From: Nick Rosbrook <enr0n@ubuntu.com>
Date: Tue, 6 Aug 2024 00:43:15 +0000 (-0400)
Subject: sysusers: check if requested group name matches user name in queue
X-Git-Tag: v257-rc1~727
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=18a8f03e5160ca3828d327d9bbd1b32f26d792a3;p=thirdparty%2Fsystemd.git

sysusers: check if requested group name matches user name in queue

When creating a user, check if the requested group name matches a user
name in the queue. If that matched user name is also going to be a group
name, then use it for the new user too. In other words, allow the
following:

 u foo -
 u bar -:foo

when both foo and bar are new users.

Fixes #33547
---

diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index da97f333dee..a1ccc1f2b4b 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1439,9 +1439,15 @@ static int process_item(Context *c, Item *i) {
         case ADD_USER: {
                 Item *j = NULL;
 
-                if (!i->gid_set)
+                if (!i->gid_set) {
                         j = ordered_hashmap_get(c->groups, i->group_name ?: i->name);
 
+                        /* If that's not a match, also check if the group name
+                         * matches a user name in the queue. */
+                        if (!j && i->group_name)
+                                j = ordered_hashmap_get(c->users, i->group_name);
+                }
+
                 if (j && j->todo_group) {
                         /* When a group with the target name is already in queue,
                          * use the information about the group and do not create
diff --git a/test/test-sysusers/test-16.expected-group b/test/test-sysusers/test-16.expected-group
new file mode 100644
index 00000000000..54918e417ac
--- /dev/null
+++ b/test/test-sysusers/test-16.expected-group
@@ -0,0 +1 @@
+foo:x:SYSTEM_UGID_MAX:
diff --git a/test/test-sysusers/test-16.expected-passwd b/test/test-sysusers/test-16.expected-passwd
new file mode 100644
index 00000000000..8823813f82d
--- /dev/null
+++ b/test/test-sysusers/test-16.expected-passwd
@@ -0,0 +1,2 @@
+foo:x:SYSTEM_UGID_MAX:SYSTEM_UGID_MAX::/:NOLOGIN
+bar:x:300:SYSTEM_UGID_MAX::/:NOLOGIN
diff --git a/test/test-sysusers/test-16.input b/test/test-sysusers/test-16.input
new file mode 100644
index 00000000000..2d80d81c0c0
--- /dev/null
+++ b/test/test-sysusers/test-16.input
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Test fix for https://github.com/systemd/systemd/issues/33547.
+#
+#Type Name ID
+u     foo  -
+u     bar  300:foo