sysusers: check if requested group name matches user name in queue

When creating a user, check if the requested group name matches a user name in the queue. If that matched user name is also going to be a group name, then use it for the new user too. In other words, allow the following: u foo - u bar -:foo when both foo and bar are new users. Fixes #33547
2024-11-23 02:03:37 +08:00 · 2024-08-05 20:43:15 -04:00 · 2024-08-05 20:43:15 -04:00 · 18a8f03e51
commit 18a8f03e51
parent 92d885d870
4 changed files with 17 additions and 1 deletions
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@ -1439,9 +1439,15 @@ static int process_item(Context *c, Item *i) {
        case ADD_USER: {
                Item *j = NULL;

-                if (!i->gid_set)
+                if (!i->gid_set) {
                        j = ordered_hashmap_get(c->groups, i->group_name ?: i->name);

+                        /* If that's not a match, also check if the group name
+                         * matches a user name in the queue. */
+                        if (!j && i->group_name)
+                                j = ordered_hashmap_get(c->users, i->group_name);
+                }
+
                if (j && j->todo_group) {
                        /* When a group with the target name is already in queue,
                         * use the information about the group and do not create
--- a/test/test-sysusers/test-16.expected-group
+++ b/test/test-sysusers/test-16.expected-group
@ -0,0 +1 @@
+foo:x:SYSTEM_UGID_MAX:
--- a/test/test-sysusers/test-16.expected-passwd
+++ b/test/test-sysusers/test-16.expected-passwd
@ -0,0 +1,2 @@
+foo:x:SYSTEM_UGID_MAX:SYSTEM_UGID_MAX::/:NOLOGIN
+bar:x:300:SYSTEM_UGID_MAX::/:NOLOGIN
--- a/test/test-sysusers/test-16.input
+++ b/test/test-sysusers/test-16.input
@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Test fix for https://github.com/systemd/systemd/issues/33547.
+#
+#Type Name ID
+u     foo  -
+u     bar  300:foo