daemon: Don't try to add admin users to non existing groups

The extra admin groups list is a build-time option, but there is no guarantee the groups are available on the installed system. Currently if an extra admin group is missing on the system, accountsservice's will fail to create users because the underlying useradd call will fail. This commit fixes the issue, by pre-validating the extra admin groups list.
author: Sebastien Bacher <seb128@ubuntu.com> 2022-01-25 16:44:12 +0100
committer: Ray Strode <rstrode@redhat.com> 2022-01-27 09:57:46 -0500
commit: b5903d5ae36f022117fe9b0c5308525c39cf5dc2 (patch)
tree: b96b1a079bbf2e7ec6e17ee9b3b3008540a47200 /src
parent: ac9b14f1c1bbca413987d0bbfeaad05804107e9a (diff)
download: accountsservice-b5903d5ae36f022117fe9b0c5308525c39cf5dc2.tar.gz
1 files changed, 19 insertions, 5 deletions
diff --git a/src/daemon.c b/src/daemon.c
index 1760ef2..c8b6320 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -27,6 +27,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <grp.h>
 #include <sys/wait.h>
 #include <pwd.h>
 #ifdef HAVE_SHADOW_H
@@ -1106,11 +1107,24 @@ daemon_create_user_authorized_cb (Daemon                *daemon,
         argv[2] = "-c";
         argv[3] = cd->real_name;
         if (cd->account_type == ACCOUNT_TYPE_ADMINISTRATOR) {
-                if (EXTRA_ADMIN_GROUPS != NULL && EXTRA_ADMIN_GROUPS[0] != '\0')
-                        admin_groups = g_strconcat (ADMIN_GROUP, ",",
-                                                    EXTRA_ADMIN_GROUPS, NULL);
-                else
-                        admin_groups = g_strdup (ADMIN_GROUP);
+                g_auto(GStrv) admin_groups_array = NULL;
+                g_autoptr(GStrvBuilder) admin_groups_builder = g_strv_builder_new ();
+
+                g_strv_builder_add (admin_groups_builder, ADMIN_GROUP);
+
+                if (EXTRA_ADMIN_GROUPS != NULL && EXTRA_ADMIN_GROUPS[0] != '\0') {
+                        g_auto(GStrv) extra_admin_groups = NULL;
+                        extra_admin_groups = g_strsplit (EXTRA_ADMIN_GROUPS, ",", 0);
+
+                        for (gsize i = 0; extra_admin_groups[i] != NULL; i++) {
+                                if (getgrnam (extra_admin_groups[i]) != NULL)
+                                        g_strv_builder_add (admin_groups_builder, extra_admin_groups[i]);
+                                else
+                                        g_warning ("Extra admin group %s doesn’t exist: not adding the user to it", extra_admin_groups[i]);
+                        }
+                }
+                admin_groups_array = g_strv_builder_end (admin_groups_builder);
+                admin_groups = g_strjoinv (",", admin_groups_array);
 
                 argv[4] = "-G";
                 argv[5] = admin_groups;
author	Sebastien Bacher <seb128@ubuntu.com>	2022-01-25 16:44:12 +0100
committer	Ray Strode <rstrode@redhat.com>	2022-01-27 09:57:46 -0500
commit	b5903d5ae36f022117fe9b0c5308525c39cf5dc2 (patch)
tree	b96b1a079bbf2e7ec6e17ee9b3b3008540a47200 /src
parent	ac9b14f1c1bbca413987d0bbfeaad05804107e9a (diff)
download	accountsservice-b5903d5ae36f022117fe9b0c5308525c39cf5dc2.tar.gz