From ef2407fd0ae0ccc31cd894f0e2f84e0a871547a4 Mon Sep 17 00:00:00 2001 From: "Joe Richey joerichey@google.com" Date: Wed, 4 Oct 2017 18:35:48 -0700 Subject: ext4: Initial work for fscrypt-ext4 --- .gitignore | 2 +- ext4/ext4.go | 37 +++++++++++++++++++++++++++++++++++++ ext4/feature_flag.go | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 ext4/ext4.go create mode 100644 ext4/feature_flag.go diff --git a/.gitignore b/.gitignore index 345dfa1..c308c32 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ fscrypt -fscrypt.* +fscrypt-ext4 fscrypt_image pam_fscrypt.so .vscode diff --git a/ext4/ext4.go b/ext4/ext4.go new file mode 100644 index 0000000..cbe87da --- /dev/null +++ b/ext4/ext4.go @@ -0,0 +1,37 @@ +package main + +import ( + "fmt" + "io" + "os" +) + +func printUsage(w io.Writer, name string) { + fmt.Fprintf(w, "Usage: %s [enable|disable] [--force]\n\n", name) + fmt.Fprintln(w, "Enable or disable encryption on an ext4 filesystem.") + fmt.Fprintln(w, " - Path to the filesystem device") + fmt.Fprintln(w, " --force - Automatically proceed with the operation") +} + +func main() { + if len(os.Args) != 3 { + printUsage(os.Stderr, os.Args[0]) + os.Exit(1) + } + switch os.Args[1] { + case "enable": + fmt.Println("Enabling encryption!!") + case "disable": + fmt.Println("Disabling encryption!!") + default: + fmt.Fprintf(os.Stderr, "%s: invalid command %q\n", os.Args[0], os.Args[1]) + printUsage(os.Stderr, os.Args[0]) + os.Exit(1) + } + + if isExt4EncryptionEnabled(os.Args[2]) { + fmt.Printf("%q has encryption\n", os.Args[2]) + } else { + fmt.Printf("%q doesn't have encryption\n", os.Args[2]) + } +} diff --git a/ext4/feature_flag.go b/ext4/feature_flag.go new file mode 100644 index 0000000..4c64e0a --- /dev/null +++ b/ext4/feature_flag.go @@ -0,0 +1,36 @@ +package main + +/* +#cgo LDFLAGS: -lext2fs +#include +#include + +#include +*/ +import "C" +import ( + "fmt" + "unsafe" +) + +// isExt4EncryptionEnabled returns true if the provided ext4 filesystem (as a +// path to a device or mountpoint) has the encrypt feature flag enabled. +func isExt4EncryptionEnabled(path string) bool { + cPath := C.CString(path) + defer C.free(unsafe.Pointer(cPath)) + + var fs C.ext2_filsys + ret := C.ext2fs_open(cPath, 0, 0, 0, C.unix_io_manager, &fs) + if ret != 0 { + panic(fmt.Errorf("Got error code %v when opening %s", ret, path)) + } + + hasEncryption := C.ext2fs_has_feature_encrypt(fs.super) + return hasEncryption != 0 +} + +// enableExt4Encryption enables encryption on the filesystem at the specified +// path. + +// disableExt4Encryption disables encryption on the filesystem at the specified +// path. Note that this operation is not supported and can cause data loss. -- cgit v1.2.3