diff options
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | cmd/cmd.go | 50 | ||||
| -rw-r--r-- | cmd/format.go | 0 | ||||
| -rw-r--r-- | cmd/fscrypt/strings.go | 13 | ||||
| -rw-r--r-- | cmd/helper.go | 0 | ||||
| -rw-r--r-- | cmd/templates.go | 0 | ||||
| -rw-r--r-- | ext4/ext4.go | 62 | ||||
| -rw-r--r-- | ext4/feature_flag.go | 82 |
8 files changed, 166 insertions, 47 deletions
@@ -113,7 +113,7 @@ $(PAM_MODULE): $(SRC_FILES) .PHONY: clean clean: - rm -f $(NAME) $(PAM_MODULE) $(IMAGE) + rm -f $(NAME) $(EXT4_NAME) $(PAM_MODULE) $(IMAGE) # Make sure go files build and tests pass. .PHONY: test @@ -169,7 +169,7 @@ install_pam: $(PAM_MODULE) $(INSTALL) -d $(PAM_CONFIG_DIR) $(INSTALL) $(PAM_NAME)/config $(PAM_CONFIG_DIR)/$(NAME) -install: install_bin install_ext4 install_pam +install: install_bin install_ext4 install_pam uninstall: rm -f $(DESTDIR)/$(NAME) $(PAM_MODULE_DIR)/$(PAM_MODULE) $(PAM_CONFIG_DIR)/$(NAME) @@ -180,7 +180,7 @@ go-tools: go get -u github.com/golang/protobuf/protoc-gen-go go get -u github.com/golang/lint/golint go get -u github.com/kardianos/govendor - go get -u golang.org/x/tools/cmd/goimports + go get -u sourcegraph.com/sqs/goreturns go get -u honnef.co/go/tools/cmd/megacheck ##### Setup/Teardown for integration tests (need root permissions) ##### diff --git a/cmd/cmd.go b/cmd/cmd.go new file mode 100644 index 0000000..e2f0cf4 --- /dev/null +++ b/cmd/cmd.go @@ -0,0 +1,50 @@ +/* + * cmd.go - Main interface to cmd package (running, Cmd and Flag structs, etc) + * + * Copyright 2017 Google Inc. + * Author: Joe Richey (joerichey@google.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +// Package cmd is the common library for writing fscrypt command line binaries. +// This package is mainly a wrapper around github.com/urfave/cli, but provides +// additional support to make the usage look similar to the man page. +// +// The main componets are the `Cmd` and `Flag` types which can be used to define +// a top-level command with many potential subcommands. This package also +// presents a smaller interface than urfave/cli, making it easier to use for +// other commands. +package cmd + +// Command represents a command with many potential top-level commands. This is +// trand +type Cmd struct { + Name string + UsageLines []string + SubCmds []Cmd + Arguments []Argument + Flags []cli.Flag + Man *ManEntry + Action CommandFunc +} + +type Argument struct { + Name string + Usage string +} + +type ManEntry struct { + Title string + Section int +} diff --git a/cmd/format.go b/cmd/format.go new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/cmd/format.go diff --git a/cmd/fscrypt/strings.go b/cmd/fscrypt/strings.go index fb79c38..e90abe1 100644 --- a/cmd/fscrypt/strings.go +++ b/cmd/fscrypt/strings.go @@ -122,12 +122,9 @@ Options: {{end}}` ) -// Add words to this map to have pluralize support them. +// Add words to this map if pluralization does not just involve adding an s. var plurals = map[string]string{ - "argument": "arguments", - "filesystem": "filesystems", - "protector": "protectors", - "policy": "policies", + "policy": "policies", } // pluralize prints our the correct pluralization of a work along with the @@ -135,7 +132,11 @@ var plurals = map[string]string{ // pluralize(2, "policy") = "2 policies" func pluralize(count int, word string) string { if count != 1 { - word = plurals[word] + if plural, ok := plurals[word]; ok { + word = plural + } else { + word += "s" + } } return fmt.Sprintf("%d %s", count, word) } diff --git a/cmd/helper.go b/cmd/helper.go new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/cmd/helper.go diff --git a/cmd/templates.go b/cmd/templates.go new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/cmd/templates.go diff --git a/ext4/ext4.go b/ext4/ext4.go index 401d208..7419929 100644 --- a/ext4/ext4.go +++ b/ext4/ext4.go @@ -1,3 +1,22 @@ +/* + * ext4.go - Handles command line processing for fscrypt-ext4. + * + * Copyright 2017 Google Inc. + * Author: Joe Richey (joerichey@google.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + package main import ( @@ -34,7 +53,7 @@ Arguments: ` ) -func printUsageAndExit(err error) { +func printAndExit(err error, printUsage bool) { var w io.Writer var rc int if err == nil { @@ -46,45 +65,44 @@ func printUsageAndExit(err error) { rc = 1 fmt.Fprintf(w, "%s: %v\n", cmdName, err) } - - fmt.Fprintf(w, usageFmt, cmdName) - fmt.Fprintln(w, "\nOptions:") - set.VisitAll(func(f *flag.Flag) { - fmt.Fprintf(w, "\t--%s\n\t\t%s\n", f.Name, f.Usage) - }) - fmt.Fprintf(w, "\nSee the %s man page for more info.\n", manPage) + if printUsage { + fmt.Fprintf(w, usageFmt, cmdName) + fmt.Fprintln(w, "\nOptions:") + set.VisitAll(func(f *flag.Flag) { + fmt.Fprintf(w, "\t--%s\n\t\t%s\n", f.Name, f.Usage) + }) + fmt.Fprintf(w, "\nSee the %s man page for more info.\n", manPage) + } os.Exit(rc) } func main() { set.SetOutput(ioutil.Discard) if err := set.Parse(os.Args[1:]); err != nil { - printUsageAndExit(err) + printAndExit(err, true) } if *helpFlag { - printUsageAndExit(nil) + printAndExit(nil, true) } if *versionFlag { fmt.Println(version) return } if set.NArg() != 2 { - printUsageAndExit(fmt.Errorf("expected 2 arguments, got %d", set.NArg())) + printAndExit(fmt.Errorf("expected 2 arguments (got %d)", set.NArg()), true) + } + + _, err := NewExt4Filesystem(set.Arg(1)) + if err != nil { + printAndExit(err, false) } - command, mountpoint := set.Arg(0), set.Arg(1) - switch command { + switch command := set.Arg(0); command { case "enable": - fmt.Println("Enabling encryption!!") + fmt.Println("Enabling encryption not implemented") case "disable": - fmt.Println("Disabling encryption!!") + fmt.Println("Disabling encryption not implemented") default: - printUsageAndExit(fmt.Errorf("invalid command %q", command)) - } - - if isExt4EncryptionEnabled(mountpoint) { - fmt.Printf("%q has encryption\n", mountpoint) - } else { - fmt.Printf("%q doesn't have encryption\n", mountpoint) + printAndExit(fmt.Errorf("invalid command %q", command), true) } } diff --git a/ext4/feature_flag.go b/ext4/feature_flag.go index 4c64e0a..4b588d6 100644 --- a/ext4/feature_flag.go +++ b/ext4/feature_flag.go @@ -1,3 +1,22 @@ +/* + * feature_flag.go - Changes encryption flag for an ext4 filesystem. + * + * Copyright 2017 Google Inc. + * Author: Joe Richey (joerichey@google.com) + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + package main /* @@ -10,27 +29,58 @@ package main import "C" import ( "fmt" - "unsafe" + + "github.com/google/fscrypt/filesystem" ) -// isExt4EncryptionEnabled returns true if the provided ext4 filesystem (as a -// path to a device or mountpoint) has the encrypt feature flag enabled. -func isExt4EncryptionEnabled(path string) bool { - cPath := C.CString(path) - defer C.free(unsafe.Pointer(cPath)) +// Ext4Filesystem wraps the C structures returned from libext2fs. +type Ext4Filesystem struct { + ptr C.ext2_filsys + mounted bool + retVal C.errcode_t +} - var fs C.ext2_filsys - ret := C.ext2fs_open(cPath, 0, 0, 0, C.unix_io_manager, &fs) - if ret != 0 { - panic(fmt.Errorf("Got error code %v when opening %s", ret, path)) +// NewExt4Filesystem creates a new Ext4Filesystem from a mountpoint path. Fail +// if the path is not the mountpoint of an ext4 filesystem or cannot be opened. +func NewExt4Filesystem(mountpoint string) (*Ext4Filesystem, error) { + mount, err := filesystem.FindMount(set.Arg(1)) + if err != nil { + return nil, err } + if mount.Filesystem != "ext4" { + err := fmt.Errorf("%q is not an ext4 filesystem (type %q)", mount.Path, mount.Filesystem) + return nil, err + } + if mount.Device == "" { + err := fmt.Errorf("underlying device for %q is invalid", mount.Filesystem) + return nil, err + } + return nil, nil +} - hasEncryption := C.ext2fs_has_feature_encrypt(fs.super) - return hasEncryption != 0 +// HasValidBlockSize returns true if the filesystem has the same block size as +// the system's page size. +func (fs *Ext4Filesystem) HasValidBlockSize() bool { + return true } -// enableExt4Encryption enables encryption on the filesystem at the specified -// path. +// IsEncryptionEnabled return true if the "encrypt" feature flag is set. +func (fs *Ext4Filesystem) IsEncryptionEnabled() bool { + return C.ext2fs_has_feature_encrypt(fs.ptr.super) != 0 +} + +// EnableEncryption sets the "encrypt" feature flag and writes the appropriate +// information in the superblock to allow filesystem encryption. +func (fs *Ext4Filesystem) EnableEncryption() error { + return nil +} -// disableExt4Encryption disables encryption on the filesystem at the specified -// path. Note that this operation is not supported and can cause data loss. +// DisableEncryption removes the "encrypt" feature flag. +func (fs *Ext4Filesystem) DisableEncryption() error { + return nil +} + +// Close safely closes, frees, and runs cleanup f9r the filesystem. +func (fs *Ext4Filesystem) Close() error { + return nil +} |