From dad0a047cefc79cbe664afc07d69db6b8bf123bd Mon Sep 17 00:00:00 2001 From: Joe Richey Date: Wed, 30 Aug 2017 18:00:04 -0700 Subject: actions: context now hold a target user.User This user is used with policies to interface with the keryings and with protectors to indicate which user's login passphrase should be used to protectors of type pam_passphrase. --- actions/policy.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'actions/policy.go') diff --git a/actions/policy.go b/actions/policy.go index 461f8cc..510afa1 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -57,7 +57,7 @@ func PurgeAllPolicies(ctx *Context) error { for _, policyDescriptor := range policies { service := ctx.getService() - err = security.RemoveKey(service + policyDescriptor) + err = security.RemoveKey(service+policyDescriptor, ctx.TargetUser) switch errors.Cause(err) { case nil, security.ErrKeyringSearch: @@ -372,7 +372,7 @@ func (policy *Policy) Apply(path string) error { // IsProvisioned returns a boolean indicating if the policy has its key in the // keyring, meaning files and directories using this policy are accessible. func (policy *Policy) IsProvisioned() bool { - _, err := security.FindKey(policy.Description()) + _, err := security.FindKey(policy.Description(), policy.Context.TargetUser) return err == nil } @@ -382,13 +382,13 @@ func (policy *Policy) Provision() error { if policy.key == nil { return ErrLocked } - return crypto.InsertPolicyKey(policy.key, policy.Description()) + return crypto.InsertPolicyKey(policy.key, policy.Description(), policy.Context.TargetUser) } // Deprovision removes the Policy key from the kernel keyring. This prevents // reading and writing to the directory once the caches are cleared. func (policy *Policy) Deprovision() error { - return security.RemoveKey(policy.Description()) + return security.RemoveKey(policy.Description(), policy.Context.TargetUser) } // commitData writes the Policy's current data to the filesystem. -- cgit v1.2.3