]> git.apps.os.sepia.ceph.com Git - fscrypt.git/commit
projects / fscrypt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 295c503) | patch
pam_fscrypt: filter out irrelevant policies earlier
authorEric Biggers <ebiggers@google.com>
Sat, 3 Dec 2022 06:13:01 +0000 (22:13 -0800)
committerEric Biggers <ebiggers3@gmail.com>
Sun, 4 Dec 2022 21:05:00 +0000 (13:05 -0800)
commit5373b314473b08f13372ab55b551738307a85fbd
treeb79ffbd54285e36ad1411b0f84416c2c884fc4aftree | snapshot
parent295c503a77f53b87305bba310e37cbdd9b516936commit | diff
pam_fscrypt: filter out irrelevant policies earlier

If a session is opened for a user twice and the second doesn't have the
AUTHTOK data, pam_fscrypt prints an error message that says it failed to
unlock a protector because AUTHTOK data is missing.  This is misleading
because the protector and its associated policies were already unlocked
by the first session.

To avoid this, move the check for whether the policy is provisioned or
not into policiesUsingProtector().  Also do the same for CloseSession.
pam_fscrypt/pam_fscrypt.go diff | blob | history
pam_fscrypt/run_fscrypt.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.