Check that a nonlocal lookup by id returns the right id.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

diff --git a/nonlocal-group.c b/nonlocal-group.c
index 074fc4e3703f356b8978120bdeada04e594c776c..6c3173aae7ece201b744e8750d4a40b132afee76 100644 (file)
--- a/nonlocal-group.c
+++ b/nonlocal-group.c
@@ -391,6 +391,11 @@ _nss_nonlocal_getgrgid_r(gid_t gid, struct group *grp,
     if (status != NSS_STATUS_SUCCESS)
        return status;
 
+    if (gid != grp->gr_gid) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding gid %d from lookup for gid %d\n", grp->gr_gid, gid);
+       return NSS_STATUS_NOTFOUND;
+    }
+
     return check_nonlocal_group(grp->gr_name, grp, errnop);
 }
 

diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index 0d71fe35d118dcd6bb2c8f978e024be1b08b6b30..00763ed19d88c6730533fec4f7258abeb683e59e 100644 (file)
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -399,6 +399,11 @@ _nss_nonlocal_getpwuid_r(uid_t uid, struct passwd *pwd,
     if (status != NSS_STATUS_SUCCESS)
        return status;
 
+    if (uid != pwd->pw_uid) {
+       syslog(LOG_ERR, "nss_nonlocal: discarding uid %d from lookup for uid %d\n", pwd->pw_uid, uid);
+       return NSS_STATUS_NOTFOUND;
+    }
+
     status = check_nonlocal_passwd(pwd->pw_name, pwd, errnop);
     if (status != NSS_STATUS_SUCCESS)
        return status;