Implement password management function

[neithernut]

We currently don't react on password changes performed by users. After an user changes his/her password, the files and directories previously encrypted are still encrypted with the old keys.

We should implement the corresponding PAM password management functions and document the issue for users.

[jnvsor]

You can't change the encryption key on a folder with e4crypt set_policy - that makes sense because it would have to re-encrypt all the files.

I think we should go the ecryptfs route here, and store a secondary salt and key in a folder that's decrypted by the first salt and user password.

Then if you want to change the password or salt you can just reencrypt the secondary salt and key into a folder encrypted with the new password/salt and flip the folders and hey presto you've got password management without having to re-encrypt all the user's data.

[jnvsor]

My idea works - I've changed both password and salt and the wrapping works.

I just need to write the chauthtok hook and it's ready for a PR.

You can see my progress on this branch

[neithernut]

Nice. I'll have a closer look some time during the next week.

[neithernut]

One thing keeps bugging me, though: does it make sense to have a directory as an encrypted container for passwords and salts? Wouldn't an encrypted file make more sense?

[jnvsor]

Yeah, but I'd need to encrypt both the wrapped token and the wrapped salt so I'd need 2 files anyway. (Or fixed size salt/token) And I haven't looked into encryption (in C) much so I figured I'd reuse the ext4 encryption that's already working.