buildah/user.go

package buildah

import (
	"fmt"
	"os/user"
	"strconv"
	"strings"

	"github.com/opencontainers/runtime-spec/specs-go"
)

func getUser(rootdir, userspec string) (specs.User, error) {
	var gid64 uint64
	var gerr error = user.UnknownGroupError("error looking up group")

	spec := strings.SplitN(userspec, ":", 2)
	userspec = spec[0]
	groupspec := ""
	if userspec == "" {
		return specs.User{}, nil
	}
	if len(spec) > 1 {
		groupspec = spec[1]
	}

	uid64, uerr := strconv.ParseUint(userspec, 10, 32)
	if uerr == nil && groupspec == "" {
		// We parsed the user name as a number, and there's no group
		// component, so we need to look up the user's primary GID.
		name := ""
		name, gid64, gerr = lookupGroupForUIDInContainer(rootdir, uid64)
		if gerr == nil {
			userspec = name
		} else {
			if userrec, err := user.LookupId(userspec); err == nil {
				gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)
				userspec = userrec.Name
			}
		}
	}
	if uerr != nil {
		uid64, gid64, uerr = lookupUserInContainer(rootdir, userspec)
		gerr = uerr
	}
	if uerr != nil {
		if userrec, err := user.Lookup(userspec); err == nil {
			uid64, uerr = strconv.ParseUint(userrec.Uid, 10, 32)
			gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)
		}
	}

	if groupspec != "" {
		gid64, gerr = strconv.ParseUint(groupspec, 10, 32)
		if gerr != nil {
			gid64, gerr = lookupGroupInContainer(rootdir, groupspec)
		}
		if gerr != nil {
			if group, err := user.LookupGroup(groupspec); err == nil {
				gid64, gerr = strconv.ParseUint(group.Gid, 10, 32)
			}
		}
	}

	if uerr == nil && gerr == nil {
		u := specs.User{
			UID:      uint32(uid64),
			GID:      uint32(gid64),
			Username: userspec,
		}
		return u, nil
	}

	err := fmt.Errorf("%v determining run uid", uerr)
	if uerr == nil {
		err = fmt.Errorf("%v determining run gid", gerr)
	}
	return specs.User{}, err
}
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`package buildah`

			`import (`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`"fmt"`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`"os/user"`
			`"strconv"`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`"strings"`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00
			`"github.com/opencontainers/runtime-spec/specs-go"`
			`)`

Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`func getUser(rootdir, userspec string) (specs.User, error) {`
			`var gid64 uint64`
			`var gerr error = user.UnknownGroupError("error looking up group")`

			`spec := strings.SplitN(userspec, ":", 2)`
			`userspec = spec[0]`
			`groupspec := ""`
			`if userspec == "" {`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`return specs.User{}, nil`
			`}`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`if len(spec) > 1 {`
			`groupspec = spec[1]`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`}`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00
			`uid64, uerr := strconv.ParseUint(userspec, 10, 32)`
			`if uerr == nil && groupspec == "" {`
			`// We parsed the user name as a number, and there's no group`
			`// component, so we need to look up the user's primary GID.`
			`name := ""`
			`name, gid64, gerr = lookupGroupForUIDInContainer(rootdir, uid64)`
			`if gerr == nil {`
			`userspec = name`
			`} else {`
			`if userrec, err := user.LookupId(userspec); err == nil {`
			`gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)`
			`userspec = userrec.Name`
			`}`
			`}`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`}`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`if uerr != nil {`
			`uid64, gid64, uerr = lookupUserInContainer(rootdir, userspec)`
			`gerr = uerr`
			`}`
			`if uerr != nil {`
			`if userrec, err := user.Lookup(userspec); err == nil {`
			`uid64, uerr = strconv.ParseUint(userrec.Uid, 10, 32)`
			`gid64, gerr = strconv.ParseUint(userrec.Gid, 10, 32)`
			`}`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`}`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00
			`if groupspec != "" {`
			`gid64, gerr = strconv.ParseUint(groupspec, 10, 32)`
			`if gerr != nil {`
			`gid64, gerr = lookupGroupInContainer(rootdir, groupspec)`
			`}`
			`if gerr != nil {`
			`if group, err := user.LookupGroup(groupspec); err == nil {`
			`gid64, gerr = strconv.ParseUint(group.Gid, 10, 32)`
			`}`
			`}`
			`}`

			`if uerr == nil && gerr == nil {`
			`u := specs.User{`
			`UID: uint32(uid64),`
			`GID: uint32(gid64),`
			`Username: userspec,`
			`}`
			`return u, nil`
			`}`

			`err := fmt.Errorf("%v determining run uid", uerr)`
			`if uerr == nil {`
			`err = fmt.Errorf("%v determining run gid", gerr)`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`}`
Teach "Run" to dig user IDs out of containers When we have cgo, use fgetpwent() to try to look up user IDs and primary GIDs in containers. If that fails for any reason (or if we don't have cgo), fall back to doing what we were doing before (i.e., trying to look up the information on the host). Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #63 Approved by: rhatdan 2017-04-05 05:31:02 +08:00			`return specs.User{}, err`
Add a "run" command, using runc Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> 2017-02-14 05:12:02 +08:00			`}`