Add keyring package

In preparation for introducing support for the new filesystem-level keyrings, move the existing user keyring management code from security/keyring.go and crypto/crypto.go into a new package, 'keyring'. This package provides functions AddEncryptionKey, RemoveEncryptionKey, and GetEncryptionKeyStatus which delegate to either the filesystem keyring (added by a later patch) or to the user keyring. This provides a common interface to both types of keyrings, to the extent possible.
author: Eric Biggers <ebiggers@google.com> 2019-12-15 19:31:39 -0800
committer: Eric Biggers <ebiggers@google.com> 2020-01-05 10:02:13 -0800
commit: 462d166d5355d33a05271d24de4d52f30dd62f67 (patch)
tree: 9bf53558105694002d442e0d997a9bb2b95140e2 /pam
parent: 80654f23ebfd552277ed217a2c5e1d0bb1374189 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/pam/pam.go b/pam/pam.go
index c48dd13..ece6bda 100644
--- a/pam/pam.go
+++ b/pam/pam.go
@@ -34,6 +34,7 @@ import (
 	"os/user"
 	"unsafe"
 
+	"github.com/google/fscrypt/keyring"
 	"github.com/google/fscrypt/security"
 )
 
@@ -130,7 +131,7 @@ func (h *Handle) GetItem(i Item) (unsafe.Pointer, error) {
 // StartAsPamUser sets the effective privileges to that of the PAM user, and
 // configures the PAM user's keyrings to be properly linked.
 func (h *Handle) StartAsPamUser() error {
-	if _, err := security.UserKeyringID(h.PamUser, true); err != nil {
+	if _, err := keyring.UserKeyringID(h.PamUser, true); err != nil {
 		log.Printf("Setting up keyrings in PAM: %v", err)
 	}
 	userPrivs, err := security.UserPrivileges(h.PamUser)
author	Eric Biggers <ebiggers@google.com>	2019-12-15 19:31:39 -0800
committer	Eric Biggers <ebiggers@google.com>	2020-01-05 10:02:13 -0800
commit	462d166d5355d33a05271d24de4d52f30dd62f67 (patch)
tree	9bf53558105694002d442e0d997a9bb2b95140e2 /pam
parent	80654f23ebfd552277ed217a2c5e1d0bb1374189 (diff)