From 0d71b6340a0ad6c49cac828b77e9e6f8d2c52b63 Mon Sep 17 00:00:00 2001
From: Lix Luthor <689071+rezemble@users.noreply.github.com>
Date: Sat, 18 Jan 2025 13:55:26 +0100
Subject: [PATCH] only activate groups for users with passwd entry

---
 icinga-app/icinga.cpp | 45 +++++++++++++++++--------------------------
 1 file changed, 18 insertions(+), 27 deletions(-)

diff --git a/icinga-app/icinga.cpp b/icinga-app/icinga.cpp
index 1811c8e0740..bca6aa2e4c1 100644
--- a/icinga-app/icinga.cpp
+++ b/icinga-app/icinga.cpp
@@ -606,34 +606,25 @@ static int Main()
 			errno = 0;
 			struct passwd *pw = getpwnam(user.CStr());
 
-			if (!pw) {
-				if (errno == 0) {
-					Log(LogCritical, "cli")
-						<< "Invalid user specified: " << user;
-					return EXIT_FAILURE;
-				} else {
-					Log(LogCritical, "cli")
-						<< "getpwnam() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-					return EXIT_FAILURE;
-				}
-			}
-
-			// also activate the additional groups the configured user is member of
-			if (getuid() != pw->pw_uid) {
-				if (!vm.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
-					Log(LogCritical, "cli")
-						<< "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-					Log(LogCritical, "cli")
-						<< "Please re-run this command as a privileged user or using the \"" << user << "\" account.";
-					return EXIT_FAILURE;
-				}
+			// only respect groups if there exists a passwd entry for the current user
+			if (pw) {
+				// also activate the additional groups the configured user is member of
+				if (getuid() != pw->pw_uid) {
+					if (!vm.count("reload-internal") && initgroups(user.CStr(), pw->pw_gid) < 0) {
+						Log(LogCritical, "cli")
+							<< "initgroups() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+						Log(LogCritical, "cli")
+							<< "Please re-run this command as a privileged user or using the \"" << user << "\" account.";
+						return EXIT_FAILURE;
+					}
 
-				if (setuid(pw->pw_uid) < 0) {
-					Log(LogCritical, "cli")
-						<< "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
-					Log(LogCritical, "cli")
-						<< "Please re-run this command as a privileged user or using the \"" << user << "\" account.";
-					return EXIT_FAILURE;
+					if (setuid(pw->pw_uid) < 0) {
+						Log(LogCritical, "cli")
+							<< "setuid() failed with error code " << errno << ", \"" << Utility::FormatErrorNumber(errno) << "\"";
+						Log(LogCritical, "cli")
+							<< "Please re-run this command as a privileged user or using the \"" << user << "\" account.";
+						return EXIT_FAILURE;
+					}
 				}
 			}
 		}