dry-run

2020-10-17 18:27:12 +02:00 · 2020-10-17 18:27:12 +02:00 · 49a7512743
commit 49a7512743
parent a264f4c9eb
4 changed files with 18 additions and 5 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@ -358,6 +358,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            name,
            credentials,
            retries,
+            dry_run,
        } => {
            let inputs = |q: &str, verify: bool| -> Fido2LuksResult<(Option<String>, [u8; 32])> {
                get_input(&secret, &authenticator, args.interactive, q, verify)
@ -378,8 +379,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            let mut luks_dev = LuksDevice::load(&luks.device)?;
            loop {
                let slot = if let Some(ref credentials) = credentials.ids {
-                    secret(Cow::Borrowed(&credentials.0))
-                        .and_then(|(secret, _cred)| luks_dev.activate(&name, &secret, luks.slot))
+                    secret(Cow::Borrowed(&credentials.0)).and_then(|(secret, _cred)| {
+                        luks_dev.activate(&name, &secret, luks.slot, *dry_run)
+                    })
                } else if luks_dev.is_luks2()? && !luks.disable_token {
                    luks_dev.activate_token(
                        &name,
@ -392,6 +394,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                                .map(|(secret, cred)| (secret, hex::encode(&cred.id)))
                        }),
                        luks.slot,
+                        *dry_run,
                    )
                } else if luks_dev.is_luks2()? && luks.disable_token {
                    // disable-token is mostly cosmetic in this instance
--- a/src/cli_args/config.rs
+++ b/src/cli_args/config.rs
@ -210,7 +210,7 @@ mod test {
    fn input_salt_obtain() {
        assert_eq!(
            SecretInput::String("abc".into())
-                .obtain_sha256(None)
+                .obtain_sha256(Some(|| Ok("123456".to_string())))
                .unwrap(),
            [
                186, 120, 22, 191, 143, 1, 207, 234, 65, 65, 64, 222, 93, 174, 34, 35, 176, 3, 97,
--- a/src/cli_args/mod.rs
+++ b/src/cli_args/mod.rs
@ -239,6 +239,9 @@ pub enum Command {
        secret: SecretParameters,
        #[structopt(short = "r", long = "max-retries", default_value = "0")]
        retries: i32,
+        /// Don't actually mount the LUKS image
+        #[structopt(long = "dry-run")]
+        dry_run: bool,
    },
    /// Generate a new FIDO credential
    #[structopt(name = "credential")]
--- a/src/luks.rs
+++ b/src/luks.rs
@ -237,10 +237,16 @@ impl LuksDevice {
        name: &str,
        secret: &[u8],
        slot_hint: Option<u32>,
+        dry_run: bool,
    ) -> Fido2LuksResult<u32> {
        self.device
            .activate_handle()
-            .activate_by_passphrase(Some(name), slot_hint, secret, CryptActivateFlags::empty())
+            .activate_by_passphrase(
+                Some(name).filter(|_| !dry_run),
+                slot_hint,
+                secret,
+                CryptActivateFlags::empty(),
+            )
            .map_err(LuksError::activate)
    }

@ -249,6 +255,7 @@ impl LuksDevice {
        name: &str,
        secret: impl Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>,
        slot_hint: Option<u32>,
+        dry_run: bool,
    ) -> Fido2LuksResult<u32> {
        if !self.is_luks2()? {
            return Err(LuksError::Luks2Required.into());
@ -292,7 +299,7 @@ impl LuksDevice {
                .chain(std::iter::once(None).take(slots.is_empty() as usize)), // Try all slots as last resort
        );
        for slot in slots {
-            match self.activate(name, &secret, slot) {
+            match self.activate(name, &secret, slot, dry_run) {
                Err(Fido2LuksError::WrongSecret) => (),
                res => return res,
            }