diff options
| -rw-r--r-- | .gitignore | 4 | ||||
| -rw-r--r-- | actions/policy.go | 8 | ||||
| -rw-r--r-- | crypto/key.go | 1 | ||||
| -rw-r--r-- | pam/login.go | 4 |
4 files changed, 12 insertions, 5 deletions
@@ -1,2 +1,4 @@ -/fscrypt +fscrypt +fscrypt.* fscrypt_image +pam_fscrypt.so diff --git a/actions/policy.go b/actions/policy.go index bf1f593..461f8cc 100644 --- a/actions/policy.go +++ b/actions/policy.go @@ -278,13 +278,19 @@ func (policy *Policy) Lock() error { return err } +// UsesProtector returns if the policy is protected with the protector +func (policy *Policy) UsesProtector(protector *Protector) bool { + _, ok := policy.findWrappedKeyIndex(protector.Descriptor()) + return ok +} + // AddProtector updates the data that is wrapping the Policy Key so that the // provided Protector is now protecting the specified Policy. If an error is // returned, no data has been changed. If the policy and protector are on // different filesystems, a link will be created between them. The policy and // protector must both be unlocked. func (policy *Policy) AddProtector(protector *Protector) error { - if _, ok := policy.findWrappedKeyIndex(protector.Descriptor()); ok { + if policy.UsesProtector(protector) { return ErrAlreadyProtected } if policy.key == nil || protector.key == nil { diff --git a/crypto/key.go b/crypto/key.go index 656e6dc..497a0ef 100644 --- a/crypto/key.go +++ b/crypto/key.go @@ -175,7 +175,6 @@ func (key *Key) resize(requestedSize int) (*Key, error) { // string allocated by C. Note that this method is unsafe as this C copy has no // locking or wiping functionality. The key shouldn't contain any `\0` bytes. func (key *Key) UnsafeToCString() unsafe.Pointer { - // Memory for the key must be moved into a C string allocated by C. size := C.size_t(key.Len()) data := C.calloc(size+1, 1) C.memcpy(data, util.Ptr(key.data), size) diff --git a/pam/login.go b/pam/login.go index e89ee01..346edd4 100644 --- a/pam/login.go +++ b/pam/login.go @@ -38,7 +38,7 @@ import ( // Pam error values var ( - ErrPAMPassphrase = errors.New("incorrect login passphrase") + ErrPassphrase = errors.New("incorrect login passphrase") ) // Global state is needed for the PAM callback, so we guard this function with a @@ -107,7 +107,7 @@ func IsUserLoginToken(username string, token *crypto.Key, quiet bool) error { } if !authenticated { - return ErrPAMPassphrase + return ErrPassphrase } return nil } |