Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mountpoint_test: skip TestLoadSourceDevice if loop0 doesn't exist #384

Merged
merged 3 commits into from
Sep 9, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions actions/context.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@
// All of the actions include a significant amount of logging, so that good
// output can be provided for cmd/fscrypt's verbose mode.
// The top-level actions currently include:
// - Creating a new config file
// - Creating a context on which to perform actions
// - Creating, unlocking, and modifying Protectors
// - Creating, unlocking, and modifying Policies
// - Creating a new config file
// - Creating a context on which to perform actions
// - Creating, unlocking, and modifying Protectors
// - Creating, unlocking, and modifying Policies
package actions

import (
Expand Down
13 changes: 7 additions & 6 deletions cmd/fscrypt/format.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,8 +82,10 @@ type prettyFlag interface {
}

// How a flag should appear on the command line. We have two formats:
// --name
// --name=ARG_NAME
//
// --name
// --name=ARG_NAME
//
// The ARG_NAME appears if the prettyFlag's GetArgName() method returns a
// non-empty string. The returned string from shortDisplay() does not include
// any leading or trailing whitespace.
Expand All @@ -96,13 +98,12 @@ func shortDisplay(f prettyFlag) string {

// How our flags should appear when displaying their usage. An example would be:
//
// --help Prints help screen for commands and subcommands.
// --help Prints help screen for commands and subcommands.
//
// If a default is specified, then it is appended to the usage. Example:
//
// --time=TIME Calibrate passphrase hashing to take the
// specified amount of TIME (default: 1s)
//
// --time=TIME Calibrate passphrase hashing to take the
// specified amount of TIME (default: 1s)
func longDisplay(f prettyFlag, defaultString ...string) string {
usage := f.GetUsage()
if len(defaultString) > 0 {
Expand Down
22 changes: 11 additions & 11 deletions crypto/crypto.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,17 @@
*/

// Package crypto manages all the cryptography for fscrypt. This includes:
// - Key management (key.go)
// - Securely holding keys in memory
// - Making recovery keys
// - Randomness (rand.go)
// - Cryptographic algorithms (crypto.go)
// - encryption (AES256-CTR)
// - authentication (SHA256-based HMAC)
// - key stretching (SHA256-based HKDF)
// - key wrapping/unwrapping (Encrypt then MAC)
// - passphrase-based key derivation (Argon2id)
// - key descriptor computation (double SHA512, or HKDF-SHA512)
// 1. Key management (key.go)
// - Securely holding keys in memory
// - Making recovery keys
// 2. Randomness (rand.go)
// 3. Cryptographic algorithms (crypto.go)
// - encryption (AES256-CTR)
// - authentication (SHA256-based HMAC)
// - key stretching (SHA256-based HKDF)
// - key wrapping/unwrapping (Encrypt then MAC)
// - passphrase-based key derivation (Argon2id)
// - key descriptor computation (double SHA512, or HKDF-SHA512)
package crypto

import (
Expand Down
4 changes: 3 additions & 1 deletion crypto/crypto_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ func fakePassphraseKey() (*Key, error) {

// Values for test cases pulled from argon2 command line tool.
// To generate run:
// echo "password" | argon2 "aaaaaaaaaaaaaaaa" -id -t <t> -m <m> -p <p> -l 32
//
// echo "password" | argon2 "aaaaaaaaaaaaaaaa" -id -t <t> -m <m> -p <p> -l 32
//
// where costs.Time = <t>, costs.Memory = 2^<m>, and costs.Parallelism = <p>.
type hashTestCase struct {
costs *metadata.HashingCosts
Expand Down
3 changes: 2 additions & 1 deletion crypto/rand.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ import (
// the operating system has insufficient randomness, the buffer creation will
// fail. This is an improvement over Go's built-in crypto/rand which will still
// return bytes if the system has insufficiency entropy.
// See: https://github.com/golang/go/issues/19274
//
// See: https://github.com/golang/go/issues/19274
//
// While this syscall was only introduced in Kernel v3.17, it predates the
// introduction of filesystem encryption, so it introduces no additional
Expand Down
38 changes: 20 additions & 18 deletions filesystem/filesystem.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@

// Package filesystem deals with the structure of the files on disk used to
// store the metadata for fscrypt. Specifically, this package includes:
// - mountpoint management (mountpoint.go)
// - querying existing mounted filesystems
// - getting filesystems from a UUID
// - finding the filesystem for a specific path
// - metadata organization (filesystem.go)
// - setting up a mounted filesystem for use with fscrypt
// - adding/querying/deleting metadata
// - making links to other filesystems' metadata
// - following links to get data from other filesystems
// 1. mountpoint management (mountpoint.go)
// - querying existing mounted filesystems
// - getting filesystems from a UUID
// - finding the filesystem for a specific path
// 2. metadata organization (filesystem.go)
// - setting up a mounted filesystem for use with fscrypt
// - adding/querying/deleting metadata
// - making links to other filesystems' metadata
// - following links to get data from other filesystems
package filesystem

import (
Expand Down Expand Up @@ -195,6 +195,7 @@ func (err *ErrProtectorNotFound) Error() string {
var SortDescriptorsByLastMtime = false

// Mount contains information for a specific mounted filesystem.
//
// Path - Absolute path where the directory is mounted
// FilesystemType - Type of the mounted filesystem, e.g. "ext4"
// Device - Device for filesystem (empty string if we cannot find one)
Expand All @@ -210,8 +211,9 @@ var SortDescriptorsByLastMtime = false
// setup first. Specifically, the directories created look like:
// <mountpoint>
// └── .fscrypt
// ├── policies
// └── protectors
//
// ├── policies
// └── protectors
//
// These "policies" and "protectors" directories will contain files that are
// the corresponding metadata structures for policies and protectors. The public
Expand Down Expand Up @@ -723,13 +725,13 @@ func (m *Mount) addMetadata(path string, md metadata.Metadata, owner *user.User)
// considering that it could be a malicious file created to cause a
// denial-of-service. Specifically, the following checks are done:
//
// - It must be a regular file, not another type of file like a symlink or FIFO.
// (Symlinks aren't bad by themselves, but given that a malicious user could
// point one to absolutely anywhere, and there is no known use case for the
// metadata files themselves being symlinks, it seems best to disallow them.)
// - It must have a reasonable size (<= maxMetadataFileSize).
// - If trustedUser is non-nil, then the file must be owned by the given user
// or by root.
// - It must be a regular file, not another type of file like a symlink or FIFO.
// (Symlinks aren't bad by themselves, but given that a malicious user could
// point one to absolutely anywhere, and there is no known use case for the
// metadata files themselves being symlinks, it seems best to disallow them.)
// - It must have a reasonable size (<= maxMetadataFileSize).
// - If trustedUser is non-nil, then the file must be owned by the given user
// or by root.
//
// Take care to avoid TOCTOU (time-of-check-time-of-use) bugs when doing these
// tests. Notably, we must open the file before checking the file type, as the
Expand Down
19 changes: 10 additions & 9 deletions filesystem/mountpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ func getDeviceName(num DeviceNumber) string {
// Parse one line of /proc/self/mountinfo.
//
// The line contains the following space-separated fields:
//
// [0] mount ID
// [1] parent ID
// [2] major:minor
Expand Down Expand Up @@ -184,11 +185,11 @@ func addUncontainedSubtreesRecursive(dst map[string]bool,
// preferably a read-write mount. However, that doesn't work in containers
// where the "/" subtree might not be mounted. Here's a real-world example:
//
// mnt.Subtree mnt.Path
// ----------- --------
// /var/lib/lxc/base/rootfs /
// /var/cache/pacman/pkg /var/cache/pacman/pkg
// /srv/repo/x86_64 /srv/http/x86_64
// mnt.Subtree mnt.Path
// ----------- --------
// /var/lib/lxc/base/rootfs /
// /var/cache/pacman/pkg /var/cache/pacman/pkg
// /srv/repo/x86_64 /srv/http/x86_64
//
// In this case, all mnt.Subtree are independent. To handle this case, we must
// choose the Mount whose mnt.Path contains the others, i.e. the first one.
Expand All @@ -199,10 +200,10 @@ func addUncontainedSubtreesRecursive(dst map[string]bool,
// needed to correctly handle bind mounts. For example, in the following case,
// the first Mount should be chosen:
//
// mnt.Subtree mnt.Path
// ----------- --------
// /foo /foo
// /foo/dir /dir
// mnt.Subtree mnt.Path
// ----------- --------
// /foo /foo
// /foo/dir /dir
//
// To solve this, we divide the mounts into non-overlapping trees of mnt.Path.
// Then, we choose one of these trees which contains (exactly or via path
Expand Down
12 changes: 8 additions & 4 deletions filesystem/mountpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,9 @@
* the License.
*/

// Note: these tests assume the existence of some well-known directories and
// devices: /mnt, /home, /tmp, and /dev/loop0. This is because the mountpoint
// loading code only retains mountpoints on valid directories, and only retains
// device names for valid device nodes.
// Note: these tests assume the existence of some well-known directories: /mnt,
// /home, and /tmp. This is because the mountpoint loading code only retains
// mountpoints on valid directories.

package filesystem

Expand Down Expand Up @@ -100,6 +99,11 @@ func TestLoadMountInfoBasic(t *testing.T) {
// Test that Mount.Device is set to the mountpoint's source device if
// applicable, otherwise it is set to the empty string.
func TestLoadSourceDevice(t *testing.T) {
// The mountinfo parser ignores devices that don't exist. For the valid
// device, try /dev/loop0. If it doesn't exist, skip the test.
if _, err := os.Stat("/dev/loop0"); err != nil {
t.Skip("/dev/loop0 does not exist, skipping test")
}
var mountinfo = `
15 0 7:0 / / rw shared:1 - foo /dev/loop0 rw,data=ordered
31 15 0:27 / /tmp rw,nosuid,nodev shared:17 - tmpfs tmpfs rw
Expand Down
6 changes: 3 additions & 3 deletions metadata/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@
// Package metadata contains all of the on disk structures.
// These structures are defined in metadata.proto. The package also
// contains functions for manipulating these structures, specifically:
// * Reading and Writing the Config file to disk
// * Getting and Setting Policies for directories
// * Reasonable defaults for a Policy's EncryptionOptions
// - Reading and Writing the Config file to disk
// - Getting and Setting Policies for directories
// - Reasonable defaults for a Policy's EncryptionOptions
package metadata

import (
Expand Down
2 changes: 2 additions & 0 deletions pam/login.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ var (
// userInput is run when the callback needs some input from the user. We prompt
// the user for information and return their answer. A return value of nil
// indicates an error occurred.
//
//export userInput
func userInput(prompt *C.char) *C.char {
fmt.Print(C.GoString(prompt))
Expand All @@ -65,6 +66,7 @@ func userInput(prompt *C.char) *C.char {
// passphraseInput is run when the callback needs a passphrase from the user. We
// pass along the tokenToCheck without prompting. A return value of nil
// indicates an error occurred.
//
//export passphraseInput
func passphraseInput(prompt *C.char) *C.char {
log.Printf("getting secret data for PAM: %q", C.GoString(prompt))
Expand Down
1 change: 1 addition & 0 deletions pam_fscrypt/pam_fscrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,7 @@ func pam_sm_authenticate(pamh unsafe.Pointer, flags, argc C.int, argv **C.char)
}

// pam_sm_setcred needed because we use pam_sm_authenticate.
//
//export pam_sm_setcred
func pam_sm_setcred(pamh unsafe.Pointer, flags, argc C.int, argv **C.char) C.int {
return C.PAM_SUCCESS
Expand Down
4 changes: 2 additions & 2 deletions security/privileges.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
*/

// Package security manages:
// - Cache clearing (cache.go)
// - Privilege manipulation (privileges.go)
// - Cache clearing (cache.go)
// - Privilege manipulation (privileges.go)
package security

// Use the libc versions of setreuid, setregid, and setgroups instead of the
Expand Down