Major refactoring

2026-03-04 18:28:52 +01:00
parent 2cbab1a0a2
commit 45495f4b47
21 changed files with 885 additions and 15 deletions
--- a/internal/util.go
+++ b/internal/util.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"io/fs"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -224,12 +225,12 @@ func LinkFile(source, target, domain, extension string) error {
 	}
 	if linkInfo.IsDir() {
 		target = filepath.Join(target, domain+extension)
+		err = os.Symlink(source, target)
+		if err != nil {
+			return err
+		}
 	}

-	err = os.Symlink(source, target)
-	if err != nil {
-		return err
-	}
 	return nil
 }

@@ -295,3 +296,64 @@ func ChownRecursive(path string, uid, gid int) error {
 		return os.Chown(name, uid, gid)
 	})
 }
+
+func LookupGID(group string) (int, error) {
+	g, err := user.LookupGroup(group)
+	if err != nil {
+		return 0, err
+	}
+	return strconv.Atoi(g.Gid)
+}
+
+// MakeCredential resolves username/groupname to uid/gid for syscall.Credential.
+// Note: actually *using* different credentials typically requires the server
+// process to have appropriate privileges (often root).
+func MakeCredential(username, groupname string) (*syscall.Credential, error) {
+	var uid, gid uint32
+	var haveUID, haveGID bool
+
+	if username != "" {
+		u, err := user.Lookup(username)
+		if err != nil {
+			return nil, fmt.Errorf("unknown user")
+		}
+		parsed, err := strconv.ParseUint(u.Uid, 10, 32)
+		if err != nil {
+			return nil, fmt.Errorf("bad uid")
+		}
+		uid = uint32(parsed)
+		haveUID = true
+
+		// If group not explicitly provided, default to user's primary group.
+		if groupname == "" && u.Gid != "" {
+			parsedG, err := strconv.ParseUint(u.Gid, 10, 32)
+			if err == nil {
+				gid = uint32(parsedG)
+				haveGID = true
+			}
+		}
+	}
+
+	if groupname != "" {
+		g, err := user.LookupGroup(groupname)
+		if err != nil {
+			return nil, fmt.Errorf("unknown group")
+		}
+		parsed, err := strconv.ParseUint(g.Gid, 10, 32)
+		if err != nil {
+			return nil, fmt.Errorf("bad gid")
+		}
+		gid = uint32(parsed)
+		haveGID = true
+	}
+
+	// If only group was provided, keep current uid.
+	if !haveUID {
+		uid = uint32(os.Getuid())
+	}
+	if !haveGID {
+		gid = uint32(os.Getgid())
+	}
+
+	return &syscall.Credential{Uid: uid, Gid: gid}, nil
+}