From d5e692f7e7e34447b8a5444ae88dfddc117af669 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Tue, 25 Jun 2024 06:33:38 -0700 Subject: [PATCH] ipn/ipnlocal: check operator user via osuser package So non-local users (e.g. Kerberos on FreeIPA) on Linux can be looked up. Our default binaries are built with pure Go os/user which only supports the classic /etc/passwd and not any libc-hooked lookups. Updates #12601 Change-Id: I9592db89e6ca58bf972f2dcee7a35fbf44608a4f Signed-off-by: Brad Fitzpatrick --- ipn/ipnlocal/local.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 0d4a87629..4285a0c7f 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -22,7 +22,6 @@ import ( "net/url" "os" "os/exec" - "os/user" "path/filepath" "runtime" "slices" @@ -96,6 +95,7 @@ import ( "tailscale.com/util/mak" "tailscale.com/util/multierr" "tailscale.com/util/osshare" + "tailscale.com/util/osuser" "tailscale.com/util/rands" "tailscale.com/util/set" "tailscale.com/util/syspolicy" @@ -5290,7 +5290,7 @@ func (b *LocalBackend) OperatorUserID() string { if opUserName == "" { return "" } - u, err := user.Lookup(opUserName) + u, err := osuser.LookupByUsername(opUserName) if err != nil { b.logf("error looking up operator %q uid: %v", opUserName, err) return ""