]> andersk Git - nss_nonlocal.git/blobdiff - nonlocal-passwd.c
andersk / nss_nonlocal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disallow numeric nonlocal user/group names that look like local uid/gids.
[nss_nonlocal.git] / nonlocal-passwd.c
diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index ffd5375fe6e0125dda81369a880e4c5110090ddd..0d71fe35d118dcd6bb2c8f978e024be1b08b6b30 100644 (file)
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -127,6 +127,19 @@ check_nonlocal_uid(const char *user, uid_t uid, int *errnop)
 enum nss_status
 check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
 {
+    enum nss_status status = NSS_STATUS_SUCCESS;
+    int old_errno = errno;
+    char *end;
+    unsigned long uid;
+
+    errno = 0;
+    uid = strtoul(pwd->pw_name, &end, 10);
+    if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
+       status = check_nonlocal_uid(user, uid, errnop);
+    errno = old_errno;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
     return check_nonlocal_uid(user, pwd->pw_uid, errnop);
 }
 
nss_nonlocal, an nsswitch proxy module to prevent local account spoofing
This page took 0.214296 seconds and 4 git commands to generate.