diff options
| author | Joseph Richey <joerichey94@gmail.com> | 2017-09-29 02:52:56 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey94@gmail.com> | 2017-09-29 02:52:56 -0700 |
| commit | 4d9372795e7b53d105f69790c1d9deadbff85458 (patch) | |
| tree | 76a79e8930ba874d06ccb8d3ac152c70e5a5e60a /security/keyring.go | |
| parent | a949b13dac670014c37c7181e368b9c0c7a7f0f5 (diff) | |
security: Add check option to UserKeyringID
Diffstat (limited to 'security/keyring.go')
| -rw-r--r-- | security/keyring.go | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/security/keyring.go b/security/keyring.go index ed723fc..e0e9094 100644 --- a/security/keyring.go +++ b/security/keyring.go @@ -49,7 +49,7 @@ var ( // description. The key ID is returned if we can find the key. An error is // returned if the key does not exist. func FindKey(description string, target *user.User) (int, error) { - keyringID, err := UserKeyringID(target) + keyringID, err := UserKeyringID(target, false) if err != nil { return 0, err } @@ -83,7 +83,7 @@ func RemoveKey(description string, target *user.User) error { // InsertKey puts the provided data into the kernel keyring with the provided // description. func InsertKey(data []byte, description string, target *user.User) error { - keyringID, err := UserKeyringID(target) + keyringID, err := UserKeyringID(target, true) if err != nil { return err } @@ -104,10 +104,10 @@ var ( // UserKeyringID returns the key id of the target user's user keyring. We also // ensure that the keyring will be accessible by linking it into the process -// keyring and linking it into the root user keyring (permissions allowing). An -// error is returned if a normal user requests their user keyring, but it is not -// in the current session keyring. -func UserKeyringID(target *user.User) (int, error) { +// keyring and linking it into the root user keyring (permissions allowing). If +// check_session is true, an error is returned if a normal user requests their +// user keyring, but it is not in the current session keyring. +func UserKeyringID(target *user.User, check_session bool) (int, error) { uid := util.AtoiOrPanic(target.Uid) targetKeyring, err := userKeyringIDLookup(uid) if err != nil { @@ -117,7 +117,7 @@ func UserKeyringID(target *user.User) (int, error) { if !util.IsUserRoot() { // Make sure the returned keyring will be accessible by checking // that it is in the session keyring. - if !isUserKeyringInSession(uid) { + if check_session && !isUserKeyringInSession(uid) { return 0, ErrSessionUserKeying } return targetKeyring, nil |