This repository has been archived by the owner on Feb 24, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 887
/
resolver.go
143 lines (117 loc) · 3.61 KB
/
resolver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// Copyright 2016 The rkt Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package user
import (
"errors"
"fmt"
"path/filepath"
"strconv"
"strings"
"syscall"
"github.com/coreos/rkt/pkg/group"
"github.com/coreos/rkt/pkg/passwd"
"github.com/hashicorp/errwrap"
)
// Resolver defines the interface for resolving a UID/GID.
type Resolver interface {
IDs() (uid int, gid int, err error)
}
type idsFromEtc struct {
rootPath string
username string
group string
}
// IDsFromEtc returns a new UID/GID resolver by parsing etc/passwd, and etc/group
// relative from the given rootPath looking for the given username, or group.
// If username is empty string the etc/passwd lookup will be omitted.
// If group is empty string the etc/group lookup will be omitted.
func IDsFromEtc(rootPath, username, group string) (Resolver, error) {
return idsFromEtc{
rootPath: rootPath,
username: username,
group: group,
}, nil
}
func (e idsFromEtc) IDs() (uid int, gid int, err error) {
uid, gid = -1, -1
uid, err = passwd.LookupUidFromFile(
e.username,
filepath.Join(e.rootPath, "etc/passwd"),
)
if e.username != "" && err != nil {
return
}
gid, err = group.LookupGidFromFile(
e.group,
filepath.Join(e.rootPath, "etc/group"),
)
if e.group != "" && err != nil {
return
}
return uid, gid, nil
}
type idsFromStat struct {
path string
r *UidRange
}
// IDsFromStat returns a new UID/GID resolver deriving the UID/GID from file attributes
// and unshifts the UID/GID if the given range is not nil.
// If the given id does not start with a slash "/" an error is returned.
func IDsFromStat(rootPath, file string, r *UidRange) (Resolver, error) {
if strings.HasPrefix(file, "/") {
return idsFromStat{filepath.Join(rootPath, file), r}, nil
}
return nil, fmt.Errorf("invalid filename %q", file)
}
func (s idsFromStat) IDs() (int, int, error) {
var stat syscall.Stat_t
if err := syscall.Lstat(s.path, &stat); err != nil {
return -1, -1, errwrap.Wrap(
fmt.Errorf("unable to stat file %q", s.path),
err,
)
}
if s.r == nil {
return int(stat.Uid), int(stat.Gid), nil
}
uid, _, err := s.r.UnshiftRange(stat.Uid, stat.Gid)
if err != nil {
return -1, -1, errwrap.Wrap(errors.New("unable to determine real uid"), err)
}
_, gid, err := s.r.UnshiftRange(stat.Uid, stat.Gid)
if err != nil {
return -1, -1, errwrap.Wrap(errors.New("unable to determine real gid"), err)
}
return int(uid), int(gid), nil
}
// numericIDs is the struct that always resolves to uid=i and gid=i.
type numericIDs struct {
i int
}
// NumericIDs returns a resolver that will resolve constant UID/GID values.
// If the given id equals to "root" the resolver always resolves UID=0 and GID=0.
// If the given id is a numeric literal i it always resolves UID=i and GID=i.
// If the given id is neither "root" nor a numeric literal an error is returned.
func NumericIDs(id string) (Resolver, error) {
if id == "root" {
return numericIDs{0}, nil
}
if i, err := strconv.Atoi(id); err == nil {
return numericIDs{i}, nil
}
return nil, fmt.Errorf("invalid id %q", id)
}
func (n numericIDs) IDs() (int, int, error) {
return n.i, n.i, nil
}