command

package
v0.0.0-...-7eb09aa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2021 License: GPL-3.0 Imports: 17 Imported by: 1

Documentation

Overview

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.

Index

Constants

View Source 
const (
	DEFUALT_ALIVE_TIMEOUT   = 3 * routine.REPORT_ALIVE_INTERVAL_SEC
	AUTO_UNLOCK_DAEMON      = "cryptctl-auto-unlock@"
	CLIENT_CONFIG_PATH      = "/etc/sysconfig/cryptctl-client"
	ONLINE_UNLOCK_RETRY_SEC = 24 * 3600
	MSG_ASK_HOSTNAME        = "Key server's host name"
	MSG_ASK_PORT            = "Key server's port number"
	MSG_ASK_CA              = "(Optional) PEM-encoded CA certificate of key server"
	MSG_ASK_CLIENT_CERT     = "If key server will validate client identity, enter path to PEM-encoded client certificate"
	MSG_ASK_CLIENT_CERT_KEY = "If key server will validate client identity, enter path to PEM-encoded client key"
	MSG_ASK_DIFF_HOST       = `` /* 222-byte string literal not displayed */

	MSG_ASK_SRC_DIR           = "Path of directory to be encrypted"
	MSG_ASK_ENC_DISK          = "Path of disk partition (/dev/sdXXX) that will hold the directory after encryption"
	MSG_ASK_MAX_ACTIVE        = "How many computers can use the encrypted disk simultaneously"
	MSG_ASK_ALIVE_TIMEOUT     = "If the key server does not hear from this computer for so many seconds, other computers will be allowed to use the key"
	MSG_ASK_KEYREC_PATH       = "Path of the key record"
	MSG_ASK_MOUNT             = "Where should the file system be mounted"
	MSG_ASK_MOUNT_OPT         = "Mount options (comma-separated)"
	MSG_ALIVE_TIMEOUT_ROUNDED = "The number of seconds has been rounded to %d.\n"
	MSG_ENC_SEQUENCE          = `` /* 372-byte string literal not displayed */

	MSG_E_CANCELLED           = "Operation is cancelled."
	MSG_E_SAVE_SYSCONF        = "Failed to save settings into %s - %v"
	MSG_ASK_PROCEED           = "Please double check the details and type Yes to proceed"
	MSG_E_READ_FILE           = "Failed to read file \"%s\" - %v"
	MSG_E_BAD_KEYREC          = "Failed to read record content (is the file damaged?) - %v"
	MSG_UNLOCK_IS_NOP         = "cryptctl is doing nothing because client configuration is empty"
	MSG_ERASE_UUID            = "UUID of the file system to erase"
	MSG_ERASE_UUID_AGAIN      = "Warning! Data on \"%s\" will be irreversibly lost, type the UUID once again to confirm"
	MSG_E_ERASE_UUID_MISMATCH = "UUID input does not match."
	MSG_E_ERASE_NO_CONF       = "The erase operation must contact key server in order to erase a key, but cryptctl configuration is empty."

	ClientDaemonService = "cryptctl-client"
)
View Source 
const (
	SERVER_DAEMON      = "cryptctl-server"
	SERVER_CONFIG_PATH = "/etc/sysconfig/cryptctl-server"
	SERVER_GENTLS_PATH = "/etc/cryptctl/servertls"
	TIME_OUTPUT_FORMAT = "2006-01-02 15:04:05"
	MIN_PASSWORD_LEN   = 10

	PendingCommandMount  = "mount"  // PendingCommandMount is the content of a pending command that tells client computer to mount that disk.
	PendingCommandUmount = "umount" // PendingCommandUmount is the content of a pending command that tells client computer to umount that disk.
)

Variables

This section is empty.

Functions

func AutoOnlineUnlockFS 

func AutoOnlineUnlockFS(uuid string) error

Sub-command: contact key server to retrieve encryption key to unlock a single file system, then continuously send alive reports to server to indicate that computer is still holding onto the encrypted disk. Block caller until the program quits or server rejects this computer.

func ClearPendingCommands 

func ClearPendingCommands() error

ClearPendingCommands is a server routine that clears all pending commands in a database record.

func ClientDaemon 

func ClientDaemon() error

ClientDaemon runs the main routine of "client-daemon" sub-command. The routine primarily polls for pending commands and execute them.

func ConnectToKeyServer 

func ConnectToKeyServer(caFile, certFile, keyFile, keyServer string) (client *keyserv.CryptClient, password string, err error)

ConnectToKeyServer establishes a TCP connection to key server by interactively reading password from terminal, and then ping server via TCP to check connectivity and password. Returns initialised client.

func EditKey 

func EditKey(uuid string) error

Server - let user edit key details such as mount point and mount options

func EncryptFS 

func EncryptFS() error

CLI command: set up encryption on a file system using a randomly generated key and upload the key to key server.

func EraseKey 

func EraseKey() error

Sub-command: erase encryption headers for the encrypted disk, so that its content becomes irreversibly lost.

func ExecutePendingCommand 

func ExecutePendingCommand(client *keyserv.CryptClient, uuid string, cmd keydb.PendingCommand)

ExecutePendingCommand is called by client daemon to execute a freshly polled pending command. Execution result is logged into

func InitKeyServer 

func InitKeyServer() error

Server - complete the initial setup.

func KeyRPCDaemon 

func KeyRPCDaemon() error

Server - run key service daemon.

func ListKeys 

func ListKeys() error

Server - print all key records sorted according to last access.

func ManOfflineUnlockFS 

func ManOfflineUnlockFS() error

Sub-command: unlock a single file systems using a key record file.

func ManOnlineUnlockFS 

func ManOnlineUnlockFS() error

Sub-command: forcibly unlock all file systems that have their keys on a key server.

func OpenKeyDB 

func OpenKeyDB(recordUUID string) (*keydb.DB, error)

Open key database from the location specified in sysconfig file. If UUID is given, the database will only load a single record.

func PromptForKeyServer 

func PromptForKeyServer() (sysconf *sys.Sysconfig, caFile, certFile, certKeyFile, host string, port int, err error)

Prompt user to enter key server's CA file, host name, and port. Defaults are provided by existing configuration.

func SendCommand 

func SendCommand() error

SendCommand is a server routine that saves a new pending command to database record.

func ShowKey 

func ShowKey(uuid string) error

Server - show key record details but hide key content

func UmountCryptDev 

func UmountCryptDev(uuid string) string

UmountCryptDev un-mounts and closes the crypt block device associated with the block device specified in UUID. Returns human-readable result text.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.