diff options
| author | Joseph Richey <joerichey94@gmail.com> | 2017-10-19 03:15:28 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey94@gmail.com> | 2017-10-19 03:34:51 -0700 |
| commit | b7de8535f899f2b88d61f4f1264fe6a272196536 (patch) | |
| tree | 4caf8a0e426caf45440b5115664baba12749a11f /cmd/fscrypt/flags.go | |
| parent | 7885d63f644bb49d8da1d8313d5f4870d586a9c1 (diff) | |
util: Add better user lookup functions
When looking up users in fscrypt, we often want to proceed even if the
requested uid doesn't appear to be a valid user on the system. This
mainly occurs when a user is deleted, but they still have a login
protector on disk.
Thus, GetUser() with a bad uid creates a fake user with a pretty
placeholder name. The corresponding call sites of util.EffectiveUser are
changed (often simplifying logic). Various documentation is updated and
typos are fixed.
Diffstat (limited to 'cmd/fscrypt/flags.go')
| -rw-r--r-- | cmd/fscrypt/flags.go | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index 5137eff..b6eb446 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -282,25 +282,27 @@ func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, er return actions.GetPolicy(ctx, descriptor) } -// parseUserFlag returns the user specified by userFlag or the current effective -// user if the flag value is missing. If the effective user is root, however, a -// user must specified in the flag. If checkKeyring is true, we also make sure -// there are no problems accessing the user keyring. +// parseUserFlag returns the user specified by userFlag or the current user if +// the flag is not given. If the effective user is root, however, a user must be +// specified in the flag. If checkKeyring is true, we also make sure there are +// no problems accessing the user keyring. func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) { if userFlag.Value != "" { - targetUser, err = user.Lookup(userFlag.Value) + if targetUser, err = user.Lookup(userFlag.Value); err != nil { + return nil, err + } } else { - if util.IsUserRoot() { + targetID := util.CurrentUserID() + if targetID == 0 { return nil, ErrSpecifyUser } - targetUser, err = util.EffectiveUser() - } - if err != nil { - return nil, err + targetUser = util.GetUser(targetID) } if checkKeyring { - _, err = security.UserKeyringID(targetUser, true) + if _, err = security.UserKeyringID(targetUser, true); err != nil { + return nil, err + } } - return targetUser, err + return targetUser, nil } |