Use die-on-error memory-allocating functions, and use assert()
to check for arguments validity. Passing a NULL pointer to anyone
of these functions is a programming error anyway, not a runtime
error.
I plan to modify the behavior of the entire programs to stop
caring about memory allocation failures. There's nothing much to
do anyway in case of a system running out of memory, and besides,
Linux's behavior of never failing to allocate memory means that I
cannot properly test the code paths in case of ENOMEM. So I came
to think the best way of handling ENOMEM is just to abandon
completely.
This patch adds die-on-error versions of some common
memory-allocating functions.
The error message for the NOT_ENOUGH_SHARES error case is too
long, and should not say "to reconstitute the secret" since that
error may also occur when splitting a secret.
The rc variable in the get_file function in the libmtp-based
module was not initialized, leading to a random return code when
no MTP device is present. This could lead to a crash if the
returned value happened to be zero, which is interpreted as a
success by the calling code (which then assumes that the share
has been successfully retrieved).
The GIO-based module will no longer attempt to create parent
directories when writing a share. Parent directories are assumed
to exist, and the module will throw an error if they do not.
It is simpler and more consistent with the behavior of the other
modules.
The put_file of the libmtp-based scheme module now supports
sending a file to any (pre-existing) directory on the device,
instead of only the root directory.
Add the gfsec-split program to split a secret into shares,
dispatch the shares to specific locations, and write a
configuration file allowing to reconstitute the secret using
the gfsec-use program.
Add a new function to the scheme module interface, to write a
file's contents at a specified location.
Only the file module implemements this function for now.
Do not have the module represent themselves with the
gfsec_scheme_module_t structure. Now a module must just take care
of providing the appropriate functions (currently only "get_file")
to perform the task.
The initialization function in scheme-module will assemble the
structures and call any initialization function required.
This patch introduces the notion of a "scheme module". Such a
module provides a "get_file" function to retrieve the contents of
a file located at a specified URI.
Currently available modules:
- the "file" module, supporting the "file://" URI scheme;
- the "libmtp" module, using the LibMTP library to support the
"mtp://' scheme;
- the "gio" module, using the GLib-GIO library to support the
"uuid://" and "label://" schemes.
The gfshare_ctx_free function of Libgfshare takes care of
randomizing the memory contents of its context before freeing it.
In order to do that, the gfshare_fill_rand global variable must
be initialized with a randomizing function.
In the static functions of the secretcfg module, do not check
the pointers passed as arguments. These functions are only called
from within that module, so we can be sure they are never called
with an invalid pointer.