mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-29 13:05:46 +00:00
ipn/ipnlocal: check operator user via osuser package
So non-local users (e.g. Kerberos on FreeIPA) on Linux can be looked up. Our default binaries are built with pure Go os/user which only supports the classic /etc/passwd and not any libc-hooked lookups. Updates #12601 Change-Id: I9592db89e6ca58bf972f2dcee7a35fbf44608a4f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
parent
94415e8029
commit
d5e692f7e7
@ -22,7 +22,6 @@
|
|||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"os/user"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"runtime"
|
"runtime"
|
||||||
"slices"
|
"slices"
|
||||||
@ -96,6 +95,7 @@
|
|||||||
"tailscale.com/util/mak"
|
"tailscale.com/util/mak"
|
||||||
"tailscale.com/util/multierr"
|
"tailscale.com/util/multierr"
|
||||||
"tailscale.com/util/osshare"
|
"tailscale.com/util/osshare"
|
||||||
|
"tailscale.com/util/osuser"
|
||||||
"tailscale.com/util/rands"
|
"tailscale.com/util/rands"
|
||||||
"tailscale.com/util/set"
|
"tailscale.com/util/set"
|
||||||
"tailscale.com/util/syspolicy"
|
"tailscale.com/util/syspolicy"
|
||||||
@ -5290,7 +5290,7 @@ func (b *LocalBackend) OperatorUserID() string {
|
|||||||
if opUserName == "" {
|
if opUserName == "" {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
u, err := user.Lookup(opUserName)
|
u, err := osuser.LookupByUsername(opUserName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
b.logf("error looking up operator %q uid: %v", opUserName, err)
|
b.logf("error looking up operator %q uid: %v", opUserName, err)
|
||||||
return ""
|
return ""
|
||||||
|
Loading…
Reference in New Issue
Block a user