Set owner of login protectors to correct user

When the root user creates a login protector for a non-root user, make
sure to chown() the protector file to make it owned by the user.
Without this, the protector cannot be updated by the user, which causes
it to get out of sync if the user changes their login passphrase.

Fixes https://github.com/google/fscrypt/issues/319

1 files changed, 13 insertions, 1 deletions

diff --git a/util/util.go b/util/util.go
index d97a7ae..1dab335 100644
--- a/util/util.go
+++ b/util/util.go
@@ -121,9 +121,14 @@ func AtoiOrPanic(input string) int {
 	return i
 }
 
+// UserFromUID returns the User corresponding to the given user id.
+func UserFromUID(uid int64) (*user.User, error) {
+	return user.LookupId(strconv.FormatInt(uid, 10))
+}
+
 // EffectiveUser returns the user entry corresponding to the effective user.
 func EffectiveUser() (*user.User, error) {
-	return user.LookupId(strconv.Itoa(os.Geteuid()))
+	return UserFromUID(int64(os.Geteuid()))
 }
 
 // IsUserRoot checks if the effective user is root.
@@ -131,6 +136,13 @@ func IsUserRoot() bool {
 	return os.Geteuid() == 0
 }
 
+// Chown changes the owner of a File to a User.
+func Chown(file *os.File, user *user.User) error {
+	uid := AtoiOrPanic(user.Uid)
+	gid := AtoiOrPanic(user.Gid)
+	return file.Chown(uid, gid)
+}
+
 // IsKernelVersionAtLeast returns true if the Linux kernel version is at least
 // major.minor. If something goes wrong it assumes false.
 func IsKernelVersionAtLeast(major, minor int) bool {