diff options
| author | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-06-21 09:52:40 -0700 |
|---|---|---|
| committer | Joe Richey joerichey@google.com <joerichey@google.com> | 2017-06-28 14:06:52 -0700 |
| commit | 77b226a90ef70b77ca556830528c013a23b01e57 (patch) | |
| tree | b351dbb427ed62550f2440b8d56249bdcbbca96a /pam/login.go | |
| parent | 07341f3966675e4875f8cad3c8d86ae502de6d4d (diff) | |
Change error handling to new package
This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.
This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
* filesystem.AllFilesystems() now returns all the filesystems in
sorted order
* certain path methods are now public
O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.
Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0
Diffstat (limited to 'pam/login.go')
| -rw-r--r-- | pam/login.go | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/pam/login.go b/pam/login.go index 63041de..d80d719 100644 --- a/pam/login.go +++ b/pam/login.go @@ -31,11 +31,12 @@ package pam import "C" import ( - "fmt" "log" "sync" "unsafe" + "github.com/pkg/errors" + "fscrypt/crypto" "fscrypt/util" ) @@ -43,8 +44,9 @@ import ( // Global state is needed for the PAM callback, so we guard this function with a // lock. tokenToCheck is only ever non-nil when loginLock is held. var ( - loginLock sync.Mutex - tokenToCheck *crypto.Key + ErrPamInternal = util.SystemError("internal pam error") + loginLock sync.Mutex + tokenToCheck *crypto.Key ) // unexpectedMessage logs an error encountered in the PAM callback. @@ -95,14 +97,14 @@ func IsUserLoginToken(username string, token *crypto.Key) (_ bool, err error) { // Start the pam transaction with the desired conversation and handle. returnCode := C.pam_start(C.fscrypt_service, cUsername, &conv, &handle) if returnCode != C.PAM_SUCCESS { - return false, util.SystemError(fmt.Sprintf("pam_start returned %d", returnCode)) + return false, errors.Wrapf(ErrPamInternal, "pam_start() = %d", returnCode) } defer func() { // End the PAM transaction, setting the error if appropriate. returnCode = C.pam_end(handle, returnCode) if returnCode != C.PAM_SUCCESS && err == nil { - err = util.SystemError(fmt.Sprintf("pam_end returned %d", returnCode)) + err = errors.Wrapf(ErrPamInternal, "pam_end() = %d", returnCode) } }() @@ -115,6 +117,6 @@ func IsUserLoginToken(username string, token *crypto.Key) (_ bool, err error) { return false, nil default: // PAM didn't give us an answer to the authentication question - return false, util.SystemError(fmt.Sprintf("pam_authenticate returned %d", returnCode)) + return false, errors.Wrapf(ErrPamInternal, "pam_authenticate() = %d", returnCode) } } |