Adduser devel - Feb 2006 - Bug#352225: adduser: severe problem in existing_user_ok()

Package: adduser
Version: 3.82
Severity: grave
Justification: renders package unusable

Severity is set to grave because it breaks one of the two core
functionalities of adduser, and one that is used by most postinst scripts
that use adduser, to boot.

Adduser is failing to correctly deal with a pre-existing system user when
asked to update it (with no modifications, even!).  This is caused by a bug
in existing_user_ok.

How to reproduce:

Excerpt of /etc/adduser.conf:
# FIRST_SYSTEM_UID to LAST_SYSTEM_UID inclusive is the range for UIDs
# for dynamically allocated administrative and system accounts.
FIRST_SYSTEM_UID=100
LAST_SYSTEM_UID=999

# FIRST_UID to LAST_UID inclusive is the range of UIDs of dynamically
# allocated user accounts.
FIRST_UID=1000
LAST_UID=29999

# The USERGROUPS variable can be either "yes" or "no".  If
"yes" each
# created user will be given their own group to use as a default, and
# their home directories will be g+s.  If "no", each created user will
# be placed in the group whose gid is USERS_GID (see below).
USERGROUPS=yes

Description of the bug:

# getent passwd hplip
hplip:x:125:7:HPLIP system user,,,:/var/run/hplip:/bin/false

# getent group lp
lp:x:7:lp

# adduser --system --ingroup lp --home /var/run/hplip --gecos ''HPLIP
system user'' --shell /bin/false --disabled-password hplip ; echo $?
adduser: Warning: The home dir you specified already exists.
The user `hplip'' already exists with a different uid. Aborting
1

The bug is in routine existing_user_ok.  It must not return 2 if $new_uid is
undefined.  In that case, only 0 and 1 are valid results.

I miss a third return value, "3" for users which exist but are not in
the
system range (which is a valid result independent of $new_uid being defined
or not).  It is useful to generate a printf (gtx("The user `%s''
already
exists as a non-system user. Aborting\n"), $new_name) error message.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, ''unstable'')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15.2-debian2+bluesmoke+lm85
Locale: LANG=pt_BR.ISO-8859-1, LC_CTYPE=pt_BR.ISO-8859-1 (charmap=ISO-8859-1)

Versions of packages adduser depends on:
ii  debconf [debconf-2.0]         1.4.70     Debian configuration management sy
ii  passwd                        1:4.0.14-5 change and administer password and
ii  perl-base                     5.8.8-1    The Pathologically Eclectic Rubbis

adduser recommends no packages.

-- debconf information:
* adduser/homedir-permission: true

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Your message dated Sun, 12 Feb 2006 08:17:07 -0800
with message-id <E1F8JuN-0005LN-Q5@spohr.debian.org>
and subject line Bug#352225: fixed in adduser 3.83
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

-------------- next part --------------
An embedded message was scrubbed...
From: Henrique de Moraes Holschuh <hmh@debian.org>
Subject: adduser: severe problem in existing_user_ok()
Date: Fri, 10 Feb 2006 12:54:04 -0200
Size: 5037
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060212/e8caa16d/attachment-0002.mht
-------------- next part --------------
An embedded message was scrubbed...
From: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Bug#352225: fixed in adduser 3.83
Date: Sun, 12 Feb 2006 08:17:07 -0800
Size: 3439
Url:
http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060212/e8caa16d/attachment-0003.mht