diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-01-29 18:46:57 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-29 18:46:57 -0800 |
| commit | 0f06c53388f8b020e1a0d48af2f5e334c4ec2aca (patch) | |
| tree | 16f75a173808cfffd4153adf488f86b440a099ca /actions | |
| parent | 9927ab8426e765db8de304e9f99ba5c520b5018c (diff) | |
| parent | 2d7229eb2a97c845d73a65ff9dd3368056c255a6 (diff) | |
Merge pull request #192 from ebiggers/cleanup-on-error
Clean up policies and protectors on error
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/policy.go | 23 | ||||
| -rw-r--r-- | actions/recovery.go | 1 |
2 files changed, 17 insertions, 7 deletions
diff --git a/actions/policy.go b/actions/policy.go index 41e108e..b7fe5a6 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -79,10 +79,11 @@ func PurgeAllPolicies(ctx *Context) error { // allow encrypted files to be accessed). As with the key struct, a Policy // should be wiped after use. type Policy struct { - Context *Context - data *metadata.PolicyData - key *crypto.Key - created bool + Context *Context + data *metadata.PolicyData + key *crypto.Key + created bool + newLinkedProtectors []string } // CreatePolicy creates a Policy protected by given Protector and stores the @@ -208,9 +209,13 @@ func (policy *Policy) Version() int64 { return policy.data.Options.PolicyVersion } -// Destroy removes a policy from the filesystem. The internal key should still -// be wiped with Lock(). +// Destroy removes a policy from the filesystem. It also removes any new +// protector links that were created for the policy. This does *not* wipe the +// policy's internal key from memory; use Lock() to do that. func (policy *Policy) Destroy() error { + for _, protectorDescriptor := range policy.newLinkedProtectors { + policy.Context.Mount.RemoveProtector(protectorDescriptor) + } return policy.Context.Mount.RemovePolicy(policy.Descriptor()) } @@ -315,11 +320,15 @@ func (policy *Policy) AddProtector(protector *Protector) error { // to it on the policy's filesystem. if policy.Context.Mount != protector.Context.Mount { log.Printf("policy on %s\n protector on %s\n", policy.Context.Mount, protector.Context.Mount) - err := policy.Context.Mount.AddLinkedProtector( + isNewLink, err := policy.Context.Mount.AddLinkedProtector( protector.Descriptor(), protector.Context.Mount) if err != nil { return err } + if isNewLink { + policy.newLinkedProtectors = append(policy.newLinkedProtectors, + protector.Descriptor()) + } } else { log.Printf("policy and protector both on %q", policy.Context.Mount) } diff --git a/actions/recovery.go b/actions/recovery.go index 32d0030..1c55ec5 100644 --- a/actions/recovery.go +++ b/actions/recovery.go @@ -78,6 +78,7 @@ func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protec seq++ } if err := policy.AddProtector(recoveryProtector); err != nil { + recoveryProtector.Revert() return nil, nil, err } return passphrase, recoveryProtector, nil |