| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
The commit reorganizes the Makefile, so that "make check" can run on
each PR to detect any errors.
|
|
Add PAM package
|
|
The commit changes how we get the username representation, and uses the
new pam API for checking the proposed login token.
|
|
|
|
This commit provides a Go interface to the PAM functions.
|
|
This commit adds in a C implementation for the pam_conv we will use in
login.go as well as adding three CleanupFuncs that will be used with
pam_set_data(). It also adds copyInfoSecret() which should be paired
with freeSecret().
|
|
|
|
Code pulled from github.com/msteinert/pam
|
|
|
|
Refactor ReadLine functions
|
|
|
|
|
|
Separate encryption support from metadata support
|
|
Now that we can distinguish between lacking encryption support and
lacking fscrypt metadata, "fscrypt status" can now display this
additional information.
|
|
Almost all actions only need to to check that the fscrypt metadata
exists (this is handled by the Mount methods). Only "fscrypt encrypt"
need to be sure the filesystem also supports encryption, so this check
is added.
|
|
This commit splits two pieces of functionality. Detecting if the fscrypt
metadata exists is now in CheckSetup() and checking if the filesystem
supports encryption is now in CheckSupport().
|
|
Polices can now be directly unlocked with Protectors
|
|
|
|
In addition to using callbacks, unlocked Protectors can now directly
unlock a policy. The error codes are updated to make more sense.
|
|
Use Description when placing keys in the keyring
|
|
|
|
Instead of using the service+descriptor parameters (which are always
combined in the same way), use a single description parameter.
|
|
Bug fixing for "fscrypt encrypt"
|
|
Protectors are only reverted if they were created, and Policies are only
depovisioned on failure.
|
|
During an earlier commit the vendor directory was self-referencing
various "fscrypt/<pkg>" packages. This no longer occurs.
|
|
Version now uses git tags and releases
|
|
|
|
|
|
Cleanup README.md
|
|
|
|
Some of the documentation was misspelled or incorrectly formatted.
|
|
This commit changes all the internal import paths from `fscrypt/foo` to
`github.com/google/fscrypt/foo` so that it can be built once we release
externaly. The documentation in README.md is updated accordingly.
Also, the README has a note noting that we do not make any guarantees
about project stability before 1.0 (when it ships with Ubuntu).
Change-Id: I6ba86e442c74057c8a06ba32a42e17f94833e280
|
|
This commit updates the README and Makefile to get them ready for
external release. This includes adding some common pitfalls, including
example usage, and allowing for tarball creation.
Change-Id: I442338c7aff613a14bae449dbf091bfcaf73ed9d
|
|
This commit adds in the "fscrypt metadata add-protector-to-policy" and
the "fscrypt metadata remove-protector-from-policy" subcommands. These
commands allow for the creating of policies protected by multiple
protectors.
Change-Id: Id7e6c057448d15757c838a82d487a1b9806f585d
|
|
This command adds in the "fscrypt metadata" command. This command allows
advanced users to manipulate the metadata directly instead of just
creating a policy or protector as an option when encrypting a directory.
As some of these methods will require certain flags, error handling for
this case is also added. As the change passphrase method must indicate
when a old vs new password is necessary, additional KeyFuncs are added
which add this indicator.
Change-Id: Ibc92872088fae078df3c0eebd4f0cfcb7252d781
|
|
This commit adds in the status command, which has 2 functions, allowing
the user to query the state of the entire system or a specific
filesystem.
This commit also adds in the purge command to remove all policy keys
corresponding to a filesystem. This (along with getting the unlock
status for the status commands) uses additional keyctl functionality in
the crypto and actions packages.
Change-Id: Ic8e097b335c044c0b91973eff19753f363f4525d
|
|
This commit adds in the framework for adding commands and subcommands to
the fscrypt tool. This commit adds in the "setup", "encrypt", and
"unlock" commands. Additional information can be found by running:
fscrypt <command> --help.
This commit defines how flags are parsed and errors are handled. It also
creates an extensible framework for prompting the user for information.
Change-Id: I159d7f44ee2b2bbc5e072f0802850e082d9a13ce
|
|
This commit changes the error handling for the actions package to use
the error handling library github.com/pkg/errors. This means replacing
"errors" with "github.com/pkg/errors", reworking some of the error
values, and wrapping some errors with additional context.
This commit also changes the Protector/Policy API, moving most of the
package functionality into Protector or Policy methods. These types are
now "locked" when they are queried from the filesystem, and Unlock()
must be used to get their corresponding keys. Note that only certain
operations will require unlocking the keys. Certain unnecessary
functions and methods are also removed.
This CL also fixes two bugs reported by Tyler Hicks in CreateConfigFile.
CPU time is used instead of wall time, and kiB is used instead of kB.
Change-Id: I88f45659e9fe4938d148843e3289e7b6d5b698d8
|
|
This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.
This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
* filesystem.AllFilesystems() now returns all the filesystems in
sorted order
* certain path methods are now public
O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.
Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0
|
|
This commit adds in the github.com/pkg/errors package for handling
errors. This allows us to continue to add context to our errors as they
move up the call stack, but still be able to switch on their root cause.
Change-Id: I6fd55f184318ea1e28c93a84444a2627bff03682
|
|
This commit makes the callbacks for getting keys easier to understand.
Functions which need keys now take a KeyFunc callback. This callback
contains a ProtectorInfo parameter (basically a read-only version of
metadata.ProtectorData) and a boolean which indicates if the call is
being retried. The documentation is also updated to say which functions
will retry the KeyFunc.
For selecting a protector, there is now an OptionFunc callback which
takes a slice of ProtectorOptions. A ProtectorOption is a ProtectorInfo
along with additional information about a linked filesystem (if
applicable).
This commit also adds in methods for getting the protector options for a
specific filesystem or policy. It also adds a function for getting the
policy descriptor for a specific path.
Change-Id: I41e0d94ffd44e7166b0c5cf1b5d18437960bdf90
|
|
This commit updates the vendored x/sys/unix to the current version. This
means that our vendored version of x/sys/unix no longer contains custom
patches. A few changes are needed in InsertPolicyKey() as the final API
differed slightly from our patches.
Change-Id: Ifff31c04e708f9dc4395ab5bfcc94e42fb46dea5
|
|
This commit adds in the FindPolicyKey and RemovePolicyKey functions to
complement the InsertPolicyKey function. The existing functions were
also refactored slightly.
Change-Id: Iabd275f2186a9e3023d5efd44c772966123e3657
|
|
As new encryption modes are being added to the kernel that use 128 bit
keys (see https://patchwork.kernel.org/patch/9741913), we will need the
encryption modes to be more descriptive.
This change breaks backwards compatibility for the protobuf, but that's
fine because we have not released yet.
Change-Id: Ifb58d3d5a42db491f1e5393c12f3d260d9a091de
|
|
Instead of checking if the filesystem type is correct, we now detect if
a filesystem supports encryption by trying to read a policy on its root
directory. The error returned tells us if there is support or not.
This commit also fixes a bug in the use libblkid. Throughout all of
fscrypt, cannonicalizePath() is used before any path comparison or
lookup. However, the canonical device path in the blkid cache may differ
from our idea of a canonical path. Additional blkid functions are needed
to perform the necessary translation. This is noted in the documentation
of makeLink().
Finally, this commit makes a few API changes. AllSupporedFilesystems()
now returns an error, and a GetProtector() method now replaces the
GetLinkedProtector() and GetEitherProtector() methods. A PathSorter has
also been added so Mounts can be sorted in a reliable order.
Change-Id: I664f46fafd1483ebecb743c061b03d708b3233a4
|
|
This commit adds in the fscrypt/pam package. This package will hold all
functionality related to Linux Pluggable Authentication Modules (PAM).
Right now this package uses cgo to mock a PAM conversation, allowing the
function to check if a provided passphrase actually belongs to a user.
Due to the nature of cgo callbacks, global state of the key to check is
necessary for this function. This commit also addresses some issues
about building the cgo components. Now, only the minimal linking flags
are included in the go files. Additional linker flags may now be
necessary to build a static binary of fscrypt. This is addressed in the
Makefile and README.
Finally, this commit fixes a bug where the tests would not run correctly
due to shared global state on the testing filesystem. Fixed, by having
all the tests run sequentially.
Change-Id: Ia43636801da984b505d2f43dd14127b7cfbf2c48
|
|
crypto/ssh/terminal gets us information about the terminal, such as
its dimensions and state. It also allows us to manipulate the terminal.
For example, we can put the terminal in raw mode when a passphrase needs
to be entered.
This commit also add the github.com/urfave/cli package which we will use
to write the command line tool component of fscrypt. This tool allows
for us to easily use commands and subcommands.
Note that this is actually the upstream repository with two PRs applied:
https://github.com/urfave/cli/pull/629
https://github.com/urfave/cli/pull/630
They fix bugs in the handling of custom usage errors.
Change-Id: I2d3ba967b1bce8f73440e3a06df4eaba7ab96c19
|
