From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 30 Oct 2025 21:49:03 +0000 (+0100)
Subject: userdbctl: Write empty JSON object into membership files
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3fbf4ac24bc2deea57c5e55b2349e52f5a45df1b;p=thirdparty%2Fsystemd.git

userdbctl: Write empty JSON object into membership files
---

diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c
index ca698e7345f..823b68e7d94 100644
--- a/src/userdb/userdbctl.c
+++ b/src/userdb/userdbctl.c
@@ -18,6 +18,7 @@
 #include "format-table.h"
 #include "format-util.h"
 #include "fs-util.h"
+#include "io-util.h"
 #include "log.h"
 #include "main-func.h"
 #include "mkdir.h"
@@ -1196,6 +1197,31 @@ static int ssh_authorized_keys(int argc, char *argv[], void *userdata) {
         return r;
 }
 
+static int write_membership(int dir_fd, const char *dir, const char *user, const char *group) {
+        int r;
+
+        assert(dir_fd >= 0 || dir_fd == AT_FDCWD);
+        assert(dir);
+        assert(user);
+        assert(group);
+
+        _cleanup_free_ char *membership = strjoin(user, ":", group, ".membership");
+        if (!membership)
+                return log_oom();
+
+        _cleanup_close_ int fd = openat(dir_fd, membership, O_WRONLY|O_CREAT|O_CLOEXEC, 0644);
+        if (fd < 0)
+                return log_error_errno(errno, "Failed to create %s/%s: %m", dir, membership);
+
+        r = loop_write(fd, "{}\n", SIZE_MAX);
+        if (r < 0)
+                return log_error_errno(r, "Failed to write empty JSON object into %s/%s: %m", dir, membership);
+
+        log_info("Installed %s/%s from credential.", dir, membership);
+
+        return 0;
+}
+
 static int load_credential_one(
                 int credential_dir_fd,
                 const char *name,
@@ -1430,27 +1456,15 @@ static int load_credential_one(
 
         if (ur)
                 STRV_FOREACH(g, ur->member_of) {
-                        _cleanup_free_ char *membership = strjoin(ur->user_name, ":", *g, ".membership");
-                        if (!membership)
-                                return log_oom();
-
-                        _cleanup_close_ int fd = openat(*userdb_dir_fd, membership, O_WRONLY|O_CREAT|O_CLOEXEC, 0644);
-                        if (fd < 0)
-                                return log_error_errno(errno, "Failed to create %s: %m", membership);
-
-                        log_info("Installed %s/%s from credential.", userdb_dir, membership);
+                        r = write_membership(*userdb_dir_fd, userdb_dir, ur->user_name, *g);
+                        if (r < 0)
+                                return r;
                 }
         else
                 STRV_FOREACH(u, gr->members) {
-                        _cleanup_free_ char *membership = strjoin(*u, ":", gr->group_name, ".membership");
-                        if (!membership)
-                                return log_oom();
-
-                        _cleanup_close_ int fd = openat(*userdb_dir_fd, membership, O_WRONLY|O_CREAT|O_CLOEXEC, 0644);
-                        if (fd < 0)
-                                return log_error_errno(errno, "Failed to create %s: %m", membership);
-
-                        log_info("Installed %s/%s from credential.", userdb_dir, membership);
+                        r = write_membership(*userdb_dir_fd, userdb_dir, *u, gr->group_name);
+                        if (r < 0)
+                                return r;
                 }
 
         if (ur && user_record_disposition(ur) == USER_REGULAR) {