[Pkg-shadow-devel] [Git][debian/adduser][debian-bug-1099470] cleanup check_user_group, mismatch logic

Marc Haber (@zugschlus) gitlab at salsa.debian.org
Tue Mar 4 16:50:34 GMT 2025 


Marc Haber pushed to branch debian-bug-1099470 at Debian / adduser


Commits:
230cf545 by Matt Barry at 2025-03-04T11:20:32-05:00
cleanup check_user_group, mismatch logic

- - - - -


1 changed file:

- adduser


Changes:

=====================================
adduser
=====================================
@@ -1144,17 +1144,19 @@ sub mktree {
 #   return 8|2|1 == 11
 sub existing_user_status {
     my ($new_name,$new_uid) = @_;
-    my ($dummy1,$pw,$uid);
+    my ($pw,$uid);
     my $ret = EXISTING_NOT_FOUND;
     log_trace( "existing_user_status called with new_name %s, new_uid %s", $new_name, $new_uid );
-    if (($dummy1,$pw,$uid) = egetpwnam($new_name)) {
+    if ((undef,$pw,$uid) = egetpwnam($new_name)) {
         log_trace("egetpwnam %s returned successfully, uid = %s", $new_name, $uid);
         $ret |= EXISTING_FOUND;
         $ret |= EXISTING_ID_MISMATCH if (defined($new_uid) && $uid != $new_uid);
         $ret |= EXISTING_SYSTEM if \
             ($uid >= $config{"first_system_uid"} && $uid <= $config{"last_system_uid"});
         $ret |= EXISTING_LOCKED if (substr($pw,0,1) eq "!");  # TODO: also check expiry?
-    } 
+    } elsif ($new_uid && getpwuid($new_uid)) {
+        $ret |= EXISTING_ID_MISMATCH;
+    }
     log_trace( "existing_user_status( %s, %s ) returns %s", $new_name, $new_uid, $ret );
     return $ret;
 }
@@ -1171,16 +1173,18 @@ sub existing_user_status {
 #       EXISTING_ID_MISMATCH => 4
 sub existing_group_status {
     my ($new_name,$new_gid) = @_;
-    my ($dummy1,$dummy2,$gid);
+    my $gid;
     my $ret = EXISTING_NOT_FOUND;
     log_trace( "existing_group_status called with new_name %s, new_gid %s", $new_name, $new_gid );
-    if (($dummy1,$dummy2,$gid) = egetgrnam($new_name)) {
+    if ((undef,undef,$gid) = egetgrnam($new_name)) {
         log_trace("egetgrnam %s returned successfully, gid = %s", $new_name, $gid);
         $ret |= EXISTING_FOUND;
         $ret |= EXISTING_ID_MISMATCH if (defined($new_gid) && $gid != $new_gid);
         $ret |= EXISTING_SYSTEM if \
             ($gid >= $config{"first_system_gid"} && $gid <= $config{"last_system_gid"});
-    } 
+    } elsif ($new_gid && getgrgid($new_gid)) {
+        $ret |= EXISTING_ID_MISMATCH;
+    }
     log_trace( "existing_group_status( %s, %s ) returns %s", $new_name, $new_gid, $ret );
     return $ret;
 }
@@ -1194,21 +1198,24 @@ sub existing_group_status {
 sub check_user_group {
     my ($system) = @_;
     log_debug( "check_user_group %s called, make_group_also %s", $system, $make_group_also );
-    if( !$system || !existing_user_status($new_name, $new_uid) ) {
-        if( defined egetpwnam($new_name) ) {
-            if( $system ) {
-                log_fatal( mtx("The user `%s' already exists, and is not a system user."), $new_name);
-                exit( RET_WRONG_OBJECT_PROPERTIES );
-            } else {
-                log_fatal( mtx("The user `%s' already exists."), $new_name);
-                exit( RET_OBJECT_EXISTS );
-            }
+    
+    my $ustat = existing_user_status($new_name, $new_uid);
+    if ($system) {
+        if (($ustat & EXISTING_FOUND) && !($ustat & EXISTING_SYSTEM)) {
+            log_fatal( mtx("The user `%s' already exists, and is not a system user."), $new_name);
+            exit( RET_WRONG_OBJECT_PROPERTIES );
         }
-        if (defined($new_uid) && getpwuid($new_uid)) {
-            log_fatal( mtx("The UID %d is already in use."), $new_uid);
-            exit( RET_ID_IN_USE );
+        # if ($new_uid && !($ustat & EXISTING_SYSTEM)) {
+        #         log_fatal( mtx("The uid `%s' is invalid for system users."), $new_name);
+        #         exit( RET_OBJECT_EXISTS );
+        # }
+    } else {
+        if ($ustat & EXISTING_FOUND) {
+            log_fatal( mtx("The user `%s' already exists."), $new_name);
+            exit( RET_OBJECT_EXISTS );
         }
     }
+
     if ($make_group_also) {
         log_trace( "make_group_also 1, new_name %s, new_uid %s", $new_name, $new_uid );
         if( !$system || !existing_group_status($new_name, $new_uid) ) {



View it on GitLab: https://salsa.debian.org/debian/adduser/-/commit/230cf545fcca7128800a9596993209fe0218dad2

-- 
View it on GitLab: https://salsa.debian.org/debian/adduser/-/commit/230cf545fcca7128800a9596993209fe0218dad2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20250304/03e22237/attachment-0001.htm>

More information about the Pkg-shadow-devel mailing list