sysusers: do not reject users with already present /etc/shadow entries
This is needed to interoperate firstboot and sysusers. The former one is started first, and it writes only /etc/shadow when it is told to set the root password. It's better to relax checks here than to duplicate functionality in firstboot.
This commit is contained in:
parent
ad525df851
commit
c5abf22514
|
@ -603,6 +603,8 @@ static int write_files(void) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
goto finish;
|
goto finish;
|
||||||
|
|
||||||
|
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
|
||||||
|
|
||||||
original = fopen(shadow_path, "re");
|
original = fopen(shadow_path, "re");
|
||||||
if (original) {
|
if (original) {
|
||||||
struct spwd *sp;
|
struct spwd *sp;
|
||||||
|
@ -616,8 +618,13 @@ static int write_files(void) {
|
||||||
|
|
||||||
i = hashmap_get(users, sp->sp_namp);
|
i = hashmap_get(users, sp->sp_namp);
|
||||||
if (i && i->todo_user) {
|
if (i && i->todo_user) {
|
||||||
r = -EEXIST;
|
/* we will update the existing entry */
|
||||||
goto finish;
|
sp->sp_lstchg = lstchg;
|
||||||
|
|
||||||
|
/* only the /etc/shadow stage is left, so we can
|
||||||
|
* safely remove the item from the todo set */
|
||||||
|
i->todo_user = false;
|
||||||
|
hashmap_remove(todo_uids, UID_TO_PTR(i->uid));
|
||||||
}
|
}
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
|
@ -640,7 +647,6 @@ static int write_files(void) {
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
lstchg = (long) (now(CLOCK_REALTIME) / USEC_PER_DAY);
|
|
||||||
HASHMAP_FOREACH(i, todo_uids, iterator) {
|
HASHMAP_FOREACH(i, todo_uids, iterator) {
|
||||||
struct spwd n = {
|
struct spwd n = {
|
||||||
.sp_namp = i->name,
|
.sp_namp = i->name,
|
||||||
|
@ -877,7 +883,6 @@ static int add_user(Item *i) {
|
||||||
|
|
||||||
if (!arg_root) {
|
if (!arg_root) {
|
||||||
struct passwd *p;
|
struct passwd *p;
|
||||||
struct spwd *sp;
|
|
||||||
|
|
||||||
/* Also check NSS */
|
/* Also check NSS */
|
||||||
errno = 0;
|
errno = 0;
|
||||||
|
@ -893,16 +898,6 @@ static int add_user(Item *i) {
|
||||||
}
|
}
|
||||||
if (!IN_SET(errno, 0, ENOENT))
|
if (!IN_SET(errno, 0, ENOENT))
|
||||||
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
|
return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
|
||||||
|
|
||||||
/* And shadow too, just to be sure */
|
|
||||||
errno = 0;
|
|
||||||
sp = getspnam(i->name);
|
|
||||||
if (sp) {
|
|
||||||
log_error("User %s already exists in shadow database, but not in user database.", i->name);
|
|
||||||
return -EBADMSG;
|
|
||||||
}
|
|
||||||
if (!IN_SET(errno, 0, ENOENT))
|
|
||||||
return log_error_errno(errno, "Failed to check if user %s already exists in shadow database: %m", i->name);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Try to use the suggested numeric uid */
|
/* Try to use the suggested numeric uid */
|
||||||
|
|
Loading…
Reference in a new issue