-
Committer:
Dustin Kirkland
-
Date:
2009-01-23 18:35:05 UTC
-
Revision ID:
git-v1:f91de6ea214a9c51165384a50f281618f6c972ee
remove recent lib modifications
As pointed out by Tyler Hicks, the fnek keyring addition could be
done by the callers, rather than the library functions.
In fact, this is very true. We shouldn't modify the libraries to do this.
After this patch, we now have --fnek options that can be passed to:
* ecryptfs-setup-private
* ecryptfs-add-passphrase
* ecryptfs-insert-wrapped-passphrase-into-keyring
When present, each of these programs will check if filename encryption
is available in the kernel, and if so, a fnek based on the fekek (with a
different salt) will be added to the keyring and used for filename
encryption.
Additionally, the pam_ecryptfs module will also check if filename encryption
is available in the kernel, and if so, the fnek will be added to the keyring
on login (if a Private.sig and wrapped-passphrase file are found).
Additionally, the pam module should also check that the Private.sig file
contains 2 lines (the second being the signature of the fnek). This isn't
done yet. I need to find an easy/efficient way to do this and propagate
that flag through the functions.
Signed-off-by: Dustin Kirkland <kirkland@canonical.com>