diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-08-22 14:15:58 -0700 |
|---|---|---|
| committer | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-08-22 14:15:58 -0700 |
| commit | ca70b81fddb340ed5212741a773c3a4a0c4ea3e2 (patch) | |
| tree | 79b5217d061e3c25948aa063bf57545747b34534 | |
| parent | 32c9be59a2485ef44ac4b3accc2f102cf2eb5a39 (diff) | |
pam_fscrypt: Updated module to use new APIs
| -rw-r--r-- | pam_fscrypt/pam_fscrypt.go | 21 |
1 files changed, 7 insertions, 14 deletions
diff --git a/pam_fscrypt/pam_fscrypt.go b/pam_fscrypt/pam_fscrypt.go index 09e9664..ad7cfdc 100644 --- a/pam_fscrypt/pam_fscrypt.go +++ b/pam_fscrypt/pam_fscrypt.go @@ -34,9 +34,10 @@ import ( "io/ioutil" "log" "log/syslog" - "os" "unsafe" + "golang.org/x/sys/unix" + "github.com/pkg/errors" "github.com/google/fscrypt/actions" @@ -44,6 +45,7 @@ import ( "github.com/google/fscrypt/filesystem" "github.com/google/fscrypt/metadata" "github.com/google/fscrypt/pam" + "github.com/google/fscrypt/security" "github.com/google/fscrypt/util" ) @@ -101,7 +103,7 @@ func loginProtector(handle *pam.Handle) (*actions.Protector, error) { } // Find the user's PAM protector. - pamUID, err := handle.GetUID() + uid := int64(unix.Geteuid()) if err != nil { return nil, err } @@ -110,7 +112,7 @@ func loginProtector(handle *pam.Handle) (*actions.Protector, error) { return nil, err } for _, option := range options { - if option.Source() != metadata.SourceType_pam_passphrase || option.UID() != pamUID { + if option.Source() != metadata.SourceType_pam_passphrase || option.UID() != uid { continue } @@ -286,22 +288,13 @@ func pam_sm_close_session(pamh unsafe.Pointer, flags, argc C.int, argv **C.char) log.Print("locking directories in pam_sm_close_session()") for _, provisionedKey := range provisionedKeys { - if err := crypto.RemovePolicyKey(provisionedKey); err != nil { + if err := security.RemoveKey(provisionedKey); err != nil { fmt.Fprintf(errWriter, "can't remove %s: %s", provisionedKey, err) } } if args["drop_caches"] { - log.Print("dropping page caches") - // See: https://www.kernel.org/doc/Documentation/sysctl/vm.txt - f, err := os.OpenFile("/proc/sys/vm/drop_caches", os.O_WRONLY|os.O_SYNC, 0) - if err != nil { - fmt.Fprint(errWriter, err) - return C.PAM_SERVICE_ERR - } - defer f.Close() - // "3" clears slab objects and the page cache - if _, err := f.WriteString("3"); err != nil { + if err = security.DropInodeCache(); err != nil { fmt.Fprint(errWriter, err) return C.PAM_SERVICE_ERR } |