/**
* Callback function that shows the current encryption status (encrypted or
* unencrypted).
*
* Example output:
* {"encryption-status":"encrypted"}
*
* @param[in] request incoming HTTP request
* @param[out] response HTTP response to the request
* @param[in] user_data extra data to pass between main thread and callbacks
* @return internal status code
*/
int callback_encryption_get(const struct _u_request * request,
struct _u_response * response, void * user_data)
{
bool encrypted;
bool * can_encrypt_nullable = NULL;
bool can_encrypt = true;
json_t * messages = json_array();
if (path_exists(config.data_partition_device) &&
is_encrypted_device(config.data_partition_device))
{
encrypted = true;
}
else
{
encrypted = false;
can_encrypt_nullable = &can_encrypt;
// Mount the filesystem on the unencrypted device.
int r = temporary_mount(config.root_device, UNENCRYPTED_TMP_MOUNTPOINT,
FILESYSTEM_TYPE);
if (r != 0)
{
y_log_message(Y_LOG_LEVEL_ERROR, "mounting root device failed: return code %d", r);
return send_simple_response(response, 500, "error",
"mounting root device failed");
}
bool fits = filesystem_fits_in_memory(UNENCRYPTED_TMP_MOUNTPOINT,
MEMORY_USAGE);
umount(UNENCRYPTED_TMP_MOUNTPOINT);
if (! fits)
{
can_encrypt = false;
json_array_append_new(messages, json_string(
"existing files do not fit in memory"));
}
}
json_t * json_body = NULL;
json_body = json_object();
json_object_set_new(json_body, "encrypted",
encrypted ? json_true() : json_false());
json_object_set_new(json_body, "can-encrypt",
can_encrypt_nullable == NULL ? json_null() :
(can_encrypt ? json_true() : json_false()));
json_object_set_new(json_body, "messages", messages);
ulfius_set_json_body_response(response, 200, json_body);
json_decref(json_body);
return U_CALLBACK_CONTINUE;
}