From 4d9372795e7b53d105f69790c1d9deadbff85458 Mon Sep 17 00:00:00 2001 From: Joseph Richey Date: Fri, 29 Sep 2017 02:52:56 -0700 Subject: security: Add check option to UserKeyringID --- security/keyring.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'security') diff --git a/security/keyring.go b/security/keyring.go index ed723fc..e0e9094 100644 --- a/security/keyring.go +++ b/security/keyring.go @@ -49,7 +49,7 @@ var ( // description. The key ID is returned if we can find the key. An error is // returned if the key does not exist. func FindKey(description string, target *user.User) (int, error) { - keyringID, err := UserKeyringID(target) + keyringID, err := UserKeyringID(target, false) if err != nil { return 0, err } @@ -83,7 +83,7 @@ func RemoveKey(description string, target *user.User) error { // InsertKey puts the provided data into the kernel keyring with the provided // description. func InsertKey(data []byte, description string, target *user.User) error { - keyringID, err := UserKeyringID(target) + keyringID, err := UserKeyringID(target, true) if err != nil { return err } @@ -104,10 +104,10 @@ var ( // UserKeyringID returns the key id of the target user's user keyring. We also // ensure that the keyring will be accessible by linking it into the process -// keyring and linking it into the root user keyring (permissions allowing). An -// error is returned if a normal user requests their user keyring, but it is not -// in the current session keyring. -func UserKeyringID(target *user.User) (int, error) { +// keyring and linking it into the root user keyring (permissions allowing). If +// check_session is true, an error is returned if a normal user requests their +// user keyring, but it is not in the current session keyring. +func UserKeyringID(target *user.User, check_session bool) (int, error) { uid := util.AtoiOrPanic(target.Uid) targetKeyring, err := userKeyringIDLookup(uid) if err != nil { @@ -117,7 +117,7 @@ func UserKeyringID(target *user.User) (int, error) { if !util.IsUserRoot() { // Make sure the returned keyring will be accessible by checking // that it is in the session keyring. - if !isUserKeyringInSession(uid) { + if check_session && !isUserKeyringInSession(uid) { return 0, ErrSessionUserKeying } return targetKeyring, nil -- cgit v1.2.3