summaryrefslogtreecommitdiffstats
path: root/src/home/homework-password-cache.c
blob: 00a0f69bc91fe37c065da932529623d34afaff23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include "homework-password-cache.h"
#include "keyring-util.h"
#include "missing_syscall.h"
#include "user-record.h"

void password_cache_free(PasswordCache *cache) {
        if (!cache)
                return;

        cache->pkcs11_passwords = strv_free_erase(cache->pkcs11_passwords);
        cache->fido2_passwords = strv_free_erase(cache->fido2_passwords);
        cache->keyring_passswords = strv_free_erase(cache->keyring_passswords);
}

void password_cache_load_keyring(UserRecord *h, PasswordCache *cache) {
        _cleanup_(erase_and_freep) void *p = NULL;
        _cleanup_free_ char *name = NULL;
        char **strv;
        key_serial_t serial;
        size_t sz;
        int r;

        assert(h);
        assert(cache);

        /* Loads the password we need to for automatic resizing from the kernel keyring */

        name = strjoin("homework-user-", h->user_name);
        if (!name)
                return (void) log_oom();

        serial = request_key("user", name, NULL, 0);
        if (serial == -1)
                return (void) log_debug_errno(errno, "Failed to request key '%s', ignoring: %m", name);

        r = keyring_read(serial, &p, &sz);
        if (r < 0)
                return (void) log_debug_errno(r, "Failed to read keyring key '%s', ignoring: %m", name);

        if (memchr(p, 0, sz))
                return (void) log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Cached password contains embedded NUL byte, ignoring.");

        strv = new(char*, 2);
        if (!strv)
                return (void) log_oom();

        strv[0] = TAKE_PTR(p); /* Note that keyring_read() will NUL terminate implicitly, hence we don't have
                                * to NUL terminate manually here: it's a valid string. */
        strv[1] = NULL;

        strv_free_erase(cache->keyring_passswords);
        cache->keyring_passswords = strv;

        log_debug("Successfully acquired home key from kernel keyring.");
}