Documentation
¶
Overview ¶
cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.
cryptctl - Copyright (c) 2017 SUSE Linux GmbH, Germany This source code is licensed under GPL version 3 that can be found in LICENSE file.
Index ¶
- Constants
- Variables
- func ValidateUUID(in string) error
- type AliveMessage
- type DB
- func (db *DB) Erase(uuid string) error
- func (db *DB) GetByID(id string) (rec Record, found bool)
- func (db *DB) GetByUUID(uuid string) (rec Record, found bool)
- func (db *DB) List() (sortedRecords RecordSlice)
- func (db *DB) ReadRecord(absPath string) (keyRecord Record, err error)
- func (db *DB) ReloadDB() error
- func (db *DB) ReloadRecord(uuid string) error
- func (db *DB) Select(aliveMessage AliveMessage, checkMaxActive bool, uuids ...string) (found map[string]Record, rejected, missing []string)
- func (db *DB) UpdateAliveMessage(latest AliveMessage, uuids ...string) (rejected []string)
- func (db *DB) UpdateCommandResult(uuid, ip string, content interface{}, result string)
- func (db *DB) UpdateSeenFlag(uuid, ip string, content interface{})
- func (db *DB) UpgradeRecord(record Record) error
- func (db *DB) UpgradeRecordToVersion1(record Record) error
- func (db *DB) Upsert(rec Record) (kmipID string, err error)
- type PendingCommand
- type Record
- func (rec *Record) AddPendingCommand(ip string, cmd PendingCommand)
- func (rec *Record) ClearPendingCommands()
- func (rec *Record) Deserialise(in []byte) error
- func (rec *Record) FillBlanks()
- func (rec *Record) FormatAttrs(separator string) string
- func (rec *Record) GetMountOptionStr() string
- func (rec *Record) IsHostAlive(hostIP string) (alive bool, finalMessage AliveMessage)
- func (rec *Record) RemoveDeadHosts() (deadFinalMessage map[string]AliveMessage)
- func (rec *Record) RemoveExpiredPendingCommands()
- func (rec *Record) Serialise() []byte
- func (rec *Record) UpdateAliveMessage(latestBeat AliveMessage) bool
- func (rec *Record) UpdateLastRetrieval(latestBeat AliveMessage, checkMaxActive bool) (updateOK bool, deadFinalMessage map[string]AliveMessage)
- func (rec *Record) Validate() error
- type RecordSlice
Constants ¶
const ( DB_DIR_FILE_MODE = 0700 DB_REC_FILE_MODE = 0600 )
const (
CurrentRecordVersion = 2 // CurrentRecordVersion is the version of new database records to be created by cryptctl.
)
Variables ¶
var RegexUUID = regexp.MustCompile("^[a-zA-Z0-9-]+$") // RegexUUID matches characters that are allowed in a UUID
Functions ¶
func ValidateUUID ¶
ValidateUUID returns an error only if the input string is empty, or if there are illegal characters among the input.
Types ¶
type AliveMessage ¶
type AliveMessage struct {
Hostname string // Hostname is the host name reported by client computer itself.
IP string // IP is the client computer's IP as seen by cryptctl server.
Timestamp int64 // Timestamp is the moment the message arrived at cryptctl server.
}
AliveMessage is a component of key database record, it represents a heartbeat sent by a computer who is actively using an encryption key - i.e. the encrypted disk is currently unlocked and online.
type DB ¶
type DB struct {
Dir string
RecordsByUUID map[string]Record // key is record UUID string
RecordsByID map[string]Record // when saved by built-in KMIP server, the ID is a sequence number; otherwise it can be anything.
LastSequenceNum int64 // the last sequence number currently in-use
Lock *sync.RWMutex // prevent concurrent access to records
}
The database of key records reside in a directory, each key record is serialised into a file. All key records are read into memory upon startup for fast retrieval. All exported functions are safe for concurrent usage.
func OpenDB ¶
Open a key database directory and read all key records into memory. Caller should consider to lock memory.
func OpenDBOneRecord ¶
Open a key database directory but only load a single record into memory. If the specified record is not found in file system, an error is returned Caller should consider ot lock memory.
func (*DB) List ¶
func (db *DB) List() (sortedRecords RecordSlice)
Return all key records (not including key content) sorted according to latest usage.
func (*DB) ReadRecord ¶
Read and deserialise a key record from file system.
func (*DB) ReloadRecord ¶
ReloadRecord reads the latest record content corresponding to the UUID from disk file and loads it into memory. The function panics if the record version is not the latest.
func (*DB) Select ¶
func (db *DB) Select(aliveMessage AliveMessage, checkMaxActive bool, uuids ...string) (found map[string]Record, rejected, missing []string)
Retrieve key records that belong to those UUIDs, and immediately persist last-retrieval information on those records.
func (*DB) UpdateAliveMessage ¶
func (db *DB) UpdateAliveMessage(latest AliveMessage, uuids ...string) (rejected []string)
Record and immediately persist alive message that came from a host.
func (*DB) UpdateCommandResult ¶
UpdateCommandResult updates execution result of a pending command. The pending command is updated by looking for a command record matched to the specified UUID, IP, and content. If a matching record is not found, the function will do nothing.
func (*DB) UpdateSeenFlag ¶
UpdateSeenFlag updates "seen" flag of a pending command to true. The flag is updated by looking for a command record matched to the specified IP, array index, and content. If a matching record is not found, the function will do nothing.
func (*DB) UpgradeRecord ¶
Upgrade a record to the latest version.
func (*DB) UpgradeRecordToVersion1 ¶
Record version 0 was the first version prior and equal to cryptctl 1.99 pre-release. Version number 1 gives each record a KMIP key ID, a creation time, and knows whether key content is located on external KMIP server.