aboutsummaryrefslogtreecommitdiff
path: root/pam_fscrypt/run_fscrypt.go
diff options
context:
space:
mode:
Diffstat (limited to 'pam_fscrypt/run_fscrypt.go')
-rw-r--r--pam_fscrypt/run_fscrypt.go18
1 files changed, 10 insertions, 8 deletions
diff --git a/pam_fscrypt/run_fscrypt.go b/pam_fscrypt/run_fscrypt.go
index 3d73e87..c02b05f 100644
--- a/pam_fscrypt/run_fscrypt.go
+++ b/pam_fscrypt/run_fscrypt.go
@@ -115,7 +115,7 @@ func setupLogging(args map[string]bool) io.Writer {
// one exists. This protector descriptor (if found) will be cached in the pam
// data, under descriptorLabel.
func loginProtector(handle *pam.Handle) (*actions.Protector, error) {
- ctx, err := actions.NewContextFromMountpoint("/")
+ ctx, err := actions.NewContextFromMountpoint("/", handle.PamUser)
if err != nil {
return nil, err
}
@@ -125,13 +125,13 @@ func loginProtector(handle *pam.Handle) (*actions.Protector, error) {
if err != nil {
return nil, err
}
+ uid := int64(util.AtoiOrPanic(handle.PamUser.Uid))
for _, option := range options {
- if option.Source() == metadata.SourceType_pam_passphrase &&
- option.UID() == int64(handle.UID) {
+ if option.Source() == metadata.SourceType_pam_passphrase && option.UID() == uid {
return actions.GetProtectorFromOption(ctx, option)
}
}
- return nil, errors.Errorf("no PAM protector for UID=%d on %q", handle.UID, ctx.Mount.Path)
+ return nil, errors.Errorf("no PAM protector for UID=%d on %q", uid, ctx.Mount.Path)
}
// policiesUsingProtector searches all the mountpoints for any policies
@@ -155,9 +155,11 @@ func policiesUsingProtector(protector *actions.Protector) []*actions.Policy {
continue
}
- ctx := &actions.Context{Config: protector.Context.Config, Mount: mount}
+ // Clone context but modify the mountpoint
+ ctx := *protector.Context
+ ctx.Mount = mount
for _, policyDescriptor := range policyDescriptors {
- policy, err := actions.GetPolicy(ctx, policyDescriptor)
+ policy, err := actions.GetPolicy(&ctx, policyDescriptor)
if err != nil {
log.Printf("reading policy: %s", err)
continue
@@ -181,7 +183,7 @@ func AdjustCount(handle *pam.Handle, delta int) (int, error) {
return 0, err
}
- path := filepath.Join(countDirectory, fmt.Sprintf("%d.count", handle.UID))
+ path := filepath.Join(countDirectory, handle.PamUser.Uid+".count")
file, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE, countFilePermissions)
if err != nil {
return 0, err
@@ -199,7 +201,7 @@ func AdjustCount(handle *pam.Handle, delta int) (int, error) {
return 0, err
}
- log.Printf("Session count for UID=%d updated to %d", handle.UID, newCount)
+ log.Printf("Session count for UID=%s updated to %d", handle.PamUser.Uid, newCount)
return newCount, nil
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 17:32:29 +0000