diff options
Diffstat (limited to 'src/home/homework-password-cache.c')
-rw-r--r-- | src/home/homework-password-cache.c | 42 |
1 files changed, 17 insertions, 25 deletions
diff --git a/src/home/homework-password-cache.c b/src/home/homework-password-cache.c index 00a0f69..b8202ef 100644 --- a/src/home/homework-password-cache.c +++ b/src/home/homework-password-cache.c @@ -9,49 +9,41 @@ void password_cache_free(PasswordCache *cache) { if (!cache) return; + cache->volume_key = erase_and_free(cache->volume_key); cache->pkcs11_passwords = strv_free_erase(cache->pkcs11_passwords); cache->fido2_passwords = strv_free_erase(cache->fido2_passwords); - cache->keyring_passswords = strv_free_erase(cache->keyring_passswords); } void password_cache_load_keyring(UserRecord *h, PasswordCache *cache) { - _cleanup_(erase_and_freep) void *p = NULL; _cleanup_free_ char *name = NULL; - char **strv; + _cleanup_(erase_and_freep) void *vk = NULL; + size_t vks; key_serial_t serial; - size_t sz; int r; assert(h); assert(cache); - /* Loads the password we need to for automatic resizing from the kernel keyring */ - name = strjoin("homework-user-", h->user_name); if (!name) return (void) log_oom(); serial = request_key("user", name, NULL, 0); - if (serial == -1) - return (void) log_debug_errno(errno, "Failed to request key '%s', ignoring: %m", name); - - r = keyring_read(serial, &p, &sz); + if (serial == -1) { + if (errno == ENOKEY) { + log_info("Home volume key is not available in kernel keyring."); + return; + } + return (void) log_warning_errno(errno, "Failed to request key '%s', ignoring: %m", name); + } + + r = keyring_read(serial, &vk, &vks); if (r < 0) - return (void) log_debug_errno(r, "Failed to read keyring key '%s', ignoring: %m", name); - - if (memchr(p, 0, sz)) - return (void) log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Cached password contains embedded NUL byte, ignoring."); - - strv = new(char*, 2); - if (!strv) - return (void) log_oom(); - - strv[0] = TAKE_PTR(p); /* Note that keyring_read() will NUL terminate implicitly, hence we don't have - * to NUL terminate manually here: it's a valid string. */ - strv[1] = NULL; + return (void) log_warning_errno(r, "Failed to read keyring key '%s', ignoring: %m", name); - strv_free_erase(cache->keyring_passswords); - cache->keyring_passswords = strv; + log_info("Successfully acquired home volume key from kernel keyring."); - log_debug("Successfully acquired home key from kernel keyring."); + erase_and_free(cache->volume_key); + cache->volume_key = TAKE_PTR(vk); + cache->volume_key_size = vks; } |