (file)
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -127,6 +127,19 @@ check_nonlocal_uid(const char *user, uid_t uid, int *errnop)
 enum nss_status
 check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
 {
+    enum nss_status status = NSS_STATUS_SUCCESS;
+    int old_errno = errno;
+    char *end;
+    unsigned long uid;
+
+    errno = 0;
+    uid = strtoul(pwd->pw_name, &end, 10);
+    if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
+       status = check_nonlocal_uid(user, uid, errnop);
+    errno = old_errno;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
     return check_nonlocal_uid(user, pwd->pw_uid, errnop);
 }
 
@@ -386,6 +399,11 @@ _nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd,
     if (status != NSS_STATUS_SUCCESS)
        return status;
 
+    if (uid != pwd->pw_uid) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding uid %d from lookup for uid %d\n", pwd->pw_uid, uid);
+       return NSS_STATUS_NOTFOUND;
+    }
+
     status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop);
     if (status != NSS_STATUS_SUCCESS)
        return status;