From d5b8bdcfba528c0c0e9f8052a705e454b26cb28f Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 27 Jan 2020 19:24:30 -0800 Subject: actions/recovery: ensure recovery passphrase is really custom_passphrase If the login protector was just created by the same 'fscrypt encrypt' command, then policy.Context.Config.Source will be pam_passphrase. This needs to be overridden to custom_passphrase when creating the protector for the recovery passphrase. This fixes the following error: fscrypt encrypt: login protectors do not need a name Resolves https://github.com/google/fscrypt/issues/187 Update https://github.com/google/fscrypt/issues/186 --- actions/recovery.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/actions/recovery.go b/actions/recovery.go index b086705..32d0030 100644 --- a/actions/recovery.go +++ b/actions/recovery.go @@ -26,8 +26,19 @@ import ( "github.com/pkg/errors" "github.com/google/fscrypt/crypto" + "github.com/google/fscrypt/metadata" ) +// modifiedContextWithSource returns a copy of ctx with the protector source +// replaced by source. +func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context { + modifiedConfig := *ctx.Config + modifiedConfig.Source = source + modifiedCtx := *ctx + modifiedCtx.Config = &modifiedConfig + return &modifiedCtx +} + // AddRecoveryPassphrase randomly generates a recovery passphrase and adds it as // a custom_passphrase protector for the given Policy. func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protector, error) { @@ -49,6 +60,7 @@ func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protec return passphrase.Clone() } var recoveryProtector *Protector + customCtx := modifiedContextWithSource(policy.Context, metadata.SourceType_custom_passphrase) seq := 1 for { // Automatically generate a name for the recovery protector. @@ -56,7 +68,7 @@ func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protec if seq != 1 { name += " (" + strconv.Itoa(seq) + ")" } - recoveryProtector, err = CreateProtector(policy.Context, name, getPassphraseFn) + recoveryProtector, err = CreateProtector(customCtx, name, getPassphraseFn) if err == nil { break } -- cgit v1.2.3