passwd: add UPN validation support

Add User Principal Name (UPN) validation to allow passwd command to
accept usernames in user@domain.com format. Currently, passwd will
accept both traditional usernames and UPN format.

Fixes: 326889ca (2024-10-22; "Fix coverity unbound buffer issues")
Closes: <https://github.com/shadow-maint/shadow/issues/1626>
Reported-by: @nooreldeenmansour
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>

diff --git a/src/passwd.c b/src/passwd.c
index b2cac80b007940bf57408ca0f966e76e017ab777..351252e0b5af4f5b687c7c14a25f3468fba2f9e9 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -993,7 +993,7 @@ main(int argc, char **argv)
        }
        myname = xstrdup (pw->pw_name);
        if (optind < argc) {
        }
        myname = xstrdup (pw->pw_name);
        if (optind < argc) {

-               if (!is_valid_user_name (argv[optind])) {
+               if (!is_valid_user_name (argv[optind]) && !is_valid_upn (argv[optind])) {

                        fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
                        fail_exit (E_NOPERM, process_selinux);
                }
                        fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
                        fail_exit (E_NOPERM, process_selinux);
                }