pw: Ensure group membership is not duplicated

Fix the following problem:

1. A nonexistent user, someuser, is added to somegroup in /etc/group.
2. someuser is then created with membership in somegroup.

The entry for somegroup in /etc/group will then contain

    somegroup:*:12345:someuser,someuser

With this fix, the entry will be

    somegroup:*:12345:someuser

PR:		238995
Reviewed by:	bapt, jrm
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D41076

3 files changed, 6 insertions, 1 deletions

diff --git a/usr.sbin/pw/pw.h b/usr.sbin/pw/pw.h
index fb1ba9a44f84..6eb5a25e56ec 100644
--- a/usr.sbin/pw/pw.h
+++ b/usr.sbin/pw/pw.h
@@ -114,3 +114,5 @@ extern const char *Which[];
 
 uintmax_t strtounum(const char * __restrict, uintmax_t, uintmax_t,
     const char ** __restrict);
+
+bool grp_has_member(struct group *grp, const char *name);
diff --git a/usr.sbin/pw/pw_group.c b/usr.sbin/pw/pw_group.c
index 277763041f0a..48f999d3e1d3 100644
--- a/usr.sbin/pw/pw_group.c
+++ b/usr.sbin/pw/pw_group.c
@@ -418,7 +418,7 @@ pw_group_del(int argc, char **argv, char *arg1)
 	return (EXIT_SUCCESS);
 }
 
-static bool
+bool
 grp_has_member(struct group *grp, const char *name)
 {
 	int j;
diff --git a/usr.sbin/pw/pw_user.c b/usr.sbin/pw/pw_user.c
index bea248c802ed..9029069c6a9f 100644
--- a/usr.sbin/pw/pw_user.c
+++ b/usr.sbin/pw/pw_user.c
@@ -1408,6 +1408,9 @@ pw_user_add(int argc, char **argv, char *arg1)
 	if (cmdcnf->groups != NULL) {
 		for (i = 0; i < cmdcnf->groups->sl_cur; i++) {
 			grp = GETGRNAM(cmdcnf->groups->sl_str[i]);
+			/* gr_add doesn't check if new member is already in group */
+			if (grp_has_member(grp, pwd->pw_name))
+				continue;
 			grp = gr_add(grp, pwd->pw_name);
 			/*
 			 * grp can only be NULL in 2 cases: