aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/chrootuser/user.go5
-rw-r--r--pkg/chrootuser/user_linux.go32
2 files changed, 37 insertions, 0 deletions
diff --git a/pkg/chrootuser/user.go b/pkg/chrootuser/user.go
index 9be386ef9..22ba5ff8a 100644
--- a/pkg/chrootuser/user.go
+++ b/pkg/chrootuser/user.go
@@ -69,3 +69,8 @@ func GetUser(rootdir, userspec string) (uint32, uint32, error) {
}
return 0, 0, err
}
+
+// GetAdditionalGroupsForUser returns a list of gids that userid is associated with
+func GetAdditionalGroupsForUser(rootdir string, userid uint64) ([]uint32, error) {
+ return lookupAdditionalGroupsForUIDInContainer(rootdir, userid)
+}
diff --git a/pkg/chrootuser/user_linux.go b/pkg/chrootuser/user_linux.go
index 2baf9ea33..64ff7cef6 100644
--- a/pkg/chrootuser/user_linux.go
+++ b/pkg/chrootuser/user_linux.go
@@ -88,6 +88,7 @@ type lookupPasswdEntry struct {
type lookupGroupEntry struct {
name string
gid uint64
+ user string
}
func readWholeLine(rc *bufio.Reader) ([]byte, error) {
@@ -153,6 +154,7 @@ func parseNextGroup(rc *bufio.Reader) *lookupGroupEntry {
return &lookupGroupEntry{
name: fields[0],
gid: gid,
+ user: fields[3],
}
}
@@ -208,6 +210,36 @@ func lookupGroupForUIDInContainer(rootdir string, userid uint64) (username strin
return "", 0, user.UnknownUserError(fmt.Sprintf("error looking up user with UID %d", userid))
}
+func lookupAdditionalGroupsForUIDInContainer(rootdir string, userid uint64) (gid []uint32, err error) {
+ // Get the username associated with userid
+ username, _, err := lookupGroupForUIDInContainer(rootdir, userid)
+ if err != nil {
+ return nil, err
+ }
+
+ cmd, f, err := openChrootedFile(rootdir, "/etc/group")
+ if err != nil {
+ return nil, err
+ }
+ defer func() {
+ _ = cmd.Wait()
+ }()
+ rc := bufio.NewReader(f)
+ defer f.Close()
+
+ lookupGroup.Lock()
+ defer lookupGroup.Unlock()
+
+ grp := parseNextGroup(rc)
+ for grp != nil {
+ if strings.Contains(grp.user, username) {
+ gid = append(gid, uint32(grp.gid))
+ }
+ grp = parseNextGroup(rc)
+ }
+ return gid, nil
+}
+
func lookupGroupInContainer(rootdir, groupname string) (gid uint64, err error) {
cmd, f, err := openChrootedFile(rootdir, "/etc/group")
if err != nil {