diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-07-17 17:30:46 -0700 |
|---|---|---|
| committer | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-07-17 17:30:46 -0700 |
| commit | 1a4a020ad5766fce3b3ad719d85593a3e8159733 (patch) | |
| tree | ca9476a0aecaf79cfc8716875db073ea54d5f748 /cmd/fscrypt/keys.go | |
| parent | bd12a36ca860f8de5beb5095b7d97510363b7cc7 (diff) | |
cmd/fscrypt: username and login token fix
The commit changes how we get the username representation, and uses the
new pam API for checking the proposed login token.
Diffstat (limited to 'cmd/fscrypt/keys.go')
| -rw-r--r-- | cmd/fscrypt/keys.go | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/cmd/fscrypt/keys.go b/cmd/fscrypt/keys.go index 820ddec..65360a9 100644 --- a/cmd/fscrypt/keys.go +++ b/cmd/fscrypt/keys.go @@ -125,7 +125,7 @@ func makeKeyFunc(supportRetry, shouldConfirm bool, prefix string) actions.KeyFun switch info.Source() { case metadata.SourceType_pam_passphrase: prompt := fmt.Sprintf("Enter %slogin passphrase for %s: ", - prefix, getUsername(info.UID())) + prefix, formatUsername(info.UID())) key, err := getPassphraseKey(prompt) if err != nil { return nil, err @@ -134,15 +134,16 @@ func makeKeyFunc(supportRetry, shouldConfirm bool, prefix string) actions.KeyFun // To confirm, check that the passphrase is the user's // login passphrase. if shouldConfirm { - username := getUsername(info.UID()) - ok, err := pam.IsUserLoginToken(username, key) + username, err := usernameFromID(info.UID()) if err != nil { key.Wipe() return nil, err } - if !ok { + + err = pam.IsUserLoginToken(username, key, quietFlag.Value) + if err != nil { key.Wipe() - return nil, ErrPAMPassphrase + return nil, err } } return key, nil |