diff options
| author | Joseph Richey <joerichey@google.com> | 2017-09-01 02:23:53 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-09-01 02:23:53 -0700 |
| commit | 0879b8ffcbbac29c282084eea2888194371113fa (patch) | |
| tree | 8ff0b3562affc308939788c5e54708e284a014da /cmd/fscrypt/flags.go | |
| parent | b04d7ef31dc2e21f055b1b656efb9511e72db6c6 (diff) | |
| parent | 0dfbbf62fae3d4051dd5f0686835ac393f8a0247 (diff) | |
Fixed failures in PAM module
Diffstat (limited to 'cmd/fscrypt/flags.go')
| -rw-r--r-- | cmd/fscrypt/flags.go | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index e883a6d..af03ad2 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -33,6 +33,7 @@ import ( "github.com/urfave/cli" "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/security" "github.com/google/fscrypt/util" ) @@ -283,17 +284,23 @@ func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, er // parseUserFlag returns the user specified by userFlag or the current effective // user if the flag value is missing. If the effective user is root, however, a -// user must specified in the flag. -func parseUserFlag() (*user.User, error) { +// user must specified in the flag. If checkKeyring is true, we also make sure +// there are no problems accessing the user keyring. +func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) { if userFlag.Value != "" { - return user.Lookup(userFlag.Value) + targetUser, err = user.Lookup(userFlag.Value) + } else { + if util.IsUserRoot() { + return nil, ErrSpecifyUser + } + targetUser, err = util.EffectiveUser() } - effectiveUser, err := util.EffectiveUser() if err != nil { return nil, err } - if util.IsUserRoot() { - return nil, ErrSpecifyUser + + if checkKeyring { + _, err = security.UserKeyringID(targetUser) } - return effectiveUser, nil + return targetUser, err } |