From 1a4a020ad5766fce3b3ad719d85593a3e8159733 Mon Sep 17 00:00:00 2001
From: "Joe Richey joerichey@google.com" <joerichey@google.com>
Date: Mon, 17 Jul 2017 17:30:46 -0700
Subject: cmd/fscrypt: username and login token fix

The commit changes how we get the username representation, and uses the
new pam API for checking the proposed login token.
---
 cmd/fscrypt/keys.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'cmd/fscrypt/keys.go')

diff --git a/cmd/fscrypt/keys.go b/cmd/fscrypt/keys.go
index 820ddec..65360a9 100644
--- a/cmd/fscrypt/keys.go
+++ b/cmd/fscrypt/keys.go
@@ -125,7 +125,7 @@ func makeKeyFunc(supportRetry, shouldConfirm bool, prefix string) actions.KeyFun
 		switch info.Source() {
 		case metadata.SourceType_pam_passphrase:
 			prompt := fmt.Sprintf("Enter %slogin passphrase for %s: ",
-				prefix, getUsername(info.UID()))
+				prefix, formatUsername(info.UID()))
 			key, err := getPassphraseKey(prompt)
 			if err != nil {
 				return nil, err
@@ -134,15 +134,16 @@ func makeKeyFunc(supportRetry, shouldConfirm bool, prefix string) actions.KeyFun
 			// To confirm, check that the passphrase is the user's
 			// login passphrase.
 			if shouldConfirm {
-				username := getUsername(info.UID())
-				ok, err := pam.IsUserLoginToken(username, key)
+				username, err := usernameFromID(info.UID())
 				if err != nil {
 					key.Wipe()
 					return nil, err
 				}
-				if !ok {
+
+				err = pam.IsUserLoginToken(username, key, quietFlag.Value)
+				if err != nil {
 					key.Wipe()
-					return nil, ErrPAMPassphrase
+					return nil, err
 				}
 			}
 			return key, nil
-- 
cgit v1.2.3