From 272558f3afaab90a32b31ec8907c2d443e79922b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= <jerome.lebleu@mailoo.org>
Date: Fri, 12 Sep 2014 13:07:29 +0200
Subject: [PATCH] [fix] Prevent user creation if username exists in system
 users

---
 locales/en.json |  1 +
 locales/fr.json |  1 +
 user.py         | 11 +++++++++++
 3 files changed, 13 insertions(+)

diff --git a/locales/en.json b/locales/en.json
index be8c4c752..56da1da88 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -132,6 +132,7 @@
     "mail_alias_remove_failed" : "Unable to remove mail alias '{:s}'",
     "mail_forward_remove_failed" : "Unable to remove mail forward '{:s}'",
     "user_unknown" : "Unknown user",
+    "system_username_exists" : "Username already exists in the system users",
     "user_creation_failed" : "Unable to create user",
     "user_created" : "User successfully created",
     "user_deletion_failed" : "Unable to delete user",
diff --git a/locales/fr.json b/locales/fr.json
index d4c092e54..874485d3f 100644
--- a/locales/fr.json
+++ b/locales/fr.json
@@ -131,6 +131,7 @@
     "mail_domain_unknown" : "Domaine '{:s}' de l'adresse mail inconnu",
     "mail_alias_remove_failed" : "Impossible de supprimer l'adresse mail supplémentaire '{:s}'",
     "mail_forward_remove_failed" : "Impossible de supprimer l'adresse mail de transfert '{:s}'",
+    "system_username_exists" : "Le nom d'utilisateur existe déjà dans les utilisateurs système",
     "user_unknown" : "Utilisateur inconnu",
     "user_creation_failed" : "Impossible de créer l'utilisateur",
     "user_created" : "Utilisateur créé avec succès",
diff --git a/user.py b/user.py
index 0d6a46f48..15ac62d2d 100644
--- a/user.py
+++ b/user.py
@@ -96,15 +96,26 @@ def user_create(auth, username, firstname, lastname, mail, password):
         password
 
     """
+    import pwd
     from yunohost.domain import domain_list
     from yunohost.hook import hook_callback
     from yunohost.app import app_ssowatconf
 
+    # Validate uniqueness of username and mail in LDAP
     auth.validate_uniqueness({
         'uid'       : username,
         'mail'      : mail
     })
 
+    # Validate uniqueness of username in system users
+    try:
+        pwd.getpwnam(username)
+    except KeyError:
+        pass
+    else:
+        raise MoulinetteError(errno.EEXIST, m18n.n('system_username_exists'))
+
+    # Check that the mail domain exists
     if mail[mail.find('@')+1:] not in domain_list(auth)['domains']:
         raise MoulinetteError(errno.EINVAL,
                               m18n.n('mail_domain_unknown',