Do not use mapuser functionality with useradd,userdel,usermod

Ticket: CM-17450
Reviewed By: olson
Testing Done: ran programs with change

The useradd family will not work correctly with the mapuser/mapuid
functionality, and useradd provides no method to force creating
a user that already exists.

So check which program invoked us, using __progname (getprogname() could
also be used for non-glibc use), and return NOTFOUND immediately in that
case.

This is a major hack, but it's simple, and avoids a significant issue.

Unfortunately, the RADIUS protocol gives us no way to determine that
an account name is valid without also authenticating, and libnss plugins
do not have the ability to authenticate.

1 files changed, 17 insertions, 0 deletions

diff --git a/nss_mapuid.c b/nss_mapuid.c
index 7b8faa7..f97b28e 100644
--- a/nss_mapuid.c
+++ b/nss_mapuid.c
@@ -53,6 +53,13 @@ static const char *nssname = "nss_mapuid"; /* for syslogs */
 static const char dbdir[] = "/run/mapuser/";
 
 /*
+ * If you aren't using glibc or a variant that supports this,
+ * and you have a system that supports the BSD getprogname(),
+ * you can replace this use with getprogname()
+ */
+extern const char *__progname;
+
+/*
  * Read the requested session file (in the dbdir by intent), verify the
  * uid matches, and setup the passwd structure with the username found
  * in the file.
@@ -185,6 +192,16 @@ enum nss_status _nss_mapuid_getpwuid_r(uid_t uid, struct passwd *pw,
     enum nss_status status = NSS_STATUS_NOTFOUND;
     uint32_t session;
 
+    /*
+     * the useradd family will not add/mod/del users correctly with
+     * the mapuid functionality, so return immediately if we are
+     * running as part of those processes.
+     */
+    if (__progname && (!strcmp(__progname, "useradd") || 
+        !strcmp(__progname, "usermod") || 
+        !strcmp(__progname, "userdel")))
+        return status;
+
     /*  this can happen for permission reasons, do don't complain except
      *  at debug */
     if (nss_mapuser_config(errnop, nssname) == 1) {