diff options
| author | Joseph Richey <joerichey@google.com> | 2017-08-31 14:51:55 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-31 14:51:55 -0700 |
| commit | b04d7ef31dc2e21f055b1b656efb9511e72db6c6 (patch) | |
| tree | 04daee42d94ddda55d956e72f44bafec0ef6dde1 /actions/protector.go | |
| parent | 5285a8c451ef660f932e9f1823ad7da52ad25b74 (diff) | |
| parent | f1bd511fff8e411687001bd8e76e8a41c9f5ff41 (diff) | |
Merge pull request #52 from google/keyrings
Changes to the keyrings interface, corresponding UI changes, and misc changes
Diffstat (limited to 'actions/protector.go')
| -rw-r--r-- | actions/protector.go | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/actions/protector.go b/actions/protector.go index 5245951..ffc3c43 100644 --- a/actions/protector.go +++ b/actions/protector.go @@ -22,12 +22,12 @@ package actions import ( "fmt" "log" - "os" "github.com/pkg/errors" "github.com/google/fscrypt/crypto" "github.com/google/fscrypt/metadata" + "github.com/google/fscrypt/util" ) // Errors relating to Protectors @@ -54,17 +54,17 @@ func checkForProtectorWithName(ctx *Context, name string) error { return nil } -// checkForProtectorWithUid returns an error if there is already a login -// protector on the filesystem with a specific UID (or if we cannot read the +// checkIfUserHasLoginProtector returns an error if there is already a login +// protector on the filesystem for a specific user (or if we cannot read the // necessary data). -func checkForProtectorWithUID(ctx *Context, uid int64) error { +func checkIfUserHasLoginProtector(ctx *Context, uid int64) error { options, err := ctx.ProtectorOptions() if err != nil { return err } for _, option := range options { if option.Source() == metadata.SourceType_pam_passphrase && option.UID() == uid { - return errors.Wrapf(ErrDuplicateUID, "uid %d", uid) + return errors.Wrapf(ErrDuplicateUID, "user %q", ctx.TargetUser.Username) } } return nil @@ -121,9 +121,9 @@ func CreateProtector(ctx *Context, name string, keyFn KeyFunc) (*Protector, erro case metadata.SourceType_pam_passphrase: // As the pam passphrases are user specific, we also store the // UID for this kind of source. - protector.data.Uid = int64(os.Getuid()) + protector.data.Uid = int64(util.AtoiOrPanic(ctx.TargetUser.Uid)) // Make sure we aren't duplicating protectors - if err := checkForProtectorWithUID(ctx, protector.data.Uid); err != nil { + if err := checkIfUserHasLoginProtector(ctx, protector.data.Uid); err != nil { return nil, err } fallthrough @@ -180,7 +180,7 @@ func GetProtectorFromOption(ctx *Context, option *ProtectorOption) (*Protector, // Replace the context if this is a linked protector if option.LinkedMount != nil { - ctx = &Context{ctx.Config, option.LinkedMount} + ctx = &Context{ctx.Config, option.LinkedMount, ctx.TargetUser} } return &Protector{Context: ctx, data: option.data}, nil } |