diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2017-06-17 21:06:14 +0200 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2017-06-18 16:46:57 +0200 |
| commit | ca62f59ac196f89b8f4b3218b17bb46f22346bc5 (patch) | |
| tree | 558bc3f5a99ffa6f39edac36a4d54460a03e3a77 | |
| parent | e68b85aac6e4010cacb43a33643f4050f138be7b (diff) | |
Also filter shadow entries by validnames
| -rw-r--r-- | nslcd/shadow.c | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/nslcd/shadow.c b/nslcd/shadow.c index cdc7e5e..5fe5a94 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -254,16 +254,24 @@ static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser, for (i = 0; usernames[i] != NULL; i++) if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0)) { - WRITE_INT32(fp, NSLCD_RESULT_BEGIN); - WRITE_STRING(fp, usernames[i]); - WRITE_STRING(fp, passwd); - WRITE_INT32(fp, lastchangedate); - WRITE_INT32(fp, mindays); - WRITE_INT32(fp, maxdays); - WRITE_INT32(fp, warndays); - WRITE_INT32(fp, inactdays); - WRITE_INT32(fp, expiredate); - WRITE_INT32(fp, flag); + if (!isvalidname(usernames[i])) + { + log_log(LOG_WARNING, "%s: %s: denied by validnames option", + myldap_get_dn(entry), attmap_passwd_uid); + } + else + { + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, usernames[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, lastchangedate); + WRITE_INT32(fp, mindays); + WRITE_INT32(fp, maxdays); + WRITE_INT32(fp, warndays); + WRITE_INT32(fp, inactdays); + WRITE_INT32(fp, expiredate); + WRITE_INT32(fp, flag); + } } return 0; } @@ -308,7 +316,12 @@ NSLCD_HANDLE_UID( char name[BUFLEN_NAME]; char filter[BUFLEN_FILTER]; READ_STRING(fp, name); - log_setrequest("shadow=\"%s\"", name);, + log_setrequest("shadow=\"%s\"", name); + if (!isvalidname(name)) + { + log_log(LOG_WARNING, "request denied by validnames option"); + return -1; + }, mkfilter_shadow_byname(name, filter, sizeof(filter)), write_shadow(fp, entry, name, calleruid) ) |