Check that a nonlocal lookup by name returns the right name.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

diff --git a/nonlocal-group.c b/nonlocal-group.c
index a7042416ac459ce18542c2cf3a5a04e496ae3e48..83e5d12e385bbe5f8a1a640ed2712f9ded310937 100644 (file)
--- a/nonlocal-group.c
+++ b/nonlocal-group.c
@@ -329,6 +329,11 @@ _nss_nonlocal_getgrnam_r(const char *name, struct group *grp,
     if (status != NSS_STATUS_SUCCESS)
        return status;
 
     if (status != NSS_STATUS_SUCCESS)
        return status;
 

+    if (strcmp(name, grp->gr_name) != 0) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding group %s from lookup for group %s\n", grp->gr_name, name);
+       return NSS_STATUS_NOTFOUND;
+    }
+

     return check_nonlocal_gid(name, grp->gr_gid, errnop);
 }
 
     return check_nonlocal_gid(name, grp->gr_gid, errnop);
 }
 

diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index e915ea0a2fa15d4b1ffe22f1812e8781806a19f7..29e922be62c42d2828b65ad71dc89fd78727920c 100644 (file)
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -329,6 +329,11 @@ _nss_nonlocal_getpwnam_r(const char *name, struct passwd *pwd,
     if (status != NSS_STATUS_SUCCESS)
        return status;
 
     if (status != NSS_STATUS_SUCCESS)
        return status;
 

+    if (strcmp(name, pwd->pw_name) != 0) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding user %s from lookup for user %s\n", pwd->pw_name, name);
+       return NSS_STATUS_NOTFOUND;
+    }
+

     status = check_nonlocal_uid(name, pwd->pw_uid, errnop);
     if (status != NSS_STATUS_SUCCESS)
        return status;
     status = check_nonlocal_uid(name, pwd->pw_uid, errnop);
     if (status != NSS_STATUS_SUCCESS)
        return status;

diff --git a/nonlocal-shadow.c b/nonlocal-shadow.c
index 6524ee884d3b7cfabaf64fb8dcc5bf57613f8ea9..f1e03a1602ba28fcd45fec419e90ca11112fd586 100644 (file)
--- a/nonlocal-shadow.c
+++ b/nonlocal-shadow.c
@@ -33,6 +33,7 @@
 #include <string.h>
 #include <dlfcn.h>
 #include <stdio.h>
 #include <string.h>
 #include <dlfcn.h>
 #include <stdio.h>

+#include <syslog.h>

 #include <errno.h>
 #include <shadow.h>
 #include <nss.h>
 #include <errno.h>
 #include <shadow.h>
 #include <nss.h>


@@ -179,5 +180,13 @@ _nss_nonlocal_getspnam_r(const char *name, struct spwd *pwd,
        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
            break;
     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
        if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
            break;
     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);

-    return status;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
+    if (strcmp(name, pwd->sp_namp) != 0) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding shadow %s from lookup for shadow %s\n", pwd->sp_namp, name);
+       return NSS_STATUS_NOTFOUND;
+    }
+
+    return NSS_STATUS_SUCCESS;

 }
 }