From fb88d74f0335cdf8218bb8dfbaa03f23773318cf Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 9 May 2020 14:52:07 -0700 Subject: keyring: improve errors ErrAccessUserKeyring: Include the user, and fix the backwards wrapping. ErrSessionUserKeyring: Include the user. ErrKeyAdd: ErrKeyRemove: ErrKeySearch: ErrLinkUserKeyring: Replace these with one-off unnamed errors because they are never checked for, and this makes it easier for the callers to provide better messages, e.g. fixing the backwards wrapping. --- keyring/fs_keyring.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'keyring/fs_keyring.go') diff --git a/keyring/fs_keyring.go b/keyring/fs_keyring.go index 262e0e5..9b949b9 100644 --- a/keyring/fs_keyring.go +++ b/keyring/fs_keyring.go @@ -203,7 +203,9 @@ func fsAddEncryptionKey(key *crypto.Key, descriptor string, log.Printf("FS_IOC_ADD_ENCRYPTION_KEY(%q, %s, ) = %v", mount.Path, descriptor, errno) if errno != 0 { - return errors.Wrap(ErrKeyAdd, errno.Error()) + return errors.Wrapf(errno, + "error adding key with descriptor %s to filesystem %s", + descriptor, mount.Path) } if descriptor, err = validateKeyDescriptor(&arg.Key_spec, descriptor); err != nil { fsRemoveEncryptionKey(descriptor, mount, user) @@ -266,7 +268,9 @@ func fsRemoveEncryptionKey(descriptor string, mount *filesystem.Mount, } return ErrKeyNotPresent default: - return errors.Wrap(ErrKeyRemove, errno.Error()) + return errors.Wrapf(errno, + "error removing key with descriptor %s from filesystem %s", + descriptor, mount.Path) } } @@ -298,7 +302,10 @@ func fsGetEncryptionKeyStatus(descriptor string, mount *filesystem.Mount, log.Printf("FS_IOC_GET_ENCRYPTION_KEY_STATUS(%q, %s) = %v, status=%d, status_flags=0x%x", mount.Path, descriptor, errno, arg.Status, arg.Status_flags) if errno != 0 { - return KeyStatusUnknown, errors.Wrap(ErrKeySearch, errno.Error()) + return KeyStatusUnknown, + errors.Wrapf(errno, + "error getting status of key with descriptor %s on filesystem %s", + descriptor, mount.Path) } switch arg.Status { case unix.FSCRYPT_KEY_STATUS_ABSENT: @@ -313,6 +320,7 @@ func fsGetEncryptionKeyStatus(descriptor string, mount *filesystem.Mount, return KeyAbsentButFilesBusy, nil default: return KeyStatusUnknown, - errors.Wrapf(ErrKeySearch, "unknown key status (%d)", arg.Status) + errors.Errorf("unknown key status (%d) for key with descriptor %s on filesystem %s", + arg.Status, descriptor, mount.Path) } } -- cgit v1.2.3