From ca62f59ac196f89b8f4b3218b17bb46f22346bc5 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sat, 17 Jun 2017 21:06:14 +0200 Subject: Also filter shadow entries by validnames --- nslcd/shadow.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/nslcd/shadow.c b/nslcd/shadow.c index cdc7e5e..5fe5a94 100644 --- a/nslcd/shadow.c +++ b/nslcd/shadow.c @@ -254,16 +254,24 @@ static int write_shadow(TFILE *fp, MYLDAP_ENTRY *entry, const char *requser, for (i = 0; usernames[i] != NULL; i++) if ((requser == NULL) || (STR_CMP(requser, usernames[i]) == 0)) { - WRITE_INT32(fp, NSLCD_RESULT_BEGIN); - WRITE_STRING(fp, usernames[i]); - WRITE_STRING(fp, passwd); - WRITE_INT32(fp, lastchangedate); - WRITE_INT32(fp, mindays); - WRITE_INT32(fp, maxdays); - WRITE_INT32(fp, warndays); - WRITE_INT32(fp, inactdays); - WRITE_INT32(fp, expiredate); - WRITE_INT32(fp, flag); + if (!isvalidname(usernames[i])) + { + log_log(LOG_WARNING, "%s: %s: denied by validnames option", + myldap_get_dn(entry), attmap_passwd_uid); + } + else + { + WRITE_INT32(fp, NSLCD_RESULT_BEGIN); + WRITE_STRING(fp, usernames[i]); + WRITE_STRING(fp, passwd); + WRITE_INT32(fp, lastchangedate); + WRITE_INT32(fp, mindays); + WRITE_INT32(fp, maxdays); + WRITE_INT32(fp, warndays); + WRITE_INT32(fp, inactdays); + WRITE_INT32(fp, expiredate); + WRITE_INT32(fp, flag); + } } return 0; } @@ -308,7 +316,12 @@ NSLCD_HANDLE_UID( char name[BUFLEN_NAME]; char filter[BUFLEN_FILTER]; READ_STRING(fp, name); - log_setrequest("shadow=\"%s\"", name);, + log_setrequest("shadow=\"%s\"", name); + if (!isvalidname(name)) + { + log_log(LOG_WARNING, "request denied by validnames option"); + return -1; + }, mkfilter_shadow_byname(name, filter, sizeof(filter)), write_shadow(fp, entry, name, calleruid) ) -- cgit v1.2.3