diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | ext4/ext4.go | 37 | ||||
| -rw-r--r-- | ext4/feature_flag.go | 36 |
3 files changed, 74 insertions, 1 deletions
@@ -1,5 +1,5 @@ fscrypt -fscrypt.* +fscrypt-ext4 fscrypt_image pam_fscrypt.so .vscode diff --git a/ext4/ext4.go b/ext4/ext4.go new file mode 100644 index 0000000..cbe87da --- /dev/null +++ b/ext4/ext4.go @@ -0,0 +1,37 @@ +package main + +import ( + "fmt" + "io" + "os" +) + +func printUsage(w io.Writer, name string) { + fmt.Fprintf(w, "Usage: %s [enable|disable] <device> [--force]\n\n", name) + fmt.Fprintln(w, "Enable or disable encryption on an ext4 filesystem.") + fmt.Fprintln(w, " <device> - Path to the filesystem device") + fmt.Fprintln(w, " --force - Automatically proceed with the operation") +} + +func main() { + if len(os.Args) != 3 { + printUsage(os.Stderr, os.Args[0]) + os.Exit(1) + } + switch os.Args[1] { + case "enable": + fmt.Println("Enabling encryption!!") + case "disable": + fmt.Println("Disabling encryption!!") + default: + fmt.Fprintf(os.Stderr, "%s: invalid command %q\n", os.Args[0], os.Args[1]) + printUsage(os.Stderr, os.Args[0]) + os.Exit(1) + } + + if isExt4EncryptionEnabled(os.Args[2]) { + fmt.Printf("%q has encryption\n", os.Args[2]) + } else { + fmt.Printf("%q doesn't have encryption\n", os.Args[2]) + } +} diff --git a/ext4/feature_flag.go b/ext4/feature_flag.go new file mode 100644 index 0000000..4c64e0a --- /dev/null +++ b/ext4/feature_flag.go @@ -0,0 +1,36 @@ +package main + +/* +#cgo LDFLAGS: -lext2fs +#include <ext2fs/ext2_fs.h> +#include <ext2fs/ext2fs.h> + +#include <stdlib.h> +*/ +import "C" +import ( + "fmt" + "unsafe" +) + +// isExt4EncryptionEnabled returns true if the provided ext4 filesystem (as a +// path to a device or mountpoint) has the encrypt feature flag enabled. +func isExt4EncryptionEnabled(path string) bool { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + var fs C.ext2_filsys + ret := C.ext2fs_open(cPath, 0, 0, 0, C.unix_io_manager, &fs) + if ret != 0 { + panic(fmt.Errorf("Got error code %v when opening %s", ret, path)) + } + + hasEncryption := C.ext2fs_has_feature_encrypt(fs.super) + return hasEncryption != 0 +} + +// enableExt4Encryption enables encryption on the filesystem at the specified +// path. + +// disableExt4Encryption disables encryption on the filesystem at the specified +// path. Note that this operation is not supported and can cause data loss. |