Skip to content

Commit 76638ae

Browse files
committed
Don't retry passwords if fscrypt unlock doesn't have a tty
1 parent 827c136 commit 76638ae

3 files changed

Lines changed: 53 additions & 5 deletions

File tree

cli-tests/t_unlock.out

Lines changed: 40 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,42 @@ Protected with 1 protector:
6262
PROTECTOR LINKED DESCRIPTION
6363
desc2 No custom protector "prot"
6464

65+
# Try to unlock with no stdin
66+
[ERROR] fscrypt unlock: incorrect key provided
67+
"MNT/dir" is encrypted with fscrypt.
68+
69+
Policy: desc1
70+
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
71+
Unlocked: No
72+
73+
Protected with 1 protector:
74+
PROTECTOR LINKED DESCRIPTION
75+
desc2 No custom protector "prot"
76+
77+
# Try to unlock with only a newline
78+
[ERROR] fscrypt unlock: incorrect key provided
79+
"MNT/dir" is encrypted with fscrypt.
80+
81+
Policy: desc1
82+
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
83+
Unlocked: No
84+
85+
Protected with 1 protector:
86+
PROTECTOR LINKED DESCRIPTION
87+
desc2 No custom protector "prot"
88+
89+
# Try infinitely many wrong passwords
90+
Enter custom passphrase for protector "prot": [ERROR] fscrypt unlock: incorrect key provided
91+
"MNT/dir" is encrypted with fscrypt.
92+
93+
Policy: desc1
94+
Options: padding:32 contents:AES_256_XTS filenames:AES_256_CTS policy_version:2
95+
Unlocked: No
96+
97+
Protected with 1 protector:
98+
PROTECTOR LINKED DESCRIPTION
99+
desc2 No custom protector "prot"
100+
65101
# Unlock directory
66102
Enter custom passphrase for protector "prot": "MNT/dir" is now unlocked and ready for use.
67103

@@ -90,7 +126,7 @@ desc1 Yes desc2
90126
the policy metadata for "MNT/dir".
91127
This directory has either been encrypted with another
92128
tool (such as e4crypt), or the file
93-
"MNT/.fscrypt/policies/desc20"
129+
"MNT/.fscrypt/policies/desc26"
94130
has been deleted.
95131

96132
# Try to unlock with missing protector metadata
@@ -103,14 +139,14 @@ information.
103139
[ERROR] fscrypt unlock: inconsistent metadata between encrypted directory
104140
"MNT/dir1" and its corresponding
105141
metadata file
106-
"MNT/.fscrypt/policies/desc21".
142+
"MNT/.fscrypt/policies/desc27".
107143

108144
Directory has
109-
descriptor:desc21 padding:32
145+
descriptor:desc27 padding:32
110146
contents:AES_256_XTS filenames:AES_256_CTS
111147
policy_version:2
112148

113149
Metadata file has
114-
descriptor:desc23 padding:32
150+
descriptor:desc29 padding:32
115151
contents:AES_256_XTS filenames:AES_256_CTS
116152
policy_version:2

cli-tests/t_unlock.sh

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,18 @@ _print_header "Try to unlock with wrong passphrase"
3838
_expect_failure "echo bad | fscrypt unlock --quiet '$dir'"
3939
fscrypt status "$dir"
4040

41+
_print_header "Try to unlock with no stdin"
42+
_expect_failure "fscrypt unlock --quiet '$dir' </dev/null"
43+
fscrypt status "$dir"
44+
45+
_print_header "Try to unlock with only a newline"
46+
_expect_failure "echo | fscrypt unlock --quiet '$dir'"
47+
fscrypt status "$dir"
48+
49+
_print_header "Try infinitely many wrong passwords"
50+
_expect_failure "yes wrong | fscrypt unlock '$dir'"
51+
fscrypt status "$dir"
52+
4153
_print_header "Unlock directory"
4254
echo hunter2 | fscrypt unlock "$dir"
4355
_print_header "=> Check dir status"

cmd/fscrypt/keys.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ func makeKeyFunc(supportRetry, shouldConfirm bool, prefix string) actions.KeyFun
145145
panic("this KeyFunc does not support retrying")
146146
}
147147
// Don't retry for non-interactive sessions
148-
if quietFlag.Value {
148+
if !term.IsTerminal(stdinFd) {
149149
return nil, ErrWrongKey
150150
}
151151
fmt.Println("Incorrect Passphrase")

0 commit comments

Comments
 (0)