From 053efcab8daa3a53e7825b2167bd55c7f104e36b Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Tue, 2 Jun 2026 15:18:31 +0200
Subject: [PATCH] passwd: add UPN validation support

Add User Principal Name (UPN) validation to allow passwd command to
accept usernames in user@domain.com format. Currently, passwd will
accept both traditional usernames and UPN format.

Fixes: 326889ca (2024-10-22; "Fix coverity unbound buffer issues")
Closes: <https://github.com/shadow-maint/shadow/issues/1626>
Reported-by: @nooreldeenmansour
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
---
 src/passwd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/passwd.c b/src/passwd.c
index b2cac80b0..351252e0b 100644
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -993,7 +993,7 @@ main(int argc, char **argv)
 	}
 	myname = xstrdup (pw->pw_name);
 	if (optind < argc) {
-		if (!is_valid_user_name (argv[optind])) {
+		if (!is_valid_user_name (argv[optind]) && !is_valid_upn (argv[optind])) {
 			fprintf (stderr, _("%s: Provided user name is not a valid name\n"), Prog);
 			fail_exit (E_NOPERM, process_selinux);
 		}
-- 
2.47.3