+ char *buf;
+ size_t buflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ const struct walk_nss w = {
+ .lookup = &__nss_passwd_lookup, .fct_name = "getpwuid_r",
+ .status = &status, .errnop = errnop, .buf = &buf, .buflen = &buflen
+ };
+ const __typeof__(&_nss_nonlocal_getpwuid_r) self = &_nss_nonlocal_getpwuid_r;
+#define args (uid, &pwbuf, buf, buflen, errnop)
+#include "walk_nss.h"
+#undef args
+
+ if (status == NSS_STATUS_SUCCESS) {
+ syslog(LOG_ERR, "nss_nonlocal: possible spoofing attack: non-local user %s has same UID as local user %s!\n", user, pwbuf.pw_name);
+ free(buf);
+ status = NSS_STATUS_NOTFOUND;
+ } else if (status != NSS_STATUS_TRYAGAIN) {
+ status = NSS_STATUS_SUCCESS;
+ }
+
+ return status;
+}
+
+enum nss_status
+check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
+{
+ enum nss_status status = NSS_STATUS_SUCCESS;