diff options
| author | Joseph Richey <joerichey94@gmail.com> | 2017-09-01 00:55:22 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey94@gmail.com> | 2017-09-01 00:55:22 -0700 |
| commit | 079ee257d27e28b166965f1fa0136f694598b6c7 (patch) | |
| tree | ff9b10a09dbc83cc7c63a4c8523328abb00b1edf /cmd/fscrypt | |
| parent | 1ce72a7367967152948dbe332ea8d9834f194c27 (diff) | |
cmd/fscrypt: Check that keyrings are setup
Chaning the --user flag to (optionally) check for a proper keyring setup
allows us to fail early in cases where we need a working keyring.
Diffstat (limited to 'cmd/fscrypt')
| -rw-r--r-- | cmd/fscrypt/commands.go | 8 | ||||
| -rw-r--r-- | cmd/fscrypt/flags.go | 21 |
2 files changed, 18 insertions, 11 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 43c9cb0..fd90626 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -119,7 +119,7 @@ func encryptAction(c *cli.Context) error { // keyring unless --skip-unlock is used. On failure, an error is returned, any // metadata creation is reverted, and the directory is unmodified. func encryptPath(path string) (err error) { - target, err := parseUserFlag() + target, err := parseUserFlag(!skipUnlockFlag.Value) if err != nil { return } @@ -274,7 +274,7 @@ func unlockAction(c *cli.Context) error { return expectedArgsErr(c, 1, false) } - target, err := parseUserFlag() + target, err := parseUserFlag(true) if err != nil { return newExitError(c, err) } @@ -357,7 +357,7 @@ func purgeAction(c *cli.Context) error { } } - target, err := parseUserFlag() + target, err := parseUserFlag(true) if err != nil { return newExitError(c, err) } @@ -507,7 +507,7 @@ func createProtectorAction(c *cli.Context) error { return expectedArgsErr(c, 1, false) } - target, err := parseUserFlag() + target, err := parseUserFlag(false) if err != nil { return newExitError(c, err) } diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index e883a6d..af03ad2 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -33,6 +33,7 @@ import ( "github.com/urfave/cli" "github.com/google/fscrypt/actions" + "github.com/google/fscrypt/security" "github.com/google/fscrypt/util" ) @@ -283,17 +284,23 @@ func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, er // parseUserFlag returns the user specified by userFlag or the current effective // user if the flag value is missing. If the effective user is root, however, a -// user must specified in the flag. -func parseUserFlag() (*user.User, error) { +// user must specified in the flag. If checkKeyring is true, we also make sure +// there are no problems accessing the user keyring. +func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) { if userFlag.Value != "" { - return user.Lookup(userFlag.Value) + targetUser, err = user.Lookup(userFlag.Value) + } else { + if util.IsUserRoot() { + return nil, ErrSpecifyUser + } + targetUser, err = util.EffectiveUser() } - effectiveUser, err := util.EffectiveUser() if err != nil { return nil, err } - if util.IsUserRoot() { - return nil, ErrSpecifyUser + + if checkKeyring { + _, err = security.UserKeyringID(targetUser) } - return effectiveUser, nil + return targetUser, err } |